CS 611: Lecture 5

1
CS 611 Lecture 5

• Small-step semantics and Induction
• September 6, 1999
• Cornell University Computer Science Department
• Andrew Myers

2
Administration

• No class this Friday, September 10
• Problem set 1 change problem 3 is Winskel
  problem 3.5

3
Large-step continue semantics

• Last time this relation doesnt work
• ?c, l, ? ????
• (with l a stack of while commands to restart)
• Problem semicolon rule always runs second
  command, so continue c2 doesnt work
• ? c1, l, ??????
• ?c, l, ? ???? ? c2, l, ???????
• ?continue, c l, ? ???? ?c1 c2, l, ?????

Oops!
4
Solution

• Need to change command evaluation relation
• ?c, l, ?????, runhalt

current enclosing while loop has finished
?c, l, ?????, run ?continue, c l, ?????, halt
?c1, l, ?????, halt ?c1 c2, l, ?????, halt ?c1,
l, ??????, run ?c2, l, ???????, x ?c1 c2, l,
?????, x
?b, s??true ?c, (while b do c l ), s????,
halt ?while b do c, l, s????, run ?b,
s??true ?c, (while b do c l ), s?????,
run ?while b do c, l, s??????, run ?while b do c,
l, s????, run
propagate run, halt to if rules...
5
Problems with large-step semantics

• Large-step semantics dont model what an
  interpreter does that well
• Fails to pin down evaluation order
• ?a1, s? ? n1?a2, s?? n2
• ?a1 a2 , s? ? n1 n2
• Have to know which rule to use cant express
  (implementable) non-deterministic choice
• ?c1, ????? ?c2, ?????
• ?c1 ? c2, ????? ?c1 ? c2, ?????

6
Small-step semantics

• Idea represent computation by transitions
  between configurations rather than evaluation to
  a result
• Arithmetic
• ?a1, s? ? ?a2, s? ?...??n, s?
• Example
• ?(2 3)?4, s? ? ?5?4, s? ??20, s?

7
Other expressions

• Booleans
• ?b1, s? ? ?b2, s? ?...??true, s?
• Commands
• ?c1, s? ? ?c2, s? ?...??skip, s?
• Final configuration represents a completed
  computation

8
Small-step rules

• Inference rules for small-step semantics of
  arithmetic

First argument may be evaluated before
second Second argument is evaluated (only) if
first argument is fully evaluated Result is
computed once both arguments are fully evaluated
?a1, s? ??a?1, s? ?a1 a2, s? ??a?1 a2,
s? ?a2, s? ??a?2, s? ?n a2, s? ??n a?2,
s? n n1 n2 ?n1 n2, s? ??n, s?
9
Small-step command rules
?a, s? ??a?, s? ?X a , s? ??X a?, s? ?X
n , s? ??skip, sX ?n?
Assignment
?b, s? ??b?, s? ?if b then c else c? , s???if b?
then c else c? , s? ?if true then c else c? ,
s???c, s? ?if false then c else c? , s???c?, s?
if
10
Implementable non-determinism

• ? c ? c? , s???c, s?
• ? c ? c? , s???c?, s?

... a non-deterministic choice operator that does
not back out when a computation gets stuck.
11
Small-step vs. large-step

• How do we know that the small-step semantics and
  large-step semantics describe the same language?
• Define relation ? on configurations representing
  many single steps
• ?a, s? ??a?, s?
• iff
• ?a, s? ??a1, s? ?...??an, s???a, s?
• Arithmetic is equivalent if
• ?a, s? ?n ? ?a, s? ??n, s?
• How can we prove this?

12
Need for new proof techniques

• Proofs not possible with tools shown so far
• equivalence of different semantics
• small-step vs. large-step
• while vs. whilecontinue
• termination of expressions
• deterministic evaluation of programs
• Need to be able to unwind a structural derivation
  an unbounded number of steps!
• Need various forms of induction

13
Proving termination

• Argument for termination of arithmetic
• Expressions of the form X or n always terminate
  in one step (evaluation defined by axioms)
• Expressions of the form a1 a2, a1 ? a2,a1a2
  terminate if their constituent arithmetic
  expressions terminate
• Circular!

14
Induction

• Simple mathematical induction a property P(x)
  holds for all x ? 1 if
• P(1)
• ?x ? 1 . (P(x) ? P(x1))
• Define P(x) ?x? ? 1, , x . P?(x)
• ?x ? 1 . P(x) ? ?x ? 1 . P?(x)
• P(1) ? P?(1)
• ?x ? 1 . (P(x) ? P(x1)) ?
• ?x ? 1 . ?x? ? 1, , x1 . P?(x?) ? P?(x)

15
Structural Induction

• Idea every arithmetic expression is built up by
  applying the rules
• a n X a0 a1 a0 - a1 a0 a1
• Consider the size of an expression to be the
  number of times these rules are applied to
  construct an expression
• size(n) 1
• size(X) 1
• size(a0 a1) 1 max(size(a0, a1))
• All expressions have finite size

16
Finishing proof by structural induction

• Use course-of-values induction on size of
  expression
• ?x ? 1 . ?x? ? 1, , x1 . P(x?) ? P(x)
• P(x) is the property all expressions of size x
  terminate
• P(1) is clearly true
• If P(x?) is true for all x? lt x, then an
  expression of size x and form a0 a1, a0a1, a0
  a1 must terminate its constituent expressions a0
  , a1 are necessarily of size x-1 or smaller.

17
Induction on Derivations

• Sometimes proof requires induction on height of
  structural derivation (intuitively length of
  execution)
• Lets us prove some property is never destroyed
  during execution
• Example proving commands in IMP are
  deterministic
• Want to show
• ?s, s?, s??, c .( ?c, s? ? s? ? ?c, s? ? s?? ?
  s? s??)

18
Proof of Determinism

• Every command that terminates has a derivation
  with finite height
• Height of derivation tree is longest chain from
  conclusion (root) to any axiom (leaf)
• Let P(x) be statement all statements whose
  derivation has a height of x are deterministic
• P(1) skip, X a
• Now consider commands if, while with derivation
  tree height x

19
if

• Assume ?if b then c0 else c1, s? ? s?, ?if b
  then c0 else c1, s? ? s??
• Since booleans are deterministic, b evaluates the
  same way for both
• WLOG derivations look like
• Sub-derivations
• Therefore, s? s?? !

... ?b , s? ? true
?c0, s? ? s? ?if b then c0 else c1, s? ? s?
?b , s? ? true
?c0, s? ? s?? ?if b then c0 else c1, s? ? s??
?c0, s? ? s?
?c0, s? ? s??
20
while

• Assume ?while b do c, s? ? s1, ?while b do c,
  s? ? s2
• Derivations look like

?b, s? ? true
?c, s? ? s?1
?while b do c, s?1? ? s1
?while b do c, s? ? s1



?b, s? ? true
?c, s? ? s?2
?while b do c, s?2? ? s2
?while b do c, s? ? s2
21
while

• Assume ?while b do c, s? ? s1, ?while b do c,
  s? ? s2
• Derivations look like

s?1 s?2, s1 s2



?b, s? ? true
?c, s? ? s?1
?while b do c, s?1? ? s1
?while b do c, s? ? s1



?b, s? ? true
?c, s? ? s?2
?while b do c, s?2? ? s2
?while b do c, s? ? s2
22
Next time

• Recursive definitions of sets
• Rule induction
• Equivalence of small-step and large-step semantics