Free type definitions

zero:nat

succ:nat

→

∀n:nat•n=zero∨ ∃m:nat•n=succ m {zero} ∩ransucc= ∅

And still this is not enough. We have failed to exclude the possibility that some element is the successor of two or more others: see Figure 10.1(c). There is nothing that allows us to conclude thatnatis an infinite set.

We must thus add a fourth requirement: that the function used to construct the natural numbers isinjective. This leads us to the following definition:

zero:nat succ:nat

)

{zero} ∩ransucc= ∅ {zero} ∪ransucc=nat

With this, we are guaranteed an infinite set with the familiar structure of the natural numbers. There is one more requirement to consider; the above defini-tion fails to exclude the set shown inFigure 10.1(d). The setnatmust contain a copy of the natural numbersN, or at least a set with exactly the same structure, but it may contain more besides. The final requirement is thatnat should be thesmallestset that meets the conditions laid down above.

10.2 Free type definitions

Our mathematical language has a special mechanism for introducing sets such as nat: the free type definition. To begin with, consider the special case in which the set to be introduced has a small, finite number of elements. An example might be the set of colours of the rainbow: red,orange,yellow,green, blue, indigo, andviolet. In the programming language Pascal, this set may be introduced as an enumerated type:

Colours = {red,orange,yellow,green,blue,indigo,violet}

We could take a similar approach in Z, writing

Colours == {red,orange,yellow,green,blue,indigo,violet}

However, this abbreviation does notdefinethe constants in the set. It not only fails to introduce the names, it also fails to make them distinct: there is no guarantee thatredis different fromgreen.

The followingfree typedefinition has a different effect; it introduces a set Colours, and seven distinct constants:

Colours::=red|orange|yellow|green|blue| indigo|violet

Once this definition has been made, we may infer thatColoursis the smallest set containing the seven distinct elementsred,orange,yellow,green,blue,indigo, andviolet. The order in which these elements are introduced is unimportant:

the definition

Colours::=violet |indigo|blue|green|yellow|orange|red would have the same effect.

Example 10.1 The people in charge of Oxford colleges are given a variety of titles. We may represent this variety as a free type:

Titles::=dean|master |president|principal| provost |rector|warden

From this definition we can conclude that ‘dean’ and ‘warden’ are elements of the setTitlesand thatdean≠warden. A dean and a warden are quite different animals.

We may include copies of other sets as part of a free type, usingconstructor functions. The notation

FreeType::=constructor hhsourceii

introduces a collection of constants, one for each element of the set source.

constructor is an injective function whose target is the setFreeType.

Example 10.2 The University of Oxford awards a number of different degrees;

four of the most common are: BA, bachelor of arts; MSc, master of science;

D.Phil, doctor of philosophy; MA, master of arts. For ceremonial purposes, these degrees are ordered as follows: an MAis the highest ranking; a D.Phil takes second place, followed by anMScand aBA, in that order.

Suppose that we wish to represent this ordered collection of degrees as a free type. The ordering of elements is similar to the one imposed upon the first four natural numbers by the less-than-or-equal to relation. Importing these numbers into a free type, we define

Degree::=statushh0. .3ii

10.2/Free type definitions 137

and give names to the four elements of the setDegree:

ba,msc,dphil,ma:Degree ba =status0

msc =status1 dphil=status2 ma =status3

We are then free to define the University’s ordering of degrees in terms of the

≤ordering on0. .3:

≤status:Degree

↔

∀d1,d2:Degree•

d1≤status d2astatus^∼d1≤status^∼d2

Becausestatusis an injection, we can be sure that its inverse is a function, and hence thatstatus^∼d is well-defined.

Constants and constructor functions may be used together in the same definition, as in the following free type:

FreeType::=constant|constructorhhsourceii

What is more, the source type of a constructor function may refer to the free type being defined. The result is a recursive type definition:FreeTypeis defined in terms of itself.

Example 10.3 The set nat discussed in the previous section could be intro-duced by the following free type definition:

nat::=zero|succhhnatii

Every element ofnatis eitherzeroor the successor of a natural number,zero is not a successor, and every element ofnat has a unique successor. The set nat is the smallest set containing the following collection of distinct elements:

zero,succ zero,succ(succ zero),succ(succ(succ zero)), and so on.

Example 10.4 We may define a free type of binary trees, in which every element is either a leaf or a branching point.

Tree::=leaf hhNii|branchhhTree×Treeii

branch leaf( 3,leaf5)

leaf5

leaf9

leaf3

branch branch leaf( ( 3,leaf5),leaf9)

Figure 10.2A binary tree

Each leaf contains a number; each branching point joins a pair of sub-trees. For example, one element ofTreeis given by

branch(branch(leaf3,leaf 5),leaf 9)

in which three different leaves are joined together to form the structure pictured inFigure 10.2.

Example 10.5 The following definition introduces a more complex free type, in which every element is atree: a pair whose first component is a natural number and whose second component is a sequence oftrees.

SequenceTree::=treehhN×seqSequenceTreeii

This is a particularly involved data structure, a typical element of which is shown below:

(1,h(2,hi), (3,hi), (4,h(2,hi)i)i)

10.2/Free type definitions 139 Suppose thatE1,E2, …,Enare expressions that may depend on setT, and thatc1,c2, …,cmare constant expressions. The definition

T ::=c1|. . .|cm|d1hhE1ii|. . .|dnhhEnii

introduces a new basic typeT, with constant elementsc1, . . . ,cmand construc-tor functionsd1, . . . ,dn. The same effect could be achieved by introducingT as a basic type and making the following axiomatic definition:

c1:T ...

cm:T d1:E1

)

...

dn:En

)

disjointh{c1}, . . . ,{cm},rand1, . . . ,randni

∀S:PT •

({c1, . . . ,cm} ∪d1(|E1[S/T]|)∪. . .∪dn(|En[S/T]|))⊆S

⇒ S=T

Such a definition adds two inference rules to a specification. The first states that the constants are distinct and that the ranges are disjoint:

disjointh{c1}, . . . ,{cm},rand1, . . . ,randni

Example 10.6 In the case ofnat, we may infer that the constantzerois not the successor of any natural number,

disjointh{zero},ransucci

Example 10.7 From the definition of Tree, we may conclude that leaves and branches are different objects:

disjointhranleaf,ranbranchi

A tree may be either a leaf or a branch, but not both.

The second rule is an induction principle: it is essential to reasoning about the elements of a recursive type.

S⊆T {c1, . . . ,cm} ∪d1(|E1[S/T]|)∪. . .∪dn(|En[S/T]|)⊆S S=T

Any subset of T that contains all of the constants and is closed under the constructors must be the whole ofT. A setS is closed underd and E if the image ofE[S/T]underdis withinSitself.

Example 10.8 The free type definition ofnatcan be used to justify the follow-ing assertion:

∀s:Pnat•({zero} ∪succ(|s|)⊆s)⇒s=nat

Any subset ofnatwhich containszeroand is closed undersuccmust be equal tonatitself.