On observational equivalence and algebraic ... - Springer Link

3 downloads 0 Views 1MB Size Report
We may say (informally) that two. ~-algebras are behaviourally equivalen$ with respect to a set OBS of observable sorts if it is not possible to distinguish ...
ON OBSERVATIONAL EQUIVALENCE AND ALGEBRAIC SPECIFICATION

--

Extended abstract i --

Donald Sannella and Andrzej Tarlecki 2 Department of C o m p u t e r Science University of Edinburgh

Abstract The p r o p e r t i e s of a s i m p l e a n d n a t u r a l n o t i o n of o b s e r v a t i o n a l e q u i v a l e n c e of a l gebras and the corresponding specification-building operation (observational a b s t r a c t i o n ) a r e s t u d i e d . We b e g i n w i t h a d e f i n i t i o n of o b s e r v a t i o n a l e q u i v a l e n c e w h i c h is a d e q u a t e t o h a n d l e r e a c h a b l e a l g e b r a s o n l y , a n d s h o w h o w t o e x t e n d i t to cope with unreachable algebras and also how it may be generalised to make sense under an arbitrary institution. B e h a v i o u r a l e q u i v a l e n c e is t r e a t e d a s a n i m p o r t a n t s p e c i a l c a s e of o b s e r v a t i o n a l e q u i v a l e n c e , a n d i t s c e n t r a l r o l e i n p r o g r a m d e v e l o p m e n t is s h o w n b y m e a n s of a n e x a m p l e .

1 Introduction Probably the m o s t exciting potential application of formal specifications is to the formal development of p r o g r a m s by gradual refinement from a high-level specification to a low-level "program" or "executabl'e specification" as in H O P E [BMS 80]. Each refinement step embodies s o m e design decisions (such as choice of data representation) under the requirement that behaviour m u s t be preserved. If each refinement step can be proved correct, then the p r o g r a m which results is guaranteed to satisfy the original specification. This paper studies what is m e a n t by "behaviour" in the context of algebraic specifications. Intuitively, the behaviour of a p r o g r a m is determined just by the answers which are obtained from computations the p r o g r a m m a y perform. We m a y say (informally) that two ~-algebras are behaviourally e q u i v a l e n $ w i t h r e s p e c t t o a s e t OBS of o b s e r v a b l e s o r t s if i t is n o t p o s s i b l e t o d i s t i n g u i s h b e t w e e n t h e m b y e v a l u a t i n g ~ - t e r m s w h i c h p r o d u c e a r e s u l t of o b s e r v a b l e s o r t F o r e x a m p l e , s u p p o s e ~ c o n t a i n s t h e s o r t s n a t , bool a n d b u n c h a n d t h e -~ b u n c h a n d E: n a t , b u n c h -~ b o o t ( a s w e l l a s o p e r a t i o n s e ~ z p ~ y : -~ b u n c h , a d d : n a t , b u n c h the usual operations

on nat

a n d bool), a n d s u p p o s e A a n d B a r e ~ - a l g e b r a s

tAIbunch

=

t h e s e t of f i n i t e s e t s of n a t u r a l

numbers

]B]buneh

=

t h e s e t of f i n i t e l i s t s of n a t u r a l

numbers

with

with the operations and the remaining carriers defined in the obvious way (but B does not contain operations like cons, car and cdr). Then A and B are behaviourally equivalent with r e s p e c t t o ~bool] s i n c e e v e r y t e r m of s o r t b o o l h a s t h e s a m e v a l u e i n b o t h a l g e b r a s ( t h e Note that A and B are i n t e r e s t i n g t e r m s a r e of t h e f o r m m e a d d ( a 1..... a d d ( % , e m p t y ) . , . ) ) . not isomorphic. In t h e a b o v e we a s s u m e perform

are to test whether

IThe full version On

that

the only observations

the results

(or experiments)

of c o m p u t a t i o n s

are equal.

we a r e a l l o w e d t o

In t h i s p a p e r we d e a l

of this paper is available as report CSR-172-84, Department of C o m p u t e r Science, University of Edinburgh,

leave from Institute of C o m p u t e r Science. Polish A c a d e m y of Sciences, Warsaw,

309

w i t h t h e m o r e g e n e r a l s i t u a t i o n in w h i c h o b s e r v a t i o n s m a y b e a r b i t r a r y l o g i c a l f o r m u l a e . We d i s c u s s a n o t i o n of observational e q u i v a l e n c e i n w h i c h two a l g e b r a s a r e o b s e r v a t i o n a t l y e q u i v a l e n t if t h e y b o t h g i v e t h e s a m e a n s w e r s to a n y o b s e r v a t i o n f r o m a p r e s p e c i f i e d s e t , Observational equivalence (or more specifically, behavioural equivalence) c o n c e p t w h i c h is f u n d a m e n t a l t o p r o g r a m m i n g m e t h o d o l o g y . For example:

seems to be a

Data abstraction A p r a c t i c a l a d v a n t a g e of u s i n g a b s t r a c t d a t a t y p e s in t h e c o n s t r u c t i o n of p r o g r a m s is that the implementation of a b s t r a c t i o n s b y p r o g r a m m o d u l e s n e e d n o t b e f i x e d . A d i f f e r ent module using different algorithms and/or different data structures may be substituted w i t h o u t c h a n g i n g t h e r e s t of t h e p r o g r a m p r o v i d e d t h a t t h e n e w m o d u l e is b e h a v i o u r a l l y e q u i v a l e n t to t h e mo, d u l e it r e p l a c e s ( w i t h r e s p e c t t o t h e n o n - e n c a p s u l a t e d t y p e s ) . ADJ [ADJ 7 6 ] h a v e s u g g e s t e d t h a t " a b s t r a c t " i n " a b s t r a c t d a t a t y p e " m e a n s " u p t o i s o m o r p h i s m " ; we s u g g e s t t h a t it r e a l l y m e a n s " u p to b e h a v i o u r a l e q u i v a l e n c e " . Program

specification

One w a y of specifying a p r o g r a m is to describe the desired input/output behaviour in s o m e concrete way, e.g. by constructing a very simple p r o g r a m which exhibits the desired behaviour. Any p r o g r a m which is behaviourally equivalent to the sample p r o g r a m with respect to the primitive types of the p r o g r a m m i n g language satisfies the specification. This is called an abstract m o d e l specification [LB 77]. In general, specifications under the usual algebraic approaches are not abstract enough; it is either difficult, as in Clear [BG B0] or impossible, as in the initial algebra approach of [ADJ 76] and the final algebra approach of [Wand 79] to specify sets of natural n u m b e r s in such a w a y that both A and B above are models. The kernel specification language ASL [SW 83] provides a specificationbuilding operation abstract which w h e n applied to a specification SP relaxes interpretation to all those algebras which are observationally equivalent to a m o d e l of SP with respect to the given set of "equational" observations. With a properly chosen set of observations, this g i v e s behavioural abstraction. $tepwise refinement A f o r m a l i s a t i o n of s t e p w i s e r e f i n e m e n t r e q u i r e s a p r e c i s e d e f i n i t i o n of t h e n o t i o n of r e f i n e m e n t , i.e. of t h e i m p l e m e n t ~ t i e ~ of o n e s p e c i f i c a t i o n b y a l o w e r - l e v e l s p e c i f i c a t i o n . In t h e c o n t e x t of a s p e c i f i c a t i o n l a n g u a g e w h i c h i n c l u d e s a n o p e r a t i o n l i k e b e h a v i o u r a l a b s t r a c t i o n , it is p o s s i b l e t o a d o p t a v e r y s i m p l e d e f i n i t i o n of i m p l e m e n t a t i o n (see section 5 f o r d e t a i l s ) . T h i s n o t i o n of i m p l e m e n t a t i o n h a s t w o v e r y d e s i r a b l e p r o p e r t i e s ( v e r t i c a l a n d h o r i z o n t a l c o m p o s a b i l i t y , s e e [GB 8 0 ] ) w h i c h p e r m i t t h e d e v e l o p m e n t of p r o g r a m s f r o m s p e c i f i c a t i o n s i n a g r a d u a l a n d m o d u l a r f a s h i o n , An a l t e r n a t i v e a p p r o a c h w h i c h i l l u s t r a t e s t h e s a m e p o i n t is t o u s e a d e f i n i t i o n of i m p l e m e n t a t i o n w h i c h i m p l i c i t l y i n v o l v e s b e h a v i o u r a l e q u i v a l e n c e , a s i n [GM 82] a n d [ S c h 83]. This paper establishes a n u m b e r of basic definitions and results concerning observational equivalence in an attempt to provide a sound foundation for its application to problems such as those indicated above. We begin by treating in section 2 the case in which observations are logical formulae containing no free variables. We define observational equivalence of algebras and a specification-building operation (abstract) which performs observational abstraction and explore their basic properties. W e generalise this m a t e r i a l i n two d i f f e r e n t d i m e n s i o n s ; s e c t i o n 3 d i s c u s s e s o b s e r v a t i o n s w h i c h c o n t a i n f r e e v a r i a b l e s ( t o h a n d l e " j u n k " i n u n r e a c h a b l e a l g e b r a s w i t h o u t r e s o r t i n g t o i n f i n i t a r y logic) a n d we a l s o m e n t i o n h o w t h e d e f i n i t i o n s c a n b e g e n e r a l i s e d to m a k e s e n s e u n d e r a n a r -

3t0

bitrary

(or i n s t i t u t i o n

logical system

[GB 83]).

Section 4 deals with the problem

of p r o v -

i n g t h e o r e m s a b o u t s t r u c t u r e d s p e c i f i c a t i o n s i n t h e c o n t e x t of o b s e r v a t i o n a l a b s t r a c t i o n . S e c t i o n 5 d i s c u s s e s b e h a v i o u r a l e q u i v a l e n c e a s a n i m p o r t a n t s p e c i a l c a s e of o b s e r v a t i o n a l e q u i v a l e n c e . A s i m p l e n o t i o n of i m p l e m e n t a t i o n is d e f i n e d , a n d we d e m o n s t r a t e t h e r o l e of behavioural equivalence in program development by carrying out one refinement step in the development

of a f r a g m e n t

of a n o p t i m i s i n g c o m p i l e r f r o m i t s s p e c i f i c a t i o n .

We a s s u m e t h a t t h e r e a d e r is f a m i l i a r w i t h t h e b a s i c a l g e b r a i c n o t i o n s p r e s e n t e d i n e.g. [ADJ 7 6] (cf. [BG 8 2 ] ) a s w e l l a s b a s i c n o t i o n s of l o g i c a s i n e.g. [ E n d 72] i n c l u d i n g s o m e i n f i n i t a r y l o g i c , s e e [ K a r p 64],

2 Observational

equivalence'

the ground

case

W h a t is a n o b s e r v a t i o n o n a n a l g e b r a ? In t h e a x i o m a t i c f r a m e w o r k , t h e m o s t n a t u r a l c h o i c e i s t o t a k e l o g i c a l f o r m u l a e a s o b s e r v a t i o n s ; t h e r e s u l t of a n o b s e r v a t i o n o n a n a l g e b r a i s j u s t t h e t r u t h o r f a l s i t y of t h e f o r m u l a i n t h e a l g e b r a . The k i n d of f o r m u l a e we u s e d i c t a t e s t h e k i n d s of o b s e r v a t i o n s we a r e a l l o w e d t o m a k e o n a l g e b r a s . On t h e o t h e r h a n d , t h e k i n d s of o b s e r v a t i o n s we w a n t t o m a k e on a l g e b r a s d i c t a t e s t h e k i n d of f o r m u l a e we need, that

is t h e l o g i c we s h o u l d u s e .

F o r e x a m p l e , if we w a n t o n l y t o e x a m i n e r e s u l t s equations

which allow us to compare

order predicate

of c o m p u t a t i o n s ,

t h e v a l u e s of t e r m s .

calculus which allows us to distinguish

the natural

Another natural

c h o i c e is

c h o i c e is f i r s t -

b e t w e e n e.g. c l o s e d a n d o p e n i n t e r -

v a l s of r a t i o n a l s ( t h e o b s e r v a t i o n / f o r m u l a Vx.3y.x_O1 w i t h f r e e v a r i a b l e x d i s t i n g u i s h e s b e t w e e n s t a n d a r d a n d n o n - s t a n d a r d m o d e l s of a r i t h m e t i c . As i n logic, we n e e d a v a l u a t i o n of t h e f r e e v a r i a b l e s i n t o t h e a l g e b r a u n d e r c o n s i d e r a t i o n to p r o v i d e t h e s e n a m e s w i t h i n t e r pretations. G i v e n a s i g n a t u r e E, a s e t X of v a r i a b l e s (of s o r t s i n E), a s e t ¢(X) of E - f o r m u l a e w i t h f r e e v a r i a b l e s i n X, a n d two E - a l g e b r a s A,B t h e r e a r e a n u m b e r of p o s s i b l e w a y s to d e f i n e A--- (x)B. F o r e x a m p l e , i n [SW 83] a n d [ST 84] A---e(x)B w a s d e f i n e d a s f o l l o w s : A=-~(x)B if t h e r e A~ iff B~v~.

exist surjective valuations

VA:X-*IAI a n d Vs:X-*lB [ s u c h t h a t f o r all ~c¢(X),

T h e j u s t i f i c a t i o n f o r t h i s d e f i n i t i o n is t h a t v A a n d v s i d e n t i f y " m a t c h i n g p a r t s " of A a n d B; e a c h p a r t of A m u s t m a t c h s o m e p a r t of B a n d v i c e v e r s a . B u t t h e r e a r e s o m e p r o b l e m s w i t h t h i s d e f i n i t i o n . T e c h n i c a l l y , t h i s r e l a t i o n is r e s t r i c t e d to c o m p a r i n g a l g e b r a s of c a r d i n a l i t y l e s s t h a n o r e q u a l t o t h a t of X b e c a u s e of t h e s u r j e c t i v i t y r e q u i r e m e n t o n v A a n d v B. Also, we h a v e to e x c l u d e a l g e b r a s w i t h e m p t y c a r r i e r s , ( a t l e a s t ) o n s o r t s in w h i c h X is n o n - e m p t y ; o t h e r w i s e t h e v a l u a t i o n s v A a n d / o r v s c a n n o t e x i s t . F i n a l l y , in t h e " g e n e r a l " c a s e i n w h i c h m o d e l s a n d t h e l o g i c a r e a r b i t r a r y ( s e e [ST 8 4 ] ) t h i s d e f i n i t i o n is r a t h e r m e s s y a n d i n e l e g a n t b e c a u s e of t h e d i f f i c u l t y of f o r m u l a t i n g i n a b s t r a c t t e r m s t h e r e q u i r e ment

of s u r j e c t i v i t y .

We a r e g o i n g t o c o n c e n t r a t e o n a d i f f e r e n t d e f i n i t i o n of o b s e r v a t i o n a l d e f i n e t h e o b s e r v a t i o n a l e q u i v a l e n c e r e l a t i o n i n t e r m s of a p r e o r d e r .

equivalence.

We

D e f i n i t i o n : F o r a n y s i g n a t u r e E, s e t X of v a r i a b l e s of s o r t s i n E, s e t ¢(X) of E - f o r m u l a e w i t h f r e e v a r i a b l e s i n X, a n d E - a l g e b r a s A,B, A is abserva~ier~lly reducible ~o B ~vrt ~(X), w r i t t e n ASP2 ' implies SPI+SP2~-~'>SPI'+SP2 ' and similarly for the other specification-building operations). This m e a n s that specifications can be refined in a modular fashion. This is in contrast to the m o r e complicated notions of implementation m e n t i o n e d earlier for which these

4For technical reasons (see [OM 51]) we a s s u m e that there are c o n s t a n t s of sort ~de~f. 5provided that aU specification-building operations are m o n o t o n i c (with r e s p e c t to model classes), which is t h e case for the speci{ication-building operations defined in e.g. Clear [BG 80], LOOK [ETLZ 8Z i, AS[. [SW S3], and for a b s t r a c t and behawlour a s defined above.

319

properties

do n o t h o l d in g e n e r a l .

The following specification

is a n i m p l e m e n t a t i o n

of E v a l - w e - r e a l l y - w a n t :

Eval' = l e t Ev0 = e n r i c h E v a l b y opns optplus, opttimes : expr, expr ~ expr optcond : expr, expr, expr ~ expr axioms Ve,e':expr. optplus(e,e') if e = c o n s t ( 0 ) if e' = c o n s t ( 0 ) e if e = e' = opttimes(const(2),e) otherwise = plus(e,e') Ve,e':expr. opttimes(e,e') if e = c o n s t ( 0 ) o r e' = c o n s t ( 0 ) = const(O) if e = c o n s t ( 1 ) i f e' = e o n s t ( 1 ) e otherwise = times(e,e') Ve,e',e':expr. optcond(e,e',e") = e' if e = c o n s t ( n ) a n d n ~ 0 = e" if e = c o n s t ( 0 ) = e' if e' = e" = cond(e,e',e") otherwise in derive signature Eval f r o m Ev0 by c o n s t i s c o n s t var i s var plus is optplus times is opttimes c o n d is o p t c o n d oval is e v a l Eval' specifies the syntax source-level

and semantics

optimisations

(constant

In o r d e r t o p r o v e t h a t

of o u r e x p r e s s i o n

folding) be carried

Eval' implements

language, requiring

that

certain

out.

E v a l - w e - r e a t l y - w a n t we h a v e t o show:

C l a i m : M o d [ E v a l - w e - r e a l l y - w a n t ] D__M o d [ E v a l ' ] To p r o v e t h i s we h a v e t o s h o w t h a t

any

m o d e l of E v a l ' i s b e h a v i o u r a l l y

equivalent to a

m o d e l of E v a l ( w i t h r e s p e c t t o i n p u t s o r t s I i n t , i d e n t , e n v I a n d o u t p u t s o r t ~int]). This b o i l s d o w n t o s h o w i n g t h a t t h e v a l u e of a n e x p r e s s i o n ( a s g i v e n b y e'val) is t h e s a m e a s t h e v a l u e of i t s o p t i m i s a t i o n details),

in any environment

( s e e t h e l o n g v e r s i o n of t h i s p a p e r

for o

A d i f f e r e n t w a y of p r o v i n g t h a t two a l g e b r a s a r e b e h a v i o u r a l l y e q u i v a l e n t i s s u g g e s t e d i n [ S e h 83]; i n t h i s a p p r o a c h , a r e l a t i o n ( c a l l e d a correspondence) b e t w e e n t h e c o r r e s p o n d ing carriers

is s e t u p e x p l i c i t l y a n d p r o v e d t o s a t i s f y a k i n d of h o m o m o r p h i s m

6 Concluding

property.

remarks

In the previous sections w e have b e e n rather v a g u e a b o u t w h a t w e m e a n

by a

"formula". W e have m e n t i o n e d f o r m u l a e of equational logic, first-order logic a n d infinitary logic. Moreover, although w e have b e e n using the standard notion of m a n y - s o r t e d algebra as in [ADJ 76], this w a s mostly in order to take a d v a n t a g e of the reader's intuition; in fact, w e m a d e use of very few formal properties of algebras. This m e a n s that in place of the s t a n d a r d notion w e could h a v e u s e d for e x a m p l e partial or continuous algebras. W e could even c h a n g e b o t h the notions of signature a n d of algebra to deal with errors or

coercions. The notion of an i~s~it~ti0~ [GB 83] provides a tool for dealing with any of these different n o t i o n s of a l o g i c a l s y s t e m f o r w r i t i n g s p e c i f i c a t i o n s . An i n s t i t u t i o n c o m p r i s e s d e f i n i t i o n s of s i g n a t u r e , m o d e l ( a l g e b r a ) , s e n t e n c e a n d a s a t i s f a c t i o n r e l a t i o n s a t i s f y i n g a few

320

minimal consistency conditions. (For a similar but more logic-oriented approach see [ B a r 74].) By b a s i n g o u r d e f i n i t i o n s (of o b s e r v a t i o n a l e q u i v a l e n c e e t c . ) o n a n a r b i t r a r y i n s t i t u t i o n we c a n a v o i d c h o o s i n g p a r t i c u l a r d e f i n i t i o n s of t h e s e u n d e r l y i n g n o t i o n s a n d do e v e r y t h i n g a t a n a d e q u a t e l y g e n e r a l level. It is p o s s i b l e to d e f i n e t h e s e m a n t i c s of a s p e c i f i c a t i o n l a n g u a g e in a n a r b i t r a r y i n s t i t u t i o n ; s e e [BG 80] a n d [ST 84]. We e n c o u n t e r n o p r o b l e m s a t all in g e n e r a l i s i n g t h e c o n t e n t s of s e c t i o n 2 ( o n g r o u n d observations) to an arbitrary institution. M o r e o v e r , f a c t s 1-12 s t i l l h o l d . ( F a c t 13 h o l d s for institutions with some simple closure properties. F a c t 14 m a y b e g e n e r a l i s e d if we e q u i p i n s t i t u t i o n s w i t h s o m e n o t i o n of r e a c h a b i l i t y a l o n g t h e l i n e s of [ T a r 84].) In o r d e r t o d e a l w i t h t h e g e n e r a l c a s e of o b s e r v a t i o n s c o n t a i n i n g f r e e v a r i a b l e s we h a v e f i r s t of all t o p r o v i d e a n o t i o n of a n o p e n f o r m u l a a n d a v a l u a t i o n of f r e e v a r i a b l e s in t h e f r a m e w o r k of a n a r b i t r a r y i n s t i t u t i o n . A l t h o u g h s e n t e n c e s a s t h e y a r e u s e d in t h e d e f i n i t i o n of a n i n s t i t u t i o n a b o v e a r e a l w a y s c l o s e d , t h i s m a y b e d o n e ( s e e [ST 84]). T h e n t h e c o n t e n t s of s e c t i o n 3 m a y b e g e n e r a l i s e d a s well; s e e t h e l o n g e r v e r s i o n of t h i s p a p e r f o r details. By e x p l o r i n g t h e p r o p e r t i e s of a p r i m i t i v e b u t p o w e r f u l a n d g e n e r a l n o t i o n s u c h a s o b s e r v a t i o n a l e q u i v a l e n c e a n d t h e n d e r i v i n g t h e m o r e d i r e c t l y u s e f u l c o n c e p t of b e h a v i o u r a l e q u i v a l e n c e a s a s p e c i a l c a s e , we a r e f o l l o w i n g i n t h e f o o t s t e p s of e a r l i e r w o r k o n k e r n e l s p e c i f i c a t i o n - b u i l d i n g o p e r a t i o n s [Wit 8 2 , 8 3 ] , [SW 83], [ST 84]. O u r u l t i m a t e i n t e r e s t is n o t in t h e p r i m i t i v e n o t i o n s t h e m s e l v e s b u t r a t h e r i n t h e u s e f u l h i g h e r - l e v e l c o n s t r u c t s w h i c h can be expressed in their terms. By c a r e f u l l y i n v e s t i g a t i n g t h e p r i m i t i v e s we h o p e to g a i n i n s i g h t s w h i c h c a n b e a p p l i e d to t h e d e r i v e d c o n s t r u c t s . The material in this paper could provide the basis for high-level specification languages s u c h a s o n e i n w h i c h e v e r y s p e c i f i c a t i o n is s u r r o u n d e d b y a n i m p l i c i t ( a n d i n v i s i b l e ) a p p l i c a t i o n of b e h a v i o u r w i t h r e s p e c t t o i n p u t a n d o u t p u t s o r t s a p p r o p r i a t e t o t h e c o n t e x t ° S u c h a l a n g u a g e is p r e s e n t e d i n [ST 85]. An i s s u e we h a v e n o t d i s c u s s e d is t h e c o n n e c t i o n between behavioural equivalence/abstraction and parameterisation of s p e c i f i c a t i o n s . A diff e r e n t a p p r o a c h t o t h e p r o b l e m of s p e c i f y i n g s o f t w a r e m o d u l e s w h i c h i n t e g r a t e s p a r a m e t e r i s a t i o n a n d i m p l e m e n t a t i o n is g i v e n in [ E h r i g 84]. We h a v e n o t y e t i n v e s t i g a t e d t h o r o u g h l y the interaction between behaviour and other specification-building operations, although a s t a r t in t h i s d i r e c t i o n is g i v e n b y f a c t s 5 a n d 6. Acknowledgements Our thanks to Rod Burstall for many instructive discussions and encouragement and to M a r t i n W i r s i n g f o r t h e c o l l a b o r a t i o n w h i c h s t a r t e d u s o n t h i s l i n e of w o r k a n d f o r h e l p f u l comments on an earlier version. Support was provided by the Science and Engineering Research Council.

7 References [ADJ

76]

[Bar 73] [Bar 74]

[Bau 81]

Goguen, J.A., Thatcher, J.W, and Wagner, E.G. An initial algebra approach to the s p e c i f i c a t i o n , c o r r e c t n e s s , a n d i m p l e m e n t a t i o n of a b s t r a c t d a t a t y p e s . IBM r e s e a r c h r e p o r t RC .6487. Also in: C u r r e n t T r e n d s i n P r o g r a m m i n g M e t h o d o l o g y , Vol. 4: D a t a S t r u c t u r i n g (R.T. Yah, ed.), P r e n t i c e - H a l l , p p . 8 0 - 1 4 9 ( 1 9 7 8 ) . B a r w i s e , J. B a c k a n d f o r t h t h r o u g h i n f i n i t a r y logio. In: S t u d i e s i n M a t h e m a t i c s , Vol. 8: S t u d i e s in Model T h e o r y (M.D. Morley, ed.), M a t h e m a t i c a l A s s o c . of America, pp. 5-34. B a r w i s e , J. A x i o m s f o r a b s t r a c t m o d e l t h e o r y . A n n a l s of M a t h . Logic 7, pp. 2 2 1 - 2 6 5 . B a u e r , F-L. e t a l ( t h e CIP L a n g u a g e G r o u p ) R e p o r t o n a w i d e s p e c t r u m l a n g u a g e f o r p r o g r a m s p e c i f i c a t i o n a n d d e v e l o p m e n t ( t e n t a t i v e v e r s i o n ) . R e p o r t TUM-

321 I8104, T e c h n i s c h e Univ. Mtinchen. Burstall, R.M. a n d Goguen, J.A, The s e m a n t i c s of Clear, a s p e c i f i c a t i o n language. Proc. of Advanced Course on A b s t r a c t Software S p e c i f i c a t i o n s , C o p e n h a g e n . S p r i n g e r LNCS 86, pp. 292-332, Burstall, R.M. and Goguen, J,A, Algebras, t h e o r i e s and f r e e n e s s : an i n t r o d u c t i o n [BG 82] for c o m p u t e r s c i e n t i s t s . Proc. 1981 M a r k t o b e r d o r f NATO S u m m e r School, Reidel. [BMS 80] Burstall, R.M., MacQueen, D.B. a n d Sannella, D.T. HOPE: a n e x p e r i m e n t a l a p p l i c a tive l a n g u a g e . Proc. 1980 LISP C o n f e r e n c e , S t a n f o r d , California, pp. 136-143. Church, A. An u n s o l v a b l e p r o b l e m of e l e m e n t a r y n u m b e r t h e o r y . A m e r i c a n [Chu 36] J o u r n a l of M a t h e m a t i c s 58, pp. 345-363. Ehrich, H.-D. On t h e t h e o r y of s p e c i f i c a t i o n , i m p l e m e n t a t i o n , a n d p a r a m e t r i z a [Ehr 79] t i o n of a b s t r a c t d a t a t y p e s . R e p o r t 82, Abteilung I n f o r m a t i k , Univ. of Dortmund. Also in: JACM 29, i, pp. 206-227 (1982). [Ehrig 84] Ehrig, H. An a l g e b r a i c s p e c i f i c a t i o n c o n c e p t for m o d u l e s ( d r a f t v e r s i o n ) . R e p o r t 84-04, I n s t i t u t ftir Software und T h e o r e t i s c h e I n f o r m a t i k , T e c h n i s c h e Univ. Berlin. [EKMP 82] Ehrig, H., Kreowski, H.-J., Mahr, B. and Padawitz, P. Algebraic i m p l e m e n t a t i o n of a b s t r a c t d a t a types. T h e o r e t i c a l C o m p u t e r S c i e n c e 20, pp. 209-263. [ETLZ 82] Ehrig, H., T h a t c h e r , J.W., Lucas, P. a n d Zilles, S.N. D e n o t a t i o n a l a n d initial algeb r a s e m a n t i c s of t h e a l g e b r a i c s p e c i f i c a t i o n l a n g u a g e LOOK. Draft r e p o r t , IBM research. Ehrig, H., Wagner, E.G. and T h a t c h e r , J.W. Algebraic s p e c i f i c a t i o n s with g e n e r a t [EWT 63] ing c o n s t r a i n t s . Proc. 10th ICALP, B a r c e l o n a . S p r i n g e r LNCS 154, pp. 166-202. E n d e r b n , H.B. A M a t h e m a t i c a l I n t r o d u c t i o n to Logic. A c a d e m i c P r e s s . [End 72] [GGM 76] G i a r r a t a n a , V., Gimona, F. a n d M o n t a n a r i , U. 0 b s e r v a b i l i t y c o n c e p t s in a b s t r a c t d a t a t y p e s p e c i f i c a t i o n . Proc. 5th MFCS, Gdansk. S p r i n g e r LNCS 45. Goguen, J.A. a n d Burstall, R.M. CAT, a s y s t e m f o r t h e s t r u c t u r e d e l a b o r a t i o n of [GB 80] c o r r e c t p r o g r a m s f r o m s t r u c t u r e d s p e c i f i c a t i o n s . T e c h n i c a l r e p o r t CSL-118, C o m p u t e r Science L a b o r a t o r y , SRI I n t e r n a t i o n a l , Goguen, J.A. a n d Burstall, R.M. I n t r o d u c i n g i n s t i t u t i o n s . Proc, Logics of P r o lab 83] g r a m m i n g Workshop, Carnegie-Mellon. S p r i n g e r LNCS 164, pp. 221-256. Goguen, J.A. a n d Meseguer, J. C o m p l e t e n e s s of m a n y - s o r t e d e q u a t i o n a l logic. [QM 81] SIGPLAN Notices 16(7), pp. 24-32; e x t e n d e d v e r s i o n to a p p e a r in H o u s t o n J o u r n a l of M a t h e m a t i c s . Goguen, J.A. a n d Meseguer, J. Universal r e a l i z a t i o n , p e r s i s t e n t i n t e r c o n n e c t i o n [GM 82] and i m p l e m e n t a t i o n of a b s t r a c t m o d u l e s . Proc. 9th ICALP, Aarhus, Denmark, S p r i n g e r LNCS 140, pp. 265-281. Goguen, J.A. and Meseguer, J. An i n i t i a l i t y p r i m e r . Draft r e p o r t , SRI Inter-. [GM 83]

[BG 80]

national. [GH

80]

[Kam 63] [Karp 64] [LB 77] [MSV

83]

[Pep 83] [Rei 81 ]

[SB 83] [ST

84]

[ST 85]

Guttag, J.V. a n d Horning, J.J. F o r m a l s p e c i f i c a t i o n as a d e s i g n tool. Proc. ACM S y m p o s i u m on P r i n c i p l e s of P r o g r a m m i n g Languages, Las Vegas, pp. 251-261. Kamin, S. Final d a t a t y p e s and t h e i r s p e c i f i c a t i o n . TOPLAS 5, 1, pp. 97-121. Karp, C.R. Languages with E x p r e s s i o n s of I n f i n i t e Length. North-Holland. Liskov, B.H. and Berzins, V. An a p p r a i s a l of p r o g r a m s p e c i f i c a t i o n s . C o m p u t a t i o n S t r u c t u r e s Group m e m o 141-1, L a b o r a t o r y for C o m p u t e r Science, MIT. Maibaum, T.S.E., Sadler, M.R. and Veloso, P.A.S. Logical i m p l e m e n t a t i o n . Techn i c a l r e p o r t , D e p a r t m e n t of Computing, I m p e r i a l College. P e p p e r , P. On t h e c o r r e c t n e s s of t y p e t r a n s f o r m a t i o n s . Talk a t 2nd Workshop on Theory and Applications of A b s t r a c t Data Types, P a s s a u . Reichel, H. B e h a v i o u r a l e q u i v a l e n c e - - a unifying c o n c e p t for initial and final s p e c i f i c a t i o n m e t h o d s . P r o c . 3rd H u n g a r i a n C o m p u t e r S c i e n c e Conf., B u d a p e s t , pp. 27-39. Sannella, D.T. a n d Burstatl, R.M. S t r u c t u r e d t h e o r i e s in LCF. Proc. 8 t h Colloq. on Trees in Algebra a n d P r o g r a m m i n g , L'Aquila, Italy. S p r i n g e r LNCS 159, pp. 377-391. Sannella, D.T. and Tarlecki, A. Building s p e c i f i c a t i o n s in an a r b i t r a r y i n s t i t u t i o n . Proc. Intl. S y m p o s i u m on S e m a n t i c s of Data Types, Sophia-Antipolis. S p r i n g e r LNCS 173, pp. 337-356. Sannella, D.T. and Tarlecki, A. P r o g r a m s p e c i f i c a t i o n a n d d e v e l o p m e n t in S t a n d a r d ML. Proc. 12th ACM Symp. on P r i n c i p l e s of P r o g r a m m i n g Languages, New

322

Orleans. S a n n e l l a , D.T. a n d Wirsing, M. I m p l e m e n t a t i o n of p a r a m e t e r i s e d s p e c i f i c a t i o n s . R e p o r t CSR-103-82, Dept. of C o m p u t e r S c i e n c e , Univ. of E d i n b u r g h ; e x t e n d e d a b s t r a c t in: Proc. 9 t h ICALP, A a r h u s , D e n m a r k . S p r i n g e r LNCS 140, pp. 473-488. S a n n e l l a , D.T. a n d Wirsing, M. A k e r n e l l a n g u a g e f o r a l g e b r a i c s p e c i f i c a t i o n a n d [sw 83] i m p l e m e n t a t i o n . R e p o r t CSR-181-83, Dept. of C o m p u t e r S c i e n c e , Univ. of Edinb u r g h ; e x t e n d e d a b s t r a c t in: Proc. Intl. Conf. on F o u n d a t i o n s of C o m p u t a t i o n T h e o r y , B o r g h o l m , Sweden. S p r i n g e r LNCS 158, pp. 4 1 8 - 4 2 7 . S c h o e t t , O. A t h e o r y of p r o g r a m m o d u l e s , t h e i r s p e c i f i c a t i o n a n d i m p l e m e n [Sch 83] t a t i o n ( e x t e n d e d a b s t r a c t ) . R e p o r t CSR-155-B3, Dept. of C o m p u t e r Science, Univ. of E d i n b u r g h . [Scott 65] Scott, D. Logic w i t h d e n u m e r a b l y l o n g f o r m u l a s a n d f i n i t e s t r i n g s of q u a n t i f i e r s . In: T h e o r y of Models. N o r t h - H o l l a n d , pp. 829-341. [Tar 84] Tarlecki, A. F r e e c o n s t r u c t i o n s in a b s t r a c t a l g e b r a i c i n s t i t u t i o n s . Draft r e p o r t , Dept. of C o m p u t e r S c i e n c e , Univ. of E d i n b u r g h . [Wand 79] Wand, M. Final a l g e b r a s e m a n t i c s a n d d a t a t y p e e x t e n s i o n s . JCSS 19, pp. 2"/-44. [Wir 82] Wirsing, M. S t r u c t u r e d a l g e b r a i c s p e c i f i c a t i o n s . Proc. AFCET Syrup. on Mathe m a t i c s f o r C o m p u t e r Science, P a r i s , pp. 93-107. [Wit 8~] Wirsing, M. S t r u c t u r e d a l g e b r a i c s p e c i f i c a t i o n s : a k e r n e l l a n g u a g e . H a b i l i t a t i o n t h e s i s , T e c h n i s c h e Univ. MUnchen.

[sw 82]