Relating Static and Dynamic Semantics

Relating Static and Dynamic Semantics
COS 441 Princeton University Fall 2004

Motivations We want to know that when evaluating certain well-formed programs certain errors never occur Example Transition semantics for -calculus is “stuck” when applied to expressions with free variables in it So if {} ` E ok then E should never be “stuck”

Formal Statement isFinal(e) = e 2 F steps(e) = 9 e’. e  e’
stuck(e) = :(steps(e) or isFinal(e)) Soundness Theorem: If {} ` E ok and E * E’ then :stuck(E’)

Formal Statement isFinal(e) = e 2 F steps(e) = 9 e’. e  e’
stuck(e) = :(steps(e) or isFinal(e)) Soundness Theorem: If {} ` E ok and E * E’ then (steps(E’) or isFinal(E’))

Proof: Soundness Theorem
By induction on derivations of * with Preservation and Progress Lemmas Preservation Lemma: If {} ` E ok and E  E’ then {} ` E’ ok Progress Lemma: If {} ` E ok then (steps(E) or isFinal(E))

Warning!! The remainder of the lecture consists of a series of tedious proofs Take that swig of coffee now Slides will be on web-site Last set of tedious proofs in lecture I’ll assign them as homework from now on! ;) What we discuss today is a template for Assignment 3

Proof by Induction over *
S * S Z* S * S’’ S  S’ S’ * S’’ S* To show 8 e,e’ P(e,e’) we must show case Z*: IH(E,E) case S*: If E  E’ and IH(E’,E’’) then IH(E,E’’) IH(e,e’) = If {} ` e ok and e * e’ then (steps(e’) or isFinal(e’))

case Z*: IH(E,E)

case Z*: If {} ` E ok and E * E then (steps(E) or isFinal(E))

case Z*: (steps(E) or isFinal(E)) {} ` E ok and E * E by assumption

case Z*: {} ` E ok and E * E by assumption 2. (steps(E) or isFinal(E)) by ??

case Z*: {} ` E ok and E * E by assumption 2. (steps(E) or isFinal(E)) by Progress Lemma with (1)

case S*: If E  E’ and IH(E’,E’’) then IH(E,E’’)

case S*: IH(E,E’’) 1. E  E’ and IH(E’,E’’) by assumption

case S*: If {} ` E ok and E * E’’ then (steps(E’’) or isFinal(E’’)) E  E’ and IH(E’,E’’) by assumption

case S*: (steps(E’’) or isFinal(E’’)) E  E’ and IH(E’,E’’) by assumption {} ` E ok and E * E’’ by assumption ` E’ ok by Preservation with (2,1) E’ * E’’ by inversion of S* and (2) (steps(E) or isFinal(E’’)) by IH with (3, 4)

case S*: (steps(E’’) or isFinal(E’’)) E  E’ and IH(E’,E’’) by assumption {} ` E ok and E * E’’ by assumption {} ` E’ ok by ?? E’ * E’’ by inversion of S* and (2) (steps(E) or isFinal(E’’)) by IH with (3, 4)

case S*: (steps(E’’) or isFinal(E’’)) E  E’ and IH(E’,E’’) by assumption {} ` E ok and E * E’’ by assumption {} ` E’ ok by Preservation with (2,1) E’ * E’’ by inversion of S* and (2) (steps(E) or isFinal(E’’)) by IH with (3, 4)

case S*: (steps(E’’) or isFinal(E’’)) E  E’ and IH(E’,E’’) by assumption {} ` E ok and E * E’’ by assumption {} ` E’ ok by Preservation with (2,1) E’ * E’’ by ?? (steps(E’’) or isFinal(E’’)) by IH with (3, 4)

case S*: (steps(E’’) or isFinal(E’’)) E  E’ and IH(E’,E’’) by assumption {} ` E ok and E * E’’ by assumption {} ` E’ ok by Preservation with (2,1) E’ * E’’ by inversion of S* and (2) (steps(E’’) or isFinal(E’’)) by IH with (3, 4)

case S*: E  E’ and IH(E’,E’’) by assumption {} ` E ok and E * E’’ by assumption {} ` E’ ok by Preservation with (2,1) E’ * E’’ by inversion of S* and (2) (steps(E’’) or isFinal(E’’)) by ??

case S*: E  E’ and IH(E’,E’’) by assumption {} ` E ok and E * E’’ by assumption {} ` E’ ok by Preservation with (2,1) E’ * E’’ by inversion of S* and (2) (steps(E’’) or isFinal(E’’)) by IH(E’,E’’) with (3, 4)

Notes About our Proof Note our Proof works for any single step relation () Specific details of step function factored into Progress and Preservation lemmas Need to refer to the static and dynamic semantics of the step relation to prove Progress and Preservation Lemmas

Static Semantics for -calculus
Names x 2 … Expressions e ::= lam(x.e) | apply(e1,e2)| x  ` apply(E1,E2)ok  ` E1 ok  ` E2 ok ok-A  ` lam(X.E)ok  [ {X} ` E ok X   ok-L  ` X ok X 2  ok-V

Dynamic Semantics for -calculus
= { E | 9.  ` E ok } I = { E | {} ` E ok } F = { x.e | {} ` x.e ok } ((x.e1) (y.e2))  [xÃ(y.e2)] e1 A1 ((x.e1) e2)  ((x.e1) e’2) e2  e’2 A2 (e1 e2)  (e’1 e2) e1  e’1 A3

Proof: Preservation Lemma
Proof by induction on the derivations of E  E’ case A1: IH(((X.E1) (Y.E2)),[X Ã (Y.E2)] E1) case A2: If IH(E2,E’2) then IH(((X.E1) E2)),((X.E1) E’2)) case A3: If IH(E1,E’1) then IH((E1 E2)),(E’1 E2)) IH(e,e’) = If {} ` e ok and e  e’ then {} ` e’ ok

case A1: If {} ` ((X.E1) (Y.E1)) ok and ((X.E1) (Y.E1))  [X Ã (Y.E2)] E1 then {} ` [X Ã (Y.E2)] E1 ok

case A1: {} ` [X Ã (Y.E2)] E1 ok {} ` ((X.E1) (Y.E2)) ok and ((X.E1) (Y.E2))  [X Ã (Y.E2)] E1 by assumption {} ` (X.E1) ok and {} ` (Y.E2) ok by inversion of ok-A and (1) {} [ {X} ` E1 ok by inversion of ok-L and (2) {} ` [X Ã (Y.E2)] E1 ok by Substitution Lemma with (3) and (2)

case A1: {} ` [X Ã (Y.E2)] E1 ok {} ` ((X.E1) (Y.E2)) ok and ((X.E1) (Y.E2))  [X Ã (Y.E2)] E1 by assumption {} ` (X.E1) ok and {} ` (Y.E2) ok by ?? {} [ {X} ` E1 ok by inversion of ok-L and (2) {} ` [X Ã (Y.E2)] E1 ok by Substitution Lemma with (3) and (2)

case A1: {} ` [X Ã (Y.E2)] E1 ok {} ` ((X.E1) (Y.E2)) ok and ((X.E1) (Y.E2))  [X Ã (Y.E2)] E1 by assumption {} ` (X.E1) ok and {} ` (Y.E2) ok by inversion of ok-A and (1) {} [ {X} ` E1 ok by ?? {} ` [X Ã (Y.E2)] E1 ok by Substitution Lemma with (3) and (2)

case A1: {} ` [X Ã (Y.E2)] E1 ok {} ` ((X.E1) (Y.E2)) ok and ((X.E1) (Y.E2))  [X Ã (Y.E2)] E1 by assumption {} ` (X.E1) ok and {} ` (Y.E2) ok by inversion of ok-A and (1) {} [ {X} ` E1 ok by inversion of ok-L and (2) {} ` [X Ã (Y.E2)] E1 ok by ??

Substitution Lemma Proof by induction on the derivations of  ` E ok
If  [ {X} ` E ok and {} ` E’ ok then  ` [XÃE’]E ok case ok-V: … case ok-L: … case ok-A: … IH(env,e) = If env [ {X} ` e ok and {} ` E’ ok then env ` [XÃE’]e ok

Substitution Proof by induction on the derivations of  ` E ok
If  [ {X} ` E ok and {} ` E’ ok then  ` [XÃE’]E ok case ok-V: If X 2  then IH(,X) case ok-L: If IH( [ {X}, E) and X   then IH(,(X.E)) case ok-A: If IH(,E1) and IH(,E2) then IH(,(E1 E2)) IH(env,e) = If env [ {X} ` e ok and {} ` E’ ok then env ` [XÃE’]e ok

Proof: Substitution case ok-V: 1. X 2  by assumption
2.  [ {Y} ` X ok and {} ` E’ ok by assumption 3.  ` [YÃE’]X ok by cases case X = Y: 3.1. [YÃE’]X = E’ by def of subst. 3.2.  ` E’ ok by (2) 3.3.  ` [YÃE’]X ok by (3.1) and (3.2) case X  Y: 3.1. [YÃE’]X = X by def of subst. 3.2.  ` X ok by ok-V and (1) 3.3.  ` [YÃE’]X ok by (3.1) and (3.2)

Proof: Substitution case ok-L: If IH( [ {X}, E) and X   then IH(,(X.E)) …

Proof: Substitution case ok-A: If IH(,E1) and IH(,E2) then IH(,(E1 E2)) …

case A2: If IH(E2,E’2) then IH(((X.E1) E2)),((X.E1) E’2))

case A2: IH(((X.E1) E2)),((X.E1) E’2)) IH(E2,E’2) by assumption

case A2: If {} ` ((X.E1) E2)) ok and ((X.E1) E2))  ((X.E1) E’2) then {} ` ((X.E1) E’2) ok IH(E2,E’2) by assumption

case A2: {} ` ((X.E1) E’2) ok IH(E2,E’2) by assumption {} ` ((X.E1) E2)) ok and ((X.E1) E2))  ((X.E1) E’2) by assumption {} ` (X.E1) ok and {} ` E2 ok by inversion of ok-A and (2) E2  E’2 by inversion of A2 {} ` E’2 ok by IH(E2,E’2) with (3) and (4) {} ` ((X.E1) E’2) ok by ok-A with (3) and (5)

case A2: {} ` ((X.E1) E’2) ok IH(E2,E’2) by assumption {} ` ((X.E1) E2)) ok and ((X.E1) E2))  ((X.E1) E’2) by assumption {} ` (X.E1) ok and {} ` E2 ok by ?? E2  E’2 by inversion of A2 {} ` E’2 ok by IH(E2,E’2) with (3) and (4) {} ` ((X.E1) E’2) ok by ok-A with (3) and (5)

case A2: {} ` ((X.E1) E’2) ok IH(E2,E’2) by assumption {} ` ((X.E1) E2)) ok and ((X.E1) E2))  ((X.E1) E’2) by assumption {} ` (X.E1) ok and {} ` E2 ok by inversion of ok-A and (2) E2  E’2 by inversion of A2 {} ` E’2 ok by IH(E2,E’2) with (3) and (4) {} ` ((X.E1) E’2) ok by ok-A with (3) and (5)

case A2: {} ` ((X.E1) E’2) ok IH(E2,E’2) by assumption {} ` ((X.E1) E2)) ok and ((X.E1) E2))  ((X.E1) E’2) by assumption {} ` (X.E1) ok and {} ` E2 ok by inversion of ok-A and (2) E2  E’2 by ?? {} ` E’2 ok by IH(E2,E’2) with (3) and (4) {} ` ((X.E1) E’2) ok by ok-A with (3) and (5)

case A2: {} ` ((X.E1) E’2) ok IH(E2,E’2) by assumption {} ` ((X.E1) E2)) ok and ((X.E1) E2))  ((X.E1) E’2) by assumption {} ` (X.E1) ok and {} ` E2 ok by inversion of ok-A and (2) E2  E’2 by inversion of A2 and (2) {} ` E’2 ok by IH(E2,E’2) with (3) and (4) {} ` ((X.E1) E’2) ok by ok-A with (3) and (5)

case A2: {} ` ((X.E1) E’2) ok IH(E2,E’2) by assumption {} ` ((X.E1) E2)) ok and ((X.E1) E2))  ((X.E1) E’2) by assumption {} ` (X.E1) ok and {} ` E2 ok by inversion of ok-A and (2) E2  E’2 by inversion of A2 and (2) {} ` E’2 ok by ?? {} ` ((X.E1) E’2) ok by ok-A with (3) and (5)

case A2: {} ` ((X.E1) E’2) ok IH(E2,E’2) by assumption {} ` ((X.E1) E2)) ok and ((X.E1) E2))  ((X.E1) E’2) by assumption {} ` (X.E1) ok and {} ` E2 ok by inversion of ok-A and (2) E2  E’2 by inversion of A2 and (2) {} ` E’2 ok by IH(E2,E’2) with (3) and (4) {} ` ((X.E1) E’2) ok by ??

case A3: If IH(E1,E’1) then IH(E1 E2)),(E’1 E2))

case A3: IH((E1 E2)),((E’1 E2)) IH(E1,E’1) by assumption

case A3: If {} ` (E1 E2) ok and (E1 E2)  (E’1 E2) then {} ` (E’1 E2) ok IH(E1,E’1) by assumption

case A3: {} ` (E’1 E2) ok IH(E1,E’1) by assumption {} ` (E1 E2) ok and (E1 E2)  (E’1 E’2) by assumption {} ` E1 ok and {} ` E2 ok by inversion of ok-A and (2) E1  E’1 by inversion of A3 and (2) {} ` E’1 ok by IH(E1,E’1) with (3) and (4) {} ` (E’1 E2) ok by ok-A with (5) and (3)

Progress Lemma Proof by induction on the derivations of  ` E ok
case ok-V: If X 2  then IH(,X) case ok-L: If IH( [ {X}, E) and X   then IH(,(X.E)) case ok-A: If IH(,E1) and IH(,E2) then IH(,(E1 E2)) IH(env,e) = If env = {} and env ` e ok then (steps(e) or isFinal(e))

Proof: Progress Lemma case ok-V: If X 2  then IH(,X)

Proof: Progress Lemma case ok-V: IH(,X) X 2  by assumption

Proof: Progress Lemma case ok-V: If = {} and ` X ok then
(steps(X) or isFinal(X)) X 2  by assumption

Proof: Progress Lemma case ok-V: If = {} and {} ` X ok then
(steps(X) or isFinal(X)) X 2  by assumption

Proof: Progress Lemma case ok-V: steps(X) or isFinal(X)
X 2  by assumption = {} and {} ` X ok by assumption X 2 {} by (1) and (2) (steps(X) or isFinal(X)) by contradiction implied by (3)

X 2  by assumption = {} and {} ` X ok by assumption X 2 {} by ?? (steps(X) or isFinal(X)) by contradiction implied by (3)

X 2  by assumption = {} and {} ` X ok by assumption X 2 {} by (1) and (2) (steps(X) or isFinal(X)) by contradiction implied by (3)

Proof: Progress Lemma case ok-V: (steps(X) or isFinal(X))
X 2  by assumption = {} and {} ` X ok by assumption X 2 {} by (2) and invert-ok-V steps(X) or isFinal(X) by ??

Proof: Progress Lemma case ok-V: (steps(X) or isFinal(X))
X 2  by assumption = {} and {} ` X ok by assumption X 2 {} by (2) and invert-ok-V steps(X) or isFinal(X) by contradiction implied by (3)

Proof: Progress Lemma case ok-L: If IH( [ {X}, E) and X   then IH(,(X.E))

Proof: Progress Lemma case ok-L: IH(,(X.E))
IH( [ {X}, E) and X   by assumption

Proof: Progress Lemma case ok-L: If  = {} and  ` (X.E) ok then (steps((X.E)) or isFinal((X.E))) IH( [ {X}, E) and X   by assumption

Proof: Progress Lemma case ok-L: steps((X.E)) or isFinal((X.E))
IH( [ {X}, E) and X   by assumption  = {} and  ` (X.E) ok by assumption {} ` (X.E) ok by (2) (X.E) 2 F by definition of F and (3) isFinal((X.E)) by definition of isFinal and (4) steps((X.E)) or isFinal((X.E)) by (5)

IH( [ {X}, E) and X   by assumption  = {} and  ` (X.E) ok by assumption {} ` (X.E) ok by ?? (X.E) 2 F by definition of F and (3) isFinal((X.E)) by definition of isFinal and (4) steps((X.E)) or isFinal((X.E)) by (5)

IH( [ {X}, E) and X   by assumption  = {} and  ` (X.E) ok by assumption {} ` (X.E) ok by (2) (X.E) 2 F by ?? isFinal((X.E)) by definition of isFinal and (4) steps((X.E)) or isFinal((X.E)) by (5)

IH( [ {X}, E) and X   by assumption  = {} and  ` (X.E) ok by assumption {} ` (X.E) ok by (2) (X.E) 2 F by definition of F and (3) isFinal((X.E)) by ?? steps((X.E)) or isFinal((X.E)) by (5)

IH( [ {X}, E) and X   by assumption  = {} and  ` (X.E) ok by assumption {} ` (X.E) ok by (2) (X.E) 2 F by definition of F and (3) isFinal((X.E)) by definition of isFinal and (4) steps((X.E)) or isFinal((X.E)) by ??

Proof: Progress Lemma case ok-A: If IH(,E1) and IH(,E2) then IH(,(E1 E2))

Proof: Progress Lemma case ok-A: IH(,(E1 E2)) IH(,E1) and IH(,E2)

Proof: Progress Lemma case ok-A: If  = {} and ` (E1 E2) ok then (steps((E1 E2)) or isFinal((E1 E2))) IH(,E1) and IH(,E2) by assumption

Proof: Progress Lemma case ok-A: steps((E1 E2)) or isFinal((E1 E2))
IH(,E1) and IH(,E2) by assumption  = {} and ` (E1 E2) ok by assumption {} ` (E1 E2) ok by (2) {} ` E1 ok and {} ` E2 ok by inversion of ok-A 9 e. (E1 E2)  e by induction on (E1 E2)  e … steps((E1 E2)) by definition of steps and (5) 7. steps((E1 E2)) or isFinal((E1 E2)) by (6)

Proof: Progress Lemma case ok-A: steps((E1 E2)) or isFinal((E1 E2))
IH(,E1) and IH(,E2) by assumption  = {} and ` (E1 E2) ok by assumption {} ` (E1 E2) ok by (2) {} ` E1 ok and {} ` E2 ok by inversion of ok-A 9 e. (E1 E2)  e by cases … steps((E1 E2)) by definition of steps and (5) 7. steps((E1 E2)) or isFinal((E1 E2)) by (6)

Proof: Progress Lemma 5. 9 e. (E1 E2)  e by cases (E1 E2)
case E1 = (X’.E’) and E2 = (X’’.E’’): 5.1. (E1 E2)  [X’ Ã(X’’.E’’) ] E’ by A1 case E1 = (X’.E’) and E2  F: 5.1. E2  E’2 by IH({},E2) with (4) and E2  F 5.2. (E1 E2)  (E1 E’2) by A2 with (5.1) case E1  F : 5.1. E1  E’1 by IH({},E1) with (4) and E1  F 5.2. (E’1 E2)  (E’1 E2) by A3 with (5.1)

case E1 = (X’.E’) and E2 = (X’’.E’’): 5.1. (E1 E2)  [X’ Ã(X’’.E’’) ] E’ by ?? case E1 = (X’.E’) and E2  F: 5.1. E2  E’2 by IH({},E2) with (4) and E2  F 5.2. (E1 E2)  (E1 E’2) by A2 with (5.1) case E1  F : 5.1. E1  E’1 by IH({},E1) with (4) and E1  F 5.2. (E’1 E2)  (E’1 E2) by A3 with (5.1)

case E1 = (X’.E’) and E2 = (X’’.E’’): 5.1. (E1 E2)  [X’ Ã(X’’.E’’) ] E’ by A1 case E1 = (X’.E’) and E2  F: 5.1. E2  E’2 by ?? 5.2. (E1 E2)  (E1 E’2) case E1  F : 5.1. E1  E’1 by IH({},E1) with (4) and E1  F 5.2. (E’1 E2)  (E’1 E2) by A3 with (5.1)

case E1 = (X’.E’) and E2 = (X’’.E’’): 5.1. (E1 E2)  [X’ Ã(X’’.E’’) ] E’ by A1 case E1 = (X’.E’) and E2  F: 5.1. E2  E’2 by IH({},E2) with (4) and E2  F 5.2. (E1 E2)  (E1 E’2) by ?? case E1  F : 5.1. E1  E’1 by IH({},E1) with (4) and E1  F 5.2. (E’1 E2)  (E’1 E2) by A3 with (5.1)

case E1 = (X’.E’) and E2 = (X’’.E’’): 5.1. (E1 E2)  [X’ Ã(X’’.E’’) ] E’ by A1 case E1 = (X’.E’) and E2  F: 5.1. E2  E’2 by IH({},E2) with (4) and E2  F 5.2. (E1 E2)  (E1 E’2) by A2 with (5.1) case E1  F : 5.1. E1  E’1 by ?? 5.2. (E’1 E2)  (E’1 E2)

case E1 = (X’.E’) and E2 = (X’’.E’’): 5.1. (E1 E2)  [X’ Ã(X’’.E’’) ] E’ by A1 case E1 = (X’.E’) and E2  F: 5.1. E2  E’2 by IH({},E2) with (4) and E2  F 5.2. (E1 E2)  (E1 E’2) by A2 with (5.1) case E1  F : 5.1. E1  E’1 by IH({},E1) with (4) and E1  F 5.2. (E’1 E2)  (E’1 E2) by ??

Summary Soundness Theorem: If {} ` E ok and E * E’ then :stuck(E’)
Preservation Lemma: If {} ` E ok and E  E’ then {} ` E’ ok Progress Lemma: If {} ` E ok then (steps(E) or isFinal(E)) Substitution Lemma: If  [ {X} ` E ok and {} ` E’ ok then  ` [XÃE’]E ok

Summary Soundness follows from Preservation and Progress by induction on the ?? relation Soundness means well formed programs don’t get “stuck”

Summary Soundness follows from Preservation and Progress by induction on the * relation Soundness means well formed programs don’t get “stuck”

Summary Soundness follows from Preservation and Progress by induction on the * relation Soundness means well formed programs don’t get “stuck” Preservation follows by induction on the ?? relation

Summary Soundness follows from Preservation and Progress by induction on the * relation Soundness means well formed programs don’t get “stuck” Preservation follows by induction on the  relation

Summary Soundness follows from Preservation and Progress by induction on the * relation Soundness means well formed programs don’t get “stuck” Preservation follows by induction on the  relation Progress follows by induction on the wellformedness relation ??

Summary Soundness follows from Preservation and Progress by induction on the * relation Soundness means well formed programs don’t get “stuck” Preservation follows by induction on the  relation Progress follows by induction on the wellformedness relation ( ` E ok)

Lesson Learned High-level structure of soundness proof
All soundness for SOS semantics proofs are basically the same The details vary in small but important ways Proofs are straightforward but tedious Details easy to get confused if not organized Someone ought to automate these proofs or at least their checking See Twelf, Coq, Isabella/HOL … etc.

Relating Static and Dynamic Semantics

Similar presentations

Presentation on theme: "Relating Static and Dynamic Semantics"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Relating Static and Dynamic Semantics

Similar presentations

Presentation on theme: "Relating Static and Dynamic Semantics"— Presentation transcript:

Similar presentations

About project

Feedback