Changes following the second printing

For convenience, we will refer to each change using the number of the page on which it appears. Detailed explanations are given below.

Changes

• Page 21: reversed 1 and 2
• Page 24: reversed p and q
• Page 61: in should be :, proof has spurious assumption.
• Page 64: easier proof
• Page 66: finite subsets introduced earlier
• Page 67: (a,b) should be (x,y)
• Page 68: transposition error
• Page 70: 6 should be 1
• Page 74: Guests should be Guest
• Page 82: missing P
• Page 92: extra `the'
• Page 102: different example
• Page 137: missing ~
• Page 172: unhelpful account ~
• Page 196: missing existential quantifier, improved rules
• Page 197: semicolon should be dot; proof incorrect
• Page 225: missing existential quantifierA
• Page 248: `of' should be `are'A
• Page 251: unnecessary declaration
• Page 258: `strictly positive' should be `non-zero'
• Page 263: missing input
• Page 266: missing input and output
• Page 272: missing information
• Page 273: |- should be =>
• Page 274: plurals should be singular
• Page 277: missing `by'
• Page 283: that should be than
• Page 284: Sytems should be Systems
• Page 296: accidental repetition: that that. Also, as a should be is a
• Page 301: improved wording
• Page 322: missing decoration
• Page 325: unwanted decoration
• Page 327: s should be ins

Details

• Page 21

  In the final proof tree on the page, the step labelled \/-intro2 should be labelled \/-intro1, and vice versa.

• Page 24

  In the sketch proof at the bottom of the page, p and q are reversed in the antecedent and a and b are reversed in the justification.

• Page 61

  In the proof at the top of the page, the `element of' symbol is used in a declaration; a colon should be used instead. Worse still, there is an instance of p in the assumption that simply shouldn't be there. It has been removed.

• Page 64

  The proof at the bottom of the page is made easier if the just-introduced compre-s rule is employed instead of the standard compre. In the revised version, the subsidiary proof on Page 65 is no longer necessary.

• Page 66

  On page 66, last paragraph of Section 5.3, it states that the definition of F is given in Chapter 10, whereas it actually appears in Chapter 8.

• Page 67

  Half way down the page, the sentence that begins `the ordered pair (a,b)' should begin `the ordered pair (x,y)'.

• Page 68

  Although not an essential part of the explanation, this is possibly the most embarrassing error in the book; the answer to the multiplication should be 324, not 234.

• Page 70

  In Example 5.21, the result of the first set difference should be {1} and not {6}.

• Page 74

  The declaration of basic types in Example 6.1 should be [Guest,Room], to be consistent with the text that follows.

• Page 82

  There is a missing powerset symbol in the definition of safe: it should be a set of sets of people.

• Page 92

  The sentence that begins `We may compose...' should read as follows: `We may compose the relations drives and uses to find out which fuels a driver may purchase.

• Page 102

  Example 8.5 used a function called approx, whose definition was sufficiently complicated as to obscure the point of the example, which is intended to illustrate the use of the lambda notation. This has now been replaced with an alternative example.

• Page 137

  At the end of Example 10.2, we stated that status d is well-defined; we meant to say that status~ d is well-defined.

• Page 172

  The account of bindings and decoration is not particularly helpful. A far, far better way of doing things is to explain decoration of bindings; theta Schema ' is a decorated form of theta Schema, and is an object of the same schema type Schema. The two bindings can therefore be equated; they are equal if and only if the value of each variable is equal to the value of its primed equivalent: see the on-line version of the text for further details.

• Page 196

  There is a missing existential quantifier in the predicate part of the StartBooking schema, leaving the variables in the binding of BoxOfficeInit' unbound. The predicate part should begin with the quantification \exists BoxOfficeInit. It would also be clearer if the binding of BoxOfficeInit' were replaced with one of BoxOffice', which was the original intention.

• Page 197

  In the last piece of displayed mathematics on the page, there is a semicolon where a dot ought to be. The proof that the promotion is free is unnecessarily complicated, overlong, and - at one point - actually incorrect. This proof, and the rules that precede it, have now been replaced.

• Page 225

  There is a missing existential quantifier in the predicate part of the Create0 schema, leaving the variables in the binding of FileInit' unbound. The predicate part should begin with the quantification \exists FileInit. It would also be clearer if the binding theta FileInit' were replaced with one of File'.

• Page 248

  In the last paragraph of the page, the first sentence should read `are relations of' rather than `of relations of'.

• Page 251

  The predicate (a universal quantification) at the top of the page includes a declaration of is' and os', neither of which are required in the body of the predicate.

• Page 258

  The words `strictly positive' in the first paragraph should be replaced by `non-zero', to match the displayed mathematics.

• Page 263

  All of the quantified expressions apart from the first (describing the initialisation) are missing p? from their declaration parts. This variable should be universally quantified: the conditions should apply for all values of the input p?.

• Page 265

  In two places on this page, InitCMemory should be written as CMemoryInit (to be consistent with the name of the abstract initialisation).

• Page 266

  All of the quantified expressions apart from the first (describing the initialisation) are missing n? and m! from their declaration parts. The first of these variables should be universally quantified, the second should be existentially quantified.

• Page 272

  There is a piece of information missing from the state of the Apollo booking system: the separated ticket must not be one of those in the pool (this is an invariant of the system, but needs to be made explicit if the proof is to be completed)

  tkt \neq null \implies ticket\inv tkt \notin apool
  

  .

• Page 273

  In the last piece of displayed mathematics on the page, there is a turnstile |- that would be better understood as an implication symbol =>.

• Page 274

  In the first sentence on this page, the noun `others' should be singular. On the same page, the type Digit is declared with an additional s at the end of its name.

• Page 277

  The sentence immediately above the schema is missing the word `by' following `described'.

• Page 283

  The sentence that begins `Notice that these are easier to apply that those given' should read` Notice that these are easier to apply than those given'.

• Page 284

  The word Systems has been mis-spelt twice in the displayed mathematics (as Sytems).

• Page 296

  The repetition of `that' in the second paragraph is not intentional. Also, in the last paragraph on the page, as a should read is a.

• Page 301

  The sentence in the middle of the page should read Any variable that is not assigned to will have the same value after the operation as before....

• Page 322

  The free variables in the predicate part of the schema SectionInit should all be primed to match the decoration. Further, the value of ins' in the definition of STransmit is wrong; it should be changed to match that of rec'. See the new version of the page.

• Page 325

  In the first sentence, the word `our' appears for no good reason. In the lower half of the page, the schema RetrieveExtSection should not be decorated in the three predicates that involve preconditions (this should be obvious from the declaration).

• Page 327

  The identifier s on the fourth line of the displayed mathematics should be ins.

  text

  slides

  exercises

  solutions

  cards

  contents