Formal Semantics of Programming Languages 虞慧群 Topic 3: Principles of Induction

Induction Proving of program properties often uses mathematical induction. Prove properties of a programming language by proving a small finite set of claims. If a property is violated then there is a small finite set in which it is violated. Examples  m &  n  m = n Euclid terminates   ’ &   ’ =  ’’

Forms of induction Mathematical induction Structural induction Well-founded induction Induction on derivations Rule induction

Mathematical induction Principle: Mathematical induction includes a basis and a induction step. (P(0) & (  m . P(m)  P(m+1)))   n . P(n) Example: Show that

Course-of-value induction Principle: (  m . (  k<m. P(k))  P(k))   n . P(n) Example: Show that

Structural Induction Principle: The induction is based on the structure of the elements. First, show that the property holds for all atomic elements. Second, show that the formulation rules to build non-atomic elements preserve the property. Example: To show that a property P holds for all arithmetic expressions, it is sufficient to show that: (  m .P(m))  (  X  Loc.P(X))  (  a 0, a 1  Aexp. P(a 0 )  P(a 1 )  P(a 0 + a 1 ))  (  a 0, a 1  Aexp. P(a 0 )  P(a 1 )  P(a 0 – a 1 ))  (  a 0, a 1  Aexp. P(a 0 )  P(a 1 )  P(a 0  a 1 ))

Structural Induction (Con’t) Example: Show that the evaluation of arithmetic expression is deterministic, i.e.  m &  m’  m = m’ Bad example  ’  &   ”   ’ =  ”

Well-Founded Induction A well-founded relation < on a set A if there are no infinite decreasing chains  …< a i < … < a 2 < a 1 a < b a is a predecessor of b Proposition: A binary relation on A < is well-founded iff any nonempty subset Q of A has a minimal element, i.e. an element m such that m  Q &  b < m. b  Q.

The Principle of Well Founded Induction < is a well founded relation on A P is property Then  a  A: P(a) Iff  a  A: ([  b < a. P(b)]  P(a))

The Principle of Well Founded Induction (Con’t) An alternative approach: To show that a property P holds for all element of a well-founded set A, it is equivalent to show that the subset F of A for which P does not hold is empty. To prove that F is empty, it is sufficient to show that F cannot have a minimal element. And to show that F cannot have a minimal element, we construct a contradiction from the assumption that F has a minimal element. Example: Using the “no counterexample” approach, prove that

Applications of the well founded induction principle Mathematical induction Course-of-values induction Structural induction …

Induction on Derivations A set of rule instances R consists pairs X/y where X is a finite set and y is an element X/y – rule instance X – premises y – conclusion d ||- R y – d is an R-derivation of y (  /y) ||- R y if (  /y)  R ({d 1, …, d n }/y) ||- R y if ({x 1, …, x n }/y)  R and d 1 ||- R x 1 & … & d n ||- R x n ||- R y – for some d d ||- R y Sub-derivation d < 1 d’ if d  (D/y) with d’  D < = < 1 + < is well-founded

Examples 1. For all states  :  (M)  1 &  (N)  1   ’ :   ’ 2. For all states ,  ’,  ’’:   ’ &   ’’   ’ =  ’’ 3. For all states ,  ’:   ’

Rule induction A special induction Define a set by rules I R ={x | ||- R x} Examples of Aexp    N such that  n of Bexp    T such that  t of Com     such that   ’ Show that the property is true for all elements by induction on the rule application

The general principle of rule induction Let I R ={x | ||- R x} Let P be a property  x  I R P(X)  for all the rule instances (X/y) in R for which X  I R  z  X. P(z)  P(y)

Justifying the principle of induction A set Q is closed under rule instances or simply R-closed if for all rule instances X/y X  Q  y  Q Proposition 4.1: I R is closed and If Q is an R-closed set then I R  Q Application Q = { x  I R | P(x) } Examples R = {(  /0)}  {{n}/{n+1) | n   } Referential transparency for expressions

Expressing Syntax using Rules a ::= … | a 0 + a 1 | … a 0 : Aexp a 1 : Aexp a 0 +a 1 : Aexp

Special Rule Induction Handles rules of different types BNF c ::= … | X := a | …| if b then c 0 else c 1 | … Rules X : Loc a : Exp X:=a: Com b : Bexp c 0 : Com c 1 : Com if b then c 0 else c 1 : Com

The special principle of rule induction Let I R ={x |  R x} A  I R Let Q be a property  a  A. Q(a)  for all the rule instances (X/y) in R for which X  I R and y  A  x  X  A.Q(x)  Q(y)

Proof rule for operational semantics Arithmetic Expressions P(a, , n) is true of all evaluations  n if it is preserved by the expression rules

Proof rule for operational semantics AExp P(a, , n) is true of all evaluations  n if it is preserved by the expression rules

Rule Induction for Arithmetic Expressions  a  Aexp, , n  N.  n  P(a, , n) iff  n  N, . P(n, , n) &  X  Loc, . P(X, ,  (X)) &  a 0, a 1  Aexp, , n 0, n 1  N.  n 0 & P(a0, , n0) &  n 1 & P(a 1, , n 1 )  P(a0+a1, , n 0 +n 1 ) & …

Proof rule for operational semantics BExp P(b, , t) is true of all evaluations  t if it is preserved by the Boolean expression rules Define a subset of (Aexp  N)  (Bexp  T) Obtained from the special principle of induction for properties P(b, , t) on the subset Bexp  T

Rule Induction for Booleans  b  Bexp, , t  T.  t  P(b, , t) iff . P(false, , false) & . P(true, , true) &  a 0, a 1  Aexp, , n 0, n 1  N.  m&  n & m=n  P(a 0 =a 1, , true) &  a 0, a 1  Aexp, , n 0, n 1  N.  m&  n & m  n  P(a 0 =a 1, ,false) … &  b  Bexp,  , t  T.  t & P(b, , t)  P(  b, ,  t) &…

Proof rule for operational semantics of Commands P(c, ,  ’) is true of all evaluations  ’ if it is preserved by the command rules Define a subset of (Aexp  N)  (Bexp  T)  (Com  ) Obtained from the special principle of induction for properties P(c, ,  ’) on the subset Com 

Rule Induction for Commands  c  Com, ,  ’ .   ’  P(c, ,  ’) iff . P(skip, ,  ) &  X  Loc, a  Bexp, .  m  P(X:=a, ,  [m/X]) &  c 0, c 1  Com, ,  ’,  ’’ .   ’’& P(c 0, ,  ’) &   ’ &P(c 1,  ’’,  ’)  P(c 0 ;c 1, ,  ’) & …

Proposition 4.7 Define Loc L (c) to be the variables which appear on the left side of some assignment in c Let y  Loc For all commands c and states ,  ’ Y  Loc L (c).   ’   (Y) =  ’(Y)

Operators and their least fixed points For a set of rule instances R R(B)={y |  X  B, X/y  R} Proposition 4.11 A set B is closed under R if R(B)  B R is monotonic A  B  R(A)  R(B) Define the sequence of sets A 0 = R 0 (  ) =  A 1 = R 1 (  ) =R(  ) A 2 = R 2 (  ) =R(R(  )) … A n = R n (  ) Define A =  n  A n

Proposition 4.12 (i)A is R-closed (ii)R(A) = A (iii)A is the least R-closed set Let fix(R) denote the least fixed point of R fix(R)=  n  R n (  )

Summary Induction allows to prove properties of the programming language Example properties Deterministic Referential transparency Equivalent of small step and natural semantics

Exercise 3 (1) Using mathematical induction to show there is no string u which satisfies au = ub for two distinct symbol a and b. (2) Prove by structural induction that the evaluation of arithmetic expressions always terminates, i.e., for all arithmetic expression a and states , there is some m such that  m.