mirror of
https://github.com/janishutz/eth-summaries.git
synced 2026-04-28 16:19:23 +02:00
[FMFP] Big and small step semantics, equivalence theorem
This commit is contained in:
+17
@@ -0,0 +1,17 @@
|
||||
\newpage
|
||||
\subsubsection{Small-Step semantics}
|
||||
\paragraph{Structural Operational Semantics (SOS)}
|
||||
Expressing each individual steps of execution allows one to express the \bi{order of execution} of these steps,
|
||||
thus allowing us to describe properties of non-terminating programs and parallelization.
|
||||
|
||||
$\gamma$ is used as the meta-variable for terminal and non-terminal configurations.
|
||||
For the transitions, we denote the relation $\rightarrow_1$, which can have two forms:
|
||||
\begin{itemize}
|
||||
\item $\langle s, \sigma \rangle \rightarrow_1 \langle s', \sigma' \rangle$ is for any non-complete computation,
|
||||
where the next computation is expressed by the intermediate configuration $\langle s', \sigma' \rangle$
|
||||
\item $\langle s, \sigma \rangle \rightarrow_1 \sigma'$ is the final execution that reaches a terminal state.
|
||||
\end{itemize}
|
||||
|
||||
Finally, a transition $\langle s, \sigma \rangle \rightarrow_1 \gamma$ describes the \bi{first step} of the execution of $s$ in state $\sigma$.
|
||||
|
||||
A non-terminal configuration $\langle s, \sigma \rangle$ is \bi{stuck}, if there does not exist a configuration $\gamma$ such that $\langle s, \sigma \rangle \rightarrow_1 \gamma$.
|
||||
+56
@@ -0,0 +1,56 @@
|
||||
\subparagraph{The rules}
|
||||
\[
|
||||
\begin{prooftree}
|
||||
\infer0[\textsc{Skip}$_{SOS}$]{\langle \texttt{skip}, \sigma \rangle \rightarrow_1 \sigma}
|
||||
\end{prooftree}
|
||||
\qquad
|
||||
\begin{prooftree}
|
||||
\infer0[\textsc{Ass}$_{SOS}$]{\langle x := e, \sigma \rangle \rightarrow_1 \sigma[x \mapsto \cA\llbracket e \rrbracket \sigma ]}
|
||||
\end{prooftree}
|
||||
\]
|
||||
|
||||
\shade{gray}{Sequential Composition} $s;s'$ ($s$ is executed in state $\sigma$, then $s'$ in resulting $\sigma'$, resulting in $\sigma''$).
|
||||
Then, either $s$ executes completely in one step (\textsc{Seq1}), or does not (\textsc{Seq2}).
|
||||
\[
|
||||
\begin{prooftree}
|
||||
\hypo{\langle s, \sigma \rangle \rightarrow_1 \sigma'}
|
||||
\infer1[\textsc{Seq1}$_{SOS}$]{\langle s;s', \sigma \rangle \rightarrow_1 \langle s', \sigma' \rangle}
|
||||
\end{prooftree}
|
||||
\qquad
|
||||
\begin{prooftree}
|
||||
\hypo{\langle s', \sigma' \rangle \rightarrow_1 \langle s'', \sigma' \rangle}
|
||||
\infer1[\textsc{Seq2}$_{SOS}$]{\langle s;s', \sigma \rangle \rightarrow_1 \langle s'';s', \sigma' \rangle}
|
||||
\end{prooftree}
|
||||
\]
|
||||
|
||||
\shade{gray}{Conditional Statements} $\texttt{if}\; b \; \texttt{then} \; s \; \texttt{else} \; s' \; \texttt{end}$ (If $b$ holds, execute $s$, otherwise execute $s'$)
|
||||
\[
|
||||
\begin{prooftree}
|
||||
\infer0[\textsc{IfT}$_{SOS}$]{\langle \texttt{if}\; b \; \texttt{then} \; s \; \texttt{else} \; s' \; \texttt{end}, \sigma \rangle \rightarrow_1 \langle s', \sigma' \rangle}
|
||||
\end{prooftree}
|
||||
\qquad
|
||||
\begin{prooftree}
|
||||
\infer0[\textsc{IfF}$_{SOS}$]{\langle \texttt{if}\; b \; \texttt{then} \; s \; \texttt{else} \; s' \; \texttt{end}, \sigma \rangle \rightarrow_1 \langle s', \sigma' \rangle}
|
||||
\end{prooftree}
|
||||
\]
|
||||
Where the first rule applies if $\cB\llbracket b \rrbracket \sigma = \texttt{tt}$. Below a further two rules for the true case:
|
||||
\[
|
||||
\begin{prooftree}
|
||||
\hypo{\langle s, \sigma \rangle \rightarrow_1 \sigma'}
|
||||
\infer1[\textsc{IfT1}$_{SOS}$]{\langle \texttt{if}\; b \; \texttt{then} \; s \; \texttt{else} \; s' \; \texttt{end}, \sigma \rangle \rightarrow_1 \sigma'}
|
||||
\end{prooftree}
|
||||
\qquad
|
||||
\begin{prooftree}
|
||||
\hypo{\langle s, \sigma \rangle \rightarrow_1 \langle s'', \sigma' \rangle}
|
||||
\infer1[\textsc{IfT2}$_{SOS}$]{\langle \texttt{if}\;b \; \texttt{then} \; s \; \texttt{else} \; s' \; \texttt{end}, \sigma \rangle \rightarrow_1 \langle s''', \sigma' \rangle}
|
||||
\end{prooftree}
|
||||
\]
|
||||
|
||||
|
||||
\shade{gray}{Loop statements} $\texttt{while} \; b \; \texttt{do} \; s \; \texttt{end}$ (If $b$ holds, execute $s$ once, whole statement executed in resulting state $\sigma$)
|
||||
\[
|
||||
\begin{prooftree}
|
||||
\infer0[\textsc{While}$_{SOS}$]{\langle \texttt{while} \; b \; \texttt{do} \; s \; \texttt{end}, \sigma \rangle \rightarrow_1
|
||||
\langle \texttt{if} \; b \; \texttt{then} \; s; \; \texttt{while} \; b \; \texttt{do} \; s \; \texttt{end else skip end}, \sigma \rangle}
|
||||
\end{prooftree}
|
||||
\]
|
||||
+22
@@ -0,0 +1,22 @@
|
||||
\paragraph{Multi-Step Execution}
|
||||
We use the definitions we have to define a \bi{$k$-step execution}, denoted $\gamma \rightarrow_1^k \gamma'$.
|
||||
Of course, this means intuitively that there is an execution of exactly $k$ steps from $\gamma$ to $\gamma'$.
|
||||
|
||||
We define the relation inductively over $k$:
|
||||
\begin{itemize}
|
||||
\item $\gamma \rightarrow_1^0 \gamma'$ if and only if $\gamma = \gamma'$
|
||||
\item $\gamma \rightarrow_1^k \gamma'$ if and only if there exists $\gamma''$ such that both $\vdash \gamma \rightarrow_1$ and $\gamma'' \rightarrow_1^{k - 1} \gamma'$
|
||||
\end{itemize}
|
||||
Resulting from this, $\gamma \rightarrow_1^{k_1 + k_2} \gamma'$ if and only if $\exists \gamma'' . \gamma \rightarrow_1^{k_1} \gamma'' \land \gamma'' \rightarrow_1^{k_2} \gamma'$
|
||||
|
||||
We write $\gamma \rightarrow_1^* \gamma'$ to signify that there is an execution from $\gamma$ to $\gamma'$ in some finite number of steps, or more formally:
|
||||
\[
|
||||
\exists k. \gamma \rightarrow_1^k \gamma'
|
||||
\]
|
||||
|
||||
|
||||
\paragraph{Derivation Sequences}
|
||||
\inlinedefinition A \bi{derivation sequence} is a non-empty sequence of configurations $\gamma_0, \ldots$, for which $\gamma_i \rightarrow_1^1 \gamma_{i + 1}$ for each $0 \leq i$,
|
||||
such that $i + 1$ is in the range of the sequence. If the sequence is finite, then the last configuration in the sequence is either a terminal or stuck configuration.
|
||||
|
||||
The \bi{length} of the derivation sequence is the number of transitions (thus number of states minus one!)
|
||||
+10
@@ -0,0 +1,10 @@
|
||||
\paragraph{Termination}
|
||||
\inlinetheorem The execution of a statement $s$ in a state $\sigma$
|
||||
\begin{itemize}
|
||||
\item \bi{terminates} if and only if there is a finite derivation sequence starting with $\langle s, \sigma \rangle$
|
||||
\item \bi{runs forever} if and only if there is an infinite derivation sequence starting with $\langle s, \sigma \rangle$
|
||||
\end{itemize}
|
||||
|
||||
\inlinetheorem The execution of statement $s$ in state $\sigma$ \bi{terminates} successfully, if and only if $\exists \sigma'. \langle s, \sigma \rangle \rightarrow^*_1 \sigma'$
|
||||
|
||||
Of note is that these are properties of \bi{configurations} and not just statements.
|
||||
+6
@@ -0,0 +1,6 @@
|
||||
\paragraph{Proving properties of Derivation Sequences}
|
||||
For reasoning about finite derivation sequences, we commonly reason about a multi-step execution $\gamma \rightarrow_1^k \gamma'$
|
||||
by \bi{strong induction on the number of steps $k$}, where we define $P(k) \equiv$ ``for all executions of length k, our property holds'' and we prove $P(k)$ for arbitrary $k$
|
||||
with the \bi{induction hypothesis} $\forall k' < k. P(k')$ holds
|
||||
|
||||
After the setup, it \textit{often} proceeds by case distinction on the $0$ step and the other steps
|
||||
+16
@@ -0,0 +1,16 @@
|
||||
\paragraph{Semantic Equivalence and Determinism}
|
||||
\inlinedefinition Under the small-step semantics, two statements $s_1$ and $s_2$ are \bi{semantically equivalent} if for all states $\sigma$ both:
|
||||
\begin{itemize}
|
||||
\item for all stuck or terminal configurations $\gamma$ we have $\langle s_1, \sigma \rangle \rightarrow_1^* \gamma$ if and only if
|
||||
$\langle s_2, \sigma \rangle \rightarrow_1^* \gamma$, and
|
||||
\item there is and infinite derivation sequence starting in $\langle s_1, \sigma \rangle$ if and only if there is one starting in $\langle s_2, \sigma \rangle$
|
||||
\end{itemize}
|
||||
|
||||
\inlinelemma The small-step semantics of IMP is \bi{deterministic}. That is:
|
||||
\[
|
||||
\forall s, \sigma, \gamma, \gamma'. \vdash \langle s, \sigma \rangle \rightarrow_1 \gamma
|
||||
\land \vdash \langle s, \gamma \rangle \rightarrow_1 \gamma'
|
||||
\implies \gamma = \gamma'
|
||||
\]
|
||||
|
||||
\inlinecorollary There is exactly one derivation sequence starting in configuration $\langle s, \sigma \rangle$
|
||||
+67
@@ -0,0 +1,67 @@
|
||||
\paragraph{Extensions of IMP}
|
||||
|
||||
\subparagraph{Local Variable Declarations}
|
||||
As already partially established in Section \ref{sec:big-step-local-var}, the steps to define a local variable are (for \texttt{var x:=e in s end}):
|
||||
\begin{multicols}{3}
|
||||
\begin{enumerate}
|
||||
\item Assign $e$ to $x$
|
||||
\item Execute $s$ (possibly many steps)
|
||||
\item Restore the initial value of $x$
|
||||
\end{enumerate}
|
||||
\end{multicols}
|
||||
|
||||
Since we need to somehow inject he restore instruction into the statements $s$, we extend the \texttt{Stm} category with a \texttt{restore} statement,
|
||||
defined as \texttt{restore (Var, Val)}.
|
||||
|
||||
With that, we can define the rules:
|
||||
\[
|
||||
\begin{prooftree}
|
||||
\infer0[\textsc{Loc}$_{SOS}$]{\langle \texttt{var x:= e in s end}, \sigma \rangle \rightarrow_1 \langle \texttt{s;restore }(x, \sigma(x)),
|
||||
\sigma[x \mapsto \cA \llbracket e \rrbracket \sigma] \rangle}
|
||||
\end{prooftree}
|
||||
\]
|
||||
\[
|
||||
\begin{prooftree}
|
||||
\infer0[\textsc{Ret}$_{SOS}$]{\langle \texttt{restore }(x, \sigma(x)), \sigma \rangle \rightarrow_1 \sigma[x \mapsto v]}
|
||||
\end{prooftree}
|
||||
\]
|
||||
|
||||
Of course, we could also just model execution stacks, as most languages do.
|
||||
|
||||
|
||||
\subparagraph{Non-determinism}
|
||||
The rules here are analogous to the ones from the big-step rules
|
||||
\[
|
||||
\begin{prooftree}
|
||||
\infer0[\textsc{ND1}$_{SOS}$]{\langle s \bigbox s', \sigma \rangle \rightarrow_1 \langle s, \sigma \rangle}
|
||||
\end{prooftree}
|
||||
\qquad
|
||||
\begin{prooftree}
|
||||
\infer0[\textsc{ND2}$_{SOS}$]{\langle s \bigbox s', \sigma \rangle \rightarrow_1 \langle s, \sigma' \rangle}
|
||||
\end{prooftree}
|
||||
\]
|
||||
|
||||
|
||||
\subparagraph{Parallelism}
|
||||
\[
|
||||
\begin{prooftree}
|
||||
\hypo{\langle s, \sigma \rangle \rightarrow_1 \langle s'', \sigma' \rangle}
|
||||
\infer1[\textsc{Par1}$_{SOS}$]{\langle s \texttt{ par } s', \sigma \rangle \rightarrow_1 \langle s'' \texttt{ par } s', \sigma' \rangle}
|
||||
\end{prooftree}
|
||||
\qquad
|
||||
\begin{prooftree}
|
||||
\hypo{\langle s, \sigma \rangle \rightarrow_1 \sigma'}
|
||||
\infer1[\textsc{Par2}$_{SOS}$]{\langle s \texttt{ par } s', \sigma \rangle \rightarrow_1 \langle s', \sigma' \rangle}
|
||||
\end{prooftree}
|
||||
\]
|
||||
\[
|
||||
\begin{prooftree}
|
||||
\hypo{\langle s', \sigma \rangle \rightarrow_1 \langle s'', \sigma' \rangle}
|
||||
\infer1[\textsc{Par3}$_{SOS}$]{\langle s \texttt{ par } s', \sigma \rangle \rightarrow_1 \langle s \texttt{ par } s'', \sigma' \rangle}
|
||||
\end{prooftree}
|
||||
\qquad
|
||||
\begin{prooftree}
|
||||
\hypo{\langle s', \sigma \rangle \rightarrow_1 \sigma'}
|
||||
\infer1[\textsc{Par4}$_{SOS}$]{\langle s \texttt{ par } s', \sigma \rangle \rightarrow_1 \langle s, \sigma' \rangle}
|
||||
\end{prooftree}
|
||||
\]
|
||||
Reference in New Issue
Block a user