Egidio Astesiano Gianna Reggio jezrdnA Tarlecki ).sdE( Recent Trends in Data Type Specification 10th Workshop on Specification of Abstract Data Types Joint with the 5th COMPASS Workshop S. Margherita, Italy, May 30 - June 3, 1994 Selected Papers r e g n~ i r p S Lecture Notes in Computer Science 906 Edited by G. Goos, J. Hartmanis and J. van Leeuwen Advisory Board: W. Brauer D. Gries J. Stoer Series Editors Gerhard Goos Universit~it Karlsruhe Vincenz-Priessnitz-Stral3e 3, D-76128 Karlsruhe, Germany Jufis Hartmanis Department of Computer Science, Cornell University 4130 Upson Hall, Ithaca, NY 14853, USA Jan van Leeuwen Department of Computer Science, Utrecht University Padualaan ,41 3584 CH Utrecht, The Netherlands Volume Editors Egidio Astesiano Gianna Reggio DISI otnemitrapiD- di Informatica e Scienze dell'Informazione Universit~t di Genova Viale Benedetto ,VX 3, 1-16132 Genova, Italy Andrzej Tarlecki Institute of Informatics, Warsaw University ul. Banacha 2, 02-097 Warsaw, Poland and Institute of Computer Science, Polish Academy of Sciences ul. Ordona 21, 01-237 Warsaw, Poland CR Subject Classification (1991): D.2.1-2, D.2.4, D.2.10-m, D.3.1, E3.1-2 ISBN 3-540-59132-X Springer-Vedag Berlin Heidelberg New York CIP data applied for This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer-Verlag. Violations are liable for prosecution under the German Copyright Law. (cid:14)9 Springer-Vedag Berlin Heidelberg 1995 Printed in Germany Typesetting: Camera-ready by author SPIN: 10485553 06/3142-543210 - Printed on acid-free paper Preface For more than twenty years by now algebraic specification has been an important area of research, aimed at providing foundations, methods and tools for formal devel- opment of provably-correct software. Workshops on Specification of Abstract Data Types, initiated in 1982, have become a prominent forum to present and discuss cur- rent research in the area. Since 1991 they have been held jointly with the General Workshops of the ESPRIT Basic Research Working Group COMPASS. The 10th Workshop on Specification of Abstract Data Types was held jointly with the 5th COMPASS Workshop in Santa Margherita (about 30 km from Genova) on May 30 - June ,3 1994, and was organised by Egidio Astesiano, Gianna Reggio and Maura Cerioli. The main topics covered by the workshop were: specification formalisms, languages and associated tools, - - term rewriting and theorem proving, algebraic specifications of concurrent systems, - - Mgebraic models and specifications of objec~ systems, - algebraic structures and their logics. The program consisted of 63 presentations describing ongoing research and of 4 invited lectures by Catriel Beeri, Harald Ganzinger, Jos~ Meseguer and Martin Wirsing, mainly surveying established approaches, recent results, and directions of future work on different topics of primary importance within the area. The talks stimulated lively discussions, both directly after the presentations and during five one-hour discussion slots. The latter, chaired by Peter Mosses, Don Sannella, Man- fred Broy, Hans-Dieter Ehrich and Egidio Astesiano, focused on some issues crucial for future developments within the area. A Selection Committee, consisting of Egidio Astesiano, Marie-Claude Gaudel, Hans-Dieter Ehrich, Hartmut Ehrig, H~l~ne Kirchner, Gianna Reggio, Horst Reichel, Don Sannella and Andrzej Tarlecki, chose a number of presentations and invited their authors to submit a written version of their talks for possible publication in the workshop proceedings. All the submissions underwent a careful refereeing process and were extensively discussed (by e-mail) by the Selection Committee during a final acceptance/rejection round. This resulted in the selection of 23 papers that appear in this volume together with written versions of the four invited surveys. We are extremely grateful to all the workshop participants, to the (other) mem- bers of the Selection Committee and to the following referees M. Baldamus, M. Biatasik, L. Campora, M. Cerioli, S. Conrad, F. Cornelius, G. Costa, G. Denker, E. Domenjoud, M. Gogolla, M. Grosse-Rhode, M. Hof- mann, S. Kahrs, C. Kirchner, B. Konikowska, M. Korff, P. Le Gall, H.C.R. Lock, C. Lynch, E. Moggi, F. Morando, A. Pierantonio, B. Reus, L. Ribeiro, C. Ringeissen, G. Snelting, M. Srebrny, G. Taentzer, T.H. Tse, A. Wagner, U. Wolter, E. Zucca, for their contribution to the scientific quality of the workshop and of this volume. Iv We also wish to thank Maura Cerioli, Ombretta Arvigo and Laura Montanari for their invaluable and friendly help with the workshop organisation. Finally, we would like to thank Martin Gogolla, who has prepared, with some help from Maura Cerioli, a comprehensive bibliography of the talks and papers given at the ten Workshops on Specification of Abstract Data Types so far; the bibliography appears at the end of this volume. The workshop was sponsored by DISI (Dipartimento di Informatica e Scienze dell'Informasione)-Universitk di Genova, and received financial support from the ESPRIT Basic Research Working Group COMPASS and CNR (Consiglio Nazionale delle Ricerche)-GNIM. Egidio Astesiano, Genova Gianna Reggio, Genova Andrzej Tarlecki, Warsaw Table of Contents Invited Papers L. Bachmair, H. Ganzinger, J. Stuber Combining Algebra and Universal Algebra in First-Order Theorem Proving: The Case of Commutative Rings C. Beeri Bulk Types and Query Language Design 03 J. Meseguer, N. Martf-Oliet From Abstract Data Types to Logical Frameworks 84 .M Wirsing Algebraic Specification Languages: An Overview 18 Contributed Papers .D Aspinall Types, Subtypes, and ASL§ 611 .D Bert, R. Echahed On the Operational Semantics of the Algebraic and Logic Programming Language LPG 231 .M Bidoit, R. Hennicker Behavioural Theories 351 .M Broy Equations for Describing Dynamic Nets of Communicating Systems 071 .M Cerioli A Lazy Approach to Partial Algebras 881 G. Denker Transactions in Object-Oriented Specifications 302 H.-D. Ehrich, A. Sernadas Local Specification of Distributed Families of Sequential Objects 912 H. Ehrig, .M LSwe, F.Orejas Dynamic Abstract Data Types Based on Algebraic Graph Transformations 632 M. Fernandez, J.P. Jouannand Modular Termination of Term Rewriting Systems Revisited 552 VIII J. L. Fiadeiro, J. F. Costa Institutions for Behaviour Specification 372 M. Gogolla, R. Herzig An Algebraic Semantics for the Object Specification Language TROLL light 092 U. Hensel, H. Reichel Defining Equations in Terminal Coalgebras 703 C. Hintermeier, C. Kirchner, H. Kirchner Sort Inheritance for Order-Sorted Equational Presentations 913 H. Hussmann Axiomatic Specification of Large Information Systems: Experiences and Consequences 633 U. Lechner, C. Lengauer, M. Wirsing An Object-Oriented Airport: Specification and Refinement in Maude 153 K. Meinke Topological Methods for Algebraic Specification 863 T. Mossakowski A Hierarchy of Institutions Separated by Properties of Parameterized Abstract Data Types 983 F. Parisi-Presicce, A. Pierantonio Dynamical Behavior of Object Systems 604 A. Sernadas, C. Sernadas, J.M. Valenqa A Theory-Bas~ed Topological Notion of Institution 024 J. Underwood Typing Abstract Data Types 437 M. Walicki, .S Meldal Multialgebras, Power Algebras and Complete Calculi of Identities and Inclusions 354 U. Wolter Institutional Frames 964 E. Zucca Implementation of Data Structures in an Imperative Framework 384 M. Gogolla, .M Cerioli What is an Abstract Data Type after all? 994 Combining Algebra and Universal Algebra in First-Order Theorem Proving: The Case of Commutative Rings* Leo Bachmair ~ Harald Ganzinger *~ Jiirgen Stuber ~-~ Abstract. We present a general approach for integrating certain inathe- matical structures ill first-order equational theorem provers. More specif- ically, we consider theorenl proving problems specified by sets of fix'st,- order clauses that contain the axioms of a commutative ring with a unit, elelnent. Associative-conunutative superposition forms the deduc- tive core of onr method, while a convergent rewrite system for coin- mutative rings provides a starting point, for more specialized inferences tailored to the given class of fornmlas. We adopt, ideas fl'om the Gr6bner basis method to show that Inany inferences of the superposition calcu- lus are redundant. This result is obt, ained by the judicious application of the simplification techniques afforded by convergent rewriting and by a process called symmetrization that enlbeds inferences between single clauses and ring axioms. 1 Introduction 1.1 Motivation Specifications of programs inchlde both symbols with their usual mathematical meaning as well as additional flmction symbols that correspond to program entities. Axioms such as Vl: sum(mapSquare(/)) >_ 0 ,:~V :I mapSquare(x : )l = c'. * ::~ mapSquare(/) where mapSquare is supposed t,o square the elements of a list and sum computes the sum of the elements of a list, involve symbols such as +,., _ or 0 with their (cid:12)9 The research described in this paper was supported in part by the NSF under re- search grant INT-9314412, by the Gerlnan Ministry for Research and Technology (Bundesministerium ffir Forschnng und Technologie) under grant ITS 9102/ITS 9103 and by the ESPRIT Basic Research Working Group 6112 (COMPASS). (cid:12)9 * Departlnent of Computer Science, SUNY at, Stony Brook, Stony Brook, NY 11794, U.S.A. leo@cs, sunysb .edu (cid:12)9 ** Max-Planck-Institut ffir hlformat.ik, hn S~,adt.wald, D-66123 Saarbrficken, Germany. {hg juergen}@mpi-sb, mpg. de stan&ud mathematical meaning in addition to the functions of the program of which some behaviour is expressed. Specifications based on standard mathematical structures, such as linear or- derings, rings, or fields, require specially designed reasoning methods. A naive approach whereby one simply adds an axiomatization of a structure (e.g., the axioms of a commutative ring or the axioms of a linear order) to a specification and searches for proofs according to some universal deductive mechanism, such as resolution or paramodulation, is not very nseful in practice. The axioms of the standard structure, both by themselves and in interaction with the axioms for program functions, usually create a huge search space. Consequently, in such theorem proving methods the additional knowledge provided by an embedded mathematical domain, which typically simplifies a mathematician's proof search, invariably clutters up the search space, so that many automated provers will no longer be able to find certain proofs they had been finding before. A more promising approach appears to be the integration of decision pro- cedures into heuristic provers and into resolution- or paramodulation-based provers, as this may allow one to more effectively cut down the proof search space. Some success has been obtained in limited scenarios. For example, re- placing syntactic unification by unification modulo an equational theory allows one to effectively deal with certain classes of equational theories. Commuta- tive semigroups have been extensively treated in approaches such as associative- commutative completion and their extensions to paramodulation-based calculi for first-order logic. This method is limited in that most nontrivial equational theories do not admit effective equation solving. But even for finitary and ef- fectively solvable theories the number of unifiers may be excessively large, e.g., doubly exponential in the case of associativity and commutativity theories, which in fact presents a major obstacle to applying existing associative-commutative provers in practice. Constraint-based theorem proving (Biirckert 1990, Kirchner, Kirchner and Rusinowitch 1990) is an alternative approach that is mainly applicable to hier- archic specifications, where new function symbols are defined persistently (with no junk and no confusion) over the primitive standard structures; see also (Bach- malt, Ganzinger and Waldmann 19!)4). In requirement specifications where one may not want to define the new functions explicitly, these conditions are hardly ever met in practice. As a result, a constraint solver for the primitive theory can not be simply added as a black box, and even in cases where the new function symbols are completely defined in terms of the primitive ones, the (typically, mu- tually recursive) interaction between the prover and the constraint solver may present serious complications, see Boyer and Moore (1988) for a discussion of these issues in the context of their heuristic prover. The prover PVS (Owre, Rushby and Sllankar 1992) is another instance where decision procedures are integrated in a heuristic manner, in this case using ideas of Nelson and Oppen (1979). In this pal)er we will not only be concerned with the practical aspects of such integration but also with questions of completeness of the resulting meth- ods. Our results apply to specifications in which fnnction symbols need not be completely defined in terms of the given primitive, mathematical symbols. 1.2 Our Approach The deductive core of our method is a reflltational, clausal-based inference sys- tem. We attempt to prove that a formula is a theorem by showing that the set consisting of its negation plus all axioms is unsatisfiable. All formulas are as- sumed to be in clause form. More specifically, we consider sets of clauses N U R, where R is a clausal axiomatization of the theory of commutative rings with a unit element and the clauses in N specify properties of uninterpreted function symbols. The theorem proving method we design is saturation-b(,sed, like resolution and paramodulation (but unlike model elimination and other goal-oriented meth- ods). In saturation-based methods, inferences are applied exhaustively to given clauses until either a contradiction (the empty clause) is obtained or else no further inferences are possible (and the final set is saturated). A saturation- based prover may be thought of as computing a mapping C from clause sets to clause sets, with the property that C(N) contains the empty clause if, and only if, N is unsatisfiable. If N is satisfiable, C(N) may be finite or infinite, but in either case will be closed under the given inferences. In our previous work on this subject (Bachmair and Ganzinger 1994c) we have developed a concept of redundancy and a refined notion of noitltrutl¢s pu to ycm~dnuder so as to be able to model simplification mechanisms, such as subsumption, tautology deletion, and rewriting, that are indispensable for the efficiency of theorem provers. The refined notion of saturation does not require the application of non-redundant inferences or inferences from redundant clauses. This work is of particular rele- vance to the present paper as it provides the right framework for the specialized techniques we propose for dealing with certain built-in mathematical structures. Finite, consistent sets C(N) often provide a basis fbr efficient theorem provers for the theory represented by N. An example are convergent rewrite systems, which are saturated under superposition and allow the validity of equations to be determined by (non-deterministic) rewriting. If a given clause set N can not be finitely saturated, it may still be possible to saturate some subset of N. For instance, if the given clause set is N U R, and R can be saturated, we may "partially evaluate" the saturation function and replace R by .OT The saturation of the partially evaluated set N U ¢T then involves only inferences where at least one premise com~.s fl'0m N. The main inferences in our deductive calculus are binary, i.e., have two premises. Further analysis may be profitable also for "mixed" inferences with one premise from N and one from .~7 If, for a clause C, one can find a set S(C), such that S(C) U ¢T is saturated, then no explicit inferences need to be made with (7, but C may be replaced by S(C). This may pay off if the mapping S can be more efficiently computed by a special- purpose device than by off-the-shelf saturation. We will describe, for the case of commutative rings, such a function S, called symmetriz(dion, that maps any ground clause to a finite set, and design inference rules to emunerate possibly infinite sets ,.q(C) for non-ground clauses. A key ingredient of the symmetrization