Proof case outline
As promised, I’ve written up the IMP operational and denotational semantics verification for the sequence operation. Attached are the PDF and LaTeX source. The LaTeX file uses the semantic package (semantic.sty) that can be found on any of the LaTeX module sites.
I will add the proof case for while that we’re doing in class sometime soon.
I will add the proof case for while that we’re doing in class sometime soon.
Comments
Project 2 is out
Whither the fixed point?
More than one of you has asked about the fixed point of phi and why we found it. We are not using it at this point. In fact, we generally use the form of C[[while b do c]] that we found the fixed point from.
The answer is that the equation:
C[[w]] = {(sigma,sigma’) | B[[b]]sigma=true and (sigma,sigma’) in C[[w]] . C[[c]]} U {...}
does not give us a definition of the denotation. Specifically, C[[w]] appears in its own definition. This is not a well-founded function definition because, in affect, C[[w]] contains itself. So, we needed a value for C[[w]] that does not have this property.
If you look at the definition of R on page 59 of the text, notice that phi does not appear on the right-hand side of the equation. Thus, when we find the fixed point of R to give us R-hat, the definition is well founded. Once we have the value, we can in effect file it away for further use.
The answer is that the equation:
C[[w]] = {(sigma,sigma’) | B[[b]]sigma=true and (sigma,sigma’) in C[[w]] . C[[c]]} U {...}
does not give us a definition of the denotation. Specifically, C[[w]] appears in its own definition. This is not a well-founded function definition because, in affect, C[[w]] contains itself. So, we needed a value for C[[w]] that does not have this property.
If you look at the definition of R on page 59 of the text, notice that phi does not appear on the right-hand side of the equation. Thus, when we find the fixed point of R to give us R-hat, the definition is well founded. Once we have the value, we can in effect file it away for further use.
Structural induction is your friend
We have been going through a structural induction proof in class that is based on the induction scheme we set out earlier. Basically, if we can show something is true for every form in our language, then that something is true for the entire language. No big deal there.
What seems to be causing folks a bit of trouble is how the proof is set up. Basically, we have to definitions of our language. The operational semantic function for arithmetic expressions has the form:
<a,sigma> -> n
while the denotational semantic function has the form:
A[[a]]sigma = n
Somehow, we have to show that these are equivalent. The first thing we do is get both descriptions in the same form. In this case, sets that share the form of the denotational definition. So, we can define a function that returns the value for an expression as specified by the operational definition like this:
{(sigma,n) | <a,sigma> -> n}
This set defines a function that given a sigma, will return the n that the operational semantics definition says it should.
So why reformulate the definition and write this odd set definition? Quite simply, it formulates a denotational definition from the operational definition. That is quite helpful because now all we need to do is prove that these two denotational definitions are the same:
P(a) == A[[a]] = {(sigma,n) | <a,sigma;> -> n}
after expanding A[[a]]:
P(a) == {(sigma,n) | D(sigma,a,n)} = {(sigma,n) | <a,sigma> -> n}
where D is the denotational definition we developed a week ago.
Now you should see where we are headed. If we can show that:
D(sigma,a,n) <=> <a,sigma> -> n
then we know that if a pair is in A[[a]] it is also in the denotation function defined using the operational semantics. That is what we have been up to.
More later on where the preconditions come from and how they are used.
What seems to be causing folks a bit of trouble is how the proof is set up. Basically, we have to definitions of our language. The operational semantic function for arithmetic expressions has the form:
<a,sigma> -> n
while the denotational semantic function has the form:
A[[a]]sigma = n
Somehow, we have to show that these are equivalent. The first thing we do is get both descriptions in the same form. In this case, sets that share the form of the denotational definition. So, we can define a function that returns the value for an expression as specified by the operational definition like this:
{(sigma,n) | <a,sigma> -> n}
This set defines a function that given a sigma, will return the n that the operational semantics definition says it should.
So why reformulate the definition and write this odd set definition? Quite simply, it formulates a denotational definition from the operational definition. That is quite helpful because now all we need to do is prove that these two denotational definitions are the same:
P(a) == A[[a]] = {(sigma,n) | <a,sigma;> -> n}
after expanding A[[a]]:
P(a) == {(sigma,n) | D(sigma,a,n)} = {(sigma,n) | <a,sigma> -> n}
where D is the denotational definition we developed a week ago.
Now you should see where we are headed. If we can show that:
D(sigma,a,n) <=> <a,sigma> -> n
then we know that if a pair is in A[[a]] it is also in the denotation function defined using the operational semantics. That is what we have been up to.
More later on where the preconditions come from and how they are used.
Classes this spring
Tue, Oct 14 2008 07:39
| Administration
| Permalink
If you are looking for classes in the spring, Andy Gill is offering a new course on functional programming:
EECS 700 – Advanced Functional Programming – 3 credit hours – Prof. Andrew Gill
1:00pm – 1:50pm Monday/Wednesday/Friday
2111 Learned Hall
Prerequisite: EECS 368 or equivalent course.
An advanced introduction to functional programming. For additional course information contact Dr. Gill (andygill [at] ku [dot] edu)
We also have a couple of language-related courses on the books that will be offered:
EECS 843 - Programng Language Foundatn II - 3 credit hours - Prof. Perry Alexander
11:00am - 12:15pm Monday/Wednesday
1131 Learned Hall
Prerequsite: EECS 762 or EECS 662, or permission from the instructor
A follow-on to EECS 762 that covers static semantics including type systems and some static analysis. For additional course information, contact me. I’ll likely talk about this in class.
EECS 700 - Virtual Machines - 3 credit hours - Prof. Prasad Kulkarni
11:00am - 12:15pm Tuesday/Thursday
2111 Learned Hall
Prerequisite: permission from the instructor
A graduate introduction to virtual machines. For additional course information contact Dr. Kulkarni (kulkarn [at] eecs [dot] ku [dot] edu)
EECS 700 – Advanced Functional Programming – 3 credit hours – Prof. Andrew Gill
1:00pm – 1:50pm Monday/Wednesday/Friday
2111 Learned Hall
Prerequisite: EECS 368 or equivalent course.
An advanced introduction to functional programming. For additional course information contact Dr. Gill (andygill [at] ku [dot] edu)
We also have a couple of language-related courses on the books that will be offered:
EECS 843 - Programng Language Foundatn II - 3 credit hours - Prof. Perry Alexander
11:00am - 12:15pm Monday/Wednesday
1131 Learned Hall
Prerequsite: EECS 762 or EECS 662, or permission from the instructor
A follow-on to EECS 762 that covers static semantics including type systems and some static analysis. For additional course information, contact me. I’ll likely talk about this in class.
EECS 700 - Virtual Machines - 3 credit hours - Prof. Prasad Kulkarni
11:00am - 12:15pm Tuesday/Thursday
2111 Learned Hall
Prerequisite: permission from the instructor
A graduate introduction to virtual machines. For additional course information contact Dr. Kulkarni (kulkarn [at] eecs [dot] ku [dot] edu)
Flu and proofs
Sorry folks - the flu and proofs really don’t mix at all. I should have shut down class about 10 minutes before I did.
Take a look at the proof that C[[while b do c]] == C[[if b then c;while b do c else skip]] in the text. It’s about 2 steps long and is trivial. Very sorry about that.
The key insight today is that by establishing Gamma(phi)=phi and that the fixed point exists, we can just use phi straight up as we have defined it. This should make sense because phi is Gamma(phi) and we can just substitute. However, if we don’t establish that the fixed point exists we can’t make that equivalence assertion.
Again, sorry about the lecture today. I should be back to normal on Wednesday.
Take a look at the proof that C[[while b do c]] == C[[if b then c;while b do c else skip]] in the text. It’s about 2 steps long and is trivial. Very sorry about that.
The key insight today is that by establishing Gamma(phi)=phi and that the fixed point exists, we can just use phi straight up as we have defined it. This should make sense because phi is Gamma(phi) and we can just substitute. However, if we don’t establish that the fixed point exists we can’t make that equivalence assertion.
Again, sorry about the lecture today. I should be back to normal on Wednesday.
Project 1 Extension
Project 1 is formally extended to Wednesday before midnight. I’m going to be slow responding to email until I get the flu out of my system.
Project 1 Due Date
Project 1 update (again)
I have again updated Project 1 to address some student questions. Specifically: your evaluation function should accept a command and a state and return a state rather than a value; accessing memory locations that have not been initialized should throw and error; and the small-step evaluation function should have an entry point with the same signature as the large-step evaluation function, but need not be restricted only to that.
Still no due date - we’ll take care of that on Friday.
Still no due date - we’ll take care of that on Friday.