Logic Activities in Europ e

y

Yuri Gurevich

Intro duction

During Fall thanks to ONR I had an opp ortunity to visit a fair numb er of West Eu

rop ean centers of logic research I tried to learn more ab out logic investigations and appli

cations in Europ e with the hop e that my exp erience may b e useful to American researchers

This rep ort is concerned only with logic activities related to computer science and Europ e

here means usually Western Europ e one can learn only so much in one semester

The idea of such a visit may seem ridiculous to some The mo dern world is quickly

growing into a global village There is plenty of communication b etween Europ e and the

US Many Europ ean researchers visit the US and many American researchers visit Europ e

Neither Americans nor Europ eans make secret of their logic research Quite the opp osite

is true They advertise their research From ESPRIT rep orts the Bulletin of Europ ean

Asso ciation for Theoretical Computer Science the Newsletter of Europ ean Asso ciation for

Computer Science Logics publications of Europ ean Foundation for Logic Language and

Information publications of particular Europ ean universities etc one can get a go o d idea

of what is going on in Europ e and who is doing what Some Europ ean colleagues asked me

jokingly if I was on a reconnaissance mission Well sometimes a cow wants to suckle more

than the calf wants to suck a Hebrew proverb

It is amazing however how dierent computer science is esp ecially theoretical com

puter science in Europ e and the US American theoretical computer science centers heavily

around complexity theory The two prime American theoretical conferences ACM Sym

p osium on Theory of Computing STOC and IEEE Foundation of Computer Science Con

ference FOCS are largely devoted to complexity theory in a wider sense of the term

That do es not exclude logic As a matter of fact imp ortant logic results have b een published

in those conferences However STOC and FOCS logic pap ers b elong as a rule to branches

of logic intimately related to complexity Finite mo del theory is a go o d example of that

see Fagin Gurevich and esp ecially Immerman The dierence b etween

theoretical computer science and the rest of computer science and computer engineering

is relatively well delineated in this country

In Europ e the line b etween theoretical computer science and the rest of computer

science and engineering is much more blurred partially b ecause computer science and en

gineering in general are more theoretical A much greater prop ortion of Europ ean research

go es into programming language theory semantics sp ecication languages pro of systems

verication metho ds etc For brevity and the lack of a b etter term I will use the term

formal metho ds for all of these areas Europ eans put much more faith and eorts into

ACM SIGACT NEWS No June

y

Supp orted by ONR grant NJ EECS Dept University of Michigan Ann Arb or MI

gurevichumichedu

foundational investigation of software and hardware technology and into developing formal

metho ds for use in software and hardware

Of course things are not black and white For example the American conference on

Principles of Programming Languages is very theoretical and Europ ean inuence can b e

easily discerned there and there are excellent complexity theorists in Europ e Nevertheless

the gap is huge and to a great extent it is the gap b etween the complexity and formal

metho ds communities The rst is centered heavily in the US there is a fair numb er of

reputable complexity theorists in Germany but your ngers may suce to count them in

France or Great Britain The second spreads more evenly but plays a much greater role in

Europ e Only a few p eople work b oth in complexity and formal metho ds An interesting

example of the Europ ean version of the split b etween the two communities is the Computer

Science Department of Edinburgh University in Scotland They have two disjoint seminars

One is their Theory Seminar It is huge as theory seminars go and devoted to semantics

and formal metho ds in general it is as go o d as any formalmetho ds seminar in the world

The other one is devoted to complexity theory also of excellent quality but tiny I sp oke

in b oth seminars and was told that such incidents are rare indeed

To o often complexity theorists are not interested at all in semantics and what we call

here formal metho ds and to o often exp erts in formal metho ds are not interested in and

do not know mo dern complexity theory Furthermore the formal metho ds eld itself splits

into a numb er of areas sp eaking very dierent languages Yes there are numerous visits of

Americans to Europ e and Europ eans to the US but all to o often complexity theorists go to

sp eak to complexity theorists and formal metho ds exp erts go to sp eak to formal metho ds

exp erts in their area even if they all go to the same conference One meets American

researchers dismissing Europ ean computer science as largely irrelevant pure logic And

one militant French computer scientist told me that complexity theory is irrelevant pure

mathematics He is not typical and the phrase was thrown during a heated discussion but

the sentiment of that phrase is not completely foreign to many in Europ e

I had to decide whether to concentrate on a few carefully chosen areas or to try to

cover Europ ean logic activities in general The latter task seemed frighteningly hard Logic

p ermeates all areas of computer science in Europ e and Europ ean logic activities are so

intensive and diverse that it would take a large committee and longer time to survey them

prop erly On the other hand particular elds are surveyed from time to time by exp erts

who know the researchers and the pap ers and can write surveys without the opp ortunities

of sp ecial learning tours whereas I didnt know of any general study of Europ ean logic

activities The opp ortunity of a learning tour seemed to suggest the more ambitious general

study After a p erio d of hesitation I decided to do that and I sp ent much of the Europ ean

tour learning things I did not know and talking with p eople with whom I had had little or

no interaction b efore

In this rep ort I am not going to catalog who is doing what in Europ e It makes no sense

for one p erson to attempt to compile a comprehensive survey of Europ ean logic activities

in few months As I mentioned earlier it would take more p eople and more time to write a

comprehensive survey Moreover such a survey has b een published recently van Leewen

volumes A and B But to illustrate how much is going on in Europ e British logic

activities are sketched in Section Why British Well my division of computer science

into Europ ean and American is not strictly geographic I am trying to discern typical and

distinguishing Europ ean tendencies and Great Britain is very Europ ean in that sense If

you want to know how it feels to bring coals to Newcastle give a formal metho ds talk in UK

That is how I felt in March at the th British Collo quium for Theoretical Computer

Science in Newcastle up on Tyne England It is somewhat surprising that theoretical

computer science is so dierent in the UK and the US after all we share roughly the

same language But theoretical computer science is not the only eld where British hold

their own British TV is another such eld Another reason for concentrating on UK is

that Wilfrid Ho dges volunteered to write that sketch for me In fact I sp ent more time in

France with its own rich logic culture

Section is devoted to p ositive sides of the Europ ean way of doing things there are

things for us to learn Section is devoted to other comments

The learning tour in Fall aected me a great deal even though I had visited Europ e

many times b efore and was familiar with Europ ean computer science and many prominent

Europ ean computer scientists The tour and the rep ort have b een hard work but I enjoyed

it The tour gave me a wider p ersp ective I was esp ecially impressed by Europ ean b oldness

in promoting formal metho ds That b oldness is contagious In spite of the criticism that I

have for Europ ean ways of doing things the tour gave me more condence that a logician

may b e of great help to software engineers and even himselfherself may b e a successful

software engineer

Acknowledgments It is a pleasure to thank ONR for the supp ort and for trust

ing my judgment and not micromanaging the tour to thank INRIA Ro quencourt for the

excellent condition for my work in Paris to thank my Europ ean colleagues for invitations

explanations and for b eing so generous with their time to thank Wilfrid Ho dges for the sur

vey of British logic activities to thank my colleagues Krzysztof Apt Andreas Blass Egon

Borger Thierry Co quand Gordon Plotkon Dean Rosenzweig Victor Vianu and Moshe

Vardi for comments on earlier versions of the rep ort I shamelessly used some of the com

ments

Logic activities in Great Britain

By Wilfrid Ho dges Dean Queen Mary College London England esp ecially for this rep ort

Organisation

There is a huge amount of activity in Britain on the frontier b etween logic and computer

science Most of the research and development is still taking place in the universities and

p olytechnics and a few ma jor centres Cambridge Edinburgh Imp erial College London

Manchester Oxford account for a high prop ortion of it But there are an increasing numb er

of go o d logicians employed in public or private industry British Telecom ICL Hewlett

Packard or software houses Adelard Logica Praxis This makes for fragmentation

Also the eld develops very quickly A typical example is the sp ecication language

Z based on set theory which was develop ed at Oxford in the early s By early

the sub ject had already accumulated published pap ers and an email forum with

subscrib ers and undergraduate courses on it were b eing taught at British universities

and p olytechnics Industrial pressure certainly help ed this along

There have b een no serious attempts to bring together the various researchers in logic

and computer science probably it is to o late now A ma jor journal the Journal of Logic and

Computation Oxford University Press was founded in But it is an international

eort with editors in Texas Paris and Kyoto Another recent journal in the same area

Formal Asp ects of Computing was founded by a sp ecialist group of the British Computer

So ciety in it is also international and restricts itself to formal metho ds

In fact most of the unifying ventures that involve Britain are international Probably

the broadest in its aims is the Europ ean Asso ciation for Computer Science Logic founded

in on the initiative of Egon Borger The Secretary is Karl Meinke from Swansea and

British memb ers of the Scientic Council are Abramsky and Ho dges b oth in London its

meeting is at Swansea Another umbrella organisation is the Europ ean Foundation

for Logic Language and Information FoLLI led by Johan van Benthem in Amsterdam

which has logic and computer science comp onents but is slanted towards linguistics it held

its summer scho ol at the University of Essex Ab out seven years ago the Centre

for Theoretical Computer Science at Leeds led by Tucker and Wainer instituted annual

conferences in Theoretical Computer Science these are largely a forum for British logicians

and mathematicians who have moved into computer science

There are also a numb er of imp ortant BritishEurop ean collab orations in more sp ecic

areas with EEC funding Thus there are ESPRIT pro jects on Categorical Logic in Com

puter Science and on Typ es and Pro ofs and a Human Capital and Mobility pro ject on

Lamb da Calculus and so on

Probably the one activity in Britain that did bring together p eople from the whole eld

was the Logic for Information Technology Initiative LogFIT of the Science and Engineer

ing Research Council For several years this very valuable initiative funded instructional

conferences in asp ects of mathematics mainly logic which are needed for computer sci

ence It also funded research students and paid for retraining of mathematicians In

the Initiative started to run into nancial problems and a closing conference was held in

early As the numb er of Computer Science graduates and PhDs increases it b ecomes

harder to p ersuade an engineering committee that money is needed for what are largely

conversion activities Nevertheless several leading British computer scientists for example

Abramsky are publicisi ng the need for a mathematical logic input into theoretical computer

science

It may b e worth mentioning that although a numb er of philosophical and mathematical

logicians in Britain have converted to computer science the pressure to do this has b een

noticeably less in Britain than in some Europ ean countries for example Germany

Particular areas

One area on the logicCS frontier where Britain has had a distinctive voice for some two

decades is the theory of concurrency I put this rst b ecause of its imp ortance though I

am not sure how close its ties are with logic Certainly work in this area do es sometimes

invoke logical metho ds in Edinburgh recently won the for his

work on parallelism and concurrency his formal system CCS and s comparable

system CSP are still paradigms for much of the research b eing done Britain has a numb er

of p eople working in this eld or in the related Dutch paradigm of pro cess algebras They

include Hennessy at Sussex Stirling in Edinburgh Kwiatkowska and Ambler at Leicester

A LondonCambridge study group around Abramsky works on gametheoretic approaches

to concurrency their eld takes in the semantics of linear logic to o

Concurrency is ab out the interaction of systems in time Several logicians at Imp erial

College London Gabbay Ho dkinson Richards study temp oral logic directly its axioma

tisations and expressive p ower Maibaum at Imp erial College and Barringer in Manchester

apply temp oral logic to formal sp ecication

Turning to sp ecication for a moment Goguen in Oxford continues to work on the

fundamentals for example the theory of mo dularisation Britain is strong in settheoretic

sp ecication Cli Jones in Manchester with VDM Hayes and Spivey at Oxford with Z

Schuman and Pitt at Surrey Current research includes comparisons b etween these lan

guages and development of a b etter semantics for Z Tucker and Meinke at Swansea work

on several asp ects of sp ecication for example higherorder datatyp es and the logic of

hardware sp ecication

One can nd various other logical languages b eing develop ed for sp ecial purp oses for

example causal logics for the control of rob ots eg Bell at QMW London or logics of

b elief for use in exp ert systems eg Je Paris in Manchester But in Britain it is widely

felt that computer science needs broad settings in which various logical systems can b e

represented and compared Thus a numb er of p eople are using the Edinburgh Logical

Framework LF due to Harp er Honsell and Plotkin as a general setting for dening logics

Aczel at Manchester asks what logical notions a general framework might usefully include

and has oered a numb er of suggestions including some novel forms of set theory Gabbays

lab elled deductive systems are another move towards generality

Turning to constructive logics Hindley at Swansea is a leading authority on lamb da

calculus Ray Turner in Essex is one of several p eople working on constructive logics as

a foundation for functional programming In Cambridge Pitts works on categorical logic

while Hyland is involved in several categorytheoretical asp ects of formal metho ds

Links b etween recursion theory and computer science are not very active in Britain at the

moment But one should mention the work on termination by Ursula Martin and her term

rewriting group recently moved to St Andrews work by Wainer in Leeds on translating

pro ofs into algorithms and work of Simmons in Manchester on the classication of primitive

recursive functions Iain Stewart recently moved to Swansea is active in complexity theory

and related areas of nite mo del theory

During the s there was a go o d deal of activity in Britain largely among philoso

phers in computerised logic teaching For example my textb o ok Ho dges was turned

into programs in Manchester Leicester and Oxford This activity has largely died out I

susp ect b ecause the philosophers realised they couldnt comp ete with American high tech

nology One of the main journals of the eld the Computerised Logic Teaching Bulletin

was run by Read at St Andrews but closed down ab out two years ago Some interest

continues but in dierent forms For example a cognitive science group in Edinburgh is

conducting exp eriments to nd out the eectiveness of the semantic approach to teaching

elementary logic found in the computer packages Tarskis world and Hyp erpro of which

were pro duced at Stanford by Barwise and Etchemendy

At the same time there are a range of activities in computerised pro of systems An

imp ortant example is Gordons HOL a computerised pro of system for higher order logic

Paulsons theorem prover Isab elle develop ed in Cambridge is generic in the sense that it

allows the user to sp ecify a pro of system thus recent work in Manchester studied how to

implement the theory of constructions and several typ e theories in Isab elle Another generic

theorem prover is currently b eing designed by Bornat and Sufrin QMW and Oxford for

teaching purp oses

Bundy and his group in Edinburgh continue to work on the articial intelligence pro ject

of making computers carry out logical and mathematical reasoning Kowalski at Imp erial

College is working on asp ects of the formalisation of reasoning

In logic programming the most striking recent development is the creation of a new logic

programming language Godel by Hill in Leeds and Lloyd in Bristol It has ab out the same

expressive p ower as Prolog but seems to b e much cleaner from the p oint of view of logic

Since Strand b ecame available commercially in activity in developing new parallel

versions of Prolog seems to have quietened down Pym in Birmingham and Wallen in Oxford

continue to study theoretical asp ects of pro of search for various calculi of computational

interest Dyckho in St Andrews studies intuitionist logic from a computational p oint of

view

Positive sides of Europ ean exp erience

In this section I list some p ositive sides of Europ ean logic activities Hop efully we can

b enet from Europ ean exp erience Describing any of the p ositive sides I do not intend to

imply that the American situation is the direct opp osite of the Europ ean one

Realization of foundational crisis

What crisis may say the optimist We are in the middle of a successful computer

revolution and will grow out of whatever seems like a crisis to you

Well publicized software failures indicate that there is a problem however A recent

article in Scientic American gives some examples Littlewo o d and Strigini Software

bugs caused the series of largescale outages of telephone service in the US A software

problem may have prevented the Patriot missile system from tracking the Iraqi Scud missile

that killed American soldiers during the Gulf War A single incorrect character in the

sp ecication of a control program for an Atlas ro cket carrying the rst US interplanetary

spacecraft Mariner ultimately caused the vehicle to veer o course Both ro cket and

spacecraft had to b e destroyed shortly after launch After a long and interesting discussion

of inherent limits on testing the authors of the Scientic American article arrive at the

conclusion that an inherent uncertainty in reliability may mean limiting a computers role

esp ecially in systems where software is critical for safety I do not buy that p essimistic

conclusion but it is certainly not obvious that we will simply grow out of the reliabili ty

problem

The reliability problem is not overlo oked in this country See in this connection the

regular column Risks to the Public in Computers and Related Systems edited by Peter

Neimann in Communications of ACM Asso ciation for Computing Machinery is largely an

American institution The reliability problem raises foundational questions in complexity

theory and formal metho ds Complexity questions related to testing are addressed by the

American theoreticalcomputerscience community seriously Two developments come to

mind One is the progress achieved recently by Manuel Blum of Berkeley and his students

see Blum and Kannan for example It turns out that in many cases one can

exploit the structure of the given problem and using some mathematics reduce relevant

instances to random instances It is usually much easier to test random instances The

second development may b e relevant to the nasty problem of one wrong bit messing up the

whole program According to recent advances in complexity theory a formal pro of can b e

rewritten in such a way that it b ecomes a little longer but every error is spread all over

the place Babai et al A similar approach may p ossibly b e useful in safetycritical

software

However the testing is necessarily onesided It may catch errors but it do es not show

the absence of errors directly That is where verication comes in What can b e veried

What are inherent limitations on verication Whereas testing b elongs to a greater extent

to the complexitytheoretic half of theoretical computer science the verication problem

b elongs to a greater extent to formal metho ds

Verication is only one of the foundational problems related to formal metho ds One

other problem is that of sp ecication Sp ecications are usually written in English in this

country and often are interpreted dierently by dierent p eople eg by software develop ers

and their clients or by software develop ers and their marketing p eople All to o often the

precise task of the pro duct is not clear Moreover it may b e not clear how to make that

task clear

Still another though related foundational problem is that of semantics Even program

ming languages with their precise syntax may b e op en to interpretation Sometimes p eople

are surprised to learn that the same program say in C may give dierent results b eing run

in dierent places using dierent compilers As a matter of fact dierent compilers usu

ally give somewhat dierent interpretations to the same language Sometimes the intended

meaning of a phrase in the language is not clear at all

One example of the current lack of prop er foundation is the mo dern Bab el tower of

programming languages Why these hundreds and hundreds of languages Arent there

languages to b e discovered rather than invented

In general there is a greater realization in Europ e that computer engineering is running

ahead of computer science that computer science do es not provide a rm scientic foun

dation for computer engineering This contributes to the greater role of formal metho ds in

Europ ean computer science Formal metho ds are more relevant than complexity theory

insist some of my Europ ean colleagues

Academia cannot comp ete with industry in pro ducing computer pro ducts but academics

can sit back and think and analyze and try to build a solid foundation for our science

Faith in formal metho ds

In spite of the fact that the US leads the software revolution glo om and do om are typical

in this country when it comes to formal metho ds Formal sp ecications are rare in indus

try Verication is often pronounced imp ossible Formal metho ds you hear had their

chance and failed That attitude toward formal metho ds is known in Europ e as well The

Scientic American article mentioned ab ove is written by two Europ eans In the article

the p ossibility of veried software is dismissed without any arguments the nonveriability

is treated as an obvious and wellknown fact Perfect software is a practical imp ossibility

It is not true that formal metho ds had their chance and failed It is true that particular

approaches had their chance and failed And the criticism of formal metho ds is justied

to a great extent Indeed certain approaches were oversold I b elieve for example that

denotational semantics was oversold as a practical to ol I am far from trying to declare

denotational semantics useless It was a great advance in our understanding of computing

and it is playing an imp ortant role in theoretical computer science but it is not a practical

to ol

Computers are a relatively recent artifact and computer science is a relatively young

science Naming something a science do es not make it a science Some p eople joke that

only bad sciences have science in their names Mathematics physics chemistry dont I

b elieve though that computer science is a science in the making It seems that more ideas

ow from computer applications to computer science than the other way round I b elieve

this will eventually change Computer science will emerge as a real hard core science and

will drive applications

That kind of optimism is typical in Europ e People working in formal metho ds of

ten view themselves on the front line of computer science This p ositive attitude toward

formal metho ds is not restricted to academia Some industry and even some government

organizations seem to share it to some extent I was told at Orsay University in Paris

that in connection to some passengersecurity problems in the Metro system the French

government required the bidders to provide formally veried solutions The winner Jean

Raymond Abrial indeed provided such a veried solution

Of course I am not saying that there are no successful applications of formal metho ds

in this country Furthermore I am not saying that there are more successful applications

in Europ e than in the US I am saying is that formal metho ds play more more central role

in Europ ean computer science and in Europ ean computer science curricula This brings us

to the issue of education

Education

British French German etc high scho ols give b etter mathematical training than American

high scho ols do For example in France in order to enter an elite engineering scho ol one

go es through thorough examinations based mostly on mathematics The undergraduate

mathematical training of US computerscience graduates is in general inferior in comparison

with Europ ean universities

In addition we lag b ehind very substantially so in teaching formal metho ds All

British universities at least all visible British universities teach sp ecication and verica

tion metho ds For years and years British CS departments pro duce graduates that know

formal sp ecication metho ds trust them and are willing to use them This is a tremendous

advantage

The incredible breadth of Europ ean foundational research

Europ ean activity in foundations of computer science is amazing in its scop e and depth

There is a tremendous amount of exp erimentation with formal metho ds going on in Europ e

It is a playground of ideas The two volumes van Leewen give plenty of evidence

In this connection let me mention the eld of op erational semantics and related sp ec

ication metho ds which is close to my interests Probably the most p opular sp ecication

language to day is Z originated by Frenchman Jean Raymond Abrial and develop ed in Ox

ford England I mentioned ab ove that all British universities teach sp ecication languages

choice numb er one is Z Z is not that p opular outside the UK but it is used here and there

in Germany other Europ ean countries and also in the US An annotated bibliography on Z

can b e found in the Stepney and Barden One of the earliest op erational semantics

Vienna Denition Metho d VDM is still alive and used Jones VDM originated in

the s in the Vienna Lab of IBM under the name of Vienna Denition Language and

was used to sp ecify programming language PL formally Structured Op erational Seman

tics was develop ed by Gordon Plotkin in Edinburgh Scotland Plotkin All of these

metho ds not only originated in Europ e but were develop ed there as well A relatively new

approach Evolving Algebras originated in Michigan but most of the work has b een done

in Europ e by Egon Borger of Pisa Italy and Dean Rosenzweig of Zagreb Croatia and

their collab orators and students Gurevich

Functional Programming logic programming automata and formal language theory are

more p opular in Europ e

ESPRIT

To overcome the fragmentation of the Europ ean research by countries Europ ean Commu

nity funds ESPRIT Europ ean Strategic Program for Research and Development in Infor

mation Technology ESPRIT pro jects invariably involve researchers from several countries

and the approach works well in general

What has all this to do with us The USA is one country It lo oks like we dont the

problems of integration But we do have it in a somewhat dierent way Various regions

of the country dier greatly in research and funding Mayb e there is ro om for supp orting

interregional co op eration and co ordination

Conference centers

German International Conference and Research Center for Computer Science hosts weekly

workshops in its Dagstuhl Castle every week there is another workshop Dagstuhl follows

the tradition set by the older Center for Mathematical Conferences in Ob erwolfach Ger

many Participants are provided with all the necessities This and the isolated lo cation and

attentive stu create a fruitful working atmosphere

International Center for Mathematical Conferences in Luminy France near Marseille

hosts a continuing series of Logic in Computer Science conferences The nature is dra

matically dierent Mediterranean ords instead of mid Europ ean forest but the scientic

atmosphere is similar International Center of Mechanical Sciences in Udine Italy hosts

computer science scho ols from time to time

I do not know whether the Dagstuhl mo del would work in this country It certainly

makes the organization of meetings much easier

Disparate remarks

National barriers are a problem in Europ e but mayb e b ecause of that problem Europ eans

succeeded in creating strong unifying and active organizations The organizations most

relevant to logic are Europ ean Asso ciation for Theoretical Computer Science Europ ean

Asso ciation for Computer Science Logics and Europ ean Foundation for Logic Language

and Information In spite of national divisions there is a stronger sense of community in

Europ ean logic

There are many female computer scientists in France and Italy although the situation

in most other countries eg Germany or the UK is closer to that in the US

Other comments

I was asked to b e sub jective and critical Well the following comments are critical to various

degrees although in some cases I intended just to p ose questions and they range from

more ob jective and general at the b eginning to sub jective and technical at the end

There are of course problems with criticizing scientic directions or even scientic or

ganization A p erceived weakness may unexp ectedly turn out to b e a strength impractical

may turn out to b e practical and irrelevant may turn out to b e very imp ortant and rel

evant I rememb er vaguely reading somewhere that in his student years Alb ert Einstein

ignored lectures on mo dern fancy geometries He was interested in physics rather than

pure mathematics But later he needed those geometries for his relativity theories

Let me recall also the dierence b etween plain truth and profound truth Plain truth

is a kind of truth you deal with in mathematics In particular a statement contradicting a

plainly true statement is plainly false For example  is plainly true and 

is plainly false Profound truth is dierent A button on my friends refrigerator says Life

is more complicated that you think it is stupid Profoundly true isnt it Once in a while

the friend turns the button around The other side says Life is simpler that you think it

is stupid Profoundly true again We deal more with profound rather than plain truth

here

Scientic organization

In many Europ ean countries for example in Germany universities are less indep endent

than American universities Ministries have nal words in hiring professors and even in

curriculum matters That makes the system more conservative It is p ossible that there

are p ositive sides to such government intervention guarantees of certain standards for

example I failed to nd colleagues willing to defend it

The level of government bureaucracy varies from one country to another and usually

exceeds the American level A student of bureaucracy will b e interested in France and

exhilarated with Italy It is the same system in b oth countries set by Nap oleon by the

way says a colleague with much Italian and French exp erience the dierence is only that

what takes a month in France takes a year in Italy

The emerging Europ ean Community structure is not devoid of bureaucracy either Even

ESPRIT rightfully praised for putting money into research and bridging b etween countries

is criticized by some b eneciaries for endless meetings and rep ort writing and a somewhat

mysterious decisionmaking pro cess I think NSF runs a leaner op eration that is more

meritbased says a colleague with b oth American and Europ ean exp erience

There is a substantial fragmentation of eort related to the division of Europ e into still

very indep endent countries For example the Z sp ecication metho d so p opular in the UK

is virtually unknown in France even in Paris where Abrial the originator of Z lives

Finally let me mention the greater imp ortance and inuence of scientic scho ols in

Europ e In the US even the most successful PhD students usually have to leave their

nests and lo ok for jobs elsewhere In Europ e the b est PhD graduates often stay in the

home institutions This helps to create strong scientic scho ols in single lo cations The

atmosphere of such a scho ol may b e conducive for young insiders to grow On the other

hand you may hear complaints from outsiders trying to develop alternative approaches

Gap b etween academia and industry

There is in general a greater gap b etween academia and industry in Europ e as far as logic

research is concerned Sometimes this is expressed with They are more theoretical which

is true to o but do es not mean the same thing Theoretical should not b e the opp osite of

practical Sound theory may b e very practical mo dern is a go o d example

and of course lousy theory may b e impractical

Computer science attracts mathematically talented logicians which is wonderful all

by itself there are plenty of foundational and practical problems where such talents can

b e used But the gap b etween academia and industry is so big that to o often logicians

sp end their time doing things whose practicality even in the long run seems doubtful

Another side of that situation is that industry leaves solving various logic questions to

p eople with no appropriate logic training or adequate time No wonder that the solutions

are so often to o adho cish But this is a dierent story To o often toy examples are not

only the b eginning but also the end of a story Lo oking recently for a text for my class on

Principles of Programming Languages I saw b o oks where a version of calculus is the main

programming language The eld of logic programming seems to b e another go o d source of

examples of such overtheoretical work

Pure functional programming

I move from more general comments to more sub jective and technical ones In this subsec

tion my goal is to raise a question

Functional programming is a very active eld involving enormous programming eort

and much theoretical work It is also an application eld for typ e theory denotational

semantics etc The idea of functional programming isnt new It inspired McCarthy to

create Lisp one of the rst programming languages Lisp is far from the ideal of pure

functional language which is supp osed to have no assignments or any side eects whatso ever

Numerous other functional languages acquired some imp erative features on the way A go o d

example is that of ML which acquired assignments and p ointers sorry references and thus

b ecame impure Historically these languages are pure functional languages that went a

sinful way of imp erative programming but one can see them as imp erative languages with

extensive functional comp onents The current pure functional languages like Miranda and

Haskell are not suciently ecient yet

Functional programming inspired p eople on b oth sides of Atlantic In this connection

see the passionate Turing Award Lecture by Backus But the idea of

allpurp ose pure functional programming is more p opular in Europ e A skeptic may wonder

if there are ob jective limitations to the eciency of pure functional languages It is true

that calculus suces to program all computable functions but this do es not say that

much It is true that the functional programming paradigm is closer to mathematics as we

know it but the development of mathematics has b een driven by dierent applications We

philosophized on that sub ject b efore Gurevich so let us jump to the conclusion It is

not imp ossible that the price for avoiding explicit states is to o high that indeed there exist

ob jective limitations on the eciency of pure functional languages The usual reaction to

my raising these questions was criticism of imp erative languages usually quite valid Of

course the progress of functional programming is most welcome There are numerous tasks

for which functional programming is just right and functional programs may b e easier

to verify Still it is worth examining p ossible limitations Functional programming may

never replace imp erative programming completely Mayb e a right mixture of imp erative

and functional programming is needed an imp erative language with a clean and p owerful

functional comp onent

Pure logic programming

Similarly to the previous question one may raise a question of ob jective limitations on

the eciency of pure logic programming Again there are numerous tasks for which logic

programming is just right and logic programs may b e easier to verify than the corresp onding

imp erative programs In this case to o the languages in wide use are dirty and a more

pragmatic ideal may b e that of the right mixture of logic and imp erative programming

The gap b etween pure logic programming of theoretical pap ers on one side and Prolog

and other existing logic programming languages on the other side is troubling Prolog has

b ecome a more accepted language through its very ecient implementations and its success

as a software engineering to ol coincided with developing a programming style drifting away

from the logic programming paradigm The theoretical logic programming community

loses interest in Prolog Prolog acquires the same status that Lisp has in the functional

programming community say Egon Borger and Dean Rosenzweig whose pap er Borger

and Rosenzweig a addressing the practical issues of Prolog will app ear in The Science

of Computer Programming rather than in a logic programming journal

There are plenty of pap ers in logic programming often related to default and other

nonmonotonic logics whose relevance to programming escap es me And default logic

itself which started with a promise of simplied reasoning turned out to b e less practical

than classical logic

Pro ofs as programs

A pro of of a sp ecication in constructive intuitionistic logic yields eg via classical

Kleenes realizability or more mo dern typ etheoretical mo died realizability a program

which is a provably correct implementation of the sp ecication This idea inspired many

in particular it is an inspiration for the pro of system Co q one of the b est known and in

uential pro of system develop ed in Inria Ro quencourt near Paris This idea conveniently

separates two concerns pro ofs and programs which some nd an improvement over

the predicate transformer technique involving weakest preconditions championed by Eds

ger Dijkstra Dijkstra The following paragraph is a little more technical and can b e

skipp ed if you are not interested in technical details

In certain cases pro ofs and programs corresp ond very closely to each other Consider

the typ ed combinatory calculus with constants K xy x and S xy z xz y z It is easy

to see that the typ e of K is

! !

where is the typ e of x and is the typ e of y and the typ e of S is

! ! ! ! ! !

where the typ es of z y x are ! and ! ! resp ectively The two displayed

typ es happ en to b e the two axioms for the minimal constructive logic of implication The

only derivation rule of that logic modus ponens corresp onds naturally to the comp osition

of functions if X is of typ e and Y is of typ e ! then Y X is of typ e Any pro of

of a formula in the logic gives a unique program that is a constant in the combinatory

calculus of typ e and the other way around This is a sp ecial case of the socalled

CurryHoward corresp ondence describ ed for example in Simmons This b eautiful

corresp ondence b etween programs and pro ofs has b een extended somewhat but nowhere

near reallife programming languages

People working in the eld tell me that there are problems with the implementation of

the idea The program extracted from the pro of is often very slow One reason for the

slowness is that the program veries not only the nal result but also various intermediate

results It isnt obvious how to free the program from unnecessary verication In fact

p eople do a bit of reverse engineering analyzing faster programs to see which pro ofs can

generate something similar Sometimes this analysis is revealing JeanLouis Krivine was

explaining to me a simple pro of theoretic meaning of some relatively obscure feature of the

C programming language Krivine

But so far this intercourse b etween logic and programming was more imp ortant to logic

than programming The combinatory calculus mentioned ab ove isnt a real programming

language it is another logical calculus Krivine do es work with a real programming language

but he has I understand a long way to go I wonder how would a logic tailored to C

programming language lo ok like We were recently lo oking at C Gurevich and Huggins

I would like to see a critical examination of the idea may b e there are some ob jective

limitations out there It is p ossible that the pro ofsasprograms approach will play a role

in software engineering It is imp ortant to understand what that role should b e

Mathematics and p edantics

I know I know there is no such word p edantics But I need a new term Let me

explain The rigor of classical mathematics may not suce in the verication area Go o d

mathematical pap ers happ en to have errors You may see that the pro of of a lemma is

not quite correct but it is clear how to x it The lemma itself may b e incorrect as stated

but again it is clear what the intention is how the lemma is used and how to x it Such

freedom to deal with inessential details may not exist in verication business Imagine

yourself ying on an airplane for which you veried the autopilot This example is stolen

from somewhere but for the life of me I do not rememb er from where The weather is bad

and the control is given to the autopilot that you had designed and proved correct You

realize suddenly that you forgot to check a case or two out of a great many cases Your

pro of is correct in principle and the autopilot is ne mo dulo some inessential details

but somehow this do es not bring the desired comfort

Many draw the conclusion that verication in general should b e carried out within some

formal system To an extent this explains the p opularity of temp oral logic and other

formalisms and the proliferation of reasoning systems

It seems to me we should distinguish b etter b etween formal and precise Precise math

ematical pro ofs are rarely carried out within formal systems though they are formalizable

Thanks to the foundational revolution in the b eginning of this century usual mathematical

pro ofs can b e rewritten in eg ZFC the rstorder ZermeloFraenkel Set Theory with the

Axiom of Choice in many cases Peano Arithmetic is sucient And in practice pro ofs

carried out within formal systems are not necessarily precise

Why dont normal mathematicians prove their theorems within formal systems The

following argument o ccurred to me or so years ago in a discussion with pro of theorist

Jonathan Stavi When you search for a pro of you dont want to restrict your logic in any

way You want to free your imagination You search for arguments rst and worry ab out

their logic complexity later This is not to say that pro of theory is unnecessary not at

all It just serves a dierent purp ose In particular if and when you nd your pro of you

may sub ject it to a revealing pro oftheoretic analysis see Simpson in this connection

Excessive formalization makes pro ofs harder to nd and comprehend

I b elieve that we should clearly separate concerns and distinguish b etween mathematical

pro ofs like those in mathematical literature and what I prop ose to call pedantic proofs

that is pro ofs written in all details and veried by computer First nd a mathematical

pro of and then if necessary convert it into a p edantic one The term p edantic is

p ositive in this context As we saw ab ove in that autopilot example p edantic pro ofs are

necessary and imp ortant And the science of converting mathematical pro ofs to p edantical

ones is not trivial by any means

The obvious ob jection to normal mathematical pro ofs in verication is that verica

tion pro ofs are much dierent from normal mathematical pro ofs That they are plain and

b oring like checking and checking and checking numerous cases That computers do that

kind of work b etter and one may want some formal system to guide the computer I buy

that Indeed the whole task reduces in many cases to p edantics and computers are b etter

in many asp ects of p edantics than humans and a formal system may b e most useful It

is not true however that all verication pro ofs are like that There may b e an interesting

mathematical structure b ehind the plenitude of b oring details in which case mathematical

analysis may b e useful One example close to my research interests is the correctness pro of

for compiling Prolong to Warren Abstact Machine the standard implementation of Prolog

in Borger and Rosenzweig b

References

Babai et al LBabai LFortnow LLevin MSzegedy Checking computations in

p olylogarithmic time ACM Symp osium on Theory of Computing

Backus John Backus Can Programming b e Lib erated from the von Neumann

Style A Functional Style and its Algebra of Programs in ACM Turing Award

Lectures The First Twenty Years ACM Press

Blum and Kannan Manuel Blum and Ravi Kannan Designing Programs that

Check their Work ACM Symp osium on Theory of Computing

Borger and Rosenzweig a Egon Borger and Dean Rosenzweig A Simple Mathe

matical Mo del for Full Prolog TR Dipartimento di Informatica Universita

di Pisa pages to app ear in The Science of Computer Programming

Borger and Rosenzweig b Egon Borger and Dean Rosenzweig The WAM Def

inition and Compiler Correctness TR Dipartimento di Informatica Univer

sita di Pisa pages to app ear in Logic Programming Formal Metho ds and

Practical Applications Eds C Beierle and L Pluemer NorthHolland

Dijkstra Edsger W Dijkstra A Discipline of Programming PrenticeHall

Fagin Ron Fagin FiniteMo del Theory APersonal Persp ective Theoretical Com

puter Science

Garey and Johnson Michael R Garey and David S Johnson Computers and

Intractability A Guide to the Theory of NPComp eteness Freeman and Company

New York

Gurevich Yuri Gurevich Logic and the challenge of computer science in Current

Trends in Theoretical Computer Science Ed E Borger Computer Science Press

Gurevich Yuri Gurevich Evolving Algebras an Attempt to Discover Semantics

in Current Trends in Theoretical Computer Science Eds G Rozenb erg and A

Salomaa World Scientic Series in Computer Science Volume

Gurevich and Huggins Yuri Gurevich and Jim Huggins Semantics of the C Pro

gramming Language Springer Lecture Notes in Computer Science

Ho dges Wilfrid Ho dges Logic Penguin Bo oks

Immerman Neil Immerman Descriptive and Computational Complexity in

Computational Complexity Theory Ed J Hartmanis Pro c Symp in Applied

Math American Math So c

Jones C B Jones Systematic Software Development using VDM Second edition

Prentice Hall International pages

Krivine JeanLouis Krivine Private communication

Lamp ort Leslie Lamp ort How to Write a Pro of Research Rep ort Digital

Equipment Corp oration Systems Research Center

Littlewo o d and Strigini Bev Littlewo o d and Lorenzo Strigini The Risks of Soft

ware Scientic American Nov

Neiman Peter Neimann Editor Risks to the Public in Computers and Related Systems

regular column in Communications of ACM

Plotkin Gordon Plotkin A Structural Approach to Op erational Semantics Tech

Rep ort DAIMI FN Aarhus University Computer Sci Dept Denmark

Simmons Harry Simmons Logic and Computation Taking the CurryHoward

Corresp ondence Seriously Manuscript Computer Science Dept Manchester Uni

versity UK

Simpson Stephen G Simpson Subsystems of Z and Reverse Mathematics ap

2

p endix to Pro of Theory second edition by G Takeuti NorthHolland Amsterdam

Stepney and Barden Susan Stepney and Rosalind Barden Annotated Z Bibli

ography Bull of the Euro Asso c for Theoretical Computer Sci June

van Leewen Jan van Leewen Handb o ok of Theoretical Computer Science Volume

B Formal Mo dels and Semantics Elsevier Amsterdam