# Re: [ProofPower] Scope of variables in Z declaration

On Friday 20 Apr 2012 13:36, Steve King wrote:
> For interest, my recollection is that the Standard's
> definition of variable scope was based on:
> - the idea of a *set* of a declarations: decl1; decl2
> should have 'the same effect' as decl2; decl1.

This is in "Understanding Z" though its not clear why this
is thought to be desirable (though of course, if you call it
a "set" of declarations you have already taken a step in
that direction).

It may be noted that this does not provide a basis for
chosing between the scope rules in the standard and those
adopted in ProofPower, since they both have this
characteristic.

> The other thing to remember is that the Standard does not
> include a logic: there was no agreement at the time (or
> now!). So effects of decision decisions on proof
> couldn't be easily seen.

This was something which I advocated at the very beginning
of the standardisation process (I attended the meetings for
a while, maybe a year, and then Rob Arthan took over
representing ICL on the panel).
expected that any attempt to promulgate a standard logic
would be unlikely to fall in line with the ICL
implememtation.
And of course, the semantics suffices to determine which
deductive systems are sound, and that should be good enough.

If I'm not mistaken you were present at ICL Winnersh when I
gave my first presentation on the way in which proof in Z
would work in our tool, (using conversions which delivered
extensional characterisations of the various set denoting
expressions), and that you pointed out an error in my
presentation.
I'm guessing that Z standardisation had not yet started at
that point.

I also advocated a loose semantics for partiality since
tradition (I believe) that Z should be understood in two-
valued first order logic, and this was in our opinion bad
news for proof (by allowing that terms sometimes failed to
have a value).
This is bad news for proof since it makes many
transformations which would otherwise be unconditional
conditional on whether the terms involved denote.

However, I don't recall discussions of scope rules, in which
specfication (probably with less success).

I don't know to what extent these attempts to make the
standard "loose" could have rescued ProofPower Z from non-
compliance, since we would still have been able to prove
things which were not definitely true under the standard
semantics.

> The case where I really regret the scope rules is where
> you need to model a set-valued variable, together with a
> particular element of the set. Instead of saying
> xs: P X; x: xs, you have to say xs: P X; x: X | x \in xs
> More long-winded and harder to understand!

Yes this is an example of the benign uses of the variables
in the declaration of names in the signature which I
referred to.

Rob was rather definite in his rejection of my "prohibition"
interpretation (of Spivey) without saying why.

I think this is correct insofar as "Understanding Z" is
concerned.  However, Spivey does not seem to me to have been
consistent between "Understanding Z" and the ZRM.
In my early analysis of the treatment of partiality in Z I
had a table with four columns in it "Blue book" "Red book",
"previous info" and "ICL HOL/Z", and various aspects of the
treatment of partiality on each row.
No two colums were the same.

As far as the scope issue is concerned it is probably more
accurate to say that it was clear to me that the mapping
into HOL would be simpler and the resulting proof more
straightforward if the scope includes the declaration.
In that case we have in effect that the occurrences of names
on the left of colon's are both binding occurrences and
bound occurrences (in the implicit predicate).
If the scope excludes the declaration neither of these
change but we then find that occurrences on the right are
free, so in the same textual context the same name may
appear as a binding occurrence, a bound occurrence and as
free variables.

The variable binding constructs were one of the special
challenges in devising a mapping from Z into HOL and
I would certainly not have been keen to make the problem
even more difficult for the sake of a scope rule which seemed

By way of further mitigation I note that in the ZRM Spivey
is not as explicit about the consequences of this rule as he
perhaps should have been, and his slightly fudges the issue
leaving open the "prohibition" interpretation.
This option can be understood in terms of scope rules as
arising from making a large hole in the out scope than the
inner scope, and Spivey's words taken literally do indeed
have this effect, since he says:

"the whole of the inner quantification is a hole in the
scope of the variable x introduced by the outer
quantifier"

from which we may infer that occurrences of x in the
declaration are in neither the outer nor the inner scope.

If he really meant it then he had diverged from
"understanding Z", but I believe he did so on other points
(though I can't remember what they were).

For Phil, on the differences between the two editions of ZRM,
I have not noticed any material differences in this part
(section 2.3.1).

Roger Jones

_______________________________________________
Proofpower mailing list
Proofpower@lemma-one.com
http://lemma-one.com/mailman/listinfo/proofpower_lemma-one.com