Relating Static and Dynamic Semantics

Relating Static and Dynamic Semantics

COS 441

Princeton University

Fall 2004

Motivations

• We want to know that when evaluating certain well-formed programs certain errors never occur

• Example– Transition semantics for -calculus is “stuck”

when applied to expressions with free variables in it

– So if {} ` E ok then E should never be “stuck”

Formal Statement

isFinal(e) = e 2 F

steps(e) = 9 e’. e e’

stuck(e) = :(steps(e) or isFinal(e))

Soundness Theorem:

If {} ` E ok and E * E’ then :stuck(E’)

Formal Statement

isFinal(e) = e 2 F

steps(e) = 9 e’. e e’

stuck(e) = :(steps(e) or isFinal(e))

Soundness Theorem:

If {} ` E ok and E * E’ then

(steps(E’) or isFinal(E’))

Proof: Soundness Theorem

By induction on derivations of * with Preservation and Progress Lemmas

Preservation Lemma:

If {} ` E ok and E E’ then {} ` E’ ok

Progress Lemma:

If {} ` E ok then (steps(E) or isFinal(E))

Warning!!

• The remainder of the lecture consists of a series of tedious proofs – Take that swig of coffee now– Slides will be on web-site

• Last set of tedious proofs in lecture– I’ll assign them as homework from now on! ;)– What we discuss today is a template for

Assignment 3

Proof by Induction over *

To show 8 e,e’ P(e,e’) we must show

case Z*: IH(E,E)

case S*: If E E’ and IH(E’,E’’) then IH(E,E’’)

IH(e,e’) = If {} ` e ok and e * e’ then

(steps(e’) or isFinal(e’))

S * SZ*

S * S’’

S S’ S’ * S’’S*


case Z*: IH(E,E)


case Z*: If {} ` E ok and E * E then (steps(E) or isFinal(E))


case Z*: (steps(E) or isFinal(E))

1. {} ` E ok and E * E by assumption


case Z*:


2. (steps(E) or isFinal(E))

by ??


case Z*:


2. (steps(E) or isFinal(E))

by Progress Lemma with (1)


case S*: If E E’ and IH(E’,E’’) then IH(E,E’’)


case S*: IH(E,E’’)

1. E E’ and IH(E’,E’’) by assumption


case S*: If {} ` E ok and E * E’’ then

(steps(E’’) or isFinal(E’’))



case S*: (steps(E’’) or isFinal(E’’))


2. {} ` E ok and E * E’’ by assumption

3. ` E’ ok by Preservation with (2,1)

4. E’ * E’’ by inversion of S* and (2)

5. (steps(E) or isFinal(E’’))

by IH with (3, 4)





3. {} ` E’ ok by ?? E’ * E’’ by inversion of S* and (2)


by IH with (3, 4)





3. {} ` E’ ok by Preservation with (2,1)



by IH with (3, 4)






4. E’ * E’’ by ??

5. (steps(E’’) or isFinal(E’’))

by IH with (3, 4)








by IH with (3, 4)


case S*:






by ??


case S*:






by IH(E’,E’’) with (3, 4)

Notes About our Proof

• Note our Proof works for any single step relation ()

• Specific details of step function factored into Progress and Preservation lemmas

• Need to refer to the static and dynamic semantics of the step relation to prove Progress and Preservation Lemmas

Static Semantics for -calculus

Names x 2 …Expressions e ::= lam(x.e) | apply(e1,e2)| x

` X okX 2

ok-V

` apply(E1,E2)ok

` E1 ok ` E2 okok-A

` lam(X.E)ok

[ {X} ` E ok X ok-L

Dynamic Semantics for -calculus

((x.e1) e2) ((x.e1) e’2)

e2 e’2A2

((x.e1) (y.e2)) [xÃ(y.e2)] e1 A1

(e1 e2) (e’1 e2)

e1 e’1 A3

I = { E | {} ` E ok }

S = { E | 9. ` E ok }

F = { x.e | {} ` x.e ok }

Proof: Preservation Lemma

Proof by induction on the derivations of E E’

case A1: IH(((X.E1) (Y.E2)),[X Ã (Y.E2)] E1)

case A2: If IH(E2,E’2) then

IH(((X.E1) E2)),((X.E1) E’2))


IH((E1 E2)),(E’1 E2))

IH(e,e’) = If {} ` e ok and e e’ then {} ` e’ ok


case A1: If {} ` ((X.E1) (Y.E1)) ok and ((X.E1) (Y.E1)) [X Ã (Y.E2)] E1 then {} ` [X Ã (Y.E2)] E1 ok


case A1: {} ` [X Ã (Y.E2)] E1 ok

1. {} ` ((X.E1) (Y.E2)) ok and ((X.E1) (Y.E2)) [X Ã (Y.E2)] E1 by assumption

2. {} ` (X.E1) ok and {} ` (Y.E2) okby inversion of ok-A and (1)

3. {} [ {X} ` E1 ok by inversion of ok-L and (2)

4. {} ` [X Ã (Y.E2)] E1 ok by Substitution Lemma with (3) and (2)


case A1: {} ` [X Ã (Y.E2)] E1 ok


2. {} ` (X.E1) ok and {} ` (Y.E2) okby ??




case A1: {} ` [X Ã (Y.E2)] E1 ok






case A1: {} ` [X Ã (Y.E2)] E1 ok



3. {} [ {X} ` E1 ok by ??



case A1: {} ` [X Ã (Y.E2)] E1 ok






case A1: {} ` [X Ã (Y.E2)] E1 ok




4. {} ` [X Ã (Y.E2)] E1 ok by ??


case A1: {} ` [X Ã (Y.E2)] E1 ok





Substitution Lemma

Proof by induction on the derivations of ` E ok

If [ {X} ` E ok and {} ` E’ ok then

` [XÃE’]E ok

case ok-V: …

case ok-L: …

case ok-A: …

IH(env,e) = If env [ {X} ` e ok and {} ` E’ ok then env ` [XÃE’]e ok

Substitution

Proof by induction on the derivations of ` E okIf [ {X} ` E ok and {} ` E’ ok then ` [XÃE’]E ok

case ok-V: If X 2 then IH(,X)case ok-L: If IH( [ {X}, E) and X then

IH(,(X.E))case ok-A: If IH(,E1) and IH(,E2) then

IH(,(E1 E2))

IH(env,e) = If env [ {X} ` e ok and {} ` E’ ok then env ` [XÃE’]e ok

Proof: Substitution

case ok-V: 1. X 2 by assumption2.[ {Y} ` X ok and {} ` E’ ok by assumption3. ` [YÃE’]X ok by casescase X = Y:

3.1. [YÃE’]X = E’ by def of subst.3.2. ` E’ ok by (2)3.3. ` [YÃE’]X ok by (3.1) and (3.2)

case X Y:3.1. [YÃE’]X = X by def of subst.3.2. ` X ok by ok-V and (1)3.3. ` [YÃE’]X ok by (3.1) and (3.2)

Proof: Substitution

case ok-L: If IH( [ {X}, E) and X then IH(,(X.E))

…

Proof: Substitution

case ok-A: If IH(,E1) and IH(,E2) then IH(,(E1 E2))

…



IH(((X.E1) E2)),((X.E1) E’2))


case A2: IH(((X.E1) E2)),((X.E1) E’2))

1. IH(E2,E’2) by assumption


case A2: If {} ` ((X.E1) E2)) ok and

((X.E1) E2)) ((X.E1) E’2) then

{} ` ((X.E1) E’2) ok



case A2: {} ` ((X.E1) E’2) ok


2. {} ` ((X.E1) E2)) ok and ((X.E1) E2)) ((X.E1) E’2) by assumption

3. {} ` (X.E1) ok and {} ` E2 ok by inversion of ok-A and (2)

4. E2 E’2 by inversion of A2

5. {} ` E’2 ok by IH(E2,E’2) with (3) and (4)

6. {} ` ((X.E1) E’2) okby ok-A with (3) and (5)


case A2: {} ` ((X.E1) E’2) ok



3. {} ` (X.E1) ok and {} ` E2 ok by ??





case A2: {} ` ((X.E1) E’2) ok








case A2: {} ` ((X.E1) E’2) ok




4. E2 E’2 by ??




case A2: {} ` ((X.E1) E’2) ok




4. E2 E’2 by inversion of A2 and (2)




case A2: {} ` ((X.E1) E’2) ok





5. {} ` E’2 ok by ??



case A2: {} ` ((X.E1) E’2) ok








case A2: {} ` ((X.E1) E’2) ok






6. {} ` ((X.E1) E’2) okby ??


case A2: {} ` ((X.E1) E’2) ok









IH(E1 E2)),(E’1 E2))


case A3: IH((E1 E2)),((E’1 E2))



case A3: If {} ` (E1 E2) ok and

(E1 E2) (E’1 E2) then {} ` (E’1 E2) ok



case A3: {} ` (E’1 E2) ok


2. {} ` (E1 E2) ok and (E1 E2) (E’1 E’2)by assumption

3. {} ` E1 ok and {} ` E2 ok by inversion of ok-A and (2)



6. {} ` (E’1 E2) ok by ok-A with (5) and (3)


case A3: {} ` (E’1 E2) ok








case A3: {} ` (E’1 E2) ok








case A3: {} ` (E’1 E2) ok








case A3: {} ` (E’1 E2) ok







Progress Lemma

Proof by induction on the derivations of ` E ok

case ok-V: If X 2 then IH(,X)case ok-L: If IH([ {X}, E) and X then

IH(,(X.E))


IH(env,e) = If env = {} and env ` e ok then (steps(e) or isFinal(e))

Proof: Progress Lemma

case ok-V: If X 2 then IH(,X)


case ok-V: IH(,X)

1. X 2 by assumption


case ok-V: If = {} and ` X ok then

(steps(X) or isFinal(X))



case ok-V: If = {} and {} ` X ok then

(steps(X) or isFinal(X))



case ok-V: steps(X) or isFinal(X)


2. = {} and {} ` X ok by assumption

3. X 2 {} by (1) and (2)

4. (steps(X) or isFinal(X)) by contradiction implied by (3)





3. X 2 {} by ??






3. X 2 {} by (1) and (2)



case ok-V: (steps(X) or isFinal(X))



3. X 2 {} by (2) and invert-ok-V

4. steps(X) or isFinal(X) by ??


case ok-V: (steps(X) or isFinal(X))



3. X 2 {} by (2) and invert-ok-V

4. steps(X) or isFinal(X) by contradiction implied by (3)


case ok-L: If IH([ {X}, E) and X then IH(,(X.E))


case ok-L: IH(,(X.E))

1. IH([ {X}, E) and X by assumption


case ok-L: If = {} and ` (X.E) ok then (steps((X.E)) or isFinal((X.E)))



case ok-L: steps((X.E)) or isFinal((X.E))


2. = {} and ` (X.E) ok by assumption

3. {} ` (X.E) ok by (2)

4. (X.E) 2 F by definition of F and (3)

5. isFinal((X.E)) by definition of isFinal and (4)

6. steps((X.E)) or isFinal((X.E)) by (5)





3. {} ` (X.E) ok by ??








3. {} ` (X.E) ok by (2)








3. {} ` (X.E) ok by (2)

4. (X.E) 2 F by ??







3. {} ` (X.E) ok by (2)








3. {} ` (X.E) ok by (2)


5. isFinal((X.E)) by ??






3. {} ` (X.E) ok by (2)








3. {} ` (X.E) ok by (2)



6. steps((X.E)) or isFinal((X.E)) by ??





3. {} ` (X.E) ok by (2)







case ok-A: IH(,(E1 E2))

1. IH(,E1) and IH(,E2)


case ok-A: If = {} and ` (E1 E2) ok then (steps((E1 E2)) or isFinal((E1 E2)))

1. IH(,E1) and IH(,E2) by assumption


case ok-A: steps((E1 E2)) or isFinal((E1 E2))


2. = {} and ` (E1 E2) ok by assumption

3. {} ` (E1 E2) ok by (2)

4. {} ` E1 ok and {} ` E2 ok by inversion of ok-A

5. 9 e. (E1 E2) e by induction on (E1 E2) e …

6. steps((E1 E2)) by definition of steps and (5)

7. steps((E1 E2)) or isFinal((E1 E2)) by (6)





3. {} ` (E1 E2) ok by (2)









3. {} ` (E1 E2) ok by (2)









3. {} ` (E1 E2) ok by (2)


5. 9 e. (E1 E2) e by cases …







3. {} ` (E1 E2) ok by (2)


5. 9 e. (E1 E2) e by cases …







3. {} ` (E1 E2) ok by (2)


5. 9 e. (E1 E2) e by cases …




5. 9 e. (E1 E2) e by cases (E1 E2)

case E1 = (X’.E’) and E2 = (X’’.E’’):

5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1

case E1 = (X’.E’) and E2 F:

5.1. E2 E’2 by IH({},E2) with (4) and E2 F

5.2. (E1 E2) (E1 E’2) by A2 with (5.1)

case E1 F :


5.2. (E’1 E2) (E’1 E2) by A3 with (5.1)


5. 9 e. (E1 E2) e by cases (E1 E2)

case E1 = (X’.E’) and E2 = (X’’.E’’):

5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by ??



5.2. (E1 E2) (E1 E’2) by A2 with (5.1)

case E1 F :


5.2. (E’1 E2) (E’1 E2) by A3 with (5.1)


5. 9 e. (E1 E2) e by cases (E1 E2)

case E1 = (X’.E’) and E2 = (X’’.E’’):

5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1



5.2. (E1 E2) (E1 E’2) by A2 with (5.1)

case E1 F :


5.2. (E’1 E2) (E’1 E2) by A3 with (5.1)


5. 9 e. (E1 E2) e by cases (E1 E2)

case E1 = (X’.E’) and E2 = (X’’.E’’):

5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1


5.1. E2 E’2 by ??

5.2. (E1 E2) (E1 E’2)

case E1 F :


5.2. (E’1 E2) (E’1 E2) by A3 with (5.1)


5. 9 e. (E1 E2) e by cases (E1 E2)

case E1 = (X’.E’) and E2 = (X’’.E’’):

5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1



5.2. (E1 E2) (E1 E’2) by ??

case E1 F :


5.2. (E’1 E2) (E’1 E2) by A3 with (5.1)


5. 9 e. (E1 E2) e by cases (E1 E2)

case E1 = (X’.E’) and E2 = (X’’.E’’):

5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1



5.2. (E1 E2) (E1 E’2) by A2 with (5.1)

case E1 F :


5.2. (E’1 E2) (E’1 E2) by A3 with (5.1)


5. 9 e. (E1 E2) e by cases (E1 E2)

case E1 = (X’.E’) and E2 = (X’’.E’’):

5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1



5.2. (E1 E2) (E1 E’2) by A2 with (5.1)

case E1 F :

5.1. E1 E’1 by ??

5.2. (E’1 E2) (E’1 E2)


5. 9 e. (E1 E2) e by cases (E1 E2)

case E1 = (X’.E’) and E2 = (X’’.E’’):

5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1



5.2. (E1 E2) (E1 E’2) by A2 with (5.1)

case E1 F :


5.2. (E’1 E2) (E’1 E2) by ??


5. 9 e. (E1 E2) e by cases (E1 E2)

case E1 = (X’.E’) and E2 = (X’’.E’’):

5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1



5.2. (E1 E2) (E1 E’2) by A2 with (5.1)

case E1 F :


5.2. (E’1 E2) (E’1 E2) by A3 with (5.1)

Summary

Soundness Theorem:If {} ` E ok and E * E’ then :stuck(E’)

Preservation Lemma: If {} ` E ok and E E’ then {} ` E’ ok

Progress Lemma:If {} ` E ok then (steps(E) or isFinal(E))

Substitution Lemma:If [ {X} ` E ok and {} ` E’ ok then

` [XÃE’]E ok

Summary

• Soundness follows from Preservation and Progress by induction on the ?? relation– Soundness means well formed programs

don’t get “stuck”

Summary

• Soundness follows from Preservation and Progress by induction on the * relation– Soundness means well formed programs


Summary



• Preservation follows by induction on the ?? relation

Summary



• Preservation follows by induction on the relation

Summary




• Progress follows by induction on the wellformedness relation ??

Summary




• Progress follows by induction on the wellformedness relation ( ` E ok)

Lesson Learned

• High-level structure of soundness proof– All soundness for SOS semantics proofs are

basically the same – The details vary in small but important ways

• Proofs are straightforward but tedious – Details easy to get confused if not organized

• Someone ought to automate these proofs or at least their checking – See Twelf, Coq, Isabella/HOL … etc.

Date post:	12-Jan-2016
Category:	Documents
Upload:	varick
View:	28 times
Download:	0 times

Relating Static and Dynamic Semantics

Documents