Observably Deterministic Concurrent Strategies and Intensional Full Abstraction for Parallel-or

Although Plotkin’s parallel-or is inherently deterministic, it has a non-deterministic interpretation in games based on (prime) event structures – in which an event has a unique causal history – because they do not directly support disjunctive causality. General event structures can express disjunctive causality and have a more permissive notion of determinism, but do not support hiding. We show that (structures equivalent to) deterministic general event structures do support hiding, and construct a new category of games based on them with a deterministic interpretation of aPCF por , an aﬃne variant of PCF extended with parallel-or. We then exploit this deterministic interpretation to give a relaxed notion of determinism (observable determinism) on the plain event structures model. Putting this together with our previously introduced concurrent notions of well-bracketing and innocence, we obtain an intensionally fully abstract model of aPCF por .


Introduction
Plotkin's parallel-or is, in a sense, the most well-understood of programming language primitives.Recall that it is a primitive por : B → B → B defined by the three equations: por tt ⊥ = tt , por ⊥ tt = tt , por ff ff = ff .
As Plotkin famously proved [16], it is the primitive to be added to the paradigmatic purely functional higher-order programming language PCF in order to get a perfect match (full abstraction) with respect to Scott domains.Since Plotkin's result, full abstraction has been the gold standard for semanticists.Indeed, whereas an adequate model is always sound to reason about program equivalence; a fully abstract model is also complete: two programs are observationally equivalent if and only if they have the same denotation.Though since Plotkin's paper fully abstract models of various programming languages have been proposed (often through game semantics, with e.g.state [3,1], control [5,14], concurrency [11], . . .); they are usually quite a bit more complicated than plain Scott domains.Parallel-or is well-understood, in that it has a simple input-output (extensional) behaviour, and its presence in PCF reduces observational equivalence to input-output behaviour.
But is it really so well-understood?While parallel-or is simple extensionally, how is it best understood intensionally?What is the operational behaviour of por M N ?Any programmer will sense the subtleties in implementing such a primitive.It immediately spawns two threads, starting evaluating M and N in parallel.If both terminate with ff, it terminates with ff as well after both have finished.But it suffices that one of the threads returns tt, for parallel-or to return tt immediately, discarding the other.If both return tt then one of the threads will be discarded, but which one depends on the scheduler.From an input-output perspective it does not matter which one is selected as they race to produce the same result, but the race nonetheless happens from an operational viewpoint; and a sufficiently intensional semantics will show it.Such behaviour is useful in practice, for instance to speed up deciding the existence of a "good" branch in a search tree by spawning a thread for each branch to explore.
From a game semantics perspective, understanding this combination of racy concurrency and deterministic extensional behaviour has been an unexpected challenge.In earlier work, we dealt with deterministic parallelism using games and strategies based on event structures [17], showing an intensional full abstraction result for a parallel implementation of PCF [8].We also showed how our tools supported shared memory concurrency [6].Given that, it is no surprise that the racy behaviour mentioned above can be represented with event structures, yielding an adequate model of e.g.PCF plus parallel-or.But game semantics based on event structures is causal: each event comes with a unique causal history.Dependency is conjunctive: an event can only occur after all its dependencies.This feature is key for the notion of concurrent innocence leading to our definability result [8] and in fact for the very construction of our basic category of games [7].This has the unfortunate consequence of forcing the strategy for parallel-or to be non-deterministic: the race in the operational behaviour of por tt tt yields a choice between two events competing to return tt, each depending on one argument of por.But interpreting por through non-determinism really is a workaround, as appears through the resulting failure of full abstraction.
Constructing a deterministic intensional model for parallel-or has proved demanding.Plays-based models [11] fail as they inline the non-deterministic choice of the scheduler, and cannot express even pure parallelism deterministically.We saw above that plain event structure games do not work either.Giving a deterministic model for parallel-or involves modifying the latter to allow disjunctive causality: a given event may have several distinct causal histories, and an event occurrence does not carry information on its specific causal history.Alternatives to event structures allowing this have existed for a long time: general event structures [18].However, we will see that they do not, in general, support hidingwhich is required to build a category of strategies.We will show that they do support it modulo some further conditions, making them adequate to model parallel-or deterministically.
Beyond the historical twist of giving a fully abstract games model for a language with parallel-or (as game semantics was originally driven by the full abstraction problem for PCF without parallel-or [13,2]), a treatment of disjunctive causality is indispensable in a complete game semantics framework for concurrency.The following example illustrates how mundane and widespread it is: the causal history of a packet arriving from the network is simply its route.Clearly, introducing an event for each route is best avoided if possible -especially since all further events depending on it will be hereditarily duplicated as well.Deterministic models for disjunctive causality serve two purposes: they allow for (1) a more general, less intensional notion of determinism, and (2) a coarser equivalence relation between strategies

12:3
that abstracts away benign races.These issues, that we address in this paper, have become recurrent obstacles in our research programme; and the historical importance of parallel-or in semantics made it the perfect candidate to test and showcase the solution.
Contributions.Concretely, we build an intensionally fully abstract games model of aPCF por , an affine version of PCF with parallel-or.Our tools are designed with the extension in the presence of symmetry [8] to full PCF por in mind; but presenting them in an affine case allows us to focus on the issues pertaining to parallel-or and disjunctive causality, orthogonal to symmetry.Presenting everything at once in conference format is not reasonable.
Full abstraction for aPCF por has two facets: on the one hand, we need to import the conditions of innocence and well-bracketing from [8], which rely on conjunctive causality.On the other hand, we need a disjunctive notion of determinism.Consequently our model will involve: (1) the standard category CG of concurrent games on event structures, and (2) the main novelty of our paper, a new category Disj supporting disjunctive determinism.Glueing the two together, we can import in CG the notion of determinism from Disj, thereafter dubbed observational determinism, and prove intensional full abstraction.

Related work.
Game semantics is a branch of denotational semantics.Originally driven by the full abstraction problem for PCF, it has grown in the past 25 years into a powerful and versatile methodology to construct compositionally intensional representations of program execution.This lead on the one hand to many full abstraction results (particularly striking in the presence of state as the fully abstract models are then effectively presentable [3,1]), and on the other hand to applications, ranging from program analysis (model-checking or equivalence checking) to compilation and hardware synthesis [10].
Within game semantics, the present paper is part of a line of work on so-called "truly concurrent" game semantics first pushed by Melliès and colleagues [4,15], and which advocates the use of causal structures such as event structures and asynchronous transition systems in interactive semantics of programming languages.This line of work has seen a lot of activity in the past five years, prompted in part by a new category of games and strategies on event structures generalizing all prior work, introduced by Rideau and the last author [17]; but also the presheaf-based framework for concurrent games by Hirschowitz and colleagues [12].
Finally, our account of disjunctive causality relies heavily on determinism for hiding to work.The third author and Marc de Visme have developed event structures with disjunctive causality (edc) [9], supporting both disjunctive causality and hiding in a non-deterministic setting.Links between these two approaches are being explored; at the very least, extra axioms would have to be imposed on edcs in order to mimic the work here.
Outline.In Section 2 we introduce aPCF por and give its (non-deterministic) event structure games model CG.In Section 3 we introduce the deterministic model Disj for parallel-or.Finally in Section 4 we glue the two, generalize the conditions of [8] and prove full abstraction.

2
Causal game semantics for affine PCF with parallel-or  affine λ-calculus with a divergence ⊥ and boolean primitives (constants and conditionals): We skip the affine typing rules, which are standard -the typing of if M then N 1 else N 2 is additive, i.e.N 1 and N 2 may share resources, and the N i have boolean type.The (callby-name) operational semantics, also standard, yield an evaluation relation M ⇓ v between closed terms and values (booleans or abstractions).We write M ⇓ when there is some v such that M ⇓ v, and M ⇑ otherwise.Two terms Γ M, N : Recall that an interpretation − in some model M is fully abstract if for all M, N , M obs N iff M = N -it is intensionally fully abstract if M quotiented by the semantic equivalent of obs is fully abstract.
In [16], Plotkin proved that Scott domains are fully abstract not for PCF, but for its extension with the so-called parallel-or operation: The combinator por is not sequential: it is not the case that it evaluates one of its arguments first.In particular, por tt ⊥ ⇓ tt and por ⊥ tt ⇓ tt.

Strategies as event structures
As usual in game semantics, computation is a dialogue between the program and its environment.The moves, or events, are either due to the program (Player, +) or its environment (Opponent, −).They are either variable calls (Questions, Q) or returns (Answers, A).Unlike traditional game semantics, in our line of work such dialogues are partially ordered.Figure 1 presents two concurrent strategies, both playing on (the game for) B 1 B 2 B 3 , where subscripts are for disambiguation.The diagrams are read from top to bottom.The first event in both strategies is an Opponent question on B 3 , initiating the computation.Then Player (the program) starts evaluating in parallel its two arguments (q 1 and q 2 ).These may return tt or ff, the wiggly line indicating that they cannot reply both.Depending on these, Player may eventually answer q 3 .In both diagrams, ff 3 requires both arguments to evaluate to ff; however they differ as to the events that trigger an answer tt 3 .These diagrams will be made more formal later, but we invite the readers to examine them and convince themselves that the first diagram represents a parallel implementation of the left or (diverging if its first argument diverges), whereas the second diagram represents parallel or.Event structures.Such diagrams are formalized as event structures.We use here event structures with binary conflict, whereas those of [17,7] have a more general set of consistent sets.Binary conflict is sufficient for our purposes, and preserved by all operations we need.
Definition 1.A (prime) event structure (with binary conflict, es for short) is (E, ≤ E , # E ) where E is a set of events, ≤ E is a partial order on E called causality and # E is an irreflexive symmetric binary relation called conflict, such that: ∀e # e , ∀e ≤ E e , e # e .We will often omit the indices in ≤ E , # E if they are obvious from the context.
In the second axiom, we say that the conflict (e, e ) is inherited from (e, e ).If a conflict (e, e ) is not inherited (meaning dependencies of e and e are pairwise compatible, i.e. non-conflicting), we say that it is a minimal conflict and denote it by e e .The states of an event structure E, called configurations, are the finite sets x ⊆ E that are both consistent (events are pairwise compatible) and down-closed (i.e. for all e ∈ x, for all e ≤ e, then e ∈ x) -the set of configurations on E is written C (E), and is partially ordered by inclusion.Configurations with a maximal element are called prime configurations, they are those of the form [e] for e ∈ E. We will also use the notation [e) = [e] \ {e}.Between configurations, the covering relation x−⊂y means that y is obtained from x by adding exactly one event: y is an atomic extension of x.We might also write x e −−⊂ to mean that e ∈ x and x ∪ {e} ∈ C (E).Finally, when drawing event structures, we will not represent the full partial order ≤ but the immediate causality generating it, defined as e e whenever e < e and for any e ≤ e ≤ e , either e = e or e = e .The diagrams of Figure 1 represent event structures; only displaying immediate causality and minimal conflict .
Arenas.Besides causality and conflict, events in Figure 1 carry labels (q, tt, ff, . . .): formally, those will come from the game, or the arena.Arenas are the semantic representatives of types.They are certain event structures with polarities and Questions/Answers labeling.

Definition 2.
An arena is a triple (A, pol A , λ A ) where A is an event structure, pol A : A → {−, +} and λ A : A → {Q, A} are labelings for polarity and Questions/Answers, such that: The order ).An arena A is negative if all its minimal events have negative polarity.
Conflict aside, our arenas resemble those of [13]: the justification relation traditionally denoted by A is simply A .Basic arenas include the empty arena 1, and the arena B displayed in Figure 2, often written B by abuse of notation, for booleans. 12:6

Obs. Det. Concurrent Strategies and Intensional Full Abstraction for Parallel-or
We mention here some constructions on arenas.The dual A ⊥ of A is obtained by taking pol A ⊥ = −pol A , and leaving the rest unchanged.The simple parallel composition A B is obtained as having events the tagged disjoint union {1} × A ∪ {2} × B, and all components inherited.The product A & B of negative A and B is obtained as A B, with all events of A in conflict with events of B. As types will be denoted by negative arenas, we need a negative arena to interpret .This is done by setting A to depend on (negative) minimal events of B. If B has at most one minimal event, this is easy: Defining A B for well-opened B is sufficient to interpret aPCF por types, but would be insufficient in the presence of a tensor type; with e.g.B (B ⊗ B).The complication here is due to a disjunctive causality at the level of types: the left B is caused by either of the occurrences of B on the right.As for parallel-or, the inability of event structures to express that can be worked around by introducing two conflicting copies of the left B, one for each causal justification -this is done in [6], and is reminiscent of the standard arena construction of [13].This works well for some purposes, but the informed reader may see why this threatens definability for a concurrent language with tensor: indeed a counter-strategy can then behave differently depending on the cause of an occurrence of the left B.
We avoid the issue here, and only build for aPCF por types.Interestingly the issue vanishes in Section 3: Disj supports disjunctive causality in both arenas and strategies.

Prestrategies on arenas.
Strategies are certain event structures labeled by arenas.More formally, the labeling function is required to be a map of event structures: Definition 4. A prestrategy on arena A is a function on events σ : S → A s.t.σ is a map of event structures: it preserves configurations (∀x ∈ C (S), σ x ∈ C (A)) and is locally injective (∀s Event structures and their maps form a category E. Figure 1 displays such prestrategies σ : S → A -the event structure drawn is S, and events are annotated by their image in A through σ.Strategies, introduced in the next section, will be subject to further conditions.

An interpretation of aPCF por as strategies
Following the methodology of denotational semantics, giving an interpretation of aPCF por consists in constructing a category out of certain prestrategies, with enough structure to interpret aPCF por .For lack of space we can only sketch part of the construction, a more detailed account of the construction, originally from [17], can be found in [7].
A prestrategy from A to B is a prestrategy σ : S → A ⊥ B. Given also τ : T → B ⊥ C, we wish to compose them.As usual in game semantics, this involves (1) parallel interaction where the strategies freely communicate, and (2) hiding.We focus on (1) first.
Interaction.The interaction of σ : S → A ⊥ B and τ : T → B ⊥ C is an event structure T S, labeled by A B C via τ σ : T S → A B C. The omitted definition [7] of T S follows the lines of the third author's event structure semantics for parallel composition 12:7 in CCS [19].It is uniquely determined (up to iso) as a pullback [7] in E: It is the "smallest" labeled event structure accommodating the constraints of σ and τ .
Hiding.Composition should yield a prestrategy from A to C. Accordingly events of T S that map to A or C are available to the outside world, and called visible.On the other hand, those mapping to B are private synchronization events, dubbed invisible; that we wish to hide.The proposition below formalizes that event structures are expressive enough for that.
Proposition 5. Event structures support hiding: for E an event structure and V any subset of events, then there exists an event structure E ↓ V having V as events, and as configurations exactly those x ∩ V for x ∈ C (E).
The components of E ↓ V (causality, conflict) are simply inherited from E. For σ and τ as above, we first form T S as T S ↓ V with V the visible events.The composition τ σ : T S → A ⊥ C is simply the restriction of τ σ; and is a prestrategy.
A category.Composition is associative up to isomorphism of prestrategies, where σ 1 : S 1 → A and σ 2 : S 2 → A are isomorphic (written σ 1 ∼ = σ 2 ) if there is an iso between S 1 and S 2 in E making the obvious triangle commute.Finally, for any arena A there is a copycat prestrategy c c A : C C A → A ⊥ A, which has events and immediate conflict those of A ⊥ A, and with causality that of A ⊥ A where additionally each positive event is set to depend on its negative counterpart on the other side.Details can be found in [17,7].
Copycat is idempotent, but is not an identity in general.Rideau and Winskel [17] characterise the prestrategies for which it acts as an identity as the strategies: We mention (see [7]) that CG is a compact closed category, i.e. fit to interpret the linear λ-calculus.As aPCF por is affine, we work in a derived category of negative strategies.
Negative arenas and strategies.Negative arenas were defined earlier.We also have: There is a subcategory CG − of CG with negative arenas as objects, and negative strategies as morphisms.The negativity assumption on strategies ensures that 1 is terminal (the only negative strategy on A ⊥ 1, for A negative, is the empty strategy e A ), which allows us to interpret weakening.The tensor product is defined as A ⊗ B = A B on arenas, and as the obvious relabeling Proposition 8. CG − is a symmetric monoidal category with products, with 1 terminal.For A and well-opened B, A B is an exponential object; and is well-opened.
Following standard lines, we interpret aPCF por in CG − : contexts Γ = x 1 : A 1 , . . ., x n : Types are interpreted as well-opened arenas, each type construction by its arena counterpart.Terms Γ M : A are interpreted as negative strategies M ∈ CG − ( Γ , A ). Divergence ⊥ is interpreted as the strategy (also written ⊥) with no positive moves, closed by receptivity.Constants tt, ff are the obvious strategies on B.
where if is given in Figure 3. Finally, parallel-or is the strategy on the right of Figure 1.
The interpretation − is adequate: for all M : B, M ⇓ iff M = ⊥.However, we will be better equipped to prove that in Section 4. For now, the desired induction invariant for soundness M ⇓ v ⇒ M = v fails, as the model keeps track of too much intensional information: por tt tt has two conflicting tt + events, and is therefore not isomorphic to tt .

Disjunctive causality and observational determinism
We have seen that CG − is an adequate model of aPCF por .However, it is not intensionally fully abstract: strategies distinguish more than terms of aPCF por .In fact, as in [6] one can interpret e.g.linearly used boolean references in CG − ; those can obviously distinguish more than the input-output behaviour of terms.We can remove these by requiring conditions of visibility, well-bracketing and innocence as in [8]; and we will do so in Section 4.2.
One condition of [8] is however inadequate: determinism.Indeed, the strategy of Figure 1 is non-deterministic, and no deterministic strategy can implement parallel-or (indeed, all deterministic strategies on first-order types implement sequential functions [8]).Formalizing a notion of observational determinism, accepting the strategy for parallel-or but rejecting genuinely non-deterministic strategies, proved very challenging.

Disjunctive causality.
As we pointed out in the introduction, the non-determinism of parallel-or comes from the incapacity of our version of event structures, sometimes referred to as prime event structures for disambiguation, to express disjunctive causality.So the reader may wonder: why do we bother with prime event structures at all?After all, there are alternatives.General event structures [18] allow events to be enabled in several distinct ways.We give their equivalent presentation [20] in terms of configuration families: Definition 9. A configuration family (cf) is a pair (|A|, A) (often just written A) where |A| is a set of events, and A is a set of configurations, which are finite subsets of |A|, such that ∅ ∈ A, and satisfying the two further axioms:   Completeness.For x, y ∈ A, if x ↑ y (they are compatible, i.e. there exists z ∈ A such that x ⊆ z and y ⊆ z), then x ∪ y ∈ A. Coincidence-freeness.If x ∈ A, for all distinct e 1 , e 2 ∈ x there exists y ⊆ x such that y ∈ A and e 1 ∈ y ⇔ e 2 ∈ y.
For every (prime) event structure A, C (A) is a configuration family.However configuration families are more general.In a configuration family, the same event can occur for different reasons.For instance, on the set of events { 1 , 2 , ⊕}, Figure 4 represents a configuration family where the event ⊕ can occur either because of 1 or 2 , represented symbolically as in the diagram on the below -importantly, an occurrence of ⊕ carries no data on its effective cause.
With the same symbolic representation, the causally disjunctive nature of parallel-or is made explicit in Figure 5.It seems clear that this is a more accurate description of parallel-or.In particular, it is deterministic, in a sense to be made formal in the next section.
Are configuration families sufficiently expressive as a basis to construct a category of strategies, as we did with prime event structures in the previous section?Recall that for that we used two properties of event structures: that the corresponding category E has pullbacks (for interactions), and then that event structures support hiding.We will show very soon that the first criterion holds.However, we run into an issue for the second: Proposition 10.Configuration families do not support hiding.There is a cf A and V ⊆ |A| such that the set {x ∩ V | x ∈ A} is not a configuration family.
Proof.Set |A| = {a, b, c, d}, and configurations those specified by: (d is caused either by a, or by b and c together).With V = {b, c, d}, the obtained hidden set fails completeness: it contains {b}, {d}, {b, c, d} but not {b, d}.
It is part for this reason that prime event structures are used when building categories of games and strategies -as indeed, hiding is crucial.Removing either coincidence-freeness or completeness loses the correspondence with general event structures [20], and leads to various pathologies further down the road -for instance we lose the key lemma: Lemma 11.Let A a set of configurations on |A| satisfying completeness.Then, it is coincidence-free iff for any x, y ∈ A s.t.x ⊆ y, there is a covering chain in A: x −⊂ . . .−⊂ y.

Disjunctive deterministic games
In this section we introduce the main contribution of the paper, a category Disj of disjunctive deterministic strategies supporting the interpretation of parallel-or.This relies on a notion of deterministic configuration families, and the observation that those do support hiding.

Deterministic configuration families
First we adjoin cfs with polarities, and define determinism (for Player).

Definition 12. A cf with polarities (cfp) (resp. partial polarities (cfpp)) is a cf A with pol
This means that only Opponent makes irreversible choices regarding the evolution of the play.We show that dcfpps support hiding of neutral events.In the given a dcfpp A, V always denotes the set of non-neutral events in |A|.We write A ↓ for the candidate cf on events V with configurations those of the form x ↓ = x ∩ V for x ∈ A. The following key lemma is proved by successive applications of determinism and completeness.Lemma 13.For x ∈ A ↓ , y ∈ A such that x ⊆ y ↓ , for any x ∈ A a witness for x ( i.e. x ↓ = x), there is y ⊆ y ∈ A such that x ⊆ y .
From Lemma 13 follows that for x, y ∈ A, if x ↓ ↑ y ↓ in A ↓ , then x ↑ y in A. Using that observation together with Lemma 13 and determinism, it is straightforward to prove: Proposition 14.For A a dcfpp, A ↓ is a dcfp.

Deterministic disjunctive strategies and composition
A pregame is simply a cfp -for A, B cfps, A ⊥ has the same events and configurations as A but inverted polarity.We will also write B 0 for the cfpp with the same configurations as B but polarity set as globally 0. The cf A B has events the tagged disjoint union, and configurations x A x B for x A ∈ A, x B ∈ B; A & B has the same events as A B, but only those configurations with one side empty.
Unlike in Definition 4, disjunctive prestrategies are simply substructures of the (pre)games.

Definition 15.
A prestrategy on A is a dcfp σ on |A|, such that σ ⊆ A -written σ : A.
Example 16.On events (with polarities) {q − , tt + , ff + }, C (B) is a cfp -that by abuse of notation we still write B. Then, Figure 5 denotes a prestrategy on B ⊥ B ⊥ B.
Though disjunctive prestrategies are not primarily defined as maps, it will be helpful in composing them that they can be.Given two cfs A and B, a map from A to B is a function on events f : |A| → |B| which preserves configurations and is locally injective.Configuration families and their maps forms a category Fam.Note that if A is an event structure, C (A) is a configuration family on |A|.The definition of maps of cfs is compatible with that of maps of event structures, making C (−) : E → Fam a full and faithful functor.Finally, a prestrategy σ : A on A can be regarded as an identity-on-events Fam-morphism σ → A.
Like E, Fam has pullbacks.The interaction of σ on A ⊥ B and τ on B ⊥ C is the pullback of identity-on-events maps σ C → A B C and A τ → A B C.

Proposition 17. The pullback above is (up to iso) the cf τ σ with events |A| |B| |C| and configurations those
We regard τ σ as a cfpp by setting as polarities those of A ⊥ B 0 C. To use Proposition 14 and finish defining composition, τ σ needs to be deterministic; a sufficient condition for that is that σ and τ are receptive.A prestrategy σ on A is receptive iff for all Hence, composition is well-defined on receptive prestrategies -it is also associative.To get a category, we now prove the copycat strategy to be an identity.

Copycat and the compact closed category Disj
We cannot replicate in pregames the definition of copycat sketched in Section 2.3.However, as observed in [22,7], if A is an arena, the configurations of C C A are those configurations of A ⊥ A, necessarily of the form x l x r , such that every positive event of x r (w.r.t.A) is already in x l , and every positive event in x l (w.r.t.A ⊥ ) is already in x r .In other words, [22,7] and and referred to as the "Scott order".Accordingly, on a pregame A, given x, y ∈ A we write x A y iff x ∩ y ∈ A and the relation above holds.The candidate prestrategy copycat c c A comprises all x y ∈ A ⊥ A s.t.y A x. Indeed c c A is a configuration family and is receptive; but prestrategies must be deterministic.It turns out that as in [21], c c A is only deterministic when A is race-free: Proposition 19.Let A be a pregame.Then, c c A is a prestrategy iff A is race-free: for all x, y, z ∈ A such that x ⊆ + A y and x ⊆ − A z, we have y ↑ A z.
We aim to reproduce Theorem 6 in this new setting, and characterise the prestrategies left invariant under composition with copycat.However, there is a new subtlety here: for arbitrary A, c c A might not even be idempotent!Example 20.Consider the cfp on events A = { 1 , ⊕ 2 , ⊕ 3 } given on the below.
This is a race-free pregame, so by Proposition 19, After hiding, there is a change in the causal history of ⊕ 3 , not authorized by c c A but authorised by A: it is caused by 2 on the left, but 1 on the right.This issue comes from the fact that in A, the same event can be caused either by a positive or a negative move.c A is idempotent, (2) A is a partial order, (3) A is co-race-free: for all x, y, z ∈ A with x ⊇ − y, x ⊇ + z, we have y ∩ z ∈ A.
A game will be a race-free, co-race-free pregame.Copycat on any game is an idempotent prestrategy -strategies are those prestrategies that compose well with copycat.We prove: Theorem 22.Let σ be a receptive prestrategy on 2 } ∈ σ as well.In this case, σ is a strategy, written: σ : It follows that there is a category Disj with games as objects, and strategies σ : A ⊥ B as morphisms from A to B. It is fairly easy to show that just as CG, this category is compact closed.But unlike CG, Disj supports a deterministic interpretation of parallel-or: indeed the set of configurations of B ⊥ B ⊥ B denoted by the diagram of Figure 5 is a strategy.

An SMCC and deterministic interpretation of aPCF por
As for CG, Disj lacks structure to interpret aPCF por : the family of bottom strategies e A : A ⊥ 1 (where again 1 is the empty game) fails naturality.As before, we hence restrict Disj to a subcategory of negative games and strategies.Definition 23.A cfp A is negative if any non-empty x ∈ A includes a negative event.
Copycat on negative A is negative and negative strategies are stable under composition; so there is a subcategory Disj − of Disj with negative games as objects and negative strategies as morphisms, inheriting a symmetric monoidal structure from Disj.Moreover 1 is terminal, and Disj − has products given by A & B.
To prove the monoidal closure, as in CG, we have to deal with the fact that for A and B negative, A ⊥ B is not necessarily negative, so we define: Definition 24.Let A and B be two negative games.The game A B has the same events (and polarity) as A ⊥ B, but non-empty configurations those x A x B ∈ A ⊥ B such that x B is non-empty (and hence includes a negative event).
Recall from Definition 3 that the arrow arena A B was only defined for B well-opened (i.e. with at most one minimal event).This was to avoid constructing arenas for types like

B
(B ⊗ B) (invalid for aPCF por , but valid in an extension with a tensor type), where the left hand side B can be opened because of either of the right hand side occurrences of B. In Disj, when constructing A B there is no well-openness condition on B: exploiting disjunctive causality we can express that A is opened only after some event of B -it does not matter which one.The negative strategies in A ⊥ B ⊥ C and A ⊥ B C are the same, from which (using the compact closed structure of Disj) it follows that Disj − is monoidal closed, instead of only having an exponential ideal.Like CG − , it supports an adequate interpretation of aPCF por .Unlike CG − , its strategies are deterministic.

4
Glueing CG − and Disj − , and full abstraction By moving from CG − to Disj − , we gain determinism.However, Disj − is not intensionally fully abstract -there are some strategies that distinguish syntactically undistinguishable terms

12:13
of aPCF por .For instance, one has a strategy on (B B B) B that calls its argument, feeds it tt as first argument, and tt as second argument only if the first argument has been evaluated; it then copies the final result to toplevel.Doing so, it distinguishes the observationally equivalent λxy.if x then (if y then tt else ⊥) else ⊥ and λxy.if y then (if x then tt else ⊥) else ⊥.
Getting rid of such strategies is the responsibility of the concept of innocence in Hyland-Ong games [13].But the P-views of innocent strategies carry precisely the causal information that we have lost when moving from CG − to Disj − !This causal information was crucial in [8] to give concurrent versions of well-bracketing and innocence, so as to capture the behaviour of parallel PCF strategies.So, the deterministic account of aPCF por is not enough; the causal (where innocence and well-bracketing are defined) and deterministic models should be related, to establish in what sense the causal model is already "observably" deterministic.

A glued games model
For any arena A (Definition 2), C (A) is a game -it is race-free and co-race-free.Moreover, arena constructions and game constructions match: for any A, B, . Therefore, we will just take the objects of our glued games model to be arenas.The strategies, though, will be strategies in both categories.Definition 25.Let A be an arena.A strategy σ : We also ask that it has (2) the configuration extension property: for any The configuration extension property ensures that two causal realizations of the same displayed configuration have bisimilar futures.The display operation yields a coarser equivalence on strategies: odet strategies σ, τ : A, are display-equivalent, written σ ≈ τ , if O(σ) = O(τ ).This coarser equivalence is key to ensure soundness of our interpretation, as the interpretation in CG − of por tt tt and tt are not isomorphic, but only display-equivalent.
Theorem 26.There is a compact closed category Odet with arenas as objects and odet strategies up to ≈ as morphisms; with a symmetric monoidal subcategory Odet − of negative arenas and negative strategies with products and 1 terminal.It has well-opened arenas as an exponential ideal.Finally, Odet − supports an adequate interpretation of aPCF por .
Proof.For odet σ and τ , O(τ σ) = O(τ ) O(σ): ⊆ is direct, ⊇ exploits the extension property for σ and τ .So, O(τ σ) is a deterministic disjunctive strategy, and it has the extension property -hence τ σ is odet.In general, O links the structure of CG to that of Disj, forming Odet.We sketch adequacy.

Soundness. For all M ⇓ v, M = v (by induction on the evaluation derivations).
Adequacy.We prove by induction on the size of M that if M ⇑, then M is bottom.The size is an adequate measure because as aPCF por is affine, substitution is non-copying and each induction step is on a strictly smaller term.
As a result, interpretations in CG − and Disj are also adequate.We have accommodated the causal representation of programs permitted by CG and the determinism of Disj.Now, it remains to import the causal conditions on strategies of [8], and prove full abstraction.

Conditions
We now recall innocence and well-bracketing, introduced in [8].Formulated for deterministic strategies (in the sense of CG − ), those would not suffice to prove full abstraction for a genuinely non-deterministic language.For that, further conditions are needed to ensure the locality of conflicts -those will appear in the first author's forthcoming PhD thesis.However, we will show in Lemma 31 that for aPCF por , distinguishable strategies can be distinguished via deterministic (in the sense of CG − ) contexts, so these simpler conditions will suffice.
All our conditions rely crucially on the notion of grounded causal chain.
Definition 27.A grounded causal chain (gcc) in S is a sequence ρ = ρ 0 . . .ρ n where ρ 0 is minimal.The set of gccs of S is written gcc(S).
By courtesy, gccs of strategies on arenas are always alternating.They give a notion of thread of a concurrent strategy.Two gccs ρ, ρ ∈ gcc(S) are forking when ρ ∪ ρ is consistent in S, and there is k ∈ N s.t.ρ i = ρ i for i < k and {ρ i } i≥k and {ρ j } j≥k are non-empty and disjoint.They are negatively forking when pol(ρ k+1 ) = pol(ρ k+1 ) = −, positively forking otherwise.Two forking gccs ρ, ρ are joined at s ∈ S when ρ ω s and ρ ω s. (ρ ω refers to the last event of ρ) as shown in this picture: Preinnocence is a locality condition, forcing Player to deal independently with threads forked by Opponent -in the sequential case, it coincides with Hyland-Ong innocence.In the concurrent case though, it is not by itself stable under composition; that is where visibility comes in.Together they are preserved under composition and under all the operations on strategies involved in the interpretation of aPCF por in CG − (and hence Odet − ).
Well-bracketing.Traditionally, well-bracketing in game semantics rules out strategies that behave like a control operator, manipulating the call stack.It exploits the question/answer labelling, reminiscent of the function calls/returns.In arenas from aPCF por types, answers to the same question are always conflicting, so every consistent set has at most one answer to any question.A consistent set X is complete when it has exactly one answer to any question.A question is pending in a set X if it has no answer in X and maximally so in X. Definition 29.A strategy σ : S → A is well-bracketed when (1) if a ∈ S answers q ∈ S, then q is pending in [a) and (2) for ρ, ρ ∈ gcc(S) forking at ρ k = ρ k , and joined, the segments ρ >k and ρ >k must be complete.
The affinity condition of [8] comes for free here, thanks to the conflict in B. Well-bracketing is proved stable under composition and other operations in [8].A aPCF por -strategy is a negative, innocent, well-bracketed and odet strategy.From now on, all strategies will be assumed to be aPCF por -strategies. 12:15

Intensional full abstraction
Two strategies σ, τ : A are observationally equivalent (σ obs τ ) when for all strategies α : A ⊥ B, α σ ≈ α τ .In fact, there is no need to quantify over all strategies.A path-strategy is a strategy σ : S → A such that there exists a configuration x ∈ C (S) that contains all the positive moves of S. Any distinguishing strategy yields by restriction a distinguishing path-strategy -this would fail without affinity, as the restriction would fail uniformity [8], and enforcing uniformity would make it non-deterministic.
Lemma 31.Two distinguishable strategies can be distinguished by a path-strategy.
Lemma 32.Every path-strategy can be defined by a term of aPCF up to obs .
Proof.As in [8] since path-strategies are deterministic -the only difference is the necessity to distribute the context among the subterms to ensure affine typing.
A corollary is that in an affine setting, por adds no distinguishing power: two aPCF por terms are observationally equivalent if and only if they cannot be distinguished by a context from affine PCF without por.Intensional full abstraction follows by standard techniques: Theorem 33.The interpretation of aPCF por into PorStrat is intensionally fully abstract: it preserves and reflects observational equivalence (see Section 2.1).

Conclusion
This leaves many avenues for further investigation.On the semantic front, we plan among other applications to exploit Odet to model non-interfering concurrent languages.On the foundational front we need to understand better how the present approach relates to the treatment of disjunctive causality in edcs [9].

Figure 1
Figure 1 Two strategies on B1 B2 B3, for parallel-lor and parallel-or.

Figure 2
Figure 2 Representations of the arenas B and B1 B2 B3 .

Definition 3 .
Let A, B be negative arenas.Assume that B is well-opened, i.e. min(B) has at most one event.If B = 1, then A B = 1.Otherwise, min(B) = {b 0 }.We define A B as A ⊥ B, with the additional causal dependency (2, b 0 ) ≤ (1, a) for all a ∈ A.

2 B 2 .F
Besides, CG − has products: for σ : S → A ⊥ B and τ : A ⊥ C their pairing σ, τ : S & T → A ⊥ (B & C) is the obvious labeling, and we have projections A : C C A → (A & B) ⊥ A and B : C C B → (A & B) ⊥ B. For well-opened C, the negative strategies on A ⊥ B ⊥ C and A ⊥ B C are exactly the same.Because A B is only defined for well-opened B, CG − is not monoidal closed; but well-opened arenas form an exponential ideal: .Concurrent Strategies and Intensional Full Abstraction for Parallel-or

F
. Concurrent Strategies and Intensional Full Abstraction for Parallel-or 3

F
. Concurrent Strategies and Intensional Full Abstraction for Parallel-or Such behaviour will be banned in games: Proposition 21.If A is a race-free pregame, the following are equivalent: (1) c

F
. Concurrent Strategies and Intensional Full Abstraction for Parallel-or

ρ k+1 1 ,
D P . . . 1 , D P ρ ω & 8 E ρ 0 1 , D P . . . 1 , D P ρ k 9 0 H U & 8 E s ρ k+1 1 , D P . . . 1 , D P ρ ω E 3 Q X Innocence.Innocence enforces independence between threads forked by Opponent.Definition 28.Let σ : S → A be a strategy on a arena A. It is innocent when it is: Visible: The image σ ρ of a gcc (regarding ρ ∈ gcc(S) as a set) is a configuration of A. Preinnocent: Two negatively forking gccs are never joined.

Theorem 30 .
There is a symmetric monoidal category PorStrat of negative arenas and aPCF por -strategies, with products, a terminal object and an exponential ideal comprising B.Moreover, the interpretation of aPCF por in Odet − factors through PorStrat ⊆ Odet − .

2.1 The language aPCF por To
alleviate notation, we only take booleans B as base type.We start with affine PCF (aPCF).Its types are either B, or A B for some types A and B. Its terms are those of the F S