Dynamic semantics of proofs originate in Girard’s Geometry of Interaction (GoI) program , whose aim was to provide a semantic account for the process of cut-elimination. Indeed, while the proofs-as-programs correspondence expresses that -reduction of lambda-terms corresponds to cut-elimination, its extension to categorical models (the so-called Curry–Howard–Lambek correspondence) arguably fails to fully reflect these dynamics, as it represents those operations as a simple equality.
Since then, GoI has been developed into many directions to give various accounts of cut-elimination without syntactic rewriting. One aspect which has received less attention is the construction of models of linear logic where morphisms are generalized programs on which a GoI-style execution procedure can be defined, and serves to compose morphisms. Girard’s successive papers on GoI all investigate such models, using operator algebras as the spaces of generalized programs; recently, Seiller has simplified Girard’s models using graphings (a measure-theoretic extension of graphs) instead of operators . Note that discrete graphs suffice to obtain a model of linear logic without exponentials or quantifiers [22, 24].
The aforementioned models all start from an untyped universe of programs, and interpret formulae as specifications for the behavior of programs: they can be seen as realizability models with operators/graphs as realizers. Futhermore, these specifications will be given as batteries of “tests” or “counter-proofs” which are themselves generalized programs.
This idea comes from the theory of multiplicative proof nets, where correct proofs have to be distinguished out of a set of “proof structures” by means of a correctness criterion. Girard observed that by representing a proof structure as a permutation , he could express the correctness criterion as the cyclicity of for all , where is a set of permutations depending on the formula being proved. This led to a prototypical GoI model , limited to Multiplicative Linear Logic (MLL), with permutations as programs. This model internalizes “the proof passes the test ” as a symmetric relation , defined as “”. In general, in GoI models, semantic types are defined using this kind of symmetric relation, called an orthogonality.
Contents of the paper.
In this paper, we revisit this connection between proof net correctness and GoI orthogonality in the MLL fragment. One issue is that, for a given MLL formula, the number of corresponding tests is exponential in the size of the formula – and by replacing the formula by a huge test of sets, we have forgotten that they all come from the same succinct data. We argue that a formula should correspond to a non-deterministic superposition of tests, and propose a variant of Seiller’s interaction graphs which admits sparse representations of non-deterministic sums of programs; the main ingredient is a coherence relation between edges, hence the title. Instead of an exponential family of tests, we get a single non-deterministic test of polynomial size.
Remarkably, this development – which does not depend on knowing a priori anything about MLL correctness criteria – leads us to recover a previously known but rarely used version of proof nets, introduced by Retoré , together with its correctness criterion. Let us note that Ehrhard suggested  exploring connections between this criterion and GoI. This result which provides a correspondence between cographs and formulae, suggest further work providing a tighter correspondence between proof and graph theory by exploiting the notion of modular decomposition of graphs (see e.g. ).
The coherence allows for the representation of sums of programs, and therefore provides a GoI account of MLL+Sum. This suggests extensions of the framework to e.g. Differential Linear Logic (with or without promotion) [6, 5] which requires the use of the Sum. But this is not the only possible use of a coherence relation: we will also describe in this paper how one can, in coherent interaction graphs, express a restriction to simple paths – i.e. paths visiting each vertex at most once – to ensure that our generalized programs remain finite objects when they are composed together. This was in fact the motivation for coherent graphs when they were originally introduced in Seiller’s PhD thesis .
We write for the powerset of . We distinguish two notions of disjoint union: is with the implied condition that , while is the coproduct in the category of sets (one may define ).
By a graph , we mean a directed multigraph, i.e. a set of vertices and a set of edges with source and target maps ; need not be injective. We write when and there is a bijection such that , , that is, when there is a graph isomorphism between and acting as the identity on vertices. This is the right notion of “equality” (not merely isomorphism!) of graphs for our purpose. We denote the graph with no edges on the vertex set .
A path is a finite sequence with , , , . Cycles are defined as paths with .
Two edges and are incident if they have a common endpoint. This does not depend on the directions of and .
2 From execution of matchings to interaction graphs
2.1 Multiplicative Linear Logic proofs as matchings
Let be a formula of (unit-free) MLL. Any cut-free proof of determines a fixed-point-free involution – the from the introduction – on the atoms of , exchanging two occurrences of atoms when they were introduced by the same axiom rule. It is well-known that for most purposes, one may in fact forget about the syntactic proof and work only with the involution – in fact this is one way of looking at the theory of MLL proof nets. In particular, cut-elimination can be carried out directly on involutions .
To do so, it is more convenient to see these fixed-point-free involutions as matchings, by which we mean111Properly speaking, these are actually called 1-regular graphs in graph theory. The usual meaning of “matching” (resp. “perfect matching”) is a subset of edges of a given graph such that each vertex is incident to at most (resp. exactly) one matching edge – that is, perfect matchings correspond to 1-regular subgraphs. undirected graphs whose vertices all have degree 1: the vertices are the atoms, and the edges are given by the orbits of the involution. Given two cut-free proofs and , inducing the respective matchings and , to find the matching for , we first plug and together:
Let be two graphs; their vertex sets and might not be disjoint. then denotes the graph , equipped with the partition of its edge set, in order to remember the provenance of edges.
A path in is alternating if, for any two consecutive edges, exactly one of them is in .
There is an obvious notion of ternary plugging of graphs, with a tripartition of its edge set, which will also turn out to be useful later. It will be denoted for the graphs .
Here, because we identify the vertices corresponding to atoms in with their duals in . Translating cut-elimination on the level of matchings just consists of following the alternating paths in the resulting graph : see the example in Figure 1. This operation leads to the definition of a graph whose edges are exactly the alternating paths between and ; the latter will be called the execution of and , and denoted as (Definition 3).
The alternation condition can be justified through an analogy with game semantics. An involution of a set can be thought of as a “strategy” over the “arena” : if my opponent plays , I answer with – in other words, I follow the incident edge of the matching and answer with the other endpoint. Then the condition reflects an alternation of moves between two players; execution is “composition” (taking and following paths) and “hiding” (keeping only the symmetric difference ).
In general, plugging two matchings results in an undirected graph whose vertices have degree 1 or 2, i.e. a disjoint union of alternating paths and cycles. When restricting to interpretations of MLL proofs, cycles never appear. (This corresponds to the strong normalization property for MLL proof nets.)
2.2 Interaction graphs in a nutshell
Let us now generalize by considering arbitrary directed graphs instead of matchings.
The execution of two graphs has as vertex set the symmetric difference and contains, for each alternating path from to in , an edge from to ().
Execution defines a well-behaved composition for graphs thanks to this associativity property:
If , then .
Note that this is not just an isomorphism: on both sides of the sign, the vertex set is the same, namely the union of , and minus all pairwise intersections.
A special case of execution allows us to represent the tensor product of MLL as an operation on interaction graphs. For two graphsand , if , then is in fact a sort of disjoint union, with all alternating paths having length 1. This defines the tensor product on graphs. (In general, to ensure , we will resort to replacing and by isomorphic copies.)
For two graphs and such that , we define as the graph .
This would be enough to build a degenerate model of MLL – a compact closed category – with vertex sets as objects and graphs as morphisms. But instead, we want a model in which .
2.3 Building a model with orthogonality
This requires something akin to the correctness criterion which distinguishes from in proof nets. In our case, it will be through a notion of orthogonality, accounting for linear negation at the level of graphs – as mentioned in the introduction (see also [22, 19]), this is related to correctness criteria. But our definition of orthogonality can also be motivated by “interactive” considerations: we saw earlier that plugging two matchings coming from MLL proofs with the right types never led to cycles.
For two graphs and with , we write when contains no alternating cycle. If is a set of graphs on a common vertex set, we define .
In our model, the objects interpreting MLL types will be sets of graphs over a common vertex set which can be written as for some ; they are called conducts222This word is a synonym of “behavior”, meant to suggest that a type is a set of programs behaving in the same way.. The idea is that is a set of tests, and the conduct is the set of programs passing those tests. The condition is equivalent to ; thus, can be used as an involutive linear negation.
A conduct on a set is a set of graphs with vertex set such that .
The constructions on graphs then lift to constructions on conducts.
Let be conducts with . We define
It is then natural to define the morphisms from to as the graphs belonging to the conduct . Unfolding this definition, one gets the realizability-style characterization of as the set of graphs mapping elements of to elements of .
Let be conducts such that .
More precisely, the programs in are those which send all inputs in to outputs in , with the side condition meaning that there must be no alternating cycle between the program and the possible inputs. This side condition also appears in the so-called adjunction between the tensor product and the execution:
Proposition 11 (Adjunction).
Let , and be three graphs. Suppose that . Then if and only if and .
Together, the above two facts lead to the monoidal closure of the category of conducts and graphs. Most of the ingredients for a model of MLL are now present; the construction will be detailed when we carry it out in the setting of coherent graphs, which is the topic of the next section.
A way to get rid of the side condition is to keep track of the cycles appearing during the execution and incorporating them in our notion of generalized program – which would then consist of a graph together with a “set of cycles”, called a project. The orthogonality of two projects can then be formulated as the fact that the set of cycles of the project is empty – this is a focussed orthogonality in the sense of Hyland and Schalk , and our construction can then be seen as an instance of double glueing carried out in a compact closed category.
The project-based construction of a model of MLL is much more general, since it allows one to define orthogonality as any reasonable predicate on the set of cycles, not just emptiness. This leads to a family of models parameterized by the choice of orthogonality. The interested reader can find details of this more general construction in earlier papers by the second author [22, 24]. For reasons of simplicity, and because the selected results we will detail in the last section do not require this more general setting, we will not use projects in this paper and restrict to the specific case described above. It should however be noted that the extension from graphs to coherent graphs explained in the next section could very well be performed in the more general setting of projects.
3 Enriching interaction graphs with coherence
We are now in a position to define the main object of study of this paper, by endowing the edges of interaction graphs with a coherence space structure. The definition of execution and orthogonality will be extended to these objects, and this will suffice to build a model of MLL from them.
3.1 Motivation: sparse non-deterministic proofs
Let’s say we want to interpret non-deterministic superpositions of proofs. More formally, this corresponds to proofs in a sequent calculus enriched with the Sum rule
An obvious solution would be to represent the set of possibilities as a formal sum of proofs – as is done for instance in differential linear logic [6, 5]. Indeed, in , which introduces this rule, proof equivalence is extended with associativity and distributivity over arbitrary contexts of Sum [18, Fig. 6]. These rules can turn any proof using Sum into an equivalent proof with a single Sum rule at the root.
However, this may lead to an exponential blow-up of the size of the proof. (Maurel’s motivation for studying the Sum rule in  is to characterize the complexity class NP; for this purpose, such a size increase must be avoided.) We would like to have concise interpretations of proofs in which small sub-proofs involve non-deterministic choice, without having to duplicate the context.
The same issues arise in the theory of proof nets for Multiplicative-Additive Linear Logic: like the Sum rule, the -introduction rule involves a superposition of two proofs. Hughes and van Glabbeek’s slice nets  use the “formal sum” approach, and therefore, a sequent calculus proof may have an exponentially bigger translation. In other systems of MALL proof nets, such as monomial nets  and conflict nets , this is avoided by morally sharing parts of the net between different terms of the formal sum, by means of some kind of coherence relation. (For the former, the appendix [9, A.1] provides an alternative presentation, equivalent to monomial weights, using a coherence space; in the latter, the conflict relation corresponds to what we call incoherence.)
Taking inspiration from this, we will extend interaction graphs to equip their sets of edges with a coherence space structure. This will allow us to interpret the Sum rule as a “incoherent union” of graphs in an interaction graph model. However, it will not be sufficient to get a model of MALL, because of obstructions333The natural encoding of additives would be: [nolistsep,noitemsep] for , and , for , : a proof of consists of a superposition of a proof of and a proof of . But consider two linear maps and , their copairing , and some . Then, in general, the interpretation of and that of differ: the latter contains any edge of whose endpoints are both in . This also occurs with the representation of additives by means of sliced interaction graphs; see the discussion in [24, §5.2] for more details and a concrete example, which can be translated to coherent graphs. which are common to GoI models.
Nonetheless, the consideration of this coherence space structure provides an interesting construction which could be used to built GoI models of extensions of MLL+Sum, such as differential linear logic. Moreover, the introduction of coherence allows for restrictions on the execution of two graphs that ensures finiteness of the result. Indeed in the general construction on graphs considered above, the execution of two finite graphs may not be finite. However, the execution of two finite coherent graphs will be a finite coherent graph.
3.2 Coherent graphs: basic properties
A coherence relation is a symmetric reflexive binary relation. A coherence space is a set (the web of ) equipped with a coherence relation written (or when is implied by the context). We use the following notations: , and .
The following binary operations are defined on coherence spaces :
: , for all , and the rest is induced from ,
: , for all and the rest is induced from ,
Lastly, a clique is a subset of the web whose elements are pairwise coherent.
A coherent graph is a graph together with a coherence relation on its set of edges . We denote by the coherence space associated with .
Let and be coherent graphs. The plugging is endowed with the coherence relation on edges such that .
An alternating path (or cycle) in is coherent if all its edges are pairwise coherent, i.e. if it is a clique for the associated coherence relation. Two coherent paths (or cycles) , are mutually coherent if and only all edges in are coherent with all edges in .
The execution has as vertex set and contains, for each coherent alternating path from to in with , an edge from to . It comes with the coherent graph structure induced by mutual coherence of paths in .
When , we write instead of . This is justified by the shape of : and .
Consider the two coherent graphs on the left of Figure 2. The color scheme is meant to show the cliques in the coherence relation: while all the edges of the top graph are coherent, the blue edge and the red edge in the bottom graph are incoherent. Plugging them together gives a graph with: , , .
The execution is then computed by following the coherent alternating paths in this plugging, giving the two edges of the graph on the right. Note that the bolded path on the left is incoherent – it contains both a red and a blue edge – and therefore does not yield an edge in the execution.
Since the two coherent paths in the plugging are mutually incoherent, the execution consists of two incoherent edges, which have been drawn with different colors to illustrate this.
This definition of execution is still adequate to compose morphisms:
Proposition 17 (Associativity for coherent graphs).
Let , and be three coherent graphs. Suppose that . Then .
Both sides of the sign are ways of computing the graph whose vertices are , and whose edges correspond to the coherent alternating paths in , with the coherence relation given by mutual coherence of paths. ∎
And the operation mentioned earlier to represent non-determinism can now be formalized as follows:
The incoherent sum of two coherent graphs and with is defined as , (therefore ).
For example, the bottom left graph of Figure 2 can be seen as the incoherent sum of the red subgraph and the blue subgraph – both subgraphs having 4 vertices. Likewise, the graph on the right can be decomposed into an incoherent sum.
3.3 An application of coherence: simple paths
Although we haven’t yet redefined orthogonality and conducts for coherent graphs, what we have seen until now suffices to showcase an application of the coherence space structure on edges, initially considered in Seiller’s PhD thesis .
The motivation for the extension of graphs with a notion of coherence was to limit the execution, which often led to infinite graphs. Indeed, let and be two graphs, such that contains an alternating path of the form , where is an alternating cycle and are two alternating paths, with endpoints in . Then the execution contains infinitely many edges, even when and are finite, since all the , , are alternating paths.
In the model defined in section 2, this doesn’t happen when composing morphisms because the “side condition” ensures that does not contain alternating cycles. However, when looking at more general models [22, 24], we need another way to keep the execution finite. It is then natural to consider restricting our attention to simple paths and cycles.
A path (resp. cycle) is simple if it does not visit any vertex more than once.
But restricting the execution (resp. orthogonality) to simple paths (resp. cycles) breaks the adjunction.
Figure 3 shows how the adjunction fails when one considers only simple paths and cycles. Let us write for the simple execution between and – i.e. the execution restricted to the edges coming from simple paths – and when there is no alternating simple cycle in .
On the left, we have no alternating simple cycle in , so . On the other hand, one can see on the right that there is a simple alternating cycle between the simple execution and , so . In fact, this cycle lifts to a non-simple cycle in : the edges and correspond to paths in which both visit the vertices 1 and 2.
This example therefore explains why the introduction of coherence is necessary to restrict to simple paths: coherence keeps track of possible dependencies between paths (i.e. two paths that used the same edge) that may be forgetten and lead to troubles in the model (i.e. break associativity, which is the model’s counterpart of the Church-Rosser property).
Coherent graphs were therefore a way of making the adjunction work with simple paths.
To ensure the finiteness of execution, another natural choice would be to restrict to paths and cycles without repeating edges, instead of vertices. This is done in a similar way to what we are about to show here, but using a non-reflexive coherence relation [23, §5.2].
Let be a graph. The simple coherence relation on is defined as follows: two edges are coherent if and only if they do not have a common vertex.
A coherent graph is simple if is included in the simple coherence on .
For instance, any coherence on a matching is simple, and the chordless coherence defined in section 4 is included in the simple coherence.
Let and be two simple coherent graphs with . A coherent alternating path or cycle in is simple. The converse holds if and are equal to the simple coherences.
We prove the proposition for paths; a similar argument works for cycles.
Let be an alternating path in , and suppose it is not simple. Among all the vertices visited at least twice, let be the one with the earliest first visit; this first visit involves an edge with . Suppose w.l.o.g. . The second visit to involves an edge (either incoming or outgoing) because of alternation; , or else would contradict the minimality of . And since , by definition of simplicity of . Thus, is incoherent.
Conversely, in an alternating simple path, the source and destination are incident to a single edge, while every intermediate vertex is incident to exactly one edge of and one edge of . So the path cannot contain two incident edges from the same graph. ∎
Thus, as long as we execute two finite simple coherent graphs together, we always get finite graphs. It only remains to check that simplicity is preserved by execution to show that we have devised an universe closed under execution of generalized programs which are all finite graphs.
If and are simple, then is simple.
Let have a common source vertex in ; we wish to show . By definition, and correspond to paths in , respectively et . Let be their longest common prefix: and . Since , at least one of and must be non-empty. Furthermore, if only one of them were empty, the destination of would be a vertex in which is impossible.
Therefore, there exists such that , . Then by simplicity of si , or of si (necessarily, and come from the same graph; this is where the common starting vertex assumption comes into play). Thus, and are not mutually coherent.
If and have the same target vertex, the proof is the same in the opposite graph; if or , it suffices to look at the pair of edges incident to the common vertex. ∎
3.4 A model made out of coherent graphs
Now, we carry out the orthogonality-based construction of a model of MLL, which was previously sketched, in the setting of coherent graphs.
For two coherent graphs with , we write when contains no coherent alternating cycle.
As before, the tensor and the execution satisfy an adjunction with respect to :
Let , and be three coherent graphs. Suppose that . Then if and only if and .
A coherent alternating cycle between and either is between and or involves at least one edge of . The former case corresponds to . Cycles fitting in the latter case correspond exactly to alternating cycles between and . ∎
The notion of conduct is the same as before, and actually the next few definitions and theorems are rather formal and are not affected by adding a coherence relation to graphs.
A conduct on a vertex set is a set of coherent graphs with vertex set such that .
Let and be two conducts such that . We define .
It follows that , and . As in the previous section, one easily obtains the following characterisation of the linear maps.
Let and be two conducts such that . Then
From these, one can define a categorical model of MLL, establishing that the interpretation of MLL proofs by coherent graphs is sound. This can be further refined by showing that cut elimination is soundly represented by the execution of two graphs.
Details of the proofs of these results are ghastly, as one needs to consider delocations. Indeed, as each conduct has a location, i.e. a specified set of vertices, one needs to consider isomorphic copies of conducts when defining all the basic operations. Morally, the categorical model consists of the category whose objets are conducts and morphisms from to are coherent graphs in . In details, the conduct may not be defined if by some bad luck we ended up with a situation where . This is circumvented by defining the set of morphisms from to are coherent graphs in , where and rename the sets of vertices to ensure disjointness. This leads to complications in the definition of composition. However, the details of the involved combinatorics is provided in full in the second author’s first paper on interaction graphs  and the addition of a coherence relation on edges of graphs do not change the proof: understanding the word "graph" as meaning "coherent graph", the original proof can be used word to word to obtain the following result, as only the associativity and adjunction properties are used.
Similarly, as the tensor product is not a total operation, it needs to be dealt with through delocations. Again, the method is exactly that of the previous work mentioned above.
The following defines a -autonomous category: conducts as objects, coherent graphs as morphisms – modulo delocations and composed by execution –, delocated tensor as monoidal product, and as dualization.
Now, recall that we motivated the introduction of the coherence relation by mentioning a Sum rule, which is supposed to be interpreted by the incoherent sum . But the category of coherent conducts and graphs does not interpret this rule: the commutations which distributes Sum over arbitrary contexts do not correspond to equalities of coherent graphs. However, one can get a model of MLL+Sum by identifying two coherent graphs when they have the same “deterministic sub-graphs”, that is, the same maximal cliques. Note this identifies coherent graphs which are indistinguishable w.r.t. orthogonality. I.e. this equivalence relation is finer than what Seiller calls universal equivalence  and which is defined as if for all graph the set of alternating cycles in is equal to the set of alternating cycles in . The universal equivalence is quite natural, and implies that the equivalent graphs are observationally indistinguishable in all Interaction Graphs models definable. Thus, the quotient needed to represent faithfully the Sum rule is quite natural to consider and provides a very satisfactory model, as does the quotient w.r.t. universal equivalence.
Let be the following equivalence relation on graphs: iff and there is a bijection between the maximal cliques (for inclusion) of and those of , commuting with the source and target maps. (That is, and “have the same” maximal cliques.)
is a congruence on the hom-sets of the category in the previous theorem, and the quotient is a model of MLL+Sum, interpreting Sum as .
Of course, each equivalence class then has a canonical representative which is just the incoherent sum of the maximal cliques. However, the use of a coherence relation remains interesting since it potentially allows for much more concise representatives – recall that sparsity of non-deterministic programs was an initial motivation.
4 Principal conducts and cographic proof nets
4.1 Principal conducts
Our goal is now to study the interpretation of MLL types in the model defined by Theorem 31 – that is, without the quotient – and recover a notion of proof net together with an associated correctness criterion. To do so we will look at the generation of conducts by single “tests” in their orthogonal.
Let be a conduct. A generator of is a graph such that .
Let be generated by a set , that is, ; then it admits a generator, namely, the incoherent sum of all graphs in (even if is infinite, makes sense as an infinitary operation). But this doesn’t simplify much the description of . What we would like is to find generators with a reasonable size, e.g. with a number of edges polynomial in the number of vertices. Coherent interaction graphs allow us to build a model of MLL consisting entirely of conducts with such generators.
A conduct is principal if it admits a generator without parallel edges, i.e. multiple edges with both the same sources and the same targets. It is bi-principal if both and are principal.
Principal conducts are closed under and , and bi-principal conducts constitute a non-trivial model of MLL.
Thus, there is a model of MLL whose conducts all admit generators whose number
of edges is at most quadratic in the number of vertices (with no
parallel edges allowed, it is bounded by the number of ordered pairs of
in the number of vertices (with no parallel edges allowed, it is bounded by the number of ordered pairs of vertices).
Moreover, given a fixed assignment of atoms to bi-principal conducts, the number of vertices – and thus the number of edges – of a generator is polynomial in the size of the interpreted formula.
The non-triviality comes from the fact that the unique conduct on is bi-principal. This conduct does not contain any coherent graph, but this tells us that to get a truly non-empty bi-principal conduct, we can just take any provable formula and interpret every atom by . The rest of the theorem is a consequence of the following explicit constructions on generators.
For all coherent graphs and with , we have and , where , and
That is, for each and , we add both and and make them incoherent with all other edges.
First, note that by definition. By instantiating , and using the contravariance of , we get .
Conversely, let , and ; our goal is to show . To do so, we use the adjunction: (because ) etc. and in the end, .
As for , the edges between and ensure that all graphs orthogonal to can be written as with and . entails and (by looking at the coherent alternating cycles with vertices in , or in ). Thus, we have . The reverse direction is proven by applying to the inclusion (note that for any set ). Note that this proof gives an “internal completeness” result as a bonus: every graph in this conduct decomposes as a tensor. ∎
4.2 Cographic proof nets
Among bi-principal conducts, we have all those built from using the multiplicative connectives. Let us take a closer look at what those look like. The following shows that the coherence relation of the canonical generator of such a conduct is entirely determined by its vertices and edges.
Let be a graph. The chordless coherence relation is defined as follows: