add(suet(n). ,m)=succ(add(n,m). ) ( & times(O,n):O. ( 5 times(succ(n),m)=add(times(n,m),n). ( 6. But what is the semantics. Of an axiom like pred(D)=error ?
A. B. Cremers and H.-P. Kriegel, editors, Proc. 6. GI-Fachtagung für Theoretische Informatik, LNCS 145, pages 141–151, Berlin, 1983. Springer–Verlag ALGEBRAIC AND OPERATIONAL SEMANTICS OF EXCEPTIONS AND ERRORS M.Gogolla,K.Drosten,U.Llpeck Abteilung Informatik, UniversitAt Dortmund P o s t f a c h 5D0500, D-4600 Dortmund 50 H.D.Ehrich Lehrstuhl B for Informatik, TU B r a u n s c h w e i g P o s t f a c h 3 3 2 9 , D-33DO B r a u n s c h w e i g
Abstract The specification of a b s t r a c t data types requires the possibility to treat exceptions and e r r o r s . We p r e s e n t an a p p r o a c h allowing all forms of error handling : error introduction, error propagation and e r r o r recovery. The algebraic semantics Of o u r method and a new correctness criterion is g i v e n . We also introduce an o p e r a t i o n a l semantics of a subclass of our specifications which coincides with the algebraic semantics. Key
Words
Specification of abstract data types, algebraic semantics , correctness of semantics.
I.
e r r o r and e x c e p t i o n handling, specifications operational
Introduction
Abstract data types offer promising tools for the specification and implementation of p r o g r a m s . Research in t h i s f i e l d h a s b e e n i n i t i a t e d by [ Gu 75, LZ 7& ]. Pleasant features of t h e m e t h o d a r e t h a t it is well-founded algebraically [ A D 3 78, £h 79, E K T W W 81, W P P D B 80 ] and operationally [ Ro 73, Hu 77, O ' D 77, Wa 77 ] a n d t h a t it is a s o u n d basis for specification languages. The problem of h a n d l i n g exceptions a n d e r r o r s in a b s t r a c t data types has b e e n s t u d i e d in [ G H M 77, A D 3 78, Go 7 8 . I , Go 7 8 . 2 , Ma 79, B1 BO ] a n d an o p e r a t i o n a l treatment has b e e n g i v e n in [ E P £ B1 ]. We here modify the approach of [ E P E 81 ] a n d s t u d y t h e a l g e b r a i c and operational semantics of s p e c i f i c a t i o n s allowing error and exception handling. We distinguish syntactically between error introducing and normal functions and allow two different t y p e s of v a r i a b l e s for the same s o r t . T h u s a l l f o r m s of e r r o r a n d e x c e p t i o n handling, i.e. error introduction, error propagation and error recovery, m a y be t r e a t e d . We avoid the strict propagation of e r r o r s as in [ A D 3 7 8 , G o 7 8 . I , M a 79 ], the transformation of a x i o m s v i a n e w o p e r a t i o n s as in [ A D 3 78 ] and the introduction of a s e m i - l a t t i c e structure on t h e s e t of s o r t s as in [ Go ? S . 2 ] . Section
2 g i v e s an i n f o r m a l i n t r o d u c t i o n t o our method. In s e c t i o n s 3 and 4 we present the algebraic semantics of o u r s p e c i f i c a t i o n s . Section 5 gives a new correctness criterion and section B introduces the operational semantics of a subclass of o u r s p e c i f i c a t i o n s and shows that it coincides with the algebraic semantics. Because of spa~e limitations, we omit the proofs.
2.
The
basic
idea
The n a t u r a l numbers a r e an e x a m p l e o f a s i m p l e d a t a t y p e , w h i c h needs e r r o r and e x c e p t i o n h a n d l i n g . We a r e g o i n g t o use t h e n a t u r a l numbers in different versions throughout the paper.
142
Example To
2.1
specify 0
the
: --->
pred, The
But
natural
numbers
we
need
the
following
succ
: nat
--->
add,
times
: nat
x
axioms
are
given
by
--->
nat
: (
pred(0)=error
( 2
add(O,n)=n add(suet(n) ,m)=succ(add(n,m) ) times(O,n):O times(succ(n),m)=add(times(n,m),n) what is the semantics Of an axiom as
an
times(O,error) axiom ( 5 and so we
:
nat
nat
pred(succ(n))=n
'error'
functions
nat
extra :
0
constant and
so
in
the
( ( ( ( like
nat,
we
3 & 5 6 pred(D)=error
will
introduced
). This might suggest could add the following
I
find
error
the idea that axioms :
succ(error)=error
( El
)
pred(error)=error
( E2
)
add(error,n)=error
( E3
)
add(n,error)=error
( E&
)
times(error,n)=error timWs(n,error)=error
( E5 ( E5
) )
has
?
If
we
treat
=
times(0,pred(0)) been
errors
forgotten
should
by
propagate
But
unfortunately we didn't really specify what we had intended, unwanted contradictions occur. O = times(O,error) = error holds due to equations ( 5 ) and ( E 6 ) a n d so s u c c n ( 0 ) = error for because
every There
n
e N 0 d u e t o ( El are other reasons
propagation.
For
the
function
factorial fac(n)
With
We
present
don't
consider
on
the
support a
the
idea
natural
numbers
=
if(true,succ(O),times(O,fac(error)))
=
if(true,succ(O)
=
if(true,succ(0),error)
an
in
main
approach
an
instruments partition
the duce
syntactical errors in
way are
of
the
error of
:
of error
tional
well.
states
as
and
: nat : nat
allows
all
***
forms
of
error
and
Which
difficulties
avoids
error
nat nat
handling, recovery, like
the
an
error
i.e. to
be
above.
: sets
two types situations
into
a
normal
for
the
: unsafe
add , times : nat x nat ---> error : ---> nat : unsafe
and those which
part,
which intropreserve ok
of variables. The first type will only, the other for ok and excep-
constant.
---> --->
:
error
propagation
carrier
specification
including an error 0 : ---> nat
=
classification of functions into normal situations and those
states and the introduction serve for non
succ pred
strict
specification
,times(O,error))
which error
easy
the
Example 2.2 We give a
of
straightforward
if(eq(n,0),succ(O),times(n,fac(pred(n))))
introduction,
treated Our
example
the error propagation idea in mind we will find fac(0) = if(eq(0,0),succ(O),times(O,fac(pred(O))))
error
-
=
). which
nat
intended
natural
number
algebra
143
Functions,
which
might
functioDs
as
The
functions
other
The
we
call
signature
function or
term.
If
natural We
not
and
pred
know
such o n e s . The ok part
t, so
is
is
case
as
an
unsafe
the
the
terms
ok
will
be
( 5 not
only,
) Of
example
allowed
in
axiom
not
do Now
i.e.
to
(5)
For
note
into
the
n
only
and
m
for
ok
the
( 5
message
identities
variable =
to the because
)
within
t
term. it
are
are
the
to
a
an
error
and
times
applied
form
to
succn(0)
term
about
serve
axioms
for
are
semantical
the
unsafe
The error part of the symbol "error' occurs.
they
The
are
of
add
informing
means
intro-
corresponds
they
terms
unsafe
called
succ,
when
numbers. Sunction
an be
introduces
functions
illegal non
error
exactly
(
differences.
'error'
for
described
in
I
It
) is
variable example
n 2.1
: =
pred(succ(succ(O))) to
axiom
) S
I
),
but
This
will
made
on
=
succ(0)
succ(pred(succ(0))) we
may
be
substitute
clarified
the
later.
be
its
can
be
applied.
The
term
the can
last be
term,
seen
as
because an
error
environment.
***
ok p r e d i c a t e s following over to
two s e c t i o n s our n o t i o n o f
we show how t h e r e s u l t s of a l g e b r a . The s y n t a x o f o u r
this which
reason we correspond
carrier between
sets are normal
already mark to operations
via a signature, carrier s e t s and n o t homogeneous, situations and
in the signature those introducing errors in
3.1
is
with a
set
) arity arity
a
oR ( of
sorts
arguments,
, [
is
x
sn
= --->
a quintupel a
set
ok[ are mappings sort : Z ---> $
symbol
sort(o) ...
)
) is
(S,[,arity,sort,ok[)
function x
predicate
sort and [ ---> S*,
signature
: sl
(
suet(0).
o p e r a t i o n s on t h e s e s e t s . Our we want to distinguish
Definition
substitute
algebras with ok p r e d i c a t e s i s d e f i n e d names corresponding to the sorts of the
A signature where
o
ok
and
If
times(0,error)
cannot
exceptions. For function symbols, normal situations.
Given
in
term
simplifications
many-sorted which gives
A
an
terms.
allowed n
equivalent
AiBebras with
-
know
difficulties
hold
not
is
In this and the [ AD3 ?B ] carry
-
we
values
which
example
therefore
t,
messages
for
ok
further
axiom
I
in
because
error
substitute
times(0,pred(D))
(
error
set
there
it
semantically
( 2
possible
carrier
but
following
Please
3.
might
ok
as
: unsafe'
occur.
the
No
t.
error
the
2.1,
and
terms
an
called
pred(succ(succ(pred(succ(O)))))
-
a
all
return
seen
unsafe
by
for
to the natural in which the
application of pred t o 0. We now use ok variables situations
is 0.
constants,
signature
whether
function,
value
intended
can
as occur
t
error
the
functions.
known
viewed
this
with heN o corresponding carrier set are terms These
not
functions
they
of
oR
and in
classification
it t
errors
indicated
called
In to
that
are
a
ok
number. applied
we
in
only
mark
when
are
gives
occurs
duced
introduce
them,
o, s
the
ok[
often
arity(o)=s1...sn
gives s.
( of
: and
will
(S,[,arity,sort,ok[),
result
function : [ be
denotes sort.
symbols
--->
BOOL.
denoted the This
) and
by sorts
is
[
only. of
the
written
as
144
-
okE(o)=TRUE indicates
an
{unctions
will
signature
triple
be
made
clear
by
{unction symbol. the
following
Z
(A,F,OkA)
be
given.
A
E-algebra
) A=se S is an S - i n d e x e d ) F=oe E is a E-indexed symbol o : sl x ... x sn
(
)
o A : As1 x . . . x Ash ---> As OkA=se S is an S-indexed
and family
)
ok s for
:
(
#
:
TRUE i=1 .
-
.
.
A s ---> BOOL every function
.
A E-algebra
.
and n,
(al ..... we h a v e
(A,F,ok arises,
ambiguity
A) we
such that symbol o
an
ok
=seS
and Aok,s
of
predicates
) is
a
sl
x
. ..
will
often
will
x
an =
be
omit
denoted indices of
okE(a) call o A
sn
and an ok
by
the
--->
{
aeAs
part
function
s with
ok[(o)=
oksi(ai)=TRUE
{or
A only.
Nhenever no predicates : {or a
{or aeA s ok(a) means {unction, otherwise an
mean a is an ok element The ok predicates split error
every
predicates,
an) ~ As1 x . . . x Ash with Oks(OA(al ..... an))=TRUE.
For BoA s Oks(a)=TRUE will it is called error element. into
definition.
family Of sets, family of {unctions, {or ---> s we h a v e a f u n c t i o n
function symbol o ok(o) means oks(a). If o k ( o ) = T R U E holds, we unsafe function.
Aok
okE(a)=FALSE ok and unsafe
, where
( 1 ( 2
3
symbol, while The notion o{
3,2
Definition Let
means o i s an Ok u,nsafe function
o f As, o t h e r w i s e the carrier sets
Aerr.
J °ks(a)=TRUE
} Aerr=sgS Aerr,s = { aeA s I Oks(a)=FALSE } For the application we have in mind the ok elements correspond to normal situations, while the error elements indicate exceptional
states. Part (4) o f the definition requires that ok {unctions yield ok values for ok arguments, or in other words, only unsafe functions may introduce errors when applied to normal situations. Because we have to treat these unsafe functions carefully, we already distinguish them syntactically from ok {unctions. This garantees that whenever an expression consisting only Of ok functions to ok arguments, this will result in an ok element. For
is a p p l i e d expressions
including unsafe functions this is not known. Every algebra with ok predicates can also be interpreted as a c o n ventional algebra without ok predicates by just omitting the predicates. On the other hand every conventional algebra without ok predicates can be made into an algebra with ok predicates by demanding all functions to be ok {unctions and all elements to be ok elements. The
same
holds
{or
signatures.
Example 3.3 We describe
which to O.
the natural numbers together with an extra error is introduced because we want to apply the predecessor Let S : { bool,nat } be the set of sorts. Unsafe
symbols will be indicated by ' : unsafe' false,true : ---> bool 0 : ---> nat succ : nat ---> nat pred : nat ---> nat : unsafe negative : ---> nat : unsafe if : bool x nat x nat ---> nat
.
element, {unction {unction
145
The
Carrier
sets
and
the
ok
Abool = { f t } Ana t = NO + { ena t } The f u n c t i o n s corresponding false A : I---> f true A : I---> t n+l succ A : n I---> ~ena t n-1 pred A : n I---> L enat
~
if A pred A yields
:
is ok
(b,nl,n2) an unsafe results,
1--->
predicates
on
them
are
given
O k b o o l ( b ) = TRUE Okna t ( n ) = (neN D) to the function symbols 0A : I---> 0 negative A : I---> ena t if neNO
are
by
:
defined
by
n:ena t neN
if if
if n = 0 In1 if
L n2 function, for the
or n = e n a t b=t
if
b=f because only for some o k a r g u m e n t s it ok v a l u e 0 it r e t u r n s the error element
ena t . For the
***
every signature following way.
Definition 3.& Let signature by : ( I ( 2
:
[ be
) ( T [ , F [ ) is ) OkT:se °ks(t)
Z we
define
given.
The
the
term
[.-term
algebra
algebra
with
ok
predicates
( T [ , F [ , o k T)
is
in
defined
the usual term algebra. T [ = < T s > s ~ S. F [ = < a T > o e [. S. F o r t e T s ok s is g i v e n by : A L S E if an u n s a f e f u n c t i o n s y m b o l o c c u r s in t
~F
=LTRUE
otherwise
A t e r m is an ok t e r m , if a n d o n l y if a l l f u n c t i o n symbols occurring in t h e t e r m a r e ok f u n c t i o n symbols. Our term algebras are well defined, t h a t m e a n s TZ is a [ - a l g e b r a w i t h Ok p r e d i c a t e s satisfying p a r t ( & ) of d e f i n i t i o n 3.2. Example 3.5 Looking at the signature in example 3.3 is an ok t e r m and p r e d ( s u c c ( O ) ) , pred(O) error elements in t h e t e r m a l g e b r a , [-algebras w i t h ok p r e d i c a t e s m a y be mappings called [-algebra morphisms.
we f i n d if(true,O,succ(O)) or ±f(true,O,negative)
compared
by
structure
are ***
preserving
Definition 3.5 Let [-algebras (AI,FI,okAI) , (A2,F2,OkA2) be g i v e n . An S - i n d e x e d family of f u n c t i o n s h=seS, h S : AI s - - - > A2 s is c a l l e d [ - a l g e b r a morphism , if ( I ) h is a morphism f r o m AI to A2 t a k e n w i t h o u t ok p r e d i c a t e s and ( 2 ) f o r seS a n d a e A 1 s O k A 1 ( a ) implies OkA2(hs(a)). A morphism is c a l l e d i n 3 e c t i v e respectively Subjective, injective respectively surjective. A morphism -
is
called
strict,
if
for
seS
and
if
every
h s is
aeA1 s OkAl(a)=OkA2(hs(a)).
Because of the additional predicate structure on s i g n a t u r e s and algebras we require in p a r t ( 2 ) t h a t no ok e l e m e n t m a y be m a p p e d onto an error element or in o t h e r w o r d s t h a t t h e ok p r o p e r t y for elements is p r e s e r v e d by o u r m o r p h i s m s . The isomorphisms are the injective, sur3ective and strict morphisms. The strictness property is n e c e s s a r y , b e c a u s e we do not only want the operational structure but also the predicate structure to be r e s p e c t e d by i s o m o r p h i s m s .
146
-
hok
and
her r
denote
the
restrictions
of
h to
ok
and
hok =BeS ' h o k , s : herr=Kherr,s>seS , herr, s : For strict m o r p h i s m s we c a n
Alok,s ---> A2ok,s Alerr, s ---> A2 s . denote her r , s of course
herr,
s.
s
:
Alerr,
s --->
A2err,
error
by
elements.
:
Example 3.7 The following is an example of a morphism between algebras with ok predicates and a m o t i v a t i o n for the freedom of allowin,q error elements to ....be m a p p e d t o o k e l e m e n t s . We g i v e a m o r p h i s m f r o m t h e t e r m a l g e b r a of example 3.5 into the algebra of example 3.3. It is the uniquely determined morphism between these algebras taken without ok p r e d i c a t e s . hbool
:
Tbool false true
hna t
:
Tnat
---> ---> --->
Abool f t --->
o
I--->
negatzve suet(t) pred(t) if(b,tl,t2)
I---> ~---> I---> I--->
Ana t 0
ena t s u c c A ( h n a t (t)) predA(hnat(t) ) ifA(hbool(b) ,hnat(tl)
,hnat(t2))
Obviously, h r e s p e c t s t h e o p e r a t i o n s and h p r e s e r v e s ok e l e m e n t s . I t sends each t e r m t o t h e r e s u l t o f t h e c o r r e s p o n d i n g e v a l u a t i o n i n A. So succ(succ(0)) will naturally be mapped t o 2 and o f c o u r s e t h e e r r o r ( o r u n s a f e ) terms p r e d ( s u c c ( s u c c ( 0 ) ) ) , i f ( t r u e , 0 , n e g a t i v e ) and p r e d ( 0 ) will r e s u l t i n I , O and ena t , r e s p e c t i v e l y . The next theorem confirms that t h i s morphism i s t h e o n l y morphism between such algebras, i . e . o u r t e r m al,Webras a r e i n i t i a l . *** Theorem 3.B Let signature E° t e r m a l g e b r a T Z and exists a unique morphism h : T Z ---> t i a l in t h e c l a s s of a l l E - a l g e b r a s .
Z-algebra A be A, or in o t h e r
given. words,
Then there T Z is i n i -
~,~, S p e c i f i c a t i o n s An important difference between our specification technique and the usual algebraic specification w i t h o u t error handling is t h a t we i n t r o duce two different types o f v a r i a b l e s f o r t h e same s o r t . V a r i a b l e s of the first type will s e r v e f o r t h e ok p a r t o f t h e c o r r e s p o n d i n g carrier set only, variables of t h e s e c o n d t y p e f o r t h e w h o l e c a r r i e r set. Definition 4.1 L e t s i g n a t u r e E be g i v e n . A p a i r ( V , o k V) i s c a l l e d a s e t o f ( w i t h ok p r e d i c a t e s ) f o r Z, i f ( 1 ) V=s~ S i s an S - i n d e x e d , p a i r w i s e d i s j o i n t family of variables ) each Vs disjoint from E and ( 2 ) o k v = < O k v , s > s e S, O k v , s : V s - - - > BOOL i s an S-indexed predicates.
variables sets family
( of of
A g a i n , a s e t o f v a r i a b l e s ( V , o k V) i s o f t e n d e n o t e d by V o n l y . When no a m b i g u i t y a r i s e s , o k ( v ) means O k v , s ( V ) f o r veV s. I n analogy to ok and unsafe functions we use t h e n o t i o n s o f ok and u n s a f e variables.
147
Definition 4.2 Let signature Z, E-algebra A and variables to ( or interpretation of ) the variables functions Oks(Is(V)) If v,
I=se S f o r sES a n d
I s
: V s --->
As
V be given. An a s s i g n m e n t is an S - i n d e x e d family of
such
that
okv.s(V)
implies
vcV s-
ok(v)=TRUE h o l d s , i t i s n o t a l l o w e d t o a s s i B n an e.r..ror e l e m e n t ok(v)=FALSE i n d i c a t e s t h a t v may h o l d ok o r e r r o r v a l u e s .
Also, for alge.bras.
our
notions
Lemma & . 3 Let signature Z, be given. Then unique E-algebra
of
algebra
morphism
there
always
exist
free
variables V, E - a l g e b r a A and assignment I : V ---> A there exists a E-algebra Tz(V), such that there is a morphism ! : Tz(V) ---> A, e x t e n d i n g I in the sense
that
Is(V):~s(V)
for
The
notions
Z-equation,
of
and
to
s¢S and veV s. of
equations
satisfied
by a Z - a l g e b r a
and
of c Qngruence Telation on an a l g e b r a are defined as usual. But please note, our definition of assignment implies that there is a restriction to t h e s u b s t i t u t i o n of v a r i a b l e s . An e q u a t i o n m a y be v a l i d although it does not hold for error elements substituted f o r ok variables. E x a m p l e &.& Let n, nl+ and n2+ be v a r i a b l e s of s o r t nat with ok(n)=TRUE and ok(n1+)=ok(n2+)=FALSE. Then the algebra of e x a m p l e 3.3 satisfies the followin~ equations ( among others ). pred(succ(n))=n ( I ) pred(0)=negative ( 2 ) if(false,nl+,n2+)=n2+ ( 3 ) if(true,nl+,n2+)=nl+ ( 4 ) succ(negative):negative ( 5 ) pred(negative)=negative ( 6 ) But, f o r e x a m p l e the equation succ(pred(n))=n does
not
hold,
because
succA(predA(0))=succA(enat)=enat
.
***
Given a E-algebra A and a congruence relation ~ on it, t h e q u o t i e n t A/~ of A by ~ can be m a d e i n t o a E - a l g e b r a w i t h ok p r e d i c a t e s by defining the carrier sets and operations in t h e u s u a l w a y a n d by letting a class be ok, if a n d o n l y if t h e r e is an ok e l e m e n t o~ t h e algebra in it. In t h i s s e n s e T R U E d o m i n a t e s FALSE with respect to t h e ok p r e d i c a t e o f a class. Defintion &.5 Let signature Z, Z-algebra A and congruence ~ = < ~ s > s e S be g i v e n . ( I ) ( A/~ FA/~ ) denotes the usual quotient of an a l g e b r a by a congruence relation on it. ( Z ) OkA/m=se S is an S - i n d e x e d f a m i l y of p r e d i c a t e s . s([a])=ITRUE if there is a be[a] with OkA,s(b)=TRUE ok_ =' LFALSE otherwise -
(A/~,FA/~,OkA/~) p a r t ( 4 ) of o u r
is a E-algebra with definition for algebra.
ok
predicates
satisfying
For a given set of equations E with variables the induced set o f constant equations E ( T Z) a n d the generated least congruence relation denoted by ~E = < ~ E , s > s e S a r e d e f i n e d in t h e u s u a l w a y . T h e r e a l w a y s exists such a 5E' since we know that there always is a least congruence generated by a given relation, if we deal only with algebras without ok predicates and our congruence definition didn't
148
involve a ~E,s
the predicates. b by a ~ b. if n o
For brevity we ambiguities arise.
Exa,m,p,le & . 6 If we look at the equations p a i r s a r e in E ( T [ ) n a t d u e to t h e
o{ten
denote
of e x a m p l e 4.¢, w e first equation :
find
~E
the
by
~
and
following
But
the following p a i r s a r e n o t in
E(TE)nat:
On the o t h e r h a n d , t h e l a s t p a i r is in t h e c o n g r u e n c e r.e!ation r a t e d by E ( T [ ) : ¢ E(T[)na t ===> pred(succ(O)) ~ 0 ===> succ(pred(succ(O))) ~ succ(O) ===> pred(succ(pred(succ(O)))) ~ pred(succ(O)) ~ 0 The pleasant is that the valid.
thing about fundamental
Theorem &.7 T[/~ E is initial given a E-algebra g
: T[/~
Remark T [ / ~ E is
E --->
to e r r o r result
***
and exception handling of [ A n 3 78 ] is s t i l l
t h e c l a s s of a l l E - a l g e b r a s satisfying E, i.e. which satisfies E, w e h a v e a u n i q u e m o r p h i s m
A.
denoted
Example ¢.8 The quotient isomorphic to
in A,
our approach initiality
gene-
by
of the
TE, E a n d
called
the
quotient
term
algebra.
T[ in e x a m p l e 3 . 5 by t h e e q u a t i o n s in a l g e b r a of n a t u r a l numbers in e x a m p l e
example 3.3.
&.&
is ***
We now know that for given signature [, v a r i a b l e s V and equations E, there always exists an initial E-algebra which can be chosen as a standard semantics. So we put together signatures, variables and equations as u s u a l , g e t t i n g a specification. Definition &.9 A specification predicate, V is of [ - e q u a t i o n s . 5.
Correctness
is a
of
a triple ( E , V . E ) , w h e r e [ is a s i g n a t u r e w i t h ok set of v a r i a b l e s w i t h ok p r e d i c a t e s and E is a set
specifications
The usual notion of c o r r e c t n e s s of s p e c i f i c a t i o n s - the isomorphism between the speci$ied algebra and t h e g i v e n m o d e l - is s o m e w h a t too strong for our purpose. Our main interest l i e s in t h e ok p a r t of t h e carrier sets. The cruical point is t h a t t e r m s l i k e s u c c ( e r r o r ) and prod(error) in e x a m p l e 2.2 are error elements, b u t it is n o t i m p o r t a n t here that they are dif{erent. So w e a l l o w d i f f e r e n t error elements of the specified algebra to be i d e n t i f i e d in o u r m o d e l . Definition 5. I Let specification ([,V,E) and [-algebra A be g i v e n . ([,V,E) correct with respect to A, if ( I ) t h e r e is a s t r i c t m o r p . h i s m h : T[, E - - - > A s u c h t h a t ( 2 ) hok : T[,E,ok ---> Aok is ( 3 ) h e r r : T E , E , e r r - - - > Aer r is (E,V,E) is strongly correct with respect to A a n d t h e m o r p h i s m h is
bijective and surjective. respect to A, if an i s o m o r p h i s m .
it
is
is
correct
called
with
149
The conventional notion of gebras without ok predicates criterion, because then we elements
and
so
Tz,E,er
r
correctness of specifications for almay be embedded into this correctness only deal with ok functions and ok
= Aer r
= ~.
Example 5.2 We give a correct specification for the algebra A defined in example 3.3. The axioms E are identical to equations (I) (4) O f e x a m p l e &.&. T[, E is described by a canonical term algebra using the context-free languages defined by the following productions. : := f a l s e J true T[,E,bool = L Tz,E,na t = L The operations
We n o w d e f i n e :
1 0 I succ( )
: :=
negative
:
t
l--->~negative if / L pred(t) if a mapping h : TE, E - - - >
TE,E,bool
---> I--->
true false
hna t
i succ(
)
I pred(
( ) Okbool(b)=TRUE ( ) Okna t (n)=( neL() in T[, E are defined in the usual way, r s u c c n - 1 (O) i f t = s u c c n ( o ) and
predE, E :
hbool
: := : :=
t
) e.g. n>O
t=0 teL() A.
Abool
I--->
Tz,E,na
t f
---> Ana t i___>]'n
if
teL(),
t=succn(o)
t To
prove
that
h
is
a
( I
) h(o[,E(al
(
) ok[,E(a)=OkA(h(a))
2
It
is
easy
ena t if morphism,
strict
..... an))=aA(h(al) to
see
..... h(an))
seS
for that
teL() we have to show
and
the
holds
for
: every
oe[.
aeA s.
mapping
h
respects
the
operatlons.
The strictness of h, i t s b i j e c t i v i t y on the ok part and its surjectivity on the error part can be seen directly from its definition. The specified algebra is correct with respect to the algebra A of example 3.3 in A. to add 6-
although If we equations
Operational
A set preting
all error elements are mapped to the one error want to get a strongly correct specification, ( 5 ) and ( 6 ) of example 4.4. semantics
of
element we have ***
specifications
of equations can be viewed as a equations from left to right. By
set of rewrite rules substituting constant
interterms
for the variables we get a set of constant rewrite rules. These rules determine a reduction process on terms which stops if none of the axioms can be applied further. In this way we give an operational semantics for specifications which is well-defined if the set of constant rewrite rules has the finite church-tosser property. Definition Let
5.1
specification
([,V,E)
and
the
set
of
constant
equations
E(T[)
given. - - > E = < - - > s > s e S is t h e f a m i l y of relations on T[ defined by ( I ) If < t , t ' > £ E(TE)s, t h e n t - - > s t' . ( 2 ) I f o : sl x ... x s n - - - > s, t i e T s i for i = I ..... n and j e { I . . . . . n } w i t h t j - - > s j tj' a r e g i v e n , then
o(tl
.....
tj
.....
tn)
-->s
o(tl
.....
t3'
, ....
tn)
:
be
150
-->E = < -->s >seS is the reflexive and transitive closure and called the family of subterm replacements induced by E. sort s has the normal f o r m t ' , i f t - - > ~ t' a n d A term t of no
t'
-->s
~"
Example 6.2 The normal carrier set Definition
This
is
forms of the
-
If
t.
nf(t)=t'
there
ks
.
are identical term algebra.
to
the
elements
Of
the ***
is
church-rosser,, if. every term t of - - > ~ ~ a n d t - - > i ~' , then there
finite
church-tosser,
Definition 6.5 Let specification
each
,,t,e,,rm h a s
in examples 2.2 and finite church-tosser.
([,V,E)
with
finite
5.2
) FNF ti
= < °NF >oeE" of sort si
( 3
) °kNF = defined
aNF(tl
..... tn)
For for
~
°kNF,s
(t)
= LFALSE
,unique
s has a t' w i t h
normal
families
church-tosser
of
-->E
by : of sort
form,
subterm **~
be
given.
s.
o : sl x ... x s n - - - > s a n d i=I ..... n , the function ONF
= nf(a(tl
< °kNF,s >szS" by : TRUE if
a
the
The normal form alsebra (NF,FNF,OkNF) is defined ( I ) NF : < NFs >soS" NF s are the normal forms ( 2
sort is a
t'.
Example 6.4 For the specifications replacements -->E are
-
-->E
5.3
sod
-->E
by
of example 5.2 given canonical
-->E is called finite normal form, and if t
--,:
denoted
of
normal forms is given by :
..... tn) ) .
For there
a
normal is
an
ok
form term
t t'
of
sort
with
s OkNF,s
is
nf(t' )=t
otherwise
(NF,FNF,OkNF) is a E-algebra with ok predicates satisfying part (4) of our definition for algebra. A normal form t is ok in the normal form algebra if and only if there i s a n o k t e r m t' w h i c h has t as its normal from. In t h i s s e n s e the ok terms dominate the error terms, or in other words if an error term is equivalent to an ok term this 'heals' the error term. If the rules are ok term preserv~ng, which means there is no ~ be given. form algebra NF
Acknowledgement,s, We thank Udo Pletat work in the field and
and especially Gregor many fruitful discussions.
Engels
for
their
earlier
151
References ADJ
78
B1
80
Eh
79
Goguen,J.A./Thatcher,3.W./Wagner,E.G. : An Initial Algebra Approach to the Specification, Correctness and Implementation of Abstract Data Types. Current Trends in Programming Methodology, Vol. IV ( R.T.Yeh, ed. ). Prentice Hall, Englewood Cliffs, 1978, pp. 8g-t4g. Black,A.P.: Exception Handling and Data Abstraction. IBM Research R e p o r t RC 8 0 5 9 , 1 9 8 0 . Ehrich,H.-D. : On t h e T h e o r y of S p e c i f i c a t i o n , Implementation and Parametrisation of Abstract Data T y p e s . 3 o u r n a l ACM, Vol.29, 1982, pp. 205 - 227.
EKTWW 81
EPE
81
GDLE
GHM
82
77
Go
78.1
Go
78.2
Gu
75
Hu
77
LZ
74
Ma
79
O'D
77
Ro 73 Wa
77
WPPDB
80
Ehrig,H./Kreowski,H.-J./Thatcher,3.W./Nagner,E.G,/Wright,J.B.: Parameter P a s s i n g in A l g e b r a i c Specification Languages. Proc. Workshop on A l g e b r a i c Specification, Aarhus, 1981. Engels,G./Pletat,U./Ehrich,H.-D. : Handling Errors and Exceptions in the Algebraic Specification of D a t a T y p e s . O s n a brQcker Schriften zur Mathematik, Reihe Informatik, H e f t 3, Univ. OsnabrQck, 1981. Gogolla,M./Drosten=K./tipeck,U./Ehrich,H.D. : Algebraic and Operational Semantics of Specifications Allowing Exceptions and Errors. Forschungsbericht Nr. 1&O, A b t e i l u n g Informatik, Univ. Dortmund, 1982. [ Long Version of t h i s P a p e r i n c l u d i n g the Proofs ]. Guttag,3.V./Horowitz,E./Musser,D.R. : Some Extensions to A l g e braic Specifications. SIGPLAN Notices, V o l . 12, No. 3, M a r c h 1977, pp. 5 3 - 5 7 . Goguen,3.A. : Abstract • Errors for Abstract Data Types. Proc. Conf. on Formal Description of P r o g r a m m i n g Concepts ( E.3. Neuhold, ed. ) , N o r t h - H o l l a n d , Amsterdam, 1978. Goguen,3.A. : Order Sorted Algebras : Exception and E r r o r sorts, Coercions and Overloaded Operators. Semantics and T h e o r y of C o m p u t a t i o n R e p o r t No. 14, U n i v e r s i t y of C a l i f o r n i a , Los A n g e l e s , Dec. 1978. Guttag,3.V. : The Specification and Application to P r o g r a m m i n g of Abstract Data Types. Techn. Report CSRG-59, Univ. of Toronto, 1975. Huet,G. : Confluent Reductions: Abstract Properties and Applications to Term Rewriting Systems. Proc. lath I E E E S y m p . on Foundations of C o m p u t e r Science, 1977, pp. 3 0 - & 5 . Liskov,B./Zilles,S. : Programming with Abstract Data Types. S I G P L A N N o t i c e s V o l . 9, No. &, A p r i l 1974, pp. 5 0 - 5 9 . Majster,M.£. : Treatment of Partial Operations in t h e A l g e braic Specification Technique. Proc. Specifications of Reliable Software, IEEE, 1979, pp. 1 9 0 - 1 9 7 . O'Donnell,M.3.: Computing in S y s t e m s Described by E q u a t i o n s . LNCS 5 8 , S p r i n g e r Verlag, New Y o r k , 1977. Rosen, B.K. : Tree-Manipulating Systems and Church-Rosser Theorems. 3ournal ACM, V o l . 20, 1973, pp. 160-187. Wand,M. : Algebraic Theories and Tree Rewriting Systems. Technical Report No. 65, Indiana Univ., Bloomington, Indiana, July 1977. Nirsing,M. / Pepper,P. / Partsch,H. / Dosch,W./ Broy,M. : On Hierachies of A b s t r a c t Data Types. Bericht TUM-IaOO7,Institut fSr Informatik, Technische Univ. Munchen, M a i 1980.
