Algebraic Advances for Aliasing

Using algebraic structures and techniques alone we derive an intuitive result concerning updates to a system of aliases. Speci(cid:12)cally, we use the kernel relation of a map to characterise the system of aliases; we express the inverse image of map override as a new operation, called \ underride ", which we de(cid:12)ne; we provide an important theorem relating map composition, override and underride in a very natural way; and (cid:12)nally we identify another satisfying and insightful algebraic approach to the same problem based on algebraic properties of the solution space. We thereby illustrate our contention that this use of abstract algebra extends the mathematical foundations of software engineering, provides a conveniently high level at which to reason about models (shorter intuitive proofs) and promotes increased mathematical insight on the part of practitioners


Introduction
There is an enormous wealth of basic mathematics in formal speci cations just waiting to be discovered, a body of knowledge which m ust form the foundation of software engineering." Mac90 The VDM Jon90 and Z Spi92 notations have been used widely in the speci cation and development of software systems. These methods share a mathematical foundation of set theory and logic. However, it is possible to bring results from abstract algebra to bear in the development process, an option preferred by the Irish School of Constructive Mathematics M | C , of which the Irish School of the VDM VDM | is a part. This school uses a classical engineering style of proof, in which equals are substituted for equals GS93 . The principal contributions of this paper are the development of some new algebraic results concerning map composition, override, and a new operation, underride". The setting used for these developments is a model of aliasing. Speci cally, we use the kernel relation of a map to characterise the system of aliases; we express the inverse image of map override as a new operation, called underride", which w e de ne; we provide an important theorem relating map composition , override y and underride y which expands the expression y y i n a v ery natural way; using only algebra we prove the intuitive result that any modi cation to a system of aliases must be at the granularity of collections of aliases, and nally we identify another algebraic approach to the same problem based on algebraic properties of the solution space and suggest that it leads to a more elegant and satisfying understanding of the problem.
Our intention is to highlight the mathematics, not introduce yet another syntactic extension. We believe this mathematics could be expressed in most of the popular notations such a s Z or VDM-SL. In addition, we believe our preference for using further mathematics o ers several advantages: the mathematical foundations of the engineering discipline are extended to another useful branch o f discrete mathematics; the mathematics is at a higher level than logic and set theory, o ering the developer more powerful mathematical tools shorter proofs; the matching of the mathematics to the model" referred to above o ers two more subtle advantages: the model is nearer the focus of attention than with the lower level mathematics so easing the transitions between model and mathematics; and an innate awareness of more abstract mathematics is promoted, raising the practitioner's awareness of the mathematical nature of common models and hence of possible defects in the corresponding artifacts.
In this paper we illustrate these claims by presenting some recent w ork. An intuitively obvious property of a system of aliases is derived algebraically. We capture the relationship between aliases using the kernel relation of a map, and then proceed to derive algebraically how the system may be changed so as to preserve the alias relationships. Some useful algebraic results involving map composition, override and a new operation, underride", are developed along the way. Section 2 introduces our notation, and the problem is stated mathematically in Section 3. The algebraic structures used are presented in Section 4, while Section 6 develops a promising alternative approach. Finally, Section 7 discusses present and future work before concluding.

Notation
The M | C uses a characteristic notation Mac90 , Mac91 , Mac93 and proof style But93 , Hug95 . For readers unfamiliar with this style, we brie y introduce some notations and state some important de nitions.
In the M | C we begin by constructing a model in the problem domain and emphasise mathematical structures and the relationships between them. Starting with fundamental domains which are not described in further detail, structures are built using functors.
The powerset functor, P , , is used to construct sets , is just an argument place-holder: PA denotes the space of sets of elements from domain A. The empty set is denoted by ;.
The map functor, , ! , , constructs maps: X!Y denotes the space of partial including total functions from X to Y . The identity map is denoted by I and the empty map by . We use exponentiation following Jac74 to denote the space of total functions: Y X denotes the space of all total mappings in X ! Y and fyg X indicates a constant total function which maps all elements of X to the value y. Where no ambiguity arises, we sometimes drop the brackets.
We use priming in the M | C to denote the absence of an obvious null element from a structure. Thus P 0 X denotes the space of sets of X with the empty set removed. Hence x 2 P 0 X means that x is some non-empty set of elements from X. Similarly, 2 X ! P 0 Y 0 states that is some non-empty function from X to non-empty sets from Y . It is also worth noting that we routinely view relations as set-valued functions.
For two functions f : X ! A and g : Y ! B we de ne a functor called a map iterator, written f ! g which can be applied to a map : X ! Y . The result is a map from A to B inheriting the associations of and constructed from it by applying f to elements of the domain of and applying g to corresponding elements of the range of . There are some restrictions on f: it must be one-to-one and total on the domain of . The structure we describe might also be written using composition: g f ,1 = f ! g . However we prefer the , ! , notation 1 as it pictorially represents the underlying construction.
The removal of a map 2 X ! Y with respect to a set S is denoted by S , . W e also use curried forms , S or , S especially in connection with the map iterator mentioned above. Thus, 0 = I ! , S represents the map with the set S systemtically removed from all its range elements.
In a similar manner we denote restriction of map with respect to a set S by the forms S , S or S . Thus dom denotes restricted to the domain of .
The characteristic function, denoted by the curried form , , tests a set for membership with respect to a particular element.
A Monoid, denoted X; ; , is an algebraic structure consisting of a base set, X, and a binary operator, , for which there exists a unique identity element, . The base set X, m ust be closed under which m ust also be associative. The monoid structure is proving increasingly useful in computer science BW95 .
We use, , to denote relational union which can be expressed in terms of map override, y, and map extend, t, as follows: x 7 ! y = t x 7 ! y : x y x 7 ! x y otherwise This operation is more fully de ned using the algebraic structure of a direct power see Appendix B. We have established by somewhat tedious inductive arguments Hug96 that the two de nitions are equivalent. Additional results used in the paper are given in the text.
Our proof style is equational, following Gries GS93 , where equals are substituted for equals. Each substitution is justi ed in a comment or hint following the equals sign between the expressions.

Introducing the Abstract Model
The setting for this study is a two-map model: Env = Names ! Locations Store = Locations ! Contents: Env is a space of nite maps from names Names to locations Locations and Store is another map from locations to their contents, Contents. In the context of the World Wide Web, Names might be the space of hypertext links i.e. clickable text and embedded URL and Locations the space of URLs. Contents might denote the space of possible HTML le contents. In this case, Env is just a simple projection function. A more interesting model arises if Names is the space of e-mail addresses. Maps in Env might then represent the interests of various individuals represented by e-mail addresses in various web pages referenced by URL. By manipulation of elements of Env one might construct mailing lists to support discussion, notify of changes or survey interested parties. We do not pursue the model further since aliasing is the focus of this paper. However, we note in passing, that this model is found in other areas of computing: If the triple Names; Locations; Contents is replaced by Identi ers; Locations; Values we have the classical model of an imperative programming language BJ82 . If the replacement i s Filenames; INodes; Data w e h a v e a UNIX-like lesystem BJ82 . It is often useful to group together all the names referring to the same location of interest. In the web models outlined above, one might wish to change all hypertext links at a particular site or page when the URL to which they refer 2 changes i.e. the referenced web page moves. Where Names refers to e-mail addresses, one might wish to notify interested parties of an editorial change 3 , o r o f a c hange in location. In all the cases above, a collection of aliases is being constructed, the term being borrowed from the classical 2 A more comprehensive list of referring pages can be generated by the AltaVista search engine see use of the link: eld in the Advanced search help pages on http: www.altavista.digital.com. models above. Note in the case of the web model, that aliasing can also arise in Store where, by virtual hosting 4 , di erent URLs can refer to the same physical web page.
It is quite simple to generate the set of referring names in our model. If 2 Env, then simply form its inverse image, ,1 , and compose with as the following example shows: = 2 4 n 1 7 ! l 1 n 2 7 ! l 1 n 3 7 ! l 2 3 5 ,1 = l 1 7 ! fn 1 ; n 2 g l 2 7 ! fn 3 g ,1 = 2 4 n 1 7 ! fn 1 ; n 2 g n 2 7 ! fn 1 ; n 2 g n 3 7 ! fn 3 g 3 5 For this purpose, we de ne an operator, : Env ! Names ! P 0 Names, on environments which yields a new map, linking each name to the set of names also referring to the same web object: 4 ,1 1 where ,1 denotes inverse image and denotes composition of maps. The inverse image of a map is easily constructed by mapping each element of the range to the set of domain elements which map to it in the map itself. In this case, rng and dom ,1 coincide so that map composition is easily constructed. For brevity in the presentation we s a y that maps each name in to the set of its aliases.
E ectively, partitions Names into equivalence classes based on . Thus, is the kernel relation of see Gol84 , page 66. Now suppose we alter the environment, , b y o v erriding it with another small map, , representing a change to the environment. The altered environment i s y , where y represents map override. We name this alteration by the operator : Env ! Env 4 y 2 We are concerned with identifying which transformations, , leave the pattern of aliases unchanged, i.e. which leave unchanged: = 3 Our task is then to solve this equation for | to discover the alias-preserving transformations. We note, in passing, the similarity of this equation to distance-preserving transformations in vector spaces: jjxjj = jjTxjj 4 4 Algebraic Structures Used We n o w outline the algebra used to solve Equation 3 above. The de nitions of and may be immediately applied: = husing equation 2i y = husing equation 1i y ,1 y We will now examine how i n v erse image interacts with override in y ,1 . We replace this expression by its equivalent in the inverse space using a new operation, underride" de ned below, see Equation 5 and Theorem 1. In what follows, X ! Y ,1 denotes the space of inverse image maps.
De nition 1 Given ; 2 X ! Y ,1 , de ne y 4 I ! , = rng 0 5 In this equation, , =rng , which appears as the second component of a map iterator, denotes set removal with respect to the accumulated elements of the range of . The priming denotes removal of any maplets of the form y 7 ! ; and denotes relational union. An illustrative example of this operator appears after the following isomorphism theorem.
De nition 2 If 2 X ! Y and 2 Y ! Z then 4 I ! . dom 8 This expression rst restricts the range of to dom before applying to all range elements via the iterator. The interaction of composition with override and underride is expanded by Theorem 2 below. Theorem 2 If ; 2 X ! Y and ; 2 Z ! Y ,1 , then y y = I ! , = rng 0 , dom I ! , = rng 0 , dom 9 This equation is somewhat reminiscent if one ignores the map iterators and miscellaneous removals of the arithmetic identity: u + va + b = ua + ub + va+vb Two lemmas are required to prove Hug97 the theorem. The rst relates composition and underride, the second composition and override.

Towards a Solution
We continue our search for a solution by applying the operator, R , to both sides, knowing that R is idempotent since it involves removal. R = hby distribution of R over i R R F R R ,1 R F ,1 R = hby idempotency of R i R F R ,1 R F ,1 R = h R = I ! , dom 0 = | removal from a map of its entire domaini R F R ,1 R F ,1 = hby commutativity of operators R and F i R F R ,1 F R ,1 = h I ! , dom 0 ,1 = since all range elements are systematically reduced to ; by R and then removed.i R F R ,1 We n o w make a simplifying assumption: that the ranges of and are disjoint. This is quite reasonable in the WWW system being modelled since when a web page is moved, it is usually given a new URL and then the ranges of and will be disjoint. We note that the case where locations to which a set of aliases might refer are simply swapped is not covered in the latter case the alias structure will be preserved. In order for the e ects on of the operators R and F to be the same, must act on entire equivalence classes in . There can be no acting on part of an equivalence class as such actions would violate equation 20. Thus the domain of can be expressed as the union of some of 's equivalence classes: dom = n 1 : : : n m where n 1 : : : n m 2 rng . Furthermore, , like m ust, by the kernel relation argument presented earlier, also be a class function. Therefore we can write it too as a sequence of map extensions: = f n 1 g n 1 t : : : t f n m g n m 22 where f n 1 g : : : f n m g are some equivalence classes in . Thus is also constant o v er entire equivalence classes.
At last we can characterise . = fl 1 g n1 t : : : t f l m g n m 23 where l i 2 Locations, that is, is constant on those equivalence classes, n i 2 rng which appear in dom .
In addition, the constant v alues, l i , are unique locations di erent from the locations in the environment .
The practical implication of the solution derived algebraically above is a familiar result. Any updates, to a system of aliases must, in order to leave the pattern of aliases unchanged, operate upon entire alias classes.
We n o w present a useful result concerning the solution space, inspired a little by the distance-preserving equation from vector spaces see equation 4. The intuition here is to see if 1 y 2 is a solution, given that 1 and 2 are both solutions. The latter facts give us, via equations 14, 16 and 17: = y 1 = R 1 F 1 1 24 = y 2 = R 2 F 2 2 25 Our demonstration proceeds as follows: = hreplacing in 24 from 25i R 1 F 1 R 2 F 2 2 1 = hby distribution of operators F and R over i R 1 F 1 R 2 F 2 R 1 F 1 2 1 = hcommutativity of operatorsi R 1 R 2 F 1 F 2 R 1 F 1 2 1 = hby de nition of 2 y 1 via 24i R 1 R 2 F 1 F 2 2 y 1 = hby R 1 R 2 = R 2y1 and similarly for Fi R 2 y 1 F 2 y 1 2 y 1 = hby 24 with 2 y 1 replacing 1 i y 2 y 1 This result implies that the solution space of = y , which we denote by A , is closed under override. Since y is associative and has a unique identity, , we can say that A ; y; is a monoid. We strongly suspect that if the update to were expressed as a map composition, a group structure would exist in the solution space. Inverses could be found using inverse maps. The alternative update expression is de ned by: Proposition 1 If 2 X ! Y , 2 Y ! Z and is one-to-one, then ,1 = ,1 ,1 where ,1 denotes the inverse image of the map and ,1 denotes the inverse map of . In this paper we have used aspects of abstract algebra to construct a model of a system of aliases. In the process we uncovered some important results concerning composition, override and a new operation underride" for maps. Our mathematics has followed the classical engineering style of substituting equals for equals. Speci cally, we h a v e used the kernel relation of a map to characterise alias relationships; we h a v e discovered the inverse image of override and in the process de ned a new operation, underride" for maps; we h a v e developed an important theorem relating composition, override and underride which expands the expression, y y , in a natural way; we h a v e proved a well-known result about updates to a system of aliases in a purely algebraic way, and nally we have discovered strong hints about possible further algebraic structure a group in the solution space. This lead us to re-formulate the problem and more easily derive a more elegant and satisfying solution.
Some aspects of our presentation deserve further discussion however. We assumed that rng rng = ; in order to simplify the equation to be solved. We i n tend to explore the other cases as well. As suggested in the text, work with the composition alternative suggests that some similar reductions may be found. We w ould also like to improve the nal steps in our derivation of a solution | a more methodical and algebraic approach w ould be preferable.
An interesting occurrence was the equivalence of the operators R and F when applied to some structures. What other structures will exhibit similar properties?
Based on the group structure of permutations, we should explore whether the solution space, A , also has a group structure. What is the group operation in this case? What morphisms exist between A and permutations? Are there some sub-groups of permutations isomorphic to A ?
Another area is of course to seek further computing applications for this algebra. A novel feature of the work reported here has been our preference for seeking all transformations which preserve a structure, whereas the traditional approach has been to suggest candidate transformations and then investigate whether they preserve the structure. If the response is negative, then side or preconditions are sought and imposed.
We believe that we have illustrated our claim that use of results from abstract algebra extends the mathematical basis of software engineering, provides a convenient and usefully high level view of the system under study and promotes increased mathematical maturity among practitioners leading to improved quality of the nished artifact.
If presented with the following alternatives: the use of a little abstract algebra allowing us to produce short, insightful proofs in developing a software system or the use of some automated tools based on set theory and logic that draw us continually away from our model, we know what our choice will be. De nition of override in terms of extend. = y ,1 2 X ! Y ,1

A.2 Associativity
If ; 2 X ! Y ,1 then the proof of closure show that y = y , 1 for some ; 2 X ! Y where = ,1 and = ,1 : This property is used to show that underride is associative. We wish to show for ; ; 2 X ! Y ,1 that y y = y y : y y By property where ; 2 X ! Y such that = ,1 and = ,1 . = y ,1 y By above property where 2 X ! Y such that = ,1 . = y y ,1 Override is associative. The theorem and lemmas below provide an alternative de nition of relational union. The latter is a common example of an indexed operation in our work Theorem 3 Let M;; u denote an arbitrary monoid, with unit u, and M 0 ; the corresponding semigroup, i.e., with M 0 = , u M. Then for a space X, the structure X !M 0 ; ; is an indexed monoid which inherits its operator properties from M;; u , where for in X ! M 0 , x 7 ! m = t x 7 ! m ; if: x y x 7 ! x m ; otherwise The monoid of bags X ! N 0 ; ; is the monoid of natural numbers N;+;0 indexed with respect to X. The monoid of relations X ! P 0 Y ; ; is the monoid of sets PY ; ;; indexed with respect to X. The monoid of catalogues X ! Y ! Z 0 ; y ; is the monoid of maps Y ! Z;y; indexed with respect to X. In fact, where the base operation, , is commutative so is the indexed version see Hug96 . Lemma 5 Let M;; u denote a monoid, with unit u. Then for a space X, let M X denote the set of all total mappings from X to M, and let u X denote the constant mapping from X to the unit u. For f;g2M X de ne, f gx = f x g x for all x 2 X, then M X ; ; u X is a monoid, called the X-direct power of M. This is taken from Jac74 .
The indexed monoid binary operation is rede ned using the X-direct power binary operation. For mapping ; 2 X ! M 0 de ne, = u X y u X y 0 where the priming denotes the removal of entries of the form x 7 ! u and u X denotes the constant mapping from X to u. Lemma 6 For an arbitrary monoid M;; u and a space X, the indexed monoid X ! M 0 ; ; is isomorphic to the X-direct power monoid M X ; ; u X .
The isomorphism is override on the left by the constant mapping from X to u, u X y : X ! M 0 ; ; , ! M X ; ; u X : The inverse map which removes entries over the unit u is an isomorphism also, 0 : M X ; ; u X , ! X ! M 0 ; ; : Using somewhat tedious inductive arguments, we h a v e established the equivalence of the de nition given in Section 2 and repeated at the start of this Appendix to the X-direct power de nition above Hug96 .  Lemma 10 If S 2 P Y and ; 2 X ! Y , then . S y = , dom . S t . S : Proof . S y = hIf S 2 P Y and 2 X ! Y then . S = ,1 S .i y ,1 S y = hRestriction w.r.t. a set is an endomorphism of the monoid of maps.i y ,1 S y y ,1 S = hIf ; 2 X ! Y and S 2 P Y then y ,1 S = , dom ,1 S ,1 S.i , dom ,1 S ,1 S y , dom ,1 S ,1 S = hIf S 2 P X and 2 X ! Y then de ne S = S .i , dom ,1 S ,1 S y , dom ,1 S ,1 S = hAs restriction w.r.t. a map is a homomorphism form a monoid of sets under union PX; ;; to a monoid of maps under glueing PX; ; .i , dom ,1 S ,1 S y , dom ,1 S ,1 S = hIf S 2 P X and 2 X ! Y then , S = , S .i , dom ,1 S ,1 S y , dom ,1 S ,1 S = hAs S = S .i , dom ,1 S ,1 S y , dom ,1 S ,1 S = hIf S; R 2 P X then , S R = R , S .i , dom ,1 S ,1 S y ,1 S , dom ,1 S = hAs , dom = .i , dom ,1 S ,1 S y ,1 S = hNull map is an identity for glueing.i , dom ,1 S ,1 S y ,1 S = hIf S 2 P X and ; 2 S X ! Y also if 2 X ! Y then y = y y .i , dom ,1 S y ,1 S ,1 S y ,1 S = hIf ; 2 X ! Y and S dom then S y S = S .i , dom ,1 S y ,1 S ,1 S = hIf 2 X ! Y then = .i , dom ,1 S y ,1 S = hAs . S = ,1 S .i , dom . S y . S

D.2 Composition & Override
Lemma 2 If ; 2 X ! Y and 2 X ! Y , then y = , dom t : Proof y = hDe nition of composition.i I ! . dom y = hApplying lemma 10.i I ! , dom . dom t . dom = hAs a map iterator distributes over extend.i I ! , dom . dom t I ! . dom = hAs a map iterator commutes with a domain removal.i , dom I ! . dom t I ! . dom = hDe nition of composition.i , dom t