Roy L. Crole. Operational Semantics Abstract Machines and Correctness. University of Leicester, UK

Midlands Graduate School, University of Birmingham, April 2008 1 Operational Semantics Abstract Machines and Correctness Roy L. Crole University of Leicester, UK

Midlands Graduate School, University of Birmingham, April 2008 2 Introduction By the end of this introduction, you should be able to briefly explain the meaning of syntax and semantics; give a snap-shot overview of the course; explain what inductively defined sets are; and do simple rule inductions.

Midlands Graduate School, University of Birmingham, April 2008 3 What s Next? Background What is a Programming Language? What is Syntax? What is Semantics?

Midlands Graduate School, University of Birmingham, April 2008 4 Some Answers Programming Languages are formal languages used to communicate with a computer. Programming languages may be low level. They give direct instructions to the processor (instruction set architecture). Or high level. The instructions are indirect being (eg) compiled for the processor but much closer to concepts understood by the user (Java, C++,... ).

Midlands Graduate School, University of Birmingham, April 2008 5 Syntax refers to particular arrangements of words and letters eg avid hit the ball or if t > 2 then H = Off. A grammar is a set of rules which can be used to specify how syntax is created. Examples can be seen in automata theory, or programming manuals. Theories of syntax and grammars can be developed ideas are used in compiler construction.

Midlands Graduate School, University of Birmingham, April 2008 6 Semantics is the study of meaning. In particular, syntax can be given meaning. The word run can mean execution of a computer program, spread of ink on paper,... Programming language syntax can be given a semantics at least in theory!. We need this to write meaningful programs...

Midlands Graduate School, University of Birmingham, April 2008 7 Semantic descriptions are often informal. Consider while (expression) command ; adapted from Kernighan and Ritchie 1978/1988, p 224: The command is executed repeatedly so long as the value of the expression remains unequal to 0; the expression must have arithmetic or pointer type. The execution of the (test) expression, including all side effects, occurs before each execution of the command. We want to be more precise, more succinct.

Midlands Graduate School, University of Birmingham, April 2008 8 Top Level view of Course efine syntax for programs P and types σ ; (define type assignments P :: σ ); define operational semantics looking like (P, s) (V, s ) P V ; and compile P and V to abstract machine instructions P [[P]] and V ( V ) Then prove correctness: P V iff [[P]] t ( V )

Midlands Graduate School, University of Birmingham, April 2008 9 What s Next? Inductively efined Sets Specify inductively defined sets; programs, types etc will be defined this way. BNF grammars are a form of inductive definition; abstract syntax trees are also defined inductively. efine Rule Induction; properties of programs will be proved using this. It is important.

Midlands Graduate School, University of Birmingham, April 2008 10 Example Inductive efinition Let Var be a set of propositional variables. Then the set Prpn of propositions of propositional logic is inductively defined by the rules P [P Var] (A) φ φ ψ ψ ( ) φ ψ ( ) φ ψ ( ) φ ( ) φ ψ φ ψ φ Each proposition is created by a deduction...

Midlands Graduate School, University of Birmingham, April 2008 11 Inductively efined Sets in General Given a set of rules, a deduction is a finite tree such that each leaf node label c occurs as a base rule (,c) R for any non-leaf node label c, if H is the set of children of c then (H,c) R is an inductive rule. The set I inductively defined by R consists of those elements e which have a deduction with root node e. One may prove e I. φ(e) for a property φ(e) by rule induction. See the notes...

Midlands Graduate School, University of Birmingham, April 2008 12 Example of Rule Induction Consider the set of trees T defined inductively by n [n Z] T 1 T 2 +(T 1,T 2 ) Let L(T) be the number of leaves in T, and N(T) be the number of +-nodes of T. We prove (see board) T T. L(T) = N(T)+1 where the functions L,N:T N are defined recursively by L(n) = 1 and L(+(T 1,T 2 )) = L(T 1 )+L(T 2 ) N(n) = 0 and N(+(T 1,T 2 )) = N(T 1 )+N(T 2 )+1

Midlands Graduate School, University of Birmingham, April 2008 13 Chapter 1 By the end of this chapter, you should be able to describe the programs (syntax) of a simple imperative language called IMP; give a type system to IMP and derive types; explain the idea of evaluation relations; derive example evaluations.

Midlands Graduate School, University of Birmingham, April 2008 14 What s Next? Types and Expressions We define the types and expressions of IMP. We give an inductive definition of a formal type system.

Midlands Graduate School, University of Birmingham, April 2008 15 Program Expressions and Types for IMP The program expressions are given (inductively) by P ::= c constant l memory location P iop P integer operator P bop P boolean operator l := P assignment P ; P sequencing if P then P else P conditional while P do P while loop

Midlands Graduate School, University of Birmingham, April 2008 16 The types of the language IMP are given by the grammar σ ::= int bool cmd A location environment L is a finite set of (location, type) pairs, with type being just int or bool: L = l 1 :: int,...,l n :: int, l n+1 :: bool,...,l m :: bool Given L, then any P whose locations all appear in L can (sometimes) be assigned a type; we write P :: σ to indicate this, and define such type assignments inductively.

Midlands Graduate School, University of Birmingham, April 2008 17 [any n Z] n :: int T :: bool F :: bool l :: int [l :: int L] P 1 :: int P 2 :: int P 1 bop P 2 :: bool [ bop BOpr] skip :: cmd l :: σ P :: σ l := P :: cmd P 1 :: bool P 2 :: cmd P 3 :: cmd P 1 :: bool P 2 :: cmd if P 1 then P 2 else P 3 :: cmd while P 1 do P 2 :: cmd

Midlands Graduate School, University of Birmingham, April 2008 18 Example: eduction of a Type Assignment l :: int 5 :: int 3 4 l 5 :: bool 2 l := l 1 ; l := l l :: cmd if l 5 then l := 1 else (l := l+1 ; l := l l) :: cmd

Midlands Graduate School, University of Birmingham, April 2008 19 What s Next? An Evaluation Relation We define a notion of state. We define an evaluation relation for IMP. We look at an example.

Midlands Graduate School, University of Birmingham, April 2008 20 States A state s is a finite partial function Loc Z B. For example s = l 1 4,l 2 T,l 3 21 There is a state denoted by s{l c} : Loc Z B which is the partial function (s{l c})(l ) def = c s(l ) if l = l otherwise We say that state s is updated at l by c.

Midlands Graduate School, University of Birmingham, April 2008 21 An Evaluation Relation Consider the following evaluation relationship ( l := T ; l := 4+1, ) ( skip, l T,l 5 ) The idea is Starting program final result We describe an operational semantics which has assertions which look like (P, s) (c, s) and (P, s 1 ) (skip, s 2 )

Midlands Graduate School, University of Birmingham, April 2008 22 (l, s) (s(l), s) [ provided l domain of s] LOC (P 1, s) (n 1, s) (P 2, s) (n 2, s) (P 1 op P 2, s) (n 1 op n 2, s) OP (P, s) (c, s) (l := P, s) (skip, s{l c}) ASS (P 1, s 1 ) (skip, s 2 ) (P 2, s 2 ) (skip, s 3 ) (P 1 ; P 2, s 1 ) (skip, s 3 ) SEQ

Midlands Graduate School, University of Birmingham, April 2008 23 (P, s 1 ) (F, s 1 ) (P 2, s 1 ) (skip, s 2 ) (if P then P 1 else P 2, s 1 ) (skip, s 2 ) CON2 (P 1, s 1 ) (T, s 1 ) (P 2, s 1 ) (skip, s 2 ) (while P 1 do P 2, s 2 ) (skip, s 3 ) (while P 1 do P 2, s 1 ) (skip, s 3 ) (P 1, s) (F, s) (while P 1 do P 2, s) (skip, s) LOOP2

Midlands Graduate School, University of Birmingham, April 2008 24 Example Evaluations We derive deductions for and ((3+2) 6, s) (30, s) (while l = 1 do l := l 1, l 1 ) (skip, l 0 )

Midlands Graduate School, University of Birmingham, April 2008 25 Chapter 2 By the end of this chapter you should be able to describe the compiled CSS machine, which executes compiled IMP programs; show how to compile to CSS instruction sequences; give some example executions.

Midlands Graduate School, University of Birmingham, April 2008 26 Motivating the CSS Machine An operational semantics gives a useful model of IMP we seek a more direct, computational method for evaluating configurations. If P e V, how do we mechanically produce V from P? P P 0 P 1 P 2... P n V Mechanically produce can be made precise using a relation P P defined by rules with no hypotheses. n+m m+n

Midlands Graduate School, University of Birmingham, April 2008 27 P 0 P 1 P 2 P 3 P 4... V Re-Write Rules (Abstract Machine) deduction tree P e V Evaluation Semantics

Midlands Graduate School, University of Birmingham, April 2008 28 An Example Let s(l) = 6. Execute 10 l on the CSS machine. First, compile the program. [[10 l]] = FETCH(l) : PUSH(10) : OP( ) Then FETCH(l) : PUSH(10) : OP( ) s PUSH(10) : OP( ) 6 s OP( ) 10 : 6 s 4 s

Midlands Graduate School, University of Birmingham, April 2008 29 efining the CSS Machine A CSS code C is a list: C ins ::= ins : C ::= PUSH(c) FETCH(l) OP(op) SKIP STO(l) BR(C,C) LOOP(C,C) The objects ins are CSS instructions. We will overload : to denote append; and write ξ for ξ : (ditto below). A stack S is produced by the grammar S ::= c : S

Midlands Graduate School, University of Birmingham, April 2008 30 A CSS configuration is a triple (C,S,s). A CSS re-write takes the form (C 1, S 1, s 1 ) (C 2, S 2, s 2 ) and re-writes are specified inductively by rules with no hypotheses (such rules are often called axioms) (C 1, S 1, s 1 ) (C 2, S 2, s 2 ) R Note that the CSS re-writes are deterministic.

Midlands Graduate School, University of Birmingham, April 2008 31 PUSH(c) : C S s C c : S s FETCH(l) : C S s C s(l) : S s OP( op ) : C n 1 : n 2 : S s C n 1 op n 2 : S s STO(l) : C c : S s C S s{l c} BR(C 1,C 2 ) : C F : S s C 2 : C S s LOOP(C 1,C 2 ) : C S s C 1 : BR(C 2 : LOOP(C 1,C 2 ),SKIP) : C S s

Midlands Graduate School, University of Birmingham, April 2008 32 [[c]] [[l]] [[P 1 op P 2 ]] [[l := P]] [[skip]] [[P 1 ; P 2 ]] [[if P then P 1 else P 2 ]] [[while P 1 do P 2 ]] def = PUSH(c) def = FETCH(l) def = [[P 2 ]] : [[P 1 ]] : OP(op) def = [[P]] : STO(l) def = SKIP def = [[P 1 ]] : [[P 2 ]] def = [[P]] : BR([[P 1 ]],[[P 2 ]]) def = LOOP([[P 1 ]],[[P 2 ]])

Midlands Graduate School, University of Birmingham, April 2008 33 Chapter 3 By the end of this chapter you should be able to describe the interpreted CSS machine, which executes IMP programs; explain the outline of a proof of correctness; explain some of the results required for establishing correctness, and the proofs of these results.

Midlands Graduate School, University of Birmingham, April 2008 34 Architecture of the Machine A CSS code C is a list of instructions which is produced by the following grammars: C ::= ins : C ins ::= P op STO(l) BR(P 1,P 2 ) We will overload : to denote append; and write ξ for ξ : (ditto below). A stack S is produced by the grammar S ::= c : S

Midlands Graduate School, University of Birmingham, April 2008 35 n : C S s C n : S s P 1 op P 2 : C S s P 2 : P 1 : op : C S s op : C n 1 : n 2 : S s C n 1 op n 2 : S s l := P : C S s P : STO(l) : C S s STO(l) : C n : S s C S s{l n} while P 1 do P 2 : C S s P 1 : BR((P 2 ; while P 1 do P 2 ),skip) : C S s

Midlands Graduate School, University of Birmingham, April 2008 36 A Correctness Theorem For all n Z, b B, P 1 :: int, P 2 :: bool, P 3 :: cmd and s,s 1,s 2 States we have (P 1, s) (n, s) iff P 1 s t n s (P 2, s) (b, s) iff P 2 s t b s (P 3, s 1 ) (skip, s 2 ) iff P 3 s 1 t s 2 where t denotes the transitive closure of.

Midlands Graduate School, University of Birmingham, April 2008 37 Proof Method = onlyif by Rule Induction for. = if by Mathematical Induction on k. Recall κ t κ iff ( k 1)(κ k κ ), where for k 1, κ k κ means that ( 1 i k)( κ i )(κ κ 1... κ k = κ ) Then note if the are configurations with ξ parameters ( ξ)( ( k)( k ) implies ) ( k)( ξ) ( k implies ) }{{} φ(k)

Midlands Graduate School, University of Birmingham, April 2008 38 Code and Stack Extension For all k N, and for all appropriate codes, stacks and states, C 1 S 1 s 1 k C 2 S 2 s 2 implies C 1 : C 3 S 1 : S 3 s 1 k C 2 : C 3 S 2 : S 3 s 2 where 0 is reflexive closure of.

Midlands Graduate School, University of Birmingham, April 2008 39 Code Splitting For all k N, and for all appropriate codes, stacks and states, if C 1 : C 2 S s k S s then there is a stack and state S and s, and k 1,k 2 N for which C 1 S s k 1 S s C 2 S s k 2 S s where k 1 + k 2 = k.

Midlands Graduate School, University of Birmingham, April 2008 40 Typing and Termination Yields Values For all k N, and for all appropriate codes, stacks, states, P :: int and P S s k S s implies s = s and S = n : S some n Z and similarly for Booleans. and P s k n s

Midlands Graduate School, University of Birmingham, April 2008 41 Proving the Theorem (= onlyif ): Rule Induction for (Case OP1): The inductive hypotheses are P 1 s t n 1 s P 2 s t n 2 s Then P 1 op P 2 s P 2 : P 1 : op s t P 1 : op n 2 s P 1 : op n 2 s t op n 1 : n 2 s n 1 op n 2 s

Midlands Graduate School, University of Birmingham, April 2008 42 ( = if ): We prove by induction for all k, for all P :: int,n,s, P s k n s implies (P, s) (n, s) } {{ } φ(k) (Proof of k 0 N, φ(k) k k0 implies φ(k 0 + 1)): Suppose that for some arbitrary k 0, P :: int, n and s P s k 0+1 n s ( ) and then we prove (P, s) (n, s) by considering cases on P.

Midlands Graduate School, University of Birmingham, April 2008 43 (Case P is P 1 op P 2 ): Suppose that P 1 op P 2 s k 0+1 n s and so P 2 : P 1 : op s k 0 n s. Using splitting and termination we have, noting P 2 :: int, that P 2 s k 1 n 2 s P 1 : op n 2 s k 2 n s where k 1 + k 2 = k 0,

Midlands Graduate School, University of Birmingham, April 2008 44 and repeating for the latter re-write we get P 1 n 2 s k 21 n 1 : n 2 s op n 1 : n 2 s k 22 n s (1) where k 21 + k 22 = k 2. So as k 1 k 0, by induction we deduce that (P 2, s) (n 2, s), and from termination that P 1 s k 21 n 1 s. Also, as k 21 k 0, we have inductively that (P 1, s) (n 1, s) and hence (P 1 op P 2, s) (n 1 op n 2, s). But from determinism and (1) we see that n 1 op n 2 = n and we are done.

Midlands Graduate School, University of Birmingham, April 2008 45 Chapter 4 By the end of this chapter you should be able to describe the expressions and type system of a language with higher order functions; explain how to write simple programs; specify an eager evaluation relation; prove properties such as determinism.

Midlands Graduate School, University of Birmingham, April 2008 46 What s Next? Expressions and Types for FUN efine the expression syntax and type system.

Midlands Graduate School, University of Birmingham, April 2008 47 g :: Int -> Int -> Int g x y = x+y Examples of FUN eclarations l1 :: [Int] l1 = 5:(6:(8:(4:(nil)))) h :: Int h = hd (5:6:8:4:nil) length :: [Bool] -> Int length l = if elist(l) then 0 else (1 + length t)

Midlands Graduate School, University of Birmingham, April 2008 48 FUN Types The types of FUN e are σ ::= int bool σ σ [σ] We shall write σ 1 σ 2 σ 3... σ n σ for σ 1 (σ 2 (σ 3 (... (σ n σ)...))). Thus for example σ 1 σ 2 σ 3 means σ 1 (σ 2 σ 3 ).

Midlands Graduate School, University of Birmingham, April 2008 49 FUN Expressions The expressions are E ::= x variables c constants K constant identifier F function identifier E 1 E 2 function application tl(e) tail of list E 1 : E 2 cons for lists elist(e) Boolean test for empty list Bracketing conventions apply...

Midlands Graduate School, University of Birmingham, April 2008 50 What s Next? A Formal FUN Type System Show how to declare the types of variables and identifiers. Give some examples. efine a type assignment system.

Midlands Graduate School, University of Birmingham, April 2008 51 Contexts (Variable Environments) When we write a FUN program, we shall declare the types of variables, for example x :: int,y :: bool,z :: bool A context, variables assumed distinct, takes the form Γ = x 1 :: σ 1,...,x n :: σ n.

Midlands Graduate School, University of Birmingham, April 2008 52 Identifier Environments When we write a FUN program, we want to declare the types of constants and functions. A simple example of an identifier environment is K :: bool, map :: (int int) [int] [int], suc :: int int An identifier type looks like σ 1 σ 2 σ 3... σ a σ where a 0 and σ is NOT a function type. An identifier environment looks like I = I 1 :: ι 1,...,I m :: ι m.

Midlands Graduate School, University of Birmingham, April 2008 53 Example Type Assignments With the previous identifier environment x :: int,y :: int,z :: int mapsuc(x : y : z : nil int ) :: [int] We have if T then hd(2 : nil int ) else hd(4 : 6 : nil int ) :: int

Midlands Graduate School, University of Birmingham, April 2008 54 Inductively efining Type Assignments Start with an identifier environment I and a context Γ. Then Γ x :: σ ( where x :: σ Γ) :: VAR Γ n :: int :: INT Γ E 1 :: int Γ E 2 :: int :: OP 1 Γ E 1 iop E 2 :: int

Midlands Graduate School, University of Birmingham, April 2008 55 Γ E 1 :: σ 2 σ 1 Γ E 2 :: σ 2 :: AP Γ E 1 E 2 :: σ 1 Γ I :: ι ( where I :: ι I) :: IR Γ nil σ :: [σ] :: NIL Γ E 1 :: σ Γ E 1 : E 2 :: [σ] Γ E 2 :: [σ] :: CONS

Midlands Graduate School, University of Birmingham, April 2008 56 What s Next? Function eclarations and Programs Show how to code up functions. efine what makes up a FUN program. Give some examples.

Midlands Graduate School, University of Birmingham, April 2008 57 Introducing Function eclarations To declare plus can write plus x y = x+y. To declare fac fac x = if x == 1 then 1 else x fac(x 1) And to declare that true denotes T we write true = T. In FUN e, can specify (recursive) declarations K = E Fx = E G x y = E...

Midlands Graduate School, University of Birmingham, April 2008 58 An Example eclaration Let I = I 1 :: [int] int int,i 2 :: int int,i 3 :: bool. Then an example of an identifier declaration dec I is I 1 l y = hd(tl(tl(l)))+i 2 y def = E I1 I 2 x I 3 I 4 u v w = x x = T = u+v+w def = E I2 def = E I3 def = E I4

Midlands Graduate School, University of Birmingham, April 2008 59 An Example Program Let I = F :: int int int,k :: int. Then an identifier declaration dec I is F x y = x+7 y def = E F K = 10 An example of a program is dec I in F 8 1 K. Note that F 8 1 K :: bool and x :: int,y :: int }{{} Γ F x+7 y :: }{{} int and K :: int σ F

Midlands Graduate School, University of Birmingham, April 2008 60 efining Programs A program in FUN e is a judgement of the form dec I in P where dec I is a given identifier declaration and the program expression P satisfies a type assignment of the form P :: σ (written P :: σ) and F x = E F dec I Γ F E F :: σ F

Midlands Graduate School, University of Birmingham, April 2008 61 What s Next? Values and the Evaluation Relation Look at the notion of evaluation order. efine values, which are the results of eager program executions. efine an eager evaluation semantics: P e V. Give some examples.

Midlands Graduate School, University of Birmingham, April 2008 62 Evaluation Orders The operational semantics of FUN e says when a program P evaluates to a value V. It is like the IMP evaluation semantics. Write this in general as P e V, and examples are 3+4+10 e 17 hd(2 : nil int ) e 2

Midlands Graduate School, University of Birmingham, April 2008 63 Let F x y = x+y. We would expect F (2 3) (4 5) e 26. We could evaluate 2 3 to get value 6 yielding F 6 (4 5), then evaluate 4 5 to get value 20 yielding F 6 20. We then call the function to get 6+20, which evaluates to 26. This is call-by-value or eager evaluation. Or the function could be called first yielding (2 3)+(4 5) and then we continue to get 6 +(4 5) and 6 + 20 and 26. This is called call-by-name or lazy evaluation.

Midlands Graduate School, University of Birmingham, April 2008 64 efining and Explaining (Eager) Values Let dec I be an identifier declaration, with typical typing F :: σ 1 σ 2 σ 3... σ a σ Informally a is the maximum number of inputs taken by F. A value expression is any expression V produced by V ::= c nil σ F V V : V where V abbreviates V 1 V 2... V k 1 V k and 0 k < a. Note also that k is strictly less than a, and that if a = 1 then F V denotes F.

Midlands Graduate School, University of Birmingham, April 2008 65 A value is any value expression for which dec I is a valid FUN e program. in V Suppose that F :: int int int int and that P 1 e 2 and P 2 e 5 and P 3 e 7 with P i not values. Then P V F F P 1 F 2 F 2 P 2 F 2 5 P V F 2 5 P 3 F 2 5 7 14 F P 1 P 2 P 3 14

Midlands Graduate School, University of Birmingham, April 2008 66 The Evaluation Relation V e V e VAL P 1 e m P 2 e n e OP P 1 op P 2 e m op n P 1 e T P 2 e V if P 1 then P 2 else P 3 e V e CON1

Midlands Graduate School, University of Birmingham, April 2008 67 P 1 e F V P 2 e V 2 F V V 2 e V where either P 1 or P 2 is not a value P 1 P 2 e V e AP E F [V 1,...,V a /x 1,...,x a ] e V FV 1...V a e V [F x = E F declared in dec I ] e FI E K e V K e V [K = E K declared in dec I ] e CI

Midlands Graduate School, University of Birmingham, April 2008 68 P e V : V e H hd(p) e V P e V : V e TL tl(p) e V P 1 e V P 2 e V e CONS P 1 : P 2 e V : V P e nil σ e ELIST 1 elist(p) e T P e V : V e ELIST 2 elist(p) e F

Midlands Graduate School, University of Birmingham, April 2008 69 Examples of Evaluations Suppose that dec I is G x = x 2 K = 3 G e G VAL 3 e 3 K e 3 VAL CI 3 e 3 G K e 6 VAL 2 e 2 (x 2)[3/x] = 3 2 e 6 G 3 e 6 VAL OP FI AP

Midlands Graduate School, University of Birmingham, April 2008 70 We can prove that F 2 3 (4+1) e 10 where F x y z = x+y+z as follows: F 2 3 e F 2 3 e VAL 4 e 4 1 e 1 4+1 e 5 T e AP F 2 3 (4+1) e 10

Midlands Graduate School, University of Birmingham, April 2008 71 where T is the tree 2 e 2 3 e 3 2+3 e 5 5 e 5 2+3+5 e 10 ========================== (x+y+z)[2,3,5/x,y,z] e 10 F 2 3 5 e 10 e FI

Midlands Graduate School, University of Birmingham, April 2008 72 What s Next? FUN Properties of Eager Evaluation Explain and define determinism. Explain and define subject reduction, that is, preservation of types during program execution.

Midlands Graduate School, University of Birmingham, April 2008 73 Properties of FUN The evaluation relation for FUN e is deterministic. More precisely, for all P, V 1 and V 2, if P e V 1 and P e V 2 then V 1 = V 2. (Thus e is a partial function.) Evaluating a program dec I type. More precisely, in P does not alter its ( P :: σ and P e V) implies V :: σ for any P, V, σ and dec I. The conservation of type during program evaluation is called subject reduction.

Midlands Graduate School, University of Birmingham, April 2008 74 Chapter 5 By the end of this chapter you should be able to describe the SEC machine, which executes compiled FUN e programs; here the expressions Exp are defined by E ::= x n F E E; show how to compile to SEC instruction sequences; write down example executions.

Midlands Graduate School, University of Birmingham, April 2008 75 Architecture of the Machine The SEC machine consists of rules for transforming SEC configurations (S, E,C, ). The non-empty stack S is generated by S ::= n S l...s 1 clo F Each node occurs at a level 1. A stack S has a height the maximum level of any clo F, or 0 otherwize.

Midlands Graduate School, University of Birmingham, April 2008 76 If the (unique) left-most closure node clo F at level α exists, call it the α-prescribed node, and write α S. For any stack α S of height 1 there is a sub-stack S of shape S l... S 1 clo F

Midlands Graduate School, University of Birmingham, April 2008 77 Given any other stack S l+1 there is a stack S S l+1 S l... S 1 clo F Write S l+1 S for S with S replaced by S.

Midlands Graduate School, University of Birmingham, April 2008 78 The environment E takes the form x 1 =?S 1 :... : x n =?S n. The value of each? is determined by the form of an S i. If S i is n then? is 0; if S i is clo F other case,? is Av 1. then? is 1; in any

Midlands Graduate School, University of Birmingham, April 2008 79 A SEC code C is a list which is produced by the following grammars: ins C ::= x n F APP ::= ins : C A typical dump looks like (S 1,E 1,C 1,(S 2,E 2,C 2,...(S n,e n,c n, )...)) We will overload : to denote append; and write ξ for ξ :.

Midlands Graduate School, University of Birmingham, April 2008 80 We define a compilation function [[ ]]:Exp SECcodes which takes an SEC expression and turns it into code. [[x]] def = x [[n]] def = n [[F]] def = F [[E 1 E 2 ]] def = [[E 1 ]] : [[E 2 ]] : APP

Midlands Graduate School, University of Birmingham, April 2008 81 There is a representation of program values as stacks, given by ( n ) def = n ( F V 1...V k ) def = ( V k )... ( V 1 ) clo F = ( V k )... ( V 1 ) clo F Recall k < a with a the arity of F.

Midlands Graduate School, University of Birmingham, April 2008 82 The Re-writes A number is pushed onto the stack (the initial stack can be of any status): S [Av]α S E E C n : C num S E C α n S E C

Midlands Graduate School, University of Birmingham, April 2008 83 A function is pushed onto the stack (the initial stack can be of any status): S [Av]α S E E C F : C fn S α+1 E C clo F E C S

Midlands Graduate School, University of Birmingham, April 2008 84 A variable s value is pushed onto the stack, provided that the environment E contains x =?T [Av]δ T (where δ is 0 or 1). Note that by definition, the status of T determines the status of the re-written stack: S [Av]α S E E C x : C var S [Av]δ+α T S E E C C

Midlands Graduate School, University of Birmingham, April 2008 85 An APP command creates an application value, type 0: S k...s 1 S k...s 1 S α clo F S S Av α clo F S E E cav0 E E C APP : C C C

Midlands Graduate School, University of Birmingham, April 2008 86 An APP command creates an application value, type 1: S α clo H S k 1...S 1 clo F S S Av α 1 clo H S k 1...S 1 clo F S cav1 E E E E C APP : C C C

Midlands Graduate School, University of Birmingham, April 2008 87 An APP command produces an application value from an application value: S k...s 1 S k...s 1 clo F S k 1...S 1 clo F S k 1...S 1 S Av α S S Av α 1 S clo G avtav clo G E E E E C APP : C C C

Midlands Graduate School, University of Birmingham, April 2008 88 An APP command calls a function, type 0: S a...s 1 S α clo F S S E E call0 E x a =?S a :... : x 1 =?S 1 : E C [[E F ]] C APP : C (α 1 S,E,C,)

Midlands Graduate School, University of Birmingham, April 2008 89 An APP command calls a function, type 1: S E C α clo H S a 1...S 1 clo F E APP : C S call1 S E x a =?S a :... : x 1 =?S 1 : E C [[E F ]] (α 2 S,E,C,)

Midlands Graduate School, University of Birmingham, April 2008 90 An APP command calls a function, type 2: S k...s 1 clo F S a 1...S 1 S Av α S S clo G call2 E x a =?S a :... : x 1 =?S 1 : E C [[E G ]] E E (α 2 S,E,C,) C APP : C

Midlands Graduate School, University of Birmingham, April 2008 91 Restore, where the final status is determined by the initial status: S [Av]β T E E C (α S, E,C, ) res S [Av]α+β T S E E C C

Midlands Graduate School, University of Birmingham, April 2008 92 Suppose that K, N and MN are functions which are also values, and that F x y = x L u v = u (F (H 4)) (I 2 K) e M N. Note that [[(F (H 4)) (I 2 K)]] = I a b = b H z = L (M N) z Then (11. def = F) : H : 4 : APP : APP : I : 2 : APP : K : APP : (APP def = 1.) and [[L (M N) z]] def = 7. def = L : M : N : APP : APP : z : APP def = 1.

Midlands Graduate School, University of Birmingham, April 2008 93 4 S 0 E C 11. num/fn 3 S 2 E cloh clof C 8. APP : 7.

Midlands Graduate School, University of Birmingham, April 2008 94 clo N call0 S 0 E C ξ def = (1 E def = z = 0 [[L (M N) z]] clo F 4,,7., ) fn 3 S 3 clo M clo L E E C 4. ξ

Midlands Graduate School, University of Birmingham, April 2008 95 clo N clo N S Av 2 clo M S Av 1 clo M cav1 clo L avtav clo L E E E E C 3. C 2. ξ ξ

Midlands Graduate School, University of Birmingham, April 2008 96 Chapter 6 By the end of this chapter you should be able to explain the outline of a proof of correctness; explain some of the results required for establishing correctness, and the proofs of these results.

Midlands Graduate School, University of Birmingham, April 2008 97 A Correctness Theorem For all programs dec I in P for which P :: σ we have S S ( V ) P e V iff E C [[P]] t E C

Midlands Graduate School, University of Birmingham, April 2008 98 Code and Stack Extension For any stacks, environments, codes, and dumps, if C 1 is non-empty S S 1 S S 2 M def = E E C C 1 k E E C C 2 def = M implies S S 1 S 3 S S 2 S 3 M def = E E C C 1 : C 3 k E E C C 2 : C 3 def = M

Midlands Graduate School, University of Birmingham, April 2008 99 Need to prove lemma plus : if (S,E,C, ) we can also similarly arbitrarily extend any of the stacks and codes in (say to ). We use induction on k. Suppose lemma plus is true k k 0. Must prove we can extend any re-write M k0+1 M to M k0+1 M. By determinism, we have M 1 M k 0 M. If no function call during M 1 M, trivial to extend to get M 1 M. And by induction, M k 0 M.

Midlands Graduate School, University of Birmingham, April 2008 100 If there is a function call, there are k 1 and k 2 such that S T S S S S M def = E C E APP : C 1 E E C [[E F ]] k 1 E E C C (S,E,C,) (S,E,C,) S S S res 1 E C E C k 2 M where there are no function calls in the k 2 re-writes.

Midlands Graduate School, University of Birmingham, April 2008 101 By induction, we have S S S M def = E E C [[E F ]] k 1 E E C C (S S 3,E,C : C 3,) (S S 3,E,C : C 3,) It is easy to see that M M, and obviously S S E E C C (S S 3,E,C : C 3,) 1 S S S S 3 E E C C : C 3

Midlands Graduate School, University of Birmingham, April 2008 102 If k 2 = 0 then we are done. If k 2 1 then we can similarly extend the stack and code of the final k 2 1 transitions by induction S S S S 3 E E C C : C 3 1 M. and we are also done.

Midlands Graduate School, University of Birmingham, April 2008 103 Code Splitting For any stacks, environments, codes, and dumps, if C 1 and C 2 are non-empty then S S E E C C 1 : C 2 k S S E E C implies that

Midlands Graduate School, University of Birmingham, April 2008 104 S S S S S S S S E E C C 1 k 1 E C E and E E C C 2 k 2 E C E where k = k 1 + k 2.

Midlands Graduate School, University of Birmingham, April 2008 105 Program Code Factors Through Value Code For any well typed FUN e program dec I and P e V, in P where P :: σ S S S Ŝ S S S Ŝ E C E [[P]] k E C Ê implies ( k k) E C E [[V]] k E C Ê ˆ ˆ with equality only if P is a value (and hence equal to V).

Midlands Graduate School, University of Birmingham, April 2008 106 Proving the Theorem ( = if ): We shall prove that if P :: σ then S S S S E C [[P]] k E C implies ( V) S = ( V ) S and P e V from which the required result follows. Induction on k. If P is a number or a function the result is trivial. Else P has the form P 1 P 2.

Midlands Graduate School, University of Birmingham, April 2008 107 Suppose that S S S S E C [[P 1 ]] : [[P 2 ]] : APP k 0+1 E C Then appealing to splitting and the induction hypothesis, we get

Midlands Graduate School, University of Birmingham, April 2008 108 S S S ( F V ) S E C [[P 1 ]] k 1 E C and S ( F V ) S S S E C [[P 2 ]] : APP k 2 E C where P 1 e F V.

Midlands Graduate School, University of Birmingham, April 2008 109 Appealing to splitting again, and by induction, S ( F V ) S S ( V 2 ) ( F V ) S E C [[P 2 ]] k 21 E C and S ( V 2 ) ( F V ) S S S E C APP k 22 E C where P 2 e V 2.

Midlands Graduate School, University of Birmingham, April 2008 110 By factorization on P 1 and P 2, and extension we have (check!) S S S ( V 2 ) ( F V ) S S S E C [[F V V 2 ]] k 1+k 21 E C APP k 22 E C and so if P 1 P 2 is not a value then k 1 + k 21 + k 22 < k 0 + 1 and by induction S = ( V ) S for some V where F V V 2 e V. Hence P 1 P 2 e V as required. If P 1 P 2 is a value, refer to part (= onlyif ) of the proof, case e VAL