Mechanizing Operads with Event-B

Rigorous modelling of natural and industrial systems still conveys various challenges related to abstractions, methods to proceed with and easy-to-use tools to build, compose and reason on models. Operads are mathematical structures that provide such abstractions to compose various objects and garanteeing well-formedness. Concrete implementations of operads will offer practical means to exploit operads and to use them for various technical applications. Going from the mathematical structures, we develop with Event-B a complete refinement chain that implements algebraic operads and their basic operations. The result of this work, can be used from the methodological point of view to handle similar implementations for symbolic computation questions, and also to reason on symbolic computation applications supported by operads structures.

💡 Research Summary

The paper presents a complete formalisation and implementation of algebraic operads using the Event‑B method, addressing the need for rigorous yet reusable abstractions in the modelling of complex natural and industrial systems. Operads are introduced as collections of multi‑input, single‑output functions equipped with partial composition operators ◦ᵢ that satisfy sequential and parallel associativity laws. The authors argue that while operads provide a powerful theoretical framework for composing system components, their practical exploitation requires a concrete, tool‑supported implementation that guarantees well‑formedness and allows systematic refinement.

Event‑B is chosen as the underlying formalism because of its clear separation between static contexts and dynamic machines, its support for stepwise refinement, and the availability of the Rodin platform with integrated provers and the ProB model‑checker. The authors first define a context (Ctx0_Prm) that declares the basic static ingredients needed for any operad model: a finite set OPERAD, constants for the maximum number of arguments (maxArgs), maximum number of outputs (maxOut), maximum number of operads (maxOprd), and a derived constant maxFol (the product of maxArgs and maxOprd). A series of axioms enforce finiteness and bound relationships, providing a configurable foundation for later refinements.

An abstract machine, Operads_Abs, captures the dynamic state of a library of operads. Four primary variables are introduced:
‑ myOperads ⊆ OPERAD – the set of currently defined operads,
‑ arityOp – a total function mapping each operad to its arity (the number of input positions),
‑ foliage – a relation linking leaf identifiers (1 … maxFol) to the operads that own them, and
‑ outOp – a relation describing the (potentially multiple) outputs of each operad.
Invariants (inv10‑inv60) guarantee that all operads belong to OPERAD, that arities stay within the prescribed limits, that foliage cardinality dominates arity, and that output relations respect the maximum argument bound.

The core of the modelling effort is the event composeSeq, which implements the partial composition ◦ᵢ between two operads op1 and op2 at a specified position i in op1. The event’s guard checks that i is a valid input position of op1 and that the arities of op1 and op2 satisfy the composability condition. The body updates the state as follows:

1. A new operad r is created whose arity becomes arity(op1) + arity(op2) – 1.
2. The foliage relation is recomputed: leaves belonging to op1 before position i remain unchanged, leaves of op2 are inserted starting at i, and leaves after i are shifted by arity(op2) – 1.
3. The hook relation is updated to record that op2 is now “hooked” inside op1 at position i, and that any previously hooked operads are re‑hooked accordingly.
4. The hat mapping (the operad directly owning a given leaf) is adjusted so that each leaf can be traced back to its immediate parent operad.

Because composition may delete the leaf at position i (it becomes the output of op2) and relabel other leaves, a total function from leaf identifiers to operads can no longer be maintained. The authors therefore introduce the auxiliary structures foliage, hook, and hat to capture the partial, hierarchical relationships that arise after successive compositions.

Refinement is used to specialise the abstract model for concrete applications. The initial abstract machine leaves many constants unconstrained (e.g., maxArgs ≥ 6, maxOprd ≥ 8) to support generic simulations. In later refinements, these bounds are tightened to match the needs of a case study: a manufacturing system modelled with five arguments (raw material, machine, human operator, product, reject). The paper demonstrates how a human‑operated module can be replaced by a composite of two robot modules by successive applications of composeSeq, yielding a new operad that reflects the updated architecture. The Rodin tool automatically generates proof obligations for initialization, invariant preservation, and refinement correctness; all are discharged using built‑in provers and the ProB model‑checker, confirming that the refined models remain consistent with the abstract specification.

The contribution is twofold: (i) a reusable Event‑B library that encodes operads, their arities, foliage, and composition mechanisms; (ii) a methodological blueprint showing how to employ Event‑B refinement to evolve abstract operad specifications into concrete, domain‑specific models while preserving formal guarantees. The authors argue that this approach can be extended to other algebraic structures (e.g., monoids, categories) and to richer operad variants featuring multiple outputs or non‑linear arities. Future work includes integrating richer graphical visualisation, supporting dynamic reconfiguration at runtime, and applying the framework to symbolic computation tools where operads govern term rewriting and syntax‑directed transformations.