CIS 500 Review recitations start this week. You may go to any - PowerPoint PPT Presentation

✬ ✩ ✬ ✩ Announcements CIS 500 Review recitations start this week. You may go to any recitation section that Software Foundations you wish. You do not need to register for the section, nor do you need to attend the same section the entire semester. If you need help finding a study Fall 2005 group, we will match people up in recitation sections this week. Wed 3:30-5:00 PM Levine 315 Bohannon Thurs 10:30-12 PM Levine 612 Aydemir Induction; Operational Semantics Thurs 1:30-3 PM Levine 512 Bohannon Fri 9:30-11 AM Levine 512 Aydemir First homework assignment is due one week from today. ✫ ✪ ✫ ✪ CIS 500, Induction; Operational Semantics 1 CIS 500, Induction; Operational Semantics 2 ✬ ✩ ✬ ✩ Boolean terms: Syntax Recall the definition of the language B : t ::= true Structural Induction false not t if t then t else t This was a short hand notation for the definition of the set B . The set B of boolean terms is the smallest set such that 1. { true , false } ⊆ B ; 2. if t 1 ∈ B , then { not t 1 } ⊆ B ; 3. if t 1 ∈ B , t 2 ∈ B , and t 3 ∈ B , then if t 1 then t 2 else t 3 ∈ B . ✫ ✪ ✫ ✪ CIS 500, Induction; Operational Semantics 3 CIS 500, Induction; Operational Semantics 4

✬ ✩ ✬ ✩ Boolean terms: Semantics Proving properties of programming languages We defined the semantics of B using the relation Eval . If ( t 1 , t 2 ) ∈ Eval then Suppose we want to prove that evaluation is deterministic. In other words: For all t there exists at most one t ′ such that ( t , t ′ ) ∈ Eval . t 2 is the meaning of t 1 . Recall that Eval is the smallest set closed under the following rules: 1. ( true , true ) ∈ Eval 2. ( false , false ) ∈ Eval 3. ( not t , true ) ∈ Eval when ( t , false ) ∈ Eval 4. ( not t , false ) ∈ Eval when ( t , true ) ∈ Eval 5. ( if t 1 then t 2 else t 3 , t ) ∈ Eval when either: � ( t 1 , true ) ∈ Eval and ( t 2 , t ) ∈ Eval � ( t 1 , false ) ∈ Eval and ( t 3 , t ) ∈ Eval ✫ ✪ ✫ ✪ CIS 500, Induction; Operational Semantics 5 CIS 500, Induction; Operational Semantics 6 ✬ ✩ ✬ ✩ Structural Induction Proofs by induction We can use induction for boolean terms. The way we have defined terms gives We’ll prove that evaluation is deterministic. In other words: For all t there exists at most one t ′ such that ( t , t ′ ) ∈ Eval . us an induction principle: For all t ∈ B , P ( t ) is true if and only if This gives us the property: P ( t ) = exists at most one t ′ such that ( t , t ′ ) ∈ Eval . � P ( true ) and P ( false ) hold � for all t 1 ∈ B , if P ( t 1 ) holds, then P ( not t 1 ) hold. So we want to show: � P ( true ) (i.e. exists at most one t ′ such that ( true , t ′ ) ∈ Eval ) � for all t 1 , t 2 , t 3 ∈ B , if P ( t 1 ) , P ( t 2 ) and P ( t 3 ) holds, then P ( if t 1 then t 2 else t 3 ) holds. � P ( false ) � P ( not t 1 ) given that P ( t 1 ) holds. � P ( if t 1 then t 2 else t 3 ) given that P ( t 1 ) , P ( t 2 ) and P ( t 3 ) all hold. ✫ ✪ ✫ ✪ CIS 500, Induction; Operational Semantics 7 CIS 500, Induction; Operational Semantics 8

✬ ✩ ✬ ✩ Boolean terms: Semantics Proof on chalkboard We defined the semantics of B using the relation Eval . If ( t 1 , t 2 ) ∈ Eval then t 2 is the meaning of t 1 . Recall that Eval is the smallest set closed under the following rules: 1. ( true , true ) ∈ Eval 2. ( false , false ) ∈ Eval 3. ( not t , true ) ∈ Eval when ( t , false ) ∈ Eval 4. ( not t , false ) ∈ Eval when ( t , true ) ∈ Eval 5. ( if t 1 then t 2 else t 3 , t ) ∈ Eval when either: � ( t 1 , true ) ∈ Eval and ( t 2 , t ) ∈ Eval � ( t 1 , false ) ∈ Eval and ( t 3 , t ) ∈ Eval ✫ ✪ ✫ ✪ CIS 500, Induction; Operational Semantics 9 CIS 500, Induction; Operational Semantics 10 ✬ ✩ ✬ ✩ Alternate notation: Inference rules Alternate notation: relational symbols If we abbreviate ( t , t ′ ) ∈ Eval as t ⇓ t ′ we can write these rules even more We can also define Eval using a shorthand notation. An alternate notation for the same definition: succinctly: ( true , true ) ∈ Eval ( false , false ) ∈ Eval true ⇓ true false ⇓ false ( t 1 , true ) ∈ Eval ( t 1 , false ) ∈ Eval t 1 ⇓ true t 1 ⇓ false ( not t 1 , false ) ∈ Eval ( not t 1 , true ) ∈ Eval not t 1 ⇓ false not t 1 ⇓ true ( t 1 , true ) ∈ Eval ( t 2 , t ) ∈ Eval ( t 1 , false ) ∈ Eval ( t 3 , t ) ∈ Eval t 1 ⇓ true t 2 ⇓ t t 1 ⇓ false t 3 ⇓ t ( if t 1 then t 2 else t 3 , t ) ∈ Eval ( if t 1 then t 2 else t 3 , t ) ∈ Eval if t 1 then t 2 else t 3 ⇓ t if t 1 then t 2 else t 3 ⇓ t The notation t ⇓ t ′ is read as “ t evaluates to t’ ”. Note that, just in the BNF notation, “the smallest set closed under...” is implied (but often not stated explicitly). We will often abbreviate relations using symbols such as ⇓ , → , ⊢ , etc. Terminology: � axiom vs. rule � concrete rule vs. rule scheme ✫ ✪ ✫ ✪ CIS 500, Induction; Operational Semantics 11 CIS 500, Induction; Operational Semantics 12

✬ ✩ ✬ ✩ Naming the rules Derivations The inference rule notation leads to a convenient notation for showing why a It is also useful to give names to each rule, so that we can refer to them later. pair of terms is in the evaluation relation. B-True true ⇓ true Say someone asked you to prove that B-False false ⇓ false if true then ( not false ) else ( not true ) ⇓ true t 1 ⇓ true B-NotTrue not t 1 ⇓ false t 1 ⇓ false B-NotFalse not t 1 ⇓ true t 1 ⇓ true t 2 ⇓ t B-IfTrue if t 1 then t 2 else t 3 ⇓ t t 1 ⇓ false t 3 ⇓ t B-IfFalse if t 1 then t 2 else t 3 ⇓ t ✫ ✪ ✫ ✪ CIS 500, Induction; Operational Semantics 13 CIS 500, Induction; Operational Semantics 14 ✬ ✩ ✬ ✩ Proving properties about evaluation Use structural induction Again we will use the structural induction principle for terms in B : Last time we showed that the evaluation relation was a function. i.e. for all t there is at most one t ′ such that t ⇓ t ′ . For all t in B , P ( t ) is true, if and only if � P ( true ) and P ( false ) hold Today we will show a related property: that evaluation is total. i.e. for all t there is at least one t ′ such that t ⇓ t ′ . � for all t 1 ∈ B , if P ( t 1 ) holds, then P ( not t 1 ) hold. � for all t 1 , t 2 , t 3 ∈ B , if P ( t 1 ) , P ( t 2 ) and P ( t 3 ) holds, then How to prove this property? P ( if t 1 then t 2 else t 3 ) holds. To show that evaluation is total, we need P ( t ) to be “there exists a t ′ such that t ⇓ t ′ ”. ✫ ✪ ✫ ✪ CIS 500, Induction; Operational Semantics 15 CIS 500, Induction; Operational Semantics 16

✬ ✩ ✬ ✩ Strengthening the induction principle Strengthing the induction principle The solution is to prove a property that implies the property that we want. We can not show that P ( not t 1 ) , given P ( t 1 ) . P ( t 1 ) tells us that t 1 evaluates to some t ′ , but not t 1 only evaluates if t ′ is Instead of showing “ t there exists a t ′ such that t ⇓ t ′ ” true or false , and we don’t know that. What to do now? Are we stuck? we will show “for all t either t ⇓ true or t ⇓ false ” Proving the second property implies that the first one is also true. To show the second property we need P ( t ) to be “either t ⇓ true or t ⇓ false ”. ✫ ✪ ✫ ✪ CIS 500, Induction; Operational Semantics 17 CIS 500, Induction; Operational Semantics 18 ✬ ✩ ✬ ✩ Growing a language The boolean language is an extremely simple language. There is not a lot that you can say with it. A larger language At the same time, it is pretty easy to prove properties about it. As we add to the expressiveness of a language, it usually becomes more difficult to show that the same properties are true. In fact, some properties that are true for simple languages are not true for more expressive languages. ✫ ✪ ✫ ✪ CIS 500, Induction; Operational Semantics 19 CIS 500, Induction; Operational Semantics 20

✬ ✩ ✬ ✩ The language Arith Language definability (informally) Consider a larger language, called Arith, that includes both booleans and This language does not include the term form not t . natural numbers: However, all is not lost. Whenever we want to say not t , we can write: t ::= true if t then false else true . false Because not t is definable, many of the same properties are true about Arith if t then t else t with not t as are true for Arith without not t . 0 Leaving out not means that our induction principle (and therefore our proofs) succ t are shorter. pred t iszero t What is the structural induction principle for this language? ✫ ✪ ✫ ✪ CIS 500, Induction; Operational Semantics 21 CIS 500, Induction; Operational Semantics 22 ✬ ✩ ✬ ✩ Semantics of Arith Semantics of Arith To define the semantics of Arith, we will first define a subset of the terms of Note: we are overloading the symbol ⇓ to refer to two different relations. Arith that will be the result of evaluation. true ⇓ true B-True These are called the values. v ::= bv false ⇓ false B-False nv bv ::= true t 1 ⇓ true t 2 ⇓ v B-IfTrue false if t 1 then t 2 else t 3 ⇓ v nv ::= 0 succ nv t 1 ⇓ false t 3 ⇓ v B-IfFalse if t 1 then t 2 else t 3 ⇓ v We use the metavariable v to indicate terms that are also values. ✫ ✪ ✫ ✪ CIS 500, Induction; Operational Semantics 23 CIS 500, Induction; Operational Semantics 24