Table Of ContentConstructive Methods in
Computing Science
NATO ASI Series
Advanced Science Institutes Series
A series presenting the results of activities sponsored by the NATO Science
Committee, which aims at the dissemination of advanced scientific and
technological knowledge, with a view to strengthening links between scientific
communities.
The Series is published by an international board of publishers in conjunction with
the NATO Scientific Affairs Division
A Life Sciences Plenum Publishing Corporation
B Physics London and New York
C Mathematical and Kluwer Academic Publishers
Physical Sciences Dordrecht, Boston and London
o Behavioural and
Social Sciences
E Applied Sciences
F Computer and Springer-Verlag
Systems Sciences Berlin Heidelberg New York
G Ecological Sciences London Paris Tokyo Hong Kong
H Cell Biology
Series F: Computer and Systems Sciences Vol. 55
Constructive Methods in
Computing Science
International Summer School directed by
F.L. Bauer, M. Bray, E.W. Dijkstra, C.A.R. Hoare
Edited by
Manfred Bray
Universitat Passau
Fakultat fOr Mathematik und Informatik
Postfach 2540,0-8390 Passau, FRG
Springer-Verlag Berlin Heidelberg New York
London Paris Tokyo Hong Kong
Published in cooperation with NATO Scientific Affairs Division
Proceedings of the NATO Advanced Study Institute on Constructive Methods
in Computing Science held at Marktoberdorf, Federal Republic of Germany,
July 24-August 5,1988.
ISBN-13: 978-3-642-74886-8 e-ISBN-13 :978-3-642-74884-4
001: 10.1007/978-3-642-74884-4
Library of Congress Cataloging-in-Publication Data. NATO Advanced Study Institute on Constructive Methods
in Computing Science (1988 : Marktoberdorf, Germany). Constructive methods in computing science: inter
national summer school directed by F.L. Bauer ... let al.]1 edited by Manfred Broy. p. cm.-(NATO ASI series.
Series F. Computer and systems sciences: vol. 55) "Proceedings of the NATO Advanced Study Institute on
Constructive Methods in Computing Science held at Marktoberdorf, Federal Republic of Germany,
July 24-August 5, 1988"-CIP verso t.p.
ISBN -13:978-3-642-74886-8 (U.S.)
1. Electronic data processing-Congresses. I. Broy, M., 1949-. II. Title. III. Series: NATO ASI series. Series F,
Computer and systems sciences: vol. 55. QA75.5.N383 1988 004-dc20 89-19650.
This work is subject to copyright. All rights are reserved, whether the whole or part of the material is
concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting,
reproduction on microfilms or in other ways, and storage in data banks. Duplication of this publication or
parts thereof is only permitted under the provisions of the German Copyright Law of September 9, 1965, in.
its version of June 24,1985, and a copyright fee must always be paid. Violations fall under the prosecution
act of the German Copyright Law.
© Springer-Verlag Berlin Heidelberg 1989
Softcover reprint of the hardcover 1st edition 1989
2145/3140-543210-Printed on acid-free-paper
Preface
Computing Science is a science of constructive methods. The solution of a problem
has to be described formally by constructive techniques, if it is to be evaluated on a
computer. Thus constructive methods are of major interest for a computing scientist.
The Marktoberdorf Advanced Study Institute 1988 presented a comprehensive
survey of the recent research in constructive methods in Computing Science.
Some approaches to a methodological framework and to supporting tools for
specification, development and verification of software systems were discussed in
detail. Also the relevance of the foundations of logic for questions of program
construction was subject of the lectures. Further topics were new programming
paradigms and formalisms which have proven to be useful for a constructive
approach to software development. In this context especially the following main
issues were stressed:
Specification formalisms for requirements engineering, formal modelling,
and the validation of requirement specifications;
calculi for the constructive design of software that is correct by
construction;
verification calculi for software systems and their integration in the program
construction process;
programming support systems and programming environments;
special purpose constructive methods for the design of concurrent systems.
The construction, specification, design, and verification especially of distributed and
communicating systems was discussed in a number of complementary lectures.
Examples for those approaches were given on several levels such as semaphores,
nondeterministic state transition systems with fairness assumptions, decomposition
of specifications for concurrent systems in liveness and safety properties and
functional specifications of distributed systems.
Construction methods in programming that were presented range from type theory,
the theory of evidence, theorem provers for proving properties of functional
programs to category theory as an abstract and general concept for the description of
programming paradigms.
VI
The summer school provided an excellent overview over the field, included lively
discussions and finally showed a number of stimulating questions to the participants
and lecturers.
Also this time, like several times before, the Marktoberdorf Summer School turned
out to be a highlight in scientific discussions, for the exchange of ideas and for
establishing professional as well as personal relationships.
The outstanding scientific quality was completed by the excellent organisation and
the perfect environment that was provided by the members of organisational staff. It
is a pleasure for me to thank all the people who helped to make the Summer School
a success again. In particular my thanks go to Rainer Weber who did a nice job in
helping me to edit this volume and to Bernhard Moller who provided the theory of
rabbits as a
Theoretical
Investigation of the
Bringing in and
Bringing out of
Arguments in
Reasoning
together with the illustrations as printed in this volume.
Passau, May 1989 Manfred Broy
Table of Contents
J. Misra
A Visionary Decision (After-dinner Speech) .............................. 1
Part I Constructive Logic and Type Theory
RC. Backhouse
Constructive Type Theory -An Introduction ............................. 9
R.L. Constable
Assigning Meaning to Proofs: A Semantic Basis for Problem
Solving Environments ....................................................... 63
RS. Boyer, J.S. Moore
The Addition of Bounded Quantification and Partial Functions to a
Computational Logic and Its Theorem Prover ............................ 95
Part II Design Calculi
RS. Bird
Lectures on Constructive Functional Programming ... ....... ..... ... ... 151
E.W. Dijkstra
On a Problem Transmitted by Doug McIlroy ............................. 219
E.W. Dijkstra
A Computing Scientist's Approach to a Once-deep Theorem
of Sylvester's ................................................................ 223
E.W. Dijkstra
The Derivation of a Proof by J.C.S.P. van der Woude ................. 233
C.A.R. Hoare
Notes on an Approach to Category Theory for Computer Scientists .. 245
VIII
Part III Specification, Construction, and Verification Calculi for
Distributed Systems
M. Broy
Towards a Design Methodology for Distributed Systems .............. 311
B.W. Lampson
Specifying Distributed Systems.. . . .... . .. . . .. .. ....... . ... . . .. . ... . ... . . .. 367
J. Misra
A Foundation of Parallel Programming ................................... 397
A.J. Martin, J.L.A. van de Snepscheut
Design of Synchronization Algorithms. ... . . .. . . ... . .. .. .. .. .. . .. .. ... .... 447
A VISIONARY DECISION*
J ayadev Misra
Department of Computer Sciences,
University of Texas at Austin,
Austin, Texas 78712
U.S.A.
Ladies and Gentlemen:
I am pleased to be here and honored to be addressing you. I thank the organizers for
giving me this opportunity to talk to you. I will go home with many pleasant memories: the
excellent organization; the mountain trip and the Bavarian songs; this great farewell dinner;
the hospitality of Profs. Bauer and Broy; lecturers, students, and Willem Paul de Roever; the
city of Marktoberdorf, and its pubs, in particular. But I also leave with some sadness; we the
lecturers have neglected a vital part of your education here: sales.
The act of selling involves two parties: a seller and a buyer. In this summer school you
have seen ten smooth-talking salesmen peddling their theories and formal systems. My speech
today is to the participants on how to resist these sales efforts; how to become what Americans
call "informed buyers"; how to fight a new idea every inch of the way. In America, for over a
century, we have successfully resisted the sales efforts of this English chap: Charles Darwin.
But first a major theoretical result. It had long been conjectured that there is a limit point
at which any new idea is immediately rejected. This result has now been proven constructively;
the limit point is known as the de Roever point.
I have done some historical research on successful resistance of sales efforts. I have been
assisted in this work by an able research assistant. If you have been missing him in the lectures,
or wondering about that suspicious trip to the Deutsche Museum on Sunday, now you know
the answer. A hand for Prof. Bauer, who has unearthed a rare document.
This is a transcript of a conversation that took place in ancient Rome; the date is around
100 A.D. In this corner, we have a smooth talking Hindu salesman pushing the Hindu-Arabic
numeral system. His motive is clear; he wants to get a foot-hold in Rome and then take over
'This is a slightly revised version of an after-dinner speech given on August 3, 1988, at the International
Summer School in Marktoberdorf, Germany. I am grateful to Richard Bird for pointing out that one of the
weaknesses of the Hindu-Arabic numerals is the presence of a symbol for zero.
NATO AS! Series, Vol. F 55
Constructive Methods in Computing Science
Edited by M. Bray
© Springer-Verlag Berlin Heidelberg 1989
2
the rest of the continent by dumping low-cost mathematics which are produced using cheap
foreign labor. Fortunately for the western civilization, in the other corner we have the informed
Roman buyer who knows that Roman numerals are superior. I will now read out the document
(I will use the abbreviation Hindu System for Hindu-Arabic System).
Hindu: Sir, I have brought some samples of our amazing new product, Hindu number
system. You can do the four arithmetic operations in sublinear space and time. You just let
the symbols do the work.
Roman: We have slaves to do our work. (pause) I have assembled a distinguished group
of experts in the science of computation who are well aware of the superiority of the Roman
System. Let us hear from them.
Dijkstra: I have been most impressed by the elegance and simplicity of calculations in
the Roman System: Simple concatenation for addition and pairing for subtraction. They have
avoided needless complexities such as multiplication and division. The Hindu System forces
me to carry around many large tables in one small head.
Hoare: One can clearly see the large number of algebraic identities in the Roman System.
Associativity of concatenation immediately tells us that addition is associative. Hindu System
offers a poor basis for such deductions.
Backhouse: I was using the Hindu System. Since the position of each symbol in a number
determines its value, I had to carry around too much context. That is why I switched to
Roman numerals, and I have never been happier.
Bird: The Roman System allows you to abstract away from the actual numbers and study
the operations, concatenation, for instance. The Hindu System is operational; it gives you an
imperative procedure for addition and hence forces you down to the level of numbers.
Broy: The Hindu System forces you to add in a deterministic fashion. The Roman System
is clearly superior because it avoids overspecification.
Constable: The Roman System is object-oriented. A model for a Roman number is
immediate-a flock of sheep, for instance. The meaning function maps each vertical bar in the
number to a sheep, and consistency of the whole system is immediately obvious.
Lampson: The Roman System maintains the relationship with reality all through a com
putation. When you have counted three bars you have counted three sheep, for instance. In
the Hindu System what do the figures represent halfway through an addition; what is the
physical meaning of a carry? It is a symbolic jungle without any intuitive appeal. Then they
have the most unnatural way of working-from right to left. Their system is too complex for
average people.
