Concrete Domains

This paper introduces the theory of a particular kind of computation domains called concrete domains. The purpose of this theory is to nd a satisfactory framework for the notions of coroutine computation and sequentiality of evaluation. Diagrams are emphasized because I believe that an important part of learning lattice theory is the acquisition of skill in drawing diagrams. George Gr atzer 1 Domains of computation In general, we follow Scott's approach [Sco70]. To every syntactic object one associates a semantic object which is found in an appropriate semantic domain. For technical details, we follow [Mil73] and [Plo78] rather than Scott. De nition 1.1 A partial order is a pair < D; > where D is a non-empty set and is a binary relation satisfying: i) 8x 2 D x x (re exivity) ii) 8x; y 2 D x y; y x) x = y (antisymmetry) iii) 8x; y; z 2 D x y; y z ) x z (transitivity) One writes x < y when x y and x 6= y. Two elements x and y are comparable when either x y or y x. When this is not the case, the elements x and y are incomparable and this relation is written x k y. A partial order in which any two elements are comparable is a chain. Usual terms: In a partial order < D; >, let H be a subset of D and x an element of H . The element x is an upper bound of H i 8y 2 H y x. It is a lower bound of H i 8y 2 H x y. It is a least upper bound (lub) of H i it is an upper bound of H and 8z upper bound of H x z It is a greatest lower bound (glb) of H i it is a lower bound of H and 8z lower bound of H z x When x is a lub (resp. glb) of H , one writes x = SH (resp. x = TH). If H = fa; bg, these notations are shortened to x = a _ b and x = a ^ b respectively. Two elements x and y in D are compatible if fx; yg has an upper bound. This relation is noted x " y, and its complement, the incompatibility relation, is written x#y. An element x in H is a maximum i x = SH . It is a minimum i x = TH . De nition 1.2 In a partial order < D; > a subset X of D is directed i X is non-empty and 8x1; x2 2 X 9x3 2 X : x1 x3; x2 x3 1 Remark: By de nition the set which is the support of a chain is a fortiori directed. De nition 1.3 A partial order < D; > is complete i i) D has a minimum element ? ii) Any directed subset X of D has a least upper bound De nition 1.4 A partial order < D; > is conditionally complete i any subset X of D that has an upper bound has a least upper bound. Remarks: i) Since D is non-empty, the empty set ; has an upper bound. Hence if < D; > is conditionally complete, D must have a minimum element ? = S ; ii) The terminology used here, although standard, may not be ideal since a partial order may be complete without being conditionally complete. Proposition 1.1 A complete partial order < D; > is conditionally complete i every pair of compatible elements < x; y > has a least upper bound x _ y. Proof: Consider a complete partial order < D; > in which every pair of compatible elements has a least upper bound and let X be a bounded subset of D. If X = ; then SX = ?. If X is reduced to a single element x, this x is the least upper bound of X . If X contains exactly two elements x and y, and has an upper bound, then x and y are compatible and SX = x _ y. Consider now a nite subset X ofD that has an upper bound, with jX j 2 and X = X 0 _ [fxg. Since X has an upper bound, so does X 0 which has, by induction hypothesis, a least upper bound SX 0. As any upper bound of X must dominate both SX 0 and x, these elements must be compatible and hence SX = SX 0 _ x. Now if X is in nite, let Y be the set of least upper bounds of its nite subsets. The set Y is directed, so it has a least upper bound SY . For any x in X , x SY since fxg is a nite subset for which SY is an upper bound. Since any upper bound of X must at least dominate SY we obtain [X =[ Y The converse is trivial. 2 2 Proposition 1.2 In a conditionally complete partial order < D; >, any non-empty subset X of D has a greatest lower bound TX. Proof: Let Y be the set of elements in D dominated by X . Since X is nonempty, some x in X dominates Y . Thus Y has a lub SY . For any x in X it is the case that 8y 2 Y y x hence also SY x. So SY is a lower bound of X , and S Y = TX . 2 De nition 1.5 In a partial order < D; > a subset X of D is consistent i any two elements in X are compatible. De nition 1.6 A partial order < D; > is coherent i any consistent subset X of D has least upper bound. Remarks: 1. A subset that has an upper bound is consistent. Hence if a partial order is coherent it is a fortiori conditionally complete. 2. The empty set ; is consistent. Hence it has a least upper bound ?. A directed set is consistent. Hence if a partial order is coherent it is a fortiori complete. Proposition 1.3 A complete partial order < D; > is coherent i any consistent triple < x; y; z > has a least upper bound. Proof: Any consistent X that has at most 3 elements obviously has a least upper bound. Now consider a consistent nite subset X = fx1; x2; : : : ; xng of D such that jX j = n 3. Assume, by induction hypothesis, that any consistent subset Y such that 1 jY j < n has a lub. Now the set fx1 _ x2; x2 _ x3; : : : ; xn 2 _ xn 1; xng contains at most n 1 elements. Any two elements in it are compatible, because i) if both are of the form xi_xi+1, they are dominated by Sfx1; x2; : : : ; xn 1g, which exists by induction hypothesis. ii) xi _xi+1 and xn are compatible since the triple fxi; xi+1; xng is consistent and thus admits a lub. Consequently, using again the induction hypothesis, the set X has a lub. If now X is in nite, the set Y of the lubs of the nite subsets of X is a directed set and we have SX = SY . 2 3 De nition 1.7 In a partial order < D; >, an element x is isolated (or compact) i in any directed set with a lub that dominates x one can nd an element y that dominates x. In symbols: 8X D; X directed x [X ) 9y 2 X x y Notation: The set of isolated elements less than x is noted A(x). An element in A(x) is called an approximant of x. The set of all isolated elements in < D; > is written A(D). Remark: An element x is isolated i x 2 A(x). Hence A(D) = Sx2DA(x) Proposition 1.4 In a conditionally complete partial order < D; > i) If two isolated elements a and b are compatible then a _ b is isolated. ii) For any x, the set A(x) is directed. Proof: i) Since a and b are compatible, their lub a_b exists. Consider now a directed set S such that a _ b SS. Since a and b are isolated, from a SS and b SS we deduce that there are two elements a0 and b0 in S with a a0 and b b0. Since S is directed, there is a c in S with a0 c and b0 c hence a c and b c and thus a _ b c. Hence a _ b is isolated. ii) If a and b are two approximants of x, the element a _ b is isolated by i) and dominated by x, thus it is also an approximant of x. Hence A(x) is directed. 2 De nition 1.8 A partial order < D; > is algebraic i for any x in D the set A(x) is directed and x =[A(x) If additionally A(D) is denumerable, < D; > is !{algebraic. De nition 1.9 We will call computation domain a coherent and !{algebraic partial order. Notation From now on we abandon the precise notation< D; >. We merely use the same letter for the set and the partial order, unless more precision becomes necessary. Lemma 1.1 In a computation domain x y , A(x) A(y). 4 Proof: From left to right the implication is immediate. Conversely, since A(x) and A(y) are directed they have lubs that verify SA(x) SA(y) and by algebraicity we deduce SA(x) = x y = SA(y). 2 Corollary 1.1 In a computation domain, if x is isolated and x < y then there is an approximant z of y with x < z y. Proof: Let t be an element of the necessarily non empty set A(y)nA(x). Since x and t are both approximants of y, so is x _ t. Taking z = x _ t, we have x < z y. 2 Corollary 1.2 If an element y in a computation domain is not isolated, then one can nd an in nite strictly increasing chain of isolated elements f?; x1; x2; : : : ; xn; : : :g approximating y, i.e. with ? < x1 < x2 < < xn < < y Proof: The minimum element ? is isolated and we have ? < y. Now assume that we have a chain f?; x1; x2; : : : ; xn 1g of n isolated elements such that ? < x1 < x2 < < xn 1 < y Since xn 1 is isolated, one can nd by the previous Corollary an isolated element xn with xn 1 < xn y. But since y is not isolated, certainly xn < y and the chain has been extended to contain n+ 1 elements. 2 Proposition 1.5 The cartesian product of a countable number of computation domains is a computation domain. Proof: Let be an ordinal, 1 ! and f< Di; i>gi< a family of computation domains. An element x in D = Qi< Di is a vector < x0; x1; : : : ; xi; : : : >. The set D inherits the relation de ned componentwise: 8x; y 2 D x y () 8i < xi yi Two elements in D are compatible i they are compatible componentwise. Indeed, if x and y are compatible, there exists z with x z and y z hence 8i xi i zi and 8i yi i zi, so x and y are compatible componentwise. Conversely, if 8i 9zi xi i zi; yi i zi, the vector z =< z0; z1; : : : ; zi; : : : > dominates x and y which are thus compatible. Similarly, if x " y we have x _ y =< x0 _ y0; : : : ; xi _ yi; : : : >. A subset X of D is consistent i it is 5 ? 1 A A A A A A 0 Figure 1: The domain T consistent componentwise. Hence if each of the partial orders < Di; i> is coherent, so is < D; >. Let us prove now that < D; > is !-algebraic. Consider the subset of D de ned by I = [ i< fxjxi 2 A(Di) and 8j < ; j 6= i; xj = ?Djg The elements of I are vectors all components of which are the minimum element in the relevant domain, except possibly for the i-th component which is an isolated element in Di. Any element in I is isolated in D. Indeed, let X be a directed subset of D with x SX . Since the i-th component of X is a directed set and xi is isolated in Di, there exists zi in Xi with xi zi. As well for any j with j < ; j 6= i we have xj = ?Dj j zj so we obtain x z. Consider now an arbitrary element x in D. The set Yx de ned by Yx = fy j y 2 I; y xg has a least upper bound S Yx since it is consistent. Of course SYx x. But since each of the < Di; i> is !-algebraic we have also ([ Yx)i =[(yijy 2 Yx) [A(xi) = xi thus SYx = x. Let Zx be the directed set obtain by adding to Yx the least upper bounds of its nite subsets. We still have SZx = x. Hence if x is isolated, there exists an element z in Zx with x z. But z must be less than x, so z = x. An element in D is isolated i it is the least upper bound of nitely many elements of I. Hence D contains at most denumerably many isolated elements. Futhermore, Zx is directed and x = SZx, so that the domain is !-algebraic. We have shown that D is coherent and !-algebraic, so it is a computation domain.2 Example: Let T =< f?; 0; 1g; > be the three element computation domain where 0 k 1. The cartesian product of denumerably many copies of T is the computation domain T!. This domain is discussed in detail by Plotkin [Plo78] who shows that it is a universal domain in a precise mathematical sense. 6 De nition 1.10 Let < D; > and < D0; 0> be two complete partial orders. A function f from D to D0 is continuous i 8X D; Xdirected f([X) = 0 [ff(x)jx 2 Xg (1) This de nition is not very convenient to use. In a computation domain, we will use the following characterization: Lemma 1.2 Consider two computation domains < D; > and < D0; 0>. A function f from D to D0 is continuous i ( i) f is monotonic, i.e. 8x; y 2 D x y ) f(x) f(y) ii) 8e 2 A(f(x)) 9d 2 A(x) such that e 0 f(d) (2) Proof: a) We show rst that (1) implies (2). Consider a function f verifying (1) and two elements x and y in D with x y. The set fx; yg is directed since y = x _ y. Therefore f(y) = f(x) _0 f(y). Hence f(x) and f(y) are comparable and f(x) 0 f(y). Thus f is monotonic. The image of a directed set by a monotonic function is a directed set f(X) and in particular, since for any x the set A(x) is directed, the set f(A(x)) is directed. Let e be an arbitrary approximant of f(x). We have e 0 f(x) = f([A(x)) = 0 [ f(A(x)) Since e is isolated and f(A(x)) is directed, there exists an element d in A(x) with e f(d). b) We show now that (2) implies (1). Let X be a directed subset ofD and f a function from D to D0 verifying (2). Since f is monotonic, the set f(X) is directed and S0 f(X) 0 f(SX). To prove the converse inequality f(SX) 0 S0 f(X) consider an arbitrary approximant e of f(SX). By (2) one can nd d in A(SX) with e 0 f(d). Since d is isolated and X is directed, from d SX one deduces that there is an element x in X such that d x. We have f(x) 0 S0 f(X) and, since f is monotonic, f(d) 0 f(x) so 8e 2 A(f([X)) e 0 0 [ f(X) and consequently A(f(SX)) A(S0 f(X)). By Lemma 1.1 f(SX) 0 S0 f(X) and nally f(SX) = S0 f(X).2 7 Proposition 1.6 Consider the computation domains D1, D2, and D. A function f from D1 D2 to D is continuous i the functions f1 = y:f(x1; y) and f2 = y:f(y; x2) are continuous for any x1 in D1 and any x2 in D2. Proof: First, if f is continuous, so are the functions in the familyf1 and f2. Let us show this for family f1. Consider a directed subset S1 of D2, and the subset S of D1 D2 de ned by S = f< x1; y > jy 2 S1g. Now f1([2 S1) = f(x1;[2 S1) = f([S) =[ f(S) =[ f(x1; S1) =[2 f1(S1) Assume now conversely that the families of functions f1 and f2 are continuous. Then f is monotonic. Indeed, if < x1; y1 > < x2; y2 > then f(x1; y1) f(x2; y1) f(x2; y2). Consider now a directed subset S of D1 D2, and let S1 and S2 be its projections on D1 and D2. Take T = f< x; y > jx 2 S1; y 2 S2g. Because the families f1 and f2 are continuous we can write: f([X) = f([S1;[S2) =[ f(S1;[S2) =[ f(S1; S2) =[ f(T ) Since S is directed and f is monotonic, we now that f(S) is directed. Furthermore, S is included in T , so S f(S) S f(T ). Take now an arbitrary element < x; y > in T . There are certainly two elements < x; y1 > and < x1; y > in S because S1 and S2 are projections of S. Since S is directed, there is < x2; y2 > in S that dominates both, thus < x; y > < x2; y2 >. As f is monotonic, we obtain S f(T ) S f(S). We conclude f(SS) = S f(T ) = S f(S), thus f is continuous.2 The result above generalizes trivially to functions with more than two arguments. In a computation domain D, two elements x and y always have a greatest lower bound x ^ y (Proposition 1.2) and one can de ne a function ^ from D2 to D by ^ = xy: x^ y. Proposition 1.7 If D is a computation domain ^ is a continuous function from D2 to D. Proof: By the previous result, it is su cient to prove that the functions ^1 = y:x^ y and ^2 = y:y^x are continuous. Since ^ is commutative, it is in fact su cient to prove that ^1 is continuous. We use the characterization of Lemma 1.2. i) ^1 is monotonic: y1 y2 ) x ^ y1 x ^ y2 8 ii) Le e be an approximant of x ^ y. The element e is an approximant of x and y. So, taking this e in A(y) we have e x ^ e = ^1(e). 2 Theorem 1.1 (Knaster-Tarski) If D is a computation domain, any continous function f from D to D has a least xed point Y f and Y f =[ffn(?)jn 0g Proof: Take S = ffn(?)jn 0g. The set S is not empty because it contains ? = f0(?). Since f is monotonic, it is trivial to show by induction that 8n 0 fn(?) fn+1(?) hence S is a chain. Thus S has a least upper bound SS. Consider Y f = SS. Since f is continuous and S is directed: f(Y f) = f([S) =[ f(S) =[ffn(?)jn 1g But since ? is the minimum element of D [ffn(?)jn 1g =[hffn(?)jn 1g[f?gi =[S = Y f Thus Y f = f(Y f) which shows that Y f is a xed point of f . Consider now any xed point x of f . We have f0(?) = ? x and if fn(?) x, because f is monotonic fn+1(?) = f(fn(?)) f(x) = x. Therefore S is dominated by x, and so is its lub Y f . Hence Y f is the least xed point of f .2 Notation: IfD and E are computation domains, we will note [D! E] the set of continuous functions from D to E. This space inherits an ordering relation de ned by extensionality: 8f; g 2 [D! E] f g () 8x 2 D f(x) E g(x) The constant function x:?E is the minimum element in [D ! E]. The following result is fundamental. Theorem 1.2 If D and E are computation domains, the set [D! E] together with its natural ordering is a computation domain. Proof: 9 a) Let F be a consistent subset of [D! E]. For any x in D the set ff(x)jf 2 Fg is consistent and thus admits a lub gx. Let us show that the function x:gx is continuous. Let X be a directed subset of D with lub z gz =[E ff(z)jf 2 Fg Since all functions in F are continuous, gz = SEff(x)jx 2 X; f 2 Fg = SEfgxjx 2 Xg hence x:gx is the least upper bound of F in [D ! E]. Thus [D ! E] is coherent. b) We must show now that [D ! E] is !-algebraic. Consider the family of functions indexed over A(D) A(E) de ned by: 'd;e(x) = ( e if d x ?E otherwise (d 2 A(D); e 2 A(E)) 1. The functions in this family, called step functions, are continuous Indeed: i) 'd;e is monotonic (obvious) ii) Let a be an approximant of 'd;e(x). If 'd;e(x) = ?E , then a = ?E 'd;e(?D) with ?D 2 A(x) If 'd;e(x) = e, then d x thus d 2 A(x) since d is isolated. But then a 'd;e(d) = e with d 2 A(x). 2. The step functions are isolated elements of [D ! E]. Let F be a directed subset of [D ! E] such that 'd;e SF . The result obtained in part a) allows one to write: e = 'd;e(d) ([F )(d) =[ff(d)jf 2 Fg but e is isolated and ff(d)jf 2 Fg is a directed set. Thus there exists a function g in F with e = 'd;e(d) g(d). But now if x d then 'd;e(x) = e g(d) g(x), and otherwise 'd;e(x) = ?E g(x) so that 'd;e g. 10 3. Any continuous function in [D! E] is the least upper bound of the step functions under it. De ne S(f) = f'd;ej'd;e fg. Remark that 'd;e 2 S(f) () e 2 A(f(d)). This obvious from left to right because 'd;e(d) = e and from right to left by monotonicity of f . Using now the continuity of f 8xf(x) = f(SA(x)) = Sd2A(x) f(d) = Sd2A(x);e2A(f(d)) e = Sd2A(x);e2A(f(d))'d;e(x) = Se2A(f(d))'d;e(x) So 8x f(x) = (SS(f))(x), thus f = SS(f) 4. The isolated elements of [D ! E] are exactly the nite unions of step functions. Consider an isolated element f in [D! E], and the set S 0(f) obtained in closing S(f) by nite unions. The set S 0(f) is directed and we have f = SS(f) = SS0(f). Since f is isolated, there exists in S 0(f) an element g such that f g. But since g is a nite union of elements of S(f) we also have g f . Thus f = g showing that f is a nite union of step functions. 5. [D ! E] is !-algebraic. For all f we have f = SS(f) = SS0(f). Thus [D! E] is algebraic. As D and E have at most denumerably many isolated elements, there exists only denumerably many step functions, hence only denumerably many isolated elements in [D! E]. We have proved that when D and E are computation domains, [D ! E] is coherent and !-algebraic, hence also a computation domain.2 The theorem above allows one, starting from computation domains, to construct a hierarchy of computation domains such as [D ! E], [D ! [D ! E]], [[D! E]! [D! E]] etc. 2 Concrete domains of computation In this section, we try to translate into mathematical form a number of ideas that come from earlier research. It is di cult to gure out what is critical to the well-functioning of a complex operational mechanism. In contrast, we have more experience in nding the general conditions under which a mathematical result is valid 1. 1A similar approach is followed by J-J. L evy in his Ph. D. Thesis [Lev78] 11 The central result of this work is the Representation Theorem that, in a sense indicates that we have been successful in our endeavor. Starting from the general idea of a computation domain, we justify progressively the need to restrict this notion until we reach the de nition of a concrete computation domain and study its properties. 2.1 Initial motivations In the model theory of programming languages as developed starting with the work of Scott [Sco70, Sco76], there is no distinction between data and functions. A single mathematical structure, the computation domain is de ned and all objects with which one computes are found in appropriate computation domains. This is not surprising because the main objective of this theory was, at least initially, to develop a functional model of the -calculus of Church, language where these distinctions don't exist. Indeed certain programming languages such as ISWIM [Lan76], GEDANKEN [Rey72], ML [GRW78], etc. exhibit similar characteristics. However, most programming languages make a very clear distinction between data and procedures. Is it possible to rediscover this distinction in the models of programming languages, i.e. through the study of their denotational semantics? Is it possible to analyze more precisely the structure of computation domains so as to separate, for example, the domains whose structure is su ciently simple that they don't need to be understood as function spaces? Examples: We call ? the single element computation domain, 0 the computation domain with two elements, T =< f?; 0; 1g; > the three element domain in which 0 and 1 are incomparable. These three spaces, as well as their cartesian products in a nite number of copies are clearly data spaces rather than functional spaces. The examples above might lead one to partition computation domains into two classes, according to their being nite or in nite. Such a categorization is much too rough for two reasons: i) We will be unable to give a representation as a data structure for certain nite domains. ii) On the other hand, certain in nite domains must clearly be categorized as data spaces. For example, this will be the case for N? and N , de ned 12 from the set N of natural numbers by: 8><>: N? =< f?g [N ; > with 8x; y 2 N x 6= y =) x k y N =< N [ f1g; > where is the natural order on N completed by 8x 2 N; x <1 We are going to characterize axiomatically a certain class of computation domains. In this endeavour, we shall follow two fundamental principles: 1. (M. Smyth) All axioms that we postulate specify a property of the isolated elements in a computation domain. Other elements are constructed from the stock of isolated elements by a limit mechanism; their properties will therefore be deduced from the properties of isolated elements. 2. The class of computation domains that we are trying to de ne must be closed by certain elementary constructions, such as nite or in nite cartesian products, or taking upper sections (cf. section 1.2). However, it doesn't need to be closed by exponentiation, i.e. when constructing function spaces. 2.2 The isolated elements axiom Isolated elements in a computation domain are meant to stand for nite amounts of information. When dealing with data, we would like to be able to reason by induction on these elements. This implies that the set of isolated elements should be well founded with respect to the relation , i.e. that there should be no in nite chain fx1; x2; : : : ; xn; : : :g with fx1 > x2 > > xn > g In this way, an isolated element cannot be decomposed inde nitely. We want also to express the intuitive idea that an isolated element can be built using only a nite number of components. This leads to considering property I: Property I Between any two distinct comparable isolated elements, any chain of isolated elements is nite. Proposition 2.1 Let < D; > be a computation domain satisfying property I. Consider an arbitrary element x in D and an isolated element y. If x is dominated by y, then x is isolated. 13 Proof: If x is not isolated, then by Corollary 1.2 there is an in nite chain of isolated elements f?; x1; x2; : : : ; xn; : : :g with ? < x1 < x2 < : : : < xn < : : : < x If y is isolated and x y, then necessarily x < y. Hence the chain f?; x1; x2; : : : ; xn; : : : ; yg is an in nite increasing chain of isolated elements between ? and y. The existence of this chain contradicts property I, so x is isolated.2 Corollary 2.1 In a computation domain, Property I is equivalent to I1: Property I1 Between any two distinct comparable isolated elements, any chain is nite. Proof: Property I1 implies obviously Property I. Conversely, if x and y are isolated and x y, then by the previous result, any element z such that x z y is isolated. Since any chain between x and y contains only isolated elements, it is nite. 2 De nition 2.1 In a conditionally complete partial order < D; >, an ideal is a non empty subset J of D such that: i) 8x 2 J; 8y 2 D y x =) y 2 J (i.e. J is downward closed) ii) 8x; y 2 J x " y =) x _ y 2 J Corollary 2.2 In a computation domain, property I is equivalent to property I2: Property I2 The set of isolated elements is a well founded ideal. Proof: If a computation domain D veri es property I, then the set of its isolated elements is an ideal by Proposition 1.4 and Proposition 2.1. Since I implies I1, there is no in nite decreasing chain in A(D). Hence property I implies property I2. Conversely, assume D has property I2. Consider an arbitray x less than some isolated element y in D. There is no in nite decreasing chain between x and y since A(D) is well-founded. If there were an in nite increasing chain fx; z1; z2; : : : ; zn; : : : ; yg with x < z1 < z2 < < zn < < y 14 one would have S zi = z y. Now z is not isolated and z < y, which contradicts the hypothesis that A(D) is an ideal. Consider now any chain C between x and y. Since C does not contain in nite decreasing chains, C is an ordinal. If C is in nite, then it contains the smallest limit ordinal !. But ! contains an in nite increasing chain, which cannot be the case for C. Hence C is a nite chain, and we conclude that property I2 implies property I.2 Examples: Domain D1 =< N [f1;>g; > with the natural ordering on N and 8x 2 N x <1 and 1 < > does not satisfy property I2 because A(D1) is not an ideal (> is isolated, but1 is not). DomainD2 =< Z[f 1;+1g; > with the natural ordering on Z and 8x 2 Z 1 < x < +1 does not verify I2 because A(D2) is not well founded. However, all nite domains, as well as N? and N have property I. De nition 2.2 Consider a partial order < D; > and two elements x and y in D. We say that y covers x i : i) x < y ii) 8z x z y =) x = z or y = z One may also say that y is just above x. This relation is noted x < y. Its re exive closure is written x =< y Proposition 2.2 Consider a computation domain < D; > with property I. If x and y are isolated elements in D, then we have x y i : Either x = y Or there exists a nite sequence fz0; z1; : : : ; zng of elements in A(D) with z0 = x, zn = y and zi < zi+1 for 0 i < n. Proof: First, if such a sequence exists, then by transitivity x y. Conversely, assume x < y. LetH be the set of chains with elements in A(D) with minimum x and maximum y. The setH is not empty because it contains in particular the chain fx; yg, and we can order it by inclusion. In the partial order < H ; > there cannot be an in nite increasing chain because < D; > has property I. Let C = fz0; z1; : : : ; zng be a maximal element in < H ; >; we will call such a chain a maximal chain between x and y. Without loss of generality we may assume z0 < z1 < < zn. 15 ?? O? > T ? 1 A A A A A A 0 O2 ? < >;? > A A A A A A A A A A A A < ?;> > < >;> > O T ? < >;? > < >; 1 > AAAAAA A A A A A A < >; 0 > < ?; 1 > < ?; 0 > @@@@@@ Figure 2: Sample nite domains N? ? H H H H H H H H H 0 Q Q Q Q Q Q Q 1 @ @ @ @ @ 2 A A A A A 3 n : : : : : : N 0 1 2 3 n ......... +1 Figure 3: Sample in nite domains Now we must have zi < zi+1 (0 i < n), because otherwise one could extend C with an isolated element z such that zi < z < zi+1 contradicting maximality of C in < H ; >. Similarly, it must be the case that z0 = x and zn = y.2 From now on we will nd it useful to represent con gurations of elements belonging to a partial order, or partial orders themselves, by graphs called Hasse diagrams. The nodes in a diagram associated to < D; > denote elements in D and two nodes a and b are connected by an edge going upwards i a < b in D. Simple conventions will be used to represent in nite domains. As an example, Figures 2 and 3 show a number of partial orders that we have already mentioned. Before proceeding with the study of computation domains that satisfy 16 property I, we notice that only trivial function spaces have this property. Lemma 2.1 If D and E are computation domains, if D is in nite and E has at least two elements, then [D! E] does not satisfy property I. Proof: Observe rst that if D has in nitely many elements, then it has innitely many isolated elements by Corollary 1.2. As well, if E has at least two elements, then there is an isolated element e in E with ?E 6= e. Consider now the in nite partial order < A(D); D>. By Koenig's lemma: a) Either there exists an in nite increasing chain of elements in A(D), b) Or there is an element d in A(D), and an in nite set fdigi2N of elements in A(D) with ( 8i 2 N d < di 8i; j 2 N di k dj if i 6= j Case a. Consider an in nite increasing chain fd1; d2; : : : ; dn; : : :g in A(D), i.e. such that d1 < d2 < < dn < . and the sequence of step functions 'di;e. This in nite sequence of isolated elements in [D! E] is decreasing 'd1;e > 'd2;e > 'd3 ;e > > 'dn;e > thus A([D! E]) is not well-founded and [D! E] does not have property I2. Case b. In that case we have 8i 2 N 'di;e < 'd;e since d < di. The set of functions f'di;egi2N has an upper bound. Since [D ! E] is a computation domain, it has a least upper bound . Naturally we have 'd;e. But since 8i 2 N 'di;e(d) = ?E necessarily (d) = ?e. But 'd;e(d) = e 6= ?E , so < 'd;e(d). Let us show now that is not isolated in [D ! E]. If were isolated, there would exist a nite subset J of N with = Sj2J 'dj ;e. Take an integer k not in J . Since 'dk ;e(dk) = e and 'dk;e we have e (dk). But by hypothesis 8j 2 J dj k dk so that 'dj ;e(dk) = ?E and also (dk) = ?E . Since e is di erent of ?E , we have a contradiction. So is not isolated in [D ! E]. Then A([D ! E ]) is not an ideal. We have shown in both cases that [D! E] does not satisfy I.2 Remark: This lemma distinguishes sharply between domains that appear to be very similar. For example, the domain [N? ! O] does not have property 17 I. In contrast O!, the cartesian product of denumerably many copies of O, satis es property I. This is because O! is only isomorphic to the set of strict functions in [N? ! O], i.e. the functions f such that f(?) = ?O. To be very precise, the non-strict function x:>O in [N? ! O] is isolated and it does not correspond to any element in O!. But this function dominates the non-strict function de ned by: (x) = ( >O if x 6= ?N? ?O if x = ?N? which is not isolated in [N? ! O] . De nition 2.3 Consider a partial order < D; > with a minimum element ?. An atom is an element of D that covers ?, and we say that D is atomic i any element distinct from ? dominates an atom. In symbols: 8x 6= ?9y ? < y x Proposition 2.3 A computation domain that veri es property I is atomic. Proof: Consider rst an isolated element x with x 6= ?. By Proposition 2.2 there exists a nite sequence fz0; z1; : : : ; zng of elements in A(D) with ? = z0 < z1 < < zn = x. Hence z1 is an atom and ? < z1 x. If now x is not isolated, let e be an element in A(D) which is distinct from ?. Such an element must exist, otherwise A(x) = f?g = A(?) and thus, by Lemma 1.1, x = ?. Now we have just shown that there exists an element y with ? < y e. By transitivity, we obtain ? < y x.2 Property I and its Corollary, atomicity, are interesting properties for a computation domain, and they seem to capture a certain intuition about data domains. We will see now that these properties are not preserved under a fundamental operation on computation domains. De nition 2.4 Consider a partial order < D; > and two elements x and y in D with x y. The interval [x; y] is the set fzjx z yg and the upper section of x, noted [x) is the set fzjx zg. Of course, intervals and upper sections inherit the partial order . 2 Proposition 2.4 Intervals and upper sections of a computation domain are computation domains. 2We also call [x;y] and [x) the partial orders thus de ned 18 Proof: As reasoning proceeds identically in both cases, we will only prove the result for upper sections. Consider an arbitrary upper section [x) in a computation domain < D; >. Any non empty consistent subset of [x) is a consistent subset of D and therefore has a least upper bound in D. This least upper bound is necessarily in [x). Furthermore, the empty set also admits a least upper bound in [x). So < [x); > is a coherent partial order. Let us show now that is is also !algebraic. Let fdigi2I be an enumeration of A(D). For any i in I de ne ci = ( x _ di if x " di x otherwise Of course, each element ci de ned in this way belongs to [x) and we will show that fcigi2I = A([x)). First, the element x is minimum in [x), so it is isolated in < [x); >. Consider now an element ci di erent of x, and a directed subset X of [x) such that ci SX . Since ci = x_di, we have also di SX . Since di is isolated in D, and X is directed, we have di y for some y in X . Since y is in [x), thus larger than x we have ci = x _ di x _ y = y which proves that ci is isolated in [x). Thus fcigi2I A([x)). Consider now an arbitrary element of [x). Since D is algebraic y =[fdiji 2 I; di yg Since y dominates x, we have also y _ x = y = Sfdi _ xji 2 I; di yg. But di y i di _ x y y =[fciji 2 I; ci yg The equality above proves that < [x); > is algebraic. Furthermore, the set fciji 2 I; ci yg is directed, so if y is isolated in < [x); >, for some j in I y = cj. It follows that A([x)) = fcigi2I so A([x)) is denumerable. The partial order < [x); > is coherent and !-algebraic, so it is a computation domain. 2 The counterexample on Figure 4(a) shows that if a computation domain has property I, it is not necessarily the case for its upper sections. In that domain, we have a chain f?; x1; x2; : : : ; xn; : : :g where ? < x1 < x2 < x3 < xn < with limit x. Additionally atom a1 is assumed to be compatible with x, and incomparable with each of the xi (thus x). Let us now assume also: 8j 1; 8k j xk k aj and 9aj+1 with xj < aj+1 < xj _ aj 19 ? (a) L L L L L L L L L L L L x ppppppppp ppppppppp ppppppppp ppppppppp p p p p ppppppppp y a1 L L L L L L L L L L L L x1 a2 L L L L L L L L L L L x2 a3 L L L L L L L L L L x3 a4 L L L L L L L L ? (b) L L L L L L L L L L L L x ppppppppp ppppppppp ppppppppp ppppppppp p p p p pppppppp y b1 L L L L L L L L L L L L x1 b2 L L L L L L L L L L L x2 b3 L L L L L L L L L L x3 b4 L L L L L L L L Figure 4: Property I is not valid in upper sections and 8j 1 x _ aj > x _ aj+1. The partial order de ned in this fashion is a computation domain satisfying property I. In [x) the sequence fx _ ajgj 1 is an in nitely decreasing chain of isolated elements of < [x); > between x and y. (Similarly, one can construct an example exhibiting an in nite increasing chain of isolated elements of < [x); > between x and y, see Figure 4(b)). As we indicated in the introduction to this section, we consider it desirable for the notion of data domain to be preserved under upper sections and intervals. This means that we have to consider a stronger property than property I. 3 The covering relation We have seen that the isolated elements of < [x); > are, but for x itself, of the form x _ d with d isolated, compatible and incomparable with x. The following property postulates a similar characterization of the atoms in an upper section. Property CIf x and y are two compatible isolated elements x ^ y < x =) y < x _ y 20 (a) @ @ @ H H H H H H (b) Q Q Q Q a c b Q Q Q Q Q Q Q Q d f e (c) Q Q Q Q a c b Q Q Q Q Q Q Q Q d f g (d) Q Q Q Q a d g @ @ @ @ f (e) Q Q Q Q a c b Q Q Q Q Q Q Q Q d f e g Q Q Q Q (f) Q Q Q Q a c Q Q Q Q d f e g Q Q Q Q Figure 5: Investigating Property C Remarks: i) If x and y are comparable and verify x ^ y < x, one cannot have x y otherwise x^ y = x < x which is impossible. Hence y x and x^ y = y < x. In that case, property C holds trivially. ii) While property I did not exclude any nite domain, this is not the case for property C. This is not too surprising, as it already happens for some axioms of computation domains. For example, the partial order on Figure 5(a) is not conditionally complete, the partial order on Figure 5(b) is not consistent. The partial orders on Figure 5(c) and 5(d) do not satisfy Property C. In the diagram on Figure 5(b), coherence forces one to add a maximum element g, yielding the domain of Figure 5(e). In the domain of Figure 5(c), elements a and c are compatible and ? = a ^ c < a and ? < c as well. So by property C, one should have a < a _ c and c < a _ c. If we add an element e = a _ c that covers a and c and is covered by g, we obtain again the domain of Figure 5(e) that satis es C. Finally, in the domain of Figure 5(d), we have ? = a ^ f < f but a _ f = g does not cover a. If we add an element c 21 so that ? < c < f and b = a _ c with b < g, we obtain the domain of Figure 5(f) that has property C. iii) Property C concerns only pairs of compatible elements. This property can only constrain the structure of sub-lattices in a computation domain. In lattice theory, this property is known as the lower covering condition[Bir67]. Although a computation domain is not a lattice, the forthcoming developments are largely inspired by the study of this condition in lattice theory. We begin by showing, in several steps, that if the set of isolated elements in a computation domain has property I and C, then the whole domain has property C. Proposition 3.1 Let D =< D; > be a computation domain with properties I and C. We have 8x; y 2 D x < y ) 9z 2 A(y) x ^ z < z and y = x _ z. Proof: x ^ z L L L L L x ppppppppp p p p p ppppppppp y z L L L L L If x < y, a fortiori x < y. Consider an element d of A(y) nA(x), which must exist by Lemma 1.1. Since d is not an approximant of x we have x ^ d 6= d. As D has property I, we deduce: i) x ^ d 2 A(D) because d 2 A(D). ii) 9z 2 A(y) x ^ d < z d by Proposition 2.2. This element z is not dominated by x, otherwise it would also be dominated by x ^ d. Hence x ^ z = x ^ d. Since x and d are compatible, so are x and z and by Property C, x < x _ z. Since x and z are both less than y, we obtain: x < x_ z y. But x < y so y = x _ z, which proves the result. 2 22 Proposition 3.2 In a computation domain having Property I, Property C is equivalent ot Property b C: Property b C If x and y are any two compatible elements x ^ y < x =) y < x _ y Proof: Property b C trivially implies property C. The converse is shown in two steps. 1. Assume rst that x is isolated and y is arbitrary, with x " y and x^y < x. As we have already observed, only the case where x k y is interesting. By Property I3, if x is isolated, so is x^y. Assume now that there exists a v such that y < v < x _ y. Property C excludes this possibility when y is isolated. Since y < v, there exists an approximant v1 of v which is not an approximant of y. Since x covers x ^ y, x cannot dominate v, because we would then have y = x ^ y < x = x _ y. x ^ y B B B B B B B B B B B B B t0 y v v0 x x _ y x _ t0 Therefore, there is an approximant v2 of v which is not an approximant of x. Since x_y is isolated by Property I3, we can construct the isolated element v0 = v1 _ v2 _ (x ^ y). This element veri es: v0 2 A(v) v0 = 2 A(y) v0 = 2 A(x) x ^ y v0 23 Note also that v0 doesn't dominate x, otherwise v would, which would contradict v < x _ y. Since v0 is dominated by x _ y we have now v0 x _ y = x _ ([A(y)) = [ z2A(y)(x _ z) Since v0 is isolated and the set fx_ zjz 2 A(y)g is directed, there exists an approximant t of y such that v0 x _ t. Now take t0 = t _ (x ^ y): v0 _ (x ^ y) = v0 x _ (t _ (x ^ y)) = x _ t0 The element t0 cannot dominate x, otherwise we would have x _ t0 = t0 thus v0 t0, which is impossible because v0 is not an approximant of y. So t0 ^ x = x ^ y and by Property C t0 < x _ t0. Take then w = v0 ^ t0. We have t0 w x_t0 so that either w = t0 or w = x_t0. The rst case, w = t0 is impossible because it implies v0 t0, hence v0 2 A(y). The case w = x_ t0 is also impossible, because w = v0 _ t0 is an approximant of v that cannot dominate x without contradicting v < x _ v. The existence of v leads to a a contradiction in all cases. So necessarily y < x _ y. 2. Assume now x to be an arbitrary element in the domain. By Proposition 3.1, if x^y < x, one can nd an approximant z of x with (x^y)^z < z and x = (x ^ y) _ z. From the rst inequality we deduce y > z. But x ^ y y implies also (x ^ y) ^ z y ^ z. Thus (x ^ y) ^ z y ^ z < z and (x ^ y) ^ z = y ^ z. Since y and z are compatible because y and x are, we can apply the result of part 1 and deduce y < y _ z. Since x = (x ^ y) _ z we have now x _ y = (x ^ y) _ z _ y = y _ z and thus also y < x _ y. 2 Corollary 3.1 In a computation domain D satisfying I and C, any upper section (and any interval) is atomic. Proof: Here again, we give only the proof for an upper section [x). Let y be an element such that x < y. By Lemma 1.1, we can nd an approximant z of y which is not an approximant of x and therefore x^ z < z. Since z and x^ z are isolated, there is a t in A(D) with x ^ z = x ^ t < t z. Since x " z implies x " t, we obtain using property b C x < x _ t x _ z y. 2 24 Proposition 3.3 In a computation domain satisfying I, Property C is equivalent to Property C1: Property C1 If x and y are two distinct compatible elements 9z z < x; z < y =) x < x _ y; y < x _ y Proof: 1. b C implies C1 Indeed, if x and y are distinct, element z is their glb and Property b C implies immediately x < x _ y and y < x _ y. 2. C1 implies b C Consider two compatible isolated elements x and y such that x ^ y < y. We will prove by induction that y < x _ y using Proposition 2.2. x _ y J J J J J x p p p p p p p p p p p p x _ y p p p p p p p p p p p p J J J J J d1 J J J J J d2 J J J J J d3 y J J J J J Base cases. If y = x ^ y then immediately y < x _ y = x. If y covers x ^ y then C1 gives y < x _ y. Inductive step. Assume that C is valid when there exists a maximal chain with at most n element between x^y and y and consider two isolated elements x and y such that there is a sequence of n + 1 elements fd0; d1; : : : ; dng with x ^ y = d0 < d1 < d2 < < dn = y. By property C1 we have d1 < d1 _ x. Since x < y, d1 _ x is not less than y, so d1 = (d1 _ x) ^ y. Using the induction hypothesis, we obtain y < (d1 _ x)_ y. Since d1 is less than y, we deduce y < x _ y. 2 25 De nition 3.1 A partial order satis es the Jordan-Dedekind condition if, between any two comparable elements, all maximal chains are nite and have the same length. Theorem 3.1 If D is a computation domain satisfying I and C, then A(D) satis es the Jordan-Dedekind condition. Proof: The proof follows closely the proof of Theorem 14, in chapter 2 of [Bir67]. We show by induction that if between any two comparable elements a and b of A(D) there is a maximal chain of length n, then all maximal chains have length n. Assume a b. If a = b then all maximal chains between a and b have length 0. If a < b, there doesn't exist a c with a < c < b, so fa; bg is the only maximal chain between a and b. Assume now the property valid when there exists, between two comparable elements, a chain with length less than n + 1(n 1) and take two isolated elements a and b with a maximal chain of length n+ 1 between them: a = x0 < x1 < x2 < x3 < xn < xn+1 = b Since D has property I, all maximal chains between a and b are nite and built up with elements of A(D). Take any maximal chain fy0; y1; : : : ; ylg between a and b. Two cases are possible: Case 1. x1 = y1. By induction hypothesis, all maximal chains between x1 and b have length n, so l = n + 1. Case 2. x1 6= y1. Since x1 and y1 are dominated by b, we have x1 " y1 and, by C1: x1 < x1 _ y1 and y1 < x1 _ y1. By induction hypothesis, all maximal chains between x1 and b have length n, so in particular those that have x1 _ y1 as their rst element. Hence all maximal chains between x1 _ y1 and b have length n1. Take such a chain fz0 = x1 _ y1; z1; : : : ; zn 1 = bg. The chain fy1; z0; : : : ; zn 1g is a maximal chain between y1 and b. Using again the induction hypothesis, we obtain that all maximal chains between y1 and b have length n so in particular fy1; y2; : : : ; ylg. Again l = n+ 1. 2 The Theorem above allows one to de ne an absolute notion of height for isolated elements. De nition 3.2 In a partial order < D; > with a minimum element ?, a height function is a function h from D to N such that: 26 i) h(?) = 0 ii) x < y () x y and h(y) = 1 + h(x) Corollary 3.2 In a computation domain satisfying I and C, the function h from A(D) to N that associates to any isolated x the common length of all maximal chains between ? and x is a height function. Proof: By de nition h(?) = 0. Assume now x < y. Any maximal chain f?; x1; : : : ; xh(x)g from ? to x can be extended to a maximal chain f?; x1; : : : ; xh(x); yg hence h(y) = 1 + h(x). Conversely, assume x y and h(y) = 1 + h(x). All maximal chains from x to y must have length 1, hence x < y. 2 Recall the computation domain N < N [f1g; > where is the natural ordering onN and1 is a maximum element. The height function h fromA(D) to N may be extended to an element of [D! N ] because it is monotonic. Then we will have h(x) = 1 i x is not isolated, by Corollary 1.2. This property legitimates calling nite the elements of A(D) and in nite the elements of D that are not isolated. Remark: Properties C and I do not exclude the possibility that a nite element might dominate an in nite number of nite elements, as illustrated by the counter example of Figure 6. To prove the fundamental inequality of the next Theorem 3.2, we need the following technical result: Lemma 3.1 In a partial order with Property C1 we have 8x; y; z x < y; z " y =) x _ z =< y _ z N? ? H H H H H H H H H 0 Q Q Q Q Q Q Q 1 @ @ @ @ @ 2 A A A A A 3 @ @ @ @ @ n : : : : : : > Figure 6: > dominates in nitely many elements 27 Proof: x z A A A A A A A x _ z y _ z y Since y and z are compatible, a fortiori x and z are. Let us examine the possibilities for x _ z. 1. x _ z = x i.e z x y. Then x _ z = x < y = y _ z 2. x _ z = y i.e. z y so x _ z = y = y _ z 3. x_ z k y. Then by property C x_ z < (x_ z)_ y = (x_ y)_ z = y _ z. 4. x_z y. Then x_z y_z. But from x y we also deduce x_z y_z, so x _ z = y _ z.2 Theorem 3.2 Let D be a computation domain with properties I and C, and consider two compatible nite elements a and b in D. The following inequality holds: h(a) + h(b) h(a ^ b) + h(a _ b) Proof: If a and b are comparable, assume for example a b. Since a^ b = a and a_ b = b, we have trivially h(a)+h(b) = h(a^ b)+h(a_ b). Suppose now that a k b and consider a maximal chain fx0; x1; : : : ; xng with a ^ b = x0 < x1 < x2 < xn = b All elements in this chain are compatible with a and by the previous Lemma: 8j 0 j n 1 xj _ a =< xj+1 _ a Hence, since h is a height function 8j 0 j n 1 h(xj+1 _ a) h(xj _ a) 1 Summing these inequalities X 0 j n 1 [h(xj+1 _ a) h(xj _ a)] n = h(b) h(a ^ b) So reducing the left hand side we obtain h(b_ a) h(a) h(b) h(a^ b) and hence h(a) + h(b) h(a ^ b) + h(a _ b). 2 28 Lemma 3.2 Let D be a computation domain with properties I and C, and consider two arbitrary elements a and b in D with a b. If there exists a maximal chain with nite length n between a and b, then all chains in [a; b] are nite and have a length less than n. Proof: As in the proof of Theorem 3.1, we reason by induction on n. If n = 0 or n = 1 we have respectively a = b or a < b, and the result is immediate. Assume now that the result is true provided there exists a maximal chain between two elements with length less than n + 1. Consider two elements a and b for which there exists a maximal chain of length n+ 1: a = x0 < x1 < x2 < xn < xn+1 Take Y = fyigi2I to be an arbitrary chain in [a; b]. Choose in Y an arbitrary element y distinct of a. Two cases may occur: 1. x1 y All chains from y to b are nite and include at most n elements by induction hypothesis, thus the set Z = fyiji 2 I; y yig has at most n+ 1 elements. 2. x1 k y Then y < x1 _ y by Property C1 and x1 6= x1 _ y. By induction hypothesis, all chains between x1 _ y and b are nite and include at most n elements. Thus, there exists a chain with at most n+1 elements between y and b, and by induction hypothesis the set Z de ned above has at most n+ 1 elements. Since y was arbitrary di erent of a, the set fyi 6= agi2I has at most n+1 elements, so Y has at most n+2 elements, and the chain Y has at most length n+ 1. 2 We are now ready to prove the nal result of this section. Theorem 3.3 Any upper section [x) and any interval [x; y] in a computation domain satisfying I and C is a computation domain satisfying these properties. Proof: We prove the result only for an upper section [x). We have seen that [x) is a computation domain in Proposition 3.3. Its isolated elements are of the form x_ d with d 2 A(D) and x " d. Take an element d in A(D) which is not less than x. Since x ^ d and d are isolated, there exists a maximal chain x ^ d = z0 < z1 < < zn = d By Lemma 3.1, we have zj _ x =< zj+1 _ x (0 j n 1). So x =< z1 _ x =< z2 _ x =< =< zn _ x = d _ x 29 Hence there exists a nite maximal chain from x to x_d and, by the previous lemma, all chains from x to x _ d are nite. Hence [x) has property I. Since D has property C1, the upper section [x) has property C. 2 De nition 3.3 We say that y is nite relative to x if y is isolated in [x). This relation is written x y. Corollary 3.3 In a computation domain satisfying I and C, if y is nite relative to x then all maximal chains from x to y are nite and have the same length. Proof: Simply use Theorem 3.1 in [x).2 Remarks: Standard texts about lattice theory provide alternate equivalents to property C, which is frequently called the lower covering condition. In [Bir67], a lattice that satis es this condition and in which all chains are nite is called semi-modular. In [Mae72] the term symmetric lattice is used. Elements that cover the minimum element are also called points and the interest in semimodular lattices comes from geometry. A lattice is called geometric if rst it is semi-modular and second any element is the least upper bound of a set of points. The computation domains that we consider do not have this property which is replaced by algebraicity. 4 The incompatibility relation Properties C and I concern only the structure of the sublattices in a computation domain. We must now examine more carefully the incompatibility relation. This study will lead us to postulate a new property concerning this relation. Proposition 4.1 If S is a consistent subset in a computation domain and all elements in S are compatible with a given element x, then SS and x are compatible. Proof: The set T = S [ fxg is consistent and admits a least upper bound ST . Since S is consistent and included in T , SS ST . Hence SS and x are both less than ST , thus they are compatible.2 Corollary 4.1 If a and x are two arbitrary elements in a computation domain, there exists a maximum element x=a less or equal to x and compatible with a. The element a_ (x=a) is called the pseudo least upper bound of a and x, and noted a_x. 30 Proof: Let S be the set of elements less than x compatible with a. By the previous proposition, SS is compatible with a and the result is proved using x=a = SS. 2 Proposition 4.2 For any element a in a computation domain, the functions x:x=a and x:a_x are continuous. Proof: We use the characterization of Lemma 1.2. First both functions are monotonic: ( x x0 =) x=a x0=a x x0 =) a_x = a _ x=a a _ x0=a = a_x0 Consider now an approximant e of x=a. Since e is compatible with a we have e = e=a so the function x:x=a is continuous. Consider now an approximant e of a_x. Since e is isolated and e a_ x=a = Sz2A(x=a)(a_ z), there exists an approximant d of x=a such that e a _ d. But when a and d are compatible, a_d = a _ d, hence we obtain e a_d. Therefore the function x:a_x is continuous. 2 Remark: The function x y:x_y is not monotonic in its rst argument. For example in domain T we have ?_1 = 1 and 0_1 = 0. In a computation domain satisfying I and C, we can give a more precise characterization of the incompatibility relation. De nition 4.1 An interval [a,b] is called prime when a < b. Proposition 4.3 In a partial order D, the intervals are ordered by the relation de ned by: [a; b] [c; d] () a = b^ c and d = b _ c The resulting partial order is noted I(D). Proof: Re exivity If [a; b] is an interval, then a b so a = b ^ a and b = b _ a. So [a; b] [a; b]. Antisymmetry If [a; b] [c; d] then also a c and b d. So from [a; b] [c; d] [a; b] we deduce a c a and b d b. By antisymmetry in D we obtain a = c and b = d. 31 Transitivity Consider three intervals [a; b], [c; d], [e; f ] and assume [a; b] [c; d] [e; f ]. Using the de nition we write ( a = b ^ c; c = d ^ e hence a = b ^ d ^ e d = b_ c; f = d _ e hence f = b_ c_ e Now b d and c e yield a = b^ e and f = b _ e, i.e. [a; b] [e; f ]. 2 Proposition 4.4 Let D be a computation domain satisfying I and C. Two elements x and y in D are incompatible i there are two prime intervals [x1; x01] and [y1; y0 1] included respectively in [x ^ y; x] and [x ^ y; y], and two prime intervals [u; a] and [u; b] with: [x1; x01] [u; a] [y1; y0 1] [u; b] x ^ y u a#b Proof: The situation described in the statement of the proposition is summarized in the gure below: x ^ y y @ @ @ @ @ @ @ x x01 x1 y0 1 @ @ @ @ y1 @ @ @ @ @ u a b Consider two incompatible elements x and y and let us reason in the computation domain [x ^ y). Since A(y) is a directed set, hence consistent, there exists necessarily an element y0 in A(y) that is incompatible with x. Take y1 = y0=x. Since y1 is less than y0 which is isolated in [x ^ y), it is also isolated by Property I. Take for y0 1 any element such that y1 < y0 1 y. Such an element must exist because y1 is compatible with x thus di erent of y, which is not, by hypothesis. By de nition of y1 we must have y0 1#x. We notice then that x ^ y0 1 = x ^ y and perform the construction again, nding x1 and x01 isolated such that: x1 " y0 1 x1 < x01#y0 1 Now we take u = x1 _ y1, a = x01 _ y1 , and b = x1 _ y0 1. Since x1 and y1 are isolated in [x ^ y), so is u. Since x01 and y0 1 dominate respectively x1 and y1, we can write: a = x01 _ (x1 _ y1) = x01 _ u 32 and b = (x1 _ y1) _ y0 1 = u _ y0 1 Finally u dominates neither x01 nor y0 1 because x01#y0 1. Thus u ^ x01 = x1 and u^y0 1 = y1. Using Property C, we conclude u < x01_u = a and u < y0 1_u = b and, since x01 and y0 1 are incompatible, a#b. The proposition is proved from left to right. Conversely, assume that we have two prime intervals [x1; x01] and [y1; y0 1] included respectively in [x^ y; x] and [x ^ y; y], and two prime intervals [u; a] and [u; b] with: [x1; x01] [u; a] [y1; y0 1] [u; b] a#b Elements a and b are incompatible and b = u_y0 1. Since a and u are compatible, then a and y0 1 must be incompatible. But a = x01 _ u and u " y0 1. So nally x01#y0 1, and consequently x#y. 2 We introduce now a new property, Property Q, that restricts the way in which incompatibilities may appear. Property QIf x and y are two incompatible isolated elements x ^ y < x =) 9!t t#x; x ^ y < t y Very simple nite computation domains fail to have Property Q. For example the domains whose diagrams are represented on Figure 7 do not satisfy Q. For the rst one, we observe that a and b are incompatible, with a ^ b = ? and ? < b. But c is the only element in [?; a] that covers ?, and it is compatible with d. So there exists no element t such that a ^ b < t a and t#b. In the second case, the domain of Figure 7 (b), it is unicity that is (a) a c @ @ @ b d@@@ (b) !!!!!!! a b @ @ @ c d@@@ Figure 7: (a) and (b) fail to have Property Q 33 not satis ed. Indeed, elements a and d are incompatible, and ? = a^ d < a. But both b and c cover ?, are less than d and are incompatible with a. These examples suggest that Property Q may be considered as the conjunction of two simpler properties. Notation: Let x be an arbitrary element in a computation domain D. We will note Px the set fzjx < zg of atoms of [x). On Px we can de ne the relation Rx by aRxb () a#b or a = b Relation Rx is of course re exive and symmetric. Proposition 4.5 In a computation domain D, Property Q is equivalent to the conjunction of the following properties QE and QU: Property QE (Existence of a minimal incompatible element) 8x; y 2 A(D) x#y; x ^ y < x =) 9t#x; x ^ y < t y Property QU (Uniqueness) 8x 2 A(D) Rx is an equivalence relation on Px Proof: i) Q implies QE and QU. It is immediate that Q implies QE, which is weaker. But we already know thatRx is re exive and symmetric, so we need only to show that Q implies that Rx is transitive. Consider three elements a, b, and c of Px with aRxb and bRxc. If a = b or b = c we have immediately aRxc. Suppose now a#b and b#c. We need to show that either a = c or a#c. Assume we had a " c. From b#a and b#c we deduce b#a_ c. There can be only one element t such that b#t a _ c by Property Q. But both a and c satisfy this condition. Hence a = c. ii) Assume now QE and QU. Consider two isolated elements x and y with x#y and x ^ y < x. By QE there exists an element t with x#t and x ^ y < t y. Let now t0 be an arbitrary element such that x#t0 and x^y < t0 y. In Px^y we have xRx^yt and xRx^yt0. Thus, since Rx^y is an equivalence relation tRx^yt0. But t and t0 are compatible, because both are less than y. So t = t0. Hence QE and QU imply Q. 2 De nition 4.2 Two prime intervals [x; x0] and [y; y0] are equipollent when x = y and x0Rxy0. 34 We call IP (X) the set of prime intervals in a partial order X . The previous result shows that if D has Property Q, equipollence is an equivalence relation on IP (A(D)). Following what we did for Property C, we will show that it is su cient to postulate property Q on the isolated elements in a computation domain for it to be valid in the whole domain. Proposition 4.6 In a computation domain satisfying I and C, consider two arbitrary elements x and y such that x#y and x ^ y < x. There exists an approximant e of x with e#y; e ^ y < e and e _ (x ^ y) = x Proof: d ^ y y x ^ y @ @ @ d e x @ @ If x is incompatible with y, there exists an approximant d of x incompatible with y since A(x) is a consistent subset, using Proposition 4.1. Since d is therefore not comparable with y, we have necessarily d ^ y < d. We can then nd, by Corollary 3.1 an element e with d ^ y < e d. Since e covers d ^ y and is not less than y we have also e ^ y = d ^ y. By Property b C we obtain x ^ y < (x ^ y) _ e. Since e is an approximant of x, the element (x^ y)_ e is less than x. As x covers x^ y by hypothesis, we obtain (x ^ y) _ e = x. Finally, elements e and y are incompatible, otherwise we would have x = e _ (x ^ y) e _ y so x and y would be incompatible, which contradicts the hypothesis. 2 Lemma 4.1 In a computation domain satisfying properties I and C, Property QE is equivalent to Property d QE: Property d QE8x; y x#y; x ^ y < x =) 9t#x; x ^ y < t y 35 Proof: Propertyd QE trivially implies Property QE. The converse is proved in two steps. 1. Assume rst that x is isolated and y is an arbitrary element with x#y and x^y < x. As we have remarked before, there exists an approximant d of y which is incompatible with x. Since both d and x^y are less than y, de ne e by e = d _ (x ^ y). The element e is isolated because both d and x^ y are, and incompatible with x because d is. Hence x^ y = x^ e and we can use property QE. There exists t with x#t and x^e < t e, and we deduce immediately x#t and x ^ y < t y. x ^ y y e @ @ @ x @@@@ d 2. Consider now an arbitrary x. By Proposition 4.6, there exists an isolated element e with e#y, e ^ y < e, and e _ (x^ y) = x. e ^ y x ^ y D D D x D D D e y t u So we can use the result of the rst case and nd an element t with e#t and e^ y < t y. We notice now rst that t and x^ y are compatible (both are less than y) and second that t is not less than x^ y (because t is incompatible with e); so we deduce t^ (x^ y) = e^ y. Using property 36 b C: x ^ y < (x ^ y) _ t = u The element u is incompatible with e thus with x and we have as requested x ^ y < u y. 2 Proposition 4.7 In a computation domain with properties I and C, let a, x, and y be three elements satisfying (G1) a < x; a < y; x#y Then there are three elements , , and approximants (resp.) of a, x, and y in the con guration correponding to (G1), as well as: x = _ a and y = _ a Proof: A A A x1 H H H H H H A A A A A A A A A A A A A A A y1 H H H H H H A A A A A A A A A A A A a A A A x y Applying twice Proposition 4.6, we can nd x1 and y1, approximants of x and y (resp.) with ( x1#y; x1 ^ y < x1; x1 _ a = x y1#x; y1 ^ x < y1; y1 _ a = y Now take = (x1 ^ y) _ (y1 ^ x). The element is an approximant of a and it dominates neither x1 nor y1. So: ( ^ x1 = x1 ^ y < x1 ^ y1 = x ^ y1 < y1 37 By property C we obtain ( < _ x1 = < _ y1 = and since and are necessarily incomparable with a: ( x = _ a y = _ a If and were compatible, the set f ; ; ag would be consistent, admitting thus a lub that would dominate _a and _a. But this is impossible because x and y are incompatible by hypothesis. So we have: < ; < ; # 2Proposition 4.8 In a computation domain with properties I and C, let a, x, y, and z be four elements satisfying (G2) a < x; a < y; x#y; y#z; x 6= z Then there are four elements , , , and approximants (resp.) of a, x, y, and z satisfying (G2) as well as: x = _ a y = _ a z = _ a Proof: First we apply the previous result to the three elements a, x, and y. We can nd 1, 1, and 1 approximants of a, x, and y with: ( 1 < 1; 1 < 1; 1# 1 x = 1 _ a; y = 1 _ a Consider now [ 1). By Proposition 3.1, we can nd an element such that 1 with ( ^ a = < z = _ a Since 1 is isolated, so is as well as the elements and de ned by ( = 1 _ = 1 _ 38 (Since 1 and 1 are compatible with a, they are a fortiori compatible with ). Since 1 and 1 cannot be less than a hence than ( 1 ^ = 1 < 1 1 ^ = 1 < 1 and by property C: ( < < We also have < . Let us show the remaining properties. First, # since 1# 1. Next we have: 8><>: x = a _ 1 = a _ 1 _ = a _ y = a _ 1 = a _ 1 _ = a _ z = a _ If and were compatible the set fa; ; g would be consistent, which contradicts the fact that x and y are incompatible. So we have also # . Last, since x 6= z, we have trivially 6= . 2 Remark: In the previous propositions, as well as in several propositions in this section, we use freely coherence, which sometimes leads to shorter proofs. However this property is not necessary for the results to hold. Lemma 4.2 In a computation domain satisfying properties I and C, Property QU is equivalent to Property d QU: Property d QUIn IP (D), equipollence is an equivalence relation. Proof: Property d QU implies trivially property QU which is weaker. The converse is a corollary of the previous result. Let [a; x], [a; y], and [a; z] be three intervals with [a; x]R[a; y] and [a; y]R[a; z]. As in Proposition 4.5, the only non-trivial case is when x " z with x#y, y#z, and x 6= z. By Proposition 4.6, we can then nd approximants , , , for a,x,y,z with: < < < # # 6= as well as x = a_ and z = a_ . So if x and z are compatible, so are and . But property QU excludes this possibility. So x and z must be incompatible and the equipollence relation is an equivalence on prime intervals. 2 39 Corollary 4.2 In a domain satisfying I and C, property Q is equivalent to property b Q: Property b Q If x and y are two incompatible elements x ^ y < x =) 9!t t#x; x ^ y < t y Proof: It is easy to show, as in Proposition 4.5, that b Q is equivalent to the conjunction of d QE and d QU. 2 Corollary 4.3 In a domain D satisfying properties I, C, and Q, an upper section also satis es these properties. Proof: Consider an arbitrary upper section [a). As a computation domain, [a) has properties I and C. If x and y are two elements of [a), then x ^ y also belongs to [a). So if D satis es property b Q , so does [a). 2 Notation: If [a; b] and [c; d] are equipollent prime intervals, we write now [a; b] ' [c; d]. De nition 4.3 In a partial order D, two intervals are transposed i they are comparable as elements of I(D). We call T the transposition relation. This relation is obviously re exive and symmetric. Lemma 4.3 In a computation domain satisfying I, C, and Q, equipollence and transposition commute on IP (D), i.e. ' T = T '. Proof: Consider prime intervals [a; a0], [a; a00], and [b; b0] such that [a; a0] ' [a; a00] and [a; a00]T [b; b0]. We must show that there exists a prime interval [b; b00] such that [a; a0]T [b; b00] and [b; b00] ' [b; b0]. If a0 = a00 then [a; a0]T [b; b0] and we can take [b; b00] = [b; b0]. Thus, assume a0#a00. If [a; a00] = [b; b0], we can take [b; b00] = [a; a0]. Two cases are still possible: Case 1: [a; a00] < b; b0] 40 a @ @ @ a0 a00 b b0 In this case, a0 is necessarily compatible with b. Assume indeed a0#b. By property Q, there exists an element t with a0#t and a < t b. Therefore [a; a00] ' [a; a0] ' [a; t]. By Q again [a; a00] = [a; t]. Now either a00#t, but this is impossible because both a0 and t are less than b0 or a00 = t, but this is also impossible because a00 ^ b = a 6= a00 so a00 is not less than b while t is less than b. So we can take b00 = a0_b. Since a0^b = a < a0, by property C b < b00. Finally, elements b00 and b cannot be compatible, because otherwise a0 and a00 would be compatible, which contradicts the hypothesis. We have [a; a0]T [b; b00] and [b; b00] ' [b; b0], which concludes this case. Case 2: [a; a00] > [b; b0] b b0 a a00 @ @ @ a0 In this case, a0 and b0 are necessarily incompatible. Indeed, if a0 and b0 were compatible, the element a0_b0 = a0_a_b0 = a_a00 would exist, which contradicts a0#a00. From a0#b0 we deduce by Q, since a0 ^ b0 = b < b0, that there exists an element b00 with b00#b0 and b < b0 a0. This element b00 is not less than a, otherwise a00 would dominate b0 and b00, so b00 _ a = a0 and b00 ^ a = b. So [a; a0]T [b; b00] and [b; b00] ' [b; b0], which concludes this case and the proof of the Lemma. 2 De nition 4.4 The projectivity relation is the transitive closure of transposition. 41 This relation is an equivalence relation written . If intervals [a; b] and [c; d] satisfy [a; b] [c; d], they are called projective intervals. We will only consider this relation for prime intervals. Theorem 4.1 On the prime intervals of a partial order satisfying I, C, and Q, equipollence and projectivity are commuting equivalence relations, i.e: ' = ' Proof: By the previous lemma we know that ' T = T '. Let us show by induction that for any n, n positive, we have: ' T n = T n ' The case were n = 1 is immediate and ' T n+1 = (' T n) T = (T n ') T by induction hypothesis = T n (' T ) by associativity = T n (T ') = T n+1 ' by associativity again As [a; b] ' [c; d] i there is an integer n such that [a; b] ' T n[c; d], we have then also [a; b]T n ' [c; d] hence [a; b] ' [c; d]. 2 The product of the equivalence relations ' and is again an equivalence relation that we will write . Since the relation extends ', we will say from now on that the prime intervals [a; b] and [c; d] are equipollent i [a; b] [c; d]. Before studying further equipollence and projectivity, we try to give an intuitive feeling for the meaning of these relations. Example 1: Consider the domain O3 whose diagram is shown on Figure 8. Since this domain is a lattice, it cannot be used to illustrate equipollence. However, there are three equivalence classes for the projectivity relation . 1: [(?;?;?); (>;?;?)] [(?;>;?); (>;>;?)] [(?;>;>); (>;>;>)] [(?;?;>); (>;?;>)] 2: [(?;?;?); (?;>;?)] [(>;?;?); (>;>;?)] [(>;?;>); (>;>;>)] [(?;?;>); (?;>;>)] 3: [(?;?;?); (?;?;>)] [(>;?;?); (>;?;>)] [(>;>;?); (>;>;>)] [(?;>;?); (?;>;>)] Example 2: Consider the domain O T whose diagram is shown on Figure 9. Here, there are three equivalence classes for the projectivity relation . 42 ? (?;?;?) Q Q Q Q (>;?;?) (?;?;>) (?;>;?) Q Q Q Q Q Q Q Q (>;>;?) (?;>;>) (>;?;>) (>;>;>) Q Q Q Q Figure 8: Domain O3 1: [(?;?); (0;?)] [(?;>); (0;>)] 2: [(?;?); (1;?)] [(?;>); (1;>)] 3: [(0;?); (0;>)] [(?;?); (?;>)] [(1;?); (1;>)] The union of classes 1 and 2 is an equivalence class for the equipollence relation, while class 3 is a second one. The fact the O contains two incompatible atoms results in the rst equipollence class containing exactly two projectivity classes. The fact that we have a cartesian product of two domains can be seen in the presence of two equipollence classes. With the help of these two equivalence relations, we are able to analyze the structure of a computation domain. Naturally, the Representation Theorem will be based on these relations, that we study now in greater depth. (?;?) Q Q Q Q (0;?) (0;>) (1;?) (1;>) (?;>) Q Q Q Q Figure 9: Domain O T 43 ? H H H H H H a > c H H H H H H b Figure 10: The diamond domain 5 The projectivity relation If two prime intervals are projective, we would like them to represent the same elementary information increment, possibly taking place in two distinct global states. We shall call now an elementary decision, or more brie y a decision, an equivalence class of projective prime intervals. However, such an interpretation of projectivity faces an inconsistency that can only be eliminated by postulating an additional property. Consider the partial order on Figure 10. It is trivial to verify that this partial order is a computation domain satisfying I,C, and Q. Since we have also [?; a] [b;>] [?; c] [a;>] [?; b] [c;>] all prime intervals in this lattice belong to one and the same projectivity class. It is di cult to accept that a single elementary decision may allow the construction of four di erent elements. More speci cally, two precise facts run counter to our interpretation: i) All prime intervals of the form [?; x] are projective, and should constitute the same elementary decision, ii) To go from ? to b, for example, the \decision" is the same one as to go from b to >. The lattice of Figure 10 plays an important role in lattice theory so one might try simply to exclude such a con guration with ve elements from a computation domain. We will see that if a computation domain is a lattice, this idea is valid. But as there are incompatible elements, the situation is more intricate. Consider for example the domain of Figure 11, which is represented by a Hasse diagram \seen from above". 44 ? @ @ @I @@@R @ @ @I @@@R @ @ @I @ @ @I @@@R @@@R @ @ @I @@@@@@R @ @ @ @ @ @I @@@@@@R b b0 a @ @ @I @ @ @I a0 d d0 c? c0 Figure 11: Diamond is not a sublattice Arrows point upwards in the partial order. A sublattice of this domain must be a sublattice of one of the intervals [?; a0], [?; b0], [?; c0], or [?; d0] because elements a0, b0, c0, and d0 are maximal and incompatible. But it is clear that none of these intervals contains a sublattice that is isomomorphic to the ve element lattice of Figure 10. However, phenomena that we have considered above as inconsistent with our intuition still occur: in the interval [a; a0] all prime intervals are projective. In a similar fashion, the 25 element domain of Figure 12 shows that two distinct prime intervals may be simultaneously projective and equipollent: [a; a1] [a; a2] and a1#a2. But in our understanding, two distinct equipollent prime intervals should correspond to two contradictory elementary information increases. The examples above, due to Gordon Plotkin, point to a new property, that we call property R. Property R If [a; x] and [a; y] are two projective prime intervals with isolated endpoints, then x = y 45 ? @ @ @I @@@R @@@R @ @ @I @ @ @I @@@R b a d c a2 @ @ @I @@@R @ @ @I @@@R C C C C C C C C C a1 C C C C C C @ @ @I @@@R C C C C C C @ @ @I @@@R C C C Figure 12: Another counterexample This property can be stated in the following way: if a is an isolated element, then two distinct elementary increases from a are two distinct decisions. Before examining the many consequences of property R, we show as is now customary that the property is valid for two arbitrary prime intervals. Proposition 5.1 Consider two prime intervals with isolated endpoints [a; a0] and [b; b0], in a computation domain satisfying I and C. If there exists a prime interval [c; c0] such that [a; a0] [c; c0] [b; b0] then there exists a prime interval [d; d0] with isolated endpoints such that [a; a0] [d; d0] [b; b0] Proof: By hypothesis, c0 = a_c hence c0 = a_ (SA(c)) and c0 = Sz2A(c)(a0_ z). The set fa0 _ zjz 2 A(c)g is directed and it dominates b0. So there exists an isolated element e with b0 a0 _ e; e 2 A(c). Take d = e _ a _ b. The element d is an approximant of c that dominates a and b. So d dominates neither a0 nor b0 and, by property C, d < d _ a0 and d < d _ b0. So since b0 a0_ e a0_ e_a_ b = a0_d we have d < d_ b0 d_a0. Elements d_ b0 and d _ a0 are thus equal to the same element d0 and [a; a0] [d; d0] [b; b0] 2Proposition 5.2 In a computation domain satisfying I and C, property R is equivalent to property b R: 46 Property b R If [a; x] and [a; y] are two projective prime intervals then x = y Proof: Property b R implies trivially property R. Conversely, consider two arbitrary projective prime intervals [a; x] and [a; y]. There exists a sequence f[xi; x0i]g0 i n with [x0; x00] = [a; x] and [xn; x0n] = [a; y] such that [x0; x00]T [x1; x01] T [xn; x0n] By Lemma 3.1, we can nd intervals with isolated endpoints [zi; z0 i] [xi; x0i] (0 i n). If we take now [ti; t0i] = [xi _ xi+1; x0i _ x0i+1] (0 i n 1) we have [zi; z0 i] [ti; t0i] [zi+1; z0 i+1] (0 i n 1) By the previous proposition, there are prime intervals with isolated endpoints [ui; u0i] (0 i n 1) such that [zi; z0 i] [ui; u0i] [zi+1; z0 i+1] (0 i n 1) As a consequence, [z0; z0 0] and [zn; z0 n] are projective in A(D). From [z0; z0 0] [a; x] and [zn; z0 n] [a; y] we deduce that z0 and zn are both less than a and we can take z = z0 _ zn. This element z cannot dominate z0 0 nor z0 n since it is an approximant of a that does not dominate them. Hence ( z ^ z0 0 = z0 z ^ z0 n = zn therefore ( z < z _ z0 0 = z0 z < z _ z0 n = z00 which shows that [z0; z0 0] [z; z0] and [zn; z0 n] [z; z00]. Since z is isolated and [z; z0] [z; z00], we can use property R and deduce z0 = z00. Since we have also [z; z0] [a; x] and [z; z00] [a; y] we conclude x = y. 2 Corollary 5.1 In a domain satisfying I,C, Q , and R, any upper section (and any interval) satisfyies these properties. Proof: Consider an upper section [b). If the prime intervals [a; x] and [a; y] are projective in [b), they are also projective in the whole domain. Hence x = y, so the upper section [b) has property R. We know from before that it has properties I,C, and Q. 2 47 Proposition 5.3 In a computation domain D satisfying I,C, and R consider two compatible elements x and y. If [a; a0] is a prime interval such that a x ^ y and a0 x _ y Then either a0 x or a0 y. Proof: Notice rst that in the case where x and y are comparable, say x y, we have immediately a0 y = x _ y so that the proposition holds trivially. Suppose now x k y. We can also assume a0 6 x ^ y otherwise the proposition is again immediate. Consider rst the case where x and y are nite relative to x ^ y. Case 1. x ^ y x; x^ y y The proof is by induction on the sum (x; y) of the lengths of the maximal chains from x ^ y to x and from x ^ y to y. i) Base case Since x k y the rst case to consider is when (x; y) = 2, i.e. x^y < x and x^y < y. From a0 k x^y we deduce a = a0^x^y, and by property C, which we can use because a0 " x^ y we obtain: x ^ y < a00 x _ y with a00 = a0 _ (x ^ y). Now either a00 = x and then a0 x, or a00 6= x and then, by Property C, we have x < a00 _x x_ y. But we have also x < x_ y so a00 _x = x_ y. From [x ^ y; a00] [x; x _ y] x ^ y; y] we deduce by property R that a00 = y. As a result, we have indeed when (x; y) = 2 either a0 x or a0 y. ii) Induction step Assume now (x; y) = n; n 2. Since x and y are incomparable we have x^ y < x and x^ y < y. By atomicity, there are two elements x1 and y1 with x^y < x1 x and x^y < y1 y. Take now z = x1 _ y1, x01 = x _ y1 = x _ z, y0 1 = y _ x1 = y _ z. Elements x01, y0 1, and z do exist because x and y are compatible. x ^ y @ @ @ @ @ @ x x _ y y @ @ @ @ @ @ x1 y1 @ @ @ @ @ @ z x01 y0 1 48 Two cases are now possible: Case 1.1 a0 z: Then the result of the base case may be used to deduce that either a0 x1 or a0 y1, thus either a0 x or a0 y. Case 1.2 a0 6 z: Then a = a0 ^ z. Since a0 and z are both less than x _ y they are comaptible and we can use property C. With a00 = z _ a0 we have z < a00 x _ y. But x01 _ y0 1 = x_ z _ y _ z = x_ y and since z is less than x01 and y0 1 we have also z x01 ^ y0 1. To be in a position to apply the induction hypothesis to the interval [z; a00] and elements x01 and y0 1, we need only verify that (x01; y0 1) < (x; y). Now (x01; y0 1) is less than the sum of the lengths of maximal chains from z to x01 and from z to y0 1. So (x01; y0 1) n 2. Applying the induction hypothesis yields that either a00 x01 or a00 y0 1. Assume without loss of generality that a00 x01. Since a0 a00 we have also a0 x01. But (x; z) n 1. We can use the induction hypothesis again for the interval [a; a0] and the elements x and z, to conclude that either a0 z or a0 x. We have assumed that a0 6 z. So a0 x. Case 2. Assume now x and y are arbitrary and take again a00 = a0 _ (x ^ y). Since the upper section [x ^ y) is a computation domain, there are approximants x0 and y0 of x and y in this domain such that the atom a00 is dominated by x0 _ y0. Then a x ^ y x0 ^ y0 and a0 x0 _ y0 with x0 ^ y0 x0 and x0 ^ y0 y0. Using the result of the rst case, we deduce that either a0 x0 or a0 y0, so that again a0 x or a0 y.2 Corollary 5.2 In a computation domain satisfying properties I, C and R, no sublattice is isomorphic to the sublattice of gure 10. Proof: Let x and y be two arbitrary compatible, incomparable elements. Take any z such that x ^ y < z < x _ y. By atomicity, there is an element t with x^ y < t z. By the previous result, either t x or t y. In the rst case, x ^ y < x ^ z and in the second case x ^ y < y ^ z. 2 To prove the converse, we need a very useful result that limits the cases that we need to consider when two intervals are projective. This result is obtained in two steps. 49 Proposition 5.4 In a computation domain satisfying I, C, and R, consider three prime intervals [a; a0], [b; b0], and [c; c0] such that [a; a0] [b; b0] [c; c0]. If a and c are compatible, then we have also [a; a0] [a _ c; a0 _ c0] [c; c0]. Proof: b @ @ @ @ @ @ a a _ c c @ @ @ @ @ @ b0 @ @ @ @ @ @ c0 a0 By de nition of the relation for intervals we have a0 = a_b0 and c0 = b0_c. Since a and c are compatible, the triple fa; b0; cg is consistent. It has a lub d0 = a _ b0 _ c. But ( d0 = a _ c _ b0 = (a _ c) _ (c_ b0) = (a _ c)_ c0 d0 = a _ c _ b0 = (a _ c) _ (a _ b0) = (a _ c)_ a0 Take d = a _ c. Since b0 is not less than a nor c, by the previous proposition b0 is not less than a_ c. Thus d0 is di erent from d, so d < d0 by property C. Since d0 dominates a0 and c0, d0 = a0 _ c0. Since we have [a; a0] [d; d0] [c; c0] the result follows. 2 De nition 5.1 We call concrete domain a domain of computation satisfying properties I, C, Q, and R. Lemma 5.1 In a concrete domain, two distinct prime intervals [a; a0] and [b; b0] are projective i there exists an alternating sequence of prime intervals f[x0; x00]; [x1; x01]; : : : ; [xn; x0n]g i.e. [a; a0] = [x0; x00], [b; b0] = [xn; x0n], and either ( [a; a0] < [x1; x01] > [x2; x02] < [x3; x03] [xn; x0n] [a; a0] > [x1; x01] < [x2; x02] > [x3; x03] [xn; x0n] satisfying additionally condition Z: 8i 2 [0; n 2] [xi; x0i] > [xi+1; x0i+1] < [xi+2; x0i+2] ) xi#xi+2 50 Proof: The proof proceeds by induction on the length of the sequence of transpositions that are needed to go from [a; a0] to [b; b0]. If [a; a0]T [b; b0] the result is immediate. Assume now the property to be true for two projective prime intervals for which there is a sequence of transpositions of length at most n 1, and suppose [a; a0]T [x1; x01] [xn 1; x0n 1]T [b; b0]. By induction hypothesis there is an alternating sequence f[y1; y0 1]; : : : ; [ye; y0 e]g between [x1; x01] and [b; b0]. Thus two cases are possible: Case 1: [x1; x01] < [y1; y0 1] > [y2; y0 2] < [b; b0] Case 1.1:[a; a0] [x1; x01]. Then we have also [a; a0] [y1; y0 1] by transitivity and so [a; a0] < [y1; y0 1] > [y2; y0 2] < [b; b0] Case 1.2: [a; a0] > [x1; x01]. Then if a#y1 the sequence f[a; a0]; [x1; x01]; [y1; y0 1]; : : : ; [b; b0]g satis es condition Z. Otherwise, by the previous result, we have: [a; a0] < [a _ y1; a0 _ y0 1] > [y1; y0 1] and the sequence f[a; a0]; [a _ y1; a0 _ y0 1]; [y2; y0 2] < : : : [b; b0]g is an alternating sequence. If y3 exists, we know that y1#y3 so a fortiori a _ y1#y3 and the sequence satis es Z. Case 2: [x1; x01] > [y1; y0 1] < [y2; y0 2] > [b; b0] Case 2.1: [a; a0] < [x1; x01]. Then f[a; a0]; [x1; x01]; [y1; y0 1]; : : : ; [b; b0]g is an acceptable alternating sequence. Case 2.2: [a; a0] [x1; x01]. Then by transitivity [a; a0] > [y1; y0 1] and the sequence f[a; a0]; [y1; y0 1]; : : : ; [b; b0]g is an alternating sequence. Since we had x1#y2, certainly a#y2 and the sequence satis es Z. 2 Corollary 5.3 If a concrete domain is a lattice, two prime intervals [a; a0] and [b; b0] are projective i there exists a prime interval [c; c0] such that [a; a0] [c; c0] [b; b0] Proof: Since two elements cannot be incompatible, the only alternating sequences of prime intervals between two distinct prime intervals [a; a0] and [b; b0] are of the form: 1: [a; a0] < [b; b0] 2: [a; a0] > [b; b0] 3: [a; a0] < [c; c0] > [b; b0] 51 Collecting these three cases with the case where [a; a0] and [b; b0] are identical, we obtain [a; a0] [c; c0] [b; b0]. The converse is immediate. 2 Theorem 5.1 If a computation domain is a lattice satisfying I and C, the property R is equivalent to property RT : Property RT No sublattice is isomorphic to the lattice of Figure 10. Proof: We already know by Corollary 5.2 that R implies RT . Assume now that RT holds and consider two projective prime intervals [a; x] and [a; y]. By Corollary 5.2, there exists a prime interval [c; c0] such that [a; x] [c; c0] [a; y] We will reason by induction on (a; c), the length of the maximal chains from a to c to prove that such a con guration implies x = y when a c, and then by continuity to prove the result in general. Case (a; c) = 0. Then a = c and c0 = x_c = x_a = x as well as c0 = y_c = y _ a = y so x = y. Case (a; c) = 1. Then (a; c0) = 2. Since c_ x 6= c and c_ y 6= c, necessarily c 6= x and c 6= y. It is not possible to have c0 = x _ y because the sublattice including a; x; c; y; c_ y would be isomorphic to the lattice of gure foo. Hence x_ y < c0, which implies (a; x_ y) 1. Consequently x and y are comparable. As both cover a they must be equal. Case (a; c) = n > 1. Then there exists an element d with a < d c so (d; c) = n 1. Since a = x ^ c = x ^ d and a = y ^ c = y ^ d, using property C we deduce d < d_ x and d < d_ y. We have immediately [d; d_ x] [c; c0] [d; d_ y] By induction hypothesis the d _ x = d _ y. But then, if x and y were distinct, the lattice including a; x; y; d; c_ x would be isomorphic to the lattice of Figure 10. So we must have x = y. We conclude the proof using Proposition 5.1. If [a; x] [c; c0] [a; y] there exists a prime interval [ ; 0] with a and [a; x] [ ; 0] [a; y]. Hence here again x = y. 2 52 An interesting consequence of property RT is that it excludes a domain like the one on Figure 6. More precisely: Proposition 5.5 In a concrete domain, an interval [x; y] of height n contains at most n elements covering x. Proof: We reason again by induction on the height of the interval [x; y]. The result is immediate when x = y and x < y. If all maximal chains from x to y have length 2, then consider two elements a and b covering x and less than y. If they are distinct, we have y = a _ b by property C. Property RT excludes the possibility of a third element c less than y covering x. Now in the general case, assume all maximal chains from x to y have length n, with n > 2. Consider an arbitrary element t such that x < t y. The interval [t; y] is of height n 1 and by induction hypothesis there are at most n 1 elements covering t in that interval. x @ @ @ H H H H H H b a t @ @ @ y By property RT , the mapping that associates to any element of [x; y] covering x the element x_ t is an injection. So there are at most n 1 elements of [x; y] covering x and distinct from t. If we now count t, the result is established. 2Corollary 5.4 In a concrete domain, if x y the interval [x; y] contains only nitely many elements. Proof: We reason again by induction on the height (x; y) of the interval [x; y]. If (x; y) = 0 or (x; y) = 1 the result is immediate. Suppose now (x; y) = n > 1. Then for any a covering x in [x; y] there are, by induction hypothesis, nitely many elements in [a; y]. Since the number of elements covering x in [x; y] is nite, there are nitely many elements in [x; y]. 2 Corollary 5.5 In a concrete domain, a nite element dominates only nitely many elements. 53 Remark: We are not too concerned with the independence of the various axioms that we postulate for computation domains, nor of the properties that we have studied so far. But one may notice here that properties C and RT imply respectively conditional completeness and coherence, which in a way is another argument in favor of these axioms. Since coherence has been studied relatively little in the literature, we prove that it is not independent of I,C, Q and RT . Proposition 5.6 If an algebraic partial order is conditionally complete, and it satis es properties I,C,Q, and RT , then it is coherent. Proof: By proposition 1.2, we need only to show that any pairwise consistent triple a; b; c has a least upper bound. We reason by induction on (a^b^c; a). a) Base cases: If (a ^ b ^ c; a) = 0, then a,b, and c are less than b _ c. If (a^ b^ c; a) = 1, then suppose a were incompatible with b_ c. a ^ b ^ c @ @ @ P P P P P P P P P a b c @ @ @ b_ c By property Q, since a ^ b^ c = a ^ (b_ c) there exists a t such that a ^ b ^ c < t b _ c and a#t But by proposition 5.2 (whose proof doesn't rely on coherence!) that can be applied since a ^ b^ c b^ c, either t b or t c. But then, in either case the set fa; b; cg cannot be pairwise consistent. If for example t is less than b, then b cannot be compatible with a. So a " (b _ c) and by conditional completeness a _ (b _ c) exists. b) Induction step: Assume the property holds when (a ^ b ^ c; a) < n 1 and assume (a ^ b ^ c; a) = n. consider a maximal chain a ^ b^ c = x0 < x1 < x2 < < xn 1 < xn = a from a ^ b^ c to a. Since the triple fa; b; cg is pairwise consistent, so is the triple fxn 1; b; cg. By induction hypothesis, it admits a least upper bound xn 1 _ b _ c. We can use the argument of the base case to the triple fa; xn 1 _ b; xn 1 _ cg. Finally, a _ xn 1 _ b _ c = a _ b _ c. 54 c) Continuity argument: If a is not nite relatively to a ^ b ^ c, consider an arbitrary approximant of a. The triple fa; b; cg is pairwise consistent, so is the triple f ; b; cg, thus _ (b _ c) exists. In the upper section [a^ b^ c) we have: [ 2A(a)( _ (b_ c)) = 0@ [ 2A(a) 1A _ (b_ c) By algebraicity we have S 2A(a) = a and consequently a_b_c exists.2 We return to our central concern, the study of the consequences of property R. Lemma 5.2 Consider two compatible elements x and y in a concrete domain. If [x; x0] is a prime interval included in [x; x _ y], then there exists a prime interval [u; u0] included in [x^ y; y] which is projective with it. Proof: Remark rst that y cannot be less than x because then we would have x_y = x and the prime interval [x; x0] could not be included in [x; x_y]. Now we reason by induction on the length (x ^ y; y) of the maximal chains from x ^ y to y. a) Base case: (x^y; y) = 1, i.e. x^y < y. By property C we have x < x_y. Since we have also x < x0 x _ y we deduce x0 = x _ y. The intervals [x^ y; y] and [x; x0] are transposed. b) Induction step: Assume (x^y; y) = n > 1. Consider an arbitrary element v covered by y. By Lemma 3.1 we have v _ x =< v _ x0. We examine both cases in turn: Case 1: v _ x = v _ x0. We can apply the induction hypothesis because x^ v = x^ y so (x^ v; v) = (x^ y; v) = n 1. Thus there exists an interval [u; u0] included in [x^ y; v] { thus a fortiori in [x^ y; y] { projective with [x; x0]. Case 2: v _ x < v _ x0. Note that this case implies that y is not less than v _ x: we would then have v _ x _ y = x _ y = v _ x and v _ x < v _ x0 x _ y = v _ x which is impossible. Thus (v_x)^y = v and we can use property C and deduce v_x < (v_x)_y = x_y. But v_x < v_x0 x_y 55 hence v _ x0 = x _ y = (v _ x) _ y which means that the following holds: [x; x0] [v _ x; v _ x0] [v; y] This concludes the proof when (x ^ y; y) is nite. x ^ y @ @ @ x x0 x _ y@ @ @ @ y c) Continuity argument: If now y is not nite relative to x ^ y, there exists nevertheless an element d 2 A(y) with x ^ y d and x < x0 x _ d and we can apply the previous results to the elements x,x0, and d. 2 Remark: 1. This proof doesn't use property R. It is included in this Section because we need the Lemma here. 2. In fact, we can prove with a minor adjustment of the induction argument that there exists a prime interval [t; t0] and [x; x0] [t; t0] [u; u0]. Corollary 5.6 In a concrete domain, if [x; x0] is a prime interval included in in the interval [?; a_ b], there exists a prime interval projective with it either in [?; a] or in [?; b]. Proof: Using Lemma 3.1 we obtain a _ x =< a _ x0 and b _ x =< b _ x0. Case 1: a _ x < a _ x0 and b_ x < b_ x0. Then we have [a _ x; a_ x0] [x; x0] [b_ x; b_ x0] thus by Proposition 5.3, since (a_ x) " (b_ x) [a _ x; a _ x0] [a _ b _ x; a_ b_ x0] [b_ x; b_ x0] But there is a contradiction since a _ b = a _ b_ x = a _ b _ x0, making it impossible for the interval [a_ b_ x; a_ b_ x0] to be prime. This case cannot happen. 56 Case 2: a _ x = a _ x0 (the case b _ x = b _ x0 is handled symmetrically). Then the prime interval [x; x0] is included in [x; x_ a]. By the previous Lemma, there exists a prime interval [u; u0] included in [x ^ a; a] (hence a fortiori in [?; a]) with [x; x0] [u; u0]. 2 Lemma 5.3 Consider two projective prime intervals [x; x0] and [z; z0] in a concrete domain. If there exists a prime interval [y; y0] projective with [x; x0] in [?; x], then there exists a prime interval projective with [z; z0] in [?; z]. Proof: The proof proceeds by induction on the length Z of the alternating sequence of transposed prime intervals between [x; x0] and [z; z0]. If Z = 0 the intervals [x; x0] and [z; z0] are identical, so the result is immediate. Assume now Z = n; n > 0. Two cases are possible, depending on the form of the alternating sequence. Case 1: [x; x0] < [x1; x01] > [z; z0]. In that case the interval [y; y0] is also included in [?; x1]. By induction hypothesis, there exists a prime interval [t; t0] in [?; z] with [t; t0] [y; y0] because the alternating sequence from [x1; x01] to [z; z0] is of length n 1. Case 2: [x; x0] > [x1; x01] < [z; z0]. Since x1 and y are compatible, we deduce by Lemma 3.1 x1 _ y =< x1 _ y0, thus two cases are possible. Case 2.1: x1 _ y < x1 _ y0 x1 y X X X X X X x1 _ y y0 x1 _ y0 x01 x \ \ \ \ \ \ \ \ \ \ \ \ \ \ x0 Since x1 and y are both less than x, so is x1 _ y. Therefore x01 is not less than x1 _ y, because otherwise x01 would be less than x and x < x0 = x01 _ x would be impossible. So x1 = (x1 _ y) ^ x01 and by property C: x1 _ y < (x1 _ y) _ x01 = x01 _ y Hence we have [x1_y; x1_y0] [y; y0] [x; x0] [x1; x01] [x1_y; x01_y]. By property b R we conclude x1 _ y0 = x01 _ y. But then x01 x1 _ y0 x, which we have seen is impossible. There is a contradiction, so this case cannot happen. 57 Case 2.2: x1 _ y = x1 _ y0. Then we can use Lemma 5.1. There is a prime interval [u; u0] projective with [y; y0] in [x1 ^ y; x1]. By transitivity [u; u0] [x1; x01]. Using the induction hypothesis, we deduce that there exists a prime interval [t; t0] in [?; z] with [u; u0] [t; t0] and thus [y; y0] [t; t0]. 2 Theorem 5.2 In a concrete domain, if [x; x0] is a prime interval, then the interval [?; x] contains no equipollent prime interval. Proof: A. We prove rst that there cannot be a prime interval [y; y0] in [?; x] with [x; x0] [y; y0]. The proof is by induction on h(x) the height of x. If h(x) = 0 the result is immediate. If h(x) = n > 0, assume some [y; y0] included [?; x] veri ed [y; y0] [x; x0]. By the previous lemma, there exists [t; t0] [y; y0] with [t; t0] included in [?; y]. But h(y) < h(x) so by induction hypothesis this is impossible. Hence the property is proved for any nite x. If now h(x) is in nite, there exists by Proposition 3.1 a prime interval with nite endpoints [ ; 0] with [ ; 0] [y; y0]. In the upper section [ 0) there exists a nite [ ; 0] with [ ; 0] [x; x0]. The prime intervals [ ; 0] and [ ; 0] are now projective intervals with nite endpoints and the reasoning above applies. B. We prove now that there can't be a prime interval equipollent to [x; x0] in [?; x]. Assume such an interval [y; y0] would exist,i.e. [y; y0] [x; x0]. By de nition =' = '. Hence [y; y0] ' [x; x0], which means that there is a prime interval [x; x00] with [y; y0] [x; x00]. This is impossible by the result of part A. 2 In the ve sections above, we have de ned the essential properties that a computation domain should satisfy to be considered plausibly a data domain rather than a functional domain. The mathematical consequences of these properties are consistent with our intuition. But it remains to show that these properties are su cient to characterize truly a notion of concrete computation domain. This is the role of the forthcoming sections that develop a representation theory for concrete domains. 6 The information matrix To start with, we expose the essential facts on which the representation of concrete domains will be based. 58 De nition 6.1 An equivalence class of equipollent prime intervals will be called a cell. Notation: Let [x; x0] be a prime interval. We denote d[x; x0] the equivalence class of [x; x0] under projectivity (the decision associated to [x; x0]) and c[x; x0] the cell associated with [x; x0], i.e. its equivalence class under equipollence. De nition 6.2 If [x; x0] is a prime interval and a dominates x0, we say that a occupies cell c[x; x0] and contains decision d[x; x0]. We note: (a) = fc[x; x0] j x < x0 and x0 ag (a) = fd[x; x0] j x < x0 and x0 ag Proposition 6.1 For any a: (a) = fc[x; x0] j x < x0 and x0 2 A(a)g (a) = fd[x; x0] j x < x0 and x0 2 A(a)g Proof: This result is a simple application of Proposition 3.1. For any prime interval [y; y0] with y0 a, there is a prime interval [x; x0] with nite endpoints such that [x; x0] [y; y0], hence c[x; x0] = c[y; y0] d[x; x0] = d[y; y0] Since y0 a, a fortiori x0 a. As x0 is nite, it is an approximant of a. 2 Proposition 6.2 Consider a consistent subset X in a concrete domain. We have the following equalities: ( (SX) = Sx2X (x) (SX) = Sx2X (x) Proof: First, by coherence, if X is consistent it has a least upper bound SX . Now by de nition of and : ( x y ) (x) (y) x y ) (x) (y) So immediately: ( Sx2X (x) (SX)) Sx2X (x) (SX)) We prove now the converse inequalities by induction on the cardinal of X when X is nite and then by continuity. 59 a) Base Cases: If jX j = 0 then SX = ? and (?) = (?) = ;. If jX j = 1 then X = fxg and SX = x. So obviously (x) (SX) and (x) (SX). b) Induction step: let X = fx1; x2; : : : ; xn 1; xng(n > 1). If X is consistent, so is X 0 = fx1; x2; : : : ; xn 1g. By induction hypothesis: ( Sx2X 0 (x) (SX 0)) Sx2X 0 (x) (SX 0)) Since SX = (SX 0) _ xn, so by Corollary 5.6, any prime interval [x; x0] included in [?;SX ] is projective with a prime interval included either in [?;SX 0] or in [?; xn]. Hence ( (SX) (SX 0) [ (xn) (SX) (SX 0) [ (xn) Using the induction hypothesis we obtain: ( (SX) Sx2X (x) (SX) Sx2X (x) c) Continuity argument: consider an arbitrary prime interval [x; x0] with nite endpoints included in [?;SX ]. Since x0 is nite less than SX and the set obtained by adding to X the least upper bounds of its nite subsets is directed, we can nd a nite subset Y of X whose least upper bound dominates x0. Thus by the previous result: ( c[x; x0] 2 Sy2Y (y) d[x; x0] 2 Sy2Y (y) so we deduce ( (SX) Sx2X (x) (SX) Sx2X (x) 2 In a concrete domain, we have a property that is far stronger than the Jordan-Dedekind condition. Lemma 6.1 Consider an arbitrary element x in a concrete domain and a maximal chain f? = x0; x1; : : : ; xn; : : :g between ? and x. We have the equalities: (x) = fc[xi; xi+1]ji 0g (x) = fd[xi; xi+1]ji 0g 60 Proof: the equalities are proved by induction on h(x). a) Base Cases: if h(x) = 0 then x = ? and (?) = (?) = ;. If h(x)=1, then x is an atom and the property is obvious again. b) Induction step: assume now h(x) = n > 1. Take an arbitrary prime interval [y; y0] in [?; x]. Since y0 and xn 1 are compatible, by Lemma 3.1 we have xn 1 _ y =< xn 1 _ y0 and two cases have to be considered: Case 1: xn 1_y = xn 1_y0. In that case, by Lemma 5.1 there exists a prime interval [z; z0] in [?; xn 1] projective with [y; y0]. Since xn 1 is of height n 1, we can use the induction hypothesis. Hence there exists an interval [xk; xk+1] with k n 2 and [z; z0] [xk; xk+1] i.e. d[z; z0] = d[xk; xk+1] and therefore d[y; y0] 2 fd[xi; xi+1]ji 0g c[y; y0] 2 fc[xi; xi+1]ji 0g Case 2: xn 1 _ y < xn 1 _ y0. In that case the prime interval [xn 1 _ y; xn 1_y0] is included in the prime interval [xn 1; x] which implies xn 1 = xn 1 _ y x = xn 1 _ y0 so [y; y0] [xn 1; x] and here again d[y; y0] 2 fd[xi; xi+1]ji 0g c[y; y0] 2 fc[xi; xi+1]ji 0g c) Continuity argument: If x is not nite, we know nevertheless by proposition 6.1 that (x) = fc[y; y0]j[y; y0] prime and y; y0 2 A(x)g (x) = fd[y; y0]j[y; y0] prime and y; y0 2 A(x)g Consider then a prime interval [y; y0] with nite endpoints. The maximal chain from ? to x is a directed set so there is a nite element xn in the chain such that y0 xn. Using the result of the nite case, we can nd an interval [xi; xi+1](i n 1) projective with [y; y0]. 2 Corollary 6.1 For any x in a concrete domain h(x) = j (x)j = j (x)j. 61 Proof: Assume rst x is nite. By the previous lemma, we know that j (x)j h(x) and j (x)j h(x). But by Theorem 5.1 a maximal chain cannot contain two equipollent prime intervals. So h(x) j (x)j and h(x) j (x)j. Now if x is in nite, using Theorem 5.1 we have j (x)j =1 and j (x)j =1. 2 We prove now a technical result that is much stronger than Proposition 5.4. Proposition 6.3 Consider two projective prime intervals [a; a0] and [b; b0] in a concrete domain. If a and b are compatible we have also: [a; a0] [c; c0] [b; b0] with c = a _ b and c0 = a0 _ b = a _ b0 Proof: First a0 and a_b are compatible. Indeed if we had a0#a_b, there would exist an element t such that a < t a _ b and t#a0. By Lemma 5.1 there would exist an interval [u; u0] in [?; b] with [u; u0] [a; t] thus [u; u0] [a; a0]. But since [a; a0] [b; b0] we deduce [u; u0] [b; b0], which is impossible by Theorem 5.1. Symmetrically we can show b0 " c = a _ b. The same reasoning also shows that a0 and b0 are not less than c. By Property C we deduce c < (a _ b) _ a0 = a0 _ b c < (a _ b) _ b0 = a _ b0 But the prime intervals [a _ b; a0 _ b] and [a _ b; a _ b0] are projective. So by property R we obtain a0 _ b = a _ b0. 2 Corollary 6.2 If [x; x0] and [y; y0] are two equipollent prime intervals included in the same interval [?; z] then they are projective. Proof: From [x; x0] [y; y0] we deduce that there exists a a prime interval [y; y00] such that [x; x0] [y; y00] [y; y0]. But x and y are compatible, so by the previous result [x; x0] [x _ y; x0 _ y] [y; y00]. As x0 _ y is less than z, so is y00. Since y0 is also dominated by z we must have y0 = y00 and therefore [x; x0] [y; y0]. 2 Theorem 6.1 In a concrete domain x y , (x) (y) Proof: By de nition of we have x y ) (x) (y), so we need only to prove the converse implication. We reason by induction on the height of x. 62 a) Base Case: If h(x) = 0 then x = ? and for any y we have x y. b) Induction step: Assume we have (x) (y) ) x y when the height of x is less than n, and assume h(x) = n. Consider an arbitrary maximal chain ? = x0 < x1 < < xn 1 < xn = x from? to x, and assume (x) (y). Since xn 1 x, we have (xn 1) (x) (y). As h(xn 1) = n 1 we can use the induction hypothesis to deduce xn 1 y. Now d[xn 1; xn] belongs to (x) thus to (y) so there exists a prime interval [z; z0] in [?; y] with [xn 1; xn] [z; z0]. Both elements xn 1 and z are less than y so we can use Proposition 6.3: [xn 1; xn] [xn 1 _ z; t] [z; z0] t = xn 1 _ z0 = xn _ z But since both xn 1 and z0 are less than y so is t, therefore xn is less than y. As xn = x we obtain x y. c) Continuity argument: From (x) (y) we deduce 8a 2 A(x) (a) (y) thus by the result of the nite case 8a 2 A(x) a y. By algebraicity x = Sa2A(x) a and therefore x y. 2 De nition 6.3 A prime interval is called minimal if it is minimal for the relation between intervals. De nition 6.4 An element x is join{irreducible i i) x 6= ? ii) x = a _ b) x = a or x = b Proposition 6.4 In a concrete domain, for any prime interval [x; x0] there exists a prime interval [y; y0] less than [x; x0] where y0 is join{irreducible. Proof: By Proposition 3.1 it is su cient to examine the case where [x; x0] has nite endpoints. We reason by induction on h(x0). a) Base Case: h(x0) = 1. The element x0 is an atom thus necessarily join{ irreducible. The result is immediate. 63 b) Induction step: Assume h(x0) = n; n > 1. If x0 is join{irreducible, the property is proved immediately. Otherwise x0 = a _ b together with a < x0 and b < x0. By Corollary 5.6 there exists a prime interval [u; u0] included either in [?; a] or in [?; b] such that [u; u0] [x; x0]. Since both u and x are both less than x0, by Proposition 6.3: [u; u0] [x_ u; x_ u0] [x; x0] Since x _ u0 x0 necessarily x _ u0 = x0 and thus x _ u = x so [u; u0] [x; x0]. But since u0 is either less than a or less than b we have in fact [u; u0] < [x; x0], which implies h(u) < h(x0) and we can apply the induction hypothesis to the prime interval [u; u0]. There exists a prime interval [y; y0] with y0 join-irreducible and [y; y0] [u; u0] and a fortiori [y; y0] [x; x0]. 2 Corollary 6.3 In a concrete domain, a prime interval [x; x0] is minimal i x0 is join{irreducible. Proof: Assume rst that x0 is join{irreducible and consider a prime interval [y; y0] such that [y; y0] [x; x0]. By de nition of we have x0 = x _ y0. Since x0 is join{irreducible and x 6= x0 we must have y0 = x0. Thus y = y0 ^ x = x0 ^ x = x, and [y; y0] = [x; x0]. So [x; x0] is minimal. Conversely, assume that [x; x0] is minimal. By the previous propostion there exists [y; y0] with y0 join{irreducible and [y; y0] [x; x0]. By minimality [y; y0] = [x; x0] so y0 = x0 which proves that x0 is join{irreducible. 2 Proposition 6.5 In a concrete domain, if the prime interval [x; x0] is minimal, then any prime interval [x; x00] such that [x; x00] ' [x; x0] is also minimal. Proof: Consider an arbitrary prime interval [y; y00] such that [y; y00] [x; x00] ' [x; x0] Since ' = ' there exists a y0 such that [y; y00] ' [y; y0] [x; x0] Since [x; x0] is minimal [y; y0] = [x; x0] so y = x. Hence x^y00 = x which implies x y00. Since x00 = x _ y00 we have x00 = y00 and therefore [y; y00] = [x; x00], which proves that [x; x00] is minimal. 264 De nition 6.5 In a concrete domain, consider a decision and a set of decisions . We say that enables i there is a minimal prime interval [x; x0] such that: ( d[x; x0] = (x) = By the previous proposition, if enables it also enables all decisions equipollent to so we can say that enables cell i there exists a minimal prime interval [x; x0] such that:( c[x; x0] = (x) = Remarks: 1. If the interval [x; x0] is minimal, elements x and x0 are nite. Therefore, since j (x)j = h(x), a cell is always enabled by a nite number of decisions. 2. In general, within a given equivalence class of projective prime intervals, there are several distinct minimal intervals. Therefore, several distinct sets of decisions may enable a given cell. The case where any cell is enabled by a single set of decisions is a very important special case that we will consider in section 10. We are now ready to build a whole class of concrete domains, using the notions introduced in this section. De nition 6.6 An information matrix is a quadruple M =< ; V;V ; E > where 1. is a countable set. Its elements will be called cells. 2. V is a countable set. 3. V is a function from to P(V ) that maps any cell c in to the subset V(c) of possible values at c. We simply say that V(c) is the type of c. We call decision a pair < c; v > where c is a cell and v is a possible value at c, i.e. c 2 and v 2 V(c). We note M the set of decisions de ned by ,V , and V, and F( M) the set of nite subsets of M . 65 4. the enabling function E maps to P(F( M)) ;. If a nite set of decisions fd1; d2; : : : ; dng belongs to E(c) we say that fd1; d2; : : : ; dng enables cell c. Notations: Let M =< ; V;V ; E > be an information matrix with set of decision M . If d =< c; v > (c 2 ; v 2 V(c)) is a decision, we say that this decision concerns cell c; if fd1; d2; : : : ; dng is a set of decisions in E(c), we say that this set enables cell c and decision d. This relation is written: d1; d2; : : : ; dn ` d If the empty set enables a cell (resp. a decision) we say that this cell (resp. this decision) is initial. De nition 6.7 Consider an information matrix M and a decision d in M . A nite sequence of decisions d0; d1; d2; : : : ; dn 1; dn = d is a proof of d i for any j with 0 j n there is a subset fdj1 ; dj2 ; : : : ; djkg of fd0; : : : ; dj 1g that enables dj, i.e. dj1 ; dj2 ; : : : ; djk ` dj. De nition 6.8 In an information matrix, a subset of decisions X is connected by another subset Y i any decision in X has a proof included in Y . A subset X that is connected by itself is called connected. Remarks: If X is connected by Y we have X Y . If X is connected by Y , em a fortiori X is connected by any superset of Y . If two sets of decisions are connected, so is their set union. A proof is of course connected. From these last two remarks, we deduce that any nite subset X of a connected set may be included in a nite connected subset: simply include a proof of each element of X . De nition 6.9 In an information matrix M a con guration is a connected set of decisions in which no two distinct decisions concern the same cell. Let M be the set of con gurations of an information matrix M . Any conguration is a subset of M by de nition, so M is naturally ordered by inclusion. Example: Consider the matrix M1 =< 1; V1;V1; E1 > de ned by 1. 1 = fc1; c2; c3g 2. V1 = f>g 66 1 Q Q Q Q 2 3 Q Q Q Q 5 6 4 7 Q Q Q Q Figure 13: M1 3. V1 = c:f>g 4. E1(c1) = E1(c2) = f;g E1(c3) = ffc1g; fc2gg Since V1 contains a single value, the set of decisions is isomorphic to 1 and the set of con gurations M1 comprises the following seven con gurations: 1 = ; 2 = fc1g 3 = fc2g 4 = fc1; c2g 5 = fc1; c3g 6 = fc2; c3g 7 = fc1; c2; c3g The diagram of the partial order < M1 ; > is shown on Figure 13. We have used extensively Hasse diagrams to represent partial orders; in the same manner it is useful to represent in a synthetic manner an information matrix. Such a graphical representation is only feasible when all cells may only contain a single value > (i.e. V = c:f>g). In that case and M are isomorphic and E maps to P(F( )) so that we can use a representation by \and-or" graphs that is familiar in computer science. Each cell in M is represented by a node in the graph and if we have c1; c2; : : : ; cn 1 ` cn the graph of M has n 1 edges ci ! cn and they are drawn connected by an arc (for \and"). For example matrix M1 that we have just seen is represented here: c1 @ @ @I c2 c3 Matrix M2 =< 1; V1;V1; E2 > where E2(c1) = E2(c2) = f;g and E2(c3) = ffc1; c2gg is represented by 67 c1 @ @ @I c2 c3̂ Simple conventions allow representing in nite matrices in this manner (cf. Figure 14). Lemma 6.2 In the partial order < M ; > of the con gurations of an information matrix M ordered by set inclusion, two con gurations 1 and 2 are compatible i the set 1[ 2 is a con guration. Furthermore 1_ 2 = 1[ 2. Proof: First if 1[ 2 is a con guration, since 1 1 [ 2 and 2 1[ 2, we have 1 " 2. Assume conversely 1 " 2, i.e. that there is a con guration with 1 and 2 and consider the set of decisions 1 [ 2. We remarked earlier that since 1 and 2 are connected, so is their union. If in 1 [ 2 two distinct decisions concerned the same cell, then this would also be the case in that includes 1 [ 2. But this is impossible because is a con guration. Thus 1 [ 2 is a con guration. Since any con guration dominating 1 and 2 must contain (hence dominate) 1 [ 2 we have 1 _ 2 = 1 [ 2. 2 Remark: However, the set intersection of two con gurations is not necessarily a con guration because it may not be connected. For example in the matrix M1 considered earlier, we have 5 \ 6 = fc3g and fc3g is not connected. In fact 5 ^ 6 = 1 = ; 6 = 5 \ 6. Lemma 6.3 In the partial order < M ; > con guration 2 covers con guration 1 i there exists a decision d such that 2 = 1 _ [ d. Proof: Assume rst that 1 and 2 are two con gurations such that 2 = 1 _ [ d. Then 1 2 and 1 6= 2. Let be an arbitrary con guration in [ 1; 2], i.e 1 2. Since 1 and 2 di er only by the element d, either doesn't contain d and 1 = or contains d and = 2. Thus we have indeed 1 < 2. Conversely assume 1 < 2. Let d be an arbitrary decision in 2 not in 1. Such a decision exists since 1 and 2 are distinct. Since 2 is connected, there is a proof of d in 2:d0; d1; d2; : : : ; dn 1; dn = d 68 (a) @ @ @I (b) @ @ @ @ @ @I 6 6 @ @ @ @ @ @I ^ ^ ^ (c) HHHHHHHj + QQQQs @@@R AAAU @@@R AAAU QQQQs + AAA AAA AAA AAA AAA AAA AAA AAA (d) 666 Figure 14: Example information matrices 69 Consider the rst decision dj in this proof that does not belong to 1. The set 1 _ [ fdjg is connected since dj has a proof entirely contained in it. Now 1 _ [ fdjg 2 and 1 6= 1 _ [ fdjg. So since 2 covers 1 we must have 1 _ [ fdjg = 2. 2 Theorem 6.2 For any information matrix M the partial order < M ; > is a concrete domain. Proof: Part 1: < M ; > is a computation domain. 1. < M ; > is coherent. Let X be a consistent set of con gurations and consider the set of decisions obtained in taking all decisions of all elements of X . This set is connected because it is a union of connected sets. Suppose two decisions in would concern the same cell. These two decisions could not be included in the same element of X , because X contains only con gurations. But they cannot come from two distinct elements x1 and x2 of X , otherwise x1 [ x2 would not be a con guration, contradicting the hypothesis x1 " x2 by Lemma 6.2. Thus is a con guration. It is the smallest con guration that dominates all elements of X , so = SX . 2. < M ; > is !{algebraic. Let us show that the nite con gurations are exactly the isolated elements in < M ; >. First we show that nite con gurations are isolated. Let X be a directed set of con gurations and a nite set of decisions such that SX . We reason by induction on the size (cardinal) of . In the base case, if j j = 0 then = ; and for any x in X , x. If now j j = n(n > 0) then choose an arbitrary decision d in and take = 0 _ [fdg. Since j 0j < n by the induction hypothesis there exists x1 in X such that 0 x1. Now there must exists a con guration x2 in X that contains decision d, otherwise it wouldn't be a decision of SX , which would contradict SX . Since X is directed, there is x in X with x1 x and x2 x, so x. Consider now an arbitrary con guration x. If a is a nite subset of x, we have seen that a may be included in a nite connected subset a of x, which is then a con guration. As X is the union of all its nite parts, we have x = [faja 2 F(x)g. On the right hand side of this equation is a directed set of con gurations, so we have also: x =[faja 2 F(x)g 70 So if x is isolated, there exists a nite subset a of x with x a and therefore, since a x, a = x, proving that x is a nite con guration. We have proved that the nite elements of < M ; > are exactly the nite con gurations. As there are only denumerably many nite subsets in a denumerable set, we conclude that < M ; > is !{ algebraic. This terminates the rst part. Part 2: < M ; > is a concrete domain. We check in turn that < M ; > has properties I,C, Q, and R. 1. Property I. The set of nite con gurations is trivially an ideal of < M ; >. As there are only nitely many subsets of a nite set, a fortiori there are only nitely many con gurations included in a nite con guration. So the ideal is well founded. 2. Property C. Let 1 and 2 be two compatible nite con gurations such that 1^ 2 < 1. By Lemma 6.3 we have 1 = 1^ 2 _ [ fdg. By Lemma 6.2, if 1 " 2 then 1 _ 2 = 1 [ 2, so: 1 _ 2 = 1 ^ 2 [ fdg [ 2 = 2 [ fdg If element d belonged to 2, we would have 1_ 2 = 2 thus 1 2 and 1 ^ 2 = 1 which contradicts the hypothesis. Therefore: 1 _ 2 = 2 _ [fdg and by Lemma 3.2 again 2 < 1 _ 2. 3. Property Q. If two con gurations 1 and 2 are incompatible, the set 1 [ 2 is not a con guration by Lemma 6.2. Since 1 [ 2 is connected, there must exist two distinct decisions d1 and d2, with d1 2 1 and d2 2 2 concerning the same cell. Consider two incompatible and nite con gurations 1 and 2 with 1^ 2 < 1. Let d1 =< c; x > and d2 =< c; y > (x 6= y). Since 1 ^ 2 is less than 1 and 2, it cannot contain a decision concerning cell c. Thus 1 = 1 ^ 2 _ [ fd1g. The decision d1 has a proof fd00; d01; : : : ; d0n = d1g. Without loss of generality we can assume this proof has no earlier occurrence of d1, i.e. the elements d0i (0 i n 1) are all in 1 ^ 2. Since d1 and d2 concern the same cell, we have: d00; d01; : : : ; d0n 1 ` d2 71 hence the set = 1 ^ 2 _ [ fd2g is connected, and since d2 is the only decision concerning c, it is a con guration. We have now 1 ^ 2 < 2 and 1# , so Property QE is satis ed. Consider now three con gurations 1, 2, and 3 covering i.e. 1 = _ [ fd1g 2 = _ [ fd2g 3 = _ [ fd3g If 1R 2 and 2R 3 we must have d1 =< c; v1 >, d2 =< c; v2 >, and d3 =< c; v3 >. If v3 = v1 then 1 = 3 and if v3 6= v1 then 1# 3. So property QU is satis ed as well. 4. Property R. We will prove that if two prime intervals [ 1; 0 1] and [ 2; 0 2] there exists a decision d with 0 1 = 1 _ [ fdg and 0 2 = 2 _ [ fdg. In fact, since projectivity is the transitive closure of transposition, it is su cient to prove this property when [ 1; 0 1]T [ 2; 0 2]. If [ 1; 0 1] [ 2; 0 2] we have seen in part 2 of this proof that 0 2 = 0 1_ 2 = 2 _ [ fdg. If [ 1; 0 1] [ 2; 0 2] assume 0 2 = 2 _ [ fd0g and 0 1 = 1 _ [ fdg. By de nition, 0 1 = 0 2 _ 1 = ( 2 _ [fd0g) [ 1. But we know that 2 1, so 0 1 = 1 _ [ fd0g = 1 _ [ fdg. Hence d = d0 and 0 2 = 2 _ [ fdg. Now if [ ; 0] and [ ; 00] are projective, we must have 0 = _ [ fdg and 00 = _ [ fdg, hence = 0 which proves property R. 2 Remark: In < M ; >, the height h( ) of a con guration is simply j j if is nite, and in nite otherwise. From the set theoretic equality: jAj+ jBj = jA \Bj + jA [Bj we deduce, since 1 ^ 2 1 \ 2: h( 1) + h( 2) h( 1 ^ 2) + h( 1 _ 2) an inequality that we have already proved. It is clear here that there will be a strict inequality whenever 1 ^ 2 6= 1 \ 2. 7 The representation Theorem The theorem that we are going to prove now is a representation theorem that plays a role similar to the two classical representation theorems of Lattice Theory([Bir67]): 72 1. every boolean lattice is isomorphic to a eld of sets 2. every distributive lattice is isomorphic to a ring of sets Here, given an arbitrary concrete domain, we will construct an information matrix whose space of con gurations, which is a concrete domain by the result of the previous section, is isomorphic to the concrete domain that we started with. Theorem 7.1 Every concrete domain is isomorphic to the set of con gurations of an information matrix. Proof: Consider an arbitrary concrete domain D. Part 1: Construction of the information matrix. We build an information matrix M =< ; V;V ; E > in the manner that is implicit in our terminology. i) is the set of cells (equivalence classes under equipollence) of D (cf. Definition 6.1). Since the cardinality of this set is less than the cardinality of the set of isolated elements in D, the set is countable. ii) V is the set of decisions of D (equivalence classes under projectivity), which is countable for the same reason. iii) If c is a cell in D, it is the union of equivalence classes under projectivity, so we take V(c) to be the set of projectivity classes in c. Thus if c1 and c2 are two distinct cells in D, the sets V(c1) and V(c2) are disjoint sets. Therefore the set M of decisions of M is isomorphic to V . In other words, all cells in M have a distinct type. iv) Function E is the function that maps any cell c to the set of nite parts of M (i.e. of V ) that enable c (cf. De nition 6.5). The set of con gurations of the matrix M built in this manner is a concrete domain by Theorem 6.2. Part 2: The injection from D to < M ; >. Any element x in D de nes the set (x) of the decisions that it contains (cf. De nition 6.2). The set (x) is a subset of V in one-one correspondence with a subset (x) of M . We prove by induction on h(x) that (x) is a con guration of M . a) Base case: If h(x) = 0 then x = ? and (x) = (x) = ;. The empty set is a con guration. 73 b) Induction step: Assume h(x) = n (n > 0). Two cases are to be considered: Case 1: x is not join{irreducible. Then x = a_b with a < x and b < x, thus h(a) < n and h(b) < n. By induction hypothesis (a) and (b) are con gurations. Since (x) = (a) [ (b) by Proposition 6.2, we have also (x) = (a) [ (b). Thus (x) is a connected set of decisions. By Corollary 5.2, if two prime intervals dominated respectively by a and b are equipollent they are projective, therefore (a)[ (b) does not contain two distinct decisions in M concerning the same cell. Hence (x) is a con guration of M . Case 2: x is join{irreducible. If the element x is join{irreducible it has a (unique) predecessor x and h( x) = n 1. By induction hypothesis ( x) is a con guration. By de nition, in D the set ( x) enables cell [ x; x], so the set ( x)[ d[ x; x] is connected in M . Furthermore it is a con guration by Theorem 5.1. Since x is a predecessor of x, we have (x) = ( x) [ d[ x; x] so (x) is a con guration. c) Continuity argument: If x is in nite (x) = S 2A(x) ( ) by Proposition 6.2. Thus (x) = S 2A(x) ( ). Since for any nite the set ( ) is a con guration, the set (x) is connected. By Corollary 6.2 we obtain that (x) is a con guration. Now x y implies (x) (y), i.e. (x) (y). Function is monotonic. By Theorem 6.1, if (x) = (y) we have x = y. Hence is a monotonic injection. Part 3: Function is onto. Since M is a concrete domain, we reason naturally by induction on the size of an element in M , i.e. on j j. a) Base case: If j j = 0 then is the empty con guration. It is the case that (?D) is the empty con guration. b) Induction step: Assume that any con guration in M of cardinality less than n(n > 0) is the image by of some element in D anc consider a con guration with j j = n. Two cases are to be considered: Case 1: is not join{irreducible in M . Then = 1 _ 2, with j 1j < n and j 2j < n. By induction hypothesis, there are two elements x1 and x2 in D with 1 = (x1) and 2 = (x2). The elements x1 and x2 are compatible, because otherwise, by Proposition 4.4 we could nd two 74 equipollent non projective prime intervals [ 1; 0 1] and [ 2; xi02] in [?; x1] and [?; x2] respectively. But then would contain two distinct decisions d[ 1; 0 1] and d[ 2; xi02] concerning the same cell, which is impossible. So the element x1 _ x2 exists in D and (x1 _ x2) = (x1) [ (x2) = (x1) _ (x2) = . Case 2: is join{irreducible in M . Let  be the unique predecessor of . Since j j = j j 1 there exists an element x in D such that ( x) = by induction hypothesis. Since covers , there is a decision d with =  _ [d and d has a proof _ [d with . Given the way we have constructed E , there exists therefore in D a minimal prime interval [ ; 0] with d[ ; 0] = d and ( ) . Since ( )  = ( x) we conclude x by Theorem 6.1. Since  _ [ d is a con guration, there is no prime interval in ( x) in the equipollence class of [ ; 0]. Hence 0 is compatible with x and is not less than x. Take now x = x _ 0. Then (x) = ( x) [ ( 0) and (x) = ( x) [ [ d = ( x) _ [d =  _ [d = and consequently (x) = . c) Continuity argument: Assume now that is an in nite con guration. Since M is algebraic, we have = Sf j 2 A( )g. Any con guration in A( ) is nite, so it is the image of some inD. The inverse image ofA( ) by is a directed set. Let now x be de ned by x = Sf j ( ) 2 A( )g. By Proposition 6.2 we obtain (x) = Sf j 2 A( )g and therefore (x) = . Theorem 6.1 can now be rewritten in the following manner: x y () (x) (y) which concludes the proof of the isomorphism between D and < M ; >.2 Examples: We show now on a few simple examples how one obtains an information matrix that represents a concrete domain. Example 1: The diagram of Figure 15 (a) has three equivalence classes of prime intervals for equipollence, so we build three cells. The join{irreducible elements are underlined: a; a0; c; c0. Since (?) = f;g, cells A and B (corresponding to equipollence classes f[?; a]; [c; b]; [c0; b0]g and f[?; c]; [a; b]; [a0; b0]g respectively) are initial. The domain is a lattice, so each cell can only have one possible value (no incompatibility may arise). Finally cell C, which represents 75 (a) ? Q Q Q Q a c Q Q Q Q a0 c0 b b 0 Q Q Q Q (b) A @ @ @I B C Figure 15: Example 1 equipollence class f[a; a0]; [b; b0]; [c; c0]g is enabled either by (a) or by (c). In other words, C is enabled by any decision on A or on B. It is easy to verify that the set of con gurations of the information matrix on Figure 15 (b) is isomorphic to the partial order on Figure 15 (a) with for example the following correspondence: domain element Con guration ? ; a f< A;> >g c f< B;> >g b f< A;> >;< B;> >g a0 f< A;> >;< C;> >g c0 f< B;> >;< C;> >g b0 f< A;> >;< B;> >;< C;> >g Example 2: The diagram of Figure 16 (a) has two equipollence classes, so we build two cells A and B (A = f[?; a]; [b0; a0]; [?; c]; [b0; c0]g andB = f[a; a0]; [?; b0]; [c; c0]g). As the three join{irreducible elements are atoms, both cells are initial. Finally, cell A contains two equivalence classes of projective prime intervals, and so it may take two distinct values. To double{check, we ll out the correspondence table: 76 (a) ? Q Q Q Q a c a0 c0 b0 Q Q Q Q (b) 0; 1 A 0 B Figure 16: Example 2 (a) ? A A A a b e f g c d h i j @ @ @ A A A H H H H H H A A A H H H (b) A B C D ? 6 6 6 Figure 17: Example 3 domain element Con guration ? ; a f< A; 0 >g c f< A; 1 >g b0 f< B; 0 >g a0 f< A; 0 >;< B; 0 >g c0 f< A; 1 >;< B; 0 >g Remark: The domain on Figure 16 (a) is the cartesian product T O. Note that O is represented by a single cell that may take only a single value, and T is represented by a single cell that may take two values. We will see in the next section that the cartesian product of two concrete domains is represented by the juxtaposition of their representations. Example 3: Here again, the diagram of Figure 17 (a) is a lattice, thus all cells in its representation as an information matrix may take only one value. 77 ? H H H H H H H H H H H H H H H a b c H H H d e f H H H H H H H H H H H H H H H Figure 18: Example 4 There are four cells:A = f[?; a]; [b; e]; [d; g]; [i; j]g B = f[?; b]; [a; e]; [c; f ]; [h; j]g C = f[a; c]; [e; f ]; [g; j]; [d; i]g D = f[b; d]; [e; g]; [f; j]; [c; h]g and six join{irreducible elements: a; b; c; d; h; i. Hence cells A and B are initial, and sets fA;Cg and fBg enable cell D; as well sets fB;Dg and fAg enable cell C. We notice here that the representation theorem doesn't yield a \minimal" representation since the matrix on Fig. 17 (b) is equivalent, i.e. gives rise to the same con gurations, but includes less constraints than the one we have built. In view of the symmetry, we give only half of the correspondence between the domain and the con gurations of the information matrix. domain element Con guration ? ; a f< A;> >g e f< A;> >;< B;> >g c f< A;> >;< C;> >g f f< A;> >;< B;> >;< C;> >g h f< A;> >;< C;> >;< D;> >g j f< A;> >;< B;> >;< C;> >;< D;> >g Remark: Cell C enables cell D and conversely. This \loop" cannot be eliminated. Example 4: 78 The lattice on Figure 18 is the free distributive lattice with three generators. Any nite distributive lattice has property RT and therefore is automatically a concrete domain. The lattice has six equivalence classes of projective prime intervals and each class contains a single minimal interval. We will see later that this fact is general in presence of distributivity. The diagram of the representation is on Figure 14 (b). For the moment, we do not give examples of in nite domains, beyond the well{known domain of in nite sequences. We must rst examine a number of basic operations that allow one to construct concrete domains. 8 Basic Operations In this section and in the next one, we study certain operations that allow one to construct complex concrete domains starting from simpler ones. For example, we have seen that the cartesian product of two computation domains is a computation domain. Similarly: Proposition 8.1 The cartesian product of two concrete domains is a concrete domain Proof: If D and E are two concrete domains, their cartesian product is ordered componentwise: < x; y > D E< x0; y0 >, x D x0 and y E y0 The isolated points in D E are pairs of the form < d; e > where d 2 A(D) and e 2 A(E). One checks immediately that the covering and incompatiblity relations are given by ( < d; e > << d0; e0 > , (d # < d0; e0 > , (d#Dd0) or (e#Ee0) We can now verify that D E has all the properties of a concrete domain. 1. Property I: Consider two isolated elements < d; e > and < d0; e0 > in D E. Any element < x; y > in the interval [< d; e >;< d0; e0 >] satis es: ( d x d0 e y e0 There are only nitely many such pairs by Property I in D and E, and a fortiori all chains in this interval are nite. 79 2. Property C: Upper and lower bounds in D E are taken componentwise. Assume then we have < x; x0 >"< y; y0 > and < x ^ y; x0 ^ y0 > << x; x0 >. Two cases are to be considered: Case 1. x = x ^ y and x0 ^ y0 < x0. Then by C in E, y0 < x0 _ y0 and of course x _ y = y. Hence < y; y0 > << x _ y; x0 _ y0 >=< x; x0 > _ < y; y0 >. Case 2. x0 = x0 ^ y0 and x ^ y < x. Property C in D yields similarly < y; y0 > << x; x0 > _ < y; y0 >. So D E has property C. 3. Property Q: Let < x; x0 > and < y; y0 > be two incompatible elements in D E such that < x ^ y; x0 ^ y0 > << x; x0 >. We have either x#y or x0#y0 and these conditions are not mutually exclusive. Two (symmetric) cases are possible: Case 1. x ^ y = x. Then x and y are comparable and therefore x0#y0; since x0 ^ y0 < x0, by Property Q in E there exists an element t0 such that x0 ^ y0 < t0 y0 and x0#t0. Thus ( < x ^ y; x0 ^ y0 > << x; t0 > < y; y0 > < x; x0 > # < x; t0 > so Property QE is established in this case. Since Property QU is valid in E, there cannot exist an element t00 distinct from t0 with ( < x ^ y; x0 ^ y0 > << x; t00 > < y; y0 > < x; x0 > # < x; t00 > Furthermore, any element of the form < u; x0 ^ y0 > with x ^ y = x < u is compatible with < x; x0 >. Thus Property QU is valid in this case. Case 2. x0 ^ y0 = x0. This case is treated symmetrically. Property Q is therefore established in D E. 4. Property R: To establish Property R, we must have closer look at the prime intervals inD E and the transposition relation. First, the interval [< d; e >;< d0; e0 >] is prime i 80 Either [d; d0] is prime and e = e0 Or [e; e0] is prime and d = d0 Take two intervals [< d1; e1 >;< d01; e01 >] and [< d2; e2 >;< d02; e02 >]. If [< d1; e1 >;< d01; e01 >] [< d2; e2 >;< d02; e02 >] then ( d1 = d01 ^ d2 and e1 = e01 ^ e2 d02 = d01 _ d2 and e02 = e01 _ e2 If [d1; d01] is prime and e1 = e01 then ( [d1; d01] [d2; d02] e1 = e01 = e2 = e02 If [e1; e01] is prime and d1 = d01 then ( [e1; e01] [e2; e02] d1 = d01 = d2 = d02 By symmetry and transitivity we obtain that if [< d1; e1 >;< d01; e01 >] [< d2; e2 >;< d02; e02 >] ( Either [d1; d01] [d2; d02] and e1 = e01 = e2 = e02 Or [e1; e01] [e2; e02] and d1 = d01 = d2 = d02 where both cases are mutually exclusive. Assume now that we have [< d; e >;< d0; e0 >] [< d; e >;< d00; e00 >]. 1. either [d; d0] D [d; d00], and by Property R, d0 = d00. Since e = e0 = e00 we have indeed < d0; e0 >=< d00; e00 > 2. or [e; e0] E [e; e00] and by Property R, e0 = e00. Since d = d0 = d00 we have also < d0; e0 >=< d00; e00 >. Property R is therefore valid in D E. 2 Remark: To prove that a computation domain is concrete we have two strategies. Either we examine in turn, as we just did, the properties that must be veri ed. Or we make use of the representation theorem, i.e. we produce an information matrix whose set of con gurations is isomorphic to the domain in question. These two strategies have their own advantages and we will illustrate this in the sequel. 81 De nition 8.1 Consider two information matrices M 0 =< 0; V 0;V 0; E 0 > and M 00 =< 00; V 00;V 00; E 00 > whose sets of cells are disjoint. The juxtaposition of M 0 and M 00 is the information matrix < ; V;V ; E > de ned as follows: 8>>>><>>>>: = 0 _ [ 00 V = V 0 [ V 00 8c 2 0 V(c) = V 0(c) 8c 2 00 V(c) = V 00(c) 8c 2 0 E(c) = E 0(c) 8c 2 00 E(c) = E 00(c) Proposition 8.2 If M 0 and M 00 are two information matrices and M is their juxtaposition, then < M ; >=< M 0 ; > < M 00 ; >. Proof: Consider an arbitrary con guration of M . Since the set of cells of M is the disjoint union of the sets of cells of M 0 and M 00, con guration is the disjoint union of two sets of decisions 0 and 00 concerning respectively cells in M 0 and in M 00. The sets 0 and 00 are connected by de nition of the accessibility relation in M . As connected subsets of a con guration 0 and 00 are con gurations ofM in in trivial correspondence with con gurations ofM 0 andM 00. So to any element in M we can associate an element in M 0 M 00 . Conversely, by de nition of the juxtaposition of two matrices, to any element in M 0 M 00 we can associate a con guration in M . Finally: 1 M 2 , ( 0 1 M 0 0 2) and ( 00 1 M 00 00 2) hence the one-one mapping between M and M 0 M 00 is order preserving. Thus the domains M and M 0 M 00 are isomorphic. 2 From the proposition above, we deduce a quick proof that the the cartesian product of two concrete domains is concrete. If D0 and D00 are two concrete domains, represented respectively by matrices M 0 and M 00, the set of con gurations of the juxtaposition of M 0 and M 00 is isomorphic to D0 D00. Hence D0 D00 is a concrete domain. The reasoning can be extended to a countable number of information matrices, so we obtain as well: Corollary 8.1 The cartesian product of a countable domain of concrete domains is concrete. Example: Domain T on Figure 19 (a) is associated to the matrix represented on Figure 19 (b), and T! , the universal computation domain of Plotkin ([Plo78]) is associated to the matrix of Figure 19 (c). Hence T! is a concrete domain. Similarly N! ?, the domain underlying the language LUCID ([AW77]) is a concrete domain. 82 (a) ? A A A 0 1 (b) 0; 1 (c) 0; 1 0; 1 0; 1 0; 1 0; 1 q q q Figure 19: T and T! ? P P P P h h h h h h h h h ((((((((( q q q ?3D3 C C C C C ?2D2 C C C C C ?1D1 C C C C C ?4 D4 C C C C C Figure 20: Separated sum De nition 8.2 Consider f< Di; i>gi2I a countable family of partial orders whose domains are disjoint. The separated sum of this family is the partial order de ned by i) D = f?g _ [Si2DiDi ii) x y , x = ? or 9i 2 I x i y (The element ? is not in any of the sets Di). Proposition 8.3 The separated sum of countably many concrete domains is concrete. Proof: It is immediate that the separated sum of a countable number of computation domains is a computation domain whose isolated elements are those of the component domains plus the new element ?. Property I is valid as soon as it is valid in the component domains. Property C carries because no new pair of compatible and incomparable elements has been created. The only pairs < x; y > with x#y and x ^ y < x that have appeared in the 83 separated sum are of the form < ?i; dj > with i 6= j and dj 2 Dj , since in that case ?i ^ dj = ?. But then ?j is the unique element such that ?i#?j ;? < ?j dj. Hence the separated sum D has property Q. Property R remains valid because the only prime intervals that have appeared in D are of the form [?;?j] and they are alone in their projectivity class. 2 The separated sum of a family of concrete domains f< Di; i>gi2I contains only one new cell that is the equipollence class of the prime intervals of the form [?;?i](i 2 I). This cell is enabled by the empty set. This remark leads into the following de nition. De nition 8.3 Consider a nite or countable set of information matrices with disjoint sets of cells fMigi2I . The sum of this family of matrices is the matrix M de ned by: i) = ( _ Si2I i) _ [f g ii) V = (Si2I Vi)[fIg iii) V( ) = I and 8c 2 i V(c) = Vi(c) iv) E( ) = f;g and 8c 2 i E(c) = fe _ [f< ; i >gje 2 Ei(c)g Proposition 8.4 The set of con gurations of the sum of a countable family of information matrices is isomorphic to the separated sum of the sets of con gurations of this family. concrete. Proof: Consider a countable set of information matrices with disjoint sets of cells fMigi2I and their sum M . A non empty con guration of M contains necessarily one and only one decisions of the form < ; i >. Thus all other decisions in are decisions in Mi and they form a con guration in Mi . Thus there is an injection of M in the separated sum ( Mi)i2I . Conversely it is trivial to associate a con guration of M to any element in the separated sum. Thus there is a one-one mapping that preserves order, so it is an isomorphism. 2Remark: The choice of a separated sum of concrete domains is not arbitrary. Indeed, the coalesced sum of two concrete domains is not necessarily a concrete domains; nor is the skew sum where one of the minimal elements is taken to be the minimal element of the result. The gure below illustrates the fact that property Q may fail in both cases. Domain Q is either the coalesced sum of O2 and O, or the skew sum of O2 and ?. But Q doesn't have property Q. 84 O2 J J J J J J J J O ? Q J J J J J J J J Remark: Domain ? may be represented by the information matrix with no cells. Domain N? is the separated sum of a countable number of copies of ?. Hence N? may be represented by a unique cell that can take an arbitrary integer as value. De nition 8.4 In a coherent partial order < D; > a coherent ideal is a non-empty subset J of D such that: i) 8x 2 J; 8y 2 D y x =) y 2 J ii) 8X J X consistent=) SX 2 J Remark: Since two compatible elements form a consistent set, this de nition is a generalization of De nition 2.1. Proposition 8.5 In a concrete domain < D; >, any coherent ideal J is a concrete sub{domain. Proof: By de nition < J ; > is coherent. If d is an isolated element in D belonging to J , then d is certainly isolated in J . Conversely, by algebraicity of D, for any d in J we have d = SA(d). But all elements in A(d) belong to J since they are less than d. Hence if d is isolated in J it is also isolated in D. Thus the isolated elements in J are exactly the isolated elements of D belonging to J . So < J ; > is a sub{domain of < D; >. Lets us show now that J is concrete. Property I: Since A(J) = A(D) \ J it is immediate that A(J) is a wellfounded ideal of J . Property C: If x and y are compatible elements in J , then x ^ y 2 J and x _ y 2 J . Since Property C holds in D it is valid in J . Property Q: If x and y are incompatible elements in J , the whole interval [x^y; y] is contained in J . Thus the validity of Q in D implies its validity in J . 85 Property R: If R were not valid in J , it would not be valid in D. Hence R is satis ed. 2 Before exhibiting the representation of coherent ideals, we note an interesting result whose validity relies on the entire property R. Lemma 8.1 In a concrete domain, the coherent ideal generated by a nite set of nite elements is nite. Proof: Let X be a nite set of nite elements in a concrete domain D. Take = [f (x)jx 2 Xg. The set is nite. Let J be the coherent ideal generated by X , i.e. the intersection of all coherent ideals containing X . Consider the set K = fzj (z) g. This set K contains X and it is a coherent ideal: 1. If x 2 X then (x) , thus x 2 K 2. If x y and y 2 K, we have (x) (y) , thus x 2 K 3. If Y is a consistent subset of D such that 8y 2 Y (y) , then by proposition 6.2 ([Y ) = [ y2Y (y) thus K is coherent. Therefore J K and 8z 2 J (z) . By Theorem 6.1 z1 6= z2 =) (z1) 6= (z2) thus jJ j jP( )j. Since is nite, so is P( ). Hence J is nite. 2 Remark: It is easy to generalize the example of Figure 12 to show that the property above is not a consequence of RT alone. De nition 8.5 Let M =< ; V;V ;E > be an information matrix and X be an arbitrary subset of M . Take X = SX. The restriction MX of M to X is the information matrix < 0; V 0;V 0; E 0 > de ned as follows: i) 0 = fcj < c; v >2 Xg ii) V 0 = fvj < c; v >2 Xg iii) v 2 V 0(c) i < c; v >2 X iv) A set of decisions in MX enables c i 2 E(c) 86 Remark that two restrictions MX and MY are distinct i X and Y are distinct. The restrictions of a given information matrix are naturally ordered by inclusion and we have: Lemma 8.2 Let M be an information matrix. The set of restrictions of M ordered by inclusion is isomorphic to the set of coherent ideals of M . Proof: 1. Consider an arbitrary subset X of M and the restriction MX of M to X . Let be the function that, for any X , maps MX to MX . We show rst that MX is a coherent ideal of M . i) A con guration of MX is also a con guration of M . If 0 is an arbitrary con guration of M such that 0 , then 0 is certainly a con guration of MX . ii) Let S be a consistent set of con gurations of MX . The set [ 2S is also a con guration of MX . But by Lemma 6.2, in M SS = [ 2S . Therefore SS 2 MX , which proves that MX is a coherent ideal of M . Function is trivially monotonic. We show that it is an injection. COnsider two distinct restriction MX and MY of M . By the remark above we have X 6= Y . Hence there exists a con guration in Y such that not all of its decisions are in X . This con guration is an element of MY that is not in MX . 2. Conversely let J be a coherent ideal of M , and consider the restriction MJ . By Part 1, the set MJ is a coherent ideal of M that contains J . If we had J 6= MJ , there would be a decision in MJ that is not in J . But by De nition 8.5 this is impossible. So J = MJ and is onto. 2 In a computation domain, the dual concept of an ideal is that of an upper section. Recall that any upper section in a concrete domain is a concrete domain. Upper sections have naturally the dual interpretation of that of ideals. De nition 8.6 Let M =< ; V;V ; E > be an information matrix and be an arbitrary con guration of M . Take O = fc j < c; v >2 g. The extension M of in M is the information matrix < 0; V 0;V 0; E 0 > de ned as follows: i) 0 = nO 87 ii) V 0 = V iii) V 0 is the restriction of V to 0 iv) If a set of decisions in M enables c in 0 then n enables c in M ; conversely if 0 enables c in M then it must be the case that 0 [ enables c in M . Lemma 8.3 Let M be an information matrix. The set of extensions M of the con gurations of M is isomorphic to the set of upper sections M . Proof: A set of decisions in M is a con guration of M i [ is a con guration of M . 2 De nition 8.7 In a partial order < D; >, a subset X of D is convex i whenever it contains x and y with x y, it contains all elements in the interval [x; y]. In a computation domain D, a sub-domain H has a minimum element ?H . If H is convex, then H is a coherent ideal of [?H). Hence any convex sub{ domain of a concrete domain is concrete. A convex sub{domain is naturally interpreted as the restriction of the extension of some con guration. De nition 8.8 In a computation domain D, an open set is an arbitrary union of upper sections of nite elements. Remarks: 1. The family F of subsets of D de ned in this way has the following properties: (O1) D 2 F since D = [?) (O2) Arbitrary union of elements of F are also elements of F (O3) Finite intersections of elements of F are also elements of F by Proposition 1.4. Therefore the family F constitues a family of open sets in the usual sense, which justi es our terminology. Note that the upper sections of nite elements form a basis for this topology, and the the upper sections of the join{irreducible elements are a sub{basis, i.e. that any element of the basis is obtained by nite intersection of the elements of the sub{basis (using Corollary 5.5). 88 F1 @ @ @ @ @ @ @ @ @ @@@ F2 @ @ @ @ @ @ @ @ @ @@@ F3 @ @ @ @ @ @ @@@ F4 @ @ @ @ @ @@@@ F5 @ @ @ @ @ @ Figure 21: Fi = O2 Oi _ O 2. A subset ofD is an open set i it is the inverse image of> by a continuous function from D to O. Indeed, rst if f is a continuous function from D to O it is the lub of a family of step functions d;> with d isolated in D. But 1 d;>(>) = [d), hence f 1(>) is an open set. Conversely if O is an open set, the function f de ned by ( f(x) = > if x 2 O f(x) = ? otherwise is monotonic and continuous. De nition 8.9 Consider two computation domains < D; D> and < E; E >, and an open set O in D. The graft of E on D at O, noted D O _ E, is the partial order < F ; > de ned as follows: i) F = f< d; e > j d 2 D; e 2 E and d 2 O or e = ?g ii) is the partial order induced by D E on F . Example: Take D = O2 and E = O. The open sets in O2 are the sets Oi(0 i 5) de ned by: O1 = [?) O2 = [0) O3 = [1) O4 = [0)[ [1) O5 = [>) and the grafts of E on D at Oi are the Fi whose diagram is shown on Figure 21. Proposition 8.6 If D and E are concrete domains, any graft F of E on D is a concrete domain, and D is isomorphic to a coherent ideal of F . 89 Proof: Consider an arbitrary open set O in D and take F = D O _ E. The set F is a subset of D E. If two elements in F are compatible, they are compatible in D E. Conversely, if two elements < d1; e1 > and < d2; e2 > of F are compatible in D E, they have a lub < d1 _ d2; e1_ e2 >. Two cases may occur: i) Either d1 or d2 is in O. Then d1 _ d2 2 O and < d1 _ d2; e1_2 >2 F . ii) Or neither d1 nor d2 are in O. Then e1 = e2 = ?E so e1 _ e2 = ?E and < d1 _ d2; e1_2 >2 F . Therefore two elements in F are compatible i they are compatible in D E, and the least upper bounds in F are those in D E. It follows immediately that F is coherent. We show now that F is !-algebraic. If x is an isolated element in D E belonging to F , it is obviously isolated in F . Furthermore, any element < x; y > in F is the lub of its approximants in D E by algebraicity of D E. Consider an approximant < d; e > of < x; y > that is in D E but not in F . Then d 62 O and e 6= ?E . Hence y 6= ?E and therefore x 2 O Since the characteristic function of O is continuous, there exists c in A(x)\O such that d c x. Now < d; e > is less than < c; e > which is an isolated element in F . Thus < x; y >= Sf< d; e > j < d; e >2 A(D E) \ Fg. It follows that F is !-algebraic. Property I is trivially inherited from D E. Before checking further properties, remark that < d; e > implies < d; e > . Indeed two cases may occur: Case 1: d 2 O. Then < d; e > ()< d; e > . Case 2: d 62 O. Then e = ? and < d; e > implies d "< d0; e0 > and < d; e > ^F < d0; e0 > we must have < d; e > ^F < d0; e0 > . By Property C in D E we have < d0; e0 > and therefore < d0; e0 > which proves property C. Similarly if < d; e > # < d0; e0 > and < d; e > ^F < d0; e0 > then < d; e > ^F < d0; e0 >=< d^d0; e^e0 > and by Property Q in D E there exists a unique < t; t0 > such that < d^ d0; e^ e0 > < d0; e0 > and < d; e > #t; t0 >. Two cases may occur: 90 Case 1: d ^ d0 2 O. Then < t; t0 >2 F . Case 2: d ^ d0 62 O. Then if e 6= ? then d ^ d0 = d but in that case < d; e >62 F . Therefore e = ? and d^ d0 < d. If t0 6= ? then t = d^ d0 aand < d; d >"< t; t0 >. So t0 = ? and < t; t0 >2 F . Hence Property Q holds in F. Finally, if two intervals of F are transposed, they are also transposed in D E thus Property R must be valid in F . Domain D is isomorphic to the partial order of the pairs of the form < d;? > in F which is a coherent ideal of F . 2 Remarks: 1. The domains D and D D _ E are isomorphic, so that we can consider a cartesian product as a particular kind of graft. 2. If D is nite, the set of maximal points in D is an open set M. The construction D M _ E is particularly useful, so we write it simply D_E. Proposition 8.7 Let M1 =< 1; V1;V1; E1 > and M2 =< 2; V2;V2; E2 > be two information matrices, and X be an arbitrary set of nite con gurations of M1. De ne M =< ; V;V ;E > as follows: i) = 1 _ [ 2 (One may assume 1 and 2 disjoint w.l.o.g.) ii) V = V1 [ V2 iii) V(c) = ( V1(c) if x 2 1 V2(c) if x 2 2 iv) The function E is de ned by cases: 1. If 2 1 then E( ) = E1( ) 2. If 2 2 and 2 E2( ) then 8 2 X f g [ 2 E( ) Then if we take O = f 0j 0 2 Xg we have: M = M1 O _ M2 Proof: It is immediate by de nition that any con guration in M is a conguration of the juxtaposition of M1 and M2, hence that M is included in M1 M2 . Furthermore, the ordering on M is inherited from M1 M2 . 91 If is a con guration of M , let 1 and 2 be the restrictions of to 1 and 2 respectively. By de nition of E , either 2 = ; and 1 is a con guration of M1, or 2 6= ; and then 1 must contain at least one element of X . Hence there is an injection between M and M1 O _ M2 . Conversely, any element of M1 O _ M2 is a compatible set of decisions in M1 M2 , and by de nition of E it is connected in M , which concludes the proof of the isomorphism. 2 Example: MatricesMO2 and MO represent respectively O2 and O. Matrices Mi in the table represent each one of the grafts Fi of O on O2. MO MO2 M1 M2 6 M3 6 M4 * H HY M5 * H HŶ 9 Inverse limit constructions We investigate now the possibility of constructing concrete domains by a limiting process. Of course, since the property of being concrete is not in general preserved by exponentiation, it is impossible to preserve it by arbitrary inverse limits. However, it is also clear that certain restricted limit constructions will preserve this property. De nition 9.1 If D and E are two computation domains, a projection is a pair of continuous functions < ; > with 2 [D ! E] and 2 [E ! D] such that i) 8x 2 D ( (x)) = x ii) 8x 2 E ( (x)) x 92 De nition 9.2 A projection < ; > between D and E is rigid i 8d 2 A(D); e 2 A(E) e (d) ) e = ( (e)) Proposition 9.1 A projection < ; > between D and E is rigid i 8x 2 D; y 2 E y (x) ) y = ( (y)) Proof: Consider an arbitrary approximant e of y in E. If e is less than (x), since is continuous, there exists an approximant d of x with e (d). But < ; > is a rigid projection so e = ( (e)). As and are continuous, so is and thusy = [ e2A(y) e = [ e2A(y) ( (e)) = ( ( [ e2A(y)e)) and therefore y = ( (y)). 2 Proposition 9.2 Between two computation domains D and E, there exists a rigid projection i D is isomorphic to a coherent ideal of E. Proof: Part 1: Consider a coherent ideal J of E and let be the restriction to J of the identity function on E. Map any x in E to (x) de ned by (x) = Sfzj z 2 A(x) \ Jg. Since E is coherent, the element (x) exists; since J is coherent, the element is in J . We show that (x) is continuous using the characterization of Lemma 1.2. First is trivially monotonic. Consider now an arbitrary approximant e of (x). Since e is isolated and the set fzj z 2 A(x)\ Jg is directed, there exists some z with e z and z 2 A(x) \ J . Since for any z in J we have (z) = z: 8e 2 A( (x)) 9z 2 A(x) e (z) which proves that is a continuous function. The pair < ; > is a projection between J and E as: i) 8x 2 J ( (x)) = (x) = x ii) 8x 2 E (x) x thus ( (x)) = (x) x Consider now two elements x and y with x in J and y in E. If y (x) = x, since J is an ideal, element y is in J and therefore (y) = y and also y = ( (y)). Hence the projection < ; > is rigid. 93 Part 2: Assume that there is a rigid projection < ; > between D and E. Take J = (D). We show rst that J is a coherent ideal of E. i) J is downward closed. Consider an arbitrary element y less than (x), for some x in D. Since < ; > is rigid, we have y = ( (y)) by Proposition 9.1. Hence y belongs to (D). ii) J is coherent. Consider a consistent subset X of (D) and let Y be the inverse image of X by . The set Y is consistent: consider two arbitrary elements a and b in Y . Since X is consistent, elements (a) and (b) are compatible and we have: ( a = ( (a)) ( (a)_ (b)) b = ( (b)) ( (a)_ (b)) hence a and b are compatible. Since Y is consistent, it has a l.u.b . Since is monotonic 8x 2 X x ( ) and therefore, since X is consistent SX ( ) and SX = ( (SX)) since < ; > is rigid. Thus SX belongs to (D) and (D) is a coherent ideal. Finally, if < ; > is a projection between D and E, the partial orders D and (D) are isomorphic. We conclude that D is isomorphic to a coherent ideal of E when < ; > is rigid. 2 Notation: If D and E are concrete domains, we write D E when D is isomorphic to a coherent ideal of E or, equivalently when there is a rigid projection from D to E. Proposition 9.3 Among concrete domains, relation is a preorder. Proof: i) If D is an arbitrary concrete domain, D is a coherent ideal of itself. ii) Assume D E F i.e. that there are two rigid projections < 1; 1 > and < 2; 2 > with: ( 8x 2 D 1 2( 2 1(x)) = 1( 2 2( 1(x))) = 1 1(x) = x 8x 2 E 2 1( 1 2(X)) 2( 2(x)) x Assume now that, for some x in D and for some y in F we have y 2 1(x). Since < 2; 2 > is rigid y = 2( 2(y)). But 2(y) 2 2 1(x) = 1(x). Hence since < 1; 1 > is rigid, 2(y) = 1 1 2(y). So nally y = 2 1 1 2(y) which proves that < 2 1; 1 2 > is rigid. Therefore D is isomorphic to an ideal of F , i.e. D F .2 94 De nition 9.3 A sequence fD1; D2; ; Dn; g of computation domains is a directed sequence i for all i(i 1) there exists a projection < i;i+1; i+1;i > between Di and Di+1. Between two domains Di and Dj of a directed sequence (i < j), there exists then a projection noted < i;j ; j;i >. By convention we note < i;i; i;i > the pair < Ii; Ii > where Ii is the identity function on Di. If all projections < i;i+1; i+1;i > are rigid, we say that the sequence is rigid, which we note D1 D2 Dn By Proposition 9.3, all projections < i;j ; j;i > are also rigid. De nition 9.4 Consider a directed sequence fD1; D2; ; Dn; g of computation domains. The inverse limit of this sequence is the partial order < D; > where i) D is the set of sequences < x1; x2; : : : ; xn; : : : > with ( 8i 1 xi 2 Di 8j i xi = j;i(xj) ii) is the partial order de ned componentwise: x D y , 8i 1 xi Di yi Theorem 9.1 The inverse limit of a rigid sequence of concrete domains is a concrete domain. Proof: Let D be the inverse limit of the rigid sequence D1 D2 Dn 1. The partial order D is coherent. Let X be a consistent subset of D and for all i(i 1) Xi be the set of i-th coordinates of the elements of X . Each of the Xi is consistent in Di and therefore has a lub SXi. We show that the sequence < SX1;SX2; : : : ;SXi; : : : > is in D. Since X is a subset of D: 8x 2 X xi = j;i(xj) (i j) hence [Xi = [ xj2Xj j;i(xj) 95 Let X 0 j be the directed set obtained from Xj by adding all lubs of its nite subsets. By continuity: [ xj2Xj j;i(xj) = [ xj2X 0 j j;i(xj) = ([X 0 j) = ([Xj) and therefore ([X)i =[Xi = j;i([Xj) = j;i([X)j 2. The partial order D is !-algebraic. We must identify the isolated elements in D. To this end, de ne two collections of functions f i;1g and f 1;ig from Di to D and from D to Di respectively in the following fashion: 8><>: 8e 2 Di ( i;1(e))j = i;j(e) (j i) 8e 2 Di ( i;1(e))j = i;j(e) (j < i) 8x 2 D 1;i(x) = xi This de nition makes sense provided 8i 1; 8e 2 Di; i;1(e) 2 D. Take x = i;1(e). For any k, it is immediate that xk belongs to Dk. We must check now the second condition, i.e. 8n m xm = n;m(xn). There are three cases: Case 1. m i. Then xm = i;m(e) and xn = i;n(e). We compute: n;m(xn) = n;m( i;n(e)) = n;m( m;n( i;m(e))) = n;m( m;n(xn)) = xm Case 2. n i. Then xm = i;m(e) and xn = i;n(e). We compute: n;m(xn) = n;m( i;n(e)) = i;m(e) = xm Case 3. n i > m. Then xm = i;m(e) and xn = i;n(e). Therefore: n;m(xn) = n;m( i;n(e)) = i;m( n;i( i;n(e))) = i;m(e) and here again xm = n;m(xn). It is immediate that, for any i, the functions i;1 and 1;i are continuous. We show now that the pairs < i;1; 1;i > are projections from Di to D. First, 8i 1; 8e 2 Di 1;i( i;1(e)) = ( i;1(e))i = i;i(e) = e 96 To prove the second condition, namely 8i 1; 8d 2 D i;1( 1;i(d)) d we examine the j-th coordinate and distinguish two cases: Case 1. j < i. Then ( i;1( 1;i(d)))j = ( i;1(dj))j = i;j(di). But d belongs to D thus, if j < i then i;j(di) = dj . We have the required inequality for all coordinates with rank less than i. Case 2. j i. Then ( i;1( 1;i(d)))j = ( i;1(di))j = i;j(di). But d belongs to D thus, if j i then di = j;i(dj). Therefore ( i;1( 1;i(d)))j = i;j( j;i(dj)) dj since the pair < i;j ; j;i > is a projection. The inequality is established in this case as well. To conclude, we show now that the isolated elements of D are exactly the i;1(e) for any i(i 1) and e isolated in Di. Consider rst an element d with d = i;1(e) and e isolated in Di. Let X be an arbitrary directed subset of D such that d SX . On the i-th coordinate, we have: di = ( i;1(e))i = i;i(e) = e ([X)i =[Xi As e is isolated and Xi is directed, there exists x in X with e xi. By monotonicity of i;1 we conclude i;1(e) = d i;1(xi). We are left to prove that i;1(xi) x. i) j < i: ( i;1(xi))j = i;j(xi) = xj ii) j i: ( i;1(xi))j = i;j(xi) = i;j( j;i(xj)) xj . We conclude that d x with x 2 X hence d is isolated in D. Similarly, one shows that 8i; k i k i;k(e) 2 A(Dk). Thus the set fzjz x and z = i;1(e)g is directed and its lub is x. Thus A(D) = f i;1(e)ji 1 and e 2 Dig and D is !-algebraic. 3. The pairs < i;1; 1;i > are rigid. Assume that we have y i;1(x) for some y in D and x in Di. We have to show that y = i;1( 1;i(y)). i) j < i: Then yj = i;j(yi) hence yj = ( i;1(yi))j = ( i;1( 1;i(y)))j. 97 ii) j i: Then ( i;1(x))j = i;j(x). Since the pairs < i;j ; j;i > are rigid, from yj i;j(x) we deduce yj = i;j( j;i(yj)). But j;i(yj) = yi so that we obtain: yi = i;j(yi) = ( i;1(yi))j = ( i;1( 1;i(y)))j In both cases we have the desired inequality, The pairs < i;1; 1;i > are therefore rigid, and all domains Di are isomorphic to coherent ideals of D. 4. The domain D is concrete. We check rst Property I. If i;1(e) and j;1(f) are two isolated elements in D with i;1(e) j;1(f), then i;1(e) belongs to j;1(Dj) since j;1(Dj) is an ideal of D. Since j;1(Dj) is isomorphic to Dj that has Property I, there cannot be an in nite chain between i;1(e) and j;1(f). The remaining properties C,Q,and R are expressed in terms of a nite number of nite elements in D. There exists always a coherent ideal k;1(Dk) that contains all these elements, and therefore the properties are valid in D because they are valid in Dk. 2 Proposition 9.4 Any concrete domain is the inverse limit of a rigid sequence of some of its nite coherent ideals. Proof: Consider an enumeration fc1; c2; : : : ; cn; : : :g of the nite elements in a concrete domain D. This enumeration exists since D is !-algebraic. Let us build a sequence fJ1; J2; : : : ; Jn; : : :g of ideals where Ji is the coherent ideal generated by fc1; c2; : : : ; cig. By Lemma 8.1, each one of these ideals is nite, and by Proposition 8.6, each one of them is a concrete domain. Since for any i domain Ji is a coherent ideal of Ji+1, the sequence fJig is a rigid sequence of concrete domains, and its inverse limit J is a concrete domain. We have to show that J is isomorphic to D. By Proposition 9.2, if Ji is a coherent ideal of Jj the pair < i;j ; j;i > with i j and ( 8x 2 Ji i;j(x) = x 8x 2 Jj i;j(x) = Sfzjz 2 A(x) \ Jig is a rigid projection between Ji and Jj . Take x =< x1; x2; : : : ; xn; : : : > an element of J . From xi = j;i(xj) we deduce 8i; j i xi xj . The sequence fx1; x2; : : : ; xn; : : :g is increasing and has a lub (x). It is immediate that function is a monotonic function from J to D. 98 1. is onto. Consider an arbitrary element d in D and the sequence =< d1; d2; : : : ; dn; : : : > where di = Sfzjz 2 A(d) \ Jig. The sequence belongs to J because if i j then Ji Jj and therefore di = Sfzjz 2 A(d)\ Jig = Sfzjz 2 A(d)\ Jj \ Jig (i j) = Sfzjz 2 A(dj) \ Jig = j;i(dj) Finally ( ) = Si 1 di = d since the family fJigi 1 covers A(D). 2. is one-one. Consider two distinct elements x =< x1; : : : ; xn; : : : > and x0 =< x01; : : : ; x0n; : : : > of J and let k be the smallest integer such that xk 6= x0k . We must have xk = x0k _ ck or the symmetric equality. From 8l k xk = Sfzjz 2 A(Dl) \ Jkg we deduce 8l k xl 6 ck and therefore (x) = Si 1 xi 6 ck. But (x0) x0k ck so that necessarily (x) 6= (x0).2 We give now a result that justi es our expressing all properties in terms of isolated elements. Theorem 9.2 (Ideal Completion) Let < L; > be a partial order where L is denumerable and i) Any consistent nite subset of L has a lub. ii) Between any two elements of L, all chains are nite. iii) L has properties C, Q, and R. Consider then the partial order b L of the directed ideals of L ordered by inclusion. Then b L is a concrete domain and L is isomorphic to A(b L). Proof: 1. b L is coherent. Let X be a consistent family of directed ideals. Consider two compatible elements J1 and J2 of J. They are compatible, so there exists a directed ideal J3 with J1 J3 and J2 J3. For any a 2 J1 and b 2 J2 we have also a 2 J3 and b 2 J3 so a and b are compatible. Let X 0 be the union of all ideals in X and J the set obtained from X 0 in adding the lubs of all of the nite subsets of X 0 (they exist by hypothesis i) ) and the elements dominated by these lubs. It is immediate that J is a directed ideal. Since any directed ideal containing the elements of X must include J we deduce J = Sb LX and therefore b L is coherent. 99 2. b L is !-algebraic. We show that the principal ideal of L, i.e. the sets of the form Ja with Ja = fzjz ag (a 2 L) are exactly the isolated elements in b L. Consider a directed subset X of b L such that Ja Sb LX . We have a SL(Sb LX). But in L, all elements a are isolated because all chains from ? to a are nite by hypothesis ii). Thus there exists an element x in the directed ideal Sb LX with a x, and therefore an ideal in X that contains x. We obtain Ja which proves that Ja is isolated. Consider now an arbitrary element J in b L. Trivially we have J = [a2JJa. But [a2JJa Sa2J Ja [a2JJa hence Sa2J Ja = [a2JJa. Finally J = Sa2J Ja, which proves that b L is algebraic, and that the principal ideal of L are the isolated elements of b L. Since L is denumerable, b L is !-algebraic. Finally we note that A(b L) is isomorphic to L. Consequently, properties C, Q, and R are valid in A(b L) hence in b L. This concludes the proof that b L is a concrete domain. 2 10 Distributive concrete domains We are going to study now a special case of importance in applications, that of concrete domains in which there is a unique minimal prime interval in each equivalence class of projective prime intervals (by Proposition 6.4, there exists at least one minimal interval in each projectivity class). We call this unicity property Property U. It is de ned as follows: Property U If [a; a0] and [b; b0] are two minimal projective prime intervals, then [a; a0] = [b; b0]. Proposition 10.1 Property U is equivalent to Property U': If [a; a0] and [b; b0] are two minimal projective prime intervals and there exists a prime interval o with [a; a0] o [b; b0] then [a; a0] = [b; b0]. 100 Proof: It is immediate that Property U implies Property U'. Assume now that U' holds, and consider an alternating sequence of transposed prime intervals between two minimal intervals [a; a0] and [b; b0] f[a; a0]; [x1; x01]; : : : ; [xn 1; x0n 1]; [b; b0]g Since [a; a0] and [b; b0] are minimal, we have necessarily [a; a0] [x1; x01] and [b; b0] [xn 1; x0n 1] hence n is an even number. Take n = 2p and reason by induction on p. If p = 1, we are in the con guration of Property U', so [a; a0] = [b; b0]. If p is larger than 1, two cases are possible: Case 1: x02 is join{irreducible. By U' we have [a; a0] = [x2; x02]. There exists now an alternating chain of length 2(p 1) of prime intervals between [a; a0] and [b; b0]. By induction hypothesis we conclude [a; a0] = [b; b0]. Case 2: x02 is not join{irreducible. Then there exists a minimal prime interval [x2; x02] with [x2; x02] [x2; x02]. But then [a; a0] [x1; x01] [x2; x02] [x2; x02] and by Property U' we obtain [a; a0] = [x2; x02]. The sequence f[x2; x02]; [x3; x03]; : : : ; [b; b0] is an alternating sequence of length 2(p 1), and [x2; x02] = [b; b0] by induction hypothesis. We conclude [a; a0] = [x2; x02] = [b; b0]. 2 Lemma 10.1 In a concrete domain D, the following properties are equivalent: 1. Property U 2. Conditional distributivity: 8a; b; c 2 D b " c) a ^ (b_ c) = (a ^ b)_ (a^ c) 3. Conditional modularity: 8a; b; c 2 D a " b; a c) a _ (b ^ c) = (a _ b) ^ c 4. 8x; y 2 D (x ^ y) = (x)\ (y) 5. The height function is a valuation, i.e. 8x; y 2 A(D) x " y ) h(x) + h(y) = h(x _ y) + h(x ^ y) Proof: 101 a) 1 implies 4. We know already, by Proposition 6.2, that (x ^ y) (x) and (x ^ y) (y) and therefore (x ^ y) (x) \ (y). Consider now a decision d belonging to (x) and (y), and two prime intervals [u; u0] and [v; v0] included respectively in [?; x] and [?; y] and in the projectivity class of d. By Proposition 6.4, we can nd two minimal intervals [u; u0] and [v; v0] such that [u; u0] [u; u0] and [v; v0] [u; u0]. Since [u; u0] [v; v0] Property U allows one to deduce [u; u0] = [v; v0]. Since u0 and v0 are dominated respectively by x and y we have u0 = v0 x^y. Thus decision d belongs to (x^y). We have shown the inequality (x)\ (y) (x ^ y) and we conclude (x ^ y) = (x) \ (y). b) 4 implies 5. In the lattice of nite subsets of an arbitrary set, we have the equation jA [ Bj = jAj + jBj jA \ Bj. Consider two arbitrary compatible elements x and y inD. By Proposition 6.2 we have (x_y) = (x)[ (y). Therefore j (x _ y)j = (x)[ (y)j = j (x)j+ j (y)j j (x)\ (y)j = j (x)j+ j (y)j j (x^ y)j by 4 Using the result of Proposition 6.4, we obtain x " y ) h(x) + h(y) = h(x _ y) + h(x ^ y) c) 5 implies 1. We show that 5 implies Property U', which is su cient by Proposition 12.1. Assume we have [a; a0] [z; z0] [b; b0] with [a; a0] and [b; b0] minimal. Let us show that either [a; a0] = [b; b0] or a ^ b = a0 ^ b0. Suppose we had a ^ b < a0 ^ b0. By relative atomicity, there would exist an element t such that a ^ b < t a0 ^ b0. Thus either t 6 a or t 6 b. Assume w.l.o.g. that t 6 a. Then t ^ a = a ^ b and by Property C a < a_ t a0. Since we have also a < a0 we must have a_ t = a0 and [a^b; t] [a; a0]. Since [a; a0] is minimal a^b = a and t = a0. Since [a; a0] and [b; b0] are projective, by Theorem 5.1 a0 b is not possible. Hence [a; a0] [b; b0]. But [b; b0] is also minimal, so [a; a0] = [b; b0]. We have proved by contradiction that if [a; a0] and [b; b0] are distinct a0^b0 = a^b. But Proposition 6.5 allows one to write: [a; a0] [a_ b; a0 _ b0] [b; b0] By hypothesis, function h is a valuation and we have h(a ^ b) = h(a) + h(b) h(a _ b) 102 thus 1 + h(a ^ b) = h(a0 ^ b0), which contradicts a ^ b = a0 ^ b0. We conclude that [a; a0] = [b; b0] thereby proving Property U'. d) 4 implies 2. Consider three elements a; b; c in D with b " c. (a ^ (b _ c)) = (a)\ (b _ c) by 4 = (a)\ ( (b)[ (c)) (Proposition 6.2) = ( (a)\ (b))[ ( (a)\ (c)) (set theory) = (a^ b)[ (a ^ c) by 4 again = ((a^ b) _ (a ^ c)) (Proposition 6.2) And by Theorem 6.1 we conclude a ^ (b_ c) = (a ^ b)_ (a^ c). e) 2 implies 3. This is a standard proof in lattice theory. Assume a " b and a c. By distributivity: (a_ b)^ (a_ c)) = ((a _ b)^ a) _ ((a _ b)^ c) = a _ ((a_ b)^ c) = a _ ((a^ c)_ (b^ c)) by distributivity = a _ a _ (b ^ c) since a c We obtain the required modularity law (a_ b)^ c = a _ (b ^ c). f) 3 implies 1. Assume we have the modularity law and consider two minimal prime intervals [a; a0] and [b; b0] such that [a; a0] [a _ b; a0 _ b0] [b; b0]. Since a _ b0 = a0 _ b = a0 _ b0 and b b0 we obtain by modularity: b0 = (a0 _ b) ^ b0 = b_ (a0 ^ b0) But if [a; a0] and b; b0] are distinct, we have seen that a0 ^ b0 = a^ b thus b0 = a_(a^b) = b which is a contradiction. Since [a; a0] = [b; b0] Property U' holds. 2 The result above justi es calling a domain satisfying Property U either modular or distributive or even metric. Proposition 10.2 A concrete domain D is distributive i it is isomorphic to the partial order of con gurations of a matrix < ; V;V ; E > with 8 2 ; jE( )j= 1 In other words D is represented by a matrix without disjunctions. 103 Proof: From left to right, the result is a direct consequence of the construction used in the Representation Theorem and Property U. Conversely, consider a matrix M =< ; V;V ; E > verifying the condition 8 2 jE( )j = 1. For any decision d, let p(d) the unique set of decisions that enables d. We show that, in such an information matrix, if a decision d has a proof, then it has a unique irredundant proof. The proof is by induction on the length l(d) of the proof of d. Base Case: l(d) = 1, i.e. d is initial and p(d) = ;. The proof fdg is irredundant and any other proof of d includes it, hence it is unique. Inductive step: l(d) = n(n > 1). Then d has a proof d1; d2; : : : ; dn 1; d. Since only p(d) enables d, we must have p(d) fd1; d2; : : : ; dn 1g. Thus all decisions in p(d) have proof of length less than n, therefore a unique irredundant proof by induction hypothesis. Let now (d) be the union of all unique irredundant proofs of all elements of p(d). The set (d)[fdg is a proof of d. Any proof of d contains d and the irredundant proofs of the elements of p(d). Therefore (d)[ fdg is the unique irredundant proof of d. Consider now 1 and 2 two nite compatible con gurations of M . Since 1 and 2 are compatible, the set of decisions 1\ 2 doesn't contain two distinct decisions concerning the same cell because it is included in 1 [ 2. If d is an arbitrary decision in 1 \ 2 it has a unique irredundant proof . Since 1 and 2 are connected 1 and 2 thus 1 \ 2 and the set 1 \ 2 is connected. Hence it is a con guration and 1 ^ 2 = 1 \ 2. Then j 1j + j 2j = j 1 ^ 2j + j 1 _ 2j and the height of the elements of M is a valuation. By Lemma 10.1 the concrete domain < M ; > is distributive. 2 Remark: The previous results states that if < M ; > is distributive, then there exists a matrix M 0 with < M ; >=< 0M ; >. But it is perfectly possible for M to contain disjunctions, as shown in the example of Figure 22. The following proposition characterizes a frequent case, where distributivity can be proved quickly. Proposition 10.3 A concrete domain is distributive i the domain is the partial order of con gurations of some information matrix M =< ; V;V ;E > where any cell is enabled by sets of decisions that concern a single set of cells. Proof: The proof follows the pattern of the proof of the previous result. The property is immediate from left to right. For any d let q(d) be the common set of cells occupied by all sets of decisions that enable the cell of d. We 104 M0; 10; 16 60 1M@@@@@@@@@M 00; 10; 10; 1@@@@I01Figure 22: M and M 0 have the same con guration space Mshow that in such an information matrix, if a decision d has a proof, then allirredundant proofs of d occupy the same set of cells. We proceed by inductionon the length l(d) of the length of d.Base Case: l(d) = 1. The empty set is the only one that enables d. Hencethe cell of d is occupied by any proof of d.Inductive step: l(d) = n(n > 1). Then d has a proof d1; d2; : : : ; dn 1 ` d.Let O(fd1; d2; : : : ; dn 1g) be the set of cells occupied by the decisionsin fd1; d2; : : : ; dn 1g. Any set of decisions enabling d occupies q(d) soq(d) O(fd1; d2; : : : ; dn 1g). Consider an element in E(d) includedin fd1; d2; : : : ; dn 1g. By induction hypothesis, all irredundant proofs ofthe elements of occupy the same set of cells. Let be the cell occupiedby d. Taking the union of all these cells with we obtain a set of cells(d) and any irredundant proof of d contains (d).Consider now two nite and compatible con gurations 1 and 2 of M andtake an arbitrary decision d in 1 \ 2. Any irredundant proof of d occupies(d). Hence 1 and 2 occupy (d). Therefore d has a proof in 1 \ 2 andthius set of decisions is connected. Hence 1 ^ 2 = 1 \ 2 and M is adistributive concrete domain. 2Proposition 10.4 The separated sum of a nite or denumerable number ofdistributive concrete domains, the cartesian product of a nite or denumerablenumber of distributive concrete domains, the inverse limit of any rigid sequenceof distributive concrete domains are distributive concrete domains.Proof: It is immediate that the sum and the juxtaposition of an arbitrarynumber of information matrices in which all cells are enabled by a unique set of105 decisions is of this kind as well. Let D be the inverse limit of a rigid sequenceof distributive concrete domains D1; D2Dn. If [x; x0] and[y; y0] are two minimal prime intervals with [x; x0] [x _ y; x0 _ y0] [y; y],consider the coherent ideal generated by the isolated elements x0 and y0. Theideal J is nite and thus there exists an integer k such that J Dk. Since Dkis distributive, by Property U' we obtain [x; x0] = [y; y0] which proves PropertyU' in D. 2Proposition 10.5 If D and E are two distributive concrete domains, and ifO is an open set such that8d; e 2 Ominimal (d) = (e)then D O_ E is a distributive concrete domain.Proof: By construction of the matrix associated to D O_ E, it is immediatethat it satis es the condition of Proposition 10.3. 2Example: It is easy to check on Figure 21 that only F4 is not distributive.Historical Note(1978): The essential part of the research reported herewas carried out in Autumn 1975 at the University of Edinburgh. Preliminaryversions of this text have been distributed privately during seminars on Se-mantics in Sophia-Antipolis in Autumn 1977 and on the Theory of ContinuousLattices in Darmstadt, July 1978.References[AW77] E. A. Ashcroft and W. W. Wadge. Lucid, a nonprocedural languagewith iteration. Communications of the ACM, 20:519{526, 1977.[Bir67] G. Birkho . Lattice Theory. Volume 25, American MathematicalSociety, 1967.[GRW78] M.J. Gordon, R.Milner, and C. Wadsworth. Edinburgh LCF: amechanized logic of computation. Volume 78 of LNCS, Springer-Verlag, 1978.[Lan76] P. J. Landin. The next 700 programming languages. Communica-tions of the ACM, 9:157{164, 1976.[Lev78] J.-J. L evy. R eductions correctes et optimales dans le -calcul. Ph.D.dissertation, Universit e Paris 7, 1978.106 [Mae72] Maeda. Symmetric Lattices. Springer-Verlag, 1972.[Mil73] R. Milner. Models of LCF. Arti cial Intelligence Memo 186, Stan-ford University, Computer Science Department, 1973.[Plo78] G. D. Plotkin. T! as a universal domain. Journal of Computer andSystem Sciences, 17(2):209{236, October 1978.[Rey72] J. C. Reynolds. De nitional interpreters for higher-order program-ming languages. In ACM 25th National Conference, pages 717{740,1972.[Sco70] D. S. Scott. Outline of a mathematical theory of computation. In 4thAnn. Princeton Conference on Informations Sciences and Systems,pages 169{176, 1970.[Sco76] D. S. Scott. Data types as lattices. SIAM Journal on Computing,5(3):157{164, 1976.