Formal Semantics of Programming Languages

1
Formal Semantics of Programming Languages
Topic 3 Principles of Induction
??? yhq_at_ecust.edu.cn
2
Induction

• Proving of program properties often uses
  mathematical induction.
• Prove properties of a programming language by
  proving a small finite set of claims.
• If a property is violated then there is a small
  finite set in which it is violated.
• Examples
• lta, ?gt ? m lta, ?gt ? n ? m n
• Euclid terminates
• ltc, ?gt ? ? ltc, ?gt ? ? ?

3
Forms of induction

• Mathematical induction
• Structural induction
• Well-founded induction
• Induction on derivations
• Rule induction

4
Mathematical induction

• Principle Mathematical induction includes a
  basis and a induction step.
• (P(0) (?m??. P(m) ? P(m1)))? ? n??. P(n)
• Example Show that

5
Course-of-value induction

• Principle
• (?m??. (?kltm . P(k)) ? P(k))? ? n??. P(n)
• Example Show that

6
Structural Induction

• Principle The induction is based on the
  structure of the elements. First, show that the
  property holds for all atomic elements. Second,
  show that the formulation rules to build
  non-atomic elements preserve the property.
• Example To show that a property P holds for all
  arithmetic expressions, it is sufficient to show
  that
• (? m ??.P(m))?
• (? X?Loc.P(X))?
• (? a0 , a1 ?Aexp. P(a0) ? P(a1) ? P(a0 a1 ))?
• (? a0 , a1 ?Aexp. P(a0) ? P(a1) ? P(a0 a1 ))?
• (? a0 , a1 ?Aexp. P(a0) ? P(a1) ? P(a0 ? a1 ))

7
Structural Induction (Cont)

• Example Show that the evaluation of arithmetic
  expression is deterministic, i.e.
• lta, ?gt ? m lta, ?gt ? m ? m m
• Bad example
• ltc, ?gt ?? ltc, ?gt ? ?? ? ?

8
Well-Founded Induction

• A well-founded relation lt on a set A if
• there are no infinite decreasing chains
• ?lt ai lt lt a2 lt a1
• a lt b
• a is a predecessor of b
• Proposition A binary relation on A lt is
  well-founded iffany nonempty subset Q of
  A has a minimal element, i.e. an element m such
  that
• m?Q ?b lt m. b ? Q .

9
The Principle of Well Founded Induction

• lt is a well founded relation on A
• P is property
• Then
• ?a ? A P(a)
• Iff
• ?a ? A (?b lt a. P(b) ? P(a))

10
The Principle of Well Founded Induction (Cont)

• An alternative approach To show that a property
  P holds for all element of a well-founded set A,
  it is equivalent to show that the subset F of A
  for which P does not hold is empty.
• To prove that F is empty, it is sufficient to
  show that F cannot have a minimal element.
• And to show that F cannot have a minimal element,
  we construct a contradiction from the assumption
  that F has a minimal element.
• Example Using the no counterexample approach,
  prove that

11
Applications of the well founded induction
principle

• Mathematical induction
• Course-of-values induction
• Structural induction

12
Induction on Derivations

• A set of rule instances R consists pairs X/y
  where X is a finite set and y is an element
• X/y rule instance
• X premises
• y conclusion
• d - R y d is an R-derivation of y
• (?/y) - R y if (?/y) ? R
• (d1, , dn/y) - R y if (x1, , xn/y) ? R
  andd1 - R x1 dn - R xn
• - R y for some d d - R y
• Sub-derivation d lt1 d if d?(D/y) with d ? D
• lt lt1
• lt is well-founded

13
Examples
1. For all states ? ?(M) ? 1 ?(N) ?1 ? ??
ltEuclid, ?gt? ?
2. For all states ?,?, ? ltc, ?gt ? ? ltc,
?gt ? ? ? ? ?
3. For all states ?,? ltwhile true do skip, ?gt ?
?
14
Rule induction

• A special induction
• Define a set by rules
• IRx - R x
• Examples
• lta, ?, ngt of Aexp ? ? ? N such that lta, ?gt ? n
• ltb, ?, tgt of Bexp ? ? ? T such that ltb, ?gt ? t
• ltc, ?, ?gt of Com ? ? ? ? such that ltc, ?gt ? ?
• Show that the property is true for all elements
  by induction on the rule application

15
The general principle of rule induction

• Let IRx - R x
• Let P be a property
• ?x ? IR P(X) ? for all the rule instances (X/y)
  in R for which X ? IR ?z ?X. P(z) ? P(y)
  

16
Justifying the principle of induction

• A set Q is closed under rule instances or simply
  R-closed if for all rule instances X/yX ?Q ? y ?
  Q
• Proposition 4.1
• IR is closed and
• If Q is an R-closed set then IR ? Q
• Application
• Q x ? IR P(x)
• Examples
• R (?/0) ?n/n1) n ? ?
• Referential transparency for expressions

17
Expressing Syntax using Rules

• a a0 a1
• a0 Aexp a1 Aexp a0a1 Aexp

18
Special Rule Induction

• Handles rules of different types
• BNF
• c X a if b then c0 else c1
• Rules
• X Loc a Exp Xa Com
• b Bexp c0 Com c1 Com if b then c0 else c1
  Com

19
The special principle of rule induction

• Let IRx ?R x
• A ? IR
• Let Q be a property
• ?a ? A. Q(a) ? for all the rule instances (X/y)
  in R for which X ? IR and y?A ?x ?X?A.Q(x)
  ? Q(y)

20
Proof rule for operational semanticsArithmetic
Expressions

• P(a, ?, n) is true of all evaluations lta, ?gt? n
  if it is preserved by the expression rules

21
Proof rule for operational semantics AExp

• P(a, ?, n) is true of all evaluations lta, ?gt? n
  if it is preserved by the expression rules

22
Rule Induction for Arithmetic Expressions
?a?Aexp, ???, n ?N. lta, ?gt? n ?P(a, ?, n)
iff
?n ?N, ???. P(n, ?, n) ?X?Loc, ???. P(X, ?,
?(X)) ?a0, a1? Aexp, ???, n0, n1 ?N.lta0, ?gt ?
n0 P(a0, ?, n0) lta1, ?gt ? n1 P(a1, ?, n1)
?P(a0a1, ?, n0n1)
23
Proof rule for operational semantics BExp

• P(b, ?, t) is true of all evaluations ltb, ?gt? t
  if it is preserved by the Boolean expression
  rules
• Define a subset of
• (Aexp???N) ?(Bexp???T)
• Obtained from the special principle of induction
  for properties P(b, ?, t) on the subset Bexp???T

24
Rule Induction for Booleans
?b?Bexp, ???, t ?T. ltb, ?gt? t ? P(b, ?, t)
iff
????. P(false, ?, false) ????. P(true, ?, true)
?a0, a1? Aexp, ???, n0, n1 ?N.lta0, ?gt ? m
lta1, ?gt ? n mn ?P(a0a1, ?, true) ?a0, a1?
Aexp, ???, n0, n1 ?N.lta0, ?gt ? m lta1, ?gt ? n
m?n ?P(a0a1, ?,false) ?b ?Bexp, ?? ?, t
?T. ltb, ?gt ?t P(b, ?, t) ?P(?b, ?, ? t)
25
Proof rule for operational semantics of Commands

• P(c, ?,?) is true of all evaluations ltc,
  ?gt??if it is preserved by the command rules
• Define a subset of
• (Aexp???N) ?(Bexp???T) ?(Com????)
• Obtained from the special principle of induction
  for properties P(c, ?, ?) on the subset Com????

26
Rule Induction for Commands
?c?Com, ???, ???. ltc, ?gt? ? ? P(c, ?, ?)
iff
????. P(skip, ?, ?) ?X ?Loc, a ?Bexp, ???.
lta0, ?gt ? m ?P(Xa, ?, ?m/X) ?c0, c1? Com,
?, ?, ? ??.ltc0, ?gt ? ? P(c0, ?, ?) ltc1,
?gt ? ? P(c1, ?, ?) ?P(c0c1, ?, ?)
27
Proposition 4.7
Define LocL(c) to be the variables which appear
on the left side of some assignment in c
Let y ? Loc For all commands c and states ?, ?
Y ? LocL(c). ltc, ?,gt ? ? ? ?(Y) ?(Y)
28
Operators and their least fixed points

• For a set of rule instances R
• R(B)y ?X ?B, X/y ? R
• Proposition 4.11 A set B is closed under R if
  R(B) ?B
• R is monotonic
• A ? B ? R(A) ? R(B)
• Define the sequence of sets
• A0 R0(?) ?
• A1 R1(?) R(?)
• A2 R2(?) R(R(?))
• An Rn(?)
• Define A ?n ?? An

29
Proposition 4.12

1. A is R-closed
2. R(A) A
3. A is the least R-closed set

Let fix(R) denote the least fixed point of R
fix(R) ?n?? Rn(?)
30
Summary

• Induction allows to prove properties of the
  programming language
• Example properties
• Deterministic
• Referential transparency
• Equivalent of small step and natural semantics

31
Exercise 3

• (1) Using mathematical induction to show there is
  no string u which satisfies au ub for two
  distinct symbol a and b.
• (2) Prove by structural induction that the
  evaluation of arithmetic expressions always
  terminates, i.e., for all arithmetic expression a
  and states ?, there is some m such that lta, ?gt ?
  m.