The use of the language Automath for syntax and semantics of programming languages

The use of the language Automath for syntax and semantics

of programming languages

Citation for published version (APA):

Bruijn, de, N. G. (1975). The use of the language Automath for syntax and semantics of programming languages. Technische Universiteit Eindhoven.

Document status and date: Published: 01/01/1975

Document Version:

Publisher’s PDF, also known as Version of Record (includes final page, issue and volume numbers)

Please check the document version of this publication:

• A submitted manuscript is the version of the article upon submission and before peer-review. There can be important differences between the submitted version and the official published version of record. People interested in the research are advised to contact the author for the final version of the publication, or visit the DOI to the publisher's website.

• The final author version and the galley proof are versions of the publication after peer review.

• The final published version features the final layout of the paper including the volume, issue and page numbers.

Link to publication

General rights

Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain

• You may freely distribute the URL identifying the publication in the public portal.

If the publication is distributed under the terms of Article 25fa of the Dutch Copyright Act, indicated by the “Taverne” license above, please follow below link for the End User Agreement:

www.tue.nl/taverne

Take down policy

If you believe that this document breaches copyright please contact us at:

openaccess@tue.nl

providing details and we will investigate your claim.

First d r d t of paper presented to the

International jymposium on Proving and Improving Programs 4rc et SF 7 < - ~ $ , July 1-2-3,

1975.

Thc use of the l a n ~ u a ~ e AUTOMATH for svatax and semantics of programming larkguages.

by

N.G.

de Bruijn Department o f Mathematics Eindhoven University of Technology

Eindhoven, The Netherlands Telephone ( 0 ) 4 0

-

472807

Abstract.

Mathematical theories can be written in the form of books in the language

AUTOMATH, and the checking of the correctness of the entire text can be automatized. The idea of this paper is to consider syntax and semantics of computer pro-

programing languages as parts of mathematics and to write semantical theorems concerning particular programs in books that already contain logic, mathema- tics, definition of syntax,and axioms for semantics of the programming language. The paper describes ways for doing this, with a programming

language that is a kind of subset of ALGOL 60 without being much less power- ful.

- 2 -

1 . _--- T n t r o d u c t i o n . _---

AIJII~%A"L'~.

\L

l,3,4_!)

i s a Language which p e r m i t s u s t o w r i t e v e r y l a r g e p a r t s of mathematics i n such a p r e c i s e way t h a t v e r i f i c a t i o n of t h e cor- r e c t n e s s of t h e mathematical c o n t e n t s can be c a r r i e d o u t by a computer. The AUTOMATH book t h a t i s p r e s e n t e d t o t h e computer h a s t o c o n t a i n every- t h i n g ; l o g i c a l f o u n d a t i o n s , i n f e r e n c e r u l e s , mathematical f o u n d a t i o n s , axioms, d e f i n i t i ~ n s , f o r m u l a s , a b b r e v i a t i o n s , theorems, p r o o f s , and t h e m u t u a l c o n n e c t i o n s between a l l t h e s e t h i n g s .

S i n c e t h e b e g i n n i n g of t h e AUTOMATH p r o j e c t i n 1968 a c o n s i d e r a b l e amount of m a t h e m a t i c a l m a t e r i a l h a s been w r i t t e n and checked, and t h e r e - fore i t seems t o b e f e a s i b l e t o s t a r t t h e u s e of AUTOMATH f o r p r a c t i c a l purposes.

I n many a r e a s of mathematics one may f e e l t h a t t h e r e i s n o t much need f o r such e x t r e m e l y p r e c i s e f o r m u l a t i o n s of complete t h e o r i e s . Such a r e a s can have a s t r o n g i n t u i t i v e background, and t h e f e e l of s a f e t y i s s u p p o r t e d by t h e many a p p l i c a t i o n s t h a t can be checked by v a r i o u s e n t i r e l y d i f f e r e n t methods l e a d i n g a l l t o t h e same r e s u l t .

There a r e f i e l d s , however, where t h e need f o r p r e c i s i o n i s v e r y s t r o n g , where i n t u i t i v e s u p p o r t i s weak and e x p e r i m e n t a l e v i d e n c e mis- l e a d i n g . T h i s may happen i n c a s e s of long p r o o f s c o n s i s t i n g of v e r y many e l e m e n t a r y s t e p s , where i t i s s t r o n g l y f e l t t h a t a c h a i n i s a s weak a s i t s weakest l i n k . I f t h e number of s t e p s r u n s i n t o thousands,the need f o r mechanical v e r i f i c a t i o n can be a v e r y n r a c t i c a l o m . Xn such c a s e s i t may be worth w h i l e t o go i n t o t h e t r o u b l e of coding e v e r y d e t a i l i n t o a f i n a l f o r m a l i z a t i o n , removing a l l t r a c e s of i n t u i t i o n and e x p e r i e n c e .

One such f i e l d can be t h e one t h a t i s devoted to p r o v i n g t h a t a com- p u t e r p r o g r a m has t h e s e m a n t i c s we want

i t

t o h a v e , i . e . t h a t program e x e c u t i o n does what we c l a i m i t t o do. I n t u i t i o n and e x p e r i m e n t a l evidence

N.G. d e B r u i j n

- 3 -

i n t h i s f i e l d a r e known t o b e independable. One r e a s o n , b u t n o t t h e only ( m e , ; $ t b i long programs a r e o f t e n produced i n c o o p e r a t i o n between

, e v e r a l p r o g r a m e r s , p i e c e s a r e t a k e n from l i b r a r i e s , e t c . Another m a t t e r i s t h a t program languages themselves need a thorough f o r m a l d e s c r i p t i o n , b o t h f o r s y n t a x and s e m a n t i c s .

Let us t h i n k of complex s i t u a t i o n s where l o g i c , mathematics, s y n t a x an3 s e n ~ a n t i c s a r e :nterwoven, and where i t i s j u s t t h e i n t e r p l a y between t f - e s e romponentr: t h a t r e q n i r e s a t t e n t i o n . Imagine we have a program f o r

seal hirt , rhe s o l u t i o n s o f A n u m b e r - t h e o r e t i c a l problem, and we w i s h t o prove t h a t t h e program does what we claim. A s i t happens, d u r i n g t h e s e a r c h a l l s o r t s of s h o r t c u t s a r e made, p a r t l y on t h e b a s i s of n u m b e r - t h e o r e t i c a l o r c o m b i n a t o r i a l theorems, p a r t l y on t h e b a s i s of s e m a n t i c a l knowledge about p a r t s of t h e program. I n t h e f u t u r e we might even imagine t h a t we a r e working i n an advanced programming language t h a t a l l o w s u s t o e x t e n d t h e s y n t a x and s e m a n t i c s i n t h e c o u r s e of t h e argument,and t o prove

s e m a n t i c a i theorems on t h e s e e x t e n s i o n s t h a t a r e used i n t h e proof of t h e f i n a l s e m a n t i c a l s t a t e m e n t on t h e t o t a l program ( i . e . t h e s t a t e m e n t t h a t e x e c u t i o n of t h e program produces e x a c t l y a l l s o l u t i o n s of t h e number- t h e o r e t i c a l problem). I n a s i t u a t i o n l i k e t h i s t h e s u p e r v i s i o n over t h e whole system seems t o b e i n a d e q u a t e i f we produce i n t h e "human" way,

c o n s i s t i n g of a patchwork of f o r m a l i z e d and i n t u i t i v e p i e c e s , t i e d to- g e t h e r by o u r f e e l i n g of c o n f i d e n c e . U s u a l l y t h e s i t u a t i o n i s l e s s com- p l e x t h a n we j u s t d e s c r i b e d , b u t a t l e a s t some of t h e s e d i f f i c u l t i e s a r e always p r e s e n t . P a r t of t h e d L f f i c u l t i e s a r e n o t s o much s o u r c e s of e r r o r s , b u t y e t produce a k i n d of c o n c e p t u a l u n e a s i n e s s s i n c e we f e e l u n a b l e t o

l a y a c o n n e c t i o n , o t h e r t h a n by i n t u i t i o n , between t h e f o r m a l i z e d mathe- m a t i c a l n o t i o n i n t h e mathematics r e x c and its f o r m a l i z e d c o u n t e r p a r t

- 4 -

I t is j u s t t h i s k i n d of a need f o r an o v e r a l l s u r v e y of a l a r g e f i e l d , t h a t AUTOMATH was d e v i s e d f o r .

I n ~ r d e r t o b e a b l e t o t a l k i n l e s s g e n e r a l t e r m s , we a c t a s i f t h e r e were o n l y one i n t e r e s t i n g program i n t h e w o r l d , i . e . a program f o r f i n d i n g t h e g . c . d . of two i n t e g e r s . We s t a r t from an AUTOMATH book t h a t c o n t a i n s an amount of b a s i c m a t e r i a l . We can extend t h e book by adding f u r t h e r m a t e r i a l ( e v e r y a c c e p t a b l e a d d i t i o n t o an a c c e p t a b l e book produces a new a c c e p t a b l e book). The book c e r t a i n l y has t o c o n t a i n

( i ) L o g i c a l t o o l s , i n f e r e n c e r u l e s .

( i i ) Mathematical f o u n d a t i o n s , i n p a r t i c u l a r p r o p e r t i e s of n a t u r a l numbers and i n t e g e r s .

( i i i ) D e f i n i t i o n of t h e g . c . d . , and p r o o f s of some of i t s p r o p e r t i e s . We now add a c h a p t e r t o t h e book, i n v o l v i n g

( i v ) A d e f i n i t i o n of a p a r t i c u l a r programming language.

( v ) B a s i c assumptions on t h e s e m a n t i c s of programs i n t h a t language. Next we w r i t e i n t h e book

( v i ) A d e s c r i p t i o n of a program f o r t h e computation of t h e g.c.d. ( v i i ) A s e m a n t i c theorem, w i t h p r o o f , about t h a t program ( t h i s theorem

may s t a t e something t o t h e e f f e c t t h a t i f t h e i n p u t i s m,n, t h e n t h e o u t p u t i s t h e g.c.d. of m and n ) .

However complete t h i s may seem t o b e , y e t t h e r e a r e a number of t h i n g s t h a t have t o be t a k e n f o r g r a n t e d . These t h i n g s concern t h e b a s i c assumptions

on t h e system a s a whole, and n o t such d e t a i l s a s d e s c r i b e d i n ( i i i ) , ( v i ) o r ( v i i ) .

2 . What h a s t o be t a k e n f o r g r a n t e d ?

I n t h e f i r s t p l a c e w e have t o b e l i e v e t h e t h i n g s c l e a r l y i n d i c a t e d

as " p r i m i t i v e n o t i o n s " i n t h e

AUTOMATH

book i t s e l f . Some of them r e f e r t o p r i m i t i v e o b j e c t s f o r which no d e f i n i t i o n i s given: we j u s t g i v e them a name and we s a y of what t y p e t h e y a r e . O t h e r s

N.G. de Bruijn

-

5

-

refer to axioms, whi.ch are things that have the form of a theorem without p;ocf.

The w a y AUTOMATH deals with assertions is what is now called the

"formulas as typesv presentation of logic (the term comes from Howard

[ 7

I ) .

Objects have a type (the type of

3

is "natural number", the type of S is "set"); proofs have a type too: the type of a proof a the (unique) assertion

it

proves. So corresponding to a "definition" (showing (a) name of the object; (b) description of its construction; (c) type of the object) we have a

"theorem" (sho~~ling (a) name of the proof; (b) construction of the proof;

(c) the assertion). Corresponding to the introduction of a primitive object we have an axiom: in both cases (b) is replaced by "PN" which is just a

warning symbol. There is a third kind of lines in our book: the block

opening lines; they may differ from the

PN

lines in the sense that they are narrowing the context: They can be "let x be an object of type At' or "let p be a proof of assertion B". They embody what we call introduction of a local variable or the introduction of a local assumption. They lose their power as soon as we get back to the original wider context.

As it is the case with any formal system, there is an unformalized system of interpretation that goes along with it. For the primitives in the formal text we choose interpretations in the outside world, and we have a system of propagation of interpretation that produces an interpretation of the final results in the formal text. We need not bother about inter- pretation of the intermediate parts of the text. (If the final result is a theorem, the thing we care to interpret is the assertion and nct the proof). Interpretational troubles are restricted to primitives and finals, and this is exactly the reason for the practical use of formal systems.

Let us direct our attention to the book that checks the g.c.d. program. We have to do various things. Firs', the formal soundness of the AUTOMATH

t e x t h a s t o be b e l i e v e d . T h i s h a s t o b e based on t h e b e l i e f t h a t d e f i n i t i o n and t1,eory ~f AUTCMATH a r e sound, and t h a t t h e t e x t checking a l g o r i t h m r e f u s e s e v e r y i n p u t t h a t i s n o t a c c o r d i n g t o t h e language d e f i n i t i o n s ( a c t u a l l y t h i s f a c t s s a n example of a q u i t e complex s e m a n t i c a l theorem). And we have t o b e l i e v e t h a t t h e computer language t h a t i s used f o r d e s c r i b i n g t h a t checking a l g o r i t h m i s a d e q u a t e l y implemented on a computer t h a t makes no m i s t a k e s .

Once t h e AUTOMATH t e x t h a s been t a k e n a s a b s o l u t e l y sound, we s t i l l

have t h e i i l t e r p r e t a t i o n s . We have t o i n t e r p r e t t h e n o t i o n s and axioms of

(i)

and ( i i ) , and t o make s u r e t h e y correspond t o i d e a s i n t h e p a r t l y f o r m a l i z e d m a t h e m a t i c a l world we t h i n k we l i v e i n . T h i s h a s t o

remain vague s i n c e t h a t m a t h e m a t i c a l world i s a b i t vague. The o n l y t h i n g we can s a y h e r e i s t h a t t h i s correspondence can be t r a c e d by c a r e f u l t h i n k i n g

i n t h e same s t y l e a s mathematicians always have been t h i n k i n g i n t u i t i v e l y about t h e meaning of t h e i r symbolisms. And e x p e r i e n c e r e i n f o r c e s c o n f i d e n c e .

Next we t u r n t o ( i v ) . The program p r i m i t i v e s and c o n s t r u c t s d e s c r i b e d i n t h e AUTOMATH book, w i l l n o t be e x a c t l y t h e same a s t h e programs w e r e a l l y g i v e t o o u r computer. There w i l l be an a l g o r i t h m t h a t s y n t a c t i c a l l y t r a n s l a t e s one i n t o t h e o t h e r , and we have t o b e l i e v e t h a t t h i s i s sound.

The more i m p o r t a n t t h i n g i s ( v ) . A f t e r we have i n t e r p r e t a t e d t h e s e m a n t i c axioms we s e e t h a t t h e y can b e c o n s i d e r e d a s c o n d i t i o n s t h a t have t o b e s a t i s f i e d by t h e computer system we want t o p r e s e n t o u r g.c.d. program t o . To convince o u r s e l v e s t h a t i t does s a t i s f y t h e s e c o n d i t i o n s , i s p a r t l y a s e m a n t i c a l , p a r t l y an e n g i n e e r i n g problem.

The f i n a l i n t e r p r e t a t i o n of ( v i i ) i s v e r y simple. There w i l l n o t b e any d i f f i c u l t y i n r e a d i n g i t s main r e s u l t a s " t h e g.c.d. a l g o r i t h m e v a l u a t e s t h e g.c.d.".

N.G.

de Bruijn

3, U s e of types.

a-_:

-

We want to describe syntax and semantics of an ALGOL-like programming l.,lguahe in terms ~f AUTONA'L'B. The first thing we have to decide on is which things are

-

types and which things have types.

In

AUl'OMAT'rI there are 3-expressions, 2-expressions, and the single

I-expression

--

type. Every 3-expression has a unique type, and that type is a 2-expression. Every 2-expression has type as its type. We shall use 2-expressions for some fundamental classes of mathematical objects, and 3-expressions for those objects themselves. Also, we use 3-expressions for proofs, a v d thei-r types are the assertions these proofs prove. In order

to easily build assertions, we create as a primitive notion the

2-expression "bbool" and, again as primitive notion, we build, for every 3-expression b of type bool, the 2-expression ~ ~ ~ ~ ( b o d f ) . If we have a 3-expression p of type TRUE(b), the interpretation is that p is a proof for the truth of the proposition b. From now on the interpretation of logic and mathematics is rather straightforward.

In order to express programs, we start with taking 2-expressions R, interpreted as state spaces. If R is a type, we create the primitive notion "program

(R)"

as a 2-expression. The interpretation of a 3-expression ?r

having type "program (R)" is that ?r is a program acting on the state

space

R.

4 . _--.- Syntax.

In order to describe the syntax of a programming language, we shall introduce primitive programs and primitive program constructs. On the basis of these we are able to construct all programs of the language, but it does not seem to be necessary to state an axiom that every object of type program (R) belongs to this constructed set.

we w r i t e a f e w l i n e s of our book:

I

:= PN

type

i f , 5 :=

--

boo 1 TKTJE := PN t y p e (2 :=

-

_type

program := ' I

T l l ~ h o r i z o n t a l 1 i n e s i n d i c a t e t h a t b and $2 a r e v a r i a b l e s ( o r block openers1')

,

t h e v e r t i c a l l i n e s i n d i c a t e b l o c k s w i t h a common c o n t e x t ( t h e c o n t e x t of t h e l i n e w i t h TRUE i s b ) . Note t h a t on t h e b a s i s of t h i s , "program (I?)'' can be used f o r e v e r y p o s s i b l e 2-expression

r ,

i n e v e r y p o s s i b l e c o n t e x t . For example we can s a y a t h i n g 1 i k e : " l e t f be a f u n c t i o n t h a t a t t a c h e s a program on

R

t o e v e r y i n t e g e r n N (whence n i s a v a r i a b l e t h e program depends on, and n o t a v a r i a b l e t h e program a c t s o n ) , o r ' l e t f b e a f u n c t i o n t h a t a t t a c h e s a program on

R

t o e v e r y program on

R

I ' I 2 . We s h a l l c e r t a i n l y need t h e n o t i o n of a C a r t e s i a n p r o d u c t of two s t a t e s p a c e s , and t h e r e f o r e we w r i t e

R2

:= .!iYE c a r t p r o d := PN tYPe

L e t u s now d i s c u s s how t o i n t r o d u c e p r i m i t i v e programs. We may c r e a t e programs on e v e r y s t a t e s p a c e a s w e l l a s programs on s p e c i a l s t a t e s p a c e s

( i n ALGOL160 t h e f i r s t c a s e does n o t o c c u r ) . For example one might c r e a t e t h e empty program ( t o b e i n t e r p r e t e d a s a program whose e x e c u t i o n does n o t a l t e r t h e s t a t e ) , and one might c r e a t e f a k e programs, l i k e a program of which we g i v e no semantic i n f o r m a t i o n whatsoever.

N.G. d e B r u i j n

A v e r y i m p o r t a n t g r o u p o f p r i m i t i v e programs a r e a s s i g n m e n t s . A c l e a r d c s c r i p t l o n o f them i s by no means easy. The s i m p l e s t c a s e s a r e t h e r e p l a c e - ments x := y where x and y a r e s t a t e s p a c e v a r i a b l e s . It can be a c a s e where

t h e s t a t e s p a c e i s c a r t p r o d ( R , R ) ; t h e n t h e replacement can be i n t r o d u c e d a s a p r i m i t i v e program ( t h e i n t e r p r e t a t i o n i s , i f we u s e t h e terminology of a n a l y t i c geometry, h o r i z o n t a l p r o j e c t i o n o n t o t h e d i a g o n a l , and i t s seman- t i c s has t o b e a r r a n g e d a c c o r d i n g l y . (Needless t o s a y , i t seems u n a t t r a c t i v e

t o w r i t e s e p a r a t e axioms f o r c a r t e s i a n p r o d u c t s of 2 , 3 ,

...

s p a c e s ; i t i s F e t t e r t o i n t r o d u c e o p e r a t i o n s on f i n i t e sequences of s p a c e s , which i s e a s i e r t o do i f we u s e t h e e x t e n s i o n AUT-QE of AUTOMATH).

A h a r d e r q u e s t i o n i s what t o d e c i d e about v a l u e a s s i g n m e n t s l i k e x := c , where c i s a v a r i a b l e t h e program depends on, and x := 0 , x := I , e t c . A t f i r s t s i g h t i t seems r e a s o n a b l e t o p o s t u l a t e ( i f x i s a s t a t e s p a c e v a r i a b l e of t h e t y p e i n t e g e r ) t h a t " f o r e v e r y i n t e g e r c t h e s t a t e m e n t "x := c" i s a program. But one should b e aware of t h e f a c t t h a t t h i s i s s a i d i n a mathe- m a t i c a l language t h a t a l l o w s t o s u b s t i t u t e o t h e r e x p r e s s i o n s f o r c , and i n

p a r t i c u l a r t h e s e might be e x p r e s s i o n s a computer cannot e v a l u a t e . One should r e a l i z e t h a t t h e p o s t u l a t e "x := c i s a program f o r e v e r y i n t e g e r c i n t h e r a n g e 0 5 c I 1 " h a s a s t r o n g e r e x p r e s s i v e power t h a n t h e two p o s t u l a t e s

S f

x := 0 i s a program" and "x := 1 i s a program" have t o g e t h e r , u n l e s s we add

e x t r a axioms i n t h e l a t t e r c a s e t h a t c r e a t e t h e same e f f e c t ( l i k e axioms on " d e f i n i t i o n by c a s e s " ; t h e f o r m u l a t i o n of such axioms seems t o r e q u i r e

I t e q u a l i t y of programs" a s

a

p r i m i t i v e ) .

It seems t o b e s a f e t o be v e r y r e s t r i c t i v e about v a l u e a s s i g m e n t s . I n t h e c a s e of i n t e g e r s one could j u s t t a k e "x := 0" and x := 1 " ( a s soon a s we have a d d i t i o n a s a p r i m i t i v e program, we can s i m u l a t e a n a s s i g n m e n t l i k e "x := 216" by a program having no o t h e r a s s i g n m e n t s t h a n "x := 0" and

11

-

10

-

On t h e o t h e r h a n d , i f one s t u d i e s m a t h e m a t i c a l a l g o r i t h m s i n s t e a d of c m p u i r :- (Ircgrams, t h e r e i s no o b j e c t i o n a g a i n s t a d m i t t i n g "x := c".

in t h e c a s p t h a t x i s a s t a t e s p a c e v a r i a b l e of t h e t y p e "bool",

w e can taice " X := t r u e T t and

"x :=

f a l s e " as a s s i g n m e n t s ( t r u e and f a l s e

a r e p r i m i t i v e s of t y p e b o o l , f o r which we h a v e t h e axioms o f c l a s s i c a l l o g i c i n t h e l o g i c o - m a t h e n i a t i c a l p a r t of o u r b o o k ) . Moreover we can add a f a . o t h e r s l i k e : ~ f x , y , z a r e s t a t e s p a c e v a r i a b l e s of t y p e b o o l , r e a l , r e a l , r e s p e c t i v e l y , t h e n "x := y>z", "x := y=zl' e t c . a r e programs. And, i n

d n a l o g y t c t h ~ a d d i l i o n of i n t e g e r s , we c a n u s e p r i m i t i v e s l i k e c o n j u n c t i o n , i m p l i c a t i o n , c t c . , i n o r d e r t o g e t programs t h a t s i m u l a t e t h e more compli- c a t e d b o o l e a n e x p r e s s i o n s .

A s p e c i a l k i n d o f a s s i g m e n t s i s c o n n e c t e d w i t h a r r a y s . F o r some s p e c i a l d a t a t y p e s A we a l l o w t h e u s e of a s s i g n m e n t o p e r a t i o n s o n v a r i a b l e s of t y p e

[n,Z]A ( i . e . t h e t y p e of a l l mappings of t h e s e t of i n t e g e r s Z i n t o A). I f f i s a v a r i a b l - e of t h i s t y p e , i f x i s a v a r i a b l e of t y p e A , and k a v a r i a b l e of

t y p e Z , we have t o p o s t u l a t e t h e p r i m i t i v e programs whose i n t e r p r e t a t i o n

i s f [ k l : =

x

and x := f C k l . The t r e a t m e n t of a r r a y s i s h a r d i f a r r a y bounds a r e v a r i a b l e s , a s i t i s p o s s i b l e i n

ALGOL'GO.

We s h a l l n o t d i s c u s s t h i s i n t h i s p a p e r ( i t s h o u l d b e remarked t h a t i t s t r e a t m e n t i n C6

1

i s u n s a t i s f a c - t o r y s i n c e i t n e g l e c t s t h e f a c t t.hat t h e v a r i a b l e s t h a t p r e s e n t e d t h e a r r a y bounds may change i n s i d e t h e b l o c k ; a c o r r e c t way t o d e s c r i b e how s u c h v a r i a b l e s a r e u n t o u c h a b l e m i g h t i n v o l v e t h e i n t r o d u c t i o n of v a r i a b l e s t h a t

c a n n o t b e a s s i g n e d t o s y n t a c t i c a l l y ) .

Thus f a r we d i s c u s s e d p r i m i t i v e programs; n e x t we g e t t o p r i m i t i v e program c o n s t r u c t s , i . e . ways t o compose b i g g e r programs f r o m s m a l l e r o n e s . F i r s t t h e c o n c a t e n a t i n n ( T i r s t n l , t h e n n2):

N.G. d e B r u i j n

-

1 1

-

A c o n s t r u c t ( n o t e x i s t i n g i n A L G O L ' ~ ~ ) t h a t h a s t h e same s y n t a c t i c s t r u c t u r e a s t h e c o n c a t e n a t i o n , i s t h e d i s j u n c t i o n I r r l o r

IT^"

(where t h e

programmer l e a v e s i t t o t h e machine which one t o e x e c u t e ) .

A v e r y i m p o r t n n t p r i m i t i v e c o n s t r u c t i s t h e b i n a r y s e l e c t i o n

" i f b tbren

_{- -}

e l s e r2". We want t o r e s t r i c t t h i s t o t h e c a s e t h a t b i s a s t a t e s p a c e v a r i a b l e of t y p e bool ( o t h e r w i s e we would have t o d e s c r i b e i n o u r brok t h a t b i s a s y n t a c t i c a l l y a d m i s s i b l e boolean e x p r e s s i o n , and t h a t seems t o b e h a r d ) . T r u s t i n g t h e s i m u l a t i v e power of a p r i m i t i v e language, we might l i m i t o u r s e l v e s t o t h e c a s e t h a t b does n o t o c c u r i n t h e s t a t e

s p a c e $2 of and r2, and t h a t b i s t h e v a r i a b l e t h a t c o r r e s p o n d s t o t h e e x t e n s i o n of

R

t o

R

x b o o l . I n o u r book t h i s l o o k s l i k e t h i s

Next we c o n s i d e r t h e c o n s t r u c t s " p r o j e c t i o n " and " i n j e c t i o n " t h a t t r a n s f o r m programs i n one s t a t e s p a c e i n t o programs i n a n o t h e r s t a t e s p a c e . We s h a l l b e a b i t s u p e r f i c i a l h e r e , s i n c e a c o r r e c t t r e a t m e n t r e q u i r e s

e l a b o r a t e i n d e x i n g of t h e v a r i o u s components.

Imagine T i s a program on

R

x Z , where $2 i s any s t a t e s p a c e and Z

s t a n d s f o r t h e s e t of a l l i n t e g e r s . Now we want t o c o n s i d e r t h e " p r o j e c t i o n " on $ 2 , i . e . t h e program on $2 t h a t would b e d e s c r i b e d i n ALGOL'GO a s

-

12

-

b e g i n _.-

_--

i n t e g e r n ; IT

_-

end. 1 1 1 OUT. I,, w e i n t r a ~ i a c e t h i s p r i m i t i v e a s f o l l o w s : 71 ' = program (cartprod(62,Z)) p r o j := PN program(62)

.

rlne n o t i o n of i n j e c t i o n i s a c a s e of a p r o c e d u r e c a l l e d by name. L e t n b e a program an a s t a t e s p a c e 62 x . . . x ilk, and l e t

x,

,..

.

,xk b e t h e names

1

of t l ~ r v a r i a b l e s f o r t h e s e k components. L e t

4

be some one-to-one mapping of { I

,

. .

.

, k } i n t o { l

,

. . .

,m}, and l e t A l x . . .xAm s a t i s f y

A

4

( i ) = ni) ( i = 1 , .

. .

, k )

.

Then we want t o i n t r o d u c e t h e p r o g r a m " i n j e c t i o n (IT)" on

4

A l x . . . x Am whose i n t e r p r e t a t i o n i s a s f o l l o w s : t a k e y

.

,

a s s t a t e Ym s p a c e v a r i a b l e s f o r A x...x

A

R e p l a c i n g i n t h e program IT e v e r y i n s t a n t I m' of X - 1 by Y 4 ( i ) g i v e s t h e program " i n j e c t i o n (IT)':

4

The c o n s t r u c t s d e s c r i b e d t h u s f a r a r e mappings of programs o r p a i r s of programs o n t o programs. L e t u s c a l l them "lower" c o n s t r u c t s i n c o n t r a s t t o " h i g h e r " c o n s t r u c t s where t h e v a r i a b l e s a r e n o t programs, b u t o b j e c t s on a h i g h e r l e v e l .

The o n l y example we t a k e i s t h i s one: I f Q i s a f u n c t i o n t h a t maps programs o n t o programs, t h e n t h e p r i m i t i v e h i g h e r c o n s t r u c t " r e c u r s ( Q ) " i s t o be i n t e r - p r e t e d a s t h e r e c u r s i v e l y d e f i n e d p r o c e d u r e "n := Q ( I T ) " . I n o u r book we g e t

SZ := t y p e

I

Q := Cn,program(R)lprogramCR)

r e c u r s := PN program(@

N.G. d e B r u i j n

srrcill fragment of A T ~ G O L ' ~ ~ . N e v e r t h e l e s s q u i t e a l a r g e p a r t of ALGOL'GO can

b ~ d s i n ~ u l a t e d by t h i s f r a g m e n t , i n p a r t i c u l a r much of t h e p r a c t i c e c o n c e r n i n g pro#:r d u r e s c a l l e d by v a l u e o r by nanie, and f u n c t i o n p r o c e d u r e s . For some d e t a ~ i s of such a s i m u l a t i o n we r e f e r t o C6

1.

5.

_---

Semantics. As o u r p o i n t of view we s e l e c t r e l a t i o n a l s e m a n t i c s , T h i s means t h a t s e m a n t i c r e s u l t s on a program n ( w i t h s t a t e s p a c e R) a r e g i v e n i n t h e Lorm of a b i n a r y r e l a t i o n on Q. I f we s a y t h a t T s a t i s f i e s t h e r e l a t i o n P t h e n t h e i n t e r p r e t a t i o n i s a s f o l l o w s : f o r e v e r y p a i r w E R , w ' E R

which a r e such t h a t w and w ' can be t h e i n i t i a l and f i n a l v a l u e of t h e s t a t e ,

- . - ---

---

P ( u , , L ' ) ; S t r u e ( b u t we do n o t r e q u i r e t h e c o n v e r s e ) . We s h a l l a l s o e x p r e s s

t h i s by s a y i n g t h a t P p r e s e n t s i n f o r m a t i o n on T . We do n o t r e q u i r e t h i s i n -

- --

f o r m a t i o n t o b e a s complete a s p o s s i b l e : w e - j u s t t r y t o work w i t h P ' S which have a s i m p l e form, a s long a s t h e y a r e adequate. One of t h e advan-

t a g e s of t h i s k i n d of s e m a n t i c s o v e r F l o y d ' s i n d u c t i v e a s s e r t i o n method i s t h a t we s t a t e r e s u l t s about t h e program and n o t about t h e program p l u s a number of a s s e r t i o n s s c a t t e r e d over i t . Our r e l a t i o n a l s e m a n t i c s i s s t i l l p r a g m a t i c : j u s t l i k e i n any mathematical p r o o f , we never b o t h e r about i n t e r m e d i a t e s t e p s b e i n g a s s t r o n g a s p o s s i b l e , i t i s o n l y t h e f i n a l r e s u l t t h a t c o u n t s , And r e l a t i o n a l s e m a n t i c s h a s n o t t h e s l i g h t e s t t r o u b l e w i t h n o n - d e t e r m i n i s t i c programs. I t i s p o s s i b l e t o e x t e n d t h e s t a t e s p a c e by improper e l e m e n t s s t a n d i n g f o r n o n - d e t e r m i n a t i o n and a b o r t i o n ( s e e C87,C61). We s h a l l n o t t r y t o d e s c r i b e t h a t h e r e , s i n c e i t i s a b i t awkward i n c o n n e c t i o n w i t h t h e c a r t e - s i a n p r o d u c t s t r u c t u r e of o u r s t a t e s p a c e s . Acompromise t h a t would make t h i n g s o n l y s l i g h t l y h a r d e r , i s t o e x p r e s s s e m a n t i c i n f o r m a t i o n by means

of a p r e d i c a t e Q and a r e l a t i o n R, w i t h t h e f o l l o w i n g i n t e r p r e t a t i o n : i f t h e i n i t i a l s t a t e w s a t i s f i e s Q(w)

,

t h e n t h e program e x e c u t i o n t e r m i n a t e s , and t h e f i n a l s t a t e s a t i s f i e s R(w,wT). (See C61).

11.1 our AUTOMATH book we formulate relational semantics by means of a

~i " Z I P \-riqitive w . We take it to be a 3-expression, and the interpretation

i. a proposition. (Any 3-expression that has TRUE(w) as its type is a proof for our semantic assertion). The variables are

R

(a state space), n (a program) and

P

(a relation on

R).

The text is

As a general axiom on w we can formulate that for all 71, P,,

P

we 2 have (if

R

is fixed we write w(n,P) instead of w(~,.rr,P)):

This implies monotonicity (if P

1

-t P2 then w(n,P1) -+ w(.rr,P2)). One might formulate this for infinite conjunctions too, but that seems to be un- necessary.

For every primitive program and for every primitive construct we have to formulate a special semantic axiom. At least for the primitive programs and lower primitive constructs these axioms comerather naturally, and there is

no point where it is a problem how to write the axiom in AUTOMATH once we feel what it should express. We give a few examples. First the axiom for the concatenation. It says that if

P

I are relations (state space

R),

if P I presents information on the program .ii and P on n 2 , then the

1 2

1 1

boolean matrix product'1 P1

*

P 2 presents information on the concatenation of l r l and n 2 . (The boolean matrix product is

N.G. d e B r u i j n

-

15

-

n o t e t h a t t h e b o o l e a n m a t r i x sum d o e s t h e same t h i n g f o r t h e c o n s t r u c t -. " n 2 t 1 i . F o r c h e b i n a r y s e l e c t i o n we h a v e t h e f o l l o w i n g . If w,? a r e u s e d a s c o o r d i r i a t e s i n c a r t p r o d ( R , b o o l ) , i f P and P p r e s e n t i n f o r m a t i o n on n. 1 2 1 and TI t h e n P p r e s e n t s i n f o r m a t i o n on " i f b t h e n IT e l s e IT ( o r i n 2 " 3

- -

1 - 2 t h e t e r m i n o l o g y of o u r book: b i n ~ e l e c t ( R , n . ~ , ~ ~ ) ) , where P ( w , B , w r , 8 ' ) i s 3 deCinec! as ( B = ~ ' ) A ( ( P =

--

t r u e ) -+ P I ( w , B , w ' , B f ) ) ~ ( ( B = f a l s e ) + P ( u , ? , u ' , B f ) ) . 2 I n o r d e r t o d e s c r i b e t h e s e m a n t i c s of r e c u r s ( Q ) , where Q i s a program- to-program f u n c t i o n , we s t a r t from t h e f a k e program K ( f o r which we assume

0

n o t h i n g b u t

IT

,TRUE), where TRUE i s t h e i d e n t i c a l l y t r u e r e l a t i o n ) . We

0 2 3 now b u i l d t h e programs Q ( n )

,

Q

( r o ) ( = Q ( Q ( r 0 ) ) ) ,

Q

T

. . .

L e t 0 P I , P 2 ,

...

b e r e l a t i o n s s u c h t h a t ( f o r n = 1 , 2 , ...) P p r e s e n t s i n f o r m a t i o n n on g n ( n 0 ) . L e t P b e s u c h t h a t f o r e v e r y p a i r w , u l t h e r e e x i s t s a n n s u c h t h a t P n ( w , u l ) -+ P ( w , o ' ) . Then P p r e s e n t s i n f o r m a t i o n on r e c u r s ( Q ) . I n t h i s p r a g m a t i c f o r m u l a t i o n we a v o i d t a l k i n g a b o u t t h i n g s l i k e S c o t t ' s minimal f i x p o i n t ( f o r which we r e f e r t o [ 2 1 ) t h u s l e a v i n g t h e way open f o r non- d e t e r m i n i s t i c c a s e s .

A f t e r h a v i n g d e s c r i b e d t h e p r i n c i p l e s of s y n t a x and s e m a n t i c s i n o u r AUTOMATH book, we c a n p r o c e e d by p r o v i n g g e n e r a l lemma's, e . g . on t h e

s y n t a x and s e m a n t i c s of t h e " w h i l e do" s t a t e m e n t . From t h e r e on we c a n s t a r t d e s c r i b i n g s p e c i a l programs and t h e i r s e m a n t i c s , b u i l d i n g up a l i b r a r y of r e s u l t s i n t h e same way as a n

AUTOMATH

mathern2tic. book b u i l d s up i t s own i n f e r e n c e r u l e s , m a t h e m a t i c a l f o u n d a t i o n s , lemma's, t h e o r e m s , up t o t h e f i n a l r e s u l t s whose c o r r e c t n e s s we want t o check. It i s a l o n g way t o g o , b u t t h e f a c t t h a t n o t h i n g n e e d s t o b e done t w i c e , p r o v i d e d t h e s e t t i n g h a s b e e n c h o s e n w i t h s u f f i c i e n t g e n e r a l i t y , may h e l p u s t h r o u g h .

6 . Epilogue. _-

_---

_--

A' '0 -I:'!'ir can be used i n v a r i o u s ways f o r l o g i c and mathematics ( c f C51,

s e c t i o n 1 4 ) ; w i t h s y n t a x and s e m a n t i c s we have t h e same s i t u a t i o n . The d i f f e -

r e n c e between d i f f e r e n t ways of u s i n g t h e language l i e s mainly i n t h e u s e we make of t h e t y p i n g o p e r a t i o n . One way t o l i v e w i t h i t i s t o r e s t r i c t i t s u s e

t o a minimum, t h u s c l i n c h i n g a s c l o s e a s p o s s i b l e t o s t a n d a r d p r e d i c a t e calculLus l i u s Z e r n i e l r F r a e n l t e l s e t t h e o r y . But we can a l s o u s e t y p i n g i n a more l i b - . r a l f a s h i o n , t o t h e e f f e c t t h a t t h e i n t u i t i v e i d e a t h a t t h i n g s have

t y p e s , i s ~eLlccr;.cl i n t h e language. The p r e s e n t paper h a s been w r i t t e n i n t h i s l i b e r a l s p i r i t . The e f f e c t i s t h a t AUTOMATH'S machinery of d e f i n i t i o n a l e q u a l i t y can be used f r e e l y f o r t h e h a n d l i n g of programs, b u t on t h e o t h e r hand i t cannot be r e f u t e d any more. This means t h a t , whether we want i t o r n o t , d e f i n i t i o n a l l y e q u a l programs have t h e same s e m a n t i c s .

As long a s t h i s concerns s o - c a l l e d d e l t a - r e d u c t i o n ( i . e . t h e e f f e c t of r e p l a c i n g t h i n g s by t h e i r d e f i n i t i o n ) t h i s i s what everybody wants. On t h e o t h e r hand, i f we have t h e

6-

and n - r e d u c t i o n of t h e A-calculus, we h a r d l y know what i t means when d e a l i n g w i t h programs. I n p a r t i c u l a r we have t h e q u e s t i o n why two programs e q u i v a l e n t by

6-

and n - r e d u c t i o n , should n e c e s s a - r i l y have t h e same s e m a n t i c s . The answer i s probably t h i s : A s l o n g a s t h e s y n t a c t i c and s e m a n t i c axioms have a p a r t i c u l a r form ( n o t i n v o l v i n g

A-expressions) t h e n i t can b e proved t h a t i f two programs ( n o t i n v o l v i n g A-operations on t h e t y p e "program") a r e d e f i n i t i o n a l l y e q u i v a l e n t , t h i s e q u i v a l e n c e can be e s t a b l i s h e d a l r e a d y w i t h o u t A-operations on t h e t y p e

11

program". A proof of t h i s might e s t a b l i s h t h e f a c t t h a t oui l i b e r a l a t t i t u d e i s n o t j u s t e f f e c t i v e b u t a l s o i n n o c e n t .

N.G. de Bruijn

References

.

we----.-

4 . pr-oceed~ngs Symposium APLASM (December 1973) ed.

P.

Braff ort. ~ascicule 1

,

T h e AL'lO,hWTH mathematics checking project. Contributions by

L.

S. van

P,rbt:hi.nr Jutti-ng, N.G. de Bruijn, D.T. van Daalen,

I.

Zandleven.

2.

J.W.

de Bakker. Recursive Procedures. Mathematical Centre Tracts nr. 24, ~

---

-

7,

_-

' v . ( ; , _-

_-

_-.- dn _-..---- Bruijn. The mathematical language AUTOMATH, its usage, and some

of

it

:; exte1i:;ions. Symposium on Automatic Demonstration (Versailles

,

Decembrr.

I

Q 6 9 )

,

Lecture notes

in

Mathematics, Vol. 125, pp. 29-61, S p i uge L Va3rlag 1970.

4.

-

N.G.

- --

d e Bruijn. AUTOMATH, a language for mathematics. Notes (prepared

by

B,

Fawcett) of a series of lectures in the SGminaire de Mathgmatiques SupiSrisures, Universitg de Montreal, 1971.

5. _--.-" N.G. de Bruijn. Set theory with type restrictions. Colloquia Mathematica

_----

Societas J h o s Bolyai,

10.

Infinite and finite sets, Keszthely (Hungary),

1973.

6 ,

---

N.G, de Bruijn. A system for handling syntax and semantics of computer programs in terms of the mathematical language AUTOMATH. Report,

Department of Mathematics, Technological University, Eindhoven, 1973.

7.

W.A. Howard. -. The formulae-as-types notion of construction,

mi.meographe.d, 1969.

8.

Z.

Manna, --- S. Ness and J , Vuillemin. Inductive methods for proving