Table Of ContentM o nographs in Theoretical Computer Science
An EATCS Series
Editors: J. Hromkovič G. Rozenberg A. Salomaa
Founding Editors: W. Brauer G. Rozenberg A. Salomaa
On behalf of the European Association
for Theoretical Computer Science (EATCS)
Advisory Board:
G. Ausiello M. Broy C.S. Calude A. Condon
D. Harel J. Hartmanis T. Henzinger T. Leighton
M. Nivat C. Papadimitriou D. Scott
Forfurthervolumes:
http://www.springer.com/series/776
Donald Sannella • Andrzej Tarlecki
Foundations of Algebraic
Specification and Formal
Software Development
Prof. Donald Sannella Prof. Andrzej Tarlecki
The University of Edinburgh Institute of Informatics
School of Informatics Faculty of Mathematics,
Informatics Forum Informatics and Mechanics
10 Crichton St. University of Warsaw
Edinburgh, EH8 9AB ul. Banacha 2
United Kingdom 02-097 Warsaw, Poland
and
Institute of Computer Science
Polish Academy of Sciences
ul. Ordona 21
01-237 Warsaw, Poland
Series Editors
Prof. Dr. Juraj Hromkovi(cid:254) Prof. Dr. Grzegorz Rozenberg
ETH Zentrum Leiden Institute of Advanced
Department of Computer Science Computer Science
Swiss Federal Institute of Technology University of Leiden
8092 Zürich, Switzerland Niels Bohrweg 1
2333 CA Leiden, The Netherlands
Prof. Dr. Arto Salomaa
Turku Centre of Computer Science
Lemminkäisenkatu 14 A
20520 Turku, Finland
ISSN 1431-2654
ISBN 978-3-642-17335-6 e-ISBN 978-3-642-17336-3
DOI 10.1007/978-3-642-17336-3
Springer Heidelberg Dordrecht London New York
Library of Congress Control Number: 2011941495
ACM Codes: F.3, D.2
© Springer-Verlag Berlin Heidelberg 2012
This work is subject to copyright. All rights are reserved, whether the whole or part of the material is
concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting,
reproduction on microfilm or in any other way, and storage in data banks. Duplication of this publication or
parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965,
in its current version, and permission for use must always be obtained from Springer. Violations are liable
to prosecution under the German Copyright Law.
The use of general descriptive names, registered names, trademarks, etc. in this publication does not
imply, even in the absence of a specific statement, that such names are exempt from the relevant protective
laws and regulations and therefore free for general use.
Printed on acid-free paper
Springer is part of Springer Science+Business Media (www.springer.com)
ToMonikaandTeresa
Preface
Asitstitlepromises,thisbookprovidesfoundationsforsoftwarespecificationand
formalsoftwaredevelopmentfromtheperspectiveofworkonalgebraicspecifica-
tion. It concentrates on developing basic concepts and studying their fundamental
propertiesratherthanondemonstratinghowtheseconceptsmaybeusedintheprac-
ticeofsoftwareconstruction,whichisaseparatetopic.
Thefoundationsarebuiltonasolidmathematicalbasis,usingelementsofuni-
versal algebra, category theory and logic. This mathematical toolbox provides a
convenient language for precisely formulating the concepts involved in software
specification and development. Once formally defined, these notions become sub-
jecttomathematicalinvestigationintheirownright.Theinterplaybetweenmathe-
matics and software engineering yields results that are mathematically interesting,
conceptuallyrevealing,andpracticallyuseful,aswetrytoshow.
Some of the key questions that we address are: What is a specification? What
does a specification mean? When does a software system satisfy a specification?
Whendoesaspecificationguaranteeapropertythatitdoesnotstateexplicitly?How
doesoneprovethis?Howarespecificationsstructured?Howdoesthestructureof
specificationsrelatetothemodularstructureofsoftwaresystems?Whendoesone
specificationcorrectlyrefineanotherspecification?Howdoesoneprovecorrectness
ofrefinementsteps?Whencanrefinementstepsbecomposed?Whatistheroleof
informationhiding?Weofferanswersthataresimple,elegantandgeneralwhileat
thesametimereflectingsoftwareengineeringprinciples.
Thetheorywepresenthasitsoriginsinworkonalgebraicspecificationsstarting
intheearly1970s.Wedepartfromandgofarbeyondthisstartingpointinorderto
overcomeitslimitations,retainingtwoprominentcharacteristics.
Thefirstistheuseofmany-sortedalgebrasconsistingofacollectionofsetsof
datavaluestogetherwithfunctionsoverthosesets,orsimilarstructures,asmodels
ofsoftwaresystems.Thislevelofabstractionfitswiththeviewthatthecorrectness
oftheinput/outputbehaviourofasoftwaresystemtakesprecedenceoverallitsother
properties.Certainfundamentalsoftwareengineeringconcepts,suchasinformation
hiding,havedirectcounterpartsonthelevelofsuchmodels.
vii
viii Preface
The second is the use of logical axioms, usually in a logical system in which
equality has a prominent role, to describe the properties that the functions are re-
quiredtosatisfy.Thisproperty-orientedapproachallowstheuseofformalsystems
of rules to reason about specifications and the relationship between specifications
andsoftwaresystems.Still,thetheorywepresentissemantics-oriented,regarding
models as representations of reality. The level of syntax and its manipulation, in-
cludingaxiomsandformalproofrules,merelyprovideconvenientmeansofdealing
withpropertiesof(classesof)suchmodels.
Our primary source of software engineering intuition is the relatively simple
worldoffirst-orderfunctionalprogramming,andinparticularfunctionalprogram-
mingwithmodulesasinStandardML.Itissimplerthanmostotherprogramming
paradigms, it offers the most straightforward fit with the kinds of models we use,
anditprovidessyntax(“functors”)thatdirectlysupportsamethodologyofsoftware
developmentbystepwiserefinement.Eventhoughsomeaspectsofmoreelaborate
programming paradigms are not directly reflected, the fundamental concepts we
studyareuniversalandarerelevantinsuchcontextsaswell.
Thisbookcontainsfivekindsofmaterial.
Therequisitemathematicalunderpinnings:
Chapters1and3aredevotedtothebasicconceptsofuniversalalgebraandcate-
gorytheory,respectively.Thismaterialfindsapplicationinmanydifferentareas
of theoretical computer science and these chapters may be independently used
for teaching these subjects. Our aim is to provide a generally accessible sum-
mary rather than an expository introduction. We omit many standard concepts
andresultsthatarenotneededforourpurposesandincluderefinementstoclas-
sicaluniversal algebrathat arerequired forits usein modellingsoftware. Most
oftheproofsarelefttothereaderasexercises.
Traditionalalgebraicspecifications:
Chapter2presentsthestandardmaterialthatformsthebasisofworkonalgebraic
specifications. From the point of view of an algebraist, much of this would be
viewed as part of universal algebra. Additionally, Section 2.7 explores some of
the ways in which these basics may be modified to cope with different aspects
ofsoftwaresystems.Again,thischapterisasummaryratherthananexpository
introduction,andmanyproofsareomitted.
Elementsofthetheoryofinstitutions:
InChapter4weintroducethenotionofaninstitution,developedasaformalisa-
tionoftheconceptofalogicalsystem.Thisprovidesasuitablebasisforageneral
theory of formal software specification and development. Chapter 10 contains
somemoreadvanceddevelopmentsinthetheoryofinstitutions.
Formalspecificationanddevelopment:
Chapters 5–8 constitute the core of this book. Chapter 5 develops a theory of
specification in an arbitrary institution. Special attention is paid to the issue of
structureinspecifications.Chapter6isdevotedtothetopicofparameterisation,
bothofalgebrasandofspecificationsthemselves.Chapter7presentsatheoryof
formalsoftwaredevelopmentbystepwiserefinementofspecifications.Chapter8
Preface ix
introducestheconceptofbehaviouralequivalenceandstudiesitsroleinsoftware
specificationanddevelopment.
Proofmethods:
Chapter 9 complements the model-theoretic picture from the previous chapters
bygivingthecorrespondingproofmethods,includingcalculiforprovingconse-
quencesofspecificationsandcorrectnessofrefinementsteps.
Thedependencybetweenchaptersandsectionsismoreorlesslinear,exceptthat
Chapter10doesnotdependonChapter9.Thisdependencyisnotatallstrict.This
isparticularlyrelevanttoChapter3oncategorytheory:anyonewhoisfamiliarwith
the concepts of category, functor and pushout may omit this chapter, returning to
it if necessary to follow some of the details of later chapters. On first reading one
maysafelyomitthefollowingsections,whichareperipheraltothemaintopicofthe
book or contain particularly advanced or speculative material: 2.6, 2.7, 3.5 except
for3.5.1,4.1.2,4.4.2,4.5,6.3,6.4,6.5,8.2.3,8.5.3,9.5,9.6andChapter10.
Thisbookisself-contained,althoughmathematicalmaturityandsomeacquain-
tance with the problems of software engineering would be an advantage. In the
mathematicalmaterial,weassumeaverybasicknowledgeofsettheory(set,mem-
bership,Cartesianproduct,function,etc.—seeforinstance[Hal70]),butwerecall
alloftheset-theoreticnotationweuseinSection1.1.Likewise,weassumeabasic
knowledgeofthenotationandconceptsoffirst-orderlogicandproofcalculi;seefor
instance[End72].Intheexamplesthatdirectlyrelatetoprogramming,weassume
someacquaintancewithsimpleconceptsoffunctionalprogramming.Noadvanced
featuresareusedandsotheseexamplesshouldbeself-explanatorytoanyonewith
experienceusingaprogramminglanguagewithtypesandrecursion.
Inanattempttogiveacompletetreatmentofthetopicscoveredwithoutgoingon
atmuchgreaterlength,quiteafewimportantresultsarerelegatedtoexerciseswith
the details left for the reader to fill in. Fairly detailed hints are provided in many
cases,andinthesubsequenttextthereisnodependenceondetailsofthesolutions
thatarenotexplicitlygiveninthesehints.
Thisbookisprimarilyamonograph,withresearchersandadvancedstudentsas
itstargetaudience.Eventhoughitisnotintendedasatextbook,wehavesuccess-
fullyusedsomepartsofitforteaching,asfollows:
Universalalgebraandcategorytheory:
Aone-semestercoursebasedonChapters1and3.
Basicalgebraicspecifications:
Aone-semestercourseforundergraduatesbasedonChapters1and2.
Advancedalgebraicspecifications:
AnadvancedcoursethatfollowsonfromtheoneabovebasedonChapters4–7.
Institutions:
A graduate course with follow-up seminar on abstract model theory based on
mostofChapter4andpartsofChapter10.
Thematerialinthisbookhasrootsintheworkoftheentirealgebraicspecifica-
tioncommunity.Thebasisforthecorechaptersisourownresearchpapers,which
arehereexpanded,unifiedandtakenfurther.Weattempttoindicatetheoriginsof
Description:This book provides foundations for software specification and formal software development from the perspective of work on algebraic specification, concentrating on developing basic concepts and studying their fundamental properties. These foundations are built on a solid mathematical basis, using el
