The Mathematics of Programming

8/3/2019 The Mathematics of Programming

1/20

T W E N T Y - O N E

T h e m a t h e m a t i c s o fp r o g r a m m i n g

This chap te r con ta ins the tex t o f Hoare ' s ' inaugura l ' lec tu re a t Oxford ( theexp lana t ion fo r the de lay f rom h is appo in tm ent in 1976 is con ta ined in thepaper ; Sec t ion 5 was no t read) g iven on 17 Oc tober 1985 and pub l ished as[101] . Th is ta lk ran th rough many 'd ra f ts ' inc lud ing those in the USA, Ind iaand Sco t land .

Th is paper makes a fa sc ina t ing comparison with Chap te r 7 because o f theemphasis he re on a fo rmal approach . Moreover , the concern wi th ma themat-ical aspects of correctness is no longer expressed in the style of Chapters 4 and8; the concern here is with algebraic properties. The work on weakestp re -spec if ica tion can be s tud ied in [99] (which appeared as a Pr ogram mingResea rch Group monograph be fore the re fe renced pub l ica t ion) ; the a lgebra icproperties of the occam language are covered in [102].

M r V i c e - C h a n c e l l o r , L a d i e s a n d G e n t l e m e n !

T h is is m y i n a u g u r a l l e c t u r e as P r o f e s s o r o f C o m p u t a t i o n a t O x f o r dU n i v e r s i t y . I w a s a p p o i n t e d t o t h i s p o s t j u s t n i n e y e a r s a g o , a f t e r t h et r a g i c a l l y p r e m a t u r e d e a t h o f i ts b r i l l i a n t fi r st o c c u p a n t , C h r i s t o p h e rS t r a c h e y . N i n e y e a r s i s a l o n g d e l a y f o r a n i n a u g u r a l l e c t u r e ; b u t i t h a s t a k e na ll t h o s e n i n e y e a r s t o i n t r o d u c e a n u n d e r g r a d u a t e c u r r i c u l u m i n C o m p u t i n ga t O x f o r d . A l t h o u g h m a n y u n i v e r si t ie s h a d b e e n p r o d u c i n g g r a d u a t e s i nt h i s s u b j e c t f o r m a n y y e a r s b e f o r e I w a s a p p o i n t e d h e r e , i t i s o n l y t h is w e e kt h a t w e w e l c o m e t o O x f o r d a n d t o t h i s l e c t u r e t h e f i r s t e n t r a n t s t o o u r n e wH o n o u r S c h o ol in M a t h e m a t i c s a n d C o m p u t a t i o n .

S o it i s t h e n e w S c h o o l r a t h e r t h a n m y s e l f t h a t I w i s h t o i n a u g u r a t e t o d a y .I s h a l l d o s o b y d e s c r i b i n g s o m e o f t h e r e s e a r c h g o a l s p u r s u e d b yC h r i s t o p h e r S t r a c h e y a n d h is c o l le a g u e s a n d s u c c es s o r s in t h e P r o g r a m m i n gC. A. R. Hoare, The mathe mat ic s o f programming, Oxford University Pres s (1986). AnInaugural L ecture delivered before Oxfo rd U niversity (17 October 1985). Copyright . OxfordUniversity Press 1986. Reprinted by permission of O xford University Press.

35 1


2/20

3 5 2 E S S A YS I N C O M P U T I N G S C I E N C ER e s e a r c h G r o u p ; f o r t h e s e h a v e a l s o i n s p i r e d a n d g u i d e d t h e d e s i g n o f o u rn e w S c h o o l . O u r p r i n c i p l e s m a y b e s u m m a r i z e d u n d e r f o u r h e a d i n g s .(1 )

(2 )

(3 )

( 4 )

C o m p u t e r s a r e m a t h e m a t i c a l m a c h i n e s. E v e r y a s p e c t o f t h e ir b e h a v i o u rcan be de f ined wi th ma them a t i ca l p rec i s ion , an d eve ry de ta i l c an bed e d u c e d f r o m t h is d e f i n i ti o n w i t h m a t h e m a t i c a l c e r t a i n t y b y t h e l a w s o fpu re log ic .C o m p u t e r p r o g r a m s a r e m a t h e m a t i c a l e x p re s s io n s . They des c r ibe w i thu n p r e c e d e n t e d p r e c i s i o n a n d i n e v e r y m i n u t e s t d e t a i l t h e b e h a v i o u r ,i n t e n d e d o r u n i n t e n d e d , o f t h e c o m p u t e r o n w h i c h t h e y a r e e x e c u t e d .A p r o g r a m m i n g l a n g u ag e i s a m a t h e m a t i c a l t h e o ry . I t i nc ludes con-cep t s , no ta t ions , de f in i t ions , ax ioms and theo rems , wh ich he lp ap r o g r a m m e r t o d e v e l o p a p r o g r a m w h i c h m e e t s it s sp e c i fi c a ti o n , a n d t op rove tha t i t does s o .P r o g r a m m i n g i s a m a t h e m a t i c a l a c t i vi ty . L i k e o t h e r b r a n c h e s o f a p p l ie dma thema t i c s and eng inee r ing , i t s s ucces s fu l p rac t i c e requ i re sd e t e r m i n e d a n d m e t i c u l o u s a p p l i c a t io n o f tr a d i t i o n a l m e t h o d s o fm a t h e m a t i c a l u n d e r s t a n d i n g , c a l c u l a t i o n a n d p r o o f .

T h e s e a r e g e n er a l p h i l o s o p h i c a l a n d m o r a l p r i n c i p le s , a n d I h o l d t h e m t obe se l f-evident - wh ich is jus t as wel l , beca use a l l the ac tu a l eviden ce isaga ins t t hem. No th ing i s r e a l ly a s I have de s c r ibed i t , ne i the r compute r s no rp r o g r a m s n o r p r o g r a m m i n g l a n g u a g e s n o r e v e n p r o g r a m m e r s .

D i g i ta l c o m p u t e r s o f t h e p r e s e n t d a y a r e v e r y c o m p l i c a t e d d e v ic e s a n dra the r poor ly de f ined . As a re s u l t , i t i s u s ua l ly imprac t i c a l t o rea s onl o g i ca l ly a b o u t t h e i r b e h a v i o u r . S o m e t i m e s t h e o n l y w a y o f f i n di n g o u t w h a tthey wi l l do i s by expe r imen t . Such expe r imen t s a re ce r t a in ly no t ma th -ema t i c s . Unfo r tuna te ly , t hey a re no t even s c i ence , becaus e i t i s impos s ib leto gene ra l i z e f rom the i r r e s u l t s o r to pub l i s h them fo r the bene f i t o f o the rsc ient is ts .

M a n y c o m p u t e r p r o g r a m s o f t h e p r e s e n t d a y a re o f i n o r d i n a t e s i ze -m a n y t h o u s a n d s o f p a g e s o f c l o s e l y p r i n t e d t e x t . M a t h e m a t i c s h a s n ot r a d i t i o n o f d e a l i n g w i t h e x p r e s s i o n s o n t h i s s c a l e . N o r m a l m e t h o d s o fc a l c u l a t io n a n d p r o o f s e e m w h o l l y i m p r a c t i c a l t o c o n d u c t b y h a n d ; a n df i f t e en yea rs o f expe r i ence s ugges t t ha t co mp ute r a s s i s t ance can on ly ma kem a t t e r s w o r s e .

P r o g r a m m i n g l a n g u a g e s o f th e p r e s e n t d a y ar e e ve n m o r e c o m p l i c a t e dt h a n t h e p r o g r a m s w h i c h t h e y a re u s e d t o w r i t e a n d t h e c o m p u t e r s o n w h i c ht h e y a r e i n t e n d e d t o r u n . V a l i a n t r e s e a r c h h a s b e e n d i r e c t e d t o f o r m u l a t ema them a t i ca l de f in i t ions o f the s e s t anda rd l anguages . B u t the s iz e andc o m p l e x i t y o f t h e d e f i n it i o n s m a k e i t im p r a c t i c a l t o d e r iv e u s e f u l t h e o r e m s ,o r t o p r o v e r e l e v a n t p r o p e r t i e s o f p r o g r a m s i n p r a c t i c e .

F i n a l l y , m a n y p r o g r a m m e r s o f t h e p r e se n t d a y h a v e b e en e d u c a t e d i ni g n o r a n c e o r e v e n f e a r o f m a t h e m a t i c s . O f c o u r s e , t h e r e a r e m a n y p r o -g r a m m e r s w h o a re u n i v e r s i ty g r a d u a t e s i n p u r e o r a p p l i e d m a t h e m a t i c s .


3/20

T H E M A T H E M A T I C S O F P R O G R A M M I N G 3 53T h e y m a y h a v e a c q u i r e d a g o o d g r a s p o f t o p o l o g y , c a l c u l u s o r g r o u pt h e o r y . B u t i t n e v e r o c c u rs t o t h e m t o t a k e a d v a n t a g e o f t h e ir m a t h e m a t i c a ls k i l l s t o de f ine a p rog ramming p rob lem and s ea rch fo r i t s s o lu t ion .

Our p re s en t f a i lu re to recogn ize and us e ma thema t i c s a s the ba s i s fo r ad i s c i p l i n e o f p r o g r a m m i n g h a s a n u m b e r o f n o t o r i o u s c o n s e q u e n c e s . T h e ya re the s ame cons equences a s wou ld re s u l t f rom a s imi l a r neg lec t o fm a t h e m a t i c s i n t h e d r a w i n g o f m a p s , m a r i n e n a v i g a t i o n , b r i d g e b u i l d in g ,a i r t r a f f i c con t ro l , o r t he exp lo ra t ion o f s pace . In the o lde r b ranches o fs c ie n c e a n d e n g i n e e r in g , t h e r e l e v a n t p h y s i c a l a n d m a t h e m a t i c a l k n o w l e d g ei s e m b o d i e d i n a n u m b e r o f e q u a t i o n s , f o r m u l a e a n d l a w s , m a n y o f w h i c ha re s imp le enough to be t augh t to ch i ld ren a t s choo l . The p rac t i s ing s c i en t i s to r eng inee r w i l l be in t ima te ly fami l i a r w i th the s e l aws , and wi l l u s e themexp l i c i t l y o r even in s t inc t ive ly to f ind s o lu t ions to o the rwis e in t rac t ab lep r o b l e m s .

W h a t t h e n a r e t h e l a w s o f p r o g r a m m i n g , w h i c h h e l p t h e p r o g r a m m e r t oc o n t r o l t h e c o m p l e x i t y o f h i s t a s k s ? M a n y p r o g r a m m e r s w o u l d b e h a r dp r e s s e d t o n a m e a s i n g l e l a w . T h o s e w h o h a v e s u f f e r e d f r o m b a d p r o g r a m sm i g h t c l a i m t h a t p r o g r a m m e r s a r e s u c h a n u n d i s c i p l i n e d c r e w t h a t e v e n i ft h e y k n o w a n y l a w s , t h e y w o u l d i n s t a n t l y v i o l a t e t h e m .

2 1 . 1 A r i t h m e t i cTo re fu te th i s ma l i c ious ac cus a t ion , I s ha l l now s ho w by example tha t t helaws o f p rog ramming a re a s s imp le and a s obv ious and a s u s e fu l a s the l awsy o u f i n d i n a n y o t h e r b r a n c h o f m a t h e m a t i c s , f o r e x a m p l e , i n e l e m e n t a r ya r i t h m e t i c . C o n s i d e r m u l t i p l i c a ti o n o f n u m b e r s . F i g u r e 2 1. 1 s h o w s s o m e o fthe re l evan t a lgeb ra ic l aws ; mu l t ip l i c a t ion i s a s s oc ia t ive , i t s i den t i ty (o r un i t )i s t he nu mb er 1 , i t ha s the nu m ber 0 a s i t s z e ro (o r f ixed po in t ) , a nd f ina lly ,i t d i s t r i b u t e s t h r o u g h a d d i t i o n .

F igu re 21 .2 g ive s the de f in ing p ro pe r t i e s o f an o rde r ing re l a t ion l ikec o m p a r i s o n o f t h e m a g n i t u d e o f n u m b e r s . S u c h a n o r d e r i s r e fl ex iv e ,an t i s ymmet r i c and t rans i t ive . Thes e l aws ho ld a l s o fo r a pa r t i a l o rde r ings uch a s the inc lus ion re l a t ion be tween s e t s .

x x ( y x z ) = ( x x y ) x zx x l=x= l x xx x O = O = O x x

(x + y ) x z = (x x z ) + (y x z )

Figure 21.1 Laws of multiplication.


4/20

3 5 4 E S SA Y S I N C O M P U T I N G S C I E N C E

x c _ xxC_ yA y~ x= x= yxc_ yA yC_ z=~ x~ z

F i g u r e 2 1 . 2 P a r t i a l O r d e r i n g .

(x U y)_c z . xc_ z/x yc_ zx U x = xx U y = y U x

x U (y U z) = (x U y) U zx~ y~ xUy =y

Figure 21.3 Least upper bo und (1.u.b.) .

F i g u re 2 1 .3 d esc r i b es t h e p ro p er t i e s o f t h e l eas t u p p er b o u n d o r 1 .u .b . o fa n o r d e r i n g , d e n o t e d b y th e t r a d i t i o n a l c u p n o t a t i o n . T h e s e l a w s a r e e q u a l l yv a l i d , wh e t h er t h e l . u .b , i s t h e u n i o n o f t wo se t s o r t h e g rea t e r o f t won u m b e r s . T h e f i r s t l a w s t a t e s t h e f u n d a m e n t a l p r o p e r t y t h a t t h e 1 . u . b . i s a nu p p e r b o u n d o n b o t h i ts o p e r a n d s , a n d i t i s t h e l e a s t o f a ll su c h b o u n d s . T h er e m a i n i n g l a w s a r e d e r i v e d f r o m t h e f u n d a m e n t a l l a w b y t h e p r o p e r t i e s o fo r d e r i n g . T h e y s t a t e t h a t t h e 1 . u. b . o p e r a t o r i s i d e m p o t e n t , s y m m e t r i c a n dasso c i a t i v e . F i n a l l y , t h e p a r t i a l o rd e r i n g can i t s e l f b e d e f i n ed i n t e rms o f1 .u .b .

F i g u r e 2 1 . 4 s h o w s s o m e a d d i t i o n a l l a w s w h i c h h o l d f o r n a t u r a l n u m b e r so r n o n n e g a t i v e i n t e g e r s . H e r e , t h e l e a s t u p p e r b o u n d o f t w o n u m b e r s i ss i m p l y t h e g r e a t e r o f t h e m . I f y o u m u l t i p l y t h e g r e a t e r o f x o r y b y z , y o ug e t th e s a m e r e s u l t as m u l t i p l y i n g b o t h x a n d y b y z , a n d t h e n c h o o s i n g t h eg r e a t e r o f t h e s e p r o d u c t s . T h i s f a c t i s c l e a r ly a n d c o n v e n i e n t l y s t a t e d i n t h el a w s o f d i s t r i b u t i o n o f m u l t i p l i c a t i o n t h r o u g h t h e l e a s t u p p e r b o u n d . A ni m m e d i a t e c o n s e q u e n c e o f t h e s e l a w s i s t h a t m u l t i p l i c a t i o n i s a m o n o t o n i co p e ra t o r , i n t h e sen se t h a t i t p r ese rv es t h e o rd er i n g o f it s o p e ran d s . I f y o u

x U y = t h e g r e a t e r o f x a n d y(x u y ) x z = (x x z ) u (y x z )z x (x u y ) = (z x x ) u (z x y )

w c_ yAxc_ z = w xx_ c . y xz

F i g u r e 2 1 . 4 N a t u r a l n u m b e r s .

i '


5/20

T HE MAT HE MAT ICS OF PROGRAMMIN G 355

dec rea s e e i the r f ac to r the p r odu c t c an on ly dec rea s e too , a s s ta t ed in the la s tl a w o f F i g u r e 2 i . 4 .

I n t h e a r i t h m e t i c o f n a t u r a l n u m b e r s , m u l t i p l i c a t i o n d o e s n o t i n g e n e r a lh a v e a n e x a ct i n v er s e . I n s t e a d , w e c o m m o n l y u s e a q u o t i e n t o p e r a t o r , w h i c ha p p r o x i m a t e s t h e t r u e r e su l t f r o m b e l o w . I t i s o b t a i n e d f r o m n o r m a l i n t e g e rd iv i s ion by ju s t i gnor ing the rem a inde r . Thu s , t he re s u l t o f d iv id ing y byn o n - z e r o z i s t h e l a r g e s t n u m b e r s u c h t h a t w h e n y o u m u l t i p l y i t b a c k b y zthe resul t s t i l l does not exceed y . This fac t i s c lear ly s ta ted in the f i rs t law ofF igu re 21 .5 . T he s am e fac t is s t a t ed m ore s im p ly in the s econd l aw , w h ich Iw i l l c a l l t he fundamen ta l l aw o f d iv i s ion .

I m u s t a p o l o g i z e to t h o s e m e m b e r s o f t h e a u d i e n c e w h o a r e m yd i s t in g u i s h e d c o l l ea g u e s i n th e F a c u l t y o f M a t h e m a t i c s f o r r e m i n d i n g t h e mo f t h e se s i m p l e m a t h e m a t i c a l f a c ts . B u t t h e f u n d a m e n t a l l a w o f d i v i s io nmay be s l igh t ly un fami l i a r . I i nv i t e you to cons ide r the ca t egory - theo re t i ci n t e r p r e t a t i o n o f a p o s e t, a n d t h e r e l a t i o n s h i p o f m u l t i p l ic a t i o n a n d d i v i si o na s a d j o i n t f u n c t o r s . O r p e r h a p s t h e r e i s a c o n n e c t i o n w i t h G a l o i s c o n n e c -t ions . I f t he re i s, p l ea s e le t me kno w.

T h e f u n d a m e n t a l l a w o f d i v i s i o n i s v e r y u s e f u l i n p r o v i n g t h e o t h e rp r o p e r t i e s o f t h i s o p e r a t o r . F o r e x a m p l e , t h e t h i r d l a w o f F i g u r e 2 1 .5 i sp roved by s ubs t i tu t ing y d iv ided by z fo r x in the p rev ious l aw . The l a s t l aws ta t e s tha t d iv i s ion by a p rod uc t i s t he s am e a s s ucces sive d iv i s ion by i ts twofac to rs . A p roof i s g iven in F igu re 21 .6 .

T h e p r o o f s h o w s t h a t a n y w w h i c h is b o u n d e d b y th e l e f t - h a n d s i d e o f t h eequa t ion i s bo und ed a l s o by the r igh t -han d s ide , and v ice ve rs a ; i t fo l lows

if z H 0, y+ z = m a x { x l x z ~ y lx c_ (y + z) ~ (x x z) c_ y( y + z ) x z c _ yx + ( y x z ) = ( x + z ) + y

Figure 21.5 Q uotient of natural numbers.

given y H 0 and z H 0,w c _ x + ( y x z ) , w x ( y x z ) c _ x

( w x y ) x z c _ x , w y C _ x + z

w e _ ( x + Z ) + Y

Figure 21.6 A proof.


6/20

356 ESSAYS IN COMPUTI NG SCIENC Eb y t h e p r o p e r t i e s o f p a r t i a l o r d e r i n g t h a t t h e t w o s i de s a r e e q u a l . T h e o n l yl a w s u s e d i n t h e m a i n p a r t o f t h e p r o o f a r e t h e a s s o c i a t i v i t y o f m u l t i p l i c a -t i o n a n d t h e f u n d a m e n t a l l a w o f d i v is i o n , w h i c h i s u s e d t h r e e t im e s t o m o v ea d i v i so r f ro m o n e s i d e o f t h e i n eq u a l i t y t o t h e o t h e r .

2 1 . 2 P r o g r a m sT h a t c o m p l e t e s m y b r i e f r e v i e w o f s o m e o f t h e a l g e b r a i c l a w s o f e l e m e n t a r ya r i t h m e t i c . I s h a l l n o w s h o w h o w c o m p u t e r p r o g r a m s o b e y v e r y s i m i l a ra l g e b r a i c l aw s - i n f a c t, a n d h a r d l y b y a c c i d e n t , t h e y w i ll t u r n o u t t o b ee x a c t l y t h e s a m e . I s h a l l w r i t e p r o g r a m s i n a m a t h e m a t i c a l n o t a t i o n f ir s ti n t r o d u c e d b y D i jk s t r a . S o m e o f t he c o m m a n d s a r e s u m m a r i z e d i nF i g u re 2 1 .7 .

T h e S K I P c o m m a n d t e r m i n a t e s , b u t d o e s n o t h i n g e l se . I n p a r t i c u l a r , i tl eav es t h e v a l u es o f a l l v a r i ab l es u n ch an g ed .

T h e A B O R T c o m m a n d i s a t t h e o t h e r e x t r e m e . I t m a y d o a n y t h i n gw h a t s o e v e r , o r i t m a y f a il to d o a n y t h i n g w h a t s o e v e r . I n p a r t i c u l a r , i t m a yf a il to t e r m i n a t e . T h i s i s t h e b e h a v i o u r o f a c o m p u t e r t h a t h a s g o n e w r o n g ,o r a p r o g r a m t h a t h a s r u n w i l d , p e r h a p s b y c o r r u p t i n g i t s o w n c o d e .A B O R T i s n o t a c o m m a n d y o u w o u l d e v e r w a n t t o w r i t e ; i n f a c t , y o us h o u l d t a k e p a i n s t o p r o v e t h a t y o u h a v e n o t d o n e s o b y a c c i d e n t . I n s u c hp r o o f s a n d i n th e g e n e ra l m a t h e m a t i c s o f p r o g r a m m i n g , t h e A B O R Tc o m m a n d p l a y s a v a l u a b l e r o l e . A n d h o w e v e r m u c h w e d i s l i k e i t , t h e r e i sa m p l e e m p i r i c a l e v i d e n c e f o r i t s e x i s t e n c e .

T h e s e q u e n t i a l c o m p o s i t i o n o f t w o c o m m a n d s x a n d y is w r i t t e n ( x ; y ) .Th i s s t a r t s b eh a v i n g l i k e x . I f an d w h en x t e rm i n a t e s , y s t a r t s i n an in i t i a ls t a t e e q u a l t o t h e f in a l s t a te l e f t b y x . T h e n ( x ; y ) t e r m i n a t e s w h e n yt e rmi n a t es , b u t f a i l s t o t e rmi n a t e i f e i t h e r x o r y f a i l s t o d o so .

T h e b a s i c a l g e b r a i c l a w s f o r s e q u e n t i a l c o m p o s i t i o n a r e g i v e n i nF i g u re 2 1 .8 . Th e f i rs t l aw i s an a s so c i a t i v e l aw, s t a t i n g t h a t i f t h r eec o m m a n d s a r e c o m b i n e d s e q u e n t i a l l y , it d o e s n o t m a t t e r i n w h i c h w a y t h e ya r e b r a c k e t e d . T h e s e c o n d l a w g i v e s S K I P as t h e u n i t o r i d en t i t y o fc o m p o s i t i o n . I t s t a te s th a t a c o m m a n d x r e m a i n s u n c h a n g e d w h e n it i se i t h e r f o l lo w e d o r p r e c e d e d b y SK I P . Th e t h i rd l aw g i v es A B O R T as a zero

S K I PA B O R Tx ; y

d o e s n o t h i n g , b u t t e r m i n a t e sd o e s a n y t h i n g , a n d m a y f a i l t o t e r m i n a t ed o es x f i r s t ; wh en x t e rmi n a t es i t d o es y

Figure 21 .7 Com mand s.

7/20

THE MATHEMATIC S OF PROGRAMMIN G 35 7

x ; ( y ; z ) = ( x ; y ) ; zS K I P ; x = x = x ; S K I P

A B O R T ; x = A B O R T = x ; A B O R T

Figure 21.8 Laws for composit ion.

o r f ix e d p o i n t f o r c o m p o s i t i o n . Y o u c a n n o t p r o g r a m y o u r w a y o u t o f t h em e s s b y p r e c e d i n g it or f o l l o w i n g i t b y a n y o t h e r c o m m a n d . N o t e t h a t t h e s et h r e e a l g e b r a i c l aw s f o r c o m p o s i t i o n a r e e x a c t l y t h e s a m e a s t h o s e f o rm u l t i p l i c a t i o n o f n u m b e r s , w i t h m e r e l y a c h a n g e i n n o t a t i o n .

T h e n e x t i m p o r t a n t f e a t u r e o f p r o g r a m m i n g i s t h e c o n d i t i o n a l . L e t b b e al o g i ca l ex p res s i o n wh i ch i n a l l c i r cu ms t an ces ev a l u a t es t o a l o g i ca l v a l u et r u e o r f a l s e . I f x a n d y a r e c o m m a n d s , I i n t r o d u c e t h e n o t a t i o n

x y ( x i f b e l s e y )t o d e n o t e t h e c o n d i t i o n a l c o m m a n d . I t i s o b e y e d b y f i r s t e v a l u a t i n g t h el o g i ca l ex p res s i o n b . I f t h e r esu l t i s t r u e , t h e n t h e c o m m a n d x is o b e y e d a n dy i s o m i t t ed . I f t h e r esu l t is f a l s e , t h en y i s o b ey ed an d x i s o mi t t ed . Th i si n f o r m a l d e s c r i p t i o n i s s u m m a r i z e d i n t h e f i r s t l a w o f F i g u r e 2 1 . 9 .

I n o w r e g a r d t h e i f s y m b o l < a n d th e e l s e sy mb o l ~ > as b r ack e t ss u r r o u n d i n g t h e l o g i c a l e x p r e s s i o n b , s o t h a t t h e n o t a t i o n

 ( i f b e l se )a p p e a r s a s a n in f ix o p e r a t o r b e t w e e n t w o c o m m a n d s x a n d y . T h e r e a s o nfo r t h i s n o v e l n o t a t i o n i s t h a t i t s i mp l i f i e s ex p res s i o n an d u se o f t h e r e l ev an ta l g e b r a i c la w s . F o r e x a m p l e , t h e c o n d i t i o n a l i s i d e m p o t e n t a n dasso c i a t i v e , an d i t d i s t r i b u t es t h ro u g h < c c> fo r an y l o g i ca l ex p res s i o n c .F i n a l l y , s e q u e n t i a l c o m p o s i t i o n d i s t r i b u t e s l e f t w a r d ( b u t n o t r i g h t w a r d )t h r o u g h a c o n d i t i o n a l .

F i g u r e 2 1 . 1 0 s h o w s a p i c t u r e o f t h e c o n d i t i o n a l a s a s t r u c t u r e d f l o w c h a r t .S u c h p i c t u r e s a c t u a l l y i n h i b i t t h e u s e o f m a t h e m a t i c s i n p r o g r a m m i n g , a n d I

( x < t r u e ~> y ) = x = ( t < f a l s e c> x )( x x ) = x

x ( y z ) = ( x y ) z= x z

x (y < c E> z ) = ( x y ) < c ~> (x z)(x y) ; z = (x; z) (y; z)

Figure 21.9 Conditional.


8/20

3 58 E S S A YS I N C O M P U T I N G S C I E N C E

I ! i 1!,

Figure 21 .10 Condi t iona l a s f low char t .d o n o t a p p r o v e o f t h e m . T h e y m a y b e u s e f u l in f ir s t p r e s e n t i n g a n e w i d e a ,a n d i n c o m m i t t i n g i t t o m e m o r y . T h e i r r 6 1e i s s i m i l a r t o t h a t o f t h e p i c t u r eo f a n a p p l e o r a z e b r a i n a c h i ld ' s a l p h a b e t b o o k . B u t e x c e s s i ve r e l ia n c eo n p i c t u r e s c o n t i n u e d i n t o l a t e r l i f e w o u l d n o t b e r e g a r d e d a s a g o o dq u a l i f i c a t i o n f o r o n e s e e k i n g a c a r e e r a s a p r o f e s s i o n a l a u t h o r . I t i s e q u a l l yi n a p p r o p r i a t e f o r a p r o f e s s i o n a l p r o g r a m m e r . C o n f u c i u s is o f t e n q u o t e d a ss a y i n g t h a t a p i c t u r e i s w o r t h t e n t h o u s a n d w o r d s - s o p l e a s e n e v e r d r a wo n e t h a t i s n ' t .

U n f o r t u n a t e l y , t h e r e e x i s t p r o b l e m s w h i c h a r e s o w i d e s p r e a d a n d s os e v er e th a t e v e n f lo w c h a rt s m u s t b e r e c o m m e n d e d a n d a c t u a l l y w e l c o m e da s t h e i r s o l u t i o n . F i g u r e 2 1 . 11 s h o w s h o w w e h a v e t a u g h t a g e n e r a t i o n o fs c h o o l c h i l d r e n t o e x p r e s s t h e s t r u c t u r e o f a c o n d i t i o n a l i n B A S I C . P r o -g r a m m i n g i n B A S I C i s l i k e d o i n g a r i t h m e t i c w i t h r o m a n n u m e r a l s . T o s t a r tw i t h , f o r s i m p l e t a s ks l i ke a d d i t i o n a n d s u b t r a c t i o n , r o m a n n u m e r a l s a r em u c h e a s i e r t h a n a r a b i c , b e c a u s e y o u d o n o t f i r s t h a v e t o l e a r n o n e h u n d r e d

4 1 041 15 505 54

I F b T H E N G O T O 5 5 4

G O T O 5 9 3

5 9 3 R E M

F i g u r e 2 1 . 11 B A S I C .


9/20

THE MATHEMATICS OF PROGRAMMING 359f a c t s a b o u t a d d i t i o n a n d s u b t r a c t i o n o f th e t e n d ig i ts , a n d y o u a v o i d m o s to f th e c o m p l i c a ti o n s o f c a rr y a n d b o r r o w . R o m a n n u m e r a l s h a v e a n o t h e ra d v a n t a g e - t h e y a r e e a si e r t o c a r v e o n s t on e .

T h e d i s a d v a n ta g e s o f r o m a n n u m e r a l s b e c o m e a p p a r e n t o n l y in m o r ec o m p l e x t a s k s s u c h a s m u l t i p l i c a t i o n , o r w o r s e , d i v i s i o n . F o r d i v i s i o n o fr o m a n n u m e r a l s , t h e o n l y k n o w n t e c h n i q u e i s t r i a l a n d e r r o r . Y o u h a v e t og u e s s t h e s o l u t i o n , t e s t i t b y m u l t i p l y i n g b a c k t h e d i v i s o r a n d c o m p a r e t h ed i v i d e n d , a n d m a k e a n e w g u e s s i f t h e p r e v i o u s o n e w a s w r o n g . T h i s ise x a c t l y t h e w a y w e te a c h s c h o o l c h i l d r e n t o w r i te a n d d e b u g t h e i r B A S I Cp r o g r a m s . B u t c o m p a r e d w i t h B A S I C p r o g r a m m i n g , d i vi s io n o f r o m a nn u m e r a l s i s q u i t e e a s y , b e c a u s e t h e f u n d a m e n t a l l a w o f d i v i s i o n t e l l s y o uw h e t h e r t h e n e w g u e s s s h o u l d b e s m a l l e r o r g r e a t e r t h a n t h e l a s t .

T h a n k f u l l y , a r a b i c n u m e r a l s h a v e d i s p l a c e d r o m a n o n e s i n o u r s c h o o l s ,a n d t h e e f f e c ti v e a l g o r i t h m f o r l o n g d iv i s i on h a s r e p l a c e d t h e r o m a n m e t h o do f t r ia l a n d e r r o r b y a n o r d e r l y p r o c e s s o f c a l c u l a t i o n ; w h e n c a r e f u l l yex ecu t e d , i t l ead s i n v ar i ab l y t o t h e co r r ec t so l u t i o n . I n cases o f d o u b t , t h ean sw er can s t i ll b e ch eck ed b y mu l t i p l i c a t i o n ; b u t i f t h i s d i sco v er s an e r ro r ,y o u d o n o t t r y t o d e b u g t h e d i g i t s o f y o u r a n s w e r o n e b y o n e . Y o u g o b a c ko v e r t h e s te p s o f th e c a l c u l a t i o n , a n d c o r r e c t t h e m - o r e ls e s t a r t a g a i n . T h el o n g d i vi s i o n a l g o r i t h m w a s d i s c o v e r e d b y B r ig g s , w h o w a s a p p o i n t e d t h ef i r s t S av i l ean P ro fes so r o f Geo met ry a t Ox fo rd i n 1 6 1 9 . I t i s i r o n i c t h a t a sc o m p u t e r s h a v e e l i m i n a t e d t h e n e e d t o t e a c h l o n g d i v i s i o n i n s c h o o l s , t h e yh a v e r e p l a c e d i t b y s u c h s t o n e - a g e n o t a t i o n s a s B A S I C .

B u t i t i s f o o l i s h t o d e v e l o p a n e m o t i o n a l f i x a t i o n o n m e r e n o t a t i o n . F o re a c h t a s k , a m a t h e m a t i c i a n c h o o s e s t h e m o s t a p p r o p r i a t e n o t a t i o n . F o rch a l k i n g u p a s l a t e fo r d r i n k s fo r m y g u es t s a f t e r t h i s l ec t u re , I sh a l l u se t h em o s t p r i m i t i v e n o t a t i o n o f a l l - u n a r y .

Illll Illl

2 1 . 3 A b s t r a c t i o nI n o w h a v e g r e a t p l e a s u r e i n i n t r o d u c i n g t h e c o n c e p t o f a n a b s t r a c tc o m m a n d . A n a b s t r a c t c o m m a n d i s o n e t h a t sp e c if ie s g e n e r a l p r o p e r t i e s o ft h e d e s i re d b e h a v i o u r o f a c o m p u t e r , w i t h o u t p r e s c r i b i n g e x a c t l y h o w i t is t ob e a c h i e v e d. W e s h a l l se e t h a t a b s t r a c t i o n i s t h e p r i m a r y t e c h n i q u e w h e r e b yt h e s o f t w a r e e n g i n e e r c a n c o n t r o l t h e c o m p l e x i t y o f h i s t a s k s . I n c o n v e n -t i o n a l en g i n eer i n g , t h e same r6 1 e i s f u l f i l l ed b y t h e t ech n i q u e o f n u mer i ca la p p r o x i m a t i o n . S u c h a p p r o x i m a t i o n i s o f t e n v a li d f o r c o n t i n u o u s n a t u r a lp h e n o m e n a , b u t n o t f o r d i s c r e te m a t h e m a t i c a l a c t iv i ti e s l ik e p r o g r a m m i n g ,wh ere ev ery b i n a ry d i g i t i s s i g n i f i can t , an d t h e smal l es t ch an g e wi l l r e su l t i nA B O R T .

i


10/20

3 60 ESSAYS IN COMPUTING SCIENCE

x U y b ehav es l i ke x o r yxUx : xxUy : yUx

x U ( y U z ) = ( x U y ) U zx U A B O R T = A B O R T

Figure 21.12 Abstraction.

A s i m p l e e x a m p l e o f a n a b s t r a c t c o m m a n d i s t h e u n i o n o r 1 . u .b . ( x U y )o f t w o c o m m a n d s x a n d y , w h i c h m a y t h e m s e l v e s b e a b s t r a c t o r c o n c r e t e .T h e u n i o n c o m m a n d m a y b e o b e y e d b y o b e y i n g e it h e r o f i ts o p e r a n d s . T h ec h o i c e b e t w e e n t h e m i s l e ft o p e n , a n d m a y b e m a d e l a t e r b y t h e p r o g r a m -m e r , b y a c o m p i l e r , o r e v e n b y s o m e d e v i c e i n a m a c h i n e w h i l e i t e x e c u t e st h e p r o g r a m .

T h e p r o p e r t i e s o f t h e u n i o n o p e r a t o r ( F ig . 2 1 . 1 2 ) a r e e x a c t l y w h a t y o uw o u l d e x p e c t . A c o m m a n d t o d o x o r x l e a v e s y o u n o c h o i c e b u t t o d o x . T od o x o r y g iv e s y o u t h e s a m e c h o i c e a s y o r x . A n d i n a c h o i c e b e t w e e n t h r e ea l t e r n a t i v e s , i t d o e s n o t m a t t e r i n w h a t o r d e r y o u c h o o s e b e t w e e n o n e o ft h e m a n d a s u b s e q u e n t c h o i c e b e t w e e n t h e o t h e r t w o . A n d f i n a l l y , A B O R Ti s t h e a b s t r a c t p r o g r a m w h i c h a l l o w s a n y b e h a v i o u r w h a t s o e v e r . T h u s ,t o a l l o w f u r t h e r c h o i c e d o e s n o t a l t e r t h e r a n g e o f o p t i o n s p e r m i t t e d b yA B O R T .

T h e i n t r o d u c t i o n o f a b s t r a c t i o n p e r m i t s t h e d e f i n i t i o n o f a u s e f u lo r d e r i n g r e l a t i o n b e t w e e n c o n c r e t e a n d a b s t r a c t c o m m a n d s . I f y is a na b s t r a c t c o m m a n d s p e c i f y i n g s o m e d e s i r e d e f f e c t , a n d x i s a c o n c r e t ec o m m a n d w h i c h a c h i e v e s t h a t e f f e c t, w e s a y t h a t x s a ti sf ie s y , a n d u s e t h ef a m i l i a r n o t a t i o n f o r a p a r t i a l o r d e r

x c _ yT h e c o m m a n d x m a y a l s o b e a b s t r a c t , i n w h i c h c a s e t h e o r d e r i n g r e l a t i o n

m e a n s t h a t x is t h e s a m e a s y , o r i t i s m o r e s p e c if ic , m o r e c o n c r e t e o r m o r ed e t e r m i n i s t i c t h a n y . I n e i t h e r c a s e , x m e e t s t h e s p e c i f i c a t i o n y , b e c a u s ee v e r y p o s s i b l e e x e c u t i o n o f x i s d e s c r i b e d a n d t h e r e f o r e a l l o w e d b y y . A ss t a t e d i n F i g . 2 1 . 1 3 , t h e s a t i s f a c t i o n r e l a t i o n i s a p a r t i a l o r d e r , a n d t h ea b s t r a c t i o n o p e r a t o r i s i t s l e a s t u p p e r b o u n d .

A b s t r a c t c o m m a n d s m a y b e c o m b i n e d b y a l l t h e s a m e o p e r a t o r s a sc o n c r e t e c o m m a n d s . F i g u r e 2 1 . 1 4 s h ow s t h a t t h e s e q u e n t i al c o m p o s i t i o nd i s t r i b u t e s t h r o u g h a b s t r a c t c h o i c e in b o t h d i r e c t i o n s , i n t h e s a m e w a y t h a tm u l t i p l i c a t i o n d i s t r i b u t e s t h r o u g h t h e g r e a t e r o f t w o n u m b e r s . I t f o l l o w st h a t c o m p o s i t i o n i s m o n o t o n i c i n b o t h i t s o p e r a n d s . I n f a c t , a l l t h eo p e r a t o r s o f a p r o g r a m m i n g l a n g u a g e a r e m o n o t o n i c i n t h is s e ns e . T h e r ea r e g o o d t h e o r e t i c a l r e a s o n s f o r t h i s ; a n d t h e r e a r e a l s o v e r y b e n e f i c i a l


11/20

T H E M A T H E M A T I C S O F P R O G R A M M I N G 3 61

x ~ y , x Uy =yx ~ x

x c _ y A y C _x = x = yxc_ yA yc_z = xc_ z

( x U y ) _c z = x c z U yc _ z

Figure 21.13 Satisfaction.

( x u y ) ; z = ( x ; z ) u ( y ; z )z ; (x U y) = (z ; x ) U (z ; y )

w ~ y Ax ~ z= w ; x ~ y ; z

Figure 21.14 Sequen tial composit ion.

c o n s e q u e n c e s f o r p r a c t i c a l s o l u t i o n o f p r o g r a m m i n g p r o b l e m s , a s I s h a l ln o w s h o w .

2 1 . 4 R e f i n e m e n tAc c o rd in g to t h e p r in c ip l e s I o u t l i n e d a t t h e b e g in n in g o f t h i s l e c tu re , t h et a s k o f a p r o g r a m m e r c a n b e d e s c r i b e d a s a p r o b l e m i n m a t h e m a t i c s . W es t a r t w i t h a n a b s t r a c t d e s c r i p t i o n y o f w h a t w e w a n t t h e c o m p u t e r t o d o ,c a r e f u l l y c h e c k i n g t h a t i t i s a n a c c u r a t e d e s c r i p t i o n o f t h e r i g h t p r o b l e m .Th i s i s o f t e n t h e m o s t d i f f i c u l t p a r t o f o u r t a sk , a n d r e q u i r e s t h e m o s tp o w e r f u l t o o l s . S o i n t he s p e c i f i c a ti o n y , w e t a k e a d v a n t a g e o f t h e f u l l r a n g eo f c o n c e p t s a n d n o t a t i o n s o f m a t h e m a t i c s , i n c l u d i n g e v e n c o n c e p t s w h i c hc a n n o t b e r e p r e s e n t e d o n a n y c o m p u t e r , a n d o p e r a t i o n s w h i c h c o u ld n e v e rb e i m p l e m e n t e d i n a n y p r o g r a m m i n g l a n g u a g e .

T u r n i n g n o w t o th e s e c o n d p a r t o f t h e p r o g r a m m e r ' s t a s k , w e m u s t f in ds o m e p r o g r a m x w h i c h s o l v e s t h e i n e q u a t i o nx c y

w h e r e y is t h e s p e c if i c a ti o n o f t h e p r o g r a m . M a t h e m a t i c s p r o v i d e s m a n yf o r m u l a e a n d m e t h o d s f o r t h e s o l u t i o n o f e q u a t i o n s a n d i n e q u a t i o n s , f r o ml in e a r a n d q u a d ra t i c t o d i f f e r e n t i a l a n d i n t e g ra l . I n a l l c a se s , t h e d e r iv a t i o no f a s o l u t i o n m a y u s e t h e f u l l p o w e r o f m a t h e m a t i c s , b u t t h e s o l u t i o n i t s e l fm u s t b e e x p r e s s e d a s a f o r m u l a i n s o m e m o r e r e s t r i c t e d n o t a t i o n . Y o uc a n n o t u s e t h e d e r i v a t i v e s y m b o l w h e n a s k e d t o d i f f e r e n t i a t e a f o r m u l a , o r


12/20

36 2 ESSA Y S I N CO M PU TI N G SCI EN CEa n i n t e g r a l s ig n w h e n a s k e d t o i n t e g r a t e . T h a t w o u l d b e j u s t t o o e a s y . A n dt h e s a m e i s t r u e i n p r o g r a m m i n g , w h e r e t h e e v e n t u a l s o l u t i o n m u s t b ee x p r e s s e d i n t h e r e s t r i c t e d n o t a t i o n s o f a n i m p l e m e n t e d c o n c r e t e p r o g r a m -m i n g l a n g u a g e .

T h e m o s t p o w e r f u l g e n e r a l m e t h o d o f s o lv i n g a c o m p l i c a t e d p r o b l e m i s t os p l i t i t i n t o s i m p l e r s u b p r o b l e m s , w h i c h c a n t h e n b e s o l v e d i n d e p e n d e n t l y .T h e s a m e m e t h o d c a n b e a p p l i e d a g a i n t o t h e s u b p r o b l e m s u n t i l t h e y a r es i m p l e e n o u g h t o s o l v e b y s o m e o t h e r m o r e d i r e c t m e t h o d . I n t h e c a s e o fc o m p u t e r p r o g r a m m i n g , t h is is o ft e n c a ll e d t o p - d o w n d e v e l o p m e n t o rs t ep wi se r e f i n em en t ; a n d i t is il l u s t r a t ed i n F i g . 2 1 .1 5 . W e s t a r t w i t h t h ep r o b l e m o f f in d i n g s o m e c o m m a n d x (e x p r e s s ed i n a c o n c r e t e p r o g r a m m i n gl a n g u a g e ) w h i c h m e e t s t h e s p e c i f i c a t i o n y ( e x p r e s s e d i n t h e a b s t r a c tl an g u ag e o f ma t h emat i cs ) . Th e f i r s t s t ep r eq u i r es t h e i n s i g h t t o sp l i t y i n t ot w o s e q u e n t i a l s u b p r o b l e m s , a n d t h e s k i ll to s p e c i f y th e s e a s a b s t r a c tp r o g r a m s v a n d w . B e f o r e p r o c e e d i n g f u r t h e r , w e p r o v e t h e c o rr e c t n e s s o fo u r d e s i g n s o f a r by s h o w i n g t h a t t h e s e q u e n t i a l c o m p o s i t i o n o f v a n d wm e e t s t h e o r i g i n a l s p e c if i c a ti o n y , o r m o r e f o r m a l l y

v ; w c _ yN o w t h e s e tw o s u b p r o b l e m s v a n d w m a y b e s ol v e d o n e a f te r t h e o t h e r o rs i m u l t a n e o u sl y , b y a s in g le p r o g r a m m e r o r b y tw o t e a m s o f p r o g r a m m e r s ,

a c c o r d i n g t o t h e s iz e o f th e t a s k . W h e n b o t h s u b p r o b l e m s a r e s o l v e d , w ew i ll h a v e t w o c o m m a n d s t a n d u , e x p r e s s e d in t h e r e s tr i c t e d n o t a t i o n s o f o u rc h o s e n p r o g r a m m i n g l a n g u a g e , e a c h m e e t i n g t h e i r r e s p e c t i v e s p e c i f i c a t i o n s

t c _ va n d u c _ w

No w a l l t h a t r emai n s i s t o d e l i v e r t h e i r s eq u en t i a l co mp o s i t i o n ( t ; u ) a s as o l u t i o n t o t h e o r i g i n a l p r o b l e m y . C o r r e c t n e s s o f t h e s o l u t i o n h a s b e e ne s t a b l i s h e d n o t b y t h e t r a d i t i o n a l l a b o r i o u s a n d u l t i m a t e l y u n s o u n d m e t h o do f i n t e g r a t i o n t e s ti n g a n d d e b u g g i n g a f t e r t h e c o m p o n e n t s h a v e b e e n

P r o b l e m :Step 1"S t ep 2 a :S t ep 2 b :Step 3"P r o o f :

,

f in d x s u c h t h a t x _ yf ind v , w such t hat v;w c_ yf ind t such th at t c vf ind u such that u c_ wdel iver t ; ut; u c_ v ; w ; m on oto n ic , (2 )t ; u c_ y c_ tra ns it iv e, (1)

Figure 21 .15 Top-down development .


13/20

T H E M A T H E M A T I C S O F P R O G R A M M I N G 36 3c o n s t r u c t e d ; b u t r a t h e r b y a m a t h e m a t i c a l p r o o f , w h i c h w a s c o m p l e t e d o nthe ve ry f i r s t s t ep , even be fo re the i r cons t ruc t ion began .

T h e v a l i d it y o f t h e g en e r a l m e t h o d o f t o p - d o w n d e v e l o p m e n t d e p e n d s o nm o n o t o n i c i t y o f t h e c o m p o s i t i o n o p e r a t o r a n d t r a n s i t i v i t y o f t h e a b s t r a c -t i o n o r d e r i n g . T h e m e t h o d c a n t h e r e f o r e b e a p p l i e d to a n y o t h e r o p e r a t o r o fa c o n c r e t e p r o g r a m m i n g l a n g u a g e . I t h a s b e e n t r e a t e d a t l e n g t h i n m a n yl e a r n e d a r t ic l es a n d b o o k s . S u c h i s t h e s i m p l i f y in g p o w e r o f m a t h e m a t i c st h a t t h e w h o l e m e t h o d c a n b e d e s c r ib e d , t o g e t h e r w i t h a p r o o f o f i tsva l id i ty , w i th in the s even s ho r t l i ne s o f F ig . 21 .15 .

I h a v e d r a w n a n a n a l o g y b e t w e e n m u l t i p l i c a t i o n o f n a t u r a l n u m b e r s a n ds e q ue n t ia l c o m p o s i t i o n o f c o m m a n d s i n p r o g r a m m i n g . T h i s an a l o g yex tends even to d iv i s ion . As w i th d iv i s ion o f na tu ra l nu mb ers , t he quo t i en to f two com ma nd s i s no t an exac t i nve rs e . Ho wev e r , i t i s un iqu e ly de f ined byt h e s a m e f u n d a m e n t a l l a w , a s s h o w n i n F i g . 2 1 . 16 . T h e q u o t i e n t o f y b y z i st h e m o s t a b s t r a c t s p e c i f ic a t io n o f a p r o g r a m x , w h i c h , w h e n f o l l o w e d b y z ,i s s u re to mee t the s pec i f i c a t ion y . As a cons equence , t he quo t i en t i t s e l f ,when fo l lowed by z , mee t s the o r ig ina l s pec i f i c a t ion . And f ina l ly , when thed i v i s o r is t h e c o m p o s i t i o n o f t w o c o m m a n d s , t h e q u o t i e n t m a y b e c a l cu l a t e dby s ucces s ive d iv i s ion by the s e two commands in the reve rs e o rde r . S ince thec o m p o s i t i o n o f c o m m a n d s i s n o t s y m m e t r i c , th e r e v e rs a l o f th e o r d e r i si m p o r t a n t h e r e .

In fac to r i za t ion o f l a rge numbers , d iv i s ion obv ious ly s aves a lo t o f e f fo r t ,b e c a u s e y o u h a v e t o g u e ss o n l y o n e o f t h e f a c t o rs , a n d o b t a i n t h e o t h e r o n eb y a m e r e c a l c u l a t i o n . T h e d i v i s i o n o f c o m m a n d s o f f e r s t h e s a m e a d v a n -t a g e s i n t h e f a c t o r i z a t i o n o f p r o g r a m m i n g p r o b l e m s . I n t h e r e f i n e m e n tp rocedure wh ich I have ju s t de s c r ibed , i t r ep lace s the gues s work requ i red ind i s c o v e ri n g t w o s i m p l e r s u b t a s k s b y t h e d i s c o v e r y o f o n l y t h e s e c o n d o ft h e m , a s s h o w n i n F i g . 2 1 . 1 7 . F u r t h e r m o r e , t h e p r o o f o b l i g a t i o n i n s t e p Iha s been e l imina ted . I t i s r ep laced by a fo rma l c a l cu la t ion o f the weakes ts p e c i f i c a t i o n w h i c h m u s t b e m e t b y t h e f i r s t o p e r a n d o f t h e c o m p o s i t i o n .R e d u c t i o n o f g u e s s w o r k a n d p r o o f t o m e r e c a l c u l a t i o n i s t h e w a y i n w h i c ha ma thema t i c i an s imp l i f i e s h i s own t a s ks , a s we l l a s thos e o f the us e r o fm a t h e m a t i c s - t h e sc i en t is t , th e e n g i ne e r , a n d n o w a l s o th e p r o g r a m m e r .T h e q u o t i e n t o p e r a t o r f o r c o m m a n d s o f a p r o g r a m m i n g l a n g u a g e w a sd i s cove red and exp lo red in a s e r i e s o f r e s ea rch s emina rs in Oxfo rd in 1985 .

( x ; z ) c y . x c _ ( y + z)(y + z);z ~ y

x + (y; z ) = (x + z) + y

Figure 21.16 Q uotient of comm ands.

i


14/20

364 E S S A Y S I N C O M P U T I N G S C I E N C E

Pro b le m " f i n d x su c h th a t x c_ yStep 1" cho ose su i tab le wSte p 2a" find t such that t c_ y + wStep 2b: f ind u such tha t u c wStep 3 ' de l iver t ; uPr oo f : t ; u c_ (y + w); w

( y + w ) ; w c _ y. '. t ;u c _ y

; m o n o t o n i cp r o p e r t y o f +c_ transitive

Figure 21.17 Development by quotient.

I t is a s l ig h t g e n e r a l i z a t io n o f D i j k s t r a ' s w e a k e s t p r e c o n d i t i o n , w h i c h i s o n eo f t h e m o s t e f f e c t i v e k n o w n m e t h o d s f o r t h e d e s i g n a n d d e v e l o p m e n t o fc o r r e c t a l g o r i t h m s , a s s h o w n i n n u m e r o u s e x a m p l e s b y D a v i d G r i e s .

2 1 .5 P r o g r a m m a i n t e n a n c eI n m y d e s c r i p t i o n o f t h e t a s k o f a p r o g r a m m e r , I h a v e c o n c e n t r a t e d o n t h em o r e g l a m o r o u s p a r t o f t h a t t a s k , t h a t o f s p e c i f y i n g , d e s ig n i n g a n d w r i t i n gn e w p r o g r a m s . B u t a s i g n if i c a n t p r o p o r t i o n o f a p r o g r a m m e r ' s p r o f e s s i o n a ll if e i s s p e n t o n m a k i n g c h a n g e s t o o l d p r o g r a m s . S o m e o f t h e s e c h a n g e s a r en e c e s s i t a t e d b y th e d i s c o v e r y o f e r r o r s , a n d s o m e b y c h a n g e s i n th es p e c i f ic a t i o n o f t h e d e s ir e d b e h a v i o u r o f th e p r o g r a m . T h e p r o g r a m a n d t h esp e c i f i c a t i o n a re so l a rg e t h a t i t i s n o t p ra c t i c a l t o wr i t e a n e w p ro g ra m f ro msc ra t c h ; so wh e n o n ly a sm a l l p a r t o f t h e sp e c i f i c a t i o n i s c h a n g e d , i t i s h o p e dt h a t o n l y a s m a l l p a r t o f t h e p r o g r a m w i l l n e e d c h a n g i n g t o m e e t i t .

O f c o u r s e , s u c h a h o p e i s n o t a l w a y s f u lf i ll e d . C o n s i d e r a g a i n t h e a n a l o g yo f t h e d iv i s io n o f n u m b e r s . A sm a l l c h a n g e i n t h e l e a s t s i g n i f i c a n t d ig i t s o fth e d iv id e n d r e su l t s i n a sm a l l c h a n g e i n t h e l e a s t s i g n i f i c a n t d ig i t s o f t h eq u o t i e n t , a n d c a n b e a c h i e v e d b y a s m a l l a m o u n t o f r e c a l c u l a t i o n . B u t asm a l l c h a n g e i n t h e m o s t s i g n i f i c a n t d ig i t o f e i t h e r o p e ra n d r e q u i r e s t h ec a l c u l a t i o n t o b e s t a r t e d a g a i n , a n d l e a d s t o a c o m p l e t e l y d i f fe r e n t r e s u l t . I nth e c a se o f p ro g ra m s , i t i s o f t e n v e ry d i f f i c u l t t o k n o w wh ic h sm a l l c h a n g e sin a l a rg e sp e c i f i c a t i o n wi l l r e q u i r e m a jo r c h a n g e s t o t h e c o d e .

I t i s t h e r e f o r e o n e o f t h e m o s t i m p o r t a n t d u t i e s o f t h e o r i g i n a l p r o g r a m -m e r t o d e c i d e w h i c h p a r t s o f a s p e c i f i c a t io n a r e m o s t l i k e ly to b e c h a n g e d ,a n d s t r u c t u r e a p r o g r a m d e s i g n s o t h a t a c h a n g e t o o n e p a r t o f t h es p e c i f i c a t i o n r e q u i r e s a c h a n g e t o o n l y o n e p a r t o f t h e p r o g r a m . T h ep r o g r a m m e r s h o u l d t h e n d o c u m e n t t h e p r o g r a m w i t h i n s t r u c t i o n s o n h o w


15/20

THE MATHEMATIC S OF PROGRAMMING 36 5

Given : f ( x ) c g ( y )P r o b l e m : f in d x ' s u c h t h a t f ( x ' ) c _ g ( y ' )C a s e I : f = g

solve x ' c_ y ,C a s e 2 : f h a s a p p r o x i m a t e i n v e rs e f - 1

solve x ' c_ f - l ( g ( y , ) )Figure 21.18 Maintenance .

t o c a r r y o u t t h e c h a n g e . T h i s t o o c a n b e d o n e i n a r i g o r o u s m a t h e m a t i c a lfa s h io n (F ig . 21 .18 ) . L e t y be tha t pa r t o f a comple te s pec i f i c a t ion g ( y )which i s l i ab le to change . Le t x be tha t command in a b ig p rog ram f ( x )w h i c h i s d e s i g n e d t o c h a n g e w h e n y c h a n g e s . T h e p r o b l e m n o w is to c h a n g ex to x ' s o tha t f ( x ' ) mee t s the changed s pec i f i c a t ion g ( y ' ) .

T h e p r o b l e m o f p r o g r a m m a i n t e n a n c e i s m o s t e a s i l y s o l v e d w h e n t h es t r u c t u r e o f t h e p r o g r a m f i s t h e s a m e a s th e s t r u c t u r e o f t h e s p e c if i c at i o n g ,becaus e in th i s c a s e i t i s s u f f i c i en t t o ens u re tha t t he mod i f i ed componen tmee t s the m od i f i ed s pec i f i c a t ion . B u t i t is no t a lways pos s ib le to p re s e rve thes t ruc tu re o f a s pec i f i c a t ion in the de s ign o f a p rog ram. Th i s i s becaus e as pec i f i c a t ion i s o f t en mos t c l ea r ly s t ruc tu red w i th the a id o f s uch log ica lo p e r a t o r s a s n e g a t i o n a n d c o n j u n c t i o n , w h i c h a r e n o t a v a i l a b l e i n a ni m p l e m e n t e d p r o g r a m m i n g l a n g u a g e . N e v e r t h e l e s s , m a t h e m a t i c s c a n o f t e nh e l p . I f t h e p r o g r a m f h a s a n a p p r o x i m a t e i n v e r se f - 1 , d e f i ne d in th e s a m eway a s fo r the quo t i en t , t hen i t i s pos s ib le to ca l cu la t e the p roo f ob l iga t iono f t h e m o d i f i e d p r o g r a m a s

X ' ~ f - l ( g ( y , ) )

2 1 . 6 C o n c l u s i o nN o w I m u s t i n je c t a n o t e o f r e a l is m i n t o m y m a t h e m a t i c a l s p e c u l a t io n s . O nd iv id ing two in t ege rs , t he re s u l t o f t he d iv i s ion is u s ua l ly mu ch s ma l l e r t hanb o t h t h e o p e r a n d s . O n d i v i d i n g o n e p r o g r a m b y a n o t h e r , t h e r e s u l t c a n b el a r g e r t h a n b o t h t h e o p e r a n d s p u t t o g e t h e r , a n d r e q u i r e s m a s s i v e s i m p l i f i -c a t ion be fo re i t c an be us ed e f fec t ive ly . I t i s t h i s p rob lem tha t d i s couragest h e u s e o f m a t h e m a t i c s i n p r o g r a m d e s i g n , a n d p r e s e n t s t h e c h a l l e n g e f o rc o n t i n u i n g r e s e a r c h .

T h e p r o b l e m o f s i z e o f m a t h e m a t i c a l f o r m u l a e i s e x a c t l y t h e s a m ep r o b l e m t h a t l i m i ts t h e u s e o f m a t h e m a t i c s i n o t h e r b r a n c h e s o f s c ie n ce a n deng inee r ing . Sc ien t i s t s be l i eve a s fe rven t ly a s I do in the p r inc ip le tha t t he


16/20

36 6 ESSAYS IN COM PUTING SCIENCEwh o le o f n a tu re i s g o v ern ed b y math emat ica l laws o f g r ea t s imp l ic i ty an de leg an ce ; an d b r i l l i an t sc ien t i s t s h av e d isco v ered man y laws wh ich accu r -a te ly p r ed ic t th e r esu l t s o f ex p er imen ts co n d u c ted in a r ig o ro u s ly co n t ro l ledlab o ra to ry en v i ro n men t . B u t wh en th e en g in eer t r ies to ap p ly th e same lawsin p r ac t ice , th e n u mb er o f u n co n t ro l lab le v ar iab les i s so g r ea t th a t a f u l lca lcu la t io n o f th e co n seq u en ces o f each d es ig n d ec is io n i s h o p e les s lyimp rac t ica l . Th e mo v emen t o f a ten n is b a l l th ro u g h th e a i r i s d o u b t les sg o v ern ed b y math emat ica l eq u a t io n s ; b u t th e ten n is p lay er d o es n o tca lcu la te th e p arameter s o f h i s r e tu rn sh o t b y so lv in g th em. Th e mereth o u g h t o f d o in g so wo u ld co mp le te ly sp o i l h i s g ame. B o th en g in eer an dsp o r t sman h av e t r a in ed th emse lv es to an a lmo s t in s t in c t iv e f ee l an du n d er s tan d in g fo r th e ap p ro p r ia te ac t io n to mee t each n eed .

Ex p er ien ced p ro g rammers h av e d ev e lo p ed a s imi la r in tu i t iv e u n d er s tan d -i n g o f t h e b e h a v i o u r o f c o m p u t e r p r o g r a m s , m a n y o f w h i c h n o w a c h i e v eg rea t so p h is t ica t io n to g e th er w i th h ig h r e l iab i l i ty . Nev er th e les s , I wo u ldsu g g es t th a t th e sk i l l s o f o u r b es t p ro g rammers w i l l b e ev en mo re e f f ec t iv ew h e n e x e r ci s ed w i t h i n t h e f r a m e w o r k o f a n u n d e r s t a n d i n g a n d a p p l i c a t i o no f th e r e lev an t math emat ica l p r in c ip les , w i th p ar t icu la r emp h as is o na b s t r a c t i o n . T h e m a t h e m a t i c s h a s b e e n d e m o n s t r a t e d o n s m a l l e x a m p l e s , a si t w e r e i n t h e l a b o r a t o r y . A t O x f o r d , i n t h e C o m p u t i n g L a b o r a t o r y , w eh av e s ta r ted a n u mb er o f co l lab o ra t iv e p ro jec ts to sca le u p th ese meth o d sfo r ap p l ica t io n in an in d u s t r ia l en v i ro n men t . P r e l imin ary in d ica t io n s a r eq u i te p ro mis in g , b o th fo r ad v an ces in th eo ry an d fo r b en ef i t s in p r ac t ice .

We ar e co n cen t r a t in g o u r a t ten t io n o n th e a r eas o f g r ea tes t n ecess i ty ,wh ere lack o f math emat ica l p r ec is io n lead s to th e h eav ies t co s ts . I npar t icu lar , I l is t f ive such areas: specif ications , systems sof tware, s tandards ,s i l ico n s t ru c tu res , an d sa f e ty .

2 1 . 6 . 1 S p e c i f i c a t io n sIn the in i t ial specif ication and ear ly design of a large-scale sof twarep ro d u c t , th e u se o f math emat ics h as b een fo u n d to c la r i fy d es ig n co n cep ts ,an d en ab le a w id e v ar ie ty o f o p t io n s to b e ex p lo red a t a t ime wh en les ssu ccess fu l a l te rn a t iv es can b e ch eap ly d iscard ed . As a r esu l t , th e f in a l ag reedsp ec i f ica t io n may en jo y th a t s imp l ic i ty an d co n cep tu a l in teg r i ty wh ichch arac te r izes th e h ig h es t q u a l i ty in d es ig n . Fu r th ermo re , u ser man u a ls ,tu to r ia l s an d g u id es wh ich a r e b ased o n math emat ica l sp ec i f ica t io n s can b eb e t te r s t r u c tu red , mo re co mp le te an d mo re co mp reh en s ib le , ev en to u ser swh o h av e n o k n o wled g e o f th e u n d er ly in g math emat ics . Th is p ro mises tomi t ig a te th e g r ea tes t s in g le cau se o f e r ro r , in co n v en ien ce an d f ru s t r a t io n inth e u se o f so p h is t ica ted so f tware p ro d u c ts - th a t i s , fa i lu r e to r ead an du n d e r s t a n d t h e u s e r m a n u a l .

Ef f ec t iv e meth o d s o f sp ec i f ica t io n o f la rg e p ro g rams wi l l b e tau g h t an d


17/20

T H E MA T H E MA T I C S O F PR O G R A MMI N G 36 7u s e d e x t e n si v e l y i n o u r u n d e r g r a d u a t e c o u r s e s , p a r t i c u l a r l y i n a t h i r d - y e a rc o u r s e o n o p e r a t i n g s y s t e m s . T h e y h a v e b e e n e x p l o r e d i n a c o l l a b o r a t i v ec o n t r a c t b e t w e e n O x f o r d U n i v e r s i t y a n d I B M ( U K ) L t d , w h i c h i s n o we n t e r i n g i t s f i f t h y e a r . O u r r e s e a r c h w i t h I B M h a s c o n c e n t r a t e d o n a w i d e l ys o ld s o f tw a r e p r o d u c t k n o w n a s t he C u s t o m e r I n f o r m a t i o n C o n t r o l S y s t e m ,o r C I C S f o r s h o r t . A d e t e r m i n e d a t t e m p t t o c o n s t r u c t a m a t h e m a t i c a lm o d e l o f t h e e x is t in g p r o d u c t b r o u g h t t o l i g h t a n u m b e r o f t r i c k y q u e s t io n s ,w h i c h c o u l d n o t b e a n s w e r e d e v e n b y th o s e w h o h a d d e s i g n e d t h e p r o g r a m sa n d i m p l e m e n t e d t h e m . T h i s d i s c o v e ry g a ve o u r i n d u s t r ia l c o l l a b o r a t o r s t h ec o n f i d e n c e t o s u b m i t d e s i g n s o f n e w p r o d u c t s t o o u r a n a l y s i s . A g a i n , t h e yw e r e a s t o n i s h e d b y t h e d e p t h a n d r a n g e o f t h e i s s ue s w h i c h w e w e r e a b l e t ob r in g t o l i g h t a t t h e e a r l i e s t s t a g e s o f d e s ig n . So e v e n tu a l ly t h e y a l l o we d u st o s h o w t h e m h o w t o d o i t ; a n d n o w t h e y a r e d o i n g i t b e t t e r t h a n w e c a n .

W e h a v e p r o v e d t h a t o r d i n a r y p r o g r a m m e r s e n j o y l ea r n in g m a t h e m a t i c s ,a n d e n j o y a p p l y i n g i t . T h e y c a l l f o r o u r a s s i s t a n c e o n l y w h e n t h e y f i n dp r o b l e m s f o r w h i c h o u r s t a n d a r d m e t h o d s s e e m i n a d e q u a t e . T h e n w e h a v et o c o n d u c t a m a t h e m a t i c a l e x p l o r a t i o n t o d i s c o v e r n e w m e t h o d s , o r r e f i n e ,e x t e n d a n d g e n e r a l i z e t h e e x i s t i n g m e t h o d s . T h i s h a s b e e n a n i n v a l u a b l es t i m u l u s t o o u r m o r e a b s t r a c t r e s e a r c h .

2 1 . 6 . 2 S y s t e m s s o f t w a r eT h e b a s i c s y s t e m s s o f t w a r e o f a c o m p u t e r i n c l u d e s s u c h i t e m s a s a no p e r a t i n g s y s t e m , l a n g u a g e c o m p i l e r s , u t i l i t i e s , t r a n s a c t i o n p r o c e s s i n gp a c k a g e s a n d d a t a b a s e m a n a g e m e n t s y s t e m s . T h e s e p r o g r a m s a r e w r i t t e nb y l a r g e t e a m s o f p r o g r a m m e r s , a n d t h e y a r e d e li v e r e d t o t h o u s a n d s o rm i l l io n s o f c u s t o m e r s , w h o u s e t h e m d a i l y , h o u r l y , o r e v e n c o n t i n u o u s l y . I nt h e y e a r s a f t e r d e l iv e r y o f s u c h s o f t w a r e , m a n y t h o u s a n d s o f e r r o r s a r ed i s c o v e r e d b y t h e c u s t o m e r s t h e m s e l v e s ; a n d e a c h e r r o r m u s t b e l a b o r i o u s l ya n a l y s e d , c o r r e c t e d a n d r e - t e s t e d ; a n d t h e c o r r e c t i o n s m u s t b e d e l i v e r e dt o a n d i n s t a l l e d b y e v e r y c u s t o m e r i n t h e n e x t r e l e a s e o f t h e s o f t w a r e . Ar e d u c t i o n i n t h e n u m b e r o f c o r r e c t i o n s n e e d e d w o u l d b e v e r y c o s t -e f f e c ti v ef o r t h e s u p p l i e r a n d e v e n m o r e c o n v e n i e n t f o r t h e c u s t o m e r s . N o m e t h o d b yi t s e lf c a n g u a r a n t e e a b s o l u t e r e l i a b i li t y , b u t i n c o m b i n a t i o n w i t h m a n a g e -m e n t c o n t r o l , a m a t h e m a t i c a l a p p r o a c h l o o k s p r o m i s i n g b e c a u s e e v e n w h e nm i s t a k e s a r e m a d e , t h e y c a n b e t r a c e d t o t h e i r s o u r c e , a n d s t e p s c a n b et a k e n t o e n s u r e t h e y d o n o t h a p p e n a g a i n .

M e t h o d s o f r e l i a bl e p r o g r a m d e s i g n w i ll b e ta u g h t t h r o u g h o u t o u r n e wu n d e r g r a d u a t e s y l l a b u s , b u t e s p e c i a ll y i n a s e c o n d - y e a r c o u r s e i n S o f t w a r eE n g i n e e r i n g . R e s e a r c h i n t h i s a r e a i s c o n t i n u i n g a t O x f o r d i n c o l l a b o r a t i o nw i t h I B M , a n d w i t h o t h e r c o m p a n i e s i n c l u d i n g R a c a l a n d B r i t i s h P e t r o l -e u m . I n t h e s e r e s e a r c h c o n t r a c t s w e h o p e t o d e s i g n a n d d e v e l o p c o m p u t e ra i d s to l a r g e - s c a le p r o g r a m c o n s t r u c t i o n . T h e f ir s t s u c h a i d , w h i c h w e h a v e


18/20

36 8 ESSAYS IN COM PUTING SCIENCEa l r ead y d ev e lo p ed , i s a g o o d wo rd p ro cesso r w i th an ad eq u a te r an g e o fmath emat ica l sy mb o ls . Nex t we n eed a f i l in g sy s tem, wh ich wi l l co n t ro l th em a n y v e rs i on s o f d o c u m e n t s a n d p r o g r a m s p r o d u c e d b y l a r ge p r o g r a m m i n gteams . An d f in a l ly , we wo u ld l ik e so me co mp u ter as s i s tan ce in th eca lcu la t io n o f th e p ro p er t ies o f ab s t r ac t a n d co n cre te p ro g rams , an d in th eman ip u la t io n o f th e la rg e fo rmu lae wh ich a r i se .

2 1 . 6 . 3 S t a n d a r d s

T h e s t a n d a r d i z a t i o n o f l a n g u a g e s a n d i n t e r f a c e s i n h a r d w a r e a n d i nso f tware i s a v i ta l p r eco n d i t io n fo r f r ee co mp et i t io n an d fo r p ro p ag a t io n o ftech n ica l ad v an ces to la rg e n u mb er s o f sa t i s f ied cu s to mer s . Th e co n s t ru c-t io n o f a math emat ica l sp ec i f ica t io n fo r th ese s tan d ard s o f f e r s th e samep ro mise o f imp ro v ed q u a l i ty in d es ig n th a t I h av e d escr ib ed b efo re ; th er e i sa l so a h o p e o f r ed u c in g th e amb ig u i t ies an d misu n d er s tan d in g s wh ich leadto e r ro r s an d in co mp at ib i l i ty in v ar io u s imp lemen ta t io n s o f th e s tan d ard ,an d wh ich h av e p rev en ted fu l l b en ef i t f r o m b e in g o b ta in ed f ro m ex is t in gs t a n d a r d s .

M a t h e m a t i c a l m e t h o d s f o r t h e d e s c r i p t i o n o f p r o g r a m m i n g l a n g u a g es tan d ard s ap p ear in o u r n ew u n d erg rad u a te sy l lab u s in th e th i rd -y ear co u r seo n d en o ta t io n a l seman t ics . Th ey a r e b ased o n th e p io n eer in g d isco v er ies o fC h r i s t o p h e r S t r a c h e y a n d D a n a S c o t t a t O x f o r d . T h e y a r e b e i ng a p p l i e d t ot h e d e s i g n o f n e w p r o g r a m m i n g l a n g u a g e s s u c h a s o c c a m a n d A d a . T h eo c c a m p r o g r a m m i n g l a n g u a g e h a s b e e n d e s i g n e d b y I N M O S , t h e B r i t i s hm i c r o p r o c e s s o r c o m p a n y , a n d i n c l u d e s t h e p r o g r a m m i n g c o n c e p t s w h i c h Ih av e u sed in th i s lec tu r e . I t a l so in c lu d es o p era to r s sp ec i fy in g co n cu r r en te x e c u t i o n o f c o m m a n d s o r p r o c e s s e s , w h i c h c o m m u n i c a t e w i t h e a c h o t h e rb y in p u t an d o u tp u t . Th e lan g u ag e i s th e b as i s o f th e d es ig n o f th e n ewmicro p ro cesso r , k n o wn as th e t r an sp u te r , wh ich h as ju s t b een an n o u n cedb y INMOS. Th e lan g u ag e was u sed ex ten s iv e ly in th e d es ig n o f th et r an sp u te r i t s e l f . I t i s a l r ead y b e in g u sed in sp ace , f o r p ro g rammin g aco l lec t io n o f co mp u ter s in a B r i t i sh sa te l l i t e .

Th e su ccess fu l d es ig n o f o ccam was in sp i r ed an d g u id ed b y a math emat-ica l s tu d y co n d u c ted a t Ox fo rd . We n o w h av e a d en o ta t io n a l seman t ics o fth e lan g u ag e . We a lso h av e a se t o f a lg eb ra ic laws , wh ich a r e b e in g u sed b yINMOS to as s i s t in co r r ec t co n s t ru c t io n o f p ro g rams an d co mp i le r s f o r th elan g u ag e . Occam is th e f i r s t p r ac t ica l p ro g rammin g lan g u ag e wh ich fu l f i l si t s r o le as a math emat ica l th eo ry , g iv in g p rac t ica l as s i s tan ce to p ro g ram-mer s in wr i t in g co r r ec t p ro g rams .


19/20

T H E M A T H E M A T I C S O F P R O G R A M M I N G 36 92 1 . 6 . 4 S i l ic o n s t r uc tur e sT h e a d v a n c e o f t e c h n o l o g y i n v e r y la r g e sc a le i n t e g r a t i o n ( V L S I ) n o w m a k e si t p o s s i b le t o b u i l d h a r d w a r e o f a c o m p l e x i t y m a t c h i n g t h a t o f s o f t w a r e . A sa r e s u l t , t h e n u m b e r o f d e s i g n e r r o r s d e t e c t e d d u r i n g m a n u f a c t u r e a n dte s t ing o f complex dev ices i s a l s o beg inn ing to ma tch tha t o f s o f tware . Bu tn o w e a c h e r r o r c o s t s m a n y t h o u s a n d s o f d o l l a r s t o r e m o v e ; w h a t i s w o r s e ,by de lay ing in t roduc t ion o f a new dev ice to the marke t , a s ing le e r ro r canp r e v e n t a n i n n o v a t i v e c o m p a n y f r o m a s s u m i n g m a r k e t l e a d e r s h i p , o r e v e npre jud ice i t s s u rv iva l . As a re s u l t , many p roduc t s a re de l ive red wi th knowndes ign e r ro rs , fo r wh ich the cus tomer wi l l neve r ob ta in co r rec t ion o rr e s t it u t i o n . F o r t u n a t e l y , m a t h e m a t i c a l m e t h o d s s i m i l a r t o t h o s e f o r s e q u e n -t i a l p r o g r a m s c a n b e a d a p t e d t o c h e c k l o g i c d e s i g n s . T h e s e m e t h o d s a r ees pec ia l ly va luab le when the des ign invo lves concur rency o r pa ra l l e l i s m.

A t O x f o r d t h i s s u b j e c t w i l l a p p e a r i n o u r n e w u n d e r g r a d u a t e s y l l a b u s i nt h e s e c o n d - y e a r c o u rs e s o n V L S I d e s i g n a n d d i s t r i b u t e d c o m p u t i n g . W e a r ea l s o purs u ing fu r the r re s ea rch in to s i l i con des ign , in co l l abora t ion wi thI N M O S , G E C , a n d o t h e r c o m p a n i e s . O u r o b j e c t i v e i s t o c o n t i n u e th em a t h e m a t i c a l p r o c e s s l e a d in g f r o m s p e c if i c at i o n t h r o u g h d e s i g n ri g h t d o w nto a des c r ip t ion o f the c i rcu i t s wh ich a re implan ted in to s i l i con . I t appea rstha t the occam language wi l l p lay a va luab le in te rmed ia ry ro le in th i sprocess . I f we can do this eff ic ient ly and re l iably, we wil l achieve severa lo r d e r s o f m a g n i t u d e i m p r o v e m e n t i n t h e c o s t a n d p e r f o r m a n c e o f s p e c i a l -purpos e comput ing dev ices . T hes e wi l l be dev ices which a re accura te ly andcomple te ly s pec i f i ed in s uch a way tha t the i r behav iour can be p red ic ted andcon t ro l l ed by log ica l rea s on ing .

2 1 . 6 . 5 Sa f e t yC o m p u t e r p r o g r a m s a r e i n c r e a s i n g l y u s e d i n s y s t e m s w h i c h a r e c r i t i c a lto the s a fe ty o f the gene ra l pub l i c - con t r o l o f ra i lway s igna l l ing ,ae ro -eng ines , chemica l and nuc lea r p roces s es . A l l the eng inee r ing t ech-n iques us ed in thes e s ys tems a re s ub jec t to the mos t r igo rous ana lys i s andc o n t r o l , o f t e n e n f o r c e d b y la w . M a t h e m a t i c a l m e t h o d s o f f e r th e b e st h o p eo f e x t e n d i n g s u c h c o n t r o l t o c o m p u t e r s o f w a r e ; a n d w h e n t h i s h a p p e n s , ac o m p u t e r p r o g r a m c o u l d g a i n a r e p u t a t i o n a s t h e m o s t r e l i a b l e c o m p o n e n to f any s ys tem in which i t i s embedded .

T h e p r o d u c t i o n o f e r r o r - f re e p r o g r a m s h a s f o r o v e r f i ft e en y e a r s be e n t h em o t i v a t i o n o f m y o w n r e s e a rc h . T h e m e t h o d s a r e n o t e a s y t o a p p l y , a n dthe re i s ve ry l i t t l e knowledge o f the i r ex i s t ence , even among thos e who needthem mos t . I t ha s been d i f f i cu l t to f ind indus t r i a l co l l abora to rs who admi tt h a t t h e y n e e d h e l p in s a f e ty - c r it i c al p r o g r a m m i n g . B u t e v e r y g r a d u a t e f r o m


20/20

370 E S S AYS I N C OM P UT I NG S C I E NC Eo u r n e w S c h o o l w i ll k n o w a n d u n d e r s t a n d t h e r e l e v a n t t h e o r y , a n d w i ll b eab l e t o pu t i t i n t o p r ac t i ce .I s t a r t e d t h is l e c tu r e w i t h a s u m m a r y o f th e m a t h e m a t i c a l p r i n c i p le s w h i c hu n d e r l i e t h e p r a c t i c e o f c o m p u t i n g , a n d o f t h e c u r r e n t w i d e s p r e a d f a i l u r e t or e c o g n i z e t h o s e p r i n c i p l e s . I h a v e e n d e d w i t h a d e s c r i p t i o n o f t h e w a y s i nw h i c h r e s e a r c h a t O x f o r d h a s b e e n d i r e c t e d t o b r i d g i n g t h e g a p b e t w e e nt h e o r y a n d p r a c t ic e , b e t w e e n m a t h e m a t i c s a n d c o m p u t e r a p p l i c a ti o n s .U n f o r t u n a t e l y , I h a v e n o t b e e n a b l e t o d e s c r i b e a l l t h e r e s e a r c h i n w h i c h w ea r e e n g a g e d . E v e n w o r s e , I h a v e f a i le d t o g iv e c re d i t t o w i d e s p r e a d r e s e a r c ho u t s i d e O x f o r d . A n d n o w t h e r e i s n o t i m e t o l i s t a l l m y o t h e r f a i l u r e s a n do m i s s i o n s .

M y m a i n h o p e i s t h a t I h a v e c o n v e y e d t o y o u s o m e f l a v o u r o f t h e k i n d o fm a t h e m a t i c s i n w h i c h w e a r e e n g a g e d . I b e l ie v e t h a t o u r w o r k is j u s t if i e dn o t o n l y b y i t s u t i l i t y , b u t a l s o b y t h e b e a u t y o f t h e m a t h e m a t i c s i t s e l f . B ye x p l i ci t a p p e a l t o m a t h e m a t i c s , e v e n c o m p u t e r p r o g r a m s c a n s h a r e in t h isb e a u t y . F o r i n t h e c o m p u t i n g p r o f e s s i o n t h e g r e a t e s t b e n e f i t s i n r e d u c t i o n o fc o s t s a n d i m p r o v e m e n t o f q u a l i t y c a n b e a c h i e v e d o n l y b y c o n s c i e n t i o u sp u r s u i t o f t h e t r a d i t i o n a l a c a d e m i c v i r t u e s o f r i g o u r a n d e l e g a n c e . I e n dw i t h a q u o t a t i o n f r o m C h r i s t o p h e r S t r a c h e y , w h o w r o t e i n 1 9 7 4 :

It has long been my personal view that the separation of practical andtheoretical work is art if icial and injurious. Much of the practical work done incomput ing, both in sof tware and in hardware des ign, i s unsound and c lumsybecause the people who do i t do not have any c lear unders tanding of thefundamenta l pr inciples under lying thei r work. Most of the abs t rac t math-ematics and theoretical work is steri le because i t has no point of contact withreal comput ing. One of the cent ra l aims of the Prog ramm ing Research Grou p,as a teaching and research group, has been to set up an atmosphere in whichthis separa t ion cannot happen . . .E v e r s i n c e , w e h a v e c o n t i n u e d t o p u r s u e e x a c t l y t h i s a im . A s a r e s u lt , m y

y e a r s a t O x f o r d h a v e b e e n t h e m o s t e x c i t i n g a n d s c i e n t i f i c a l l y f r u i t f u l y e a r so f m y l i f e . I h o p e I h a v e c o n v e y e d t o y o u s o m e o f t h i s e x c i t e m e n t , a n d t h a ty o u a r e c o n s o l e d t h e r e b y f o r t h e l o n g d e l a y i n h e a r i n g w h a t I h a v ep r e s u m p t u o u s l y p r e s e n t e d a s a n i n a u g u r a l l e c t u r e .

Documents

The Mathematics of Programming