Scholarly article on topic 'Reflection and Strategies in Rewriting Logic1 1Supported by Office of Naval Research Contracts N00014-95-C-0225 and N00014-96-C-0114, National Science Foundation Grant CCR-9224005, and by the Information Technology Promotion Agency, Japan, as a part of the Industrial Science and Technology Frontier Program “New Models for Software Architecture” sponsored by NEDO (New Energy and Industrial Technology Development Organization).'

Reflection and Strategies in Rewriting Logic1 1Supported by Office of Naval Research Contracts N00014-95-C-0225 and N00014-96-C-0114, National Science Foundation Grant CCR-9224005, and by the Information Technology Promotion Agency, Japan, as a part of the Industrial Science and Technology Frontier Program “New Models for Software Architecture” sponsored by NEDO (New Energy and Industrial Technology Development Organization). Academic research paper on "Computer and information sciences"

CC BY-NC-ND
0
0
Share paper
Keywords
{}

Abstract of research paper on Computer and information sciences, author of scientific article — Manuel Clavel, José Mes eguer

Abstract After giving general metalogical axioms characterizing reflection in general logics in terms of the notion of a universal theory, this paper specifies a finitely presented universal theory for rewriting logic and gives a detailed proof of the claim made in [5] that rewriting logic is reflective. The paper also gives general axioms for the notion of a strategy language internal to a given logic. Exploiting the fact that rewriting logic is reflexive, a general method for defining internal strategy languages for it and proving their correctness is proposed and is illustrated with an example. The Maude language has been used as an experimental vehicle for the exploration of these techniques. They seem quite promising for applications such as metaprogramming and module composition, logical framework representations, development of formal programming and proving environments, supercompilation, and formal verification of strategies.

Academic research paper on topic "Reflection and Strategies in Rewriting Logic1 1Supported by Office of Naval Research Contracts N00014-95-C-0225 and N00014-96-C-0114, National Science Foundation Grant CCR-9224005, and by the Information Technology Promotion Agency, Japan, as a part of the Industrial Science and Technology Frontier Program “New Models for Software Architecture” sponsored by NEDO (New Energy and Industrial Technology Development Organization)."

Electronic Notes in Theoretical Computer Science 4 (1996)

Reflection and Strategies in Rewriting Logic1

Manuel Clavel and José Meseguer

Computer Science Laboratory

SRI International Menlo Park, G A 94025, USA {clavel, meseguer} @csl. sri.com

Abstract

After giving general metalogical axioms characterizing reflection in general logics in terms of the notion of a universal theory, this paper specifies a finitely presented universal theory for rewriting logic and gives a detailed proof of the claim made in [5] that rewriting logic is reflective. The paper also gives general axioms for the notion of a strategy language internal to a given logic. Exploiting the fact that rewriting logic is reflexive, a general method for defining internal strategy languages for it and proving their correctness is proposed and is illustrated with an example. The Maude language has been used as an experimental vehicle for the exploration of these techniques. They seem quite promising for applications such as metaprogramming and module composition, logical framework representations, development of formal programming and proving environments, supercompilation, and formal verification of strategies.

1 Introduction

Reflection is a very desirable property of computational systems, because a reflective system can access its own metalevel and can in this way be much more powerful, flexible, and adaptable than a nonrefleetive one. Many researchers have recognized the great importance and usefulness of reflection in programming languages [27,26,29,28,12,9,17], in theorem-proving [30,3,24,10,1,16,7,8], in concurrent and distributed computation [15,22,23], and in many other areas such as compilation, programming environments, operating systems, fault-tolerance, and databases (see [25,11] for recent snapshots of research in reflection).

1 Supported by Office of Naval Research Contracts N00014-95-C-0225 and N00014-96-C-0114, National Science Foundation Grant CCR-9224005, and by the Information Technology-Promotion Agency, Japan, as a part of the Industrial Science and Technology Frontier Program "New Models for Software Architecture" sponsored by NEDO (New Energy and Industrial Technology Development Organization).

© 1996 Elsevier Science B. V.

The goal of this paper is to prove in detail the claim made in [5], namely, that rewriting logic is reflective. We then use this fact to provide semantic foundations for internal strategy languages in rewriting logic, that is, languages that control the computations of rewrite theories but that are themselves definable within rewriting logic.

Since the field of reflection has a wealth of important examples but a dearth of general, formalism-independent, semantic foundations, the notion of "reflective logic" typically is not defined formally but is instead illustrated by example. Under such circumstances, a mathematical proof of our claim is not even a meaningful concept. Therefore, we must first make precise what we mean by a "reflective logic," as an essential prerequisite to the statement and proof of our claim. For this purpose we summarize in Section 2 the metalogical axioms of reflection based on the theorv of general logics that we proposed in [5].

The key idea is that a class C of theories in a logic is reflective if we can find inside the class a universal theory U that can simulate all other theories in the class in the sense that there is a function, called a representation function,

(_h _) : \J{T}x sen(T) —► sen(U)

such that for each T e C, (p E sen(T),

T ^ u\-TFlp.

For rewriting logic the class C of interest is that of all finitely presentable theories, that is, theories with a finite signature and a finite set of axioms. We construct a finitely presentable rewrite theory U and prove the above equivalence.

The correctness of U can then be used to provide semantic foundations for another topic of great importance in rewriting logic, namely strategies that can be used to control the rewriting process. Since the rules in rewrite theory need not be Church-Eosser and may not terminate, the need for controlling the rewrites is much stronger than for functional programs. The great opportunity offered by reflection is to make such strategies internal to rewriting logic. This means that strategies can themselves be defined by rewrite rules, and can be reasoned about inside the logic.

Again, to make this concept precise not just for rewriting logic but for a logic in general, in Section 4 we give a somewhat simpler version of the general, formalism-independent, notion of strategy already proposed in [5]. Basically, an internal strategy language is a theory-transforming function S that sends each theory T to another theory S(T) whose deductions simulate controlled deductions of T. In Section 5 we discuss reflection in rewriting logic and give a general method for defining internal strategy languages in a sound and extensible manner. These ideas have been applied to Maude, that is an explicitly reflective rewriting logic language [4],

In the concluding remarks we discuss several promising application areas that reflection and internal strategies open up for rewriting logic languages,

2 Reflection in General Logics

We give here a brief summary of the notion of a universal theory in a logic and of a reflective entailment system introduced in [5], These notions axiomatize reflective logics within the theory of general logics [20], We focus here on the simplest case, namely entailment systems. However, reflection at the proof calculus level—where not only sentences, but also proofs are reflected—is also very useful; the adequate definitions for that case are also in [5].

For our present purposes it will be the notions of syntax, of entailment system proposed in [20] that play a crucial role. We present below in summarized form the axioms characterizing these notions. The axioms use the language of category theory, but do not require any acquaintance with categories beyond the basic notions of category, functor, and natural transformation,

2.1 Syntax

Syntax can typically be given by a signature £ providing a grammar on which to build sentences. For first order logic, a typical signature consists of a list of function symbols and a list of predicate symbols, each with a prescribed number of arguments, which are used to build up the usual sentences. It is enough to assume that for each logic there is a category Sign of possible signatures for it, and a functor sen assigning to each signature £ the set sen(E) of all its sentences. We call the pair (Sign, sen) a syntax.

2.2 Entailment systems

For a given signature £ in Sign, entailment (also called provability) of a sentence 99 e sen(E) from a set of axioms T C sen(E) is a relation r b 99 which holds if and only if we can prove 99 from the axioms T using the rules of the logic. We make this relation relative to a signature.

In what follows, \C\ denotes the collection of objects of a category C.

Definition 2.1 [20] An entailment system is a triple £ = (Sign, sen, b) such that

• (Sign, sen) is a syntax,

• b is a function associating to each £ e |Sign| a binary relation bs C V(sen(Tl)) x sen(E) called £-entailment such that the following properties are satisfied:

(1) reflexivity. for any (p e sen(E), {99} bs 99,

(2) monotonicity. if I' K: r~ and r'DT then T' bs 99,

(3) transitivity, if T bs for all i e /, and T U | i e 1} bs i/j, then

(4) b-translation: if T bs 99, then for any H : E —in Sign we have sen{H){r) bs' sen(H)((p). □

Definition 2.2 [20] Given an entailment system £, its category Th of theories has as objects pairs T = (E, T) with E a signature and T C sen(E), A theory

morphism H : (E, T) —(E', T') is a signature morphism H : E —E' such that if r" e F. then V hS/ sen(H)(ip).

A theory morphism H : (E,T) —> (E',r') is called axiom-preserving if it satisfies the condition that sen(H)(T) C T'. This defines a subcategory Th0 with the same objects as Th but with morphisms restricted to be axiom-preserving theory morphisms, □

Note that we can extend the functor sen to a functor on theories by taking sen(£,r) = sen(E), Note that we have also a functor thm : Th0 —> Set associating to each theory T = (E, T) the set thm(T) = {cp E sen(E) | T hs cp} of its theorems,

2.3 Universal theories and reflective entailment systems

A reflective logic is a logic in which important aspects of its metatheorv can be represented at the object level in a consistent way, so that the object-level representation correctly simulates the relevant metatheoretic aspects. Two obvious metatheoretic notions that can be so reflected are theories and the entailment relation K This leads us to the notion of a universal theory. However, universality may not be absolute, but only relative to a class C of representable theories. Typically, for a theory to be representable at the object level, it must have a finitarv description in some way—say, being recursively enumerable—so that it can be represented as a piece of language.

Definition 2.3 Given an entailment system £ and a set of theories C C |Th|, a theory U is C-universal if there is a function, called a representation function,

(_h _) : \J{T}x sen(T) —► sen(U)

such that for each T e C, (p E sen(T),

T ^ UhTV^. If, in addition, U EC, then the entailment system £ is called C-reflective. □

Note that in a reflective entailment system, since U itself is representable, representation can be iterated, so that we immediately have a "reflective tower"

Thtp ^ UhTT^ ^ UhUhTh^ ... 3 Reflection in Rewriting Logic

In this section we give the rules of deduction for rewriting logic, define a universal theory for a class of finitely presentable rewrite theories, and prove the correctness of such a theory, establishing that indeed it satisfies all the formal requirements that we have stated for a reflective logic in Definition 2,3,

3.1 Rewriting logic

A signature in rewriting logic is a pair (E, E) formed by a ranked alphabet E of function symbols and a set E of E-equations, Given a signature (E, E),

sentences of the logic are sequents of the form —y where [i] and [t1] are E-equivalence classes of terms, A theory in this logic, called a rewrite theory, is a triple2 T = (E,E,R) with (T,,E) a signature, and R a set of sequents called the rewrite rules of T.

Given a rewrite theory T, we say that T entails a sequent [i] —y [t1], and write T b [i] —y [t1], iff [i] —y [t'] can be obtained by finite application of the following rules of deduction. To indicate that {aii,,,, ,xn} is the set of variables occurring in either t or t', we write t(xi,,,,, xn) —Y t'{xi,,,,, xn)\ also t(w/x) denotes the simultaneous substitution of Wi for xjt in t.

(1) Reflexivity, For each [i] G '/vj. (A').

(2) Congruence, For each / G n G IN,

[ii]—■■■ [t.

(3) Replacement, For each rewrite rule t(xi,... ,xn) —Y t'(xi, T,

[t(w/x)] —y [t'(w'/x)]

(4) Transitivity,

[il] —► N [Í2

x„ m

[il] [ts]

Lemma 3.1 Given a theory (E,E,R), t, t' G Ts,

(E, E, R) b [t]E [t']E ^ (S, 0, R U E U E) b t t', iwhere, by definition, E= {t\ —Y t2 \ t\ = t2 G E}, E= {t2 —Y t\ \ t\ = t2 G E}.

3.2 A universal theory for rewriting logic

In this section we introduce a theory U and a representation function (_ b _) for encoding pairs consisting of a rewrite theory T in C and a sentence in it as sentences in U, for C the class of unconditional and unsorted finitely presentable rewrite theories—that is, theories whose ranked alphabet, and set of rules are all finite.

Without any essential loss of generality we assume that the syntax of those theories is given by operators and variables that are strings of ASCII characters. We also assume that all such theories have standard parenthesized notation. However, to ease readability, in the particular case of the theory U, we will adopt some extra notational conventions.

Moreover, for the sake of simplicity, using Lemma 3,1 we will consider the equations in a theory T in C as bidirectional sequents,

2 In the standard treatment of rewriting logic, rules in a rewrite theory T have labels in a set L and are written I : t —Y t'. We omit labels in the present version to simplify the exposition. All that we say below has a straightforward extension to the labelled case.

We first introduce the ranked alphabet E^j of operation symbols of U and briefly explain how a representation function for U can be defined. Then, we give the set Ev of equations, and the set Rv of rules of U.

The operation symbols of E^j are as follows:

E0 = ASCII U { • , > }, where ASCII denotes the set of ASCII characters,

Ei = { op{_} , var{_} }

E2 = {_._, _[_] , _[-►_] , _[«-_] , , _/_,

, , (_, _) }

E5 = { _::(_,_,_,_) }

To ease readability we adopt the following notational convention: the occurrence of n underbar characters in an n-ary operator of Ev allows us to display the corresponding expressions with mix-fix syntax, adding parentheses when necessary. Thus, for the operator _ _ we write X Y instead of _ i—y -(X,Y). Also, we use in Ev some characters that are not strings of ASCII characters.

We next define a representation function (_ b _) for encoding pairs consisting of a finitely presentable rewrite theory T and a sentence in it as sentences in U,

(_ h _) : (J {T}xsen(T) —y sen(U)

The definition of (_ h _) is given in a top-down fashion. This will make

clear the intended meaning of most of the operation symbols of Ey. Note

that, to ease readability, we recursively define the representation of theories,

rules, terms, etc, using an overloaded function symbol (_),

• For / E C a finitely presentable rewrite theory, and t —y i! a sentence in T, (Thi —y t') = (T@ *[-►<]) —y (T@ * 7]).

• For T a rewrite theory (E, R) e C such that V is the finite set of variables appearing in the rules R, T = {V, R).

• For V a set of variables {vi,... ,vn}, V = W[;... for V an empty set, V = ■.

• For R a set of rewrite rules {ri,,,,, r„}, /t' = n":... :7v for It an empty set, R = -.

• For r a rewrite rule (t —y t'),T = (t =>■ t').

• For A a set of assignments (wi/xi,..., wn/xn), A = W[ xi],,,; w^ a^; for A an empty set, A = •.

• For t a term f(ti,... ,tn), f E E„, n > 0. 7 = op{/}|!7; ■ ■ ■ for t a term c, c E E0, t = op{c}[-]; and for I a term v, v E Var, t = var{i)}[-]. Note that we have assumed that all operators and variables are strings of ASCII characters,

• For a string of ASCII characters I = % a2 ... an, I = 0i.02.....an.

We next introduce the set Ey of equations,

^ 'I — ................ ^*^ ilj|

x; (y;z) = (x;y);z

Therefore, the operation symbol _' is declared associative with as its identity element.

We next introduce by groups the set />V of rules, and explain their intended meaning. As we shall prove later, U itself belongs to the class C of finitely presentable rewrite theories and with the representation function (_ b _) makes the entailment system of rewriting logic reflective. This means that U reifies the entailment relation, and that the operation symbols, equations, and rules of U can be seen as a specification in rewriting logic of its own rules of deduction, including the congruence and replacement rules. The reflexivitv and transitivity rules of deduction for a theory T e C are directly mirrored by the reflexivitv and transitivity rules of deduction for U.

Note that rewriting logic has also a proof calculus [21], By extending the definition of U along the lines of [14], so as to make explicit and reify the proofs built up by the deduction process, one can similarly exhibit a finitely presentable universal theory U' making the proof calculus of rewriting logic C-refleetive, as defined in [5],

To ease readability, variables in the rules appear in italics; this is shorthand notation for the convention that all variables are character strings beginning with a quote and having length at least two, so that no ambiguity may ever arise with the ASCII characters themselves, that are constants of E^j, We also introduce the notation t i—y t' to indicate a bidirectional rule, that is, a pair of rules t —y t' and t' —y t.

To reify the rule of congruence we will use contexts and (potential) re-dexes. In fact, our idea is to use contexts and redexes to combine the rules of congruence and replacement. As a result, a step of reified replacement will be taken in any subterm of a reified subject term. In particular, we use the ASCII character V and the operation symbol '_[—>• _]' in In rule 1 below we use these operation symbols to decompose a term t to be rewritten into a context and a potential redex. The intended meaning of rules 1 is to indicate the subterm t\ of t in which a step of rewriting will be attempted,

№u[-> p[l, q[k]-, I']] №u[-> p[l, *; /']] [-► <lM

To reify the rule of replacement we have first to reify the condition for its application. Given a rule ti(xi,..., xn) —Y t2(xi,..., xn), a replacement can be made in a term t iff i = ti(w/x). We use the rule 2 below to set aside a matching problem between the lefthand side of a rule and a potential redex. For that we have introduced in ^u the operation symbol :: (_, _, _,_)'. The first argument of :: (_,_,_,_)' is a pair formed by a rewrite theory and a term decomposed into a context and a potential redex, to which the matching problem is related; the second and third arguments are the lefthand side of a rule and the potential redex respectively. We will use the operation symbols '>' and _]' in ^u during the matching process of any two terms to simultaneously decompose both, in a similar way that V and '_[—>• _]' are used in rule 1, But in addition, '>' will divide the lists of subterms of any

terms being matched into a list of subterms already matched and a list of subterms that have to be matched. Note that rule 2 sets to empty the lists of subterms already matched of the lefthand side of the rule and the potential redex. The fourth argument consists of a pair built up with the operation symbol '-/-'■ The first element of this pair represents a set of assignments, and the second a set of variables. As we will see below, this argument is needed to handle the case of nonlinear lefthand sides in which a variable can have several occurrences. Note that rule 2 sets to empty the initial set of assignments, and sets the initial set of variables to the set of variables of the theory. Finally, the fifth argument is the righthand side of the selected rule. As we shall see below, this allows us to continue the reified replacement process without having to keep track of the rule that we have selected,

(v , r; (pi[h] => q); r')@u[^ p[l]] ^

(v , r;(pi[Zi] ^ q)-r')@u[^ p[l]] :: (>Hi>iMi]] , >[Hp[>;i]] , -/v , q)

The matching problem between any terms 7 and t\ will be handled by rules 3-7 below. As expected, they will try to come out with a set of assignments A, such that 7 substituted by A is equal to ti. The reified matching process can be seen as a recursive process trying to identify 7 and t\ while keeping track of their differences in A. In particular, the rules 3 and 6 indicate that any terms with the same top operator will match only if all their subterms match, and the matching of these subterms will be attempted from left to right. To handle the case of non-linear lefthand sides, we use the pair A/V. The idea is to keep the set A of variables already assigned and the set V of variables not yet assigned disjoint from each other. Note that the initial set V is the set of variables in the theory. When in the reified matching process we reach the base case of matching a variable xi and a term 7, we consider two cases: rule 4 when x~ is in V, and rule 5 when x~ is in the set of variables in A, because x has already been encountered in another occurrence during the matching. We use the operation symbol _]' in ^u to indicate that a subterm has been sueeesfullv matched. Then, rule 7 simultaneously inserts the subterms successfully matched at the end of the corresponding list,

2::(u[M-op{s}[Z;>;pi[Zi];Z']] , op{s}[Z;>;p[Z];Z"]] , a/v , q)

z::(u[^op{s}[Z;>;Z']][^pi[>;Zi]] , op{s}[Z; >; Z"]]H P[>\ *]] > o,/v , q)

2::(u[M-var{a;}[i>;-]] , p[>; Z]] , a/(v, (var{a;}[-]); v') , q)

z :: p[l]] , u[^p[l]] , ((p[l] ^ var{x}[•]); a)/(v,v') , q)

z :: var{a;}[>; •]] , p[>; I]] , (o; (p[l] ^ var{a;}[-]); a')/v , q) ^

z :: p[l]] , u[^p[l]] , (o; (p[l] ^ var{a;}[-]); a')/v , q)

z::(u[M- op{s}[Z; >]] , op{s}[Z;>]] , a/v , q) ^

z::(u[^op{s}[Z]] , op{s}[l]]a/v , q)

2 ::(u[M-op{s}[Z; >;/']][<--p] , op{s}[Z; >; l"}}[^ p] , a/v , q) -A

z::(u[^-y op{s}[/;p; >;/']] , op{s}[/;p;>;/"]] , a/v , q)

A matching process is terminated using rule 8 below. Note that this rule can only be applied when the matching process has been succesful, that is, when, after a number of applications of the rules 3-7 a potential redex t has been made equal to the lefthand side of a rule ti, and A has become the set of assignments such that t\ substituted by A is equal to t.

z (»[^P] > > a/v , Pz[h]) :: (>hp2[>;l2]] , a)

An application of rule 8 changes the matching task into a replacement task. For that we have introduced in ^u the operation symbol '_::(_,_)'. The first argument of:: (_,_)' is a pair formed by a rewrite theory an a term decomposed into a context an a redex; the second argument is the righthand side i2 of a rule whose lefthand side has been succesfully matched with the redex; the third argument is the set A of assignments resulting from this matching process, A replacement task is carried out as a two-phase process: the first phase consists in applying the substitution A to i2, and the second consists in the actual replacement using the result of this substitution.

The application of the substitution A to the term i2 is performed by rules 912 below and follows the same recursive style as the matching process,

z::(u[^y op{s}[l-,i>-,q[h]-,l'}} , a) z :: op{s}[Z; >; l']][^y q[>] h}} , a)

z :: var{a;}[>; •]] , (a; (p ^ var{a;}[-]); o')) * : («[^ P] > (o; (P ^ var{a;}[-]); o'))

2 :: op{s}[l, >]] , a) 2 :: (u[<-* op{s}[Z]] , a)

z:: op{s}[/;>;/'][^p]] , a) ^ z :: op{s}[Z;p; >; /']] , a)

Finally, the actual replacement is handled in the expected way by rule 14 below,

t@u[^p] :: (>[W] , a) ^ t@u[-+ p'}

3.3 Correctness of the universal theory

In this section we prove that the representation function (_ b _) makes the theory U a C-universal theory, for C the class of unconditional and unsorted finitely presentable rewrite theories. We also assume that for any rule t —y t' in / e C. var(f) C var(i). Thus, the main result will be the following,

Theorem 3.2 For any theory T = (£, 0, R) e C, t, t' e Ts,

T b t —y t' ^ U b T b t —yt'.

This theorem will be proved by structural induction on rewriting logic proofs. Consider now the following rules of deduction:

2', S-Congruence For each / e n e IN,

/(ii,..., ti-1, ti, ti+1,... ,tn) /(ii, 3', S-Replacement For each rewrite rule t(xi,, T,

, ti—i, í¿, Í¿+1, . . . , in) ■ -^n) ^ i (-^1) ■ ■ ■ ; ^n)

t(wi/xi,..., wn/xn) —>• t'(wi/xi, . Lemma 3.3 Any sequent derivable by the rules 1-4, can be derived by the rules {1,2',3',4}.

Given a theory / e C. a rewrite i —Y i' is called a one-step rewrite if and only if it can be derived from T by finite application of the rules l-2'-3', with at least one application of the rule 3', We say that a term is irreducible if and only if there does not exit any one-step rewrite i —> t!. Finally, we say that a term /(ii,... ,tn) is only reducible at the top if and only if ti is irreducible for 1 < i < n.

Lemma 3.4 For any rule t(xi,,,,, xn) —Y t'{xi,,,,, xn) in U, and any substitution wi/xi,... ,wn/xn, such that Wi is irreducible for 1 < i < n, then t'{wi/xi,,,,, wn/xn) is only reducible at the top.

As a corollary we can state the following lemma,

Lemma 3.5 Any rewrite t —Y t' derivable in U by the rules 1-4, and such that t is only reducible at the top, can be derived in U by the rules {1,3', 4}.

In particular, any rewrite i —y t' derivable in U by the rules {1,3', 4} will be an instance of a path in the following automaton, where a label I in an arc indicates a s-replacement rewrite with rule I. From now on, the metavariable e (possibly primed and/or subindexed) ranks over the set of irreducible terms in Us.

-- et@ep --

13 et@ep :: {ep>,ep»,ev,eq)

et@ep :: {eq,ea)

In order to prove the direction (=£-) in Theorem 3,2 we prove first several technical lemmas.

For any terms eu, ev, we write eu y ev if and only if either eu = *, or eu = c], ev = e„'[—e], and eu> y ev>. Also, for any terms eu, ev such that

6« X7 1

ev if eu = *

ev> — eu> if ev = ev> [•<— e ] and eu = eu> [•<— e ],

Lemma 3.6 Given a rewrite t] —Y T@eu> [—t' ], then, for any term

ev such that eu y eP, there is a rewrite T@ev [—>• t] —Y T@ev> [—>• t'] such that

CLTbd .............. ~~~ .............. '

Proof. By Lemma 3,5, t]

rewrites of any of these forms,

(1) T@eu[^op{/}[fi; T@eu[ Y op{/}[ti;

(2) T@eM[^op{/}[iT; T@eu[ Y op{/}[ti;

ti—1) ti, ^¿+1)

ti-l, *j í¿+lj

ti-ii *; í¿+ij

ti—1-1 ti, ^¿+1)

T@eM/[^ i'], is a composition of n .;t„]],or

(3) T@eu[—Y t] 2;(3-7)^12r;13T@eM[^ 7],

where, from now on, +1 and — 1, indicate a s-replacement rewrite with rule 1 from left to right and from right to left, respectively; also, ";" indicates sequential composition of rewrites. It is easy to prove that given a rewrite T@eu[^ t] —Y T@eui [—f] of the form (1), (2) or (3), for any term ev such that i„ V'/•• there is a rewrite T@e„[—t] —Y T@ev>[—/'] such that eu> yev> and ev — eu = ev> — eu>. Then, applying transitivity n ^ 1 times we obtain the desired result, □

Lemma 3.7 For any theory T = (£, 0, R) in C, f E ti,...,tn E Ts, for any 1 < i < n, if there is a rewrite T@ * [—ti] —Y *[—¿¿], then there is a rewrite

T@*[^ op{/}[ti;...;ti_i;ti;ti+i; T@*[^ op{/}[iT;...

ti — 1) ti, Í¿+1;

Proof. The following is a rewrite in U

oP{/}[iT;... T©*[-»> op{/}[iT;... T©*[-»> op{/}[£;... T©*[-»> op{/}[£;...

i tn. J t-n .

J tn .

U-1; *; 1;,,,; tn ] ][—t ti-1; *; 1;,,,; tn ] ][—t'i t.

771 -1.

ti — l, ti, ij+l, . . . , l-n

where the rewrite 5 exists by Lemma 3,6,

From now on, we assume that for any set of assignments A = (w/x), Wi E Ts, for 1 < i < n. Also, given a set of assignments A, var(A) is the set of variables assigned in A. Finally, for any sets of assignments A, A', we write A(}A' if and only if for any terms t E 7y(A'). t' E Ts, if t' = t(A'), then t' = t(A)(A'). In particular, if AO A', then for any assignment a E A', A U {a}(}A'.

Lemma 3.8 For any set of assignments A, and any set of variables V, given a rewrite

€z .. (Cp, Cpj, A/\ , \ 6Z ,, (\6pi, 6p2 , A J\

then AC A'.

Lemma 3.9 Given a theory T = (S, 0, i?) in C, t E 7v(.Y). t' E Ts, and t' = t(w/x), then, for any set of assignments A, and any set of variables V, such that var(A) fl V = 0, (x) C var(A) U V, and A(}(w/x), there is a rewrite

ez :: >(7) ] , eu[M- >(F) ] , A/V , eq) —>

ez::(eu[^f] , eu[^7] , A'/V7 , eq)

such that t' = t(A'), var(A') fl V = 0, (x) C var(A') U V, and A'Q(w/x), where from now on, for any t E 7y(.Y ). such that 7 = ep[ei], >(7) = ep[>, e/].

Proof. By structural induction on t.

(1) I = r. for r e E0, t' = c(w/x). Then, the following is a rewrite in U

ez ■■ >(c) ] , >(c) ] , A/V , eq) A c-z (e«[^c] , eu[^c] , A/V , eq), such that c = c(A).

(2) t = Xi, Wi = xi(w/x) = Wi. We have to consider two subcases:

(a) Xjt E V. Then, the following is a rewrite in U

ez ■■ >(^i)] > >(«£)] , A/v , eq) ^

ez (eu[^wi\ , eu[^Wi] , {A\J {wi/xi})/{V - {xi}) , eq),

such that Wi = Xi(A U {wi/xi}), var(. 1 U {wi/xi}) fl (V — {Xi}) = 0, (x) C var(. 1 U {Wi/xi}) U (V — and A U {wi/xi}(}(w/x).

(b) Xi E var(A), By assumption A(}(w/x). Then, the following is a rewrite in U

ez ■■ (e«[M- \>(xi) ] , eu[^y >(«£) ] , A/V , eq) A ez (eu[^Wi\ , eu[^Wi] , A/V , eq), with Wi = Xi(A).

(3) t = f(th...,tn), f E \„. n > 0. /' = f(t[,...,t'n), t't = ti{w/x), for 1 < i < n. Then, the following is a rewrite in 11,

n \ \ 1 H op{f}[>,t[;.. .;t'n]] , A/V , eq) ^ ez op{f№;...;t^->]] , op{/}[f[;... >] ] , A'/V7, eq) ^

ez (e«[^op{/}[f[;...;f£]] , op{/}[f[;...; Tn] ] , A'/V7 , eq),

where the rewrite (3 is a composition of n rewrites of the form

ez op{/}[fi;...; t-_i; >; fj;...; f^"] ] ,

— 1) ■ ■ ■ ) ^n

] ] , Aj/Vi , eq) —y

H °p{/}[¿i; ■ ■ ■;¿i-i;>;■■■;4] >(<»)] >

op{/}[i[;...;iU; >;... ] , , eq) A

ez op{/}[f[;...;

ег ::(еи[м- op{/}[ t[-,...; t op{/}[fi;...;t

-i! t'b

,A>/V¡, eq)

• • • ) ] ] j

-i! t'i, >;,,,; t'n ] ] , A'JV- , e9),

where, bv induction hypothesis, the rewrite exists, for 1 < i < n, and is such that t\ = ¿¿(A-j, var(A'J D V{ = 0, (x) C var(A<) U V{, A'i<}(w/x). Note also that bv Lemma 3,8,

Therefore, f(t[,...,t'n) = f(ti var(A') U V, and A'<}(w/x).

A = Ai С A[ = A2 С ... С A'n = A'.

,tn)(A'), var (А') П V

(x) С □

Lemma 3.10 Given a theory T = (£,0,Д) in C, t E 7y(.Y). t' E Ts, and t' = t{w/x), there is a rewrite

?-z ■■ >(i) ] , w/x) —у ez :: {eu[^7] , w/x).

Proof. By structural induction on t analogously to the proof of Lemma 3,9,□

Theorem 3.11 For any theory T = (£, 0, R) in C, t, t' E Ts,

UhT@*[^t]—>T@ *[-+¥]

Proof. By structural induction on rewriting logic proofs. For the reflexivitv and transitivity rules, the result is obvious,

(1) S-Congruence, Given a rewrite in T

fit l, - - - , t{—i, ij, ij-|-1, , , , , tn) y fit i, , , , , t{—i, tj, 1, , , , , tn),

with ti —y t[ as premise, by induction hypothesis there is a rewrite in U

T@*[-+ti] —»TO*^],

and, by Lemma 3,7, the following is also a rewrite in U

T@* [-y f(ti,...,ti-i,ti,ti+i,...,tn)

T@ * [—fiti,,,,, ¿¿_i, ¿¿, ti+i, ...,tn)]

(2) S-Eeplacement, Given a rewrite t\ —y t2 in T, such that i(i) —y t'ix) is a rule in T, and t\ = tiw/x), t2 = t'iw/x), the following is a rewrite in U

(>H >(f)} , >(ii) ] , -/V , f)

V , ( ,.;t = ,))@* [-

v , ,.;t = ,))@* [- h

V , ( ,.;t = >7;..

V , ( ,.;t = ,))@* [-

v, ( ,.;t = h

<>[^fl] ,>[^fl] , A'/V',t')

>7] , Ä7) A

where by Lemma 3,9 the rewrite a exists, and is such that i(A) = t\ = tiw/x), and by Lemma 3,10 the rewrite ¡3 exists as well, since by as-

sumption on the class of theories we are considering, var(i') C var(i), and therefore, t(A) = t\ = t(w/x) implies t'(A) = t2 = t'(w/x).

In order to prove the direction in Theorem 3,2 we prove first several technical lemmas, regarding the correctness of the rules for selecting a sub-term (Lemma 3,12), solving a matching problem with the lefthand side of a rule (Lemma 3,17), and performing the consequent substitution on the right-hand side of the rule (Lemma 3,18), We define now a partial function (e) that intuitively is the inverse function of (e), but also gives a term from decomposed representation of it, obtained by s-replacement rewrites with rule 1, In particular,

t if e = *[—>• i]

op{/}[. ■ ■; t;...] ] if e = eu>[-> op{/}[. ..;*;..

Lemma 3.12 For any theory T = (£, 0, R) G C, t, t' G Ts, given a rewrite

T@eu[^f] A T@eui[-► e ], if eu[—>• t' ] = t, then eu> [—>■ e ] = i.

Proof. By induction on the number of applications of rules +1 and — 1. □ Lemma 3.13 For any theory T = (£, 0, R) G C, t, t' G Ts, given a rewrite

T@eu[^f] e],

if t']=t, then there is a rewrite

T@eu[^7] ^Tie^h e].

Lemma 3.14 For any theory T = (£,0, J?) G C, i, i',ii,i2 G Ts, given a rewrite

T@eu[—y h] —► T@eu[—y h], such that, t = eu[—>•1\], t' = i2], ifThti —y i2, then T h t —y t'.

Proof. By induction on the size of eu, where size(*) = 1, and size(eM/[^ e]) = 1 + size(eM/), For size(eM) = 1, the result is obvious. For size(eM) = n + 1, assume that the lemma holds for any eu> such that size(eM/) = n. Then, given a rewrite

T @ ey/[^ op{/}[ ti;...; í¿_i; *; tl+l;...; tn ] ][-► t¿; T@eu,[^ op{/}[77;... ;7~T; ■ ■ ■ note that

0p{/}[7T;...: 7~: ... ], and

tj — lí tjí Í¿+1; ■ ■ ■ ; tn ] ]■

Now, by assumption, Thi; —> ¿¿. Thus, by s-congruence,

T I- fit 1) ■ ■ ■ ; t{—i, ij, i, ■ ■ ■ , iji) ^ fitlj • • • , 1, ij, ¿¿+1) ■ ■ ■ ;

and, finally, by induction hypothesis, we obtain the desired result

T b eM/[—op{/}[ ti;...; ti — li ti, ¿¿ + 1; ■ ■ ■ , tn J J

tj — 1) ¿¿+1; ■ ■ ■ ; tn ] ]■

Next, we define a partial function snm(e) that intuitively gives the cardinality of the set of subterms not yet matched of a term that is being matched:

0 if e = >

| sbt(ez') | + snm(eM) if e = eu[^ ep[ef, >; ev ] ]

snm(eM) if e = eu[^ ep[ei]],

where sbt(e) is a function that gives the set of subterms of a list of terms.

Remark 3.15 For any rewrite a = ez :: (ePl, ep, ev, eq) ez :: (ep.2,epi,evi,eq), note that snm(epi) > snm(eP2). In particular, if the rewrite a contains at least one application of the rule 3, then snm(epi) > snm(eP2).

Lemma 3.16 For any rewrite a =

C--Z • • (c« [c ^ Cpi ] j [c ^ Cp ] j Ct) j ' ■ ■ (c« 3 Cp' ] j ^u 3 Cp' ] j j

there does not exist any rewrite a' =

(3—7)*

C--Z •• (c«

Zv" i i

such that ep> ^ ep», and eu = eu>.

Proof. Assume a rewrite a' such that ep> ± ep», By definition of the rules 3-7, we have to consider two cases,

(1) a' is a composition of s-replacement rewrites with rules 7 and 6 only. It is clear in this case that eu ± eu>.

(2) a' is a composition of s-replacement rewrites 3-7 which contains at least one application of the rule 3, Then, snm(e!1[fJ ep> ]) > snm(eM/[^ ep» ]) by Remark 3,15, Therefore, eu ± eu>.

Lemma 3.17 Given a theory T = (S, 0, i?) in C, t E 7y( A'). t' E Ts, then, for any set of assignments A, and any set of variables V, such that var(A) fl V = 0, if there is a rewrite a =

ez:: {eu[^ >(t) ] , eu[M- >(F) ] , A/V , eq) —>

ez:: e] , e] , A'/V' , eq),

then e = t' = t(A') and var(A') n V = 0.

Proof. By structural induction on t.

(1) I = r. for r e E0, t' = ciw/x), Then, by Lemma 3,16, and the definition of rules 3-7, any rewrite a will be a s-replacement rewrite with rule 6,

ez ■■ »(c) ] , »(c) ] , A/y , eq) ez (e«[^c] , eu[^c] , A/V , eq), with c = c(A).

(2) t = Xi. We have to consider two subcases:

(a) Xi E V. By Lemma 3,16, and the definition of rules 3-7, any rewrite a will be a s-replacement rewrite with rule 4,

e*:: (e«[M- ] , eu[m- >(wl)] , A/V , eq) A

c-z Wi] , eu[^Wi] , {A\J {wi/xi})Hy - {xi}) , eg),

with Wi = Xi(A U {ti^/a^}) and var(. 1 U {Wi/xi}) fl (V — {xjt}) = 0, (b) Xi e var(A), By Lemma 3,16, and the definition of rules 3-7, any rewrite will be a s-replacement rewrite with rule 5,

e* :: {eu[^ >(xi) ] , eu[M- >(w~) ],(■■■; wl/xl;.. .)/V , eq) A

e^:: Wi] , tü~] , (... ; wi/Wf,.. ,)/F , eg),

with Wj = .., Wi/xi,...).

(3) t = /(ii, ...,tn), f E n > 0, t' = /(i'i,... ,t'n). By Lemma 3,16, and the definition of rules 3-7, any rewrite a will be a composition of rewrites whose last step is a s-replacement rewrite with rule 6,

H op{/}[>;ti;...;t„]] , eu[M- op{/}[>, t[-... ; t'n}] , A/V , eq) ^

ez op{/}[ei;...;e„;>]] , eu[M- op{/}[ei;... ; e„;>] ] , Ä'/F , eg)

ez (e«[^op{/}[ei;...;e„]] , eu[<^ op{/}[ei;... ; en ] ] , A'/V' , eq).

Moreover, the rewrite ß will be a composition of n rewrites of the following form,

ez ■■ op{/}[ei

op{/}[ei

H °p{/}[el

op{/}[ei

H °p{/Hei

°P{/}[ei e, :: (eu[M- op{/}[ei op{/}[ei

e¿-i e¿-1 e¿-i e¿-i e¿-i e¿-i e¿-i e¿-i

>; ti]... ; tn ] ] ,

Cj j ■ ■ ■ j tn \ J J

e,; >;...; ] , A^/F/ , e,).

Note that, by induction hypothesis, for any rewrite 1 < i < n, e^ = t>. = ti{A'j) and var(A') n V = 0. Also, by Lemma 3.8,

A = Ai C A[ = A2 C ... C A'n = A'.

Therefore, op{/}[ei;...; en ] = f(t[,..., t'n) = f(tu ..., tn)(A'), and var(A')fl V = 0.

Lemma 3.18 Given a theory T = (£, 0, R) in C, t E '/y(.Y ). t' E Ts, iftere is a rewrite a =

ez ■■ (e„H >(f)] , A) ez :: (eu[<- e] , A),

then eL = t'{A).

Proof. This proof is analogous to the proof of Lemma 3,17, □

Theorem 3.19 For any theory T E C, t,t' E Ts,

UhT@*[^t]—T\~t —y t'.

Proof. For t = t' the result is obvious. For t ± t', by Lemma 3,5 and Lemma 3,13, U b T@ * [—t ] —> T@ * [—t' ] can be obtained by composition of n paths of the following form

(F , er; (I => r); er,}@ * [-► et ] -A (V , er; (I=> r);er,)@eu,[^ e']

(3-7)*

z :: (>[<- em ] , >[<- em] , A/V* , r) z :: (>[m- >r ]

(F , er; (J => r); e"} -A

(F, er; (I =>■ r); er/)@ * [—e2] where 2 = (V , er; (I =>■ r); er/)@eM/ [—e' ],

Note that for each one of these paths we have the following: assuming that ej_ = ti E Ts, then by Lemma 3,12 e!_ = tit E Ts, Thus, by Lemma 3,17, I,, = I (A'), and by Lemma 3.18, = r(A) = /,-.. E Ts. Note then that ti2 is a s-replacement rewrite in T with rule I —> r, and therefore,

—y eu>[^y ti2] also holds. Finally, note that

by Lemma 3.14, T b eu>[-+ ti by Lemma 3.12, eu\^y ti

—ti ] and eu> [—ti2

_ _ _ *[-> t'j], for t\ E Ts.

Therefore, applying transitivity n — 1 times in T we obtain the desired rewrite.

Therefore, Theorem 3.2 is proved by Theorem 3.11 and Theorem 3.19. □

4 Strategies in General Logics

A metacircular interpreter may have a fixed strategy, and such a strategy may remain at the metalevel. This will make such an interpreter less flexible, and will complicate formal reasoning about its correctness. Even if quite flexible strategies can be defined, say in a theorem-prover's tactic language, such a language may remain a programming language external to the logic that it is controlling. In such a situation, "control" becomes an extralogical feature of the system.

If strategies can be defined inside the logic that they control, we are in a much better situation, since formal reasoning within the system can be applied to the strategies themselves to prove important properties about them. Reflective logics offer good opportunities for defining internal strategy languages

of this kind, because the metalevel being controlled can be expressed within the logic.

We give here general axioms for a strategy language, and for one internal to a logic. Again, we cover the case of entailment systems. Similar axioms for strategy languages at the proof calculus level can be found in [5].

Given a logical theory T, a strategy is a computational way of looking for certain theorems of T. This may be done by having a strategy language S(T) associated to T. Generally, we can think abstractly of the strategy language S(T) as a computational system in which strategy expressions can be further and further evaluated—in some cases perhaps forever, and sometimes in highly nondeterministic ways—so that the more we evaluate one such expression the more theorems will be exhibited in further stages. We can naturally represent such evaluations from a strategy expression E to another E' by labelled transitions a : E —y E'. If we denote by 0(E) the set of theorems exhibited by E, then our requirement is that if there is a computation a : E —y E', then 9(E) C O(E'). Of course, transitions a: E —y E' and [3 : E' —y E" should be composable, to yield a; ¡3 : E —y E", and it is always possible to add idle transitions E : E —y E. Therefore, we can axiomatize the computations of the strategy language as a category S(T).

Definition 4.1 Given an entailment system £, an external strategy language for it is a functor S : Thi —y Cat, where Thi is a subcategory of Th0 together with a natural transformation 9 : S =>■ Vo thru, where V : Set —y Cat is the functor sending each set X to the poset V(X) of subsets of X, viewed as a category with arrows the subset inclusions. In addition, the strategy language is required to be complete in the sense that for each theorem tp e thm(T) there is an E e S(T) such that p e 9(E).

An internal strategy language for £ consists of:

• an endofunctor S : Thx —y Thx—that should be thought of as associating to each theory T a "local metatheorv" S(T), axiomatizing strategies for T inside the logic;

• a functor D : Thi —> Cat assigning to each theory T a "category of deductions" D(T);

• a natural transformation 9 : D o S =>■ V o thm such that (D o S, 9) is an external strategy language for £. □

Set-Cat,

We say that a strategy expression E e S(T) is Church-Rosser iff whenever we have transitions a : E —/•."' and (3 : E —E" there is always an /•;'" and transitions a' : E' —^ /•.'"' and f3' : E" —^ /•.'"'. We say that a strategy expression E is sequential iff there is a (finite or countable) sequence of nonidle transitions an : En —y En+1 with E0 = E, such that for each nonidle

transition a : E —y E' there exists a unique k such that n = n0:...: n/,. Each sequential strategy expression is obviously Chureh-Eosser, but the contrary is not true in general. Strategy expressions need not be Church-Eosser, For example, a strategy language can have a nondeterministic choice operator _ © _ so that an expression E © E' has transitions a : E © E' —y E, and ¡3 : E © E' —y E'. Such a nondeterministic choice operator should then be "opaque," so that no proofs are exhibited until it has disappeared, that is,

e(E®E') = $.

If a reflective entailment system has an internal strategy language, then the strategies S(U) for the universal theory are particularly important, since they represent at the object level strategies for computing in the universal theory, A metacircular interpreter for such a language can then be regarded as the implementation of a particular strategy in S(U). In general, it is easier to define internal strategy languages when a logic is reflective; and such languages can then be very expressive and powerful, not only for U, but also for all other theories. This is indeed the case for rewriting logic, as we discuss in the next section.

The usefulness of internal strategies is of course very general. For example, in the context of typed lambda calculi, the important advantages of having an internal strategy language has been stressed by several authors. Thus, using reflective capabilities both tactics and decision pocedures can be specified, reasoned about, and executed inside the Nuprl constructive type theory [1,6], Similarly, Eue6[18] discusses in detail an elegant approach for endowing the calculus of constructions with internal strategies, as part of his treatment of reflection for such a calculus,

5 Strategies in Rewriting Logic

In this section we apply to rewriting logic the general semantic axioms for internal strategy language presented in Section 4, We give a general method for defining and proving correct a strategy language, and show how the correctness of a universal theory greatly simplifies the proof of correctness of a given strategy language. Since we have proved rewriting logic reflective for the class C of unconditional and unsorted finitely presentable rewrite theories, we will define an internal strategy language for controlling the rewriting inference process of theories in C.

As defined in Section 4 an internal strategy language is given by an endo-functor S : Thx —y Th1; satisfying additional semantic requirement; for our purposes Thx will be the category of finitely presentable theories in rewriting logic but with morphisms restricted to identities. This endofuctor S associates to each rewrite theory T a "local metatheorv" <S(T), axiomatizing strategies for T in the logic.

Our idea is to use the reflective capabilities of rewriting logic, and in particular, the existence of a universal theory U, to define a subfunctor K M- <S, what we call the kernel of the internal strategy language, whose correctness is based on the correctness of U itself as a universal theory. Then, a wide variety

of endofunctors S can extend such a kernel axiomatizing additional strategies, but their correctness can be reduced to that of the kernel.

For example a typical kernel K can be defined as a function K which takes a rewrite theory T = (£, 0, L, R) 3 and returns a theory )C(T), with

oE^r) = {£1/ U {metapplv(_, _), rew_ =>■ _with_, apply(_), failure, idle}},

oEk.it) = {Ev U {defi}ieL}}, where if I : t{x) —y t'(x) in R, then defi is the equation, metapplv(ti,I) = (• , * [-► tT] :: (>[m- >(t)] , >[m- >(F)] , -/i , F),

oRk(T)_= _ _

{rewt =>■ t'with apply(1) —y row T =>■ t" with idle

if metapplv(F,l) —> {■ , * [-► F],

rew t t' with apply (1) —Y failure

if metapplv(F, 1) —Y {• , :: (u[m- p[l]] , q[l']] , a/v , F) and p # q}.

In this case it is trivial to define the natural transformation 9 that extracts from a rewriting strategy expression, the rewrites that it was supposed to describe

0(rew t F with idle) = {t F}.

Note that the correctness of this kernel is based on the correctness of U as a universal theory. In particular, the correctness of the apply(_) strategy depends on the correctness of metapplv(_, _) in representing the replacement rule in rewriting logic. But this is a result that can be easily obtained as a corollary of Theorem 3,19,

Now we can define S as extending fC7 in the sense that it axiomatizes additional strategies, but always based on the kernel defined by JC. Consider for example the function S which takes a rewrite theory T = (E, 0, L, R) and returns a new theory S(T), with

oE5(r) = {£K(T) U {-; _, _andthen_ }}, oes(t) = e/c(t),

oRs(T) = {RK(Tj U

{rew t =>■ t' with (S ; S') —Y (rew t =>■ t' with S) andthen S', failure andthen S —y failure,

(rew t t' with idle) andthen S —y rew t t' with S }} Again, we can define the natural transformation 9 as

0(rew t F with idle) = {t F}. Note that S extends K axiomatizing concatenation of strategies and its

3 As in Section 3.3—to simplify the exposition— we asume that the equations have transformed into bidirectional rules. Without loss of generality we also assume that labels are string of ASCII characters.

correctness is based on the correctness of JC. A more developed example of an internal strategy language based on reflection can be found in [4].

6 Concluding Remarks

We have specified a universal theory for rewriting logic and have proved its correctness. We have also introduced the notion of internal strategy language and have given a general method for defining such languages in rewriting logic. In joint work with Steven Eker and Patrick Lincoln we are applying these ideas and techniques in the context of the Maude language. Future developments and applications that we think particularly important include:

• Definition of a universal theory for the variant of rewriting logic whose underlying equational logic is membership equational logic [19,2],

• Applications of rewriting logic to give semantics to other reflective svtems and languages,

• Uses of reflection in logical framework applications of rewriting logic (see [13] for a discussion of this topic),

• Metaprogramming uses of reflection in rewriting logic, including general module composition and transformation operations [4], and special topics such as supercompilation [28],

• Further development of, and experimentation with, internal strategy languages.

• Development of formal environments extending rewriting logic languages.

Acknowledgement

We cordially thank Carolyn Talcott for her very helpful suggestions and her encouragement of this work along many discussions, and Narciso Marti-Oliet who read thorough many drafts of this paper and gave us most valuable comments and suggestions for improving the exposition. Our warm thanks also to our fellow members in the Maude team, Steven Eker and Patrick Lincoln, with whom we have exchanged many ideas about these topics, and with whom we have worked to realize them in the Maude language.

References

[1] William E. Aitken, Robert L. Constable, and Judith L. Underwood. Metalogical frameworks II: Using reflected decision procedures. Technical Report, Computer Sei. Dept., Cornell University, 1993; also, lecture at the Max Planck Institut für Informatik, Saarbrücken, Germany, July 1993.

[2] Adel Bouhoula, Jean-Pierre Jouannaud, and José Meseguer. Specification and proof in membership equational logic. Manuscript, SRI International, August 1996.

[3] R. S. Boyer and J Strother Moore. Metafunctions: proving them correct and using them efficiently as new proof procedures. In Robert Boyer and J Moore, editors, The Correctness Problem, in Computer Science, pages 103185. Academic Press, 1981.

[4] Manuel Clavel, Steven Eker, Patrick Lincoln, and José Meseguer. Principles of Maude. In José Meseguer, editor, Proceedings of the first international workshop on rewriting logic, volume 4, Asilomar (California), September 1996. Electronic Notes in Theoretical Computer Science.

[5] Manuel Clavel and José Meseguer. Axiomatizing reflective logics and languages. In Gregor Kiczales, editor, Proceedings of Reflection''96, San Francisco, California, April 1996, pages 263-288. Xerox PARC, 1996.

[6] Robert L. Constable. Using reflection to explain and enhance type theory. In Helmut Schwichtenberg, editor, Proof and Computation, volume 139 of Computer and System Sciences, pages 109-144. Springer, 1995.

[7] Fausto Giunchiglia, Paolo Traverso, Alessandro Cimatti, and Paolo Pecchiari. A system for multi-level reasoning. In IMSA'92, pages 190-195. Information-Technology Promotion Agency, Japan, 1992.

[8] John Harrison. Metatheory and reflection in theorem proving: a survey and critique. University of Cambridge Computer Laboratory, 1995.

[9] Patricia Hill and John Lloyd. The Gôdel Programming Language. MIT Press, 1994.

[10] Douglas J. Howe. Reflecting the semantics of reflected proof. In Peter Aczel, Harold Simmons, and Stanley S. Wainer, editors, Proof Theory, pages 229-250. Cambridge University Press, 1990.

[11] Gregor Kiczales, editor. Proceedings of Reflection'96, San Francisco, California, April 1996. Xerox PARC, 1996.

[12] Gregor Kiczales, Jim des Rivieres, and Daniel G. Bobrow. The Art of the Metaobject Protocol. MIT Press, 1991.

[13] Narciso Marti-Oliet and José Meseguer. Rewriting logic as a logical and semantic framework. This volume.

[14] Narciso Marti-Oliet and José Meseguer. General logics and logical frameworks. In D. Gabbay, editor, What is a Logical System?, pages 355-392. Oxford University Press, 1994.

[15] Satoshi Matsuoka, Takuo Watanabe, Yuuji Ichisugi, and Akinori Yonezawa. Object-oriented concurrent reflective architectures. In M. Tokoro, O. Nierstrasz, and P. Wegner, editors, Object-Based Concurrent Computing, pages 211-226. Springer LNCS 612, 1992.

[16] Sean Matthews. Reflection in logical systems. In IMSA '92, pages 178-183. Information-Technology Promotion Agency, Japan, 1992.

[17] François-Nicola Demers and Jacques Malenfant. Reflection in logic, functional and object-oriented programming: a short comparative study. In IJCAI '95 Workshop on Reflection and Metalevel Architectures and their Applications in AI, pages 29-38, August 1995.

[18] Harald Rueß. Reflection of formal tactics in a deductive reflection framework. Manuscript, Universität Ulm, Abt. Künstliche Intelligenz, January 96.

[19] José Meseguer. Membership algebra. Lecture at the Dagstuhl Seminar on "Specification and Semantics," July 9, 1996. Extended version in preparation.

[20] José Meseguer. General logics. In H.-D. Ebbinghaus et al., editor, Logic Colloquium's7, pages 275-329. North-Holland, 1989.

[21] José Meseguer. Conditional rewriting logic as a unified model of concurrency. Theoretical Computer Science, 96(1):73—155, 1992.

[22] Hideaki Okamura, Yutaka Ishikawa, and Mario Tokoro. AL-l/D: A distributed programming system with multi-model reflection framework. In IMS A '92, pages 36-47. Information-Technology Promotion Agency, Japan, 1992.

[23] Luis H. Rodriguez, Jr. A study on the viability of a production-quality metaobject protocol-based statically parallelizing compiler. In IMSA '92, pages 107-112. Information-Technology Promotion Agency, Japan, 1992.

[24] N. Shankar. Metamathematics, Machines, and Gödel's Proof. Cambridge University Press, 1994.

[25] Brian Smith and Akinori Yonezawa, editors. Proc. of the IMS A'92 International Workshop on Reflection and Meta-Level Architecture, Tokyo, November 1992. Research Institute of Software Engineering, 1992.

[26] Brian C. Smith. Reflection and Semantics in Lisp. In Proc. POPL'84, pages 23-35. ACM, 1984.

[27] G. L. Steele, Jr. and G. J. Sussman. The art of the interpreter or, the modularity complex. Technical Report A I.VI-153. MIT AI-Lab, May 1978.

[28] Valentin F. Turchin. The concept of a supercompiler. A CM Transactions on Programming Languages and Systems, 8(3):292-325, 1986.

[29] M. Wand and D.P. Friedman. The mystery of the tower revealed. Lisp and Symbolic Computation, 1(1):11—38, 1988.

[30] Richard W. Weyhrauch. Prolegomena to a theory of mechanized formal reasoning. Artificial Intelligence, 13:133-170, 1980.