CS 611: Lecture 6 Rule Induction September 8, 1999 Cornell University Computer Science Department Andrew Myers

CS 611—Semantics of Programming Languages—Andrew Myers 2 Administration No class on Friday Homework #1 due on Monday in class (implementation due at 5 PM Monday)

CS 611—Semantics of Programming Languages—Andrew Myers 3 Induction Last time: two new induction techniques for proving properties of programs Structural induction: –prove that a property holds of all language atoms –prove that it holds for each kind of expression if it holds of the parts of the expression  property holds for all expressions Induction on derivations prove it holds for derivations that are axioms prove property holds if it holds for every derivation (evaluation) of parts of an expression  property holds for all derivations

CS 611—Semantics of Programming Languages—Andrew Myers 4 Observation These two forms of induction are very similar — both operate on trees. h if x = 0 then skip else x := 1,  i  ’ h x = 0,  i  false h x := 1,  i  [x “ 1] if.. then.. else = skip:= x0 x 1 if x = 0 then skip else x := 1

CS 611—Semantics of Programming Languages—Andrew Myers 5 Expression inference rules a ::= n | X | a 0 + a 1 | a 0 - a 1 | a 0 × a 1 BNF spec for arithmetic expressions in IMP: Let A be the set of all arithmetic expressions. Inductive definition of A via inference rules: Axioms: n  AX  A Rules: a 0  A a 1  A a 0 + a 1  A a 0  A a 1  A a 0 - a 1  A a 0  A a 1  A a 0 × a 1  A

CS 611—Semantics of Programming Languages—Andrew Myers 6 Expression derivation tree Every legal expression now has a derivation tree. Example: (2+3) × (4-x) 2+3  A (2+3) × (4 - 5)  A  A 2  A 3  A 4  A x  A

CS 611—Semantics of Programming Languages—Andrew Myers 7 Proof systems = set definitions Rules defining the set of all legal arithmetic expressions: a 0  A a 1  A a 0 + a 1  A a 0  A a 1  A a 0 - a 1  A a 0  A a 1  A a 0 × a 1  A n  AX  A Can view as constraint equations on A: A  ZA  Loc A  { a 0 × a 1 | a 0  A  a 1  A } A  { a 0 + a 1 | a 0  A  a 1  A } A  { a 0 – a 1 | a 0  A  a 1  A }

CS 611—Semantics of Programming Languages—Andrew Myers 8 Solving recursive equations A is not the only set that satisfies these equations! Can we make these equations mean what we want by a rule for picking among the possible sets? A  ZA  Loc A  { a 0 × a 1 | a 0  A  a 1  A } A  { a 0 + a 1 | a 0  A  a 1  A } A  { a 0 – a 1 | a 0  A  a 1  A }

CS 611—Semantics of Programming Languages—Andrew Myers 9 Rule application operator Define operator R(A’) that adds all elements needed to satisfy constraint equations: A  ZA  Loc A  { a 0 + a 1 | a 0  A  a 1  A } A  { a 0 – a 1 | a 0  A  a 1  A } A  { a 0 × a 1 | a 0  A  a 1  A } A = R(A) Want the least fixed point of R R(A’) = A’  Z  Loc  { a 0 +a 1 | a 0  A’  a 1  A’ }  { a 0 – a 1 | a 0  A’  a 1  A’}  { a 0 ×a 1 | a 0  A’  a 1  A’}

CS 611—Semantics of Programming Languages—Andrew Myers 10 Constructing least fixed point Assuming we have A’ containing only elements of A (A’ ) R(A’) contains only elements of A too R(R(A’)) contains only elements of A too Empty set Ø contains only elements of A, so A  …  R n+1 (Ø)  R n (Ø)  R n-1 (Ø) ...  R(R(Ø))  R(Ø)  Ø Therefore,A = [ n   R n (Ø) Least fixed point operator A = fix (R)

CS 611—Semantics of Programming Languages—Andrew Myers 11 Proof by rule induction A = fix(R) =  n   R n (Ø) For every element E of A, there is some smallest i such that E  R i (Ø) i is the minimum number of times the inference rules must be applied to construct E : height of derivation Goal: prove that property P holds for every expression in A :  a  A. P(A) Base case: prove  a  R(Ø). P(a) Inductive step: prove  n>1, a  R n (Ø). (  a’  R n-1 (Ø). P(a’))  P(a) Conclusion:  a  fix (R). P(a)

CS 611—Semantics of Programming Languages—Andrew Myers 12 Proof recipe R is defined by some set of rules Rules look like Want to show that  a  R(Ø). P(a)  technique: show P(x) for all axioms Want to show  n>1, a  R n (Ø). (  a’  R n-1 (Ø). P(a’))  P(a)  technique: for all rules show (  x   {x 1, …,x n }. P(x  ))  P(x) x or x 1,…,x n x x

CS 611—Semantics of Programming Languages—Andrew Myers 13 Another rule induction instance Structural induction = instance of general rule induction technique, based on inductive definition of set of legal expressions What about operational semantics? Is a set being defined inductively? h a,  i  n … Let I R be the set of all legal evaluations of arithmetic expressions h a,  i  n means (a, , n)  I R

CS 611—Semantics of Programming Languages—Andrew Myers 14 Completing the mapping Evaluation inference rules are an inductive definition of the set of legal evaluations I R h a 0 + a 1,  i  n h a 0,  i  n 0 h a 1,  i  n 1 (where n = n 0 + n 1 ) (a 0 + a 1, , n)  I R (a 0, , n 0 )  I R (a 1, , n 1 )  A (where n = n 0 + n 1 ) R(B) = B ...  { (a 0 +a 1, , n ) |  n 0, n 1. (a 0, , n 0 )  B  (a 1, , n 1 )  B  n = n 0 + n 1 } ...

CS 611—Semantics of Programming Languages—Andrew Myers 15 Proof technique To prove property P holds for all evaluations h a,  i  n, show –It holds for axioms (evaluation of constants and locations) –For each evaluation rule, Assume P holds for all antecedent evaluations Under this assumption, prove it holds for the conclusion of the rule Rule induction: property P holds for all evaluations h a,  i  n h a 0 + a 1,  i  n h a 0,  i  n 0 h a 1,  i  n 1

CS 611—Semantics of Programming Languages—Andrew Myers 16 Induction on derivations Let {R j } be a set of rules defining some set A A derivation d using these rules is a legal derivation if it can be constructed from some rule R j and sub- derivations d j i for each of the antecedents x j i Thus, we can define inference rules for constructing set I R of derivations of elements of A Apply rule induction proof recipe to find proofs that properties P hold for all legal derivations : induction on derivations –P(d) holds for all one-step derivations d –P(d) holds for all n-step derivations assuming it holds for all shorter derivations x j 1,…,x j nj x j

CS 611—Semantics of Programming Languages—Andrew Myers 17 Summary Any proof system (set of inference rules) is an inductive definition of a set Rule induction can be applied to any inductive definition Examples: structural induction, induction on derivations are both instances of this approach We will use rule induction for other proof systems in course (e.g., type-checking rules)