Implementation

In this section we give some standard definitions concerning the implementation of ADTs. There are many notions of implementation in the literature: for example, [Ehr 82] and [EKM 82] give definitions assuming parameterised specifications with initial semantics, [SaW 82] gives definitions assuming parameterised specifications with loose semantics, and [Bro 84] gives definitions assuming hierarchical specifications with initial semantics. Our main concern is with the syntactic aspect of implementation (i.e. the relationships between specifications), and that along with the notion of correctness, we have some method or guidance for constructing correct implementations; i.e. given ADTs A and C, we can construct A/C such that it is the correct implementation of A. Moreover, the implementations we construct should be composable.

Although some of the categorical approach of Ehrich [Ehr 82] is too elaborate for our purposes (because we only consider hierarchical specifications), we adopt this notion of correctness for the following reasons; It allows us to construct Implementations using the inductive theory of the implementing ADT, it allows "redundant" elements In the Implementation ADT (elements which are not representations of the implemented ADT), it allows the introduction of arbitrary recursion schemes for specifying derived operators, and it guarantees the composability of implementations.

Before giving the formal definition of a full implementation from [Ehr 82], we explain the motivation for the definition.

Consider specifications A and C. Informally, C implements A when we can represent the sorts and operations specified in A by the sorts and (derived) operations specified in C. The specification consisting of C enriched with derived operations (I.e. some operator symbols and equations) is called A/C. The implementation relationship can be described as a relationship between specifications: we must have a signature morphism mapping the sorts and operator symbols of A to the sorts and operator symbols in /VC, (these are typically derived operators of C), and every valid equation in the equational theory of A must be provable (after renaming) In the inductive theory of C. Implementation is essentially a pair of morphisms with a common target; namely, NO is related to A and C by two morphisms. One morphism, f (for "full"), maps C to A/C ; the other morphism, t (for "true") maps A to /VC. In this context, a morphism is mapping between initial algebras and is given by a pair which consists of a map

between the sorts and a family of sorted maps between the carriers. Full definitions of the elementary category theory used In this section and the category of specifications spec are given in Appendix One; here, we consider the properties of f and t which make A/C a correct implementation.

implements

4» A

A/G

First, the morphisms should describe, up to renaming, sub-specification reiations; that is, up to renaming, the sorts, operators and the equational theory of A and 0 should be contained in the sorts, operators, and equational theory of A/C. Second, the morphism f should not introduce any new sorts, nor any new elements Into A/C which are not already specified by C. This latter requirement is usually referred to as

sufficient-completeness (of. chapter 2). f may however introduce new equalities between the elements specified by C. Third, the morphism t may rename the sorts and operators of A, but it should be not introduce into A/C any new equalities between (the representations of) the elements specified by A. This requirement is usually referred to as consistency. This is similar to hierarchical consistency (cf. chapter 2) but the requirement is now extended to all sorts.

The requirement for the sub-specification relation is ensured by forcing f and t to be embeddings; a morphism (h,g) between S-algebras is an embedding when h and g are both Injections. The requirements for f (i.e. no new sorts and sufficient-completeness) are ensured when f is a full Z-embeddIng; the requirement for t (i.e. consistency) is ensured when t is a true embedding.

Definition: From [Ehr 82]

A fuif implementation of specification A by specification C is a a triple (/VC,f,t) where f: C > A/C is a full Z-embedding (where C=(Z,E)) and t: A > A/C is a true embedding. We say that C impiements A when there is a full implementation of A by C.

Full implementations are composable, I.e.

implements Implements^ .

t f

D JoJPJsnisii's^- c

Implies

Proposition: From [Ehr 82]

Let A,B,C, and D be specifications, f,f,t, and t' be morphisms, and (C,f,t): B -> A be a full implementation. If (E,f',t'): D -> C is a full implementation, then (E,f,tt'): D -> A Is a full implementation.

5.2.1 Proving an Implémentation Correct

Given an implemented ADT A and an implementing ADT C, if we construct A/C by enriching 0 with derived operators and equations such that the resulting specification is sufficiently-complete {w.r.t. 0), then clearly there is a full Z-embeddIng from 0 to A/G (where L is the signature of 0) and it only remains to show that there is a true embedding from A to A/C. This means that we have to show that the equations in the equational theory of A are valid, up to renaming, in the equational theory of A/C and vice-versa. For example, given a signature morphism (h,g) from the signature of A to the signature of A/C which maps cr; s^-> s., to o': h(s^)-> h(s2), then o'(x) and o'(y) must be in different congruence classes only when o(x) and o(y) are in different classes. The traditional way to show this property is to give a representation mapping [ADJ 78], [EKM 82], or a pair of representation and abstraction mappings rep and abs [Dar 82], [Bro 84], between the models of A and A/C (Tyi^ and T^/Q resp.) with the following relationships:

rep: T^ -> ?(T^/c ) abs: T^/Q > T^

(12) rep Is total and abs Is partial, surjeotlve and homomorphic; I.e. the following diagram commutes:

A

abs abs

We always assume that rep is the Identity mapping, (i.e. rep(x)={x}) on the elements specified by the primitive part of Ty^. The "relational" nature of rep can cause problems because it means that [abs(x)]=[abs(y)] does not Imply [x]=[y]. Fortunately, we can often allow abs to induce a congruence on the elements of Tq in which does

not violate the sufficient-completeness condition. We can do so because such a congruence is often already valid in the inductive theory of C.

In addition, we have to consider the partial ordering on sorts: the signature morphism must be monotonie, i.e. If < Sg then h(s.|)< h(s2). The morphism is not required to be an injection and so partially-ordered sorts may be collapsed into one sort; i.e. we may have h(s^)= h(Sg) when (s^ < Sg ) but (s.|:^g).

When we have a specification of the abstraction mapping, the equations specifying the implementations of the operators in the implemented ADT, (i.e. the derived operators) can be synthesised as theorems of the implementing ADT. In [BuD 77] and [Dar 82] it is possible, sometimes, to construct an implementation from the implementing ADT using a specification of abs and "program transformation" techniques. We say "sometimes" because their rules only synthesise Implementations in the equational theory of the implementing ADT and such implementations do not always exist. When the specifications of both the implemented and the implementing ADT can be organised into confluent, terminating rewriting systems, then an implementation in the equational theory of the implementing ADT can be synthesised automatically using the equational strategy given by Kapur and Srivas in [KaS 85]. Unfortunately, there is no such general inductive strategy.

In the following section we give seven "program transformation" rules for enriching the implementing specification.