Sheaves and geometric logic and applications to the modular verification of complex systems

In this paper we show that states, transitions and behavior of concurrent systems can often be modeled as sheaves over a suitable topological space. In this context, geometric logic can be used to describe which local properties (i.e. properties of individual systems) are preserved, at a global level, when interconnecting the systems. The main area of application is to modular verification of complex systems. We illustrate the ideas by means of an example involving a family of interacting controllers for trains on a rail track.

💡 Research Summary

The paper proposes a novel framework for the modular verification of complex concurrent systems by combining sheaf theory, categorical constructions, and geometric logic. The authors begin by formalizing a system as a six‑tuple (Σ, X, Γ, M, A, C), where Σ is a many‑sorted signature, X a set of control variables, Γ a set of logical constraints on X, M a Σ‑structure interpreting the signature, A a set of atomic actions, and C a set of Boolean constraints governing which actions may occur simultaneously. A state is an assignment of values to X that satisfies Γ, and admissible parallel actions are Boolean maps f : A → {0,1} that respect the constraints C.

Two distinct notions of parallel composition of actions are introduced. The first, called Disj (real parallelism), requires that the variable sets on which the enabled actions depend are pairwise disjoint; under this condition the individual transitions can be applied independently and the resulting global transition is simply the product of the local ones. The second, Indep (independence), handles the case where actions may share variables but the resulting state is independent of the order of execution; this is expressed by requiring that any interleaving of the actions yields the same final state, a property reminiscent of Mazurkiewicz trace theory.

The paper then builds a category Sys whose objects are systems and whose morphisms are inclusions preserving signatures, variables, actions, and constraints. Within this category, pullbacks model common subsystems (information‑sharing interfaces) and colimits model the composition of a family of interacting systems into a single global system. This categorical viewpoint provides a clean algebraic description of how local specifications are combined.

Sheaf theory enters by interpreting the family of systems as a presheaf (and, under suitable gluing conditions, a sheaf) over a topological space that encodes the interaction pattern among components. For each open set U of the topology, the sections over U correspond to the collective states, actions, and transitions of the subsystems indexed by U. The stalk at a point represents the behavior of an individual component, while a global section represents a coherent behavior of the whole assembled system. The authors prove that, when the sheaf axioms (locality and gluing) hold, the global sections are precisely the colimit of the underlying component behaviors.

Geometric logic—logic built from finite conjunctions, arbitrary disjunctions, and existential quantification—is employed to express system properties that are preserved under sheaf gluing. The key technical result is a preservation theorem: any geometric sentence true in every stalk (i.e., locally true for each component) remains true in the global sections. Consequently, safety properties such as “the distance between any two trains is always at least ℓ_k” or liveness properties such as “every train eventually moves” can be verified locally and then lifted to the whole system without re‑examining the full state space.

The theoretical development is illustrated with a detailed example: a family of n train controllers sharing a linear, loop‑free track. Each train has variables for its index, actual position, reported position, and movement mode. Actions include periodic reporting, a centralized update that may change modes based on inter‑train distances, and movement steps constrained by the current mode. Constraints enforce that all trains report simultaneously, all move simultaneously, and that reporting and moving are mutually exclusive. The example demonstrates how the Disj condition holds for the “report” and “move” phases, how the sheaf gluing yields a global behavior that matches the colimit of the individual train models, and how geometric safety formulas are preserved.

Beyond state‑based modeling, the authors also treat behavior as traces of actions. By representing traces as words over the free monoid generated by A and, when appropriate, as partially commutative monoids (reflecting independence of actions), they connect their approach to Mazurkiewicz trace theory and to Petri net semantics. They show that the set of traces of the global system is isomorphic to the colimit of the trace sets of the components, again using sheaf representation of trace languages.

Finally, the paper outlines a concrete modular verification workflow: (1) express each component’s local properties as geometric formulas; (2) prove these formulas hold in the component’s stalk (often using standard model‑checking or theorem‑proving tools); (3) invoke the sheaf preservation theorem to conclude the same formulas hold globally; (4) optionally reason about liveness using trace‑based sheaves. This workflow avoids the state‑explosion problem because it never requires constructing the full global state space.

In summary, the authors provide a mathematically rigorous yet practically motivated methodology that unifies sheaf‑theoretic semantics, categorical composition, and geometric logic to enable modular verification of concurrent systems. The framework not only clarifies the theoretical relationship between local and global properties but also offers a pathway to scalable verification tools for safety‑critical domains such as railway control, distributed protocols, and cyber‑physical systems.