1 / 31

Formal Semantics of Programming Language s

Formal Semantics of Programming Language s. Topic 3: Principles of Induction. 虞慧群 yhq@ecust.edu.cn. Induction. Proving of program properties often uses mathematical induction. Prove properties of a programming language by proving a small finite set of claims.

leal
Download Presentation

Formal Semantics of Programming Language s

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Formal Semantics of Programming Languages Topic 3: Principles of Induction 虞慧群 yhq@ecust.edu.cn

  2. Induction • Proving of program properties often uses mathematical induction. • Prove properties of a programming language by proving a small finite set of claims. • If a property is violated then there is a small finite set in which it is violated. • Examples • <a, >  m & <a, >  n  m = n • Euclid terminates • <c, >  ’ & <c, ’’>  ’ = ’’

  3. Forms of induction • Mathematical induction • Structural induction • Well-founded induction • Induction on derivations • Rule induction

  4. Mathematical induction • Principle: Mathematical induction includes a basis and a induction step. (P(0) & (m. P(m)  P(m+1)))  n. P(n) • Example: Show that

  5. Course-of-value induction • Principle: (m. (k<m . P(k))  P(k))  n. P(n) • Example: Show that

  6. Structural Induction • Principle: The induction is based on the structure of the elements. First, show that the property holds for all atomic elements. Second, show that the formulation rules to build non-atomic elements preserve the property. • Example: To show that a property P holds for all arithmetic expressions, it is sufficient to show that: ( m .P(m)) ( XLoc.P(X)) ( a0 , a1Aexp. P(a0)  P(a1)  P(a0 + a1)) ( a0 , a1Aexp. P(a0)  P(a1)  P(a0 – a1)) ( a0 , a1Aexp. P(a0)  P(a1)  P(a0 a1 ))

  7. Structural Induction (Con’t) • Example: Show that the evaluation of arithmetic expression is deterministic, i.e. <a, >  m & <a, >  m’  m = m’ • Bad example <c, > ’ & <c, >  ” ’ = ”

  8. Well-Founded Induction • A well-founded relation < on a set A if • there are no infinite decreasing chains • …< ai < … < a2 < a1 • a< b • a is a predecessor of b • Proposition: A binary relation on A < is well-founded iffany nonempty subset Q of A has a minimal element, i.e. an element m such that mQ & b < m. b  Q .

  9. The Principle of Well Founded Induction • < is a well founded relation on A • P is property • Then a  A: P(a) Iff a  A: ([b < a. P(b)]  P(a))

  10. The Principle of Well Founded Induction (Con’t) • An alternative approach: To show that a property P holds for all element of a well-founded set A, it is equivalent to show that the subset F of A for which P does not hold is empty. • To prove that F is empty, it is sufficient to show that F cannot have a minimal element. • And to show that F cannot have a minimal element, we construct a contradiction from the assumption that F has a minimal element. • Example: Using the “no counterexample” approach, prove that

  11. Applications of the well founded induction principle • Mathematical induction • Course-of-values induction • Structural induction • …

  12. Induction on Derivations • A set of rule instances R consists pairs X/y where X is a finite set and y is an element • X/y – rule instance • X – premises • y – conclusion • d ||- R y – d is an R-derivation of y • (/y) ||- R y if (/y)  R • ({d1, …, dn}/y) ||- R y if ({x1, …, xn}/y)  R andd1||- R x1 & … & dn||- R xn • ||- R y – for some d d ||- R y • Sub-derivation d <1 d’ if d(D/y) with d’  D • < = <1+ • < is well-founded

  13. Examples 1. For all states : (M)  1 & (N) 1  ’ : <Euclid, > ’ • 2. For all states ,’, ’’: • <c, >  ’ & <c, >  ’’  ’ = ’’ 3. For all states ,’: <while true do skip, >  ’

  14. Rule induction • A special induction • Define a set by rules • IR={x | ||- Rx} • Examples • <a, , n> of Aexp    N such that <a, >  n • <b, , t> of Bexp    T such that <b, >  t • <c, , ’> of Com     such that <c, >  ’ • Show that the property is true for all elements by induction on the rule application

  15. The general principle of rule induction • Let IR={x | ||- Rx} • Let P be a property • x  IR P(X)  for all the rule instances (X/y) in R for which X  IR z X. P(z)  P(y)

  16. Justifying the principle of induction • A set Q is closed under rule instances or simply R-closed if for all rule instances X/yX Q  y  Q • Proposition 4.1: • IR is closed and • If Q is an R-closed set then IR  Q • Application • Q = { x  IR | P(x) } • Examples • R = {(/0)} {{n}/{n+1) | n  } • Referential transparency for expressions

  17. Expressing Syntax using Rules • a ::= … | a0 + a1 | … • a0: Aexp a1: Aexp a0+a1: Aexp

  18. Special Rule Induction • Handles rules of different types • BNF • c ::= … | X := a | …| if b then c0 else c1 | … • Rules • X : Loc a : Exp X:=a: Com • b : Bexp c0 : Com c1: Com if b then c0 else c1: Com

  19. The special principle of rule induction • Let IR={x | Rx} • A  IR • Let Q be a property • a  A. Q(a)  for all the rule instances (X/y) in R for which X  IR and yAx XA.Q(x)  Q(y)

  20. Proof rule for operational semanticsArithmetic Expressions • P(a, , n) is true of all evaluations <a, > n if it is preserved by the expression rules

  21. Proof rule for operational semantics AExp • P(a, , n) is true of all evaluations <a, > n if it is preserved by the expression rules

  22. Rule Induction for Arithmetic Expressions aAexp, , n N. <a, > n P(a, , n) iff n N, . P(n, , n) & XLoc, . P(X, , (X)) & a0, a1 Aexp, , n0, n1 N.<a0, >  n0 & P(a0, , n0) &<a1, >  n1& P(a1, , n1) P(a0+a1, , n0+n1) & …

  23. Proof rule for operational semantics BExp • P(b, , t) is true of all evaluations <b, > t if it is preserved by the Boolean expression rules • Define a subset of • (AexpN) (BexpT) • Obtained from the special principle of induction for properties P(b, , t) on the subset BexpT

  24. Rule Induction for Booleans bBexp, , t T. <b, > t  P(b, , t) iff . P(false, , false) & . P(true, , true) & a0, a1 Aexp, , n0, n1 N.<a0, >  m& <a1, >  n & m=n P(a0=a1, , true) & a0, a1 Aexp, , n0, n1 N.<a0, >  m& <a1, >  n & mn P(a0=a1, ,false) … & b Bexp,  , t T. <b, > t & P(b, , t) P(b, ,  t) &…

  25. Proof rule for operational semantics of Commands • P(c,,’) is true of all evaluations <c, >’if it is preserved by the command rules • Define a subset of • (AexpN) (BexpT) (Com) • Obtained from the special principle of induction for properties P(c, , ’) on the subset Com

  26. Rule Induction for Commands cCom, , ’. <c, > ’  P(c, , ’) iff . P(skip, , ) & X Loc, a Bexp, . <a0, >  m P(X:=a, , [m/X]) & c0, c1 Com, , ’, ’’.<c0, >  ’’& P(c0, , ’) & <c1, ’’>  ’ &P(c1, ’’, ’) P(c0;c1, , ’) & …

  27. Proposition 4.7 Define LocL(c) to be the variables which appear on the left side of some assignment in c Let y  Loc For all commands c and states , ’ Y  LocL(c). <c, ,>  ’  (Y) = ’(Y)

  28. Operators and their least fixed points • For a set of rule instances R • R(B)={y | X B, X/y  R} • Proposition 4.11 A set B is closed under R if R(B) B • R is monotonic • A  B  R(A)  R(B) • Define the sequence of sets • A0 = R0() =  • A1 = R1() =R() • A2 = R2() =R(R()) • … • An = Rn() • Define A = n  An

  29. Proposition 4.12 • A is R-closed • R(A) = A • A is the least R-closed set Let fix(R) denote the least fixed point of R fix(R)= nRn()

  30. Summary • Induction allows to prove properties of the programming language • Example properties • Deterministic • Referential transparency • Equivalent of small step and natural semantics

  31. Exercise 3 (1) Using mathematical induction to show there is no string u which satisfies au = ub for two distinct symbol a and b. (2) Prove by structural induction that the evaluation of arithmetic expressions always terminates, i.e., for all arithmetic expression a and states , there is some m such that <a, >  m.

More Related