Syntactic proofs empower metatheory Derivation/proof D is a data - - PowerPoint PPT Presentation

syntactic proofs empower metatheory
SMART_READER_LITE
LIVE PREVIEW

Syntactic proofs empower metatheory Derivation/proof D is a data - - PowerPoint PPT Presentation

Dec 28, 2023 32 likes •135 views

Syntactic proofs empower metatheory Derivation/proof D is a data structure Got a fact about all derivations? Its a fact about all terminating evaluations They are in 1 to 1 correspondance Prove meta-theoretic properties by structural

slide-1
SLIDE 1

Syntactic proofs empower metatheory

Derivation/proof

D is a data structure

Got a fact about all derivations?

  • It’s a fact about all terminating evaluations
  • They are in 1 to 1 correspondance

Prove meta-theoretic properties by structural induction over derivations

  • aka “induction on height of derivation tree”

Example: Evaluating an expression doesn’t create

  • r destroy any global variables (the set of defined

global variables is invariant)

slide-2
SLIDE 2

Metatheorems often help implementors

More example metatheorems:

  • OK to mutate environments if you use a stack

(Impcore)

  • Interactive browser doesn’t leak space

(POPL 2012)

  • Device driver can’t harm kernel

(Microsoft Singularity)

slide-3
SLIDE 3

Metatheorems come in stylized form

For any e,

, , , v, ′, and ′ such that he ;
  • ;
; i + hv ; ′ ; ; ′ i;

METATHEORETIC PROPERTY

slide-4
SLIDE 4

Metatheorems are proved by induction

Induction over height of derivation trees

D

These are “math-class proofs” (not derivations) Proof

  • Goes by case analysis of the last rule in the derivation.
  • Has one case for each rule
  • Base cases don’t have proper sub-derivations.
  • Inductive cases assume the induction hypothesis for any

proper sub-derivation Let’s try it!

slide-5
SLIDE 5

Example metatheorem

During the evaluation of an Impcore expression, evaluation does not change the set of defined global variables. Formally, for any e,

, , , v, ′, and ′ such that he ;
  • ;
; i + hv ; ′ ; ; ′ i;

dom

( ) = dom (′ )
slide-6
SLIDE 6

Literal case

Base case:

D=

hLITERAL (v );
  • ;
; i + hv ;
  • ;
; i

Both sides identical!

dom
  • =
dom
slide-7
SLIDE 7

Formal Var case

Another base case:

D=

x

2 dom
  • hVAR
(x );
  • ;
; i + h(x );
  • ;
; i

Both sides identical!

dom
  • =
dom
slide-8
SLIDE 8

Formal Assign case

Assignment to formal parameter

D=

x

2 dom
  • Dr
he ;
  • ;
; i + hv ; ′ ; ; ′ i hSET (x ;e );
  • ;
; i + hv ; ′ ; ; ′ fx 7! v gi

By induction hypothesis on

Dr, dom
  • =
dom ′

Both sides have same domain!

slide-9
SLIDE 9

IfTrue case

True conditional

D=

D1 he1 ;
  • ;
; i + hv1 ; ′ ; ; ′ i

v1

6= 0 D2 he2 ; ′ ; ; ′ i + hv2 ; ′′ ; ; ′′ i hIF (e1 ;e2 ;e3 );
  • ;
; i + hv2 ; ′′ ; ; ′′ i

By induction hypothesis on

D1, dom
  • =
dom ′

By induction hypothesis on

D2, dom ′ = dom ′′

Therefore, both sides have same domain:

dom
  • =
dom ′′
slide-10
SLIDE 10

Global Assign: The only interesting case

x

= 2 dom
  • x
2 dom
  • Dr
he ;
  • ;
; i + hv ; ′ ; ; ′ i hSET (x ;e );
  • ;
; i + hv ; ′ fx 7! v g; ; ′ i

Do both sides have same domain?

  • Does
dom
  • =
dom (′ fx 7! v g) ?

By induction hypothesis on

Dr, dom
  • =
dom ′

And

dom (′ fx 7! v g) = dom ′ [ fx g = dom
  • [
fx g

But x

2 dom ! So dom
  • [
fx g = dom