Roy L. Crole. Operational Semantics Abstract Machines and Correctness. University of Leicester, UK

Transcription

1 Midlands Graduate School, University of Birmingham, April Operational Semantics Abstract Machines and Correctness Roy L. Crole University of Leicester, UK

2 Midlands Graduate School, University of Birmingham, April Introduction By the end of this introduction, you should be able to briefly explain the meaning of syntax and semantics; give a snap-shot overview of the course; explain what inductively defined sets are; and do simple rule inductions.

3 Midlands Graduate School, University of Birmingham, April What s Next? Background What is a Programming Language? What is Syntax? What is Semantics?

4 Midlands Graduate School, University of Birmingham, April Some Answers Programming Languages are formal languages used to communicate with a computer. Programming languages may be low level. They give direct instructions to the processor (instruction set architecture). Or high level. The instructions are indirect being (eg) compiled for the processor but much closer to concepts understood by the user (Java, C++,... ).

5 Midlands Graduate School, University of Birmingham, April Syntax refers to particular arrangements of words and letters eg avid hit the ball or if t > 2 then H = Off. A grammar is a set of rules which can be used to specify how syntax is created. Examples can be seen in automata theory, or programming manuals. Theories of syntax and grammars can be developed ideas are used in compiler construction.

6 Midlands Graduate School, University of Birmingham, April Semantics is the study of meaning. In particular, syntax can be given meaning. The word run can mean execution of a computer program, spread of ink on paper,... Programming language syntax can be given a semantics at least in theory!. We need this to write meaningful programs...

7 Midlands Graduate School, University of Birmingham, April Semantic descriptions are often informal. Consider while (expression) command ; adapted from Kernighan and Ritchie 1978/1988, p 224: The command is executed repeatedly so long as the value of the expression remains unequal to 0; the expression must have arithmetic or pointer type. The execution of the (test) expression, including all side effects, occurs before each execution of the command. We want to be more precise, more succinct.

8 Midlands Graduate School, University of Birmingham, April Top Level view of Course efine syntax for programs P and types σ ; (define type assignments P :: σ ); define operational semantics looking like (P, s) (V, s ) P V ; and compile P and V to abstract machine instructions P [[P]] and V ( V ) Then prove correctness: P V iff [[P]] t ( V )

9 Midlands Graduate School, University of Birmingham, April What s Next? Inductively efined Sets Specify inductively defined sets; programs, types etc will be defined this way. BNF grammars are a form of inductive definition; abstract syntax trees are also defined inductively. efine Rule Induction; properties of programs will be proved using this. It is important.

10 Midlands Graduate School, University of Birmingham, April Example Inductive efinition Let Var be a set of propositional variables. Then the set Prpn of propositions of propositional logic is inductively defined by the rules P [P Var] (A) φ φ ψ ψ ( ) φ ψ ( ) φ ψ ( ) φ ( ) φ ψ φ ψ φ Each proposition is created by a deduction...

11 Midlands Graduate School, University of Birmingham, April Inductively efined Sets in General Given a set of rules, a deduction is a finite tree such that each leaf node label c occurs as a base rule (,c) R for any non-leaf node label c, if H is the set of children of c then (H,c) R is an inductive rule. The set I inductively defined by R consists of those elements e which have a deduction with root node e. One may prove e I. φ(e) for a property φ(e) by rule induction. See the notes...

12 Midlands Graduate School, University of Birmingham, April Example of Rule Induction Consider the set of trees T defined inductively by n [n Z] T 1 T 2 +(T 1,T 2 ) Let L(T) be the number of leaves in T, and N(T) be the number of +-nodes of T. We prove (see board) T T. L(T) = N(T)+1 where the functions L,N:T N are defined recursively by L(n) = 1 and L(+(T 1,T 2 )) = L(T 1 )+L(T 2 ) N(n) = 0 and N(+(T 1,T 2 )) = N(T 1 )+N(T 2 )+1

13 Midlands Graduate School, University of Birmingham, April Chapter 1 By the end of this chapter, you should be able to describe the programs (syntax) of a simple imperative language called IMP; give a type system to IMP and derive types; explain the idea of evaluation relations; derive example evaluations.

14 Midlands Graduate School, University of Birmingham, April What s Next? Types and Expressions We define the types and expressions of IMP. We give an inductive definition of a formal type system.

15 Midlands Graduate School, University of Birmingham, April Program Expressions and Types for IMP The program expressions are given (inductively) by P ::= c constant l memory location P iop P integer operator P bop P boolean operator l := P assignment P ; P sequencing if P then P else P conditional while P do P while loop

16 Midlands Graduate School, University of Birmingham, April The types of the language IMP are given by the grammar σ ::= int bool cmd A location environment L is a finite set of (location, type) pairs, with type being just int or bool: L = l 1 :: int,...,l n :: int, l n+1 :: bool,...,l m :: bool Given L, then any P whose locations all appear in L can (sometimes) be assigned a type; we write P :: σ to indicate this, and define such type assignments inductively.

17 Midlands Graduate School, University of Birmingham, April [any n Z] n :: int T :: bool F :: bool l :: int [l :: int L] P 1 :: int P 2 :: int P 1 bop P 2 :: bool [ bop BOpr] skip :: cmd l :: σ P :: σ l := P :: cmd P 1 :: bool P 2 :: cmd P 3 :: cmd P 1 :: bool P 2 :: cmd if P 1 then P 2 else P 3 :: cmd while P 1 do P 2 :: cmd

18 Midlands Graduate School, University of Birmingham, April Example: eduction of a Type Assignment l :: int 5 :: int 3 4 l 5 :: bool 2 l := l 1 ; l := l l :: cmd if l 5 then l := 1 else (l := l+1 ; l := l l) :: cmd

19 Midlands Graduate School, University of Birmingham, April What s Next? An Evaluation Relation We define a notion of state. We define an evaluation relation for IMP. We look at an example.

20 Midlands Graduate School, University of Birmingham, April States A state s is a finite partial function Loc Z B. For example s = l 1 4,l 2 T,l 3 21 There is a state denoted by s{l c} : Loc Z B which is the partial function (s{l c})(l ) def = c s(l ) if l = l otherwise We say that state s is updated at l by c.

21 Midlands Graduate School, University of Birmingham, April An Evaluation Relation Consider the following evaluation relationship ( l := T ; l := 4+1, ) ( skip, l T,l 5 ) The idea is Starting program final result We describe an operational semantics which has assertions which look like (P, s) (c, s) and (P, s 1 ) (skip, s 2 )

22 Midlands Graduate School, University of Birmingham, April (l, s) (s(l), s) [ provided l domain of s] LOC (P 1, s) (n 1, s) (P 2, s) (n 2, s) (P 1 op P 2, s) (n 1 op n 2, s) OP (P, s) (c, s) (l := P, s) (skip, s{l c}) ASS (P 1, s 1 ) (skip, s 2 ) (P 2, s 2 ) (skip, s 3 ) (P 1 ; P 2, s 1 ) (skip, s 3 ) SEQ

23 Midlands Graduate School, University of Birmingham, April (P, s 1 ) (F, s 1 ) (P 2, s 1 ) (skip, s 2 ) (if P then P 1 else P 2, s 1 ) (skip, s 2 ) CON2 (P 1, s 1 ) (T, s 1 ) (P 2, s 1 ) (skip, s 2 ) (while P 1 do P 2, s 2 ) (skip, s 3 ) (while P 1 do P 2, s 1 ) (skip, s 3 ) (P 1, s) (F, s) (while P 1 do P 2, s) (skip, s) LOOP2

24 Midlands Graduate School, University of Birmingham, April Example Evaluations We derive deductions for and ((3+2) 6, s) (30, s) (while l = 1 do l := l 1, l 1 ) (skip, l 0 )

25 Midlands Graduate School, University of Birmingham, April Chapter 2 By the end of this chapter you should be able to describe the compiled CSS machine, which executes compiled IMP programs; show how to compile to CSS instruction sequences; give some example executions.

26 Midlands Graduate School, University of Birmingham, April Motivating the CSS Machine An operational semantics gives a useful model of IMP we seek a more direct, computational method for evaluating configurations. If P e V, how do we mechanically produce V from P? P P 0 P 1 P 2... P n V Mechanically produce can be made precise using a relation P P defined by rules with no hypotheses. n+m m+n

27 Midlands Graduate School, University of Birmingham, April P 0 P 1 P 2 P 3 P 4... V Re-Write Rules (Abstract Machine) deduction tree P e V Evaluation Semantics

28 Midlands Graduate School, University of Birmingham, April An Example Let s(l) = 6. Execute 10 l on the CSS machine. First, compile the program. [[10 l]] = FETCH(l) : PUSH(10) : OP( ) Then FETCH(l) : PUSH(10) : OP( ) s PUSH(10) : OP( ) 6 s OP( ) 10 : 6 s 4 s

29 Midlands Graduate School, University of Birmingham, April efining the CSS Machine A CSS code C is a list: C ins ::= ins : C ::= PUSH(c) FETCH(l) OP(op) SKIP STO(l) BR(C,C) LOOP(C,C) The objects ins are CSS instructions. We will overload : to denote append; and write ξ for ξ : (ditto below). A stack S is produced by the grammar S ::= c : S

30 Midlands Graduate School, University of Birmingham, April A CSS configuration is a triple (C,S,s). A CSS re-write takes the form (C 1, S 1, s 1 ) (C 2, S 2, s 2 ) and re-writes are specified inductively by rules with no hypotheses (such rules are often called axioms) (C 1, S 1, s 1 ) (C 2, S 2, s 2 ) R Note that the CSS re-writes are deterministic.

31 Midlands Graduate School, University of Birmingham, April PUSH(c) : C S s C c : S s FETCH(l) : C S s C s(l) : S s OP( op ) : C n 1 : n 2 : S s C n 1 op n 2 : S s STO(l) : C c : S s C S s{l c} BR(C 1,C 2 ) : C F : S s C 2 : C S s LOOP(C 1,C 2 ) : C S s C 1 : BR(C 2 : LOOP(C 1,C 2 ),SKIP) : C S s

32 Midlands Graduate School, University of Birmingham, April [[c]] [[l]] [[P 1 op P 2 ]] [[l := P]] [[skip]] [[P 1 ; P 2 ]] [[if P then P 1 else P 2 ]] [[while P 1 do P 2 ]] def = PUSH(c) def = FETCH(l) def = [[P 2 ]] : [[P 1 ]] : OP(op) def = [[P]] : STO(l) def = SKIP def = [[P 1 ]] : [[P 2 ]] def = [[P]] : BR([[P 1 ]],[[P 2 ]]) def = LOOP([[P 1 ]],[[P 2 ]])

33 Midlands Graduate School, University of Birmingham, April Chapter 3 By the end of this chapter you should be able to describe the interpreted CSS machine, which executes IMP programs; explain the outline of a proof of correctness; explain some of the results required for establishing correctness, and the proofs of these results.

34 Midlands Graduate School, University of Birmingham, April Architecture of the Machine A CSS code C is a list of instructions which is produced by the following grammars: C ::= ins : C ins ::= P op STO(l) BR(P 1,P 2 ) We will overload : to denote append; and write ξ for ξ : (ditto below). A stack S is produced by the grammar S ::= c : S

35 Midlands Graduate School, University of Birmingham, April n : C S s C n : S s P 1 op P 2 : C S s P 2 : P 1 : op : C S s op : C n 1 : n 2 : S s C n 1 op n 2 : S s l := P : C S s P : STO(l) : C S s STO(l) : C n : S s C S s{l n} while P 1 do P 2 : C S s P 1 : BR((P 2 ; while P 1 do P 2 ),skip) : C S s

36 Midlands Graduate School, University of Birmingham, April A Correctness Theorem For all n Z, b B, P 1 :: int, P 2 :: bool, P 3 :: cmd and s,s 1,s 2 States we have (P 1, s) (n, s) iff P 1 s t n s (P 2, s) (b, s) iff P 2 s t b s (P 3, s 1 ) (skip, s 2 ) iff P 3 s 1 t s 2 where t denotes the transitive closure of.

37 Midlands Graduate School, University of Birmingham, April Proof Method = onlyif by Rule Induction for. = if by Mathematical Induction on k. Recall κ t κ iff ( k 1)(κ k κ ), where for k 1, κ k κ means that ( 1 i k)( κ i )(κ κ 1... κ k = κ ) Then note if the are configurations with ξ parameters ( ξ)( ( k)( k ) implies ) ( k)( ξ) ( k implies ) }{{} φ(k)

38 Midlands Graduate School, University of Birmingham, April Code and Stack Extension For all k N, and for all appropriate codes, stacks and states, C 1 S 1 s 1 k C 2 S 2 s 2 implies C 1 : C 3 S 1 : S 3 s 1 k C 2 : C 3 S 2 : S 3 s 2 where 0 is reflexive closure of.

39 Midlands Graduate School, University of Birmingham, April Code Splitting For all k N, and for all appropriate codes, stacks and states, if C 1 : C 2 S s k S s then there is a stack and state S and s, and k 1,k 2 N for which C 1 S s k 1 S s C 2 S s k 2 S s where k 1 + k 2 = k.

40 Midlands Graduate School, University of Birmingham, April Typing and Termination Yields Values For all k N, and for all appropriate codes, stacks, states, P :: int and P S s k S s implies s = s and S = n : S some n Z and similarly for Booleans. and P s k n s

41 Midlands Graduate School, University of Birmingham, April Proving the Theorem (= onlyif ): Rule Induction for (Case OP1): The inductive hypotheses are P 1 s t n 1 s P 2 s t n 2 s Then P 1 op P 2 s P 2 : P 1 : op s t P 1 : op n 2 s P 1 : op n 2 s t op n 1 : n 2 s n 1 op n 2 s

42 Midlands Graduate School, University of Birmingham, April ( = if ): We prove by induction for all k, for all P :: int,n,s, P s k n s implies (P, s) (n, s) } {{ } φ(k) (Proof of k 0 N, φ(k) k k0 implies φ(k 0 + 1)): Suppose that for some arbitrary k 0, P :: int, n and s P s k 0+1 n s ( ) and then we prove (P, s) (n, s) by considering cases on P.

43 Midlands Graduate School, University of Birmingham, April (Case P is P 1 op P 2 ): Suppose that P 1 op P 2 s k 0+1 n s and so P 2 : P 1 : op s k 0 n s. Using splitting and termination we have, noting P 2 :: int, that P 2 s k 1 n 2 s P 1 : op n 2 s k 2 n s where k 1 + k 2 = k 0,

44 Midlands Graduate School, University of Birmingham, April and repeating for the latter re-write we get P 1 n 2 s k 21 n 1 : n 2 s op n 1 : n 2 s k 22 n s (1) where k 21 + k 22 = k 2. So as k 1 k 0, by induction we deduce that (P 2, s) (n 2, s), and from termination that P 1 s k 21 n 1 s. Also, as k 21 k 0, we have inductively that (P 1, s) (n 1, s) and hence (P 1 op P 2, s) (n 1 op n 2, s). But from determinism and (1) we see that n 1 op n 2 = n and we are done.

45 Midlands Graduate School, University of Birmingham, April Chapter 4 By the end of this chapter you should be able to describe the expressions and type system of a language with higher order functions; explain how to write simple programs; specify an eager evaluation relation; prove properties such as determinism.

46 Midlands Graduate School, University of Birmingham, April What s Next? Expressions and Types for FUN efine the expression syntax and type system.

47 Midlands Graduate School, University of Birmingham, April g :: Int -> Int -> Int g x y = x+y Examples of FUN eclarations l1 :: [Int] l1 = 5:(6:(8:(4:(nil)))) h :: Int h = hd (5:6:8:4:nil) length :: [Bool] -> Int length l = if elist(l) then 0 else (1 + length t)

48 Midlands Graduate School, University of Birmingham, April FUN Types The types of FUN e are σ ::= int bool σ σ [σ] We shall write σ 1 σ 2 σ 3... σ n σ for σ 1 (σ 2 (σ 3 (... (σ n σ)...))). Thus for example σ 1 σ 2 σ 3 means σ 1 (σ 2 σ 3 ).

49 Midlands Graduate School, University of Birmingham, April FUN Expressions The expressions are E ::= x variables c constants K constant identifier F function identifier E 1 E 2 function application tl(e) tail of list E 1 : E 2 cons for lists elist(e) Boolean test for empty list Bracketing conventions apply...

50 Midlands Graduate School, University of Birmingham, April What s Next? A Formal FUN Type System Show how to declare the types of variables and identifiers. Give some examples. efine a type assignment system.

51 Midlands Graduate School, University of Birmingham, April Contexts (Variable Environments) When we write a FUN program, we shall declare the types of variables, for example x :: int,y :: bool,z :: bool A context, variables assumed distinct, takes the form Γ = x 1 :: σ 1,...,x n :: σ n.

52 Midlands Graduate School, University of Birmingham, April Identifier Environments When we write a FUN program, we want to declare the types of constants and functions. A simple example of an identifier environment is K :: bool, map :: (int int) [int] [int], suc :: int int An identifier type looks like σ 1 σ 2 σ 3... σ a σ where a 0 and σ is NOT a function type. An identifier environment looks like I = I 1 :: ι 1,...,I m :: ι m.

53 Midlands Graduate School, University of Birmingham, April Example Type Assignments With the previous identifier environment x :: int,y :: int,z :: int mapsuc(x : y : z : nil int ) :: [int] We have if T then hd(2 : nil int ) else hd(4 : 6 : nil int ) :: int

54 Midlands Graduate School, University of Birmingham, April Inductively efining Type Assignments Start with an identifier environment I and a context Γ. Then Γ x :: σ ( where x :: σ Γ) :: VAR Γ n :: int :: INT Γ E 1 :: int Γ E 2 :: int :: OP 1 Γ E 1 iop E 2 :: int

55 Midlands Graduate School, University of Birmingham, April Γ E 1 :: σ 2 σ 1 Γ E 2 :: σ 2 :: AP Γ E 1 E 2 :: σ 1 Γ I :: ι ( where I :: ι I) :: IR Γ nil σ :: [σ] :: NIL Γ E 1 :: σ Γ E 1 : E 2 :: [σ] Γ E 2 :: [σ] :: CONS

56 Midlands Graduate School, University of Birmingham, April What s Next? Function eclarations and Programs Show how to code up functions. efine what makes up a FUN program. Give some examples.

57 Midlands Graduate School, University of Birmingham, April Introducing Function eclarations To declare plus can write plus x y = x+y. To declare fac fac x = if x == 1 then 1 else x fac(x 1) And to declare that true denotes T we write true = T. In FUN e, can specify (recursive) declarations K = E Fx = E G x y = E...

58 Midlands Graduate School, University of Birmingham, April An Example eclaration Let I = I 1 :: [int] int int,i 2 :: int int,i 3 :: bool. Then an example of an identifier declaration dec I is I 1 l y = hd(tl(tl(l)))+i 2 y def = E I1 I 2 x I 3 I 4 u v w = x x = T = u+v+w def = E I2 def = E I3 def = E I4

59 Midlands Graduate School, University of Birmingham, April An Example Program Let I = F :: int int int,k :: int. Then an identifier declaration dec I is F x y = x+7 y def = E F K = 10 An example of a program is dec I in F 8 1 K. Note that F 8 1 K :: bool and x :: int,y :: int }{{} Γ F x+7 y :: }{{} int and K :: int σ F

60 Midlands Graduate School, University of Birmingham, April efining Programs A program in FUN e is a judgement of the form dec I in P where dec I is a given identifier declaration and the program expression P satisfies a type assignment of the form P :: σ (written P :: σ) and F x = E F dec I Γ F E F :: σ F

61 Midlands Graduate School, University of Birmingham, April What s Next? Values and the Evaluation Relation Look at the notion of evaluation order. efine values, which are the results of eager program executions. efine an eager evaluation semantics: P e V. Give some examples.

62 Midlands Graduate School, University of Birmingham, April Evaluation Orders The operational semantics of FUN e says when a program P evaluates to a value V. It is like the IMP evaluation semantics. Write this in general as P e V, and examples are e 17 hd(2 : nil int ) e 2

63 Midlands Graduate School, University of Birmingham, April Let F x y = x+y. We would expect F (2 3) (4 5) e 26. We could evaluate 2 3 to get value 6 yielding F 6 (4 5), then evaluate 4 5 to get value 20 yielding F We then call the function to get 6+20, which evaluates to 26. This is call-by-value or eager evaluation. Or the function could be called first yielding (2 3)+(4 5) and then we continue to get 6 +(4 5) and and 26. This is called call-by-name or lazy evaluation.

64 Midlands Graduate School, University of Birmingham, April efining and Explaining (Eager) Values Let dec I be an identifier declaration, with typical typing F :: σ 1 σ 2 σ 3... σ a σ Informally a is the maximum number of inputs taken by F. A value expression is any expression V produced by V ::= c nil σ F V V : V where V abbreviates V 1 V 2... V k 1 V k and 0 k < a. Note also that k is strictly less than a, and that if a = 1 then F V denotes F.

65 Midlands Graduate School, University of Birmingham, April A value is any value expression for which dec I is a valid FUN e program. in V Suppose that F :: int int int int and that P 1 e 2 and P 2 e 5 and P 3 e 7 with P i not values. Then P V F F P 1 F 2 F 2 P 2 F 2 5 P V F 2 5 P 3 F F P 1 P 2 P 3 14

66 Midlands Graduate School, University of Birmingham, April The Evaluation Relation V e V e VAL P 1 e m P 2 e n e OP P 1 op P 2 e m op n P 1 e T P 2 e V if P 1 then P 2 else P 3 e V e CON1

67 Midlands Graduate School, University of Birmingham, April P 1 e F V P 2 e V 2 F V V 2 e V where either P 1 or P 2 is not a value P 1 P 2 e V e AP E F [V 1,...,V a /x 1,...,x a ] e V FV 1...V a e V [F x = E F declared in dec I ] e FI E K e V K e V [K = E K declared in dec I ] e CI

68 Midlands Graduate School, University of Birmingham, April P e V : V e H hd(p) e V P e V : V e TL tl(p) e V P 1 e V P 2 e V e CONS P 1 : P 2 e V : V P e nil σ e ELIST 1 elist(p) e T P e V : V e ELIST 2 elist(p) e F

69 Midlands Graduate School, University of Birmingham, April Examples of Evaluations Suppose that dec I is G x = x 2 K = 3 G e G VAL 3 e 3 K e 3 VAL CI 3 e 3 G K e 6 VAL 2 e 2 (x 2)[3/x] = 3 2 e 6 G 3 e 6 VAL OP FI AP

70 Midlands Graduate School, University of Birmingham, April We can prove that F 2 3 (4+1) e 10 where F x y z = x+y+z as follows: F 2 3 e F 2 3 e VAL 4 e 4 1 e e 5 T e AP F 2 3 (4+1) e 10

71 Midlands Graduate School, University of Birmingham, April where T is the tree 2 e 2 3 e e 5 5 e e 10 ========================== (x+y+z)[2,3,5/x,y,z] e 10 F e 10 e FI

72 Midlands Graduate School, University of Birmingham, April What s Next? FUN Properties of Eager Evaluation Explain and define determinism. Explain and define subject reduction, that is, preservation of types during program execution.

73 Midlands Graduate School, University of Birmingham, April Properties of FUN The evaluation relation for FUN e is deterministic. More precisely, for all P, V 1 and V 2, if P e V 1 and P e V 2 then V 1 = V 2. (Thus e is a partial function.) Evaluating a program dec I type. More precisely, in P does not alter its ( P :: σ and P e V) implies V :: σ for any P, V, σ and dec I. The conservation of type during program evaluation is called subject reduction.

74 Midlands Graduate School, University of Birmingham, April Chapter 5 By the end of this chapter you should be able to describe the SEC machine, which executes compiled FUN e programs; here the expressions Exp are defined by E ::= x n F E E; show how to compile to SEC instruction sequences; write down example executions.

75 Midlands Graduate School, University of Birmingham, April Architecture of the Machine The SEC machine consists of rules for transforming SEC configurations (S, E,C, ). The non-empty stack S is generated by S ::= n S l...s 1 clo F Each node occurs at a level 1. A stack S has a height the maximum level of any clo F, or 0 otherwize.

76 Midlands Graduate School, University of Birmingham, April If the (unique) left-most closure node clo F at level α exists, call it the α-prescribed node, and write α S. For any stack α S of height 1 there is a sub-stack S of shape S l... S 1 clo F

77 Midlands Graduate School, University of Birmingham, April Given any other stack S l+1 there is a stack S S l+1 S l... S 1 clo F Write S l+1 S for S with S replaced by S.

78 Midlands Graduate School, University of Birmingham, April The environment E takes the form x 1 =?S 1 :... : x n =?S n. The value of each? is determined by the form of an S i. If S i is n then? is 0; if S i is clo F other case,? is Av 1. then? is 1; in any

79 Midlands Graduate School, University of Birmingham, April A SEC code C is a list which is produced by the following grammars: ins C ::= x n F APP ::= ins : C A typical dump looks like (S 1,E 1,C 1,(S 2,E 2,C 2,...(S n,e n,c n, )...)) We will overload : to denote append; and write ξ for ξ :.

80 Midlands Graduate School, University of Birmingham, April We define a compilation function [[ ]]:Exp SECcodes which takes an SEC expression and turns it into code. [[x]] def = x [[n]] def = n [[F]] def = F [[E 1 E 2 ]] def = [[E 1 ]] : [[E 2 ]] : APP

81 Midlands Graduate School, University of Birmingham, April There is a representation of program values as stacks, given by ( n ) def = n ( F V 1...V k ) def = ( V k )... ( V 1 ) clo F = ( V k )... ( V 1 ) clo F Recall k < a with a the arity of F.

82 Midlands Graduate School, University of Birmingham, April The Re-writes A number is pushed onto the stack (the initial stack can be of any status): S [Av]α S E E C n : C num S E C α n S E C

83 Midlands Graduate School, University of Birmingham, April A function is pushed onto the stack (the initial stack can be of any status): S [Av]α S E E C F : C fn S α+1 E C clo F E C S

84 Midlands Graduate School, University of Birmingham, April A variable s value is pushed onto the stack, provided that the environment E contains x =?T [Av]δ T (where δ is 0 or 1). Note that by definition, the status of T determines the status of the re-written stack: S [Av]α S E E C x : C var S [Av]δ+α T S E E C C

85 Midlands Graduate School, University of Birmingham, April An APP command creates an application value, type 0: S k...s 1 S k...s 1 S α clo F S S Av α clo F S E E cav0 E E C APP : C C C

86 Midlands Graduate School, University of Birmingham, April An APP command creates an application value, type 1: S α clo H S k 1...S 1 clo F S S Av α 1 clo H S k 1...S 1 clo F S cav1 E E E E C APP : C C C

87 Midlands Graduate School, University of Birmingham, April An APP command produces an application value from an application value: S k...s 1 S k...s 1 clo F S k 1...S 1 clo F S k 1...S 1 S Av α S S Av α 1 S clo G avtav clo G E E E E C APP : C C C

88 Midlands Graduate School, University of Birmingham, April An APP command calls a function, type 0: S a...s 1 S α clo F S S E E call0 E x a =?S a :... : x 1 =?S 1 : E C [[E F ]] C APP : C (α 1 S,E,C,)

89 Midlands Graduate School, University of Birmingham, April An APP command calls a function, type 1: S E C α clo H S a 1...S 1 clo F E APP : C S call1 S E x a =?S a :... : x 1 =?S 1 : E C [[E F ]] (α 2 S,E,C,)

90 Midlands Graduate School, University of Birmingham, April An APP command calls a function, type 2: S k...s 1 clo F S a 1...S 1 S Av α S S clo G call2 E x a =?S a :... : x 1 =?S 1 : E C [[E G ]] E E (α 2 S,E,C,) C APP : C

91 Midlands Graduate School, University of Birmingham, April Restore, where the final status is determined by the initial status: S [Av]β T E E C (α S, E,C, ) res S [Av]α+β T S E E C C

92 Midlands Graduate School, University of Birmingham, April Suppose that K, N and MN are functions which are also values, and that F x y = x L u v = u (F (H 4)) (I 2 K) e M N. Note that [[(F (H 4)) (I 2 K)]] = I a b = b H z = L (M N) z Then (11. def = F) : H : 4 : APP : APP : I : 2 : APP : K : APP : (APP def = 1.) and [[L (M N) z]] def = 7. def = L : M : N : APP : APP : z : APP def = 1.

93 Midlands Graduate School, University of Birmingham, April S 0 E C 11. num/fn 3 S 2 E cloh clof C 8. APP : 7.

94 Midlands Graduate School, University of Birmingham, April clo N call0 S 0 E C ξ def = (1 E def = z = 0 [[L (M N) z]] clo F 4,,7., ) fn 3 S 3 clo M clo L E E C 4. ξ

95 Midlands Graduate School, University of Birmingham, April clo N clo N S Av 2 clo M S Av 1 clo M cav1 clo L avtav clo L E E E E C 3. C 2. ξ ξ

96 Midlands Graduate School, University of Birmingham, April Chapter 6 By the end of this chapter you should be able to explain the outline of a proof of correctness; explain some of the results required for establishing correctness, and the proofs of these results.

97 Midlands Graduate School, University of Birmingham, April A Correctness Theorem For all programs dec I in P for which P :: σ we have S S ( V ) P e V iff E C [[P]] t E C

98 Midlands Graduate School, University of Birmingham, April Code and Stack Extension For any stacks, environments, codes, and dumps, if C 1 is non-empty S S 1 S S 2 M def = E E C C 1 k E E C C 2 def = M implies S S 1 S 3 S S 2 S 3 M def = E E C C 1 : C 3 k E E C C 2 : C 3 def = M

99 Midlands Graduate School, University of Birmingham, April Need to prove lemma plus : if (S,E,C, ) we can also similarly arbitrarily extend any of the stacks and codes in (say to ). We use induction on k. Suppose lemma plus is true k k 0. Must prove we can extend any re-write M k0+1 M to M k0+1 M. By determinism, we have M 1 M k 0 M. If no function call during M 1 M, trivial to extend to get M 1 M. And by induction, M k 0 M.

100 Midlands Graduate School, University of Birmingham, April If there is a function call, there are k 1 and k 2 such that S T S S S S M def = E C E APP : C 1 E E C [[E F ]] k 1 E E C C (S,E,C,) (S,E,C,) S S S res 1 E C E C k 2 M where there are no function calls in the k 2 re-writes.

101 Midlands Graduate School, University of Birmingham, April By induction, we have S S S M def = E E C [[E F ]] k 1 E E C C (S S 3,E,C : C 3,) (S S 3,E,C : C 3,) It is easy to see that M M, and obviously S S E E C C (S S 3,E,C : C 3,) 1 S S S S 3 E E C C : C 3

102 Midlands Graduate School, University of Birmingham, April If k 2 = 0 then we are done. If k 2 1 then we can similarly extend the stack and code of the final k 2 1 transitions by induction S S S S 3 E E C C : C 3 1 M. and we are also done.

103 Midlands Graduate School, University of Birmingham, April Code Splitting For any stacks, environments, codes, and dumps, if C 1 and C 2 are non-empty then S S E E C C 1 : C 2 k S S E E C implies that

104 Midlands Graduate School, University of Birmingham, April S S S S S S S S E E C C 1 k 1 E C E and E E C C 2 k 2 E C E where k = k 1 + k 2.

105 Midlands Graduate School, University of Birmingham, April Program Code Factors Through Value Code For any well typed FUN e program dec I and P e V, in P where P :: σ S S S Ŝ S S S Ŝ E C E [[P]] k E C Ê implies ( k k) E C E [[V]] k E C Ê ˆ ˆ with equality only if P is a value (and hence equal to V).

106 Midlands Graduate School, University of Birmingham, April Proving the Theorem ( = if ): We shall prove that if P :: σ then S S S S E C [[P]] k E C implies ( V) S = ( V ) S and P e V from which the required result follows. Induction on k. If P is a number or a function the result is trivial. Else P has the form P 1 P 2.

107 Midlands Graduate School, University of Birmingham, April Suppose that S S S S E C [[P 1 ]] : [[P 2 ]] : APP k 0+1 E C Then appealing to splitting and the induction hypothesis, we get

108 Midlands Graduate School, University of Birmingham, April S S S ( F V ) S E C [[P 1 ]] k 1 E C and S ( F V ) S S S E C [[P 2 ]] : APP k 2 E C where P 1 e F V.

109 Midlands Graduate School, University of Birmingham, April Appealing to splitting again, and by induction, S ( F V ) S S ( V 2 ) ( F V ) S E C [[P 2 ]] k 21 E C and S ( V 2 ) ( F V ) S S S E C APP k 22 E C where P 2 e V 2.

110 Midlands Graduate School, University of Birmingham, April By factorization on P 1 and P 2, and extension we have (check!) S S S ( V 2 ) ( F V ) S S S E C [[F V V 2 ]] k 1+k 21 E C APP k 22 E C and so if P 1 P 2 is not a value then k 1 + k 21 + k 22 < k and by induction S = ( V ) S for some V where F V V 2 e V. Hence P 1 P 2 e V as required. If P 1 P 2 is a value, refer to part (= onlyif ) of the proof, case e VAL