Roy L. Crole University of Leicester, UK Midlands Graduate - PowerPoint PPT Presentation

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 25 Chapter 2 By the end of this chapter you should be able to � describe the “compiled” CSS machine, which executes compiled IMP programs; � show how to compile to CSS instruction sequences; � give some example executions. ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 26 Motivating the CSS Machine An operational semantics gives a useful model of IMP —we seek a more direct, “computational” method for evaluating configurations. If P ⇓ e V , how do we “mechanically produce” V from P ? P ≡ P 0 �→ P 1 �→ P 2 �→ ... �→ P n ≡ V “Mechanically produce” can be made precise using a → P ′ defined by rules with no hypotheses. relation P �− n + m �− → m + n ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 27 P 0 �→ P 1 �→ P 2 �→ P 3 �→ P 4 ... �→ V Re-Write Rules (Abstract Machine) deduction tree ✲ ✛ ⇓ e P V Evaluation Semantics ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 28 An Example Let s ( l ) = 6 . Execute 10 − l on the CSS machine. First, compile the program. [[ 10 − l ]] FETCH ( l ) : PUSH ( 10 ) : OP ( − ) = Then FETCH ( l ) : PUSH ( 10 ) : OP ( − ) s − s �− → PUSH ( 10 ) : OP ( − ) 6 s �− → OP ( − ) 10 : 6 s �− → − 4 ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 29 Defining the CSS Machine � A CSS code C is a list: C − | ins : C :: = ins PUSH ( c ) | FETCH ( l ) | OP ( op ) | SKIP :: = | STO ( l ) | BR ( C , C ) | LOOP ( C , C ) The objects ins are CSS instructions. We will overload : to denote append; and write ξ for ξ : − (ditto below). � A stack S is produced by the grammar S :: = − | c : S ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 30 � A CSS configuration is a triple ( C , S , s ) . � A CSS re-write takes the form ( C 1 , S 1 , s 1 ) �− → ( C 2 , S 2 , s 2 ) and re-writes are specified inductively by rules with no hypotheses (such rules are often called axioms) R ( C 1 , S 1 , s 1 ) �− → ( C 2 , S 2 , s 2 ) � Note that the CSS re-writes are deterministic. ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 31 PUSH ( c ) : C S s C c : S s �− → FETCH ( l ) : C S s C s ( l ) : S s �− → OP ( op ) : C n 1 : n 2 : S s C n 1 op n 2 : S s �− → STO ( l ) : C c : S s C S s { l �→ c } �− → BR ( C 1 , C 2 ) : C F : S s C 2 : C S s �− → LOOP ( C 1 , C 2 ) : C S s �− → C 1 : BR ( C 2 : LOOP ( C 1 , C 2 ) , SKIP ) : C S s ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 32 def [[ c ]] PUSH ( c ) = def [[ l ]] FETCH ( l ) = def [[ P 1 op P 2 ]] [[ P 2 ]] : [[ P 1 ]] : OP ( op ) = def [[ l : = P ]] [[ P ]] : STO ( l ) = def [[ skip ]] = SKIP def [[ P 1 ; P 2 ]] [[ P 1 ]] : [[ P 2 ]] = def [[ if P then P 1 else P 2 ]] [[ P ]] : BR ([[ P 1 ]] , [[ P 2 ]]) = def [[ while P 1 do P 2 ]] LOOP ([[ P 1 ]] , [[ P 2 ]]) = ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 33 Chapter 3 By the end of this chapter you should be able to � describe the “interpreted” CSS machine, which executes IMP programs; � explain the outline of a proof of correctness; � explain some of the results required for establishing correctness, and the proofs of these results. ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 34 Architecture of the Machine � A CSS code C is a list of instructions which is produced by the following grammars: C :: = − | ins : C ins :: = P | op | STO ( l ) | BR ( P 1 , P 2 ) We will overload : to denote append; and write ξ for ξ : − (ditto below). � A stack S is produced by the grammar S :: = − | c : S ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 35 n : C S s C n : S s �− → P 1 op P 2 : C S s P 2 : P 1 : op : C S s �− → op : C n 1 : n 2 : S s C n 1 op n 2 : S s �− → l : = P : C S s P : STO ( l ) : C S s �− → STO ( l ) : C n : S s C S s { l �→ n } �− → while P 1 do P 2 : C S s �− → P 1 : BR (( P 2 ; while P 1 do P 2 ) , skip ) : C S s ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 36 A Correctness Theorem For all n ∈ Z , b ∈ B , P 1 :: int , P 2 :: bool , P 3 :: cmd and s , s 1 , s 2 ∈ States we have → t ( P 1 , s ) ⇓ ( n , s ) iff P 1 s �− n s − − → t ( P 2 , s ) ⇓ ( b , s ) iff P 2 s �− b s − − → t ( P 3 , s 1 ) ⇓ ( skip , s 2 ) iff P 3 s 1 �− s 2 − − − → t denotes the transitive closure of �− where �− → . ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 37 Proof Method � = ⇒ onlyif by Rule Induction for ⇓ . → t κ ′ = if by Mathematical Induction on k . Recall κ �− � ⇐ → k κ ′ ) , where for k ≥ 1 , κ �− → k κ ′ means iff ( ∃ k ≥ 1 )( κ �− that ( ∀ 1 ≤ i ≤ k )( ∃ κ i )( κ �− → κ 1 �− → κ k = κ ′ ) → ... �− Then note if the ✷ are configurations with ξ parameters → k ✷ ) implies ✷ ⇓ ✷ ) ( ∀ ξ )( ( ∃ k )( ✷ �− ≡ → k ✷ implies ✷ ⇓ ✷ ) ( ∀ k )( ∀ ξ ) ( ✷ �− � �� � φ ( k ) ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 38 Code and Stack Extension For all k ∈ N , and for all appropriate codes, stacks and states, → k C 2 C 1 S 1 s 1 �− S 2 s 2 implies → k C 2 : C 3 C 1 : C 3 S 1 : S 3 s 1 �− S 2 : S 3 s 2 → 0 is reflexive closure of �− where �− → . ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 39 Code Splitting For all k ∈ N , and for all appropriate codes, stacks and states, if → k − C 1 : C 2 S s �− S ′′ s ′′ then there is a stack and state S ′ and s ′ , and k 1 , k 2 ∈ N for which → k 1 C 1 S s S ′ s ′ �− − → k 2 C 2 S ′ s ′ S ′′ s ′′ �− − where k 1 + k 2 = k . ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 40 Typing and Termination Yields Values For all k ∈ N , and for all appropriate codes, stacks, states, → k − P :: int and implies P S s �− S ′ s ′ S ′ = n : S some n ∈ Z s = s ′ and → k − and P s �− n s − and similarly for Booleans. ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 41 Proving the Theorem ( = ⇒ onlyif ): Rule Induction for ⇓ ( Case ⇓ OP 1 ): The inductive hypotheses are → t − → t − P 1 s �− n 1 s P 2 s �− n 2 s − − Then P 1 op P 2 s P 2 : P 1 : op s �− → − − → t s ≡ P 1 : op P 1 : op n 2 n 2 s �− → t op n 1 : n 2 s �− n 1 op n 2 s �− → − ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 42 = if ): We prove by induction for all k , for all P :: int , n , s , ( ⇐ → k − implies ( P , s ) ⇓ ( n , s ) P s �− n s − � �� � φ ( k ) ( Proof of ∀ k 0 ∈ N , φ ( k ) k ≤ k 0 implies φ ( k 0 + 1 ) ): Suppose that for some arbitrary k 0 , P :: int , n and s → k 0 + 1 − P s �− n s ( ∗ ) − and then we prove ( P , s ) ⇓ ( n , s ) by considering cases on P . ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 43 ( Case P is P 1 op P 2 ): Suppose that → k 0 + 1 − P 1 op P 2 s �− n s − and so → k 0 − P 2 : P 1 : op s �− n s . − Using splitting and termination we have, noting P 2 :: int , that → k 1 P 2 s n 2 s �− − − → k 2 P 1 : op n 2 s n s �− − where k 1 + k 2 = k 0 , ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 44 and repeating for the latter re-write we get → k 21 P 1 n 2 s n 1 : n 2 s �− − → k 22 op n 1 : n 2 s n s �− ( 1 ) − where k 21 + k 22 = k 2 . So as k 1 ≤ k 0 , by induction we deduce that ( P 2 , s ) ⇓ ( n 2 , s ) , and from termination that → k 21 − P 1 s �− n 1 s . − Also, as k 21 ≤ k 0 , we have inductively that ( P 1 , s ) ⇓ ( n 1 , s ) and hence ( P 1 op P 2 , s ) ⇓ ( n 1 op n 2 , s ) . But from determinism and ( 1 ) we see that n 1 op n 2 = n and ✫ ✪ we are done.

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 45 Chapter 4 By the end of this chapter you should be able to � describe the expressions and type system of a language with higher order functions; � explain how to write simple programs; � specify an eager evaluation relation; � prove properties such as determinism. ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 46 What’s Next? Expressions and Types for FUN � Define the expression syntax and type system. ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 47 Examples of FUN Declarations g :: Int -> Int -> Int g x y = x+y l1 :: [Int] l1 = 5:(6:(8:(4:(nil)))) h :: Int h = hd (5:6:8:4:nil) length :: [Bool] -> Int length l = if elist(l) then 0 else (1 + length t) ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 48 FUN Types � The types of FUN e are σ int | bool | σ → σ | [ σ ] :: = � We shall write σ 1 → σ 2 → σ 3 → ... → σ n → σ for σ 1 → ( σ 2 → ( σ 3 → ( ... → ( σ n → σ ) ... ))) . Thus for example σ 1 → σ 2 → σ 3 means σ 1 → ( σ 2 → σ 3 ) . ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 49 FUN Expressions The expressions are E x :: = variables c | constants K | constant identifier F | function identifier E 1 E 2 | function application tl ( E ) | tail of list E 1 : E 2 | cons for lists elist ( E ) | Boolean test for empty list Bracketing conventions apply . . . ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 50 What’s Next? A Formal FUN Type System � Show how to declare the types of variables and identifiers. � Give some examples. � Define a type assignment system. ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 51 Contexts (Variable Environments) � When we write a FUN program, we shall declare the types of variables, for example x :: int , y :: bool , z :: bool � A context, variables assumed distinct, takes the form Γ = x 1 :: σ 1 ,..., x n :: σ n . ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 52 Identifier Environments � When we write a FUN program, we want to declare the types of constants and functions. � A simple example of an identifier environment is K :: bool , map :: ( int → int ) → [ int ] → [ int ] , suc :: int → int � An identifier type looks like σ 1 → σ 2 → σ 3 → ... → σ a → σ where a ≥ 0 and σ is NOT a function type . � An identifier environment looks like I = I 1 :: ι 1 ,..., I m :: ι m . ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 53 Example Type Assignments � With the previous identifier environment x :: int , y :: int , z :: int ⊢ mapsuc ( x : y : z : nil int ) :: [ int ] � We have ∅ ⊢ if T then hd ( 2 : nil int ) else hd ( 4 : 6 : nil int ) :: int ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 54 Inductively Defining Type Assignments Start with an identifier environment I and a context Γ . Then ( where x :: σ ∈ Γ ) :: INT :: VAR Γ ⊢ n :: int Γ ⊢ x :: σ Γ ⊢ E 1 :: int Γ ⊢ E 2 :: int :: OP 1 Γ ⊢ E 1 iop E 2 :: int ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 55 Γ ⊢ E 1 :: σ 2 → σ 1 Γ ⊢ E 2 :: σ 2 :: AP Γ ⊢ E 1 E 2 :: σ 1 ( where I :: ι ∈ I ) :: IDR Γ ⊢ I :: ι Γ ⊢ E 1 :: σ Γ ⊢ E 2 :: [ σ ] :: NIL :: CONS Γ ⊢ nil σ :: [ σ ] Γ ⊢ E 1 : E 2 :: [ σ ] ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 56 What’s Next? Function Declarations and Programs � Show how to code up functions. � Define what makes up a FUN program. � Give some examples. ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 57 Introducing Function Declarations � To declare plus can write plus x y = x + y . � To declare fac fac x = if x == 1 then 1 else x ∗ fac ( x − 1 ) � And to declare that true denotes T we write true = T . � In FUN e , can specify (recursive) declarations G x y = E ′′ ... Fx = E ′ K = E ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 58 An Example Declaration Let I = I 1 :: [ int ] → int → int , I 2 :: int → int , I 3 :: bool . Then an example of an identifier declaration dec I is def I 1 l y hd ( tl ( tl ( l )))+ I 2 y E I 1 = = def I 2 x x ∗ x E I 2 = = def I 3 T E I 3 = = def I 4 u v w u + v + w E I 4 = = ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 59 An Example Program Let I = F :: int → int → int , K :: int . Then an identifier declaration dec I is def F x y x + 7 − y E F = = K = 10 An example of a program is dec I in F 8 1 ≤ K . Note that ∅ ⊢ F 8 1 ≤ K :: bool and x :: int , y :: int ⊢ x + 7 − y :: int ∅ ⊢ K :: int and ���� � �� � σ F Γ F ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 60 Defining Programs A program in FUN e is a judgement of the form dec I in P where dec I is a given identifier declaration and the program expression P satisfies a type assignment of the form ∅ ⊢ P :: σ P :: σ ) ( written ∀ F � x = E F ∈ dec I and Γ F ⊢ E F :: σ F ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 61 What’s Next? Values and the Evaluation Relation � Look at the notion of evaluation order. � Define values, which are the results of eager program executions. � Define an eager evaluation semantics: P ⇓ e V . � Give some examples. ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 62 Evaluation Orders � The operational semantics of FUN e says when a program P evaluates to a value V . It is like the IMP evaluation semantics. � Write this in general as P ⇓ e V , and examples are 3 + 4 + 10 ⇓ e 17 hd ( 2 : nil int ) ⇓ e 2 ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 63 � Let F x y = x + y . We would expect F ( 2 ∗ 3 ) ( 4 ∗ 5 ) ⇓ e 26 . � We could • evaluate 2 ∗ 3 to get value 6 yielding F 6 ( 4 ∗ 5 ) , • then evaluate 4 ∗ 5 to get value 20 yielding F 6 20 . � We then call the function to get 6 + 20 , which evaluates to 26 . This is call-by-value or eager evaluation. � Or the function could be called first yielding ( 2 ∗ 3 )+( 4 ∗ 5 ) and then we continue to get 6 +( 4 ∗ 5 ) and 6 + 20 and 26 . This is called call-by-name or lazy evaluation. ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 64 Defining and Explaining (Eager) Values � Let dec I be an identifier declaration, with typical typing F :: σ 1 → σ 2 → σ 3 → ... → σ a → σ Informally a is the maximum number of inputs taken by F . A value expression is any expression V produced by V :: = c | nil σ | F � V | V : V where � V abbreviates V 1 V 2 ... V k − 1 V k and 0 ≤ k < a . � Note also that k is strictly less than a , and that if a = 1 then F � V denotes F . ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 65 � A value is any value expression for which dec I in V is a valid FUN e program. � Suppose that F :: int → int → int → int and that P 1 ⇓ e 2 and P 2 ⇓ e 5 and P 3 ⇓ e 7 with P i not values. Then P V P V F 2 5 P 3 F F P 1 F 2 F 2 5 7 14 F 2 P 2 F 2 5 F P 1 P 2 P 3 14 ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 66 The Evaluation Relation P 1 ⇓ e m P 2 ⇓ e n ⇓ e VAL ⇓ e OP V ⇓ e V P 1 op P 2 ⇓ e m op n P 1 ⇓ e T P 2 ⇓ e V ⇓ e COND 1 if P 1 then P 2 else P 3 ⇓ e V ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 67  P 1 ⇓ e F � P 2 ⇓ e V 2 V V 2 ⇓ e V F � V  where either P 1 or P 2 is not a value  ⇓ e AP P 1 P 2 ⇓ e V E F [ V 1 ,..., V a / x 1 ,..., x a ] ⇓ e V x = E F declared in dec I ] ⇓ e FID [ F � FV 1 ... V a ⇓ e V E K ⇓ e V [ K = E K declared in dec I ] ⇓ e CID K ⇓ e V ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 68 P ⇓ e V : V ′ P ⇓ e V : V ′ ⇓ e HD ⇓ e TL hd ( P ) ⇓ e V tl ( P ) ⇓ e V ′ P 1 ⇓ e V P 2 ⇓ e V ′ ⇓ e CONS P 1 : P 2 ⇓ e V : V ′ P ⇓ e V : V ′ P ⇓ e nil σ ⇓ e ELIST 1 ⇓ e ELIST 2 elist ( P ) ⇓ e T elist ( P ) ⇓ e F ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 69 Examples of Evaluations Suppose that dec I is G x x ∗ 2 = K = 3 VAL VAL 3 ⇓ e 3 2 ⇓ e 2 VAL OP 3 ⇓ e 3 ( x ∗ 2 )[ 3 / x ] = 3 ∗ 2 ⇓ e 6 VAL CID FID G ⇓ e G K ⇓ e 3 G 3 ⇓ e 6 AP G K ⇓ e 6 ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 70 We can prove that F 2 3 ( 4 + 1 ) ⇓ e 10 where F x y z = x + y + z as follows: 4 ⇓ e 4 1 ⇓ e 1 ⇓ e VAL F 2 3 ⇓ e F 2 3 4 + 1 ⇓ e 5 T ⇓ e AP F 2 3 ( 4 + 1 ) ⇓ e 10 ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 71 where T is the tree 2 ⇓ e 2 3 ⇓ e 3 2 + 3 ⇓ e 5 5 ⇓ e 5 2 + 3 + 5 ⇓ e 10 = = = = = = = = = = = = = = = = = = = = = = = = = = ( x + y + z )[ 2 , 3 , 5 / x , y , z ] ⇓ e 10 ⇓ e FID F 2 3 5 ⇓ e 10 ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 72 What’s Next? FUN Properties of Eager Evaluation � Explain and define determinism. � Explain and define subject reduction, that is, preservation of types during program execution. ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 73 Properties of FUN � The evaluation relation for FUN e is deterministic. More precisely, for all P , V 1 and V 2 , if P ⇓ e V 1 P ⇓ e V 2 and then V 1 = V 2 . (Thus ⇓ e is a partial function.) � Evaluating a program dec I in P does not alter its type. More precisely, ( ∅ ⊢ P :: σ and P ⇓ e V ) ∅ ⊢ V :: σ implies for any P , V , σ and dec I . The conservation of type during program evaluation is called subject reduction. ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 74 Chapter 5 By the end of this chapter you should be able to � describe the SECD machine, which executes compiled FUN e programs; here the expressions Exp are defined by E :: = x | n | F | E E ; � show how to compile to SECD instruction sequences; � write down example executions. ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 75 Architecture of the Machine � The SECD machine consists of rules for transforming SECD configurations ( S , E , C , D ) . � The non-empty stack S is generated by S l ... S 1 S :: = n clo F | ↑ ↑ � Each node occurs at a level ≥ 1 . � A stack S has a height the maximum level of any clo F , or 0 otherwize. ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 76 � If the (unique) left-most closure node clo F at level α exists, call it the α -prescribed node, and write α S . � For any stack α S of height ≥ 1 there is a sub-stack S ′ of shape S l ... S 1 � clo F ↑ ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 77 Given any other stack S l + 1 there is a stack S ′′ S l + 1 S l ... S 1 � clo F ↑ � Write S l + 1 ⊕ S for S with S ′ replaced by S ′′ . ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 78 � The environment E takes the form x 1 = ? S 1 : ... : x n = ? S n . � The value of each ? is determined by the form of an S i . � If S i is n then ? is 0 ; if S i is clo F then ? is 1 ; in any ↑ ↑ other case, ? is Av 1 . ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 79 � A SECD code C is a list which is produced by the following grammars: ins x | n | F | APP :: = C − | ins : C :: = � A typical dump looks like ( S 1 , E 1 , C 1 , ( S 2 , E 2 , C 2 ,... ( S n , E n , C n , − ) ... )) � We will overload : to denote append; and write ξ for ξ : − . ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 80 We define a compilation function [[ − ]] : Exp → SECDcodes which takes an SECD expression and turns it into code. � [[ x ]] def = x � [[ n ]] def = n � [[ F ]] def = F � [[ E 1 E 2 ]] def = [[ E 1 ]] : [[ E 2 ]] : APP ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 81 There is a representation of program values as stacks, given by = n � ( | n | ) def ↑ � ( | V k | ) ... ( | V 1 | ) = ( | V k | ) ⊕ ... ⊕ ( | V 1 | ) ⊕ clo F ( | F V 1 ... V k | ) def clo F = ↑ ↑ � Recall k < a with a the arity of F . ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 82 The Re-writes A number is pushed onto the stack (the initial stack can be of any status): n S α S ⊕ S [ Av ] α S ↑ E E num E E �− → C n : C C C D D D D ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 83 A function is pushed onto the stack (the initial stack can be of any status): � clo F S α + 1 ⊕ S S [ Av ] α S ↑ E E fn E E �− → C F : C C C D D D D ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 84 A variable’s value is pushed onto the stack, provided that the environment E contains x = ? T ≡ [ Av ] δ T (where δ is 0 or 1). Note that by definition, the status of T determines the status of the re-written stack: S S [ Av ] α [ Av ] δ + α S T ⊕ S E E E E var �− → C C x : C C D D D D ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 85 An APP command creates an application value, type 0: S k ... S 1 S k ... S 1 S S α Av α ⊕ S ⊕ S � clo F � clo F ↑ ↑ cav0 �− → E E E E C C APP : C C D D D D ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 86 An APP command creates an application value, type 1: � clo H clo H S k − 1 ... S 1 S k − 1 ... S 1 ↑ ↑ S S α Av α − 1 ⊕ S ⊕ S clo F � clo F cav1 �− → ↑ ↑ E E E E C C APP : C C D D D D ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 87 An APP command produces an application value from an application value: S k ... S 1 S k ... S 1 S ′ k ′ − 1 ... S ′ S ′ k ′ − 1 ... S ′ � clo F clo F 1 1 S Av α S Av α − 1 ⊕ S ⊕ S ↑ ↑ clo G � clo G avtav �− → ↑ ↑ E E E E C C APP : C C D D D D ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 88 An APP command calls a function, type 0: S a ... S 1 S α ⊕ S S � clo F − E x a = ? S a : ... : x 1 = ? S 1 : E ↑ call0 �− → E C E [[ E F ]] C D APP : C ( α − 1 S , E , C , D ) D D ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 89 An APP command calls a function, type 1: � clo H S a − 1 ... S 1 ↑ S α ⊕ S S − clo F E x a = ? S a : ... : x 1 = ? S 1 : E call1 ↑ �− → C [[ E F ]] E E D ( α − 2 S , E , C , D ) C APP : C D D ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 90 An APP command calls a function, type 2: S k ... S 1 S ′ a − 1 ... S ′ � clo F 1 S Av α ⊕ S S ↑ − E clo G x a = ? S ′ a : ... : x 1 = ? S ′ 1 : E call2 �− → C [[ E G ]] ↑ E E D ( α − 2 S , E , C , D ) C APP : C D D ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 91 Restore, where the final status is determined by the initial status: S S [ Av ] β [ Av ] α + β T T ⊕ S E E E ′ E res �− → C C C − D ( α D S , E , C , D ) D ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 92 Suppose that K , N and MN are functions which are also F x y = x I a b = b values, and that Then L u v = u H z = L ( M N ) z ( F ( H 4 )) ( I 2 K ) ⇓ e M N . Note that [[( F ( H 4 )) ( I 2 K )]] = ( 11 . def = F ) : H : 4 : APP : APP : I : 2 : APP : K : APP : ( APP def = 1 . ) and [[ L ( M N ) z ]] def = 7 . def = L : M : N : APP : APP : z : APP def = 1 . ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 93 4 ↑ � clo H S S − 2 0 ↑ E − 3 num/fn clo F �− → C 11 . ↑ D − E − C 8 . ≡ APP : 7 . D − ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 94 � clo N ↑ S − 0 clo M S 3 4 E E ′ def = z = 0 ↑ ↑ 3 call0 fn clo L �− → �− → C [[ L ( M N ) z ]] ↑ clo F ξ def D E E ′ = ( 1 , − , 7 ., − ) ↑ C 4 . D ξ ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 95 clo N clo N ↑ ↑ � clo M clo M S S Av 2 Av 1 ↑ ↑ cav1 avtav clo L � clo L �− → �− → ↑ ↑ E E E ′ E ′ C C 3 . 2 . D D ξ ξ ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 96 Chapter 6 By the end of this chapter you should be able to � explain the outline of a proof of correctness; � explain some of the results required for establishing correctness, and the proofs of these results. ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 97 A Correctness Theorem in P for which ∅ ⊢ P :: σ we have For all programs dec I S S ( | V | ) − E E − − P ⇓ e V → t iff �− C C [[ P ]] − D D − − ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 98 Code and Stack Extension For any stacks, environments, codes, and dumps, if C 1 is non-empty S S S 1 S 2 E E E E → k M def def = M ′ = �− C C C 1 C 2 D D D D implies S S S 1 ⊕ S 3 S 2 ⊕ S 3 E E E E → k M def def = M ′ = �− C C C 1 : C 3 C 2 : C 3 D D D D ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 99 � Need to prove “lemma plus”: if D ≡ ( S ′ , E ′ , C ′ , D ′ ) we can also similarly arbitrarily extend any of the stacks and codes in D (say to D ). � We use induction on k . Suppose lemma plus is true ∀ k ≤ k 0 . Must prove we can extend any re-write → k 0 + 1 M ′ to M �− → k 0 + 1 M ′ . By determinism, we have M �− → 1 M ′′ �− → k 0 M ′ . M �− → 1 M ′′ , trivial to extend � If no function call during M �− → 1 M ′′ . And by induction, M ′′ �− → k 0 M ′ . to get M �− ✫ ✪

✬ ✩ Midlands Graduate School, University of Birmingham, April 2008 100 If there is a function call, there are k 1 and k 2 such that S S S T ⊕ S S ′′ − E E E E E ′ E ′′ → k 1 M def → 1 = �− �− C C C APP : C [[ E F ]] C ′′ D D D D ( S , E , C , D ) ( S , E , C , D ) S ′′ ⊕ S S E E → k 2 M ′ 1 res �− → �− C C D D where there are no function calls in the k 2 re-writes. ✫ ✪