Theoretical Computer Science 18 (1982) 1-31

North-Holland Publishing Company

ABSTRACT DATA TYPES AND ALGEBRAIC SEMANTIXX

OF PROGRAMMING LANGUAGES

C. PAIR
Centre de Recherche en Informatique de Nancy, 54037 Nancy Cedex, France

Communicated by M. Nivat
Received March 1980
Revised (Sctdber 1980

1. Introduction

The origin of this study is the research of a formal description of compilers

allowing proofs of correctness and automatic generation [9].
If the generation of syntactic analyzers from a grammar has now reached an
industrial level [4], writing the other components of a compiler is still generally an
ad-h:yc work. The reason is probably the absence of well suited tools for defining
semantics. However several autl;durs have proposed to use a formal semantics to
implement a language; for example, P.D. Mosses [20], N. Jones and A. Schmidt
[ld] use a denotational semantics of the source language, the target language being
fixed.
Following [19] and [3], a compiler is correct if the diagram of Fig. 1 commutes:
Ls is the source language, LT the target language, A& and & the associated sets
of meanings, Sent the semantic mapping, compiZ the compilation mapping, &Is and
A& are connected by a relation repr of representation,

cornpi! repr

I I
l.,-------_,M,
sem

Fig. 1.

A possible solution would be to build actually a compiler with three steps:

LS + A& + A& + LT_However, the meanings, defined, e.g., by a denotational seman-
tics, are often complex objects, We prefer to consider intermediate sets of more
tractable ‘semantical descriptions’, Ds for the source language, DT for the target
language, and thus define the compiler according to Fig. 2:

0304-3975/82/OOOO-0000/$02.75 @ 1982 North-Holland

 C. Pilir

repr

I
imp/
f
i

D;i-- --se;,--&
expr

Fig. 2.

- the first step, sa, can be considered as a syntactical abstraction [ 18 I; it depends

on the source language only;
- the: second step, ~oz~Z, depends on the implementation choices;
- the third step, expr, is an expression mapping, inverse of a syntactica abstraction;
it depends on the target language only.
The nature of the ‘semantical descriptions’ remains to be chosen. We propose
taj use terms of algebraic abstract data types [ 19 12). Therefore, for e,ach language
we define an abstract type by operations and equational axioms; semantical descrip-
tions will be certain terms of this abstract type (cf. Pig. 3, where Ts and TT are t’,te
sets of terms of the source type and the object type, respectively).

sa sem’
_---__-
Ls ‘Ds = Ts *MS
I t
I I I
imp1 I I repr
I I
I
I -1
LTf---- DTcTr ------+&
expr sem’

Fig. 3.

This choice, also proposed by [Zl] and [5], presents several advantages:
- from a pragmatic point of view, the data stralcture processed by the. language
has to be described, and an abstract data type is a tool for that description;
- from a more theoretical point of view, the semantics of an abstract type (sem’
mapping) can be canonically described; a possible choice is ‘initial a&bra seman-
tics’, where MS and A& are the initial algebras of the source and target types; but
it is not the only possible choice and it can be criticized: other algebras can be
chosen for MS and A&.
- sem’ is a morphism from the term algebra Ts &resp. TT) into the algebra MS
(resp. MT)); repr and imp2 are also morphisms: in particular, this means that imp1
is completely defined by the images of the source type operations, these images
verifykg the source axioms; for initial algebra semantics, morphisms sem’, imp1
and repr are unique and the diagram commutes.
This leads to define the semantics of a programming language by:
- an algebraic abstract data type;
- a syntactical abstraction mapping (which can, for example, be defined as a
morphism on syntactical trees).
 Ahstract & ta types and algebraic stwan tics 3

Using an algebraic abstract data type for defining semantics has also been done,
and its advantages justified, by [29] and [6]. In fact, several semantics are thus
defined, according to the choice of the algebra of meanings: a possible choice is
the initial algebra; another one would be a terminal algebra. This kind of definition
of the semantics can be called algebraic since it uses algebras and morphisms, but
also in a sense close of [22], for the meaning of a program is then a set of terms,
i.e. trees, equivalent for some congruence: with each phrase Js associated, by
syntactical abstraction, a term of the type, and therefore its class for a congruence,
for example generated by the axioms of the type if the chosen semantics is that of
initial algebra. Thus, the presence of axioms prevents of having to consider infinite
trees like [l] or [22]. The study of models of abstract types by algebraic methods
[24,5] avoids any recourse to fixpoint theory [26]. Kere we do not build an ‘algebraic
denotational semantics’, Le. a formalization of denotational semantics by an abstract
type [20]; the abstraLiion will start from the language itself and not from a
denotational semantics: we think that this approach leads to simpler descriptions.
The aim of the paper is to make this semantics precise; it describes the class of
abstract types adapted to deterministic algorithmic languages, in particular without
parallelism. Indeed, with all these languages correspond similar types; this can
make the implementation definitions easier and permits to study them in general.
This class of abstract types will be defined in Section 3, after being introduced by
simple examples, but avoiding fixing too much the considered language which is
of no much importance. The treatment of more complex constructs will be presented
afterwards (Sections 4, 5 and 6) to show that the method is general and can be
favourably compared to others for simplicity. In the Appendix a complete example,
relatively simple but containing some of the difficulties present in programming
languages, is treated. In Section 7 are established general results on the considered
class of abstract types: in particular, are proved the consistency of the type and
the existence of models, necessary to actually define a semantics; more precisely,
these models extend given mcdels of the primitive types (integers, booleans, . . .)
on which the built type relies. These results will allow us to come back to compilation
(Section 8).
[lo] gives another presentation, using abstracl types only for the instantaneous
aspects of semantics, the dynamic aspects being presented at another level, less
formal, by transformations between abstract types. It is an intermediate point of
view between that presented here and a previous formalization of data structures
by equational formal systems [23], applied by [S] to the semantics of programming
languages.

2. Introduction of the abstract type associated to a programming language

2.1. Signature of the Type

To describe a progi,amn:Itrg language, WChave to consider:

- the values to be processed: integers, booleans, . . . ,
 the phrases of the language: expressions, statements, . . . .
Thus, a!mong the sorts of the type will lbe found:
sorts for the values, as In?, Boob, . . . ,
sorts for expressions of the corresponding types, which will be noted Int, Bool, ... ;
sort Stm for the statements.
Examples of ret’ins of sort Int can be:
mul(n b (_3),n b(4);, plus(va l(id (a)), val(id(b)))
corresponding to the concrete syntax:
3*4 a+b
An example of a term of sort Stm can ‘be:
assign(id(a), plus(val{id(la)), t’al(id(b))).
The qwrat;ons mu1 and plus are constructors of the sort Int:
mul:IntxInt+Int, plus:IntXInt+ Int.
They are associated with similar operations of the value sort Int:
mul:I..t~Int+Int, plus :IntxInt+Int.
An identifier is also a kind of ex&ession: let us call Ident the corresponding
sort; it is blnilt from a character string’of the program (sort Text):
id ,: Text -aHen t.
Similarly,
mbrText-, Irrt.
val has the fulnctionality:
vakident-, Int and assign:IdentxInt+Stm.
assign is a coiMructor of the sort Stm. Among the other constructors of this sort
can be found:
noithirlg:+ Stm, cone : Stm x Stm --)Stm
allowing to builld statements as sequences of statements.

An expression has to be evaluated into a value, but this evaluation depends on

a ‘state’. To ex;?ress this fact, we introduce a sort S of states and an operation which
evaluates esr;pressionsaccording to states:

In fact, eval wilI be a ‘generic’ operation, i.e. an operation with a multiple functional-
ity;. for example, it has also the functionality S xBool+ of. It is an ‘external
operation’, connecting the sorts of expressions and states to the primitive sorts.
 Abstract data types arzd algebraic semantics 5

A statement t ansforms a state into a state; this is expressed by an cperation:

apply : S :cStm + S.

Intuitively, a state can be viewed as constituted of objects (integers, stririgs,

arrays, identifiers, procedures, , . . .) connected by functions (e.g., val): cf. the data
of [23]. In this sense, it encompasses the notions of environment and store of
denotational semantics [26,27]. It can also be viewed as a set of theorems, e.g.
val(id(x)) = 3 : cf. the informations of [23] or [S].

2.2. Axioms

Let us now see the axioms for evai.

To compute, e.g., eval(s,mul(el,e2)), we first have to compute eval(s,el) and
eval(s,e2), then ?.o use the operation mul OR jntegers:

eval(s,mul(el,e2)) = mul(eval(s,el),eval(s,e2)).

Such an axiom will be also written for add and, more generally, for every operation
h having a corresponding operation A on values.
For example,

eval(s,nzul(nb(3),nb(4))) = mul(eval(s,nb(3)),eval(s,nb(4)))

= mu4f(nb(eval(s,3)},nb(eval(s,4)))

= mul(nb(J),nb(4))
with
nb: Text-, Int, 3: + Text, 4: + Text.

We have to introduce a value sort Text associated with the tixpression sort Tert.
Similarly will be introduced Ident associated with Ident, and id: Text+Ident. Thus,
we make a complete distinction between ‘syntactic’ sorts for tne phrases of the
language and ‘semantic’ sorts for their values. It is however possible to interpret
two such sorts, e.g. Text and Text, or Ident and fdent, by the same set; in othler
cases, it is more advisable to distinguish between these interpretations, interpreting
for example Ideat as a set of locations while Ident Is considered as a set of simple
or subscripted variables.
The case of the operation val is different: its evaluation actual!y depends on the
state. To co.mpute eval(s,val(i)), we first compute eual(s,i) in the sort Ident; then,
we use an axiom :

eval(s,val(i)) = eval(s,vul(eval(s,i))).

val is a new operation introduced for this axiom:

vaf:Ii#ent+ Int;

eval(s,val(l)) gives the value of the ‘location’ 1 in the ‘state’ f.

6 C. Pair

Its evaluation has to be done by an induction on s. To express it, we shall

introduce operations which will generate statements and then build states by apply.
One of the:n is sub-vul: its role is to modify val for one ‘location’:

sub-val:IdentxInt+Stm.
Then, we can write the axiom:

eval(appIy(s,sub-val(i,v)),val(i)) = if eq(i,j) then 0 else eval(s,val(j)).

Moreover, sllrb-vulis used to precise assign by the axiom:

ap;+(k,assign(i,e)) = apply(s,sub-val(eval(s,i),eval(s,e))).

Other axioms can be:

appty(s,nothirtg)= s,

ap,ply(s,conc(stml),stm2)) = apply(apply(s,stml),stm2).

2.3. Syntactical abstraction

The role of the syntactical abstraction sa is to transform a phrase of the language,

like a := a + 6, into a term of the abstract type, like

making manifest the syntax hidden operations. The mapp& sa has an argument
which is a phrase, or more precisely a syntactic tree; it is recursively defined from
the grammar, For example:

sa@T+ I := E] = assign(saLI],sa[EI),

sairE+ E + P” = plus(sa[E],sa[Pl),

sa:[P--,Ij = 0a l(sa[@,

sa[I + a] = id(a).

The sort Text is used to initialize the recursive definition.

In thle sequel we omit left parts of rules when no ambiguity arises:

~$1 := E] = assign (sa[I], salEn),

sa[Sl ;S2J = conc(sa[Sl],sa[S2]).

This last equation is valid only if the language does not contain go to statements
(Section 5 1.

2.4. Case of a tnnguage with procedures

We: examine here procedures without parameter nor local variables (see Section
4 for a more general case). A procedure identifier has a ‘value’, which is a statement:
 Abstract data types ard algebraic semantics

we call poss * the operation accessing this value:

sa[call p] = call(id(p))

with

call:Ident+Stm

and the axiom

apply(ss,call(q))= apply(s,eval(s,porn(q))).
The operation poss plays, for procedure identifiers, the role of val for integer
identifiers. A value is assigned to a procedure identifier by a declaration:

sa[proc p = b] = dcl(id(p),sa[bj’),

dcl:IdentxStm+Stm

with among the axioms:

applyL~,dcl(q,m))= apply(s,sub-poss(eval(s,q),m)),
eval(conc(s,sub-poss(r,m)),poss(r’)) = if eq(r,r’) then m &e eval(s,poss(r’)).

sub-poss is a new constructor of the sort Stm, playing for pow the same role L-IS
sub-val for val.
pass(i) is an expression; the corresponding values are statements. We have to
introduce an expression sort Stm associated with the sort Stm of statements as
value sort:

poss : Iderr t + Stm, eval :SXStm -,Stm,

poss .*Iden t + Stm, sub-poss:IdentxStm+Stm.

Moreover, it would be more clear to distinguish between integer identifiers aand

procedure identifiers, introducing a sort Idproc and an operation idp: ‘Ikxt+ Idproc.
The operations call, dcl, poss would then bear on the sort Idproc, and ~IOSS,sub-pass
on the associated sort fdproc.

3. Definition of the abstract type

3.1. Value sorts

For each language are given some value sorts, and aalong them necessarily ltlool
and Text (other examples are Int, Ident).

’ poss is an abbreviation for ‘possesses’. The reader could see there an influence of Algol 68 [28].
This influence is real and it could be considered that in some respect the proposed semantics is a
formalization of that of [28], See also [8] which presents similar ideas in another way.
8

These sorts have operations (e.g., &IS, mul, ub, dd); in particular two operations
eq: YVXv-, Boo&

if then else : Boo1 x Vx V+ V

must exist folr some value sort V, when they occur in the axioms for eual. Axioms
are given for ‘[theoperations, e.g. plus(x, y] =plus(y,x,).

3.2. Expression sorts

Each expression sort V is associated with a value sort V.
To build an expression operations, like &s, m&, nb, id, are used, associated
with operations on values; other operations, like @al,are used too, we call them
modifiable operations (the corresponding values are ‘modified’ by the statements’).
The operations generating the expression sorts are therefore:
(a) operations fr VI X x Vn --,V, each of them associated with an operation
l l l

j’:Vdx* “ x ‘Iyn--, V on value sorts; they are called basic operations.

!b) other operations called modifiable ; with a modifiable operation f: VI x * 9 x l

Vn -, V another one is associated, f: VI x 'x Vn + V (which will be used in the

l l

axioms for etraf).

No axiom ii!sgiven for the operations on expressions.

3.3. The sort Stm of statements

It is also a value sort, which can correspond to an expression sort Stm. Stm is
generated by operations of three classes:
(a) for every modif’ta.ble operation f; Vl x x Vu -, V, the operation
l l l

sub-f: Vl x +XnXV+Stm.
l l

(b) some operations depending on the language: their domain is a Cartesian

product of expressions sorts and Stm ; examples are assign, cone, nothing; another
one is cond:BoolxStm XStm +Stm.
(c) if then else: Boo1 XStm XStm + Stm.

3.4. Tke sort S of states

The abstract type contains a sort S of states, with the following operations:
(a) to generate states:
the initial stat; init: 4,

app!y : SXStm -, S;
thds, a state is given by a term
app/y(. . . apply(apply(init, m I), mz). . . , mJ

where ml, m2, . . . , m, are statements; thus, it can also be viewed as a computation.
 Abstract data types and algebraic semantics

(b) an ‘external’ operation:

eval:Sx V-a V

for every pair of an expression sort V and the corresponding value sort V.

3. s’. Axioms

(a) on operations generating statements:

- for each operation g depending on the language, with n arguments, an unique
axiom with as left member apply(s,g(ul, . . . , u,)) or g(uI, . . . , u,).

Examples :

apply(s,assign(i,e)) = apply(s,sub-~~aI(eval(s,i),eval(s,e))),

apply(s,cond(b,ml,mz)) = apply(s, if eval(s,b) then ml else mz),

apply(s,nothing) = s,

while(b,m) = cond(b,conc(s, while(b,m)),nothing).

- if true then ml else m2 = ml, if false then ml else m2 = m2

(b) on eval:

(1) eval(s,h(ul, . . . , u,)) = h(eval(s, ul), . . . , eval(s, u,))

if h is a basic operation, with m arguments (n 30);

(2) eval(s,f(& . . . , un)) = eval(s,f(eval(s,ul), . . . , eval(s,u,)));

(3) eval(apply(s,sub-f(vl, . . . , v,,, v),f(&, . . . , vk)) =

= if/\ @vi, v i) then v else eval(s,f(v >, . . . , v a);

i

(4) eval(apply(s,sub-f(vl, . . . , v,,, v)),f’(v’I, ..., v#=eval(s,f’(v’l, l l . , vi))

if f and f’ are modifiable operations, and f is distinct from f’.

3.6. A possible simplification

It is possible to remove the : sort S by replacing a state by the modification which

generates it from M. In the axioms, apply is then replaced by COW. In fact, the
new type is a representation of the previous one, representing S by Stm and apply
by cont.
This presentation, slightly more economical, is closer of that af [6]; it has been
used in [25]. As it is perhaps less intuitive, less generalizable, e.g. to undeterminisn,
and makes less clear the hierarchy used below in Section 7, we do not use it here.
to C. Pair

4. Applicafian fs procedures

We introduce (cf. Section 2.4) associated sorts Mproc and Idproc for procedure
bdentlfiers, amd associated operations M”P:Ew-+ Idproc and idp: Text -+ Idproc. As
we have seen in Section 2.4, an expression set Sfm is associated with Stm. San has
modifiable operations
poss ::Idproc + Stm and poss : Idproc -, Stm.

Thus there exists

sub-poss : Idproc XStm -3 Stm

vermifyingthe axioms; in particular

eualfconc(s,sub-poss(p,m),poss(q)) = if eq(p,q) then m else eval(s,poss(q)).

We suppose that in the language there exists no operation on procedures; then

SEB has no basic operation. If it would not be the case, it would be necessary to
d%:inguish between Stm and a value sort of procedures, with two inverse transfer
functions between them.

4.1, Procedures withoutparameter nor local vasiable

Th:is case was studied in Section 2.4:
&call p] = call(idp(p)),

call : Idproc + Stm ;

axiom: apply(s,call(q)) = npply(s,eval(s,poss(q))).

The operation poss is ‘modified’ by a declaration:

sa&roc p = body’ = dc!(idp(p),sa/[bodyj’),

dcl: rdproc XStm + Stm ;

axiionx apply(k,dcl(q,m)) = apply(s,sub-po,ss(eval(s,q),m)).

IRecursivity gives no difficulty in this case: m, i.e. sa[body,f, may contain
car’l(idp(p)) as a subterm.

4 .Z. Local valriables

1705recur&e procedures with local variables, we must make a distinction between
identifiers and locations: an identifier can designate several locations, depending
on the current procedure, and a 1ocaQon contains a value (here, an integer).
This remark leads us to introduce two vaiue sorts:
- C #Forprocedure calls,
- & for lt?cations
 Abstract data types and algebraic Fernantics 11

with two operations:

des:IdentxC+L,

val:& + Int (modifiable operation).

Then, if i is’an identifier (of integer):

sali] = des(id(i),cc)

where cc is the current procedure call; more precisely, cc is a modifiable O-ary

operation, changed for each new call and each return (cf. the environment of
denotational semantics):

C is the expression sort associated with C.

C can be generated by an initial call (of the program), and a constructor of new
calls; the new call will depend on the state (i.e. the nrevious computation); to be
sure that it is actually new, we put also as argument ihe called procedure identifier
which will be useful in an axiom below:

incall: + C,
newcall: S XIdproc + C.

The axiom for call given in Section 4.1 hasI then to be ck;lnged into:

appM,caMW= apply(apply(apply(s,
sub-cc(newcall(s,eval(s,q)))),

eval(s,pass(q))),

sub-cc(eval(s,cc))).

Finally, we can express the rules relative 1:oscopes by two axioms for des. The
second one uses an operation:

scope .*Iden t + Idproc;

scope(i) is the identifier of the smallest procedure containing the declaration of the
identifier i.

eq(des(i,c),des(j,c))
= eq(i,j),
’ ’ = eq(i,j) and not eq(scope(i),q).
eq(des(i,newcall(s,q)),des(j,eval(s,cc)~~

A >wayof introducing scope is to put, tiy the syntactical abstraction, with each
identifier the identifier of the procedure where it is declared; therefore sa is not
12 C. Pair

exactly a homomorphism dealing with the syntactic tree of the program, but rather
with a tree de:corated by attributes [ 171. However it is also possible to express this
decoration in rrhetype itself.
I ,et us note Ithat the domain of definition of des could be precised by a precondition
[131 taking in,to account the scoping rules (see [lo] for the use of preconditions).

4.3. Param&rs
Let us now suppose that a procedure has one parameter, called by value. We
need an opera.tion to access this parameter from the procedure idewtifier (supposing
all procedure :identifiers of a program different):

Then, we hzlvleb to express that, at a procedure call,, the formal p:arameter takes the
value of th c;!61;:tualparameter:

sa[m )“Ip(e)J = call1 (idp(p),saQk&

call1 *.Idprocx In t + Stm,

apply~s,calll(q,u)) = apply 4(s,

slrb-val(des(vp(q),nc),eval(s,u))
sub-cc(nc),

eval(s,poss(q,I),

sub-cc(evak(s,ccj))
where q 2%eual(s,q) and nc = newcall(s, q).
For pari;meters called by reference, we introduce a sort Idpar, the sort Ll of the
corresponciing locations (!ocations of locations), and operations:
- de~p:fdp~r XC+ Ll similar to des,
- vak Ll+.k, modifiable, similar to val and giving the location of the corresponding
actual parameter.
Then, for a procedure having two plarameters, the first called by value and the
second b;y reference:

rp :Idproc -, Idpar,
sa,fcallp(e, v)] = ca U2(idp(p),sr;#ej’,sa[vJ),

app~y(s,call2(q,u,l)j = apply ‘(s,

sub-val(des(vp(q),nc),eval(s,u)),
sub-valp(desp(rp(q),nc),eval(s,l)),
sub-cc(k),
 Abstract da:s types and algebraic semantic? 13

sub-cc(eval(s,cc)))

where q = eval(s,q) and nc = nzweall~s,q).

The operations up and rp can be introduced by sa : for X, 3 parameters respectively
called by value and by reference,

si&] = vp(scope(x)), sa%yJ= ~p(scope(y)).

For procedure parameters, sub-pass would be used to pass the actual parameter,
but moreover an extra parameter should be passed, the current call, to be reused
when calling the parameter.

5. Case of a language with jumps

For a language with go to’s, the definition of sa[Sl;S2] given in Sec:tior,l 2.3 as
conc(sa[Sl],sa[S2]) is no longer valid. We modify it into

sa[Sl ;S2J = cong(sa[Sl],sa[S2]).

In order to axiomatize the operation

tong : Stm X Stm + Stm

and jumps, we introduce:

- a value sort Lube1 generated by the operations:

idl: Text + Label, seq : + Label

(the ‘label’ seq means ‘go on sequentially’);

- eq : Label x Label + Boal;
- an operation in :Stm xLabel+ Boo1 indicating the presence of a lad m (th.e
text of) a statement;
- a modifiable operation next; + Label giving, at each step, the labe!l. where to
jump (seq if there is no jump).
Then
&go to i]= goto(idl(i)),

goto : Label + Stm,

apply(s,goto(l)) = apply(s,sub-next:‘eval(s,l))).
Moreover, before executing a labelled statement, it is necessary to ‘reset’ nlext to seq :

sali: Sn = lab(idl(i),sa[Sj’),

ap@ycs,lab(l,m)) = apph(s,conc(sub-next(seq),m)).
14 C Pair

eq and ir;fare easy to axiomatize. For example:

eq(M(i), idl( j)) = eq(i,j),

tq(kil(i),sfq~ =false,

in(assign(j,c),Q = false,

048
(gow(i11,/)= false,
ifi(lab(ll,s),l) ==eq[ll,l) or in(s,l),
in(cong(sl,s2),1) = in(sl,l,, 02 in(s2J).

To simplify the next axioms, we associate with in an operation in generating

boolean expressions:

in : Stm x Label -3 Bool

with the axiom*. evai(s,in(s’,llj = in(sI,eval(s,l)).

Finally, let us come back to the axiomatization of tong :

con~(sl,s2) = cond(in(sl,next) or eq(next,seq),

congl (sl,s2),

Intuitive&, cortg(sl,s2) executes the statements sl, s2 while the value of next is
~1 Or in t2; con,ul(sl,s2) or cong2(sl,s2) is interpreted like cong(sl,s2) but the
execution’begins in sd or in ~2, respectively. This it;expressed by two axioms:

&ngl (sl,s2) = conc(sl,cond(in(s2,next) or eq(next,seq),

i
‘z cong2(sl,s2),nothing)),

cl~&2(sf,s2) = conc(s2,cond(in(sl,next),congl (sl,s2),nothing)).

6, N&ions on side eifects and functions

Up to now, we have considered that an expression did not cause any modification
on the state, i.e. the language has no side effect. Side effects can be caused by
functions ant:1we have not considered functions :ither.
Side elects lead to consider that an cxpressiou can caus’e a modification of state
and therefore to give also to apply the profile

sxv+s
for every expression sort K
 Abstract data types and algebraic semantics 15

Moreover, the axioms given for eual in Section 3.3 have to be changed. For
example:
eval(s,h(ul,u;?)) = h(eval(s,uI),eval(apply(s,ul),u2))

if h is a basic binary operation;

eval[s,f(u)) = eval(apply(s,u),f(eval(s,u)))

if f is a modifiable unary operation.

It is also necessary to take side effects into account to axiomatize statements.
For example:

apply(s,assignO,e~~= apply(s,sub-vaI(eval(s,i),eval(apply(s,i),e)).

For functions, it can be considered that they give a result in a fixed location
represented by a modifiable 0-ary operation res. Let us suppose that the execution
of a function is terminated by that of a return statement indicating the expression
the value of which is returned:

sa[return e] = ret(sa[e]),

apply($ret(v)) = apply(s,sub-res(eval(s, v))).

Moreover, for 21function call with an integer argument and an integer result:

sa[p(e !j’= fcall(idp(p),sa[ej’),

’
fcall:Idproc.Unt+Int -I

eval(s,fcall(q, u)) = eval(apply(s,fcall( u)),res).

apply(s,fcall(q,u)) is axiomatized, according to the peculiarities of the language, in

a similar way as in Section 4, taking into account the side effect of the argument.
Parameter functions, and in particular calls by name, could be axiomatized on
this basis.
The class of abstract types considered in Section 3 for the languages without side
effects can be viewed as a particular case of the class studied here, with the axiom
apply(s,e) =s for every expression e.
In the sequel, we study properties of the abstract type in the case where there
is not side effect.

7. SSndy of the type

7.1. Hierarchical construction of the type

Defining the sema.ntics of a programming language consists qf extending the

semantics, supposed to be known, of primitive objects (integers, booleans, . . .) to
16 C. Pair

the other objects, especially the constructs of the language. This remark leads to
give a hierarchical definition of the abstract type associated with the language. It
reCies on a primitive type, formed with certain value sorts, like Irtt, Bool, Text (but
not C, RI which can be called auxiliary sorts): among the primitive sorts are to be
found those sorts the interpretation of which is imposed; in this sense, ldtwt can
be undifferently considered as a primitive sort or an auxiliary sort.
MorecPver, the terms of sort S are in the form

appb4.. . app~y(apply(init,ml)m2). . . , m,)

where the mi are terms of sort SAM:

t?li =SUh-f(~~:~ . . . , Vn,V) or mi= g!Uj, l l l , UJ.

Some terms of s(lsrt S express computations: those where the second argument of
apply is always a sub-f(vl, . . . , vn,v). Computations are generated by init and
‘hidden’ operations subst-f defined by:

apply&ub-f(vl, . . . , v,,,v) =subsr-f(s,vl, . . . , vn,v).

A theorem appiy(init,m) =c;g, where cp is a computation, means that the program

expressed by m terminates; cp can be viewed as a normal form for appfy(init,m).
We call normal type the t,ype where the terms of sort S are restricted to be
computations, and normal terms its terms.
The type can then be stratified into five levels.
(a) Primitive kvel: a priiitive type is given, with primitive sorts,, primitive
operations, and axioms on “them; Boo2 is a primitive sort and it is supposed that
the primitive type is consistent (i.e. true =fafse is not a theorem).
(b) Language level: new sorts correspond to the phrases of the languzgf:
- expression sorts, with operations of profile VI x - . X Vn+ V where the 15 and l

V are expression sorts;

- Stm, generated by operations of profile L1 x XL, + §tm where the Li are
l l l

expression sorts or Stm.

A term of expression sort will be simply called an expression and a term of sort
Stm a statement. At this level can be defined the syntactical abstraction sa.
(c) k%ta structure level: at this level auxiliary sorts and the sort S of states are
introd weed.
AuxiGary sorts are defined with auxiliary operdons, using in their profile primitive
sorts, S and auxiliary sorts; axioms can be given on them, where only primitive
and auxiliary operations occur. Auxiliary sorts allow to associate with each
expression sort V a value sort V, i.e. a primitive sort, an auxiliary sort or Stm, and
with socnc operations of profile VI x X Vn + V a primitive or auxiliary operation
l l l

of’ profile x0 = lx + V (these operations are called basic operations; other

operations generating expressions are called modifiable).
 Abstract data types and algebraic #semantics 17

To generate S, Stm is enriched by operations associated with modifiable opcr-

ations:

sub-f: VI x 8 l
xV,xV+Stm.
l

S is generated by init: +S and apply:SMh +S where the second argument is

restricted to be a sub-f(vl, . . . , v,,). 2
(d) Evaluation level (normal type): the operation eval, with profiles SX V+ V,
connects every expression sort V with its associated value sort V. To write its
axioms (Section 3.9, for each modifiable operation f: VI x 0 x V,, --, V another l l

one, f: VI x =x Vn+ V, is introduced.

l l

Remark: a slight generalization causes no difficulty: in the preceding profiles of

basic or modifiable operations, the Vi could be not only expression sorts, but also
Stm (an example is the operation in of Section 5); the convention to be made is
that Vi is Stm ;Nhen Vi is Stm ; moreover, in the axioms (l), (2) of Section 3.5, if
ui is a statement, evalis,uJ has to be replaced by Ui,

(e) Interpretation level vu11 type): here, terms of sort S are unrestricted. For
every operation g; L1 X ’ XL, + Stm is introduced one, and only one, axiom of
l l

one of the two forms:

app1J?hg(ui!9 . ..p u,j) =4(s) or (6) g(w, . . . , u,,) = r.

VQ make the hypothesis that the term 4(s) contains s. Moreover the operation
if &en eke .-Boo1xStm x&m + Stm is intr educed with the axioms:

(7) if true then ml else ma = ml,

(8) if false then ml else m2 = m2.

The hierarchy must be understood in a strict manner: in the axioms of a level,
variobles are replaced by terms of this level. In particular!, in the axioms for eval
or auxiliary operations, a variable of sort S is replaced by a computation. In the
normal type, evnl can express the evaluation of an expression after a computation.
In the full type, it is is possible tc express !.he evaluation of an expression after the
execution of a program. The fact that the axioms on evaI lcan be applied to
computations oniy means that a nonterminating program cannot yield any (primi-
tive) result.

7.2. The normai type

Here are studied pro,perties of sufficient completeness and consistency [12] of

the normal type relatively to the primitive type. First, we give some definitions.
The type is said to be initially cornpled z,vhen for every term f(tl, , . , 9t,J where
f is a modifiable operation and the ti terms of data structure level, is added a unique

* It is also possible not to introduce apply and s&f at this level, but in place sub.+f, see blefore.
18 C. Pair

axiom
(91 evall(init,f(Et,. . . , tJ) = t
where t is a term of data structure level. We say that the auxiliary sorts are suficiently
complete (re~g. consistent) if the type of data structure level is sufficiently complete
(req. consistent) relatively to the primitive type; indeed, the verification of these
properties only use auxiliary and primitive operations.

T,hwaam 1: If the type is initiully completed, for every computation s and every
expressiw e of the norma! type, there exists a term v where eval does not occur, such
that ej3al(s9e)= 0.

Proof;: Let us choose for the terms evaZ(s,e) a rrtJetherian order, i.e. wnere every
descending chain is finite:

eval(s’,e’)<eval(s,e)Hs’ is a propL:r subterm of s or s,s’ identical and e’

is a proper subterm of e.

An axiom of Section 3.5 is applicable to eval(s,e):

-- (1) if e begins with a basic operation;
-’ (3) or (4) if e begins with a modifiable operation J and s tr init;
- (2), then (3) or (4) if e begins with a modifiable operation f and s f init.
In each case, every eval(s:e’) contained in the obtained term verifies eval(s’,e’) <
cval(s,e). By repeating the transfozrlation, a term will be attained where each eval
only has init as its first argument.
Thus, we have only to pr::tve the theorem for evaZ(inc’t,e).It is immediate by
structural induction on e, using axioms (l), (2) and initial completeness.

Cossequermce: If the type is, Ctially completed and if the auxiliary sorts are
sufficiently complete, then thc,inarrlal type is sufficiently complete relatively to the
primitive type.

Proof: From Theorem 1, the normal type is sufficiently complete relatively to the
type of data structure level, which In turn it<sufficiently complete relatively to the
primitive type.

For the type studied in Section 4, auxiliary sorts are not sufficiently complete;
preconditions should be added, ensuring that axioms are sufficient to compute
eq(des{i,c,?,des(j,c’)) (see Section 4.2) in all useful cases.

Theorem 2: If the auxiliary sortsare consistent, tne normal type is consistent relatively
to :he primitive ty,pe (and therefore relativeiy to hoi).

It is suflicient to prove that the normal type is consistent relatively to the

data structure level.
 Abstract data typs an9 algebraic semantics 19

Let us orient from left to right the axioms (l), (2), (33, (4) of Section 3.5, the
other axioms remaining in both directions. We will show the confluence of the
obtained rewriting system (see [14] for conditions of confluence). There exists no
superposition between the left-hand sides of oriented rules, therefore no critical
pair. Moreover these rules are compatible with the congruence generated by the
unoriented axioms (i.e., denoting = this congruence and + the direct rewriting, if
t+ f’ and t= tl, there exists ti such that ?I+ t: and t’=t;); indeed, operations
generating expressions occur in no unoriented axiom. It results that in the quotient
of the algebra of terms by this congruence, the rewriting system is confluent,, and
it is therefore also confluent for the terms themselves.
Consistency results from confluence: if t = t’ is a theorem, t and t’ can be rewritten
into the same term t”. For terms of data structure level, these rewritings cannot
use the axioms on evul. Therefore t= t” and t”= t’ are theorems at data structure
level, and thus t = t’ is too.

The theorem remains true for an initially completed type: the added axioms (9)
are also oriented from left to right and there is still no superposition.
For the example of Section 4, the consistency of auxiliary sorts is easily proved
by proving confluence of the rewriting system obtained when orienting the axioms
on auxiliary operations (Section 4.2).

7.3. The full type

The consistency of the full type relatively to thle normal type, therefore to the
primitive type, can be proved in the same way.

Proposition I: If the auxiliary sorts are consistent, the rewriting system obtained by
orienting from left to right the axioms introduced at interpretation level and leaving
unctriented the other axioms, is confluent.

Proof: The oriented axioms are: for every operation g generating statements, one,
and only one, rule

(5) aPP~Ytidu1, l ’ ’ , d) + 4(s) or (6) p(ul, . . . , !dnj+ r

and axioms on if then else ; to ensure compatibility with the congruence = generated
by the unorient ed axioms, we replace the rules on if then else by

(7’) if b than SI else s2 9 SI whenever b = true,

(8’) if b then sl else s2 + s2 whenever b =false.

This does not change the rewriting relation. Then, there exists no superposition
for left-hand sides provided that the normal type is consistent: this is true from .
the hypotheses (Theorem 2). Confluence results like in Theorem 2.
20 CT Pair

Tkearem 3: ?ke full type is consistent if (and only if) the auxiliary sorts are consistent.

Pr~af: Use confluence like in Theorem 2.

But here the type is not sufficiently complete in the general case. If it is, every
statement has a normal form and this means that every progr2= terminates.
As the type is not in general sufficiently complete, the question arises if, when
a model is given for the primitive type {integers, booleans, . . .) it can be extended
into a model of the full type. This question is studkd in [24] and [S]: the considered
models interprete operations as partial functions; we say that a term t is reducible
if th&ereexists a term p of the primitive type such that t =p is a theorem; each
model of the primitive type can be extended into a model of the full type, supposed
consistent, if eliery suf_Jtcrrmof primitive sort in a reducible term is also reducible.

Theorem 4: If the au:;iliary sorts are consistentanJ suficiently complete, each model
of the primitivr type can be extended into a model of the full type.

Pr~olk ‘Let us ?*jeginb;jr adding a;ioms to get initial completeness (Section 7.2): we
have seen that the type remains consistent. From the consequence of Theorem 1,
if a tlerm of primitive sort is not reducible, it is not normal. Let t be a term of
primitive scat containing a nonreducible term t’ of primitive sort. WC will show
that every axiom transforms t into a term containing a nonreducible term of primitive
sort:; tkrefore, t is nonreducible. It is obvious if the transformation bears on a
teim c!isjoint OCt’ or on a subterm of t’. If it bears on a term containing t’, it is
necessarily induced by an axiorn of the interpretation level, since t’ is not normal.
As a statement contains no term of primitiv~z sort, the axiom is necessarily
appW,g(ul, . - , iJ,r.
u '= t-$(s) where t’ is a subterm of s; therefore t’ is a su’bterm
of MA

7.4. Computd!qtion
part of a state

In the sequcr:l,we study states, i.e. terms of sort S, without variable. To simplify
notztions, we denote here apply by an infixed dot: a state s is then written
init.ml. 9 . 9 .m,;

a subterm init,ml. - .m, for Ogq~p is called a factor of s.

l l

We call computation part of s, and we denote by camp(s), the greatest factor of

s which is a cclmputation.
The possibk: transformation of a state into a computation is made by using the
axioms (zi), (r”)),(7), 18) of the interpretation level to rewrite their left-hand side.
These rcwritirag rules were already studied in Proposition 1: it ca.n be considered
that they defirle an abstract interpreter, or an operational semantics. The rewriting
rela.tion generated by them and the (unoriented) axioms of normal type will be
 Abstract data types and algebraic semantics 21

denoted by +*, and the direct rewriting of which it is the reflexo-transitive closure
by +.

Proposition 2: If s4 by a rewriting rule of the interpretation level, then comp(s]

is a factor of comp(s’).

Proof. s=comp(s).m,+j. l l l .m, A rewriting rule is applied on a non normal

factor:
for (5): comp(s).m,+~. 9 l l .m+&comp(s). l l l .rnrel),

In every case, camp(s) is a factor of s’, therefore a factor of comp(s’).

The unoriented rewriting rules do not possess the same property. To extend it,
we consider the congruence = generated by the axioms of the normal type. Since
these axioms =never equal states, it is obvious that the states congruent to
init.ml. l .m, a,ie the init.mi. 9 .mi where micm! (1 &sp). Therefore, if s=s’,
l l l l

then camp(s) = comp(s’).

The relation ‘is a factor of’ can ‘Je extended into a relation compatible with =:

s CS’~J~S~ (s=sI and s1factor of s’/!.

Proposition 3: c is reflexive, transitiveand compatible with ==

Proof: < is the product of two reflexive and transitive relations = and 40: ‘is a
factor of’. Moreover these two relations commute: indeed, s is a factor of a state
congruent to s’ ifi s is congruent to a factor of s’. Therefore the product is re#lexive,
transitive (since C 2 = =(p=(p = = ‘p 2 = =cp = C) and compatible with = (since <= =
,_ < ==-2 V =sp=<).

P~~p~sitiior4: If s =s: then camp(s) = comp(s’). If s :s: then camp(s) ccomp(s3.

Proof: We still know the first part. Moreover, if s-, s’, then camp(s) cconzp(s’)
by Proposition 2 if the rewriting rule is i rule of the interpretation level, and
comp(s)=comp(s’) otherwise: in both cases, camp(s) <comp(st). Then, the second
part results of the transitivity of <.

Moreover the relation < passes to the quotient by = and:

Proposition 5: In the quotient of the set of states by =, the relation c is an ordering ;

the set of lower bounds of a given =-class is finite and totallyordered by <.
22 c. Pair

Roof: < is reflexive and transitive from Proposition 3.

< is antisymmetric: if s<s’, the length (number of factors) o:f s is at most the
length of s’; if s*:s’ and S’CS, s and s’ have the same length :and therefore the
factor of s’ congruent to s is s’ itself: s Es:
The second part of the proposition results from the fact that the set of factors
lof s is ifinite and totally ordered.

7.5. Study of the set of states

The congruence generated by the axioms of the full type (stronger than 3) divides
the states into classes where, for two states s and s’, s = s’ is a theorem. We study
these classes for a consistent type (see Theorem 3), considering the computation
parts of their states which can be viewed as beginnings of computations of these
states.
Let us suppose that s =s’ is a theorem. From Proposition 1, s and s’ can be
rewritten into the same s’! From Proposition 4, comp(s)<comp(s”‘) and comp(s’) c
comp(s?. From Proposition 5, camp(s) Ccomp(s’) or cclmp(s’) <camp(s). We have
thus proved that the computation parts of a class (or more exactly their classes for
the congruence =) are totally ordered by c I
Two cases then arise for a class:
(a) the computation parts have a maximA e!emcnt comp(s,,,) and therefore they
(or more exactly their classes for =) are finite’ in number (Proposition 5);
(b) the computation parts have no maximal element and they (their classes for
=) form an infinite increasing sequence: an infinite strictly increasing sequence
comp(slA .,., COtTIp( . . . , where si belongs to the class and cot&i) is a factor
of comp(si+I), is called an infinite computation of the class (it can be considered
that it defines an ‘infinite term’).
r.1
Jo’a class contains a comy)utation (i.e. a normal form for its states) sn, then
conrp(s,) is identical tCr szr and the only axioms applicable for rewriting sn are the
axi(ims of the normal type. It results that corn&J is maximal: indeed, if s = sn is
a tl-eorem, s and sn can be rewritten iniq some s”; therefore sn =s” and camp(s) c
comp(s,) (Proposition 4). The class is in the case (a).
E;ut, conversely, the existence of a maximal computation part comp(s,) for a
class does not imply that of a normal form: comp(s,) can be distinct from s,; in
this case, we say that sm is a blocked form. It is easy to find an example: if an axiom
is s.g(ul, . . . , 01~)= s.g(ul, . . . ) uJ, then for every computation s, s&l, . . . , un) is
a blocked forzi. It can also be verified that a blocked form exists for the language
studied in the ,4ppendix, because of the statement whiZe(true,nothing). Intuitively,
a program leading to a blocked form does not terminate but does not provoke
zither an infinity of state transitions; it can ble said that it leads to ‘busy waiting’.
Two kinds of non termination thus exist: infinite computation and blocked form.
To sum up:

Tkorem 5: For a consistent type, the (classes for = of t’he) computation parts of
 Abstract data types md algebraic semantics 23

the terms of every class of the congruence generated by the axioms are totallyordered
by <. Only three kinds of terms can exist:
(1) those admittin%a nok?malform s,,(comp(sJ identical to sn and maximal in its
class );
(2) those leading to an infinite computation! (the comp(s,) of the class are not
bounded );
(3) those admitting a blocked form conq~(s,) (comp(s,) distinct from sm and
maximal in its class).

8. Application to compilation

8.1. Implementation of the abstract type

Xs we said in the introduction, a compiler can be defined by the abstract type

associated with the source language and the syntactical abstraction mapping, the
abstract type associated with the target language and the expression mapping, and
furthermore an implementation of the source type into the target type. On a simi1a.r
basis is developed at INRIA a ctimpiler writing system [lo, 71.
The implementation is defined according to the hierarchical construction:
- a sort of the source type is implemented by a sort of the target type: a primitive
(resp. auxiliary) sort Vs by a primitive (resp. primitive or auxiliary) sort VT, in
particular the standard sorts Text and Boo1 by themselves; the corresponding
expression sort Vs by VT; Stm and S by themselves.
- an operation of the source type is implemented by a composition of operations1
of the target type, with correspondence of profiles; in particular the standard
operations {boolean operations, eq, if then else, eval, apply, init) are implemented
by themselves; the primitive operations are implemented by compositions of primi-
tive operations; each sub-f is implemented by some k such that s.k(ul, . , . , u,,) has
a normal form; another operation g generating statements is not implemented by
a sub-f of the target type.
- the implementation transforms the axioms of the source type into equations
which must be theorems of the target type (weaker representations could be
considered, using an interpretation of equality [l 11).
It should be noted that the presence of rhe primitive sort Boo1 and the representa-
tion of eq, true, false by themselves prevent trivial implementations where all terms
of a sort would be represented by equal terms, and thus prevent from imposing
too strong conditions to avoid it, e.g. a one to one correspondence between terms
WI .

82 Translation of states

Let US study the implementation of siates in the three cases of Theorem 5. The
implementation of s is denoted by S.
24 C. Pair

Firstly, remark that a theorem s = s’ of the source type is translated into a

we
theorem S= ;f’ of the target type9 that a term having a normal form is translated
into a term having a normal form, that eomp(s) has a normal form which is a
comp($ whe i-e s = d is a theorem.
(1) If s h;as a narmal form sn, s = sn and therefore S= Sn are theorems: the
normal fotm of S,, is the normal form of s’.
(2) Let II!; suppose that the class of s has an infinite computation
awmp(sl), ..,* .... AS s = Si is a theo,rem of the source type, S= Si is a
,COt?l~(Si),
theorem of ‘he object type. The normal form of comp(si) is a cOmp(fi) where
I=& is a theorem; fT:oreover COWlfl(Si) is a strict factor of COmp(Si+l) and
Gerefore comp!‘r’,) is a strict factor of COtlZp(~i+~) :C.Of?lp(S;), . . . . COmp(ii), . . . is
!hus an infinite computation of the class c)f S.
(3) If s has a block& form, .Tcan b,ti in whatever case: normal form, infinite
izomputation, blocked form. For exampiz;, for a O-ary operation g with the axiom
z.g = s.g, g can be arbitrary:
.- with g = nothing and the axiom s.nothing = s, ini@ has a normal form,
.* with the axiom s.g = wub-f(fi,ii).& init.g leads to an infinite computation,
.- with the axiom s.g z=s.& init.g has a blocked form.

Theorem 6: For o consistent source type :

- if a state s has a normal form s,,, its translation s has a normal form, the normal
form of the translation &, of s,, ;
- if a state s leads to an infinite cornpu:ation (comp(sJ], its translation Si leads to
an infinite computation constituted of ?!& normal forms of the translations comp(si).

8.3. Application to the correctness of a compiler

Correctness of a compiler can have several meanings, more and more requiring.
(a] A first meaning is that if the source program yields a result, the target program
yields the same result: the result of a program p is the value of an expression of
primitive sort; it is formalized by a term eval(init.m,e) where m is salpI. Now, if
eoal(init.m,e) =a, where &Eis a primitive term, is a theorem of the source type,
then eval(init.fi,Z) =a’ is a theorem of the target type and a’ is a primitive term
of the target type.
(b) It can also be asserted that if the source program terminates (init.m has a
normal form sn), the target program terminates (init.rizhas a normal form s’,, that
elf .Q The partial correctness is thus guaranteed.
Cc) FW the total correctness, Theorem 6 ass#ertsthat a source program leading
to an incnite computation is translated into a target program leading to an infinite
computation and there is even a correspondence between these infinite computa-
tions.
But it can also be required:
(d) that a term apply(init,sa[p]) without normal form is transMed into a term
withour normal form, so that a nonterminating program is translat& into a nonter-
 Abstract data types and algebraic semantics 25

minating program; this is true if a term wi;h a blocked form is not transiated into
a term with a normal form.
(e) that a term init.sa[pj’ having a blocked form is translated into a term having
a blocked form, and even that these blocked forms correspond by the translation.
The simplest case where these last two conditions are satisfied is when no term
init.sa[p] has a blocked form.
We call a term semi-normal if all its subterms of another sort than S are normal.
If s is normal, s.sa[pJ is normal.

Theorem 7: If
(1) every state sm, where s and m are terms of data structurelevel, can bl.? rewritten
into a semi-normal term d.ml. .m, (q 2 I) where ml is some sub-f(u,v) or a strict
l l l

subterm of m9
(12) the type is initiallycompleted,
then a semi-normal state cannot admit a blocked form.

Proof: Starting with a seminormal state having no normal form, we build an

infinite sequence of semi-normal rewritings si such that the sequence comp(si) is
not stationary. At each step

Si = COmp(.Si).m.pr. ’ ’ l lPP

where m, ~1,. . . , pp are statements; comp(si) and m are normal; after eliminating
eval by Theorem I, hypothese 1 can be used to rewrite comp(si).m into a semi-
normal term:

Si+l =COt??!p(Si).ml. l ’ l .m,.pl.’l l .@,.

If ml is some sub-f(u,v), comp(si+l) is greater than t*omp(si); if not, cornp(si+l) is

identical to comp(si), but since ml is a strict subterm of m, tne sequence of the
comp(si) cannot be stationary.

For the example in the Appendix, the axioms on the operations generating Stm
directly show that hypothese 1 is satisfied, but for three of them:
- s.cond(b,mt,mz) =if eval(s,b) then ml else m2: if preconditions or axioms are
added so that auxiliary sorts become sufficiently complete, from consequence of
Theorem 1 and from the fact that the primitive type is sufficiently complete relatively
to BOO& eval(s,b) = true or eval(s,b) =fulse is a theorem: therefore hypothese 1
is sath;fied in this case;
- snothing =s and the axiom for while, leading to a blocked form for
init.while(true,nothing).
If the definition is changed by removing nothing and replacing the axiom for
while by

while(b,m) = cond(b,conc(m, while(b,m)),assign(n,val(n))),

26 C. Pair

s. whik(b,m) is rewritten into

sJ’eval(s,b) then conc(m, while(b,m)) eke assign(n,val(r.t))
and, then into
s.m. while(b,m) or s.sub-ud(n, vazl(n))
according to the value of eval(s,b). Hypothese 1 is verified.

9. Conclusion

We have shown how an algebraic abstract data type can be associated with a
progranmisag language to describe its slemantics, and we have seen how the principal
aspects of deterministic algorithmic languages could be presented in this frame.
Tine extension to parallelism remains to ?Wstudied. Moreover, preconditions must
be introduced, particularly to deal with errors.
The abstract type takes together into account the phrases of the language and
elements allowing to express their meaning, like states, eval,, apply; this is different
from denotational semantics [26] or from [1] where the syntactic and semantic
levels are distinguished, connected by an interpretation function. Grouping together
these two levels is specially interesting for procedures, for the value possessed by
a procedure is a phrase of the language. Moreover a proof on semantics can be
expressed in this formai frame if it relies only on the axioms and not on a particular
semantics (i.e. algebra) of the abstract type. These advantages go beyond the
application to compilation: every proof, every automatic transformation, can find
an advantage in a unified formal frame, using only simple notions and not compli-
cated ma:.hematical objects.
Let us remark that, if the type can be relatively complex, the descriptions of
phrases by their syntactical abstraction are ,more simple (level b of the hierarchical
construction of Section 7.1, the other lelCelsbeing used only to write axioms).
For compilation, the given meGod, both systematic and practical, divides its
complexity and allows to prove correction. Verification of axioms can be done
following the hierarchical construction of the type. If, obviously, nothing general
can be said for the implementatiion of primitive or auxiliary sorts, a general study
seems possible for the implementation of the sub-f, leading to a correction algorithm.
The problem of compiler correction (Section 8) can also be connected to the
chosen abstract type semantics. Initial algebra semantics ensures commutativity of
the diagram of Fig. 3 (Section I) but ,does not guarantee total correctness of the
compi!er, for it expresses nothing on nontermination. Other semantics can be
considered [6], defining stronger congruences on terms: we have spoken of models
extending a given model of &e primitive type (Theorem 4 and [24,5]); for them,
states WiMut normal form are ah considered as equivalent; moreover, choosing
among them a terminal model comes back to conside?: as equivalent the expressions
always evaluated (by eval) into the same value, the states where the expressions
 Abstract data types and algebraic semantics 27

have the same value (by e~al), the statements having the same effect (by crpply ):
cf. denotational semantics. It is also possible to consider as equivalent, among the
states without normal form, only those leading to the same infinite computations:
cf. continuous initial algebra s [II Thus, commutativity of the diagram can corres-
pond to one idea, or another, of ‘compiler correctness.

Appendix. Description of a language

Recall of standard elements (present for every language j

l Primitive sorts:
Text: operations: empty: + Text
adj-c: Text + Text for every character c
eq: Text x Text + Boo1
Bool: operations: true, false, not, and, . . .
if then else.%001 x VX V+ V for every primitive or
auxiliary sort V or for V=Stm
The sort Int with the usual operations ysPz.~s, eq, inf, and integer: Text + fnt is also
considered as standard.
Axioms on the preceding operations are supposed to be known.
. Sort Stm
Sorts:
operations: init; + S
apply 22 XStm + S (denoted by an infixed dot)
maZ:S:< V+ V for every expression sort V and its associated value
sort V
A:<ioms (I), (2), (3), (49 on eval are given in Section 3.5.

The description is given in four columns (see Table A. I)

(1) Grammar rules.
(2) Definition of the syntactical abstraction sa: the syntactical abstraction of the
left-hand side of the rule is given using those of the right-band side, simply
designated by the corresponding nonterminal symbol: when a right-hand side
contains several occurrences of tbe same nonterminal, they arc subscripted.
(3) Operations with their profile:
- operations on value sorts (i.e. primitive and auxiliary sorts; these sorts are
set using boldface characters); they are extended into basic operations on the
corresponding expression sorts.
- modifiable operations, generating expressions sorts (not boldface sorts); they
are given with primitive, auxiliary sorts or Stm in their domain, and they extend
into other modifiable operations on the corresponding expression sorts.
- operations generating statements.
(4) Axioms and comments.
2% c Pair

Table A.1
-
Cirammar Operations

ss+ss;St conc(ss,st) cone : Mm xStm + Stm

s9+ nothing nothing :’ + Stm
St-*begin SSmd SS
5% + if B Jkn S§I cotid(B,SS&,?) cond : Boo1 x ,rjrmx Stm + Stm
else SS2 end
9 -+ whik B do SS end whi?e(B,SS) while: BloolxStm + Stm
St-,lWI nothing
Sf+LP= E assign(LP, E) assign:L XInf+Stm
val:L+Int
84 1B not(B)
B-+Et =E2 eqCEl,EA
S-+EleE2 infCE1,EJ
+E-+T plus(‘~, Tj
EI*T T
T+ Nb integer(Nb)
T-+LP val(LP)
LP+I des(i,cc) des:IdentxC+N
cc:+c
newcall:Sxldpwc+ C
scope : Iden t + Idpwc
I+IS.P id(IS, P) id: Text x I&roc + Iden t

P-,IS idp(IS) idp : Text + Idpwc

LP+R valp(desp(R,cc)) valp: LC-, L
desp : Idpar i( C-, L#l
scopep: Idpar-a Idpwc
R-?IS.P &?J rp: Idproc + Idpar
T+V :u!(des(V,cc))
V-+IS.P ?Pt’P) up: Idproc + Ideol;
S,“-*p/vc P=(V,R)St dcl(P,St) dcl : Idproc x Stm -I,Stm
poss : Idpwc -* Stm
St-*call P(E,LP) ,rall(P,E,LP) coll:IdprocxIntxL+Stm

Recapitulation of sorts:
Yrimitise sorts: Text, Boo& Int
Auxiliary sorts: Ident, Idpmc, Idpar, C (calls)p L (integer locations), Ll (location lacations)
?Expression sorts: associated to the preceding sorts, and Stm associated with Stm
Stm and S
 Abstract data types and algebraic semantics 29

Axioms and comments

s.conc(m~,m~) =s,mI.m2
s.nothing = s

s.cond(b,ml,mz.I =s.if eva!(s,b) then ml else m2

whi!e(b,m) = cond(b,conc(m, whi!e(b,m)),nothing)

variable declarations are not executed, they define scopes (see below)
s.assigti(!,e) = s.sub-val(eva!(s,!),eva!(s,e))

eq(des(i,newcall(s,q)),des(j,eva!(s,cc))) = and(eq(i, j),not(eq(scop:(i),q)))

eq(des(i,c), des(j, c)) = eq(i,j)

scope(id(i,q)) = q
a preprocessor binds with each identifier the identifier of the
procedure where it is deLlared, thus suppressing synonymies
(procedure identifiers are supposed to be distinct).
eq(W,p), Wi,qB = aMeqfi,ii,~q(pd~
eq(WW, i&(q))= e&w)
R: formal parameter called by reference
eq(desp(i,newcall(s,q)),desp(j, ~a!(s,cc))) = and(eq(i, j), riot(eq(scopep(i),q)))
~COP~POQW= 4
eq(rPtP), rPW = &P,d
V: formal parameter called by value
+q(Wp), &$I = eq(P,q), eqc’up&),W 4)) = false
s.dc!(q,m) = ssub-poss(eva!(s,q,Jg m)

s.ra!!(q,u,!) = s.sub~~val(des(vp()~nc),eva!(s,u))
sub-valp(de.sp(rp~q),rLz,,eva!(s,!))
.sub-cc(nc)
.eva!~s,poss(q))
.sub-cc(eva!(s,cc))
where q = eva!(s,q) and nc = newcall(s,q)
30 C Pair

f I] J.A. Gogwen, J.W. Thatcher, E.G. Wagner and J.B. Wright, Initial algebra semantics and continuous
algebra, J. ACM 24 (1977) 68-95.
[2] J,A ~Goguen, J.W. Thatcher and E.G. Wagner, An initial algebra approach to the specification,
implementation and correctness of abstract data types, in: R. Yeh, Ed., Current Trends in Progrum-
ming Methodology 4 (Prentice-Hail, Eng!2wood Cliffs, NJ, 1978) 80-149.
[3] J.W. Thatcher, E.G. Wagner and J.B. Wright, More on advice on structuring compilers and proving
them correct, Proc. 6th Colloquium on Automata, Languages and Programming, Graz (1979).
[4f A.V. Aho and J.D. Ulimann, Princip!esof CompilerDesign (Addison-Wesley, Reading, MA, 1977).
[S) M. Broy, C. Pair and M. Wirsing, A systematic study of models of abstract data types, 81-R-42,
Centre de ‘Recherche en Informatiquc de Nancy (1981), to appear.
[4] M. Broy and M. Wirsing, Programming languages as abstract data types, Proc. 5th Colloquium Lt~s
Arbres en Afggbre et en Programmati.gn,Lilie (1980).
171 P. Deschamp, Production de compS!ateurs 5 partir d’une de:scription sCmanoique des iangages: ie
systeme Perluette, These, lnstitut National Poiytechnique, Nancy (1980).
183 J.P. Finance, Une formalisation de la s&antique des iangages de programmation, RAIRD
Lnformatique Thiorique 10(1976), No. 8,3-32 et No. 10,521.
[93 MC. Gaudel, A formal approach to translator specification, in: B. Gilchrist, Ed., Information
Processing 77 (North-Holland, Amsterdam, 1977).
[lOI M.C. Gaudel, G&&ration et preuve de compilateurs basees sur une sQmantique formeiie des
langages de programmation, Thbse, Institut National Polytechnique, Na.ncy (1980).
[l !j J.V. Guttag, E. Horowitz and D.R.. Musser, Abstract data types and software validation, Repc,rt
ISI/RR-76-49, University of Southern California (1976).
[12’J J.V. Guttag and J.H. Horning, The algebraic specification of abstract data types, Actu Informat.
l@(1978) 27-52.
[ 13) J.V. Guttag, Notes on type abstraction, Proc. Speci,ficationof Reliable Software Conference, Bostw
(1979) 36-46.
1141 G. Huet, Confluent reductions: abstract properties and applications to term rewriting sy:ttems,
18th IEEE Symposium on Foundations of Computer Science (1977) 30-45.
[lS J S. Igarashi, Semantics of Aigol-like statements, in: E. Engeier, Ed., Semantics of Algorithmk
Languages, Lecture Notes in Mathematics 1881(Springer, Berlin, 1972) 117-188.
[I43 N.D. Jones and D.A. Schmidt, Compiler generation from denotational semantics, Cqmpur,~
Sciences Department, University of Aarhus (1980).
1171 D. Knuth, Semantiai of tBntext-free languages, Math. Systems Theory 2 (1968) 127-145.
f18) J. McCarthy, A basis for a mathematical theory of computation, in: P. Braffort and D. Hirschberg,
Eds., Computer Programming and Formal Systems (North-Holland, Amsterdam, 1963) 33-704.
[lS] F.L. Morris, Advice on structuring compilers and proving their correctness, Proc. ACMSymposium
on Principles of Programming Languages (1973) 144- 152.
1201 P. D. Mosses, Mathcmaticai semantics and compiler generation, Ph.D. Thesis, Oxford (1975).
[21] P. D. Mosses, A constructive approach to compiler correctness, Aarhus University (1979).
123; B. Courceiie and M. Nivat, Algebraic families of interpretations, 17th Symposium on Foundations
of Computer Science, Houston f 1976).
[231 C. Pair, Furmaiization of the notions of data, information and information structure, in: J.W.
Klimbie and K.L. Koffemana, Eds., Data MurmagementSystems (North-Holland, Amsterdam,
1974) 149-168.
WI C. Pair, Sum*ies mod&s des types abstraits alg&briques, Skminaire LITP et 80-P-052, Centre de
Recherche en Informatique de Nancy (1980).
WI C Pair, Appkation of abstract data types to the definition 49f the semantics of programming
languages, Conference on Formalization of Programming Concepts, Peniscola (1981) and Centre
de Recherche en Informatique de Nancy 81-P-025.
1261 D. Scott and C. Strachey, Toward a mathematical semantics for computer languages, Proc.
Symposium Computers and Rutomatu, Poliytechnic Institute of Brooklyn (1971), 19-46.
E271 R. Tennent, The denotatioahai semantics of programming languages, Comm. ACM 19 (19’76)
437-453.
 Ahstract data typesund algebraic semantics 31

[28] A. van Wijngaarden, B.J. Mailloux, J.E.L. Peck and C.H.A. Koster, Report on the algorithmic
I(anguage ALGOL 68, M.R. 101, Mathematisch Centrum, Amsterdam {1969).
[29] 1M.Wand, First-order identities as a defining language, T.R. 29, Computer Science Department,
Indiana University (1979).