Lorentz 2010

1

Why Specification?

The specification and construction of

computational artefacts is a central activity

of Computer Science.

Unpacking the nature of specification will

provide some conceptual insight into the

nature of this aspect of the subject.

Lorentz 2010 2

Outline

I. Specifying Artefacts

II. The Varieties of Specification

III. Definitions and Specifications

IV. Physical Artefacts

V. Abstract Artefacts

VI. Theory and Specification

3Lorentz 2010

Lorentz 2010 4

Design, Specification and ConstructionMuch of computer science involves the design, specification, analysis and implementation

of computational artefacts

1. Programs2. Algorithms3. Programming Languages4. Databases5. Compilers and Interpreters6. Operating Systems7. Machines8. Type Inference Systems9. Theorem provers10. Systems on a chip11. Natural Language systems of various kinds12. Speech recognition13. Visual processing systems14. Computer games...

Lorentz 2010 5

The Role of Specification To describe the artefact not how to build it

In software development, a functional specification

describes the behaviour of a computer program or

larger software system.

Knowing what versus knowing how to.

More information about implementation provides more

knowing how.

Different levels of both for users and designers

Lorentz 2010

6

Lorentz 20107

TECHNICAL SPECIFICATION STEAM AND WATER SAMPLING SYSTEM

FOSSIL POWER PLANT

Primary coolers and cooling water system. Sample temperature shall be reduced using full counterflow sample coolers to achieve a temperature

within 50 F of the temperature of the primary cooling water. All coolers are furnished as an integral part of the conditioning rack. Certified performance data on all coolers shall be provided at design conditions.

All coolers shall be of the coil in shell design, with counterflow of sample and cooling water. Coolers shall be Sentry type TLF, FLF or FXF, with a single flange and gasket shell design. For maintenance, the sample coolers shall have removable shells. All coolers shall have 316 stainless steel tubing and 304 stainless steel shells.

All coolers shall be arranged side by side in the rack, and shall be connected to an inlet and an outlet cooling water header. Coolers shall be located for easy access to the throttling valves and for simplified maintenance and replacement, as necessary. In addition, cooling water piping shall not disturb the sample piping. Sample piping shall not interfere with the removal and replacement of the cooler coils and/or shells.

All coolers shall be equipped with outlet globe valves for throttling the flow of cooling water, and a 3-way ball valve on the inlet. Cooling water headers shall be of carbon steel and of the appropriate size to handle the required flow rate to the coolers. The inlet cooling water header shall be equipped with a relief valve sized to adequately relieve excess cooling water pressure. Outlet cooling water headers shall include a vent for air removal, as required.

Leiden 20108

Arithmetic

1. G(x) 3x³+2x²+7x+9

2. P[x, y] z. y=x+z²

3. F(0) 12

F(n+1) 3 F(n) + 8

Lorentz 2010 9

Set Theoretic Union (Z style)

Lorentz 2010 10

T

x : SetSetT

y : SetT

z y u x z u

u x z u z y

Class Diagrams Class diagrams typically describe the different entities of a system as classes and the relation between these.

Lorentz 2010 11

Architectural Patterns

The object adapter pattern expressed in UML. The adapter hides the adaptee's interface from the client.

Lorentz 2010 12

-CalculusThe core of the handover protocol for the GSM Public Land Mobile Network. One

component is a Mobile Station (MS), mounted in a car.

Lorentz 2010

13

Some Questions Logically, what are specifications?

Do they all function the same way?

What is the nature of the relationship between specification and artefact? Is it always the same?

Is their role similar to that of definitions in mathematics?

What is the difference between programs and specifications?

Do they need to be formally expressed?

Lorentz 2010 14

III. DEFINTIONS and SPECIFICATIONS

Lorentz 2010 15

Specifications as DefinitionsSpecifications seem to be definitions.

But what kind?

What is their logical force?

How do they differ from mathematical definitions?

Lorentz 201016

Stipulative Definitions

A stipulative definition is a type of definition in which a new (or even an existing term) is given a specific meaning in a given context.

They introduce new things i.e., relations, objects, functions, properties,...

For example, grue was stipulated to be a property of an object that makes it appear green if observed

before some future time t, and blue if observed afterward.

They involve no commitment that the assigned meaning agrees with any prior use.

A stipulative definition cannot be correct or incorrect.

Lorentz 2010 17

Definitions

Lorentz 2010 18

Within TPL, for philosophical purposes, specifications may be expressed as definitions of the form

R ≎ [x1:T1,...,xn:Tn . φ[x₁,...,xn]]

This is governed by

x1:T1,...,xn:Tn .R(x1,...,xn) φ[x₁,...,xn]

The addition of such a relation results in new theory TPLR.

Topological Space in TPL

Lorentz 201019

TopSpace

z : SetSetU

z

U z

f : SetSetU f z f z

u,v : SetU u z v z u v z

Functions and Definite Descriptions

Lorentz 2010 20

1. If x:T. !y:S.φ[x,y]

Then we may introduce a new function symbol

F(x)=y φ[x,y]

2. If !x:T. [x]

Then we may introduce a object symbol

x. [x]

Such that [ x. [x]] x:T. [x] (x= x. [x])

Constraints In the general theory of stipulative definitions, there are coherence/consistency

constraints.

Conservative: By defining new things, one cannot deduce anything new about old ones.

Conservative: Any prop φ of TPL

TPLR ⊨ φ implies in TPL ⊨ φ

Eliminability: Anything said about new things can be reduced to something said about old ones

Elimination: For any prop φ of TPLR there is a prop ψ of TPL such that TPLR ⊨ φ ψ

Lorentz 2010 21

Mathematical Definitions Not all simple stipulative definitions.

Definitions evolve e.g. the history of the notion of prime number.

May have to take into account past and informal usage.

Current topic of investigation in the philosophy of mathematics aimed at mathematical practice.

The right definition may take time: the role of explanation in mathematics.

Lorentz 201022

The Specification of Computational Artefacts

In contrast, specifications do seem to be stipulative definitions.

They do not have such a sense of history.

They are local to the system under definition

However, they point beyond the definitions themselves:

i. They are aimed at the construction of artefacts.

ii. They tell us what to build.

iii. They tell us what we have

Lorentz 2010 23

Correctness and Malfunction Specifications give substance to the notions of

correctness and malfunction.

The central role of specification is not tied to the actual process of construction. We may arrive at the artefact through various routes.

The conceptual role of specification is to provide a criterion of correctness.

If it says beans on the can, we expect it to contain beans not bananas. How they got there may explain how any mistake was made, but not why it is a mistake.

Lorentz 2010 24

Artefacts and Correctness

Artefacts maybe be physical or abstract e.g. computers versus type inference systems.

Physical ones are subject to the laws of physics

Abstract ones are subject to mathematical analysis

This generates two different notions of correctness /malfunction.

Lorentz 2010 25

Lorentz 201026

Physical Artefacts Machines

Physical memory

Chips

Physical manifestations of programs

CPU

GPU

..

What does correctness mean for physical artefacts?

Lorentz 2010 27

Machine Specification

Lorentz 2010 28

A computer store is to have named locations that hold numerical values.

There has to be some means of obtaining the content of any given named location – a Lookup operation.

There has to be a means of changing its contents – an Update operation.

When the location’s contents are changed, the contents of another location should not be changed.

Abstract Machine TPL style

Lorentz 2010 29

Update: States Location Values StatesLookup: States Location Values

Machine

The Correctness of Physical Artefacts

In itself it is just a definition of an abstract machine.

But it may also be taken a specification of a physical one.

Correctness is an empirical claim about the physical machine i.e., it meets

the specification given by the abstract one, i.e., correctness of the physical

device is tested by empirical means.

If when the machine is updated with input 3 into location z, it puts 7 in

location u, then the physical machine has malfunctioned.

But it is the artefact not the specification that is being tested. If the above

happens the physical machine is to blame. It must be modified.

Lorentz 2010 30

Lorentz 2010 31

A Simple Imperative Language

P::= x:=E | skip | P; P | if B then P else P |

while B do P |

E::= x | 0 | 1 | E+E | E∗E |

B::= x | true | false | E<E | ¬B | B∧B |

This is a specification of its syntax. But how do we specify its semantics?

32Lorentz 2010

A Little Notation

We shall write

<P,s> s′

to indicate that evaluating P in state s terminates in s′ .

Can be written as a recursive specification in TPL.

33Lorentz 2010

Assignment

Lorentz 2010 34

<E, s> v-------------------------------------

<x:=E, s> Update(s, x, v)

The meaning of assignment is determined by the operations of the machine.

Sequencing and Conditionals

<P, s> s′ <Q, s′> s’’-------------------------

<P;Q, s> s’’

<B, s> true <P, s> s′-----------------------------------------

<If B do P else Q, s> s′

<B, s> false <Q, s> s′′---------------------------------------

<If B do P else Q, s> s′′

35Lorentz 2010

While

<B,s> true <P,s> s′ <while B do P,s′> s′′

---------------------------------------------------------------<while B do P,s> s′′

<B,s> false

------------------------<while B do P,s> s

36Lorentz 2010

Two kinds of Semantics?1. Interpreted on the abstract machine.

2. Interpreted on a physical machine.

3. The meaning of assignment, and therefore the whole language, is determined by the operations of the chosen machine.

Lorentz 2010

37

Kripke on Machines and MeaningActual machines can malfunction: through melting wires or slipping

gears they may give the wrong answer. How is it determined when a malfunction occurs? By reference to the program of the machine, as intended by its designer, not simply by reference to the machine itself. Depending on the intent of the designer, any particular phenomenon may or may not count as a machine malfunction. A programmer with suitable intentions might even have intended to make use of the fact that wires melt or gears slip, so that a machine that is malfunctioning for me is behaving perfectly for him. Whether a machine ever malfunctions and, if so, when, is not a property of the machine itself as a physical object but is well defined only in terms of its program, stipulated by its designer.

38Lorentz 2010

Physical Machine Semantics The physical view is that the semantics of our

programming language can be given on the physical machine: a referential semantics.

Presumably, on this view, what the machine does determines what Update means. If when the machines is updated with input 3 into location z, it puts 7 in location u, then this is what the operation Update(s,z,3) means.

There is no other court of appeal.

The normative specification/definition of a programming language cannot be given on a physical machine.

Lorentz 2010 39

Programs

Programs, as semantic things, are not strings of symbols or physical devices but abstract objects.

Identity of programs is determined by the theory of the host programming language.

Correctness of programs is a relationship between abstract objects. Presumably, a mathematical affair.

Compilers as artefacts

40Lorentz 2010

Lorentz 2010

41

The Abstract and the Physical

Lorentz 2010 42

An abstract machine may be considered as a

1. A specification of the physical machine (present view)

2. A theory of how the physical machine will behave

(Fetzer)

The difference between 1 and 2 goes to the heart of the

difference between scientific methodology and

engineering design

A Rough Guide to Engineering Design

Engineers deal with constructed artifacts that are designed and built to meet some design specification.

Specifications are not intended to be explanatory but normative.

They determine the constructed artifact.

Of course, the latter may not measure up to its abstract specification. If so, it needs to be reconstructed.

43Lorentz 2010

A Rough Guide to Theory Construction

Given an artifact, a scientist formulates a theory about it. Such theories are often abstract and mathematically expressed.

The predictions of the theory provide the mechanism whereby the theory maybe tested empirically.

If the predictions turn out to be false, the theory may have to be revised. Subsequently, theory construction cycles through alternate stages of theory articulation and empirical verification.

44Lorentz 2010

Specifications versus Theories

While specifications have a similar logical form to scientific theories they have an entirely different function: they are not intended to be descriptive or explanatory. They are not there to be knocked down. They are normative and fix what a correct artefact is.

A specification is not something that is to be tested; it is not correct or incorrect.

It is the artefact that is under test. When things go wrong, it is the artefact that is to blame.

Theories are evidenced by natural artefacts; specifications determine artificial ones.

Lorentz 201045