Assume–Guarantee Contracts and Algebra

Updated 15 February 2026

Assume–guarantee contracts are defined as pairs (a, g) in a Boolean algebra with a ∨ g = 1, ensuring system guarantees when environmental assumptions hold.
The algebra leverages lattice operations, tensor products, and bimodule actions to unify contract merging, composition, and refinement for system verification.
This framework supports scalable synthesis and verification, connecting abstract algebraic structures to convex optimization and advanced design tools.

Assume–guarantee contracts provide a formal framework for reasoning about the interaction of system components via their environmental assumptions and the guarantees they provide. The algebraic structure of these contracts has been developed from first principles into a rigorous category- and module-theoretic theory, revealing connections to tensor products and bounded Sugihara monoids, with wide-ranging implications for compositional verification, contract-based design, and scalable analysis tools.

1. Formalism of Assume–Guarantee Contracts

Let $B$ denote a Boolean algebra with operations $\land,\lor$ , least element $0_B$ , greatest element $1_B$ , and implication $\to$ . The set of assume–guarantee contracts over $B$ is

$C(B) = \bigl\{\, (a,g) \in B^{\mathrm{op}} \times B \mid a \lor g = 1_B \,\bigr\}$

where the "assumption" $a \in B^{\mathrm{op}}$ constrains the environment and the "guarantee" $g \in B$ constrains the system's committed behaviors, with $a \lor g = 1_B$ codifying classical vacuity: the guarantee is only required if the environment satisfies the assumption (Incer, 2024, Castiglioni et al., 2024, Incer et al., 2023).

Refinement between contracts is given by

$(a, g) \leq (a', g') \;\;\Longleftrightarrow\;\; g \leq g' \;\text{and}\; a' \leq a$

such that stronger guarantees and weaker assumptions yield "smaller" (more constrained) contracts. This order makes $(C(B), \leq)$ a bounded lattice with bottom $(1_B,0_B)$ and top $(0_B,1_B)$ (Incer, 2024).

Contracts are regarded as objects in a posetal category; monotone (order-preserving) maps are the only nontrivial morphisms in this context.

2. Lattice and Monoidal Operations

Contract algebra supports several binary operations that reflect fundamental specification constructs:

Conjunction ("meet") and Disjunction ("join"):

$(a,g) \land (a',g') = (a \lor a',\, g \land g') ,\qquad (a,g) \lor (a',g') = (a \land a',\, g \lor g')$

These follow from the order-theoretic lattice structure induced by refinement (Incer et al., 2023, Castiglioni et al., 2024).

Composition and Merging:
- Composition ( $\parallel$ ): captures the parallel combination of contracts and is given by
$(a,g) \parallel (a',g') = ((g \land g') \to (a \land a'),\, g \land g')$ - Merging ( $\bullet$ ): often called "contract conjunction" or "meet" in the contract literature, defined by

$(a,g) \bullet (a',g') = (a \land a',\, (a \land a') \to (g \land g'))$

Both operations satisfy closed-form Boolean algebraic expressions (Incer, 2024).

The standard meet and join operations are distinct from composition and merging: while $\land$ and $\lor$ are constructed order-theoretically, $\parallel$ and $\bullet$ implement system-theoretic combination or viewpoint fusion.

3. Tensor Product Structure and Bimodule Actions

A key insight is that contract composition and merging are instances of tensor products in specific bimodule settings over $B$ :

Bimodule Actions: Setting $M = (B,\land,1_B)$ , the contract algebra $C(B)$ becomes an $M$ -bimodule via

$x \cdot (a,g) = (x \land a,\, x \to g), \qquad (a,g) \cdot x = (a,\, a \to (x \land g))$

These actions satisfy the monoid and distributivity laws (Incer, 2024, Incer et al., 2023).

Merging as a Tensor Product: The binary operation $\bullet$ is the unique universal $M$ -bilinear map, so

$C(B) \otimes_M C(B) \cong C(B),\quad (C, C') \mapsto C \bullet C'$

establishes merging as a tensor product over the meet monoid (Incer, 2024).

Composition as a Tensor Product: Dually, viewing $C(B)$ under the $(C(B),\lor,0)$ monoid, composition is the tensor product

$C(B) \otimes_{(B,\lor,0)} C(B) \cong C(B)$

and is the involutive image of merging under $(a,g)\mapsto(g,a)$ . This links the contract algebra to monoidal categories and linear algebraic frameworks (Incer, 2024, Incer et al., 2023).

This tensor structure provides a universal characterization of composition and merging, enabling uniformity across reasoning principles, tool support, and the development of higher-arity operations (heaps, quotients, separation).

4. Universal Laws, Dualities, and Adjoints

The algebra of contracts exhibits a network of dualities and adjunctions:

Dualization (Reciprocal): The contract involution $(a,g) \mapsto (g,a)$ exchanges assumptions and guarantees, mapping merging to composition and vice versa.
Adjoint Pairs: Quotient and separation operations serve as right and left adjoints to composition and merging, respectively, with explicit closed-form formulas connecting them to the fundamental operations (Incer et al., 2023):
- The quotient $C/C'$ is the largest contract $D$ such that $C'\parallel D \leq C$ .
- The separation $C \div C'$ is the smallest $D$ such that $C \leq C'\bullet D$ .
Residuation: The algebra is an involutive, commutative, residuated lattice; residuation provides weakest-rely and strongest-guarantee operators directly in the equational theory (Castiglioni et al., 2024).

The contract algebra supports a finite set of distributive, idempotent, commutative monoids; the four canonical semiring structures correspond to various pairings of conjunction, disjunction, merging, and composition, with isomorphisms given by reciprocal and involutive maps.

5. Connection to System Verification and Synthesis

Contracts are not just abstract algebraic objects; their structure enables compositional verification, behavioral specification for dynamical systems, and scalable synthesis:

Behavioral Contracts for Dynamical Systems: Specification via state-space or polynomial matrix formalism, with contract conjunction/merging enforcing meet-semilattice structure, and refinement corresponding to behavioral inclusion on trajectory spaces (Shali et al., 2021). The algebraic manipulations extend naturally to state and input/output trajectories.
Convex Parameterization for Large-Scale Synthesis: For dynamical networks, assume–guarantee contracts are parameterized (typically with zonotopes), and composition correctness reduces to convex inclusion conditions. The feasibility region for correct composition is a convex set, amenable to LP or convex optimization (Ghasemi et al., 2020).
Algorithmic Realizations: The Pacti tool implements these algebraic operations with extensible, theory-agnostic representations (polyhedra, termlists), supporting composition, refinement, quotient, and merging at scale. Principles such as post-processing to fit IO-contract form, modular elimination, and context-aided variable elimination are crucial for practical deployment (Incer et al., 2023, Rouquette et al., 2024).

6. Illustrative Examples

The algebraic framework is exemplified in both finite and infinite models:

Paper	Structure of $B$	Example Operations	Result
(Incer, 2024)	$\{0,1\}$	Merge $(1,1)\bullet(0,0)$	$(0,1)$ , top contract
(Incer, 2024)	Propositional algebra	$C_1=(p,q)$ , $C_2=(q,p)$ , Merge	$C_1 \bullet C_2 = (p\land q, p\land q)$
(Shali et al., 2021)	Linear system polynomials	$C_1\wedge C_2$	Combined behaviors by direct sum and intersection
(Incer et al., 2023)	$\mathcal{P}(\{x,y\})$	$(\{x\},\{x,y\})\parallel(\{y\}, \{y\})$	$(\{x\}, \{y\})$

These computations validate both the intended semantics and universal property constructions via meet and join tensors.

7. Implications and Extensions

Treating merging and composition as tensor products unifies all four primary contract operations inside a monoidal and linear-algebraic scaffold. Consequences include:

Modularity and Universality: Every bilinear proof rule about contracts factors through canonical tensor morphisms, so tool implementations and theoretical developments derive from a single universal construction rather than ad hoc axiomatizations (Incer, 2024).
Algebraic Extensions: The theory generalizes to higher-arity tensors (heaps, preheaps), and to logics richer than Boolean algebras (including temporal or modal logics). Quotient and separation exploit adjoint relationships, and the contract algebra is functorial in the base Boolean algebra, facilitating systematic abstraction (Incer et al., 2023, Castiglioni et al., 2024).
Scalable Design Tools: The polyhedral contract framework, as implemented by Pacti, allows rapid, sound, and explainable system-level analysis for domains spanning robotics, cyber-physical systems, and aerospace applications by leveraging the algebraic universality and computational tractability of the contract algebra (Incer et al., 2023, Rouquette et al., 2024).

Recognizing the tensor structure of composition and merging thus provides a canonical and principled basis for assume–guarantee contract algebra, supporting the synthesis, refinement, and verification of complex systems at scale.