Informatics As a Science 1 Viewpoint

Home , Modeling language, Systems engineering

Enterprise Modelling and Information Systems Architectures Vol. 15, No. 6 (2020). DOI:10.18417/emisa.15.6 Informatics as a Science 1 Viewpoint

Informatics as a Science

Wolfgang Reisig

Humboldt-Universität zu Berlin, Berlin, Germany

Abstract. This contribution addresses the quest for a framework for a comprehensive science of “informatics” as a formal theory of discrete dynamic systems, in analogy to the model of natural sciences. A variety of examples show that this endeavor is promising indeed, and that (detached) parts of it exist already. In the long run, informatics may evolve as a self-contained science, more comprehensive than nowadays “Computer Science”, by complementing its strong technological aspects with a consistent theoretical, mathematical basis, on an equal footing with natural sciences.

Keywords. comprehensive science of informatics • formal foundations • modeling

Communicated by Peter Fettke. Received 2019-08-30. Accepted on 2020-01-20.

Introduction of promotion and reward, that don’t support fundamental questions on the nature of informatics.1 Background In this situation it appears nevertheless inter- Computer Science is frequently told as a success esting to pose some fundamental questions and story, driven by Moore’s law: during the last six to discuss aspects that could unify the diverging decades; computation-, information- and commu- subdomains of Computer Science. As a basis for nication technology became exponentially cheaper, a science of informatics, this may render future quicker and smaller (Brock 2006). Accordingly, developments quicker and better comprehensible. new application areas evolved. Systemic mal- function of devices, failed projects, unmanageable Informatics as a science: historical development behavior of computer embedded systems, viola- tion of privacy etc., are accepted as unavoidable The emerging computing technology of the side effects and justified as the price to be paid for 1950ies covered essentially two problem domains: the rapid evolution of the area. numerical problems as they occur in classical engineering sciences, and searching-and-sorting Whether matters might – or should – have problems in large data sets, as they occur in a evolved differently, is rarely discussed and hardly population census. The two programming lan- suspected. The quest for alternatives to the factual guages FORTRAN and COBOL had been tailored evolution of Computer Science is annoying in par- to those problems; the steps from a problem to an ticular for young scientists, who eagerly learned algorithmic idea and to a program were usually facts, and want to build on this presumed solid manageable. This changed in the 1960ies: in- and steadfast basis. They are squeezed in systems creasing computer power made problems solvable that required more complex algorithmic ideas and E-mail. [email protected] more elaborate programs. This rendered programs I owe many valuable comments to readers of a previous German version of this text: Dines Bjørner, Peter Fettke, 1 By “Computer Science” we refer to the traditional approach, Christoph Freytag, and Otthein Herzog. whereas “informatics” denotes the to-be-developed science. International Journal of Conceptual Modeling Vol. 15, No. 6 (2020). DOI:10.18417/emisa.15.6 2 Wolfgang Reisig Viewpoint

increasingly error prone and incomprehensible, • Prediction: Good science can predict the evo- and finally a “software crisis” had been identified lution of processes. In Computer Science, this at a famous conference in Garmisch-Partenkirchen means to predict the behavior of programs, i. e. (Naur and Randell 1969), to be tackled by the new to verify them. discipline of “software engineering”. This in turn caused new programming languages (PL/1, Pas- Summing up, a program is conceived as a math- cal, Ada), new program paradigms (structured ematical item; its decisive properties should be programming, object orientation) and later on formulated in a logical language, its semantics new software architectures (components, service- should be formally captured, and its correctness orientation, micro-services). Furthermore, soft- should be proved. These are scientific concepts, ware design methodologies emerged, such as sys- indeed. In this spirit, also Gries (1981) conceives tematic refinement, software architectures, and the activity of programming as a scientific activity. the specification of interfaces. Looking back, it is obvious that the Garmisch- Partenkirchen conference raised important ques- This contribution tions and initiated constructive answers. However, on the long way from a problem via an algorith- In 14 sections we formulate some thoughts for a mic idea up to a software, only the last step, i. e. comprehensive science of informatics as a formal writing down programs, has been framed more scientific theory of discrete dynamic systems. The convenient by the concepts suggested there. subject of this science is intended much broader This way of thinking about “Computer Science” than the above outlined traditional “Computer as a science is visible at the memorial lecture Science”, as suggested by Dijkstra, Hoare, Gries, for famous Edsger W. Dijkstra in 2010, where Knuth and others. Nevertheless, the new, broader likewise famous computer scientist Tony Hoare theory should be conceptualized as a formal the- emphasizes four criteria for sciences in general, ory; not as classical Computer Science extended and the issue of Computer Science in particular by informal aspects of social sciences. Examples (Hoare 2010): include formal concepts of information processing and algorithmic behavior that are not intended to • Description: Science describes properties and behavior of systems; in Computer Science, such be implemented, as they occur in business infor- a “description of properties and behavior can matics, in embedded systems, and generally in serve as a specification, describing an appro- the nowadays much discussed “internet of every- priately precise interface between its purchaser thing”. and its supplier.” Hoare suggests logic based de- We will pose questions and explain some mu- scription methods, with weakest preconditions tually related concepts. Some of them are not as an example. fundamentally new, but have frequently been stud- • Analysis: The central items and their conceptual ied in isolation. Properly combined, they support relation of a science are detailed here. Central the claim to contribute to a new science of infor- items of Computer Science are programs. They matics. are analyzed with pre-/postconditions such as However, we don’t present a fully-fledged sci- Microsoft Contracts. ence of informatics. Obviously, a number of • Explanation: The behavior of systems is sub- additional ideas, concepts and insight is still miss- stantiated. For Computer Science, the seman- ing. We just want to show that it is worth searching tics of programming languages provides this for a fundamental science of informatics, and to substantiation. stimulate discussion. Enterprise Modelling and Information Systems Architectures Vol. 15, No. 6 (2020). DOI:10.18417/emisa.15.6 Informatics as a Science 3 Viewpoint

1 Successful construction of scientific equations, integrals, etc. In contrast, informatics models describes behavior in discrete steps. This allows to describe entirely different properties, and requires Good scientific theory is formulated in terms of different analysis techniques. models. A model is a system of notions and Models in informatics are used for various dif- relations among them, intended to better under- ferent purposes: stand reality. “Reality” is either given as natural phenomena, or – as in the case of informatics – • to describe domain-specific facts, for example constructed by man. Particularly impressive is a companies’ structure of the book keeping and the example of physics: For centuries, physicists the accounting department (the “correctness” searched a unifying model for all branches of of this kind of descriptions remains inevitably physics, setting up an impressive body of scien- informal); tific theory. Particularly impressive is the deep • to describe algorithmic behavior, for example harmony between physics and mathematics (Livio how to apply for a claim settlement with an 2009) with very abstract, yet exceedingly useful insurance company; scientific concepts and models. A typical example • to describe a software’s effect, either in terms is the notion of energy. This notion allows to mutually relate and quantitatively fix quite dif- of properties or of its operational behavior. ferent phenomena that, for example, occur when A model is a symbolic description. It may be a car is accelerated and crashed into a wall: In executable on the symbolic level, in which case this process, an amount of energy is involved. It its behavior can be simulated on a computer. But is initially contained in petrol, then in accelera- it also may conceptually describe the behavior tion, and finally in reshaping metal. The notion of a system in a concrete domain, that is not of “energy” is useful because it provides a quan- intended to be implemented. With a really useful tifying invariance for dynamic processes. This science of informatics it will be worthwhile to kind of invariants, usually denoted as “laws of discuss correctness on the model level and then to nature”, are the scaffold of science. In recent systematically derive correct software. years, systems biology likewise is searching for Seamless integration of computing technology such notions and invariants to better understand with its technical or organizational environment metabolic processes. is inevitable for many computer integrating sys- Informatics should learn from physics and other tems; not the least the internet of things: such sciences how to establish a comprehensive theo- systems are manageable only with formal mod- retical framework for all of its aspects. Already els that include computing technology as well as in 1962, John McCarthy encouraged research into its environment. This includes organizational or a mathematics-based “Science of Computation”, technical components that are not intended to be evolving its central items and properties out of a implemented. few postulates (McCarthy 1962). Various modeling techniques support this view, in particular the UML (Booch et al. 2005) and – 2 Models in informatics primarily for business informatics – BPMN (Ob- As modeling is the center of scientific theory ject Management Group 2011). These techniques building: what are the models of informatics? Just suggest various graphical means to express partic- as many (natural) sciences, informatics is about ular, subtle, domain specific aspects. Both these dynamic systems, however with a fundamental techniques (and some more, e. g. Harel’s state- difference: Physics describes behavior usually in charts) are widely applied, in deed. But they offer continuous terms, with functions over the real only rare specific means to prove properties of the numbers. This allows to construct differential modeled systems. Even if systems are modeled International Journal of Conceptual Modeling Vol. 15, No. 6 (2020). DOI:10.18417/emisa.15.6 4 Wolfgang Reisig Viewpoint

by means of those techniques before implementa- system trustworthy, comprehensible, and unam- tion, correctness is usually studied (tested) on the biguously. For a given instance we usually have an software level. intuitively clear understanding of what an appro- Modeling is a central issue of formal methods priate description of a system is about: It contains such as, besides many others, ALLOY, B, Focus, all aspects that the modeler considers relevant, Live Sequence Charts, RAISE, TLA, VDM and Z. and it does not enforce aspects that the modeler The main concern of these methods is a systematic wants to ignore. More concretely formulated, way to construct correct software (Bjørner and a trustworthy model 푀 of a discrete system 푆 Havelund 2019). These methods, however, insist describes in implementability, at the price of convenience • each elementary item of 푆 as an elementary and adequacy of modeling the reality. This prob- item of 푀, lem is, to some extent only, tempered by domain • each elementary operation of 푆 as an elementary specific methods (Bjørner 2018). General mod- operation of 푀, eling methods with their focus on the realm to • each composed item of 푆 as a composed item be modeled, include ASM (Gurevich 2000) and of 푀, Petri nets (Reisig 2013). This focus supports, for example, business informatics: there, behavior of • each composed operation of 푆 as a composed components are modeled, that are not intended to operation of 푀, be implemented (Bichler et al. 2016). The term • each – local – state of 푆 as a state of 푀, “conceptual modeling” refers to models, mainly for • each – local – step of 푆 as a step of 푀. business applications, including components that Summing up: elementary and composed items are formally described, but not necessarily imple- and operations, as well as states and steps of 푆 and mented. A typical example is the “Open Models 푀 should correspond bijectively. Intuitive and initiative” (Karagiannis et al. 2016). The quote formally represented behavior should conform as “Computer Science is no more about computers tightly as possible. than astronomy is about telescopes”, attributed to This rises the quest for a modeling technique E.W. Dijkstra, may apply here. that would meet these requirements, at least for a The idea of system models that focus applica- large and interesting class of systems. Obviously, tion areas more than implementation, is rarely such items, operations, states and steps do not fit addressed. A typical example of this narrow view into the classical scheme of computability theory. is the Dagstuhl seminar on the history of software This has been observed and discussed many times, engineering in 1996 (Brennecke and Keil-Slawik beginning perhaps with Donald Knuth’s funda- 1996). mental The Art of Computer Programming (Knuth From a scientific perspective, in the long run, 1973), where the notion of computational methods modeling techniques with adequate more expres- (nowadays: transition systems) is suggested as a sivity for application domains, combined with general framework for the notion of algorithms. A strong analysis techniques, are urgently needed. computational method consists of a set 푆 of states They may look quite different from what is avail- and a next-state function 퐹 on 푆, where “퐹 might able now. involve operations that mortal man can’t always perform.” (Knuth 1973, p. 9). Knuth denotes 3 Trustworthy models a computational method effective, in case 퐹 is a computable function. Robin Milner in his EATCS In a general, systematic buildup of modeling prin- award lecture (Milner 2005) declared: “. . . we ciples, it should be possible to find a – formal should have achieved a mathematical model of – modeling technique that allows to describe a computation, perhaps highly abstract in contrast Enterprise Modelling and Information Systems Architectures Vol. 15, No. 6 (2020). DOI:10.18417/emisa.15.6 Informatics as a Science 5 Viewpoint with the concrete nature of paper and register ma- nets is exceedingly expressive (because Petri net chines, but such that programming languages are transitions are reversible) (Reisig 2013). merely executable fragments of the theory . . . ”. Each such invariant declares a relationship It remains open, which kind of non-executable among the variables of the model that holds in fragments Milner has in mind. each reachable state. Those notions stick close to The classical framework of computation with the items of the given model. As shown by the variables and operations over strings of symbols, example of the notion of energy in Sec. 1, physics as well as programs with sequences of assignment knows much deeper, less obvious but neverthe- statements, alternatives, and conditional loops has less (or therefore) useful invariants. Informatics frequently been generalized to cover freely cho- should strive at comparatively deep invariants. sen mathematical objects and operations, as in Such invariants might make precise what remains Tucker and Zucker (2000) and Dershowitz (2012). invariant in the case of Shepherdson (1995) devises a similar idea, based • a bank client, withdrawing cash at a cash ma- on Turing Machines. In a slightly different style, chine; and from a purely logical perspective, Gurevich (2000) suggests Abstract State Machines as pro- • a life insurance, transferring a client’s policy to grams over a signature (a sorted alphabet). The a new hardware; user of this formalism may freely chose his signa- • a car insurance, regulating a damage; ture as well as its interpretation (a structure), and • a computing center, simulating tomorrow’s systematically manipulate the structure by help of weather; terms generated from the signature. • an operating system, executing garbage collec- Summing up, a good model employs symbols tion; that in the modeled realm are interpreted as items • a compiler, translating a program; or operations. This fundamentally differs from programming: A programming language fixes the • a travel agent, booking a journey. interpretation of the employed symbols. There are presently no modeling techniques with such invariants. Nevertheless, it is useful to sys- 4 Invariants in informatics tematically search such techniques that, compared to so far existing concepts, evolve much more As outlined in Sec. 1, invariance is a pillar of abstract and less obvious, yet useful notions of scientific theories. This solicits the quest for no- invariants. tions of invariance in informatics. The best known such notion is certainly Hoare’s invariant calculus 5 A fundamental notion of “information” (Hoare 1969) with the concept of loop invariants for classical programs. According to Furia et al. The above example of the notion of “energy” (2012), loop invariance is one of the fundamental shows that invariance can be based on a very ideas of software design. This may be true if abstract, yet intuitively conceivable notion. Are the notion of correctness of software design is there similar such notions for informatics? In the bound to its very end, i. e. the coding in a classical sequel I try to outline a notion of “information”, programming language. A science of informatics with the central invariant of information preser- should however focus the correctness of models. vation in local steps: in a given state, a system In fact, many modeling techniques employ par- contains a distinguished amount of “information”. ticular versions of invariants: for example, Tel As long as the system does not communicate with (2000) suggests special invariants for distributed its environment, this information can be converted processes, distributed algorithms, and communi- in different ways; it can be newly combined; some- cation protocols. The invariant calculus for Petri thing can be derived (computed) from it; parts of International Journal of Conceptual Modeling Vol. 15, No. 6 (2020). DOI:10.18417/emisa.15.6 6 Wolfgang Reisig Viewpoint

it can be made inaccessible, etc. But the amount a system consisting of many cooperating compo- of information as a whole remains invariant. A nents where communication is the central issue, computation, i. e. a sequence of steps, then models may be simulated on a single processor. This, a strictly organized flow of information. however, would spoil the purport of the system. A constructive definition of such a notion of Systems consisting of many cooperating com- information is not in sight. Nevertheless, such a ponents have been suggested in the 1980ies; for notion would be quite useful; for example to con- instance the Actor formalism of Agha and Hewitt struct invariants according to Sec. 4. With such a (see Agha (1986)). Similar ideas are the basis of notion it might be possible to formulate precisely languages such as LINDA (Carriero et al. 1994) what changes and what remains when documents and the Chemical Abstract Machine (CHAM) are copied, deleted, or combined. Protection of (Berry and Boudol 1990). In this Metaphor, active data and privacy as well as related notions might elements are conceived as a kind of molecules, gain a much more precise meaning. that are “swimming” in a – metaphorical – chemi- A further interesting aspect of such a notion cal solution that react with each other whenever are information preserving operations: Such an two of them meet. A further example is Broy’s operation, 푓 , retains all information when applied FOCUS formalism (Broy and Stølen 2001) with to an argument a. Hence, a can be re-computed components that realize stream processing func- from the result 푓 (푎). Examples of such operations. Finally, also Petri nets (Reisig 2013) belong tions include the negation if propositional logic, to this kind of modeling techniques: consider each and the positive square root of positive real num- transition as an elementary active unit. These and bers. Reversible functions occur frequently in the many other similar modeling techniques and pro- context of electric circuits (Vitányi 2005). The gramming primitives rise the question for a theory consequent application of reversible computing that is a proper basis and abstraction for such sys- may decisively boost IT security: An attacker can tems; in analogy to the computable functions, that retrospectively be identified. are a proper abstraction for any kind of sequential It might become realistic to define particular input/output algorithms. notions of “information” in terms of operations In a series of contributions (among them Weg- that are feasible or acceptable in specific contexts. ner 1997 and Wegner and Eberbach 2004), Weg- ner generalizes Turing machines for this purpose. 6 Interactive components Cockshott and Michaelson (2007) challenges the correctness of Wegner’s arguments. Classical theoretical Computer Science abstracts My point here is not the limitations of capabili- information-technological processes in terms of ties of computers, but a quest for system modeling: functions over symbol chains. With deep results Which techniques are adequate to model and an- on complexity theory and relations between logic alyze systems that proceed in discrete steps and and automata theory, this framework has been interact with their environment? established as theoretical basis of Computer Sci- ence. In this context, Turing machines are the 7 Independent steps best-known model. A Turing machine, including a store and a processor, can be conceived as an The concept of discrete steps is based on states: adequate abstraction of computing technology of A step starts at a state and ends at a state. The the 1960ies. A multiprocessor architecture, using classical framework of system descriptions as- more than one processor to increase computing sumes global states: Each step updates a global speed, may more or less adequately be abstracted state. A single behavior, a run, is then a sequence to an architecture with a single processor. In fact, 푠0 − 푡1 − 푠1 − 푡2 − 푠2 ... of states 푠푖 and steps Enterprise Modelling and Information Systems Architectures Vol. 15, No. 6 (2020). DOI:10.18417/emisa.15.6 Informatics as a Science 7 Viewpoint

c 1a 2 b 3 4 (1,4) a (2,4)b (3,4) c e d e d e d e d

5 (1,5) a (2,5)b (3,5) c

component A component B component A|B

Figure 1: Cartesian product 퐴 | 퐵 of two components 퐴 and 퐵

푠푖−1 − 푡푖 − 푠푖 (푖 = 1,2,. . . ). The state space of a sys- stop in disjoint local states. As a consequence, tem 퐶, composed from components 퐶1, . . . , 퐶푛, independence of steps is identifiable, and can be is usually constructed as the Cartesian product covered by representing the two steps without any 푆1 × ... × 푆푛 of the state spaces 푆푘 of the compo- order. A single run then is no longer a sequence of nents 퐶푘 . Each step occurrence of a component steps with global states, but a partial order of steps 퐶푘 thus implies many step occurrences of the com- with local states. Order then no longer represents posed system 퐶: independent steps in different progress of time, but the (causal) “before-after” components are interleaved, i. e. represented in relation. With this perception, the system 퐴 | 퐵 arbitrary order, thus yielding a non deterministic of Fig. 1 has only one (infinite) run, joining the system model. order of 퐴 and 퐵. More illustrating may be the Fig. 1 shows a small example: 퐴 and 퐵 are behavior of 퐴 | 퐵 with the additional requirement two independent components with three (resp. that 퐵 never executed more local steps than 퐴. two) states. The steps of each component form a This results in just one run, as shown in Fig. 2. cycle. Each of the two components has exactly one Petri nets support this proposal with the concept infinite behavior (run). The composition 퐴 | 퐵 of of “distributed runs” (Reisig 2013). 퐴 and 퐵 is a component with six states. In three of them, two steps start, yielding an infinite number a b c a b ... of infinite runs. This perception of “behavior” is intuitively plausible, and is employed in many analysis techniques. In particular, it is the base of d e d e d ... model checking composed systems. However, this perception comes with disadvan- Figure 2: Distributed run of 퐴 | 퐵, with the require- tages: In the above example, the two steps starting ment that 퐵 never has executed more local steps than in a state of 퐴 | 퐵 look like alternatives; but in 퐴 fact, they occur independently. The aspect of alternative refers to an alternative temporal sequence Lamport’s example of an hour-clock, moving as measured on clocks outside 퐴 | 퐵. Lamport to the next state each full hour, illustrates a further (1978) discusses details of this kind of assump- disadvantage of the perception of a single run of a tions on temporal orders of events; to do so he system as a sequence of steps: One would expect requires clocks with perfect precision. This kind that an hour-and-minute-clock is an hour-clock of assumptions can be avoided, taking advantage as well. An hour-and-minute-clock, however, of the observation that independent steps start and executes not one, but 60 steps each hour! Hence, International Journal of Conceptual Modeling Vol. 15, No. 6 (2020). DOI:10.18417/emisa.15.6 8 Wolfgang Reisig Viewpoint

it is not suitable as an hour clock! To overcome this problem, Lamport (2002) suggests a “stuttering” logic that conceptually equates a single step with “any number of steps”. Both examples show poor consequences of perceiving a single run as a sequence of global steps, whenever systems are composed or refined. It is apparently useful to take independent events, i. e. local causes and local effects, seriously and to distinguish them from nondeterminism. This applies in particular to big systems, because they are usually composed or refined from smaller systems. Küster-Filipe (2000) suggests a specific logic for such systems. Figure 3: Dijkstra’s representation (Dijkstra 1990) of In a more general perspective, here we suggest the Pebble game to take concurrency as a fundamental phenomenon of the real world, to be respected and represented Petri net: PEBBLE is a constant symbol, to be in models. Abramsky (2006) contributes valu- initialized by a (multi)set of for sets of black and able insight into this question. This contrasts the white pebbles. Each Transition shows a step, with view of concurrency as an implementation issue, two pebbles removed and one pebble returned. assuming “sequential thinking” as the basis of Arc inscriptions show the color of the involved Computer Science, as pleaded in Rajsbaum and pebbles. This model represents removal and re- Raynal (2019). turn of pebbles straightly. It avoids Dijkstra’s detour of counting and computing the number of 8 Limited expressivity of assignment involved pebbles. By help of an invariant, Dijkstra statements shows that the remaining pebble is white if and Not only programming languages, but also mod- only if the initial white pebbles are odd-numbered. elling languages describe steps by help of assign- A corresponding invariant exists likewise for Petri ment statements. This is adequate, or at least nets (Reisig 2013). acceptable, in many cases. But it also leads to less convincing models. An example is the “pebble game” that Dijkstra describes in a video of an ambitious series of videos of Stanford University (Dijkstra 1990): assume an urn, containing finitely many black and white pebbles. A step removes two pebbles 푎 and 푏 out of the urn and returns a pebble, 푐, according to the following rule: 푐 is Figure 4: Petri net representation of the pebble game white in case 푎 and 푏 are colored differently; 푐 is black, otherwise (in case of two white pebbles, Variables and assignment statements are also one of them is colored black). In a sequence of less favorable to model distributed systems such such steps, all pebbles disappear until only one as communication protocols, etc. An example remains. is the TLA model of an asynchronous interface Fig. 3 shows Dijkstra’s model: a nondetermin- as in Lamport (2002). Ultimately, a scheduler is istic program with arithmetic operations on four assumed, regulating access of many components integer variables. Fig. 4 models the game as a to the variables they share. The components Enterprise Modelling and Information Systems Architectures Vol. 15, No. 6 (2020). DOI:10.18417/emisa.15.6 Informatics as a Science 9 Viewpoint are distributedly implementable only under far in this context. Nevertheless, a science of infor- reaching assumptions. matics should offer means to represent and to A proper science of informatics will eventually prove much deeper properties too, possibly based describe system steps not only by help of assign- on non-trivial invariants (Sec. 4) and a specific ment statements, but also by a variety of other, notion of information flow (Sec. 5). possibly more abstract concepts. Petri nets are an A user of a large system requires a modified example: The semantics of a step, i. e. a transi- notion of “correctness”: He is usually not inter- tion, is given by the updates of the marking of the ested in the correctness of the entire system (many places in its local vicinity. Broy (1998) suggests big systems are – at extreme situations – not cor- a different approach refraining from assignment rect anyway). His only interest is the system’s statements. correct functioning for his specific use case. Ad- ditionally, he would love a plausible, intelligible, 9 The metaphor of the living organism convincing argument why he can trust the result. Classical verification misses both requirements: a New systems can be constructed by refining and flawed system may be useful in some cases, and composing given systems. Are there further the hint at a formally verified property, formulated methods to systematically construct new systems in terms of temporal logic, does not necessarily from given ones? The few proposals include the support trust in the intended outcome of a single metaphor of a “3D printer”, as well as the “living application. First ideas to overcome this include organism” metaphor (Dershowitz and Falkovich certifying algorithms (McConnell et al. 2011) and 2014). According to this metaphor, a set of “living runtime verification (Bartocci et al. 2018). A com- cells” may create autonomous “creatures” with prehensive science of informatics must include fundamentally new properties. More generally, this flexible kind of correctness. this rises the question for the principal limits of such constructs, in analogy to the limits of com- 11 Time, causality, observation, etc. putability (viz. symbol manipulation) in classical computation. For computer controlled real time systems, e. g. airbag control, classical real time models are ade- 10 Correctness, and verification quate. Many modeling techniques utilize a naive notion of time, as if actual time was available in any Scientific theories live from models that bring degree of precision and without additional effort. about interesting consequences. A model is bene- Lamport (1978) wakens this view to some extent, ficial only it yields interesting, non-trivial insights. without withdrawing it entirely. Some modeling The purely descriptive character of UML, BPMN, techniques such as ESTEL, ESTEREL and state- ASM and other modeling techniques without spe- charts employ the hypothesis of “infinitely quick” cific analysis techniques considerably limits their digital systems, because such systems work much usage. A really good model of a system is trustwor- quicker than the systems in their environment, e. g. thy (cf. Sec. 3) and can be analyzed, in particular their human users. by help of non-trivial invariants (cf. Sec. 4). In fact, the notion of temporal “before – after” Many properties of systems are reducible to is frequently specified, where a “cause – effect” properties of single states and runs. Temporal relationship was more adequate. The relationship logic has reached a dominant position to describe of (discrete) time, causality and observation is such properties, with model checking and abstract fundamental for models in informatics, but not interpretation as efficient analysis techniques. The fully understood. A challenging example is a abstract distinction of liveness- and safety prop- formal model for Stein’s apple sort algorithm erties (Alpern and Schneider 1985) is very useful (Stein 2006): apples role down a sloped plank with International Journal of Conceptual Modeling Vol. 15, No. 6 (2020). DOI:10.18417/emisa.15.6 10 Wolfgang Reisig Viewpoint

increasingly larger holes. Each apple passes the and Wiedermann (2013), Shepherdson (1995) and first hole with a diameter greater than the apple’s Dershowitz (2012). diameter. With 푛 such holes, this algorithm sorts In a comprehensive science of informatics, the the apples into 푛 size classes. computable functions certainly will play a crucial role – besides some other concepts. This likewise 12 Refinement and composition applies to formal logic. Large systems are in general refined from more abstract specifications, or composed from smaller 14 Informatics as an engineering systems. There is a multitude of general meth- discipline ods, principles and formalisms (such as Back and Wright (1998)) to systematically refine a system Each typical engineering disciplines such as elec- from a specification. A fundamental principle for trical engineering or chemical process engineer- logical specifications is refinement-implication: ing, is based on a science (such as physics and the specification of the refined system implies the chemistry). Engineering makes scientific insight specification of the given system. Correspond- useful for man’s interest. Software, however, is no ing methods, principles and formalisms for the such science. Software is the result of activities composition of logical specifications have been in the framework of software engineering. So, suggested for the language Z (Spivey 1989), Lam- what is the scientific base of software engineering? port’s TLA (Lamport 2002) and Broy’s stream- One may try with “algorithms”; however, “algo- based FOCUS (Broy and Stølen 2001), together rithms” is usually perceived in a far too narrow with the far-reaching idea of perceiving compo- sense. Most adequate would be a comprehensive sition as logical conjunction. On an operational science of informatics, as a basis for several en- level, Reisig (2019) suggests a very general com- gineering disciplines, one of which is “software position operator that is associative and does not engineering”. require any assumptions about the inner of the involved components. All these methods, principles, and formalisms address the right questions. Conclusion But none of them prevails. This text is intended to solicit interest in the aim of 13 Computability a comprehensive science of informatics. Physics is a paradigm for such a theory. I outlined a For quite a while, the theory of computable func- series of ideas for formal concepts that span far tions has been conceived as the fundament of a beyond computer technology and programming, science of informatics. All attempts to refute reach far and should nevertheless start out with a the Church/Turing thesis failed. However, this nucleus of basics, thus contributing to a science of thesis has frequently been stretched beyond recog- nition. In fact, it just describes the limitations of informatics. This text provides some suggestions systematically manipulating symbols sequences. as how a theory might be started. There exists Informatics, and particularly a comprehensive sci- already a lot of insight that would belong to this ence of informatics, includes more fundamental theory. But a comprehensive view remains to be aspects, to be covered by formal means. A science developed. of informatics must include the interpretation of The envisaged theories would not render so- symbols in the real world. All this has clearly far principles of informatics obsolete; they rather been addressed in Cleland (1993). Further inter- should be better and mutually related, together esting aspects of this topic are discussed in van with forthcoming engineering concepts of infor- Leeuwen and Wiedermann (2012), van Leeuwen matics. Enterprise Modelling and Information Systems Architectures Vol. 15, No. 6 (2020). DOI:10.18417/emisa.15.6 Informatics as a Science 11 Viewpoint

References Brock D. C. (2006) Understanding Moore’s Law—Four Decades of Innovation. Chemical Her- Abramsky S. (2006) What are the Fundamental itage Foundation Structures of Concurrency? In: Electronic Notes in Theoretical Computer Science 162(1), pp. 37– Broy M. (1998) A Logical Basis for Modular 41 Software and Systems Engineering. In: SOFSEM Agha G. (1986) Actors: A Model of Concurrent ’98: Theory and Practice of Informatics. Lecture Computation in Distributed Systems. MIT Press Notes in Computer Science. Vol. 1521. Springer, pp. 19–35 Alpern B., Schneider F. (1985) Defining liveness. In: Information Processing Letters 21(4), pp. 181– Broy M., Stølen K. (2001) Specification and devel- 185 opment of interactive systems. Focus on streams, interfaces, and refinement. Springer Back R., Wright J. (1998) Refinement Calculus: A Systematic Introduction. Springer Carriero N., Gelernter D., Mattson T., Sherman A. (1994) The Linda Alternative to Message-Passing Bartocci E., Falcone Y., Francalanza A., Reger G. Systems. In: Parallel Computing 20(4), pp. 633– (2018) Introduction to Runtime Verification. In: 655 Lectures on Runtime Verification: Introductory and Advanced Topics, Lecture Notes in Computer Cleland C. E. (1993) Is the Church-Turing thesis Science. Vol. 10457 Springer, pp. 1–33 true? In: Minds and Machines 3, pp. 283–312

Berry G., Boudol G. (1990) The Chemical Ab- Cockshott P., Michaelson G. (2007) Are There stract Machine. In: Proceedings of the 17th ACM New Models of Computation? Reply to Wegner SIGPLAN-SIGACT Symposium on Principles of and Eberbach. In: The Computer Journal 50(2), Programming Languages. Association for Com- pp. 232–247 puting Machinery, pp. 81–94 Dershowitz N. (2012) The Generic Model of Com- Bichler M., Frank U., Avison D., Malaurent J., putation. In: Electronic Proceedings in Theoretical Fettke P., Hovorka D., Krämer J., Schnurr D., Computer Science 88(1), pp. 59–71 Müller B., Suhl L., Thalheim B. (2016) Theories in Business and Information Systems Engineering. Dershowitz N., Falkovich E. (2014) Generic Par- In: Business & Information Systems Engineering allel Algorithms. In: CiE 2014. Lecture Notes in 58(4), pp. 291–319 Computer Science. Vol. 8493. Springer, pp. 133– 142 Bjørner D. (2018) Domain Analysis & Descrip- tion. A Philosophy Basis. Unpublished manuscript, Dijkstra E. W. (1990) Reasoning about Programs. Technical University of Denmark University Video Communications, Stanford. The Bjørner D., Havelund K. (2019) 45 years of Formal Distinguished Lecture Series, Academic Leaders Methods – Challenges and Trends. Unpublished in Computer Science and Electrical Engineering, manuscript vol. III Booch G., Rumbaugh J., Jacobson I. (2005) Uni- Furia C. A., Meyer B., Velder S. (2012) Loop fied Modeling Language User Guide, The2nd Invariants: Analysis, Classification, and Examples. Edition. Addison-Wesley In: ACM Computing Surveys 46(3), Article No. 34 Brennecke A., Keil-Slawik R. (1996) Position Papers for Dagstuhl Seminar 9635 on History of Gries D. (1981) The Science of Programming. Software Engineering. Schloss Dagstuhl Springer International Journal of Conceptual Modeling Vol. 15, No. 6 (2020). DOI:10.18417/emisa.15.6 12 Wolfgang Reisig Viewpoint

Gurevich Y. (2000) Sequential Abstract-State Ma- Object Management Group (2011) Business Pro- chines Capture Sequential Algorithms. In: ACM cess Model And Notation https://www.omg.org/ Transactions on Computational Logic 1(1), pp. 77– spec/BPMN/2.0/. Last Access: 2019-08-30 111 Rajsbaum S., Raynal M. (2019) Mastering concur- Hoare C. A. R. (1969) An Axiomatic Basis for rent computing through sequential thinking. In: Computer Programming. In: Communications of Communications of the ACM 63(1), pp. 78–87 the ACM 12(10), pp. 576–580 Reisig W. (2013) Understanding Petri Nets. Hoare C. A. R. (2010) What can we learn from Springer Edsger W. Dijkstra? In: Edsger W. Dijkstra Memo- rial Lecture, Austin Texas Reisig W. (2019) Associative composition of com- Karagiannis D., Mayr H. C., Mylopoulos J. (2016) ponents with double-sided interfaces. In: Acta Domain-Specific Conceptual Modeling: Concepts, Informatica 56(3), pp. 229–253 Methods and Tools. Springer Shepherdson J. C. (1995) Mechanism for comput- Knuth D. E. (1973) The Art of Computer Pro- ing over arbitrary structures. In: The universal gramming, Volume I. Addison-Wesley Turing machine: a half-century survey. Springer, pp. 537–555 Küster-Filipe J. (2000) Fundamentals of Module Logic for Distributed Object Systems. In: Journal Spivey J. M. (1989) Introduction to Z and formal of Functional and Logic Programming 2000(3), specifications. In: Software Engineering Journal Article No. 3 4(1), pp. 40–50 Lamport L. (1978) Time, Clocks, and the Ordering Stein L. A. (2006) Interaction, Computation, and of Events in a Distributed System. In: Communi- Education. In: Interactive Computation: The New cations of the ACM 21(7), pp. 558–565 Paradigm. Springer, pp. 463–484 Lamport L. (2002) Specifying Systems. Addison- Tel G. (2000) Introduction to Distributed Algo- Wesley rithms, 2nd Edition. Cambridge Univ. Press Livio M. (2009) Is God a Mathematician? Simon & Schuster Tucker J. V., Zucker J. I. (2000) Computable Func- tions and Semicomputable Sets on Many-Sorted McCarthy J. (1962) Towards a Mathematical Sci- Algebras In: Handbook of Logic in Computer ence of Computation. In: Proceedings of IFIP Science: Volume 5: Logic and Algebraic Methods. Congress 62. North-Holland Publishing Company, Oxford University Press, pp. 397–525 pp. 21–28 van Leeuwen J., Wiedermann J. (2012) Compu- McConnell R. M., Mehlhorn K., Näher S., tation as an unbounded process. In: Theoretical Schweitzer P. (2011) Survey: Certifying al- Computer Science 429, pp. 202–212 gorithms. In: Computer Science Review 5(2), pp. 119–161 van Leeuwen J., Wiedermann J. (2013) Rethinking Milner A. R. J. (2005) Software Science: From computations. In: What is computation - Proc. 6th Virtual to Reality. In: EATCS Award Lecture. AISB Symp on Computing and Philosophy, AISB Vol. 87. Bulletin of the EATCS, pp. 12–16 Convention 2013, pp. 6–10 Naur P., Randell B. (1969) Software Engineering: Vitányi P. M. B. (2005) Time, Space, and Energy Report of a Conference Sponsored by the NATO in Reversible Computing. In: CF ’05: Proceedings Science Committee, Garmisch, Germany, 7-11 of the 2nd conference on Computing frontiers. Oct. 1968, Brussels, Scientific Affairs Division, Association for Computing Machinery, pp. 435– NATO 444 Enterprise Modelling and Information Systems Architectures Vol. 15, No. 6 (2020). DOI:10.18417/emisa.15.6 Informatics as a Science 13 Viewpoint

Wegner P. (1997) Why Interaction Is More Power- ful Than Algorithms. In: Communications of the ACM 40(5), pp. 80–91 Wegner P., Eberbach E. (2004) New Models of Computation. In: The Computer Journal 47(1), pp. 4–9