cs 611: lecture 6 rule induction september 8, 1999 cornell university computer science department...

CS 611: Lecture 6

Rule InductionSeptember 8, 1999

Cornell University Computer Science DepartmentAndrew Myers

CS 611—Semantics of Programming Languages—Andrew Myers

2

Administration

• No class on Friday• Homework #1 due on Monday in class

(implementation due at 5 PM Monday)


3

Induction• Last time: two new induction techniques

for proving properties of programs• Structural induction:

– prove that a property holds of all language atoms

– prove that it holds for each kind of expression if it holds of the parts of the expression

property holds for all expressions

• Induction on derivations• prove it holds for derivations that are axioms• prove property holds if it holds for every

derivation (evaluation) of parts of an expression property holds for all derivations


4

Observation• These two forms of induction are very

similar — both operate on trees.

if x = 0 then skip else x := 1, ’

x = 0, false x := 1, [x“1]

if..then.. else

=skip :=

x 0x 1

if x = 0 then skip else x := 1


5

Expression inference rules

a ::= n | X | a0+ a1 | a0 - a1 | a0 × a1

BNF spec for arithmetic expressions in IMP:

Let A be the set of all arithmetic expressions. Inductive definition of A via inference rules:

Axioms: n A X A

Rules: a0 A a1 A a0 + a1 A

a0 A a1 A a0 - a1 A

a0 A a1 A

a0 × a1 A


6

Expression derivation tree• Every legal expression now has a

derivation tree.

• Example: (2+3) × (4-x)

2+3 A

(2+3) × (4 - 5) A

4 - 5 A

2 A 3 A 4 A x A


7

Proof systems = set definitions

• Rules defining the set of all legalarithmetic expressions:

a0 A a1 A a0 + a1 A

a0 A a1 A a0 - a1 A

a0 A a1 A a0 × a1 A

n A X A

• Can view as constraint equations on A:A Z A Loc

A { a0 × a1 | a0 A a1 A }

A { a0 + a1 | a0 A a1 A }

A { a0 – a1 | a0 A a1 A }


8

Solving recursive equations

• A is not the only set that satisfies these equations!

• Can we make these equations mean what we want by a rule for picking among the possible sets?

A Z A LocA { a0 × a1 | a0 A a1 A }

A { a0 + a1 | a0 A a1 A }

A { a0 – a1 | a0 A a1 A }


9

Rule application operator• Define operator R(A’) that adds all elements

needed to satisfy constraint equations:

A Z A LocA { a0 + a1 | a0 A a1 A }

A { a0 – a1 | a0 A a1 A }

A { a0 × a1 | a0 A a1 A }

A = R(A)Want the least fixed point of R

R(A’) = A’ Z Loc { a0+a1 | a0A’ a1A’ } { a0 – a1 | a0A’ a1A’} { a0×a1 | a0A’ a1A’}


10

Constructing least fixed point• Assuming we have A’ containing only

elements of A (A’ )• R(A’) contains only elements of A too• R(R(A’)) contains only elements of A

too• Empty set Ø contains only elements of

A, soA … Rn+1 (Ø) Rn (Ø) Rn-1 (Ø) ...

R(R(Ø)) R(Ø) Ø• Therefore, A = n Rn(Ø)

Least fixed pointoperatorA = fix (R)


11

Proof by rule inductionA = fix(R) = n Rn(Ø)

• For every element E of A, there is some smallest i such that E Ri(Ø)

• i is the minimum number of times the inference rules must be applied to construct E : height of derivation

• Goal: prove that property P holds for every expression in A : a A . P(A)

• Base case: prove a R(Ø) . P(a)• Inductive step: prove

n>1, a Rn(Ø) . (a’ Rn-1(Ø) . P(a’)) P(a)• Conclusion: a fix (R) . P(a)


12

Proof recipe• R is defined by some set of rules• Rules look like

• Want to show that a R(Ø) . P(a) technique: show P(x) for all axioms

• Want to shown>1, a Rn(Ø) . (a’ Rn-1(Ø) . P(a’)) P(a) technique: for all rules show

(x {x1,…,xn} . P(x)) P(x)

xor

x1,…,xn

x

x

x1,…,xn

x


13

Another rule induction instance

• Structural induction = instance of general rule induction technique, based on inductive definition of set of legal expressions

• What about operational semantics? Is a set being defined inductively?

a, n

…

• Let IR be the set of all legal evaluations of arithmetic expressions

a, n means (a, , n) IR


14

Completing the mapping• Evaluation inference rules are an inductive

definition of the set of legal evaluations IR

a0 + a1, n

a0, n0 a1, n1(where n = n0 + n1)

(a0 + a1, , n) IR

(a0, , n0) IR (a1, , n1) A(where n = n0 + n1)

R(B) = B ... { (a0+a1 , , n ) | n0, n1 .

(a0, , n0) B (a1, , n1) B n = n0 + n1} ...


15

Proof technique• To prove property P holds for all

evaluations a, n, show– It holds for axioms (evaluation

of constants and locations)– For each evaluation rule,

• Assume P holds for all antecedent evaluations

• Under this assumption, prove it holds for the conclusion of the rule

• Rule induction: property P holds for all evaluations a, n

a0 + a1, n

a0, n0a1, n1


16

Induction on derivations• Let {Rj} be a set of rules defining some set A

• A derivation d using these rules is a legal derivation if it can be constructed from some rule Rj and sub-derivations dj

i for each of the antecedents xj

i

• Thus, we can define inference rules for constructing set IR of derivations of elements of A

• Apply rule induction proof recipe to find proofs that properties P hold for all legal derivations : induction on derivations– P(d) holds for all one-step derivations d– P(d) holds for all n-step derivations assuming it holds

for all shorter derivations

xj1,…,xj

nj

xj


17

Summary• Any proof system (set of inference

rules) is an inductive definition of a set • Rule induction can be applied to any

inductive definition• Examples: structural induction,

induction on derivations are both instances of this approach

• We will use rule induction for other proof systems in course (e.g., type-checking rules)

cs 611: lecture 6 rule induction september 8, 1999 cornell university computer science department...

Documents