An Oxford Survey of Order Sorted Algebra - CiteSeerX

1 downloads 19 Views 325KB Size Report
In A. William Roscoe, editor, A Classical Mind: Essays in Honour of C.A.R. Hoare, ... William Kent, and Samit Khosla, editors, Object Oriented Databases: ...
An Oxford Survey of Order Sorted Algebra Joseph Goguen and Razvan Diaconescu Programming Research Group, Oxford University

1 Introduction Types are a fundamental organising principle in modern Computing Science, including not only programming and speci cation languages, but also database languages, knowledge representation languages, and more. Algebraic speci cation techniques model types through the systematic use of sorts, and in this context, it is natural to model subtypes with subsorts. Following [11], the study of algebras with subsorts is called order sorted algebra (abbreviated OSA). Many di erent variants of OSA have been developed, and here we compare some of the main approaches, emphasising motivation and intuitions, rather than proofs, and pointing out issues that distinguish the original \overloaded" OSA approach from some later developments. We have deliberately given an unusually large of number of examples, in the belief that this can greatly help the reader who is not an expert in this area. These illustrations use the OBJ3 language [29], and in fact, all the OBJ code in the source le for this paper has actually been executed, and most of the output is also included. In addition, we present some new results about overloaded OSA and about Mosses's uni ed algebra. We emphasize the following points: (1) overloaded OSA can be developed with minimal assumptions on signatures and algebras, and in particular, without monotonicity or regularity; (2) it is useful to distinguish between strong and weak forms of overloading; in the latter, a given expression can have at most one value in a given algebra, even though it may have several distinct parses; (3) strong overloading is needed for certain important Computing Science applications of OSA, including dynamic binding in object oriented programming, and operations on data with multiple representations; (4) it seems to be much more dicult to establish certain basic mathematical properties of (what we call) universe OSA than of overloaded OSA; for example, it is not currently known whether or not universe OSA satis es the Birkho variety theorem; and (5) sort constraints and retracts greatly increase the expressive and computational power of OSA.

Acknowledgements

We thank Peter Mosses and Valentin Antimirov for some helpful and enjoyable exchanges of information and opinion, and Han Yan for help with the subsection on sort constraints, The research reported in this paper has been supported in part by grants from the Science and Engineering Research Council, and contracts with Fujitsu Laboratories Limited, the CEC under ESPRIT-2 BRA Working Groups 6071, IS-CORE (Information Systems Correctness and REusability) and 6112, COMPASS (COMPrehensive Algebraic Approach to System Speci cation and development), and the Information Technology Promotion Agency, Japan, as part of the R & D of Basic Technology for Future Industries \New Models for Software Architecture" project sponsored by NEDO (New Energy and Industrial Technology Development Organization). 

1

and the example in the appendix. Thanks to Tomas Isakowitz, Paulo Borba and Adolfo Socorro for spotting some bugs in a previous draft. Jose Meseguer deserves special thanks for his many important contributions to order sorted algebra.

2 Unsorted and Many Sorted Algebra General (also called universal) algebra emerged from the formal logical study of algebraic structures, including some early work by Whitehead [51] on the formal metamathematics of algebraic structures, done well before the Hilbert programme to formalise mathematics. General algebra matured during the thirties with Birkho 's [5] development of basic concepts (such as congruence, variety, and free algebra) and basic results (including his famous completeness and variety theorems). During the sixties, category theory made some signi cant contributions to general algebra. In particular, Lawvere's work on algebraic theories [35] introduced some important new ideas into equational logic and its model theory, including the existence of free extensions along morphisms of algebraic theories, and the adjointness of syntax and semantics. Ordinary unsorted logic o ers the dubious advantage that anything can be applied to anything; for example, assuming an obvious signature, first-name(not(age(3 * false))) iff 2birth-place(temperature(329))

is a well formed expression. Thus, unsorted logic is too permissive. The use of sorts can ban truly meaningless expressions like the above, by trying to assign a sort to each subexpression. Many sorted algebra (abbreviated MSA) seems to have been rst studied by Higgins [33] around 1963, and Benabou [4] gave an elegant category theoretic development around 1968, overcoming some of the technical diculties1 in [33]. It was later noted that using sorts in automatic theorem proving can be an advantage, because it can greatly reduce the search space (e.g., see [50]). Unfortunately, traditional many sorted logic is too restrictive, because it does not support overloaded operation symbols, such as _+_ for integer, rational, and complex numbers. Moreover, strictly speaking, an expression like (-21 / -3)! does not parse (assuming that factorial only applies to natural numbers), because (-21 / -3) looks to the parser like a rational rather than a natural. We will see that order sorted algebra extended with retracts provides sucient expressiveness, while still banishing the truly meaningless. The use of sorted sets (also called indexed families) for MSA was introduced by Goguen in lectures at the University of Chicago in 1968, and rst appeared in print in [10]. Sorted sets allow a simpler notation than alternative approaches, and also allow overloading; however, overloading only reveals its full potential in order sorted algebra. The basic de nitions for overloaded MSA are quite simple:

De nition 1 A many sorted signature is a pair (S; ) where S is a set and  is an

indexed set, fw;s j w 2 S  and s 2 S g; we may write w;s to distinguish  2 w;s from other instances of  in . We call w the arity and hw; si the rank of  2 w;s . (Note that  2 [];s is a constant symbol of sort s, where [] denotes the empty list of sorts.) 1

These diculties are discussed in [19], which gives a more technical survey of work in MSA.

2

A many sorted -algebra A is an indexed set fAs j s 2 S g of carriers and an indexed family iw;s : w;s ! [Aw ! As] of interpretation functions for operation symbols2. We may write Aw;s  , or w;s if A is clear, instead of iw;s ( ); and we will write just  if everything is clear. A many sorted -homomorphism h : A ! B is an indexed set fhs : As ! Bs j s 2 S g of functions such that

hs(A (a1; :::; an)) = B (hs1 (a1); :::; hsn (an)) for  2 w;s and ai 2 Asi when w = s1:::sn. (Note that n = 0 gives the preservation of constant symbols.) 2 We may call this overloaded MSA, as opposed to the approach of Higgins [33] and others which does not admit overloading. All the usual results of general algebra hold for overloaded MSA (see [13]). In particular, we can construct an initial algebra by using disambiguated terms instead of raw unparsed terms. For example, if S = fA; B g and if w;s = ff; gg for all w; s, then, although there are many parses of a term like f (f; g), they can be easily distinguished by using a \dot quali cation" notation, as in f:A(f:A; g:B ), which in this case indicates that the outermost f has arity hA; Bi and sort A. Let P denote the -algebra of all parsed -terms. The following is not as well known as it should be:

Theorem 2 Given any overloaded MSA signature , there is a -algebra P such that

for any other -algebra A, there is a unique -homomorphism P ! A. 2

Of course, this result extends to the case where some equations are also imposed. During the seventies, the work of ADJ [27, 28] on initial algebra semantics for abstract data types established a strong connection between general algebra and Computing Science, and also motivated some new mathematical developments. Applications included general theories of abstract data types and abstract syntax, a fresh approach to tree automata, and the clari cation of certain aspects of denotational semantics. Mathematical developments included order sorted algebra, continuous algebra (in the sense of [28]), and the completeness results for MSA in [19], which show the need for explicit (universal) quanti cation, unless one forbids models with empty carriers, or else imposes some signi cant restrictions on signatures (see [21] for further discussion of this point). We wish to emphasise the distinction, pioneered by ADJ, between initial semantics and loose semantics. Initial semantics is appropriate when one wants to de ne a particular structure, such as the natural numbers; for this semantics, the denotation of a speci cation is the class of all initial models. Loose semantics is appropriate when one is concerned with asserting (and perhaps verifying) properties of models; for this semantics, the denotation of a speci cation is the class of all its models. In the OBJ3 language [29], the keyword obj is used to introduce initial speci cations, while the keyword th is used to introduce loose speci cations. Here Aw is the product As1  :::  Asn when w = s1:::sn, and [A ! B ] is the set of all functions from A to B . 2

3

2.1 The Spirit of General Algebra

It seems to us that the essential spirit of general algebra resides in two main points: (1) the simplicity of equational reasoning, including its suitability for calculation, especially mechanical calculation; and (2) the elegance of its model theory, including not only variety and quasi-variety theorems, but also more recent properties, such as exactness (which means that the model functor on the category of equational theories takes colimits to limits; see [7] for more on exactness, which seems to have originated in [43]). More particularly, the characteristic style of model theoretic reasoning in general algebra seems to us both simple and attractive; we have elsewhere tried to abstract some essential ingredients of that style, using the theory of institutions (see [7]). Computing Science has developed many new kinds of algebra, in response to various issues and problems in semantics. In our opinion, the vitality of current research in this eld is explained in part by the fact that much of it preserves the essential spirit of general algebra, while extending it into new areas.

3 Overloaded Order Sorted Algebra The rst paper on order sorted algebra [11] says that its main motivation is to provide a better way of treating errors in abstract data types3; another motivation is that the use of subsorts can greatly speed up certain theorem proving problems [49]. OSA adds to MSA a partial ordering on the set of sorts, which is interpreted as inclusion among the corresponding carriers; all approaches to OSA share this essential idea. The ideas in [11] were further re ned by Goguen and Meseguer, starting around 1983. Here are the basic de nitions, which we give in a much more general form than in [25]:

De nition 3 An order sorted signature is a triple (S; ; ) such that (S; ) is a many sorted signature, and (S; ) is a partially ordered set. An order sorted signature is monotone i  2 w1;s1 \ w2 ;s2 and w1  w2 imply s1  s2: An (S; ; )-algebra is a many sorted (S; )-algebra A such that s As  As0 . An order sorted -algebra A is monotone i



s0 in S implies

 2 w1;s1 \ w2 ;s2 and w1  w2 and s1  s2 imply that w1;s1 : Aw1 equals w2;s2 : Aw2 ! As2 on Aw1 .

!

As1

A partially ordered set (S; ) is (upward) ltered i for any two elements s; s0 2 S there is an element s00 2 S such that s; s0  s00. A partially ordered set S is locally ltered i each of its connected components4 is ltered. An order sorted signature (S; ; ) is locally ltered i (S; ) is locally ltered. 2 See [27] for a discussion of the diculties with handling errors in MSA. Given a poset (S; ), let  denote the transitive and symmetric closure of . Then  is an equivalence relation whose equivalence classes are called the connected components of (S; ). 3 4

4

Notice that there cannot be any overloaded constants if  is monotone. Also note that overloaded OSA is a proper generalisation of MSA, because (overloaded) MSA is the special case where the partially ordered set of sorts is discrete; we will see that some other approaches do not have (even ordinary non-overloaded) MSA as a special case. Given a signature  in the sense of De nition 3, the interpretations of an overloaded operation symbol  2 w1 ;s1 \ w2;s2 in an algebra A need not necessarily agree on elements that belong to the intersection of carriers for w1 and w2; thus, a strong form of overloading is supported. For this reason, we will call this approach overloaded OSA. Note that De nition 3 generalises [25], where both the signatures and algebras are assumed to be monotone. It is useful to distinguish between two forms of overloading: in weak overloading, operation symbols may have more than one rank, so that some expressions can be typed in more than one way, but a given (well formed) expression can only have one value in a given algebra; however, in strong overloading5, expressions can have di erent values. For example, weak overloading would allow the expression \3 + 5" to be interpreted as addition of naturals, integers, or rationals, each of which gives the same value 8, but it would not also allow addition of integers modulo 8, where the result would be 0; however, strong overloading would allow both of these. Overloading occurs throughout mathematics and computing. For example, the basic operations on numbers are highly overloaded; we can add naturals, integers, rationals, complexes, reals, and even quarternions; in each case, we expect the results of these additions to be consistent with their sort inclusion hierarchy (see [25] for a complete OSA speci cation of this number hierarchy). However, there are also examples where we should not expect consistency among overloaded operations. For example, in studying rings, the constants 0 and 1 can be overloaded, because they might be the zero and unit of a ring, but they might also be natural numbers, used (say) in an inductive proof. For example, in [31] one can nd equations like \0+1 = 1" and even \1 = 0" that are ambiguous in themselves, although not in their context. Similar equations can be found in the everyday work practice of digital designers. No one wants to write things like \1Z2 +Z2 0Z2 = 1Z2 " (where for example Z 2 is the integers modulo 2), and rightly so | it would greatly increase the notational overhead without any corresponding bene t. Notice that in the example of rings with natural numbers as an additional data sort, the value of an expression like \1 + 1" depends on how it is parsed. Thus, strong overloading is important in ordinary mathematical notation. Vector spaces provide a similar example. Although many older books use an underbar or overbar notation for vectors, nearly all recent books on modern algebra have no special notation. Thus, expressions like 0 + 0 and 0  0 are ambiguous, because 0 is used for both the zero vector and the real 0, + is used for both vector and scalar addition, and  may be used for both forms of scalar multiplication. However, ambiguous expressions rarely occur in practice, because expressions like 0 + v and 0  v are not ambiguous when one knows that v is a vector. There are many other examples; this kind of polymorphism is endemic, perhaps pandemic. Notice that in the monotone case, if we take Z8, for the integers modulo 8, to be a subsort of the naturals, then _+_ : Z8 Z8 -> Z8 cannot be interpreted as addition modulo 8 in an algebra where _+_ : Nat Nat -> Nat is addition of naturals, because it must agree with Strachey [47] called this ad hoc polymorphism, but we prefer a term without the negative connotation of ad hoc. 5

5

addition of natural numbers on Z8, and natural number addition does not restrict to Z8. But there is no such diculty if we remove the restriction of monotonicity. Alternatively, we could retain monotonicity but remove the subsort relation Z8 < Nat. Either way we get strong overloading, but the non-monotonic approach provides a more faithful modelling of mathematical practice, because the subsort relation can ensure that the elements of sort Z8 really are the usual numbers 0,...,7. On the other hand, non-monotonicities are rare enough in practice to be considered exceptional, and we should not build a theory that fails to handle the most common case in a smooth way. The solution to this dilemma is a mechanism for declaring which operation declarations should be considered non-monotonic. This can be done by giving a subsignature  : De nition 4 A signature of non-monotonicities for a signature  is a subsignature

 . Then we will say that a -algebra is monotone except on i  2 w1 ;s1 \ w2;s2 and w1  w2 and s1  s2 imply w1 ;s1 : Aw1 ! As1 equals w2;s2 : Aw2 ! As2 on Aw1 unless  2 w1 ;s1 .

2

In [25], overloaded OSA is developed with coherent signatures in a way that closely parallels traditional general algebra; in particular, there are order sorted versions of subalgebra, congruence, term, deduction, initial and free algebras, completeness, etc. A condition called regularity guarantees that every order sorted term has a well de ned least sort; this can simplify the implementation of overloaded OSA. Here is the formal de nition: De nition 5 An order sorted signature (S; ; ) is regular i it is monotone, and given  2 w1;s1 and w0  w1, there is a least rank hw; si such that w0  w and  2 w;s. Also (S; ; ) is coherent i it is locally ltered and regular. 2 A weaker condition that is necessary and sucient for all terms to have a least sort parse is given in [25]. In essence, the regular OSA of [25] allows \multiple universes," one for each connected component of the sort hierarchy, without bothering whether they overlap. However, the programme of general algebra can be carried out in much greater generality than this. In fact, we wish to emphasise the following: Overloaded OSA can be developed for arbitrary locally ltered signatures; in particular, initial algebras exist for signatures that are neither regular nor monotone. In fact, all the standard results of general algebra carry through for any locally ltered signature, and this extends to signatures of non-monotonicities.

The key to these results is the selective use of parsed terms (or parse trees) instead of just unparsed terms. In particular, we have the following initiality result: Theorem 6 Given any locally ltered order sorted signature (S; ; ) with a subsignature of non-monotonicities , there is a -algebra P; such that for any other -algebra A that is monotonic except on , there is a unique -homomorphism P; ! A. Sketch of Proof: Let P be the order sorted set of fully parsed terms, i.e., the least S -sorted set such that  2 w;s and ti 2 P;si for i = 1; :::; n where w = s1:::sn, and s  s0 imply :s(t1; :::; tn) 2 P;s0 . Now let  be the S -sorted equivalence relation on P generated by the following condition: 6

:s(t1; :::; tn) s00 :s0(t10; :::; tn0) for all  2 w;s \ w0 ;s0 such that w  w0 and s  s0 and  62 w;s , for all ti; ti0 2 P;si such that ti si ti0 for i = 1; :::; n and for all s00 such that s0  s00. Then  is a -congruence relation, and the canonical map P;s =s ! P;s0 =s0 is an injection when s  s0. Using the local ltration of (S; ), we can nd an S -sorted set P;

such that P; ;s  P; ;s0 for all s  s0 and P; ;s is isomorphic to P;s =s for each s 2 S . There is a canonical -algebra structure on P; , and the usual inductive argument will show that it is initial in the class of -algebras monotone except on . 2 This result goes considerably beyond [25], which showed that the unparsed terms form an initial algebra if the signature is regular. Notice that local ltration is required to make the construction work. Of course, It also extends to the case where equations are imposed. Some recent work of Diaconescu on \formal equational logic" [8] provides a more abstract approach to minimising restrictions on OSA signatures, in the following way: An order sorted signature (S; ; ) determines an adjunction between the category SetS of S sorted sets and the category of order sorted algebras over this signature. This adjunction has all properties required for a formal categorical development of congruence, congruence closure, equational inference, and so on; then a general result in [8] gives a completeness theorem for overloaded OSA. An important technical result about the loose semantics of overloaded OSA, which also extends to non-monotonicities, is that any variety of order sorted algebras is equivalent (in the categorical sense) to a quasi-variety of many sorted algebras. This result implies that overloaded OSA has all the nice mathematical properties of MSA; for example, it can be used to prove the initiality, Birkho variety and quasi-variety theorems. This equivalence result is proved in [25] assuming coherence and monotonicity; however, it and its consequences hold much more generally:

Theorem 7 Let (S; ; ) be a locally ltered signature. Then a class C of overloaded order

sorted -algebras is closed under (arbitrary) products, subalgebras and ltered colimits i it is axiomatisable by a nite set of nitely conditional -equations. Also, C is closed under (arbitrary) products, subalgebras and homomorphic images i it is axiomatisable by a set of unconditional -equations. These results also hold in the presence of a subsignature of non-monotonicities. Sketch of Proof: Using the construction in [25],  determines an MSA signature ] such that the category of order sorted -algebras is equivalent to a quasi-variety of many sorted ]-algebras de ned by a set of conditional equations J . Further, any quasi-variety C of -algebras is equivalent to a quasi-variety of ]-algebras axiomatisable by a collection of conditional equations E including J . Therefore, C is axiomatisable by a set of conditional equations E 0 such that E = J [ E 0. When C is also closed under ultraproducts (or ltered colimits), the hypotheses of the conditional equations in E 0 can be taken nite, and when C is closed under homomorphic images, they can be empty. 2 Strong overloading also plays a crucial r^ole in modelling the so-called \dynamic binding" that arises in the object paradigm due to the \overwriting" (i.e., strong overloading) of methods (i.e., operation symbols) under inheritance; this is not just a matter of interpreting 7

a single operation symbol di erently on di erent subsorts, because we also want to write equations that de ne the symbol on a subsort using its de nition on a supersort. For example, we may want to de ne a debit method for a minimum balance bank account, using the previously de ned debit method of an ordinary account to say that a 15 unit surcharge is assessed for any debit with initial balance below the minimum, by writing an equation something like debit.MBAcct(M,A) = debit.Acct(M + 15,A) if bal(A) < MinBal

where the notation \m.C" indicates the method m associated to the class C; that is, it indicates the intended parse of the operation symbol m. This kind of quali cation is implemented in the FOOPS language [24]. Note that this example requires non-monotone overloading. See [30] for an extended discussion of the r^ole of types in the object paradigm. De nition 4 is not the most general possible, because it does not allow the separate treatment of multiple supersorts, which would be needed for some examples of partial overwriting in the presence of multiple inheritance. There is no diculty in handling this, but we prefer to avoid the notational overhead by treating only the case of De nition 4 in detail. Of course, overloaded OSA also provides an elegant approach to the issues that originally motivated its development, including partial operations, constructors and selectors for abstract data types, and multiple representation and coercion [25, 23]. Overloading plays an important r^ole in the last two topics; for it is essential to multiple representation that an operation can be de ned di erently on di erent representations. We illustrate this point with some OBJ3 code in the appendix. From the above discussion, we may conclude the following: Strong overloading is needed to formalise and mechanise certain aspects of actual practice in mathematics and computing.

This helps to explain why the equational programming language OBJ [29] and its extensions to logic programming (Eqlog [20, 22]), object oriented programming (FOOPS [24]), and theorem proving (the 2OBJ metalogical framework theorem prover [26]) are based on overloaded OSA. It is not hard to show that overloaded OSA forms an institution, in the sense of [14]; intuitively, this means that overloaded OSA is a reasonable logical system, and in particular, that the satisfaction of an equation by a model is invariant under change of notation.

3.1 Consistent Overloading

In the presence of arbitrary overloading, order sorted rewriting is incomplete as a decision procedure for equality of terms over a canonical rewriting system [46]. This led Isakowitz [34] to further restrict the notion of overloading, so that the interpretations of overloaded operations agree on the intersection of the carriers corresponding to the di erent arities of the operation; we might call this consistent overloaded OSA. Here are the basic de nitions: De nition 8 An overloaded order sorted algebra A is consistent i  2 w;s \ w0;s0 with 0 ;s0 0 0 w;s w w; s connected to w ; s , respectively, implies A Aw \Aw0 = A Aw \Aw0 . A homomorphism h : A ! B of consistent overloaded order sorted algebras is consistent i hs As\As0 = hs0 As\As0 for any connected sorts s and s0. 2 8

3.2 Retracts

Retracts were introduced in OBJ3 [29] to help overloaded OSA work smoothly in practical applications. For example, retracts are used extensively in the examples in the appendix. To see where retracts come in, let us consider the following OBJ3 speci cation of stack: obj STACK is pr NAT . sorts NeStack Stack . subsorts NeStack < Stack . op empty : -> Stack . op push : Nat Stack -> NeStack . op top_ : NeStack -> Nat . op pop_ : NeStack -> Stack . var N : Nat . var S : Stack . eq top push(N,S) = N . eq pop push(N,S) = S . endo

Here, the declaration NeStack < Stack indicates that NeStack is a subsort of Stack; the carrier of the initial algebra of this speci cation contains all the non-empty stacks, whereas the supersort Stack also contains the empty stack, empty. Note that certain ground terms, such as top(pop(push(2,push(1,empty))), are not actually well typed, because top expects its argument to have sort NeStack, whereas pop only guarantees sort Stack. The OBJ3 parser adds new operations called retracts which lower sorts, in order to produce well typed expressions; if at run time the argument turns out to have the desired sort, then the retract is removed by applying the following built-in retract rule, r:Stack>NeStack(S) = S

where the variable S has sort Stack. Otherwise, the retract stays behind as an informative error message. This approach is illustrated in the test cases given below. But rst, note that OBJ3 will display retracts in parsed expressions after the command set show retracts on .

has been given, but otherwise does not show them; the default (non-showing) behaviour can be restored by giving OBJ3 the corresponding command with \on" replaced by \off". Now, running red red red red

top top top top

push(2,push(1,push(0,empty))) . pop push(2,push(1,push(0,empty))) . pop pop push(2,push(1,push(0,empty))) . pop pop pop push(2,push(1,push(0,empty))) .

produces the following output, which clearly shows the retracts in the parsed inputs, as well as in the output of the last test case, where it serves as an informative error message. 9

========================================== reduce in STACK : top push(2,push(1,push(0,empty))) rewrites: 1 result NzNat: 2 ========================================== reduce in STACK : top r:Stack>NeStack(pop push(2,push(1,push(0,empty)))) rewrites: 2 result NzNat: 1 ========================================== reduce in STACK : top r:Stack>NeStack(pop r:Stack>NeStack(pop push( 2,push(1,push(0,empty))))) rewrites: 3 result Zero: 0 ========================================== reduce in STACK : top r:Stack>NeStack(pop r:Stack>NeStack(pop r:Stack>NeStack( pop push(2,push(1,push(0,empty)))))) rewrites: 3 result Nat: top r:Stack>NeStack(empty) ==========================================

Now let's brie y look at the theory of retracts. Given an order sorted signature  with a sort set S , and given a set E of -equations, if sorts A and B lie in a connected component of S having top element (say) M , then an operation symbol rB;A : B ! A is added, subject to the following retract equation,

rB;A(X ) = X ; where X has sort A; the OBJ3 implementation displays these operations in the form r:B>A. Thus, when a term t(u) fails to parse because t needs an argument of sort A < M but u parses with least sort B with B < M but not B < A, then a retract is inserted, giving an expression that is displayed as t(r:B>A(u)). For example, because (21 / 7) is parsed as a rational, whereas _! expects a natural, (21 / 7)! is parsed as (r:Rat>Nat(21 / 7))!, so that once 21 / 7 is reduced to 3, the retract equation applies and all goes well, giving 3 ! = 6. (Note that retracts are evaluated bottom up, i.e., eagerly, not lazily.) However, the expression (22 / 7)! yields the irreducible term (r:Rat>Nat(22 / 7))!, which serves as an informative error message that can be \trapped" for error handling by a suitable equation with a retract on its lefthand side. All this is illustrated in the appendix. It seems not to have been widely realised that retracts have not only a useful operational semantics, but also a precise abstract algebraic semantics; we now brie y review that semantics, following the lines of [25]. First, let ( ; E ) denote the signature (; E ) with all appropriate retract symbols and retract equations added. Then for each S -indexed family X of variable symbols, there is a unique unique -homomorphism iX : T;E (X ) ! T ;E (X ) that preserves X . It is shown in [25] that6 each iX is injective under certain natural assumptions (a weakened form of these assumptions appears in Theorem 7). This is a conservative extension theorem, saying that the semantics of the original speci cation Actually, the result in [25] treats the case of retract operations r:B>A where B just as well for the case described above. 6

10

> A, but the proof works

(; E ) is preserved when retracts are added, even when arbitrary variable symbols are also added (as is necessary for equations). The intuitive meaning is that adding retracts does not change the meaning of a speci cation. Note that in this view, the initial algebra semantics of an overloaded OSA speci cation with retracts is not a single algebra, but instead is the collection of \extension" maps between the free algebras with and without retracts; the conservative extension theorem says that these maps are injective. If the speci cation given by the user involves equations with retracts, then they must be added to the speci cation (; E ) rather than the speci cation (; E ); let us denote the resulting set of equations by F , and call a speci cation consistent i the canonical maps tX : T;E (X ) ! T ;F (X ) are all injective. Every extension in the examples in the appendix is consistent in this sense. However, there are occasions where one needs OSA speci cations with retracts that are not consistent. Below we give a rather cute example, based on a suggestion of Valentin Antimirov, that tries to \sneak" an in nity element into the natural numbers; the point is that we must write this speci cation down in order to prove that it is inconsistent. (It is preceeded by an appropriate speci cation for the natural numbers having a subsort of positive numbers.) obj PNAT is sorts Pos Nat . subsort Pos < Nat . op 0 : -> Nat . op s_ : Nat -> Pos . op _-_ : Nat Nat -> Nat . vars N M : Nat . [e1] eq N - 0 = N . [e2] eq 0 - N = 0 . [e3] eq N - N = 0 . [e4] eq (s N) - N = s 0 . [e5] eq (s N) - (s M) = N - M . endo obj ANTIMI is sort Nat? . subsort Nat op f_ : Nat op f_ : Pos var P : Pos [e6] eq f P [e7] eq f 0 endo

inc PNAT . < Nat? . -> Nat? . -> Nat . . = P . = s f 0 .

The OBJ3 parser inserts a retract in the righthand side of equation [e7], and if we ask OBJ3 to show this object, it will print [e7] eq f 0 = s r:Nat?>Nat(f 0) .

Now we can use OBJ3's apply feature (see [29] for details) to show that 1 The following is a script for this proof: 11

= 0

in ANTIM.

start s f 0 - f 0 . show term . apply -.e7 within term . apply .e3 at term . ***> should be: 0 start s f 0 - f 0 . apply .e4 at term . ***> should be: s 0 ***> therefore 0 = 1 .

and it gives the folowing results: ========================================== start s f 0 - f 0 . ========================================== show term Nat: s r:Nat?>Nat(f 0) - r:Nat?>Nat(f 0) ========================================== apply -.e7 within term . result Nat: r:Nat?>Nat(f 0) - r:Nat?>Nat(f 0) ========================================== apply .e3 at term . result Nat: 0 ========================================== ***> should be: 0 ========================================== start s f 0 - f 0 . ========================================== apply .e4 at term . result Pos: s 0 ========================================== ***> should be: s 0 ========================================== ***> therefore 0 = 1 .

(Intuitively, the inconsistency arises because f 0 satis es s f 0 = f 0, which is not consistent with the natural numbers.) Some techniques for proving that extensions are consistent are given in [3]. Returning to the theory now, it is easy to see that ( ; E ) is a canonical rewrite rule system if (; E ) is. It now follows from the abstract conservative extension theorem given above (and a result in [36]) that if N;E denotes the -algebra of all reduced -terms under E as rewrite rules, then the subalgebra of N ;E consisting of all its -terms equals N;E . These results (together with other basic theorems of OSA, such as the existence of initial algebras) give theoretical support for the use of retracts in examples like STACK (see [25] for further details). Retracts are also useful for handling non-sort-decreasing rules in a natural way; this approach has been implemented in the OBJ3 system, and is described in [29]. 12

3.3 Sort Constraints

Sort constraints allow one to express operations that would otherwise have to be partial, as total functions on an equationally de ned subdomain; this greatly extends the expressive power of OSA. The basic idea of sort constraints goes back to the rst paper on order sorted algebra [11], where they were called -declarations. An equivalence (at the category of models level) was proved in [11] between (its version of) overloaded OSA with sort constraints and ordinary overloaded OSA, by replacing the sort constraints by some new derived operators. For a simple example, we can de ne a bounded stack by constraining its push operation so that the length of the stack respects a certain bound. The OBJ3 syntax for this is op-as push : Nat Stack -> NeStack for push(N,S) if length(S) < bound .

where the term \push(N,S)" serves to introduce the variables that are used in the equational condition \length(S) < bound" that follows; this should be a Boolean-valued term. The following code has been executed in an extension of OBJ3 due to Han Yan, which provides sort contraints; see his forthcoming D.Phil thesis for details [52]. obj BSTACK is pr NAT . sorts NeStack Stack Stack? . subsorts NeStack < Stack < Stack? . op empty : -> Stack . op bound : -> Nat . eq bound = 3 . op push : Nat Stack? -> Stack? . op length_ : Stack? -> Nat . var N : Nat . var S : Stack . var S? : Stack? . eq length empty = 0 . eq length push(N,S?) = 1 + length S? . op-as push : Nat Stack -> NeStack for push(N,S) if length(S) < bound . op top_ : NeStack -> Nat . op pop_ : NeStack -> Stack . eq top push(N,S) = N . eq pop push(N,S) = S . endo

The following results were obtained from this code: ========================================== reduce in BSTACK : length empty rewrites: 1 result Zero: 0 ========================================== reduce in BSTACK : length push(0,empty) < bound rewrites: 12

13

result Bool: true ========================================== reduce in BSTACK : length push(1,push(0,empty)) < bound rewrites: 31 result Bool: true ========================================== reduce in BSTACK : top r:Stack?>NeStack(push(1,push(0,empty))) rewrites: 22 result NzNat: 1 ========================================== reduce in BSTACK : top r:Stack?>NeStack(push(2,push(1,push(0,empty)))) rewrites: 51 result NzNat: 2 ========================================== reduce in BSTACK : length push(2,push(1,push(0,empty))) < bound rewrites: 70 result Bool: false ========================================== ***> the sort constraint is NOT satisfied in the following: ========================================== reduce in BSTACK : top r:Stack?>NeStack(push(3,push(2,push(1,push(0, empty))))) rewrites: 70 result Nat: top r:Stack?>NeStack(push(3,push(2,push(1,push(0,empty))))) ==========================================

(The large number of extra reduction steps which the alert reader may have noticed here arises from the implementation technique that is used for sort constraints in this experimental system.) Turning for a moment to the theory of sort constraints, we can de ne the satisfaction of a -sort constraint in a -algebra to mean that the given term is assigned the target sort declared in the sort constraint, if the given condition is satis ed. See [16, 23] for details, including an initiality theorem. Also, Han Yan [52] has shown that adding sort constraints as new sentences (to those of overloaded OSA) gives an institution.

4 Universe OSA An alternative approach to OSA has been developed by Gogolla, Smolka, and others (e.g., [9, 40, 45]). This approach does not have MSA as a special case, because it is faithful to the idea of \sort independent semantics", in the sense that an operation applied to a data item always gives the same result, whatever sort is involved. De nition 9 Let (S; ; ) be an order sorted signature. Then a universe order sorted algebra consistsS of a carrier A together with an indexed set fAs j s 2 S g of subsets of A such that A = s2S As, with an interpretation of each operator symbol  2  as a partial function A : An ! A such that  As  As0 for s  s0, and 14

if  2 w;s , then Aw  dom(A ) and A (Aw )  As. A homomorphism h : A ! B of universe (S; ; )-algebras is a function h : A ! B such that  h(As )  Bs for any sort s 2 S , and  h(dom(A ))  dom(B ) and h(A (a1; :::; an)) = B (h(a1); :::; h(an)) for all  2  and all (a1; :::; an) 2 dom(A ). 

2 Thus, operation symbols are interpreted as partial functions on a \universe" set that is the union of all carriers, and there is only one possible value for an operation symbol on an element of this universe. Similarly, homomorphisms are functions on this universe, rather than a sorted family of functions on a sorted family of sets. Thus, this approach is unsorted in its technical essence, and supports only weak overloading. We shall call this approach universe OSA, because it postulates a single universe. Given the material in the previous section on overloaded OSA, we are now in a position to make some comparisons. On the positive side, universe OSA supports weak overloading, which is useful for many examples. However, weak overloading is not sucient for more complex phenomena, such as dynamic binding and multiple representation. Also, universe OSA does not generalise MSA, and seems to have a much more dicult model theory than overloaded OSA. In particular, as far as we know, axiomatisability results like the Birkho variety theorem have not been proved for universe OSA; moreover, the mathematical complications arising from the similarity between universe OSA and partial algebra suggest that such results would be dicult to obtain. It might be possible to apply the categorical abstract model theoretic axiomatisability results of Andreka and Nemeti [2], based on coneinjective subcategories; but the sophistication and complexity of this machinery suggests that this would not be an easy task. Because universe OSA signatures are the same as overloaded OSA signatures, we can consider the speci cation STACK in Section 3.2 as a universe OSA speci cation. All of its equations make sense, but if we consider terms for reduction such as top pop push(1,push(0,empty)), then things go wrong for exactly the same reason as discussed in Section 3.2: top wants a sort that pop cannot guarantee to deliver. Because universe OSA does not provide a mechanism like retracts, the STACK speci cation does not actually work as the user might hope. Of course, one can de ne stacks in other ways, but these approaches seem to be more complex than STACK, as well as further from the intuition that top and pop are \partial functions." For example, the use of error supersorts would require introducing a number of new sorts and constants, with equations that de ne the error behaviour. The factorial example (where we considered expressions like (-21 / -7)!) also fails in universe OSA, for similar reasons. It seems to us that it could be hard for users of universe OSA to gure out which examples will work as they expect, and which will not because of the sort mismatches that retracts are designed to handle. We believe that retracts are a very useful feature for algebraic speci cation, and we suggest that it would be both feasible and valuable to add retracts to universe OSA in very much the same way that they have been added to overloaded OSA. 15

Note that universe OSA comes very close to being the special case of monotone consistent overloaded OSA with a unique \top" element; but the technical details of universe OSA block an equivalence in the technical sense; in particular, the fact that operations in universe OSA may be de ned outside of their arities causes diculty, and indeed, to us seems contrary to the spirit of general algebra (in the sense of Section 2.1). Some computational aspects of universe OSA with term declarations have been studied by Schmidt-Schauss [44]. His term declarations correspond to our unconditional sort constraints, that is, to the special case where the equational condition is just true.

4.1 Poigne OSA

Poigne [41] has tried to reconcile the overloaded and universe approaches by providing universe OSA with a set f(Ss; ) j s 2 Sg of partial orders, instead of just a single one; these partial orders partition the set S of sorts:

De nition 10 A Poigne signature (S; ; S ; ) consists of a many sorted signature

(S; ), and a partition S of S such that  s  s0 implies that s and s0 are in the same equivalence class under S , and   2 w1 ;s1 \ w2 ;s2 and w1 ; w2 (componentwise) in the same equivalence classes of S imply that s1 and s2 are also in the same equivalence class. A Poigne algebra is a many sorted (S; )-algebra such that if w1 and w2 are (componentwise) in the same equivalence class of S and if a 2 Aw1 \ Aw2 then w1 ;s1 (a) = w2;s2 (a).

2

Poigne [41] develops some basics of this theory. Universe OSA is recovered by taking the trivial partition, and overloaded OSA is obtained by taking the connected components of the symmetric and transitive closure of the sort ordering as a partition. Strong overloading happens whenever two operators have unrelated arities but have the same name. In this case, the Poigne models are the same as the models of Isakowitz's consistent overloaded OSA. The term algebra construction works under a milder requirement than regularity, because the structure hidden in the construction of [25] becomes explicit.

5 Term Declaration Algebra In OSA, given a sort assignment for variables, one can compute the set of sorts (and the least sort, if it exists) of a given term. A term declaration allows the sort assignment for terms to be (partially) declared, rather than computed. This idea goes back to the rst paper on OSA [11], but it has recently been more fully developed in the notion of sort constraint, and also in the term declaration logic of Aczel [1]. This approach has a fairly sophisticated syntax. The basic notion is a pre-signature, which consists of a set of sort symbols plus (unsorted) operation symbols and variables. Then pre-terms are built up from these variables and operation symbols in the usual way, and sort-terms (thought of as types) are built up from sort symbols and operations. A signature then consists of a pre-signature together with both a sort assignment for variables, and a set of declarations of either of the following forms: 16

formation:  #  sorting:  :  where  is a sort-term and  is a sort. A (weakly) overloaded OSA signature is recovered when all the declarations are sorting declarations, or more precisely when they are only subsort declarations 0 : , where both  and 0 are sorts, or else of the form f (1:::n) : , where f is an operation symbol and ; 1 ; :::; n are sorts. Aczel [1] gives a system of inference rules for deducing other assertions from some given declarations. Aczel also develops an equational logic in this framework, de ning algebras having one universe with partial operations; the carriers corresponding to the sorts are recovered in a sophisticated way using the declarations. This framework supports the traditional notions, including term algebra, substitution, congruence, and equational deduction. Completeness of term declaration equational logic is proved. This approach supports weakly overloaded operations, in that more than one sorting declaration can be given for a term; however, a given operation symbol can only have one value for given arguments. This approach is general enough to yield the beautiful result that any \ nitary generalised compositum" (this notion abstracts substitution systems as submonoids of the space of endofunctions of some xed abstract set of \terms") can be represented as the substitution system of some speci cation in term declaration equational logic [1]. 

6 Uni ed Algebra The uni ed algebra of Mosses [38] is an unorthodox approach to ordered sorting, motivated by a desire to handle nondeterminism in programming language semantics [39, 37]. The main idea is to make no distinction between sorts and elements. Thus, the values in a carrier of an uni ed algebra represent not only elements of data, but also classi cations of elements into sorts. In this way, the theory of uni ed algebras is technically unsorted, because a uni ed speci cation is essentially just a speci cation in unsorted Horn clause logic with equality. However, uni ed algebra seems to have approximately the same speci cation power as universe OSA. De nition 11 A uni ed signature is an unsorted rst order signature containing the signature of a lattice with bottom element and a binary relational symbol \:". A uni ed algebra is a distributive lattice with bottom element such that all the operations are monotone with respect to the partial order of the lattice, x : y holds only if x  y and x : y, y  z implies x : z. 2 We can think about the relation \:" in terms of sort declarations. In a uni ed speci cation for natural numbers, the meaning of 1 : Nat, is that 1 is of sort Nat. Thus, there is a sense in which one could recover the notion of element in uni ed algebra by taking all the elements occurring in the lefthand side of the relation \:" (this is similar to the way that sets are de ned in axiomatic set theory). A major bene t of uni ed algebra is the possibility of applying operations to sorts as well as to elements, allowing many useful classi cations of elements to be expressed directly, without naming them by constants. Also, uni ed speci cations support initial algebra semantics [38] and weak overloading. In addition, we can prove variety and quasi-variety theorems: 17

Theorem 12 Let  be a uni ed signature. Then a class C of uni ed -algebras is closed

under (arbitrary) products, subalgebras and ltered colimits i it is axiomatisable by a nite set of nitary -Horn clauses, and is closed under (arbitrary) products, subalgebras and homomorphic images i it is axiomatisable by a nite set of unconditional -Horn clauses. Sketch of Proof:  determines a ( nite) collection H() of (unsorted) Horn clauses such that the uni ed -algebras are the quasi-variety of rst-order models de ned by H(). Therefore, any quasi-variety C of uni ed algebras is a quasi-variety of rst-order models, and hence by a classical result in model theory, is axiomatisable by a collection H of Horn clauses. Since the theory generated by H includes H(), H is a disjoint union of H() and another collection H 0 of Horn clauses, i.e., H = H() [ H 0. When C is closed under ultraproducts (or equivalently, under ltered colimits) the clauses in H 0 can be chosen to have nite hypotheses, and when C is closed under homomorphic images, they can be chosen to have empty hypotheses. 2 A (conditional) overloaded order sorted speci cation can be translated to a uni ed speci cation by interpreting the sorts as constants in the uni ed signature and using Horn clauses to express the operation and variable declarations [38]. However, this translation does not fully recover the semantics of overloaded OSA, because the loose models of these speci cations are very di erent, despite the fact that their initial models are essentially the same. It is hard to see how to implement this approach eciently; but possibly something could be done along the lines of Prolog, with uni cation and backtracking. One diculty is that elements can be described in many di erent ways, and there is unlikely to be any canonical form, or even an algorithm to check equivalence; even for nite elements, which have canonical descriptions as sets, equivalence can be very inecient to check. Another disadvantage of uni ed algebra is that there are no type mismatches, because all operation symbols are total and the logic is unsorted at this level; therefore, static type checking can only consider the number of arguments, and so will nd fewer errors than more strongly typed approaches.

7 Hidden Sorted OSA Hidden sorted algebra is motivated by the desire for a purely algebraic treatment of persistent data abstraction, extending the classical treatment of abstract data types to the notion of state. Such a theory would give a semantics for important parts of the object paradigm, which we take to include object oriented programming, speci cation, and re nement. The basic intuition of hidden sorted algebra is that the possible internal states of an object are the elements of a \hidden" sort. The word \hidden" is intended to suggest that one does not directly observe states, but only the values of certain attributes of states, possibly after applying some methods (i.e., state transforming operations) to the object. This idea is formalised by a notion of \behavioural" or \observational" satisfaction for equations, according to which two terms (of the same hidden sort) are considered equal in a model A i they \appear to be equal," in the sense that all visible consequences of this equality are satis ed. More precisely, A satis es (8X ) t = t0 i A satis es each equation 18

(8X ) t0(t) = t0(t0) where t0(z) is a term of visible sort having exactly one occurrence of a variable z of the appropriate hidden sort7 . It is shown in [12] that some simple restrictions on signatures and their morphisms, motivated by the principle of encapsulation, give an institution for hidden MSA. In [6], Burstall and Diaconescu prove a general result about introducing hidden sorts into institutions; this result is applied to overloaded OSA, showing that hidden overloaded OSA forms an institution. In constructing an institution for some kind of logic, it is crucial to get the right signatures and signature morphisms. In the case of hidden MSA and OSA, these precisely re ect encapsulation in the object paradigm. The fact that overloaded OSA contains MSA is technically important for the constructions in [6] to capture hidden OSA satisfaction; retracts also arise naturally, and play an important r^ole. Hence, it is dicult to see how similar constructions could be carried out in universe OSA. An overview of results and applications to the object paradigm is given in [15]. The idea of hidden sorts goes back to [18], as a formalisation of abstract machines and their relationships of re nement. Some more recent work on re nement is given in [17].

8 Summary and Conclusions This paper has compared several variants of order sorted algebra, including overloaded OSA, universe OSA, and uni ed algebra. In the process, we have signi cantly generalised overloaded OSA, by dropping regularity and monoicity, and by adding signatures of non-monotonicities. We have also proved a number of new results for this generalisation, including initiality, variety, and quasi-variety theorems. Similarly, we have proved variety and quasi-variety theorems for uni ed algebra. In addition, we have distinguished between strong and weak overloading, and shown that strong overloading is needed for formalising ordinary mathematical notation, as well as dynamic binding in object oriented programming, and the semantics of operations under multiple representation. We have also shown that sort constraints and retracts can greatly increase the expressive and computational power of OSA. These considerations suggest that the original overloaded OSA approach is the most faithful to the traditional spirit of general algebra, because it generalises MSA, and it preserves the characteristic general algebra style of model theoretic reasoning; in particular, it satis es the traditional variety and quasi-variety theorems without undue fuss. In addition, it supports the strong overloading needed for certain semantic modelling tasks, such as dynamic binding. On the other hand, it is important to note that various restrictions are required to obtain ecient algorithms for certain problems, including uni cation, and deciding term equivalence for canonical rewrite systems; for example, [48] discusses a number of restrictions of this kind. Some technical connections among various approaches are summarised in the diagram below. Going from top to bottom corresponds to going from a more general approach to one that is less general, in the precise sense of a direct technical instantiation of de nitions. This notion of satisfaction seems to have been introduced rst by Reichel [42] in the context of partial algebras. 7

19

Non-monotonic Overloaded OSA Term Declaration Algebra (Aczel )

Overloaded OSA (Goguen-Meseguer )

   Poigne OSA aa  a Regular OSA @@ aaa  aaaa @@  aa  Weakly Overloaded OSA

Universe OSA (Gogolla-Smolka )

@

@@

@@ ZZ @@ ZZ ZZ @@ ZZ ZZ ZZ ZZ

Consistent Overloaded OSA (Isakowitz )

Overloaded MSA (ADJ ) Unsorted Horn clause with equality Many Sorted Algebra logic  (Higgins, Benabou ) 

 

Unsorted Algebra Uni ed Algebra (Whitehead, Birkho ) (Mosses )

A Multiple Representation and Coercion This appendix gives OBJ3 code (somewhat evolved from code written by Joseph Goguen and Timothy Winkler in May 1989) for some examples of coercion and multiple data representation. The mathematical theory for these phenomena is developed in [23]. First, let's look at a data translation that actually changes the form of data elements, i.e., a coercion ; we truncate rationals to integers, in the context of a factorial function on naturals: obj FACT is pr RAT . op _! : Nat -> Nat . eq 0 ! = 1 . var N : Nat . cq N ! = N *((N - 1)!) if N > 0 . var X : NzRat . eq r:NzRat>Nat(X) = X - X rem 1 . endo

The coercion is de ned using an equation that has a retract on its lefthand side; this retract is used to \trap" the error condition of trying to apply an operation that wants a natural number to a rational number. If we had wanted, we could have de ned a more speci c coercion that only applies when the factorial function gets a rational, by instead giving the following equation: 20

eq r:NzRat>Nat(X)! = (X - X rem 1)! .

Now the following test cases, red (22 / 7)! . red (- 22 / 7)! . red (- 22 / - 7)! .

produce the following output: ========================================== reduce in FACT : r:NzRat>Nat(22 / 7) ! rewrites: 24 result NzNat: 6 ========================================== reduce in FACT : r:NzRat>Nat(- 22 / 7) ! rewrites: 7 result Nat: r:Rat>Nat(-3) ! ========================================== reduce in FACT : r:NzRat>Nat(- 22 / - 7) ! rewrites: 26 result NzNat: 6 ==========================================

(Note that the user does not type any of the retracts shown in the expressions to be reduced; they are automatically inserted by the parser.) We nd it hard to see how this kind of behaviour could be achieved in a rigorous way in a language that does not provide some facility like retracts. Of course, it is always possible to use a traditional imperative exception mechanism, as in the ML language [32]; but then the advantages of having a logic-based language are lost, and in particular, it could be much more dicult to verify programs that involve exceptions. The following code gives some operations on points represented in polar and Cartesian coordinates, allowing exible translation back and forth (at run time) between these representations on an as-needed basis. This version uses an enhancement (written by Han Yan and Joseph Goguen) called PosFLOAT of the built in module FLOAT, to provide not only a built in sort Float of oating point numbers, but also a subsort PosFloat of positive oating point numbers, and a subsort Angle of PosFloat of numbers  in the range8 0 <   2. PosFLOAT also contains the two retract equations cq r:Float>Angle(X) = r:Float>Angle(X + 2 * pi) if X Angle(X) = r:Float>Angle(X - 2 * pi) if X > 2 * pi .

which coerce any number that is supposed to be an angle into the desired range. (This can be thought of as a quotient map from the real line to the unit circle, providing a standard representation for angles.) We could have used the more traditional range 0   < 2, but that would have required a somewhat more complex sort hierarchy. Still another approach would have been to use sort constraints. 8

21

***> points in Cartesian and Polar coordinates *** this requires OBJ3 Version 2 and *** PosFLOAT with builtin subsorts Angle < PosFloat < Float in /home/diacon/OBJ/prog/PosFLOAT.obj *** in /users/diacon/OBJ/prog/PosFLOAT.obj *** notation for squaring obj SQ is pr FLOAT . var F : Float . op _**2 : Float -> Float [prec 2] . eq F **2 = F * F . endo *** points and operations on points obj POINT is pr SQ . sorts Point Cart NzPolar Origin Polar . subsorts Cart Polar < Point . subsort NzPolar Origin < Polar . op : Float Float -> Cart . op x_ : Cart -> Float . op y_ : Cart -> Float . vars X Y : Float . eq x < X, Y > = X . eq y < X, Y > = Y . op [_,_] : PosFloat Angle -> NzPolar . op origin : -> Origin . op rho_ : Polar -> Float . op theta_ : NzPolar -> Angle . var Rh : PosFloat . var Th : Angle . eq rho [ Rh, Th ] = Rh . eq theta [ Rh, Th ] = Th . eq rho(origin) = 0 . cq r:Cart>NzPolar(< X, Y >) = [sqrt(X **2 + Y **2),atan(Y / X)] if X > cq r:Cart>NzPolar(< X, Y >) = [sqrt(X **2 + Y **2), pi + atan(Y / X)] if X < cq r:Cart>Polar(< X, Y >) = [sqrt(X **2 + Y **2), atan(Y / X)] if X > cq r:Cart>Polar(< X, Y >) = [sqrt(X **2 + Y **2), pi + atan(Y / X)] if X < cq r:Cart>NzPolar(< 0, Y >) = [ Y, pi / 2 ] if Y > 0 . cq r:Cart>Polar(< 0, Y >) = [ Y, pi / 2 ] if Y > 0 . cq r:Cart>NzPolar(< 0, Y >) = [ - Y, (3 * pi) / 2 ] if Y < 0 . cq r:Cart>Polar(< 0, Y >) = [ - Y, (3 * pi) / 2 ] if Y < 0 . eq r:Cart>Polar(< 0, 0 >) = origin . eq r:Polar>Cart([ Rh, Th ]) = < Rh * cos(Th), Rh * sin(Th) > .

22

0 . 0 . 0 . 0 .

eq r:Origin>Cart(origin) = < 0, 0 > . op d : Cart Cart -> Float . op _+_ : Cart Cart -> Cart . var X1 Y1 X2 Y2 : Float . eq d(< X1, Y1 >, < X2, Y2 >) = sqrt((X2 - X1)**2 + (Y2 - Y1)**2). eq < X1, Y1 > + < X2, Y2 > = < X1 + X2, Y1 + Y2 > . endo

(The built in function atan, for arc tangent, is based on that of Common Lisp, and is Float-valued. Therefore, the retract equations for Angle in PosFLOAT may well be applied during computations that use atan.) It is slightly awkward that we have to give equations for each of the two retracts r:Cart>Polar and r:Cart>NzPolar; however, there is an alternative approach to retracts which makes more use of overloading would overcome this (see [29]). We note that Polar is isomorphic to Cart in the initial algebra of this speci cation. Also, notice that some operations are de ned for one representation but not for the other (e.g., + for Cart and rho for Polar); thus complex expressions in general will require translation. The following module introduces some constants to be used in test cases that illustrate various points made above: obj TEST is pr POINT . ops p1, p2, p3 : -> Polar . eq p1 = [ 1, pi ] . eq p2 = [ 2, - pi ] . eq p3 = [ 1, - pi ] . endo

Note that these de nitions of p2 and p3 actually lie outside the values allowed Angle. This style is quite common in mathematical practice; they are just considered as representatives for their canonical forms. In our formalisation of this practice, the parser will insert retracts which will then perform the reduction to normal form. Now here are some test cases, red red red red red red red red red red

x p1 . y p1 . d(p1,p2) . p1 + p2 . rho(p1 + p2) . theta(p1 + p2) . d(p1,p3) . p1 + p3 . rho(p1 + p3) . theta(p1 + p3) .

which produce the following output: 23

========================================== reduce in TEST : x r:Polar>Cart(p1) rewrites: 8 result Float: -1.0 ========================================== reduce in TEST : y r:Polar>Cart(p1) rewrites: 8 result Angle: 1.2246063538223773E-16 ========================================== reduce in TEST : d(r:Polar>Cart(p1),r:Polar>Cart(p2)) rewrites: 36 result Angle: 1.0 ========================================== reduce in TEST : r:Polar>Cart(p1) + r:Polar>Cart(p2) rewrites: 30 result Cart: < -3.0,3.6738190614671318E-16 > ========================================== reduce in TEST : rho r:Cart>Polar(r:Polar>Cart(p1) + r:Polar>Cart(p2)) rewrites: 44 result Angle: 3.0 ========================================== reduce in TEST : theta r:Cart>NzPolar(r:Polar>Cart(p1) + r:Polar>Cart( p2)) rewrites: 44 result Angle: 3.1415926535897931 ========================================== reduce in TEST : d(r:Polar>Cart(p1),r:Polar>Cart(p3)) rewrites: 36 result Float: 0.0 ========================================== reduce in TEST : r:Polar>Cart(p1) + r:Polar>Cart(p3) rewrites: 30 result Cart: < -2.0,2.4492127076447545E-16 > ========================================== reduce in TEST : rho r:Cart>Polar(r:Polar>Cart(p1) + r:Polar>Cart(p3)) rewrites: 44 result Angle: 2.0 ========================================== reduce in TEST : theta r:Cart>NzPolar(r:Polar>Cart(p1) + r:Polar>Cart( p3)) rewrites: 44 result Angle: 3.1415926535897931 ==========================================

Next, let's consider the operation that multiplies a vector by a scalar; this is ecient in either representation, although it does completely di erent things. Therefore, it is a good illustration of a strongly overloaded operation. (Similar phenomena would appear for a number system in which di erent kinds of numbers have di erent representations; such 24

number systems appear in most programming languages.) obj SCALARM is pr TEST . op _*_ : Float Polar -> Polar . op _*_ : Float Cart -> Cart . vars F X Y : Float . var Rh : PosFloat . var Th : Angle . eq F * < X, Y > = < F * X, F * Y > . cq F * [ Rh, Th ] = [ F * Rh, Th ] if F > 0 . cq F * [ Rh, Th ] = [ - F * Rh, pi + Th ] if F < 0 . eq 0 * [ Rh, Th ] = origin . eq F * origin = origin . endo

Now running the following test cases red red red red

2 * origin . (2 * origin).Cart . 2 * p1 . (2 *(p1 + p2)).Cart .

produces the following output: ========================================== reduce in SCALARM : 2.0 * origin rewrites: 1 result Origin: origin ========================================== reduce in SCALARM : 2.0 * r:Origin>Cart(origin) rewrites: 4 result Cart: < 0.0,0.0 > ========================================== reduce in SCALARM : 2.0 * p1 rewrites: 5 result NzPolar: [2.0,3.1415926535897931] ========================================== reduce in SCALARM : 2.0 * (r:Polar>Cart(p1) + r:Polar>Cart(p2)) rewrites: 33 result Cart: < -6.0,7.3476381229342635E-16 > ==========================================

We hope that the examples in this appendix demonstrate that automatic translation among multiple representations of data can be done in a way that supports subtyping, error handling, coercions, and strong overloading, is not too hard to implement, and has a coherent, integrated theory. It it dicult to see how these examples could be implemented in the other approaches considered in this survey; for example, universe OSA does not allow strong overloading, and its current practice does not support retracts. 25

References [1] Peter Aczel. Term declaration logic and generalised composita, 1990. University of Manchester; draft. [2] Hajnal Andreka and Istvan Nemeti. A general axiomatizability theorem formulated in terms of cone-injective subcategories. In B. Csakany, E. Fried, and E.T. Schmidt, editors, Universal Algebra, pages 13{35. North-Holland, 1981. Colloquia Mathematics Societas Janos Bolyai, 29. [3] Valentin Antimirov and Anatoli Degtyarev. Consistency of equational enrichments. In Proceedings, CRTS'92. Springer, Lecture Notes in Computer Science, 1992. [4] Jean Benabou. Structures algebriques dans les categories. Cahiers de Topologie et Geometrie Di erentiel, 10:1{126, 1968. [5] Garrett Birkho . On the structure of abstract algebras. Proceedings of the Cambridge Philosophical Society, 31:433{454, 1935. [6] Rod Burstall and Razvan Diaconescu. Hiding and behaviour: an institutional approach. Technical Report ECS-LFCS-8892-253, Laboratory for Foundations of Computer Science, University of Edinburgh, 1992. Also in A Classical Mind: Essays in Honour of C.A.R. Hoare, Prentice Hall, 1993. [7] Razvan Diaconescu, Joseph Goguen, and Petros Stefaneas. Logical support for modularisation. In Gerard Huet and Gordon Plotkin, editors, Logical Environments, pages 83{130. Cambridge, 1993. Proceedings of a Workshop held in Edinburgh, Scotland, May 1991. [8] Razvan Diaconescu. The formal completeness of equational logics. Technical Report PRG-TR-12-92, Programming Research Group, University of Oxford, 1991. [9] Martin Gogolla. Partially ordered sorts in algebraic speci cations. In Bruno Courcelle, editor, Proceedings, Ninth CAAP (Bordeaux), pages 139{153. Cambridge, 1984. Also Forschungsbericht Nr. 169, Universitat Dortmund, Abteilung Informatik, 1983. [10] Joseph Goguen. Semantics of computation. In Ernest G. Manes, editor, Proceedings, First International Symposium on Category Theory Applied to Computation and Control, pages 234{249. University of Massachusetts at Amherst, 1974. Also in Lecture Notes in Computer Science, Volume 25, Springer, 1975, pages 151{163. [11] Joseph Goguen. Order sorted algebra. Technical Report 14, UCLA Computer Science Department, 1978. Semantics and Theory of Computation Series. [12] Joseph Goguen. Types as theories. In George Michael Reed, Andrew William Roscoe, and Ralph F. Wachter, editors, Topology and Category Theory in Computer Science, pages 357{390. Oxford, 1991. Proceedings of a Conference held at Oxford, June 1989. [13] Joseph Goguen. Theorem Proving and Algebra. MIT, to appear 1995.

26

[14] Joseph Goguen and Rod Burstall. Institutions: Abstract model theory for speci cation and programming. Journal of the Association for Computing Machinery, 39(1):95{ 146, January 1992. Draft appears as Report ECS-LFCS-90-106, Computer Science Department, University of Edinburgh, January 1990. [15] Joseph Goguen and Razvan Diaconescu. Towards an algebraic semantics for the object paradigm. In Proceedings, Tenth Workshop on Abstract Data Types. Springer, to appear 1993. [16] Joseph Goguen, Jean-Pierre Jouannaud, and Jose Meseguer. Operational semantics of order-sorted algebra. In Wilfried Brauer, editor, Proceedings, 1985 International Conference on Automata, Languages and Programming. Springer, 1985. Lecture Notes in Computer Science, Volume 194. [17] Joseph Goguen and Grant Malcolm. Proof of correctness of object representation. In A. William Roscoe, editor, A Classical Mind: Essays in Honour of C.A.R. Hoare, pages 119{142. Prentice-Hall, 1994. [18] Joseph Goguen and Jose Meseguer. Universal realization, persistent interconnection and implementation of abstract modules. In M. Nielsen and E.M. Schmidt, editors, Proceedings, 9th International Conference on Automata, Languages and Programming, pages 265{281. Springer, 1982. Lecture Notes in Computer Science, Volume 140. [19] Joseph Goguen and Jose Meseguer. Completeness of many-sorted equational logic. Houston Journal of Mathematics, 11(3):307{334, 1985. Preliminary versions have appeared in: SIGPLAN Notices, July 1981, Volume 16, Number 7, pages 24{37; SRI Computer Science Lab, Report CSL-135, May 1982. [20] Joseph Goguen and Jose Meseguer. Eqlog: Equality, types, and generic modules for logic programming. In Douglas DeGroot and Gary Lindstrom, editors, Logic Programming: Functions, Relations and Equations, pages 295{363. Prentice-Hall, 1986. An earlier version appears in Journal of Logic Programming, Volume 1, Number 2, pages 179{210, September 1984. [21] Joseph Goguen and Jose Meseguer. Remarks on remarks on many-sorted equational logic. Bulletin of the European Association for Theoretical Computer Science, 30:66{ 73, October 1986. Also in SIGPLAN Notices, Volume 22, Number 4, pages 41-48, April 1987. [22] Joseph Goguen and Jose Meseguer. Models and equality for logical programming. In Hartmut Ehrig, Giorgio Levi, Robert Kowalski, and Ugo Montanari, editors, Proceedings, 1987 TAPSOFT, pages 1{22. Springer, 1987. Lecture Notes in Computer Science, Volume 250. [23] Joseph Goguen and Jose Meseguer. Order-sorted algebra solves the constructor selector, multiple representation and coercion problems. In Proceedings, Second Symposium on Logic in Computer Science, pages 18{29. IEEE Computer Society, 1987. Also Report CSLI-87-92, Center for the Study of Language and Information, Stanford University, March 1987; revised version in Information and Computation, 103, 1993. 27

[24] Joseph Goguen and Jose Meseguer. Unifying functional, object-oriented and relational programming, with logical semantics. In Bruce Shriver and Peter Wegner, editors, Research Directions in Object-Oriented Programming, pages 417{477. MIT, 1987. Preliminary version in SIGPLAN Notices, Volume 21, Number 10, pages 153{162, October 1986. [25] Joseph Goguen and Jose Meseguer. Order-sorted algebra I: Equational deduction for multiple inheritance, overloading, exceptions and partial operations. Theoretical Computer Science, 105(2):217{273, 1992. Also, Programming Research Group Technical Monograph PRG{80, Oxford University, December 1989. [26] Joseph Goguen, Andrew Stevens, Keith Hobley, and Hendrik Hilberdink. 2OBJ, a metalogical framework based on equational logic. Philosophical Transactions of the Royal Society, Series A, 339:69{86, 1992. Also in Mechanized Reasoning and Hardware Design, edited by C.A.R. Hoare and M.J.C. Gordon, Prentice-Hall, 1992, pages 69{86. [27] Joseph Goguen, James Thatcher, and Eric Wagner. An initial algebra approach to the speci cation, correctness and implementation of abstract data types. Technical Report RC 6487, IBM T.J. Watson Research Center, October 1976. In Current Trends in Programming Methodology, IV, Raymond Yeh, editor, Prentice-Hall, 1978, pages 80{ 149. [28] Joseph Goguen, James Thatcher, Eric Wagner, and Jesse Wright. Initial algebra semantics and continuous algebras. Journal of the Association for Computing Machinery, 24(1):68{95, January 1977. An early version is \Initial Algebra Semantics", with James Thatcher, IBM T.J. Watson Research Center, Report RC 4865, May 1974. [29] Joseph Goguen, Timothy Winkler, Jose Meseguer, Kokichi Futatsugi, and Jean-Pierre Jouannaud. Introducing OBJ. In Joseph Goguen, editor, Algebraic Speci cation with OBJ: An Introduction with Case Studies. Cambridge, to appear 1995. Also to appear as Technical Report from SRI International. [30] Joseph Goguen and David Wolfram. On types and FOOPS. In Robert Meersman, William Kent, and Samit Khosla, editors, Object Oriented Databases: Analysis, Design and Construction, pages 1{22. North Holland, 1991. Proceedings, IFIP TC2 Conference, Windermere, UK, 2{6 July 1990. [31] Paul R. Halmos. Lectures on Boolean Algebras. Van Nostrand, 1963. Mathematical Studies, Volume 1. [32] Robert Harper, David MacQueen, and Robin Milner. Standard ML. Technical Report ECS-LFCS-86-2, Department of Computer Science, University of Edinburgh, 1986. [33] Phillip J. Higgins. Algebras with a scheme of operators. Mathematische Nachrichten, 27:115{132, 1963. [34] Tomas Isakowitz. Theorem Proving Methods for Order Sorted Logic. PhD thesis, University of Pennsylvania, 1989. Appeared in Logic in Computer Science '89, pages 304{312. 28

[35] F. William Lawvere. Functorial semantics of algebraic theories. Proceedings, National Academy of Sciences, U.S.A., 50:869{872, 1963. Summary of Ph.D. Thesis, Columbia University. [36] Jose Meseguer and Joseph Goguen. Deduction with many-sorted rewrite rules. Technical Report CSLI-85-42, Center for the Study of Language and Information, Stanford University, December 1985. To appear in Theoretical Computer Science. [37] Peter Mosses. Uni ed algebras and action semantics. In Proceedings, Symposium on Theoretical Aspects of Computer Science. Springer, 1989. Lecture Notes in Computer Science, Volume 349. [38] Peter Mosses. Uni ed algebras and institutions. In Proceedings, Fourth Annual Conference on Logic in Computer Science, pages 304{312. IEEE, 1989. [39] Peter Mosses. Uni ed algebras and modules. In Proceedings 16th Annual ACM Symposium on Principles of Programming Languages, pages 329{343. ACM, 1989. [40] Axel Poigne. Another look at parametrization using algerbaic speci cations with subsorts. In Proceedings, Mathematical Foundations of Computer Science `84. Springer, 1984. Lecture Notes in Computer Science, Volume 176. [41] Axel Poigne. Once more on order-sorted algebra. Technical Report Draft, GMD, 1990. [42] Horst Reichel. Behavioural equivalence { a unifying concept for initial and nal speci cations. In Proceedings, Third Hungarian Computer Science Conference. Akademiai Kiado, 1981. Budapest. [43] Donald Sannella and Andrzej Tarlecki. Speci cations in an arbitrary institution. Information and Control, 76:165{210, 1988. Earlier version in Proceedings, International Symposium on the Semantics of Data Types, Lecture Notes in Computer Science, Volume 173, Springer, 1985. [44] Manfred Schmidt-Schauss. Computational Aspects of an Order-Sorted Logic with Term Declarations. Springer, 1989. Lecture Notes in Arti cial Intelligence, Volume 395. [45] Gert Smolka. Order-sorted Horn logic: Semantics and deduction. Technical Report SEKI Report SR-86-17, Fachbereich Informatik, Universitat Kaiserslautern, 1986. [46] Gert Smolka, Werner Nutt, Joseph Goguen, and Jose Meseguer. Order-sorted equational computation. In Maurice Nivat and Hassan At-Kaci, editors, Resolution of Equations in Algebraic Structures, Volume 2: Rewriting Techniques, pages 299{367. Academic, 1989. Preliminary version in Proceedings, Colloquium on the Resolution of Equations in Algebraic Structures, held in Lakeway, Texas, May 1987, and SEKI Report SR-87-14, Universitat Kaiserslautern, December 1987. [47] Christopher Strachey. Fundamental concepts in programming languages. Lecture Notes from International Summer School in Computer Programming, Copenhagen, 1967. [48] Uwe Waldmann. Semantics of order-sorted speci cations. Theoretical Computer Science, 94(1):1{35, 1992. 29

[49] Christoph Walther. A mechanical solution of Schubert's steamroller problem by manysorted resolution. Arti cial Intelligencer, 26(2):217{214, 1985. [50] Christoph Walther. Many-sorted inferences in automated theorem proving. In Sorts and Types in Arti cial Intelligence, pages 18{48. Springer, 1990. Lecture Notes in Arti cial Intelligence, Volume 418. [51] Alfred North Whitehead. A Treatise on Universal Algebra, with Applications, I. Cambridge, 1898. Reprinted 1960. [52] Han Yan. Theory and Implementation of Sort Constraints for Order Sorted Algebra. PhD thesis, Programming Research Group, Oxford University, to appear 1993.

30