Tute (Completed) (Week 4)

1:

For example, this program: \[\begin{array}{l} \mathbf{var}\;x\;\cdot \\ \mathbf{if}\;1\;\mathbf{then}\\ \quad x:=1\\ \mathbf{else}\\ \quad \mathbf{skip}\\ \mathbf{fi}; \\ x := x + 1 \end{array} \]

We know that the else-branch will never be taken, but the \(\mathbf{ok}\) judgement doesn't take this into account.

2:

Under all of these semantics, we know that no variable is ever read or written outside its scope.

Under crash-and-burn semantics, an \(\mathbf{ok}\) program will never have execution aborted by accessing an uninitialised variable.

Under junk data semantics, an \(\mathbf{ok}\) program will have deterministic evaluation.

3:

"No variable used outside its scope" can be stated syntactically as follows:

\[\mathit{FV}(s) = \emptyset\]

Semantically, we can say, e.g., that the result of evaluation doesn't depend on any of the free variables in the state:

\[\forall \sigma,\sigma',x. (\sigma,s) \Downarrow \sigma' \;\Rightarrow\; (\sigma|_x,s) \Downarrow \sigma'|_x\]

Deterministic evaluation can be stated as follows:

\[\forall \sigma_1,\sigma_2,\sigma_3.\;(\sigma_1,s) \Downarrow \sigma_2 \;\wedge\; (\sigma_1,s) \Downarrow \sigma_3 \;\Rightarrow\; \sigma_2 = \sigma_3\]

To say "no aborts due to uninitialised variables", it would be tempting to say that \(s\) will evaluate to something:

\[\forall \sigma. \exists \sigma'. (\sigma,s) \Downarrow \sigma'\]

Unfortunately, this doesn't quite work. The reason is that there are \(\mathbf{ok}\) programs that do not evaluate to any state, because they run forever (diverge). For example, we have

\[\forall \sigma,\sigma'. \neg((\sigma,\mathbf{while}\ 1\ \mathbf{do}\ \mathbf{skip}\ \mathbf{od}) \Downarrow \sigma')\]

This means that our big-step semantics is not adequate here, because it cannot distinguish divergence from failure.

If we had a small-step semantics \(\mapsto\) for TinyImp, we could state our desired property as follows: for all \(\sigma\), every maximal trace starting from \((\sigma,s)\) is complete.

We show only the \(\Rightarrow\) direction. The \(\Leftarrow\) direction is similar.

Assume \((\sigma_1, (s_1;s_2);s_3) \Downarrow \sigma_2\). We proceed by case analysis on the derivation of this judgement. The only rule that is applicable is the sequential composition rule, which means there must exists a \(\sigma_3\) such that

\[(\sigma_1, s_1;s_2) \Downarrow \sigma_3 \qquad (1)\]

and

\[(\sigma_3, s_3) \Downarrow \sigma_2 \qquad (2)\]

Further case analysis on the derivation of (1) yields that there must exists \(\sigma_4\) such that

\[(\sigma_1, s_1) \Downarrow \sigma_4 \qquad (3)\]

and

\[(\sigma_4, s_2) \Downarrow \sigma_3 \qquad (4)\]

We can then complete the proof by constructing the following derivation:

\[ \dfrac {\dfrac{}{(\sigma_1, s_1) \Downarrow \sigma_4}(2) \quad \dfrac{ \dfrac {} {(\sigma_4, s_2) \Downarrow \sigma_3}(3) \quad \dfrac {} {(\sigma_3, s_3) \Downarrow \sigma_2}(4) } {(\sigma_1, s_2;s_3) \Downarrow \sigma_2} } {(\sigma_1, s_1;(s_2;s_3)) \Downarrow \sigma_2} \]

1:

\[ \dfrac{ (\sigma_1, s) \Downarrow \sigma_2 \quad \sigma_2 \vdash e \Downarrow v \quad v \neq 0 }{ (\sigma_1, \mathbf{do}\ s\ \mathbf{until}\ e) \Downarrow \sigma_2 } \]

\[ \dfrac{ (\sigma_1, s) \Downarrow \sigma_2 \quad \sigma_2 \vdash e \Downarrow 0 \quad (\sigma_2, \mathbf{do}\ s\ \mathbf{until}\ e) \Downarrow \sigma_3 }{ (\sigma_1, \mathbf{do}\ s\ \mathbf{until}\ e) \Downarrow \sigma_3 } \] 2:

\[ \mathbf{do}\ s\ \mathbf{until}\ e \equiv s; \mathbf{while}\ \neg e\ \mathbf{do}\ s\ \mathbf{od}\]

3:

\[ \dfrac{ \dfrac{ }{\{ \varphi \}\ s\ \{ \varphi \}}\quad \dfrac{ \dfrac{ \dfrac{ \dfrac{}{\{ \varphi \}\ s\ \{ \varphi \} } }{ \{ \varphi \land \neg e \}\ s\ \{ \varphi \} }\text{Con} }{\{ \varphi \}\ \mathbf{while}\ \neg e\ \mathbf{do}\ s\ \mathbf{od}\ \{ \varphi \land \neg (\neg e) \}}\text{Loop} }{\{ \varphi \}\ \mathbf{while}\ \neg e\ \mathbf{do}\ s\ \mathbf{od}\ \{ \varphi \land e \}}\text{Con} }{\{ \varphi \}\ s; \mathbf{while}\ \neg e\ \mathbf{do}\ s\ \mathbf{od}\ \{ \varphi \land e \} }\text{Seq} \]