relating static and dynamic semantics
DESCRIPTION
Relating Static and Dynamic Semantics. COS 441 Princeton University Fall 2004. Motivations. We want to know that when evaluating certain well-formed programs certain errors never occur Example - PowerPoint PPT PresentationTRANSCRIPT
Relating Static and Dynamic Semantics
COS 441
Princeton University
Fall 2004
Motivations
• We want to know that when evaluating certain well-formed programs certain errors never occur
• Example– Transition semantics for -calculus is “stuck”
when applied to expressions with free variables in it
– So if {} ` E ok then E should never be “stuck”
Formal Statement
isFinal(e) = e 2 F
steps(e) = 9 e’. e e’
stuck(e) = :(steps(e) or isFinal(e))
Soundness Theorem:
If {} ` E ok and E * E’ then :stuck(E’)
Formal Statement
isFinal(e) = e 2 F
steps(e) = 9 e’. e e’
stuck(e) = :(steps(e) or isFinal(e))
Soundness Theorem:
If {} ` E ok and E * E’ then
(steps(E’) or isFinal(E’))
Proof: Soundness Theorem
By induction on derivations of * with Preservation and Progress Lemmas
Preservation Lemma:
If {} ` E ok and E E’ then {} ` E’ ok
Progress Lemma:
If {} ` E ok then (steps(E) or isFinal(E))
Warning!!
• The remainder of the lecture consists of a series of tedious proofs – Take that swig of coffee now– Slides will be on web-site
• Last set of tedious proofs in lecture– I’ll assign them as homework from now on! ;)– What we discuss today is a template for
Assignment 3
Proof by Induction over *
To show 8 e,e’ P(e,e’) we must show
case Z*: IH(E,E)
case S*: If E E’ and IH(E’,E’’) then IH(E,E’’)
IH(e,e’) = If {} ` e ok and e * e’ then
(steps(e’) or isFinal(e’))
S * SZ*
S * S’’
S S’ S’ * S’’S*
Proof: Soundness Theorem
case Z*: IH(E,E)
Proof: Soundness Theorem
case Z*: If {} ` E ok and E * E then (steps(E) or isFinal(E))
Proof: Soundness Theorem
case Z*: (steps(E) or isFinal(E))
1. {} ` E ok and E * E by assumption
Proof: Soundness Theorem
case Z*:
1. {} ` E ok and E * E by assumption
2. (steps(E) or isFinal(E))
by ??
Proof: Soundness Theorem
case Z*:
1. {} ` E ok and E * E by assumption
2. (steps(E) or isFinal(E))
by Progress Lemma with (1)
Proof: Soundness Theorem
case S*: If E E’ and IH(E’,E’’) then IH(E,E’’)
Proof: Soundness Theorem
case S*: IH(E,E’’)
1. E E’ and IH(E’,E’’) by assumption
Proof: Soundness Theorem
case S*: If {} ` E ok and E * E’’ then
(steps(E’’) or isFinal(E’’))
1. E E’ and IH(E’,E’’) by assumption
Proof: Soundness Theorem
case S*: (steps(E’’) or isFinal(E’’))
1. E E’ and IH(E’,E’’) by assumption
2. {} ` E ok and E * E’’ by assumption
3. ` E’ ok by Preservation with (2,1)
4. E’ * E’’ by inversion of S* and (2)
5. (steps(E) or isFinal(E’’))
by IH with (3, 4)
Proof: Soundness Theorem
case S*: (steps(E’’) or isFinal(E’’))
1. E E’ and IH(E’,E’’) by assumption
2. {} ` E ok and E * E’’ by assumption
3. {} ` E’ ok by ?? E’ * E’’ by inversion of S* and (2)
4. (steps(E) or isFinal(E’’))
by IH with (3, 4)
Proof: Soundness Theorem
case S*: (steps(E’’) or isFinal(E’’))
1. E E’ and IH(E’,E’’) by assumption
2. {} ` E ok and E * E’’ by assumption
3. {} ` E’ ok by Preservation with (2,1)
4. E’ * E’’ by inversion of S* and (2)
5. (steps(E) or isFinal(E’’))
by IH with (3, 4)
Proof: Soundness Theorem
case S*: (steps(E’’) or isFinal(E’’))
1. E E’ and IH(E’,E’’) by assumption
2. {} ` E ok and E * E’’ by assumption
3. {} ` E’ ok by Preservation with (2,1)
4. E’ * E’’ by ??
5. (steps(E’’) or isFinal(E’’))
by IH with (3, 4)
Proof: Soundness Theorem
case S*: (steps(E’’) or isFinal(E’’))
1. E E’ and IH(E’,E’’) by assumption
2. {} ` E ok and E * E’’ by assumption
3. {} ` E’ ok by Preservation with (2,1)
4. E’ * E’’ by inversion of S* and (2)
5. (steps(E’’) or isFinal(E’’))
by IH with (3, 4)
Proof: Soundness Theorem
case S*:
1. E E’ and IH(E’,E’’) by assumption
2. {} ` E ok and E * E’’ by assumption
3. {} ` E’ ok by Preservation with (2,1)
4. E’ * E’’ by inversion of S* and (2)
5. (steps(E’’) or isFinal(E’’))
by ??
Proof: Soundness Theorem
case S*:
1. E E’ and IH(E’,E’’) by assumption
2. {} ` E ok and E * E’’ by assumption
3. {} ` E’ ok by Preservation with (2,1)
4. E’ * E’’ by inversion of S* and (2)
5. (steps(E’’) or isFinal(E’’))
by IH(E’,E’’) with (3, 4)
Notes About our Proof
• Note our Proof works for any single step relation ()
• Specific details of step function factored into Progress and Preservation lemmas
• Need to refer to the static and dynamic semantics of the step relation to prove Progress and Preservation Lemmas
Static Semantics for -calculus
Names x 2 …Expressions e ::= lam(x.e) | apply(e1,e2)| x
` X okX 2
ok-V
` apply(E1,E2)ok
` E1 ok ` E2 okok-A
` lam(X.E)ok
[ {X} ` E ok X ok-L
Dynamic Semantics for -calculus
((x.e1) e2) ((x.e1) e’2)
e2 e’2A2
((x.e1) (y.e2)) [xÃ(y.e2)] e1 A1
(e1 e2) (e’1 e2)
e1 e’1 A3
I = { E | {} ` E ok }
S = { E | 9. ` E ok }
F = { x.e | {} ` x.e ok }
Proof: Preservation Lemma
Proof by induction on the derivations of E E’
case A1: IH(((X.E1) (Y.E2)),[X Ã (Y.E2)] E1)
case A2: If IH(E2,E’2) then
IH(((X.E1) E2)),((X.E1) E’2))
case A3: If IH(E1,E’1) then
IH((E1 E2)),(E’1 E2))
IH(e,e’) = If {} ` e ok and e e’ then {} ` e’ ok
Proof: Preservation Lemma
case A1: If {} ` ((X.E1) (Y.E1)) ok and ((X.E1) (Y.E1)) [X Ã (Y.E2)] E1 then {} ` [X Ã (Y.E2)] E1 ok
Proof: Preservation Lemma
case A1: {} ` [X Ã (Y.E2)] E1 ok
1. {} ` ((X.E1) (Y.E2)) ok and ((X.E1) (Y.E2)) [X Ã (Y.E2)] E1 by assumption
2. {} ` (X.E1) ok and {} ` (Y.E2) okby inversion of ok-A and (1)
3. {} [ {X} ` E1 ok by inversion of ok-L and (2)
4. {} ` [X Ã (Y.E2)] E1 ok by Substitution Lemma with (3) and (2)
Proof: Preservation Lemma
case A1: {} ` [X Ã (Y.E2)] E1 ok
1. {} ` ((X.E1) (Y.E2)) ok and ((X.E1) (Y.E2)) [X Ã (Y.E2)] E1 by assumption
2. {} ` (X.E1) ok and {} ` (Y.E2) okby ??
3. {} [ {X} ` E1 ok by inversion of ok-L and (2)
4. {} ` [X Ã (Y.E2)] E1 ok by Substitution Lemma with (3) and (2)
Proof: Preservation Lemma
case A1: {} ` [X Ã (Y.E2)] E1 ok
1. {} ` ((X.E1) (Y.E2)) ok and ((X.E1) (Y.E2)) [X Ã (Y.E2)] E1 by assumption
2. {} ` (X.E1) ok and {} ` (Y.E2) okby inversion of ok-A and (1)
3. {} [ {X} ` E1 ok by inversion of ok-L and (2)
4. {} ` [X Ã (Y.E2)] E1 ok by Substitution Lemma with (3) and (2)
Proof: Preservation Lemma
case A1: {} ` [X Ã (Y.E2)] E1 ok
1. {} ` ((X.E1) (Y.E2)) ok and ((X.E1) (Y.E2)) [X Ã (Y.E2)] E1 by assumption
2. {} ` (X.E1) ok and {} ` (Y.E2) okby inversion of ok-A and (1)
3. {} [ {X} ` E1 ok by ??
4. {} ` [X Ã (Y.E2)] E1 ok by Substitution Lemma with (3) and (2)
Proof: Preservation Lemma
case A1: {} ` [X Ã (Y.E2)] E1 ok
1. {} ` ((X.E1) (Y.E2)) ok and ((X.E1) (Y.E2)) [X Ã (Y.E2)] E1 by assumption
2. {} ` (X.E1) ok and {} ` (Y.E2) okby inversion of ok-A and (1)
3. {} [ {X} ` E1 ok by inversion of ok-L and (2)
4. {} ` [X Ã (Y.E2)] E1 ok by Substitution Lemma with (3) and (2)
Proof: Preservation Lemma
case A1: {} ` [X Ã (Y.E2)] E1 ok
1. {} ` ((X.E1) (Y.E2)) ok and ((X.E1) (Y.E2)) [X Ã (Y.E2)] E1 by assumption
2. {} ` (X.E1) ok and {} ` (Y.E2) okby inversion of ok-A and (1)
3. {} [ {X} ` E1 ok by inversion of ok-L and (2)
4. {} ` [X Ã (Y.E2)] E1 ok by ??
Proof: Preservation Lemma
case A1: {} ` [X Ã (Y.E2)] E1 ok
1. {} ` ((X.E1) (Y.E2)) ok and ((X.E1) (Y.E2)) [X Ã (Y.E2)] E1 by assumption
2. {} ` (X.E1) ok and {} ` (Y.E2) okby inversion of ok-A and (1)
3. {} [ {X} ` E1 ok by inversion of ok-L and (2)
4. {} ` [X Ã (Y.E2)] E1 ok by Substitution Lemma with (3) and (2)
Substitution Lemma
Proof by induction on the derivations of ` E ok
If [ {X} ` E ok and {} ` E’ ok then
` [XÃE’]E ok
case ok-V: …
case ok-L: …
case ok-A: …
IH(env,e) = If env [ {X} ` e ok and {} ` E’ ok then env ` [XÃE’]e ok
Substitution
Proof by induction on the derivations of ` E okIf [ {X} ` E ok and {} ` E’ ok then ` [XÃE’]E ok
case ok-V: If X 2 then IH(,X)case ok-L: If IH( [ {X}, E) and X then
IH(,(X.E))case ok-A: If IH(,E1) and IH(,E2) then
IH(,(E1 E2))
IH(env,e) = If env [ {X} ` e ok and {} ` E’ ok then env ` [XÃE’]e ok
Proof: Substitution
case ok-V: 1. X 2 by assumption2.[ {Y} ` X ok and {} ` E’ ok by assumption3. ` [YÃE’]X ok by casescase X = Y:
3.1. [YÃE’]X = E’ by def of subst.3.2. ` E’ ok by (2)3.3. ` [YÃE’]X ok by (3.1) and (3.2)
case X Y:3.1. [YÃE’]X = X by def of subst.3.2. ` X ok by ok-V and (1)3.3. ` [YÃE’]X ok by (3.1) and (3.2)
Proof: Substitution
case ok-L: If IH( [ {X}, E) and X then IH(,(X.E))
…
Proof: Substitution
case ok-A: If IH(,E1) and IH(,E2) then IH(,(E1 E2))
…
Proof: Preservation Lemma
case A2: If IH(E2,E’2) then
IH(((X.E1) E2)),((X.E1) E’2))
Proof: Preservation Lemma
case A2: IH(((X.E1) E2)),((X.E1) E’2))
1. IH(E2,E’2) by assumption
Proof: Preservation Lemma
case A2: If {} ` ((X.E1) E2)) ok and
((X.E1) E2)) ((X.E1) E’2) then
{} ` ((X.E1) E’2) ok
1. IH(E2,E’2) by assumption
Proof: Preservation Lemma
case A2: {} ` ((X.E1) E’2) ok
1. IH(E2,E’2) by assumption
2. {} ` ((X.E1) E2)) ok and ((X.E1) E2)) ((X.E1) E’2) by assumption
3. {} ` (X.E1) ok and {} ` E2 ok by inversion of ok-A and (2)
4. E2 E’2 by inversion of A2
5. {} ` E’2 ok by IH(E2,E’2) with (3) and (4)
6. {} ` ((X.E1) E’2) okby ok-A with (3) and (5)
Proof: Preservation Lemma
case A2: {} ` ((X.E1) E’2) ok
1. IH(E2,E’2) by assumption
2. {} ` ((X.E1) E2)) ok and ((X.E1) E2)) ((X.E1) E’2) by assumption
3. {} ` (X.E1) ok and {} ` E2 ok by ??
4. E2 E’2 by inversion of A2
5. {} ` E’2 ok by IH(E2,E’2) with (3) and (4)
6. {} ` ((X.E1) E’2) okby ok-A with (3) and (5)
Proof: Preservation Lemma
case A2: {} ` ((X.E1) E’2) ok
1. IH(E2,E’2) by assumption
2. {} ` ((X.E1) E2)) ok and ((X.E1) E2)) ((X.E1) E’2) by assumption
3. {} ` (X.E1) ok and {} ` E2 ok by inversion of ok-A and (2)
4. E2 E’2 by inversion of A2
5. {} ` E’2 ok by IH(E2,E’2) with (3) and (4)
6. {} ` ((X.E1) E’2) okby ok-A with (3) and (5)
Proof: Preservation Lemma
case A2: {} ` ((X.E1) E’2) ok
1. IH(E2,E’2) by assumption
2. {} ` ((X.E1) E2)) ok and ((X.E1) E2)) ((X.E1) E’2) by assumption
3. {} ` (X.E1) ok and {} ` E2 ok by inversion of ok-A and (2)
4. E2 E’2 by ??
5. {} ` E’2 ok by IH(E2,E’2) with (3) and (4)
6. {} ` ((X.E1) E’2) okby ok-A with (3) and (5)
Proof: Preservation Lemma
case A2: {} ` ((X.E1) E’2) ok
1. IH(E2,E’2) by assumption
2. {} ` ((X.E1) E2)) ok and ((X.E1) E2)) ((X.E1) E’2) by assumption
3. {} ` (X.E1) ok and {} ` E2 ok by inversion of ok-A and (2)
4. E2 E’2 by inversion of A2 and (2)
5. {} ` E’2 ok by IH(E2,E’2) with (3) and (4)
6. {} ` ((X.E1) E’2) okby ok-A with (3) and (5)
Proof: Preservation Lemma
case A2: {} ` ((X.E1) E’2) ok
1. IH(E2,E’2) by assumption
2. {} ` ((X.E1) E2)) ok and ((X.E1) E2)) ((X.E1) E’2) by assumption
3. {} ` (X.E1) ok and {} ` E2 ok by inversion of ok-A and (2)
4. E2 E’2 by inversion of A2 and (2)
5. {} ` E’2 ok by ??
6. {} ` ((X.E1) E’2) okby ok-A with (3) and (5)
Proof: Preservation Lemma
case A2: {} ` ((X.E1) E’2) ok
1. IH(E2,E’2) by assumption
2. {} ` ((X.E1) E2)) ok and ((X.E1) E2)) ((X.E1) E’2) by assumption
3. {} ` (X.E1) ok and {} ` E2 ok by inversion of ok-A and (2)
4. E2 E’2 by inversion of A2 and (2)
5. {} ` E’2 ok by IH(E2,E’2) with (3) and (4)
6. {} ` ((X.E1) E’2) okby ok-A with (3) and (5)
Proof: Preservation Lemma
case A2: {} ` ((X.E1) E’2) ok
1. IH(E2,E’2) by assumption
2. {} ` ((X.E1) E2)) ok and ((X.E1) E2)) ((X.E1) E’2) by assumption
3. {} ` (X.E1) ok and {} ` E2 ok by inversion of ok-A and (2)
4. E2 E’2 by inversion of A2 and (2)
5. {} ` E’2 ok by IH(E2,E’2) with (3) and (4)
6. {} ` ((X.E1) E’2) okby ??
Proof: Preservation Lemma
case A2: {} ` ((X.E1) E’2) ok
1. IH(E2,E’2) by assumption
2. {} ` ((X.E1) E2)) ok and ((X.E1) E2)) ((X.E1) E’2) by assumption
3. {} ` (X.E1) ok and {} ` E2 ok by inversion of ok-A and (2)
4. E2 E’2 by inversion of A2 and (2)
5. {} ` E’2 ok by IH(E2,E’2) with (3) and (4)
6. {} ` ((X.E1) E’2) okby ok-A with (3) and (5)
Proof: Preservation Lemma
case A3: If IH(E1,E’1) then
IH(E1 E2)),(E’1 E2))
Proof: Preservation Lemma
case A3: IH((E1 E2)),((E’1 E2))
1. IH(E1,E’1) by assumption
Proof: Preservation Lemma
case A3: If {} ` (E1 E2) ok and
(E1 E2) (E’1 E2) then {} ` (E’1 E2) ok
1. IH(E1,E’1) by assumption
Proof: Preservation Lemma
case A3: {} ` (E’1 E2) ok
1. IH(E1,E’1) by assumption
2. {} ` (E1 E2) ok and (E1 E2) (E’1 E’2)by assumption
3. {} ` E1 ok and {} ` E2 ok by inversion of ok-A and (2)
4. E1 E’1 by inversion of A3 and (2)
5. {} ` E’1 ok by IH(E1,E’1) with (3) and (4)
6. {} ` (E’1 E2) ok by ok-A with (5) and (3)
Proof: Preservation Lemma
case A3: {} ` (E’1 E2) ok
1. IH(E1,E’1) by assumption
2. {} ` (E1 E2) ok and (E1 E2) (E’1 E’2)by assumption
3. {} ` E1 ok and {} ` E2 ok by inversion of ok-A and (2)
4. E1 E’1 by inversion of A3 and (2)
5. {} ` E’1 ok by IH(E1,E’1) with (3) and (4)
6. {} ` (E’1 E2) ok by ok-A with (5) and (3)
Proof: Preservation Lemma
case A3: {} ` (E’1 E2) ok
1. IH(E1,E’1) by assumption
2. {} ` (E1 E2) ok and (E1 E2) (E’1 E’2)by assumption
3. {} ` E1 ok and {} ` E2 ok by inversion of ok-A and (2)
4. E1 E’1 by inversion of A3 and (2)
5. {} ` E’1 ok by IH(E1,E’1) with (3) and (4)
6. {} ` (E’1 E2) ok by ok-A with (5) and (3)
Proof: Preservation Lemma
case A3: {} ` (E’1 E2) ok
1. IH(E1,E’1) by assumption
2. {} ` (E1 E2) ok and (E1 E2) (E’1 E’2)by assumption
3. {} ` E1 ok and {} ` E2 ok by inversion of ok-A and (2)
4. E1 E’1 by inversion of A3 and (2)
5. {} ` E’1 ok by IH(E1,E’1) with (3) and (4)
6. {} ` (E’1 E2) ok by ok-A with (5) and (3)
Proof: Preservation Lemma
case A3: {} ` (E’1 E2) ok
1. IH(E1,E’1) by assumption
2. {} ` (E1 E2) ok and (E1 E2) (E’1 E’2)by assumption
3. {} ` E1 ok and {} ` E2 ok by inversion of ok-A and (2)
4. E1 E’1 by inversion of A3 and (2)
5. {} ` E’1 ok by IH(E1,E’1) with (3) and (4)
6. {} ` (E’1 E2) ok by ok-A with (5) and (3)
Progress Lemma
Proof by induction on the derivations of ` E ok
case ok-V: If X 2 then IH(,X)case ok-L: If IH([ {X}, E) and X then
IH(,(X.E))
case ok-A: If IH(,E1) and IH(,E2) then IH(,(E1 E2))
IH(env,e) = If env = {} and env ` e ok then (steps(e) or isFinal(e))
Proof: Progress Lemma
case ok-V: If X 2 then IH(,X)
Proof: Progress Lemma
case ok-V: IH(,X)
1. X 2 by assumption
Proof: Progress Lemma
case ok-V: If = {} and ` X ok then
(steps(X) or isFinal(X))
1. X 2 by assumption
Proof: Progress Lemma
case ok-V: If = {} and {} ` X ok then
(steps(X) or isFinal(X))
1. X 2 by assumption
Proof: Progress Lemma
case ok-V: steps(X) or isFinal(X)
1. X 2 by assumption
2. = {} and {} ` X ok by assumption
3. X 2 {} by (1) and (2)
4. (steps(X) or isFinal(X)) by contradiction implied by (3)
Proof: Progress Lemma
case ok-V: steps(X) or isFinal(X)
1. X 2 by assumption
2. = {} and {} ` X ok by assumption
3. X 2 {} by ??
4. (steps(X) or isFinal(X)) by contradiction implied by (3)
Proof: Progress Lemma
case ok-V: steps(X) or isFinal(X)
1. X 2 by assumption
2. = {} and {} ` X ok by assumption
3. X 2 {} by (1) and (2)
4. (steps(X) or isFinal(X)) by contradiction implied by (3)
Proof: Progress Lemma
case ok-V: (steps(X) or isFinal(X))
1. X 2 by assumption
2. = {} and {} ` X ok by assumption
3. X 2 {} by (2) and invert-ok-V
4. steps(X) or isFinal(X) by ??
Proof: Progress Lemma
case ok-V: (steps(X) or isFinal(X))
1. X 2 by assumption
2. = {} and {} ` X ok by assumption
3. X 2 {} by (2) and invert-ok-V
4. steps(X) or isFinal(X) by contradiction implied by (3)
Proof: Progress Lemma
case ok-L: If IH([ {X}, E) and X then IH(,(X.E))
Proof: Progress Lemma
case ok-L: IH(,(X.E))
1. IH([ {X}, E) and X by assumption
Proof: Progress Lemma
case ok-L: If = {} and ` (X.E) ok then (steps((X.E)) or isFinal((X.E)))
1. IH([ {X}, E) and X by assumption
Proof: Progress Lemma
case ok-L: steps((X.E)) or isFinal((X.E))
1. IH([ {X}, E) and X by assumption
2. = {} and ` (X.E) ok by assumption
3. {} ` (X.E) ok by (2)
4. (X.E) 2 F by definition of F and (3)
5. isFinal((X.E)) by definition of isFinal and (4)
6. steps((X.E)) or isFinal((X.E)) by (5)
Proof: Progress Lemma
case ok-L: steps((X.E)) or isFinal((X.E))
1. IH([ {X}, E) and X by assumption
2. = {} and ` (X.E) ok by assumption
3. {} ` (X.E) ok by ??
4. (X.E) 2 F by definition of F and (3)
5. isFinal((X.E)) by definition of isFinal and (4)
6. steps((X.E)) or isFinal((X.E)) by (5)
Proof: Progress Lemma
case ok-L: steps((X.E)) or isFinal((X.E))
1. IH([ {X}, E) and X by assumption
2. = {} and ` (X.E) ok by assumption
3. {} ` (X.E) ok by (2)
4. (X.E) 2 F by definition of F and (3)
5. isFinal((X.E)) by definition of isFinal and (4)
6. steps((X.E)) or isFinal((X.E)) by (5)
Proof: Progress Lemma
case ok-L: steps((X.E)) or isFinal((X.E))
1. IH([ {X}, E) and X by assumption
2. = {} and ` (X.E) ok by assumption
3. {} ` (X.E) ok by (2)
4. (X.E) 2 F by ??
5. isFinal((X.E)) by definition of isFinal and (4)
6. steps((X.E)) or isFinal((X.E)) by (5)
Proof: Progress Lemma
case ok-L: steps((X.E)) or isFinal((X.E))
1. IH([ {X}, E) and X by assumption
2. = {} and ` (X.E) ok by assumption
3. {} ` (X.E) ok by (2)
4. (X.E) 2 F by definition of F and (3)
5. isFinal((X.E)) by definition of isFinal and (4)
6. steps((X.E)) or isFinal((X.E)) by (5)
Proof: Progress Lemma
case ok-L: steps((X.E)) or isFinal((X.E))
1. IH([ {X}, E) and X by assumption
2. = {} and ` (X.E) ok by assumption
3. {} ` (X.E) ok by (2)
4. (X.E) 2 F by definition of F and (3)
5. isFinal((X.E)) by ??
6. steps((X.E)) or isFinal((X.E)) by (5)
Proof: Progress Lemma
case ok-L: steps((X.E)) or isFinal((X.E))
1. IH([ {X}, E) and X by assumption
2. = {} and ` (X.E) ok by assumption
3. {} ` (X.E) ok by (2)
4. (X.E) 2 F by definition of F and (3)
5. isFinal((X.E)) by definition of isFinal and (4)
6. steps((X.E)) or isFinal((X.E)) by (5)
Proof: Progress Lemma
case ok-L: steps((X.E)) or isFinal((X.E))
1. IH([ {X}, E) and X by assumption
2. = {} and ` (X.E) ok by assumption
3. {} ` (X.E) ok by (2)
4. (X.E) 2 F by definition of F and (3)
5. isFinal((X.E)) by definition of isFinal and (4)
6. steps((X.E)) or isFinal((X.E)) by ??
Proof: Progress Lemma
case ok-L: steps((X.E)) or isFinal((X.E))
1. IH([ {X}, E) and X by assumption
2. = {} and ` (X.E) ok by assumption
3. {} ` (X.E) ok by (2)
4. (X.E) 2 F by definition of F and (3)
5. isFinal((X.E)) by definition of isFinal and (4)
6. steps((X.E)) or isFinal((X.E)) by (5)
Proof: Progress Lemma
case ok-A: If IH(,E1) and IH(,E2) then IH(,(E1 E2))
Proof: Progress Lemma
case ok-A: IH(,(E1 E2))
1. IH(,E1) and IH(,E2)
Proof: Progress Lemma
case ok-A: If = {} and ` (E1 E2) ok then (steps((E1 E2)) or isFinal((E1 E2)))
1. IH(,E1) and IH(,E2) by assumption
Proof: Progress Lemma
case ok-A: steps((E1 E2)) or isFinal((E1 E2))
1. IH(,E1) and IH(,E2) by assumption
2. = {} and ` (E1 E2) ok by assumption
3. {} ` (E1 E2) ok by (2)
4. {} ` E1 ok and {} ` E2 ok by inversion of ok-A
5. 9 e. (E1 E2) e by induction on (E1 E2) e …
6. steps((E1 E2)) by definition of steps and (5)
7. steps((E1 E2)) or isFinal((E1 E2)) by (6)
Proof: Progress Lemma
case ok-A: steps((E1 E2)) or isFinal((E1 E2))
1. IH(,E1) and IH(,E2) by assumption
2. = {} and ` (E1 E2) ok by assumption
3. {} ` (E1 E2) ok by (2)
4. {} ` E1 ok and {} ` E2 ok by inversion of ok-A
5. 9 e. (E1 E2) e by induction on (E1 E2) e …
6. steps((E1 E2)) by definition of steps and (5)
7. steps((E1 E2)) or isFinal((E1 E2)) by (6)
Proof: Progress Lemma
case ok-A: steps((E1 E2)) or isFinal((E1 E2))
1. IH(,E1) and IH(,E2) by assumption
2. = {} and ` (E1 E2) ok by assumption
3. {} ` (E1 E2) ok by (2)
4. {} ` E1 ok and {} ` E2 ok by inversion of ok-A
5. 9 e. (E1 E2) e by induction on (E1 E2) e …
6. steps((E1 E2)) by definition of steps and (5)
7. steps((E1 E2)) or isFinal((E1 E2)) by (6)
Proof: Progress Lemma
case ok-A: steps((E1 E2)) or isFinal((E1 E2))
1. IH(,E1) and IH(,E2) by assumption
2. = {} and ` (E1 E2) ok by assumption
3. {} ` (E1 E2) ok by (2)
4. {} ` E1 ok and {} ` E2 ok by inversion of ok-A
5. 9 e. (E1 E2) e by cases …
6. steps((E1 E2)) by definition of steps and (5)
7. steps((E1 E2)) or isFinal((E1 E2)) by (6)
Proof: Progress Lemma
case ok-A: steps((E1 E2)) or isFinal((E1 E2))
1. IH(,E1) and IH(,E2) by assumption
2. = {} and ` (E1 E2) ok by assumption
3. {} ` (E1 E2) ok by (2)
4. {} ` E1 ok and {} ` E2 ok by inversion of ok-A
5. 9 e. (E1 E2) e by cases …
6. steps((E1 E2)) by definition of steps and (5)
7. steps((E1 E2)) or isFinal((E1 E2)) by (6)
Proof: Progress Lemma
case ok-A: steps((E1 E2)) or isFinal((E1 E2))
1. IH(,E1) and IH(,E2) by assumption
2. = {} and ` (E1 E2) ok by assumption
3. {} ` (E1 E2) ok by (2)
4. {} ` E1 ok and {} ` E2 ok by inversion of ok-A
5. 9 e. (E1 E2) e by cases …
6. steps((E1 E2)) by definition of steps and (5)
7. steps((E1 E2)) or isFinal((E1 E2)) by (6)
Proof: Progress Lemma
5. 9 e. (E1 E2) e by cases (E1 E2)
case E1 = (X’.E’) and E2 = (X’’.E’’):
5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1
case E1 = (X’.E’) and E2 F:
5.1. E2 E’2 by IH({},E2) with (4) and E2 F
5.2. (E1 E2) (E1 E’2) by A2 with (5.1)
case E1 F :
5.1. E1 E’1 by IH({},E1) with (4) and E1 F
5.2. (E’1 E2) (E’1 E2) by A3 with (5.1)
Proof: Progress Lemma
5. 9 e. (E1 E2) e by cases (E1 E2)
case E1 = (X’.E’) and E2 = (X’’.E’’):
5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by ??
case E1 = (X’.E’) and E2 F:
5.1. E2 E’2 by IH({},E2) with (4) and E2 F
5.2. (E1 E2) (E1 E’2) by A2 with (5.1)
case E1 F :
5.1. E1 E’1 by IH({},E1) with (4) and E1 F
5.2. (E’1 E2) (E’1 E2) by A3 with (5.1)
Proof: Progress Lemma
5. 9 e. (E1 E2) e by cases (E1 E2)
case E1 = (X’.E’) and E2 = (X’’.E’’):
5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1
case E1 = (X’.E’) and E2 F:
5.1. E2 E’2 by IH({},E2) with (4) and E2 F
5.2. (E1 E2) (E1 E’2) by A2 with (5.1)
case E1 F :
5.1. E1 E’1 by IH({},E1) with (4) and E1 F
5.2. (E’1 E2) (E’1 E2) by A3 with (5.1)
Proof: Progress Lemma
5. 9 e. (E1 E2) e by cases (E1 E2)
case E1 = (X’.E’) and E2 = (X’’.E’’):
5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1
case E1 = (X’.E’) and E2 F:
5.1. E2 E’2 by ??
5.2. (E1 E2) (E1 E’2)
case E1 F :
5.1. E1 E’1 by IH({},E1) with (4) and E1 F
5.2. (E’1 E2) (E’1 E2) by A3 with (5.1)
Proof: Progress Lemma
5. 9 e. (E1 E2) e by cases (E1 E2)
case E1 = (X’.E’) and E2 = (X’’.E’’):
5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1
case E1 = (X’.E’) and E2 F:
5.1. E2 E’2 by IH({},E2) with (4) and E2 F
5.2. (E1 E2) (E1 E’2) by ??
case E1 F :
5.1. E1 E’1 by IH({},E1) with (4) and E1 F
5.2. (E’1 E2) (E’1 E2) by A3 with (5.1)
Proof: Progress Lemma
5. 9 e. (E1 E2) e by cases (E1 E2)
case E1 = (X’.E’) and E2 = (X’’.E’’):
5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1
case E1 = (X’.E’) and E2 F:
5.1. E2 E’2 by IH({},E2) with (4) and E2 F
5.2. (E1 E2) (E1 E’2) by A2 with (5.1)
case E1 F :
5.1. E1 E’1 by IH({},E1) with (4) and E1 F
5.2. (E’1 E2) (E’1 E2) by A3 with (5.1)
Proof: Progress Lemma
5. 9 e. (E1 E2) e by cases (E1 E2)
case E1 = (X’.E’) and E2 = (X’’.E’’):
5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1
case E1 = (X’.E’) and E2 F:
5.1. E2 E’2 by IH({},E2) with (4) and E2 F
5.2. (E1 E2) (E1 E’2) by A2 with (5.1)
case E1 F :
5.1. E1 E’1 by ??
5.2. (E’1 E2) (E’1 E2)
Proof: Progress Lemma
5. 9 e. (E1 E2) e by cases (E1 E2)
case E1 = (X’.E’) and E2 = (X’’.E’’):
5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1
case E1 = (X’.E’) and E2 F:
5.1. E2 E’2 by IH({},E2) with (4) and E2 F
5.2. (E1 E2) (E1 E’2) by A2 with (5.1)
case E1 F :
5.1. E1 E’1 by IH({},E1) with (4) and E1 F
5.2. (E’1 E2) (E’1 E2) by ??
Proof: Progress Lemma
5. 9 e. (E1 E2) e by cases (E1 E2)
case E1 = (X’.E’) and E2 = (X’’.E’’):
5.1. (E1 E2) [X’ Ã(X’’.E’’) ] E’ by A1
case E1 = (X’.E’) and E2 F:
5.1. E2 E’2 by IH({},E2) with (4) and E2 F
5.2. (E1 E2) (E1 E’2) by A2 with (5.1)
case E1 F :
5.1. E1 E’1 by IH({},E1) with (4) and E1 F
5.2. (E’1 E2) (E’1 E2) by A3 with (5.1)
Summary
Soundness Theorem:If {} ` E ok and E * E’ then :stuck(E’)
Preservation Lemma: If {} ` E ok and E E’ then {} ` E’ ok
Progress Lemma:If {} ` E ok then (steps(E) or isFinal(E))
Substitution Lemma:If [ {X} ` E ok and {} ` E’ ok then
` [XÃE’]E ok
Summary
• Soundness follows from Preservation and Progress by induction on the ?? relation– Soundness means well formed programs
don’t get “stuck”
Summary
• Soundness follows from Preservation and Progress by induction on the * relation– Soundness means well formed programs
don’t get “stuck”
Summary
• Soundness follows from Preservation and Progress by induction on the * relation– Soundness means well formed programs
don’t get “stuck”
• Preservation follows by induction on the ?? relation
Summary
• Soundness follows from Preservation and Progress by induction on the * relation– Soundness means well formed programs
don’t get “stuck”
• Preservation follows by induction on the relation
Summary
• Soundness follows from Preservation and Progress by induction on the * relation– Soundness means well formed programs
don’t get “stuck”
• Preservation follows by induction on the relation
• Progress follows by induction on the wellformedness relation ??
Summary
• Soundness follows from Preservation and Progress by induction on the * relation– Soundness means well formed programs
don’t get “stuck”
• Preservation follows by induction on the relation
• Progress follows by induction on the wellformedness relation ( ` E ok)
Lesson Learned
• High-level structure of soundness proof– All soundness for SOS semantics proofs are
basically the same – The details vary in small but important ways
• Proofs are straightforward but tedious – Details easy to get confused if not organized
• Someone ought to automate these proofs or at least their checking – See Twelf, Coq, Isabella/HOL … etc.