Relating Static and Dynamic Semantics

1
Relating Static and Dynamic Semantics

• COS 441
• Princeton University
• Fall 2004

2
Motivations

• We want to know that when evaluating certain
  well-formed programs certain errors never occur
• Example
• Transition semantics for ?-calculus is stuck
  when applied to expressions with free variables
  in it
• So if E ok then E should never be stuck

3
Formal Statement

• isFinal(e) e 2 F
• steps(e) 9 e. e ? e
• stuck(e) (steps(e) or isFinal(e))
• Soundness Theorem
• If E ok and E ? E then stuck(E)

4
Formal Statement

• isFinal(e) e 2 F
• steps(e) 9 e. e ? e
• stuck(e) (steps(e) or isFinal(e))
• Soundness Theorem
• If E ok and E ? E then
• (steps(E) or isFinal(E))

5
Proof Soundness Theorem

• By induction on derivations of ? with
  Preservation and Progress Lemmas
• Preservation Lemma
• If E ok and E ? E then E ok
• Progress Lemma
• If E ok then (steps(E) or isFinal(E))

6
Warning!!

• The remainder of the lecture consists of a series
  of tedious proofs
• Take that swig of coffee now
• Slides will be on web-site
• Last set of tedious proofs in lecture
• Ill assign them as homework from now on! )
• What we discuss today is a template for
  Assignment 3

7
Proof by Induction over ?

• To show 8 e,e P(e,e) we must show
• case Z IH(E,E)
• case S If E ? E and IH(E,E) then
  IH(E,E)
• IH(e,e) If e ok and e ? e then
• (steps(e) or isFinal(e))

8
Proof Soundness Theorem

• case Z IH(E,E)

9
Proof Soundness Theorem

• case Z If E ok and E ? E then (steps(E)
  or isFinal(E))

10
Proof Soundness Theorem

• case Z (steps(E) or isFinal(E))
• E ok and E ? E by assumption

11
Proof Soundness Theorem

• case Z
• E ok and E ? E by assumption
• 2. (steps(E) or isFinal(E))
• by ??

12
Proof Soundness Theorem

• case Z
• E ok and E ? E by assumption
• 2. (steps(E) or isFinal(E))
• by Progress Lemma with (1)

13
Proof Soundness Theorem

• case S If E ? E and IH(E,E) then
  IH(E,E)

14
Proof Soundness Theorem

• case S IH(E,E)
• 1. E ? E and IH(E,E) by assumption

15
Proof Soundness Theorem

• case S If E ok and E ? E then
• (steps(E) or isFinal(E))
• E ? E and IH(E,E) by assumption

16
Proof Soundness Theorem

• case S (steps(E) or isFinal(E))
• E ? E and IH(E,E) by assumption
• E ok and E ? E by assumption
• E ok by Preservation with (2,1)
• E ? E by inversion of S and (2)
• (steps(E) or isFinal(E))
• by IH with (3, 4)

17
Proof Soundness Theorem

• case S (steps(E) or isFinal(E))
• E ? E and IH(E,E) by assumption
• E ok and E ? E by assumption
• E ok by ?? E ? E by inversion of S
  and (2)
• (steps(E) or isFinal(E))
• by IH with (3, 4)

18
Proof Soundness Theorem

• case S (steps(E) or isFinal(E))
• E ? E and IH(E,E) by assumption
• E ok and E ? E by assumption
• E ok by Preservation with (2,1)
• E ? E by inversion of S and (2)
• (steps(E) or isFinal(E))
• by IH with (3, 4)

19
Proof Soundness Theorem

• case S (steps(E) or isFinal(E))
• E ? E and IH(E,E) by assumption
• E ok and E ? E by assumption
• E ok by Preservation with (2,1)
• E ? E by ??
• (steps(E) or isFinal(E))
• by IH with (3, 4)

20
Proof Soundness Theorem

• case S (steps(E) or isFinal(E))
• E ? E and IH(E,E) by assumption
• E ok and E ? E by assumption
• E ok by Preservation with (2,1)
• E ? E by inversion of S and (2)
• (steps(E) or isFinal(E))
• by IH with (3, 4)

21
Proof Soundness Theorem

• case S
• E ? E and IH(E,E) by assumption
• E ok and E ? E by assumption
• E ok by Preservation with (2,1)
• E ? E by inversion of S and (2)
• (steps(E) or isFinal(E))
• by ??

22
Proof Soundness Theorem

• case S
• E ? E and IH(E,E) by assumption
• E ok and E ? E by assumption
• E ok by Preservation with (2,1)
• E ? E by inversion of S and (2)
• (steps(E) or isFinal(E))
• by IH(E,E) with (3, 4)

23
Notes About our Proof

• Note our Proof works for any single step relation
  (?)
• Specific details of step function factored into
  Progress and Preservation lemmas
• Need to refer to the static and dynamic semantics
  of the step relation to prove Progress and
  Preservation Lemmas

24
Static Semantics for ?-calculus
25
Dynamic Semantics for ?-calculus
26
Proof Preservation Lemma

• Proof by induction on the derivations of E ? E
• case A1 IH(((?X.E1) (?Y.E2)),X Ã (?Y.E2) E1)
• case A2 If IH(E2,E2) then
• IH(((?X.E1) E2)),((?X.E1) E2))
• case A3 If IH(E1,E1) then
• IH((E1 E2)),(E1 E2))
• IH(e,e) If e ok and e ? e then e
  ok

27
Proof Preservation Lemma

• case A1 If ((?X.E1) (?Y.E1)) ok and
  ((?X.E1) (?Y.E1)) ? X Ã (?Y.E2) E1 then
  X Ã (?Y.E2) E1 ok

28
Proof Preservation Lemma

• case A1 X Ã (?Y.E2) E1 ok
• ((?X.E1) (?Y.E2)) ok and ((?X.E1) (?Y.E2))
  ? X Ã (?Y.E2) E1 by assumption
• (?X.E1) ok and (?Y.E2) ok by
  inversion of ok-A and (1)
• X E1 ok by inversion of ok-L and
  (2)
• X Ã (?Y.E2) E1 ok by Substitution
  Lemma with (3) and (2)

29
Proof Preservation Lemma

• case A1 X Ã (?Y.E2) E1 ok
• ((?X.E1) (?Y.E2)) ok and ((?X.E1) (?Y.E2))
  ? X Ã (?Y.E2) E1 by assumption
• (?X.E1) ok and (?Y.E2) ok by ??
• X E1 ok by inversion of ok-L and
  (2)
• X Ã (?Y.E2) E1 ok by Substitution
  Lemma with (3) and (2)

30
Proof Preservation Lemma

• case A1 X Ã (?Y.E2) E1 ok
• ((?X.E1) (?Y.E2)) ok and ((?X.E1) (?Y.E2))
  ? X Ã (?Y.E2) E1 by assumption
• (?X.E1) ok and (?Y.E2) ok by
  inversion of ok-A and (1)
• X E1 ok by inversion of ok-L and
  (2)
• X Ã (?Y.E2) E1 ok by Substitution
  Lemma with (3) and (2)

31
Proof Preservation Lemma

• case A1 X Ã (?Y.E2) E1 ok
• ((?X.E1) (?Y.E2)) ok and ((?X.E1) (?Y.E2))
  ? X Ã (?Y.E2) E1 by assumption
• (?X.E1) ok and (?Y.E2) ok by
  inversion of ok-A and (1)
• X E1 ok by ??
• X Ã (?Y.E2) E1 ok by Substitution
  Lemma with (3) and (2)

32
Proof Preservation Lemma

• case A1 X Ã (?Y.E2) E1 ok
• ((?X.E1) (?Y.E2)) ok and ((?X.E1) (?Y.E2))
  ? X Ã (?Y.E2) E1 by assumption
• (?X.E1) ok and (?Y.E2) ok by
  inversion of ok-A and (1)
• X E1 ok by inversion of ok-L and
  (2)
• X Ã (?Y.E2) E1 ok by Substitution
  Lemma with (3) and (2)

33
Proof Preservation Lemma

• case A1 X Ã (?Y.E2) E1 ok
• ((?X.E1) (?Y.E2)) ok and ((?X.E1) (?Y.E2))
  ? X Ã (?Y.E2) E1 by assumption
• (?X.E1) ok and (?Y.E2) ok by
  inversion of ok-A and (1)
• X E1 ok by inversion of ok-L and
  (2)
• X Ã (?Y.E2) E1 ok by ??

34
Proof Preservation Lemma

• case A1 X Ã (?Y.E2) E1 ok
• ((?X.E1) (?Y.E2)) ok and ((?X.E1) (?Y.E2))
  ? X Ã (?Y.E2) E1 by assumption
• (?X.E1) ok and (?Y.E2) ok by
  inversion of ok-A and (1)
• X E1 ok by inversion of ok-L and
  (2)
• X Ã (?Y.E2) E1 ok by Substitution
  Lemma with (3) and (2)

35
Substitution Lemma

• Proof by induction on the derivations of ? E ok
• If ? X E ok and E ok then
• ? XÃEE ok
• case ok-V
• case ok-L
• case ok-A
• IH(env,e) If env X e ok and E ok
  then env XÃEe ok

36
Substitution

• Proof by induction on the derivations of ? E ok
• If ? X E ok and E ok then
• ? XÃEE ok
• case ok-V If X 2 ? then IH(?,X)
• case ok-L If IH(? X, E) and X ? ? then
  IH(?,(?X.E))
• case ok-A If IH(?,E1) and IH(?,E2) then
  IH(?,(E1 E2))
• IH(env,e) If env X e ok and E ok
  then env XÃEe ok

37
Proof Substitution

• case ok-V
• 1. X 2 ? by assumption
• 2. ? Y X ok and E ok by assumption
• 3. ? YÃEX ok by cases
• case X Y
• 3.1. YÃEX E by def of subst.
• 3.2. ? E ok by (2)
• 3.3. ? YÃEX ok by (3.1) and (3.2)
• case X ? Y
• 3.1. YÃEX X by def of subst.
• 3.2. ? X ok by ok-V and (1)
• 3.3. ? YÃEX ok by (3.1) and (3.2)

38
Proof Substitution

• case ok-L If IH(? X, E) and X ? ? then
  IH(?,(?X.E))

39
Proof Substitution

• case ok-A If IH(?,E1) and IH(?,E2) then
  IH(?,(E1 E2))

40
Proof Preservation Lemma

• case A2 If IH(E2,E2) then
• IH(((?X.E1) E2)),((?X.E1) E2))

41
Proof Preservation Lemma

• case A2 IH(((?X.E1) E2)),((?X.E1) E2))
• IH(E2,E2) by assumption

42
Proof Preservation Lemma

• case A2 If ((?X.E1) E2)) ok and
• ((?X.E1) E2)) ? ((?X.E1) E2) then
  
• ((?X.E1) E2) ok
• IH(E2,E2) by assumption

43
Proof Preservation Lemma

• case A2 ((?X.E1) E2) ok
• IH(E2,E2) by assumption
• ((?X.E1) E2)) ok and
  ((?X.E1) E2)) ? ((?X.E1) E2) by
  assumption
• (?X.E1) ok and E2 ok by
  inversion of ok-A and (2)
• E2 ? E2 by inversion of A2
• E2 ok by IH(E2,E2) with (3) and (4)
• ((?X.E1) E2) ok by ok-A with (3) and
  (5)

44
Proof Preservation Lemma

• case A2 ((?X.E1) E2) ok
• IH(E2,E2) by assumption
• ((?X.E1) E2)) ok and
  ((?X.E1) E2)) ? ((?X.E1) E2) by
  assumption
• (?X.E1) ok and E2 ok by ??
• E2 ? E2 by inversion of A2
• E2 ok by IH(E2,E2) with (3) and (4)
• ((?X.E1) E2) ok by ok-A with (3) and
  (5)

45
Proof Preservation Lemma

• case A2 ((?X.E1) E2) ok
• IH(E2,E2) by assumption
• ((?X.E1) E2)) ok and
  ((?X.E1) E2)) ? ((?X.E1) E2) by
  assumption
• (?X.E1) ok and E2 ok by
  inversion of ok-A and (2)
• E2 ? E2 by inversion of A2
• E2 ok by IH(E2,E2) with (3) and (4)
• ((?X.E1) E2) ok by ok-A with (3) and
  (5)

46
Proof Preservation Lemma

• case A2 ((?X.E1) E2) ok
• IH(E2,E2) by assumption
• ((?X.E1) E2)) ok and
  ((?X.E1) E2)) ? ((?X.E1) E2) by
  assumption
• (?X.E1) ok and E2 ok by
  inversion of ok-A and (2)
• E2 ? E2 by ??
• E2 ok by IH(E2,E2) with (3) and (4)
• ((?X.E1) E2) ok by ok-A with (3) and
  (5)

47
Proof Preservation Lemma

• case A2 ((?X.E1) E2) ok
• IH(E2,E2) by assumption
• ((?X.E1) E2)) ok and
  ((?X.E1) E2)) ? ((?X.E1) E2) by
  assumption
• (?X.E1) ok and E2 ok by
  inversion of ok-A and (2)
• E2 ? E2 by inversion of A2 and (2)
• E2 ok by IH(E2,E2) with (3) and (4)
• ((?X.E1) E2) ok by ok-A with (3) and
  (5)

48
Proof Preservation Lemma

• case A2 ((?X.E1) E2) ok
• IH(E2,E2) by assumption
• ((?X.E1) E2)) ok and
  ((?X.E1) E2)) ? ((?X.E1) E2) by
  assumption
• (?X.E1) ok and E2 ok by
  inversion of ok-A and (2)
• E2 ? E2 by inversion of A2 and (2)
• E2 ok by ??
• ((?X.E1) E2) ok by ok-A with (3) and
  (5)

49
Proof Preservation Lemma

• case A2 ((?X.E1) E2) ok
• IH(E2,E2) by assumption
• ((?X.E1) E2)) ok and
  ((?X.E1) E2)) ? ((?X.E1) E2) by
  assumption
• (?X.E1) ok and E2 ok by
  inversion of ok-A and (2)
• E2 ? E2 by inversion of A2 and (2)
• E2 ok by IH(E2,E2) with (3) and (4)
• ((?X.E1) E2) ok by ok-A with (3) and
  (5)

50
Proof Preservation Lemma

• case A2 ((?X.E1) E2) ok
• IH(E2,E2) by assumption
• ((?X.E1) E2)) ok and
  ((?X.E1) E2)) ? ((?X.E1) E2) by
  assumption
• (?X.E1) ok and E2 ok by
  inversion of ok-A and (2)
• E2 ? E2 by inversion of A2 and (2)
• E2 ok by IH(E2,E2) with (3) and (4)
• ((?X.E1) E2) ok by ??

51
Proof Preservation Lemma

• case A2 ((?X.E1) E2) ok
• IH(E2,E2) by assumption
• ((?X.E1) E2)) ok and
  ((?X.E1) E2)) ? ((?X.E1) E2) by
  assumption
• (?X.E1) ok and E2 ok by
  inversion of ok-A and (2)
• E2 ? E2 by inversion of A2 and (2)
• E2 ok by IH(E2,E2) with (3) and (4)
• ((?X.E1) E2) ok by ok-A with (3) and
  (5)

52
Proof Preservation Lemma

• case A3 If IH(E1,E1) then
• IH(E1 E2)),(E1 E2))

53
Proof Preservation Lemma

• case A3 IH((E1 E2)),((E1 E2))
• IH(E1,E1) by assumption

54
Proof Preservation Lemma

• case A3 If (E1 E2) ok and
• (E1 E2) ? (E1 E2) then (E1
  E2) ok
• IH(E1,E1) by assumption

55
Proof Preservation Lemma

• case A3 (E1 E2) ok
• IH(E1,E1) by assumption
• (E1 E2) ok and (E1 E2) ? (E1 E2) by
  assumption
• E1 ok and E2 ok by inversion of
  ok-A and (2)
• E1 ? E1 by inversion of A3 and (2)
• E1 ok by IH(E1,E1) with (3) and (4)
• (E1 E2) ok
  by ok-A with (5) and (3)

56
Proof Preservation Lemma

• case A3 (E1 E2) ok
• IH(E1,E1) by assumption
• (E1 E2) ok and (E1 E2) ? (E1 E2) by
  assumption
• E1 ok and E2 ok by inversion of
  ok-A and (2)
• E1 ? E1 by inversion of A3 and (2)
• E1 ok by IH(E1,E1) with (3) and (4)
• (E1 E2) ok
  by ok-A with (5) and (3)

57
Proof Preservation Lemma

• case A3 (E1 E2) ok
• IH(E1,E1) by assumption
• (E1 E2) ok and (E1 E2) ? (E1 E2) by
  assumption
• E1 ok and E2 ok by inversion of
  ok-A and (2)
• E1 ? E1 by inversion of A3 and (2)
• E1 ok by IH(E1,E1) with (3) and (4)
• (E1 E2) ok
  by ok-A with (5) and (3)

58
Proof Preservation Lemma

• case A3 (E1 E2) ok
• IH(E1,E1) by assumption
• (E1 E2) ok and (E1 E2) ? (E1 E2) by
  assumption
• E1 ok and E2 ok by inversion of
  ok-A and (2)
• E1 ? E1 by inversion of A3 and (2)
• E1 ok by IH(E1,E1) with (3) and (4)
• (E1 E2) ok
  by ok-A with (5) and (3)

59
Proof Preservation Lemma

• case A3 (E1 E2) ok
• IH(E1,E1) by assumption
• (E1 E2) ok and (E1 E2) ? (E1 E2) by
  assumption
• E1 ok and E2 ok by inversion of
  ok-A and (2)
• E1 ? E1 by inversion of A3 and (2)
• E1 ok by IH(E1,E1) with (3) and (4)
• (E1 E2) ok
  by ok-A with (5) and (3)

60
Progress Lemma

• Proof by induction on the derivations of ? E ok
• case ok-V If X 2 ? then IH(?,X)
• case ok-L If IH(? X, E) and X ? ? then
  IH(?,(?X.E))
• case ok-A If IH(?,E1) and IH(?,E2) then
  IH(?,(E1 E2))
• IH(env,e) If env and env e ok then
  (steps(e) or isFinal(e))

61
Proof Progress Lemma

• case ok-V If X 2 ? then IH(?,X)

62
Proof Progress Lemma

• case ok-V IH(?,X)
• X 2 ? by assumption

63
Proof Progress Lemma

• case ok-V If ? and ? X ok then
• (steps(X) or isFinal(X))
• X 2 ? by assumption

64
Proof Progress Lemma

• case ok-V If ? and X ok then
• (steps(X) or isFinal(X))
• X 2 ? by assumption

65
Proof Progress Lemma

• case ok-V steps(X) or isFinal(X)
• X 2 ? by assumption
• ? and X ok by assumption
• X 2 by (1) and (2)
• (steps(X) or isFinal(X)) by
  contradiction implied by (3)

66
Proof Progress Lemma

• case ok-V steps(X) or isFinal(X)
• X 2 ? by assumption
• ? and X ok by assumption
• X 2 by ??
• (steps(X) or isFinal(X)) by
  contradiction implied by (3)

67
Proof Progress Lemma

• case ok-V steps(X) or isFinal(X)
• X 2 ? by assumption
• ? and X ok by assumption
• X 2 by (1) and (2)
• (steps(X) or isFinal(X)) by
  contradiction implied by (3)

68
Proof Progress Lemma

• case ok-V (steps(X) or isFinal(X))
• X 2 ? by assumption
• ? and X ok by assumption
• X 2 by (2) and invert-ok-V
• steps(X) or isFinal(X) by ??

69
Proof Progress Lemma

• case ok-V (steps(X) or isFinal(X))
• X 2 ? by assumption
• ? and X ok by assumption
• X 2 by (2) and invert-ok-V
• steps(X) or isFinal(X) by
  contradiction implied by (3)

70
Proof Progress Lemma

• case ok-L If IH(? X, E) and X ? ? then
  IH(?,(?X.E))

71
Proof Progress Lemma

• case ok-L IH(?,(?X.E))
• IH(? X, E) and X ? ? by assumption

72
Proof Progress Lemma

• case ok-L If ? and ? (?X.E) ok then
  (steps((?X.E)) or isFinal((?X.E)))
• IH(? X, E) and X ? ? by assumption

73
Proof Progress Lemma

• case ok-L steps((?X.E)) or isFinal((?X.E))
• IH(? X, E) and X ? ? by assumption
• ? and ? (?X.E) ok by assumption
• (?X.E) ok by (2)
• (?X.E) 2 F by definition of F and (3)
• isFinal((?X.E)) by definition of isFinal and
  (4)
• steps((?X.E)) or isFinal((?X.E)) by (5)

74
Proof Progress Lemma

• case ok-L steps((?X.E)) or isFinal((?X.E))
• IH(? X, E) and X ? ? by assumption
• ? and ? (?X.E) ok by assumption
• (?X.E) ok by ??
• (?X.E) 2 F by definition of F and (3)
• isFinal((?X.E)) by definition of isFinal and
  (4)
• steps((?X.E)) or isFinal((?X.E)) by (5)

75
Proof Progress Lemma

• case ok-L steps((?X.E)) or isFinal((?X.E))
• IH(? X, E) and X ? ? by assumption
• ? and ? (?X.E) ok by assumption
• (?X.E) ok by (2)
• (?X.E) 2 F by definition of F and (3)
• isFinal((?X.E)) by definition of isFinal and
  (4)
• steps((?X.E)) or isFinal((?X.E)) by (5)

76
Proof Progress Lemma

• case ok-L steps((?X.E)) or isFinal((?X.E))
• IH(? X, E) and X ? ? by assumption
• ? and ? (?X.E) ok by assumption
• (?X.E) ok by (2)
• (?X.E) 2 F by ??
• isFinal((?X.E)) by definition of isFinal and
  (4)
• steps((?X.E)) or isFinal((?X.E)) by (5)

77
Proof Progress Lemma

• case ok-L steps((?X.E)) or isFinal((?X.E))
• IH(? X, E) and X ? ? by assumption
• ? and ? (?X.E) ok by assumption
• (?X.E) ok by (2)
• (?X.E) 2 F by definition of F and (3)
• isFinal((?X.E)) by definition of isFinal and
  (4)
• steps((?X.E)) or isFinal((?X.E)) by (5)

78
Proof Progress Lemma

• case ok-L steps((?X.E)) or isFinal((?X.E))
• IH(? X, E) and X ? ? by assumption
• ? and ? (?X.E) ok by assumption
• (?X.E) ok by (2)
• (?X.E) 2 F by definition of F and (3)
• isFinal((?X.E)) by ??
• steps((?X.E)) or isFinal((?X.E)) by (5)

79
Proof Progress Lemma

• case ok-L steps((?X.E)) or isFinal((?X.E))
• IH(? X, E) and X ? ? by assumption
• ? and ? (?X.E) ok by assumption
• (?X.E) ok by (2)
• (?X.E) 2 F by definition of F and (3)
• isFinal((?X.E)) by definition of isFinal and
  (4)
• steps((?X.E)) or isFinal((?X.E)) by (5)

80
Proof Progress Lemma

• case ok-L steps((?X.E)) or isFinal((?X.E))
• IH(? X, E) and X ? ? by assumption
• ? and ? (?X.E) ok by assumption
• (?X.E) ok by (2)
• (?X.E) 2 F by definition of F and (3)
• isFinal((?X.E)) by definition of isFinal and
  (4)
• steps((?X.E)) or isFinal((?X.E)) by ??

81
Proof Progress Lemma

• case ok-L steps((?X.E)) or isFinal((?X.E))
• IH(? X, E) and X ? ? by assumption
• ? and ? (?X.E) ok by assumption
• (?X.E) ok by (2)
• (?X.E) 2 F by definition of F and (3)
• isFinal((?X.E)) by definition of isFinal and
  (4)
• steps((?X.E)) or isFinal((?X.E)) by (5)

82
Proof Progress Lemma

• case ok-A If IH(?,E1) and IH(?,E2) then
  IH(?,(E1 E2))

83
Proof Progress Lemma

• case ok-A IH(?,(E1 E2))
• IH(?,E1) and IH(?,E2)

84
Proof Progress Lemma

• case ok-A If ? and ? (E1 E2) ok then
  (steps((E1 E2)) or isFinal((E1 E2)))
• IH(?,E1) and IH(?,E2) by assumption

85
Proof Progress Lemma

• case ok-A steps((E1 E2)) or isFinal((E1 E2))
• IH(?,E1) and IH(?,E2) by assumption
• ? and ? (E1 E2) ok by assumption
• (E1 E2) ok by (2)
• E1 ok and E2 ok by inversion of ok-A
• 9 e. (E1 E2) ? e by induction on (E1 E2) ? e
• steps((E1 E2)) by definition of steps and
  (5)
• 7. steps((E1 E2)) or isFinal((E1 E2)) by (6)

86
Proof Progress Lemma

• case ok-A steps((E1 E2)) or isFinal((E1 E2))
• IH(?,E1) and IH(?,E2) by assumption
• ? and ? (E1 E2) ok by assumption
• (E1 E2) ok by (2)
• E1 ok and E2 ok by inversion of ok-A
• 9 e. (E1 E2) ? e by induction on (E1 E2) ? e
• steps((E1 E2)) by definition of steps and
  (5)
• 7. steps((E1 E2)) or isFinal((E1 E2)) by (6)

87
Proof Progress Lemma

• case ok-A steps((E1 E2)) or isFinal((E1 E2))
• IH(?,E1) and IH(?,E2) by assumption
• ? and ? (E1 E2) ok by assumption
• (E1 E2) ok by (2)
• E1 ok and E2 ok by inversion of ok-A
• 9 e. (E1 E2) ? e by induction on (E1 E2) ? e
• steps((E1 E2)) by definition of steps and
  (5)
• 7. steps((E1 E2)) or isFinal((E1 E2)) by (6)

88
Proof Progress Lemma

• case ok-A steps((E1 E2)) or isFinal((E1 E2))
• IH(?,E1) and IH(?,E2) by assumption
• ? and ? (E1 E2) ok by assumption
• (E1 E2) ok by (2)
• E1 ok and E2 ok by inversion of ok-A
• 9 e. (E1 E2) ? e by cases
• steps((E1 E2)) by definition of steps and
  (5)
• 7. steps((E1 E2)) or isFinal((E1 E2)) by (6)

89
Proof Progress Lemma

• case ok-A steps((E1 E2)) or isFinal((E1 E2))
• IH(?,E1) and IH(?,E2) by assumption
• ? and ? (E1 E2) ok by assumption
• (E1 E2) ok by (2)
• E1 ok and E2 ok by inversion of ok-A
• 9 e. (E1 E2) ? e by cases
• steps((E1 E2)) by definition of steps and
  (5)
• 7. steps((E1 E2)) or isFinal((E1 E2)) by (6)

90
Proof Progress Lemma

• case ok-A steps((E1 E2)) or isFinal((E1 E2))
• IH(?,E1) and IH(?,E2) by assumption
• ? and ? (E1 E2) ok by assumption
• (E1 E2) ok by (2)
• E1 ok and E2 ok by inversion of ok-A
• 9 e. (E1 E2) ? e by cases
• steps((E1 E2)) by definition of steps and
  (5)
• 7. steps((E1 E2)) or isFinal((E1 E2)) by (6)

91
Proof Progress Lemma

• 5. 9 e. (E1 E2) ? e by cases (E1 E2)
• case E1 (?X.E) and E2 (?X.E)
• 5.1. (E1 E2) ? X Ã(?X.E) E by A1
• case E1 (?X.E) and E2 ? F
• 5.1. E2 ? E2 by IH(,E2) with (4) and E2 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by A2 with (5.1)
• case E1 ? F
• 5.1. E1 ? E1 by IH(,E1) with (4) and E1 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by A3 with (5.1)

92
Proof Progress Lemma

• 5. 9 e. (E1 E2) ? e by cases (E1 E2)
• case E1 (?X.E) and E2 (?X.E)
• 5.1. (E1 E2) ? X Ã(?X.E) E by ??
• case E1 (?X.E) and E2 ? F
• 5.1. E2 ? E2 by IH(,E2) with (4) and E2 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by A2 with (5.1)
• case E1 ? F
• 5.1. E1 ? E1 by IH(,E1) with (4) and E1 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by A3 with (5.1)

93
Proof Progress Lemma

• 5. 9 e. (E1 E2) ? e by cases (E1 E2)
• case E1 (?X.E) and E2 (?X.E)
• 5.1. (E1 E2) ? X Ã(?X.E) E by A1
• case E1 (?X.E) and E2 ? F
• 5.1. E2 ? E2 by IH(,E2) with (4) and E2 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by A2 with (5.1)
• case E1 ? F
• 5.1. E1 ? E1 by IH(,E1) with (4) and E1 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by A3 with (5.1)

94
Proof Progress Lemma

• 5. 9 e. (E1 E2) ? e by cases (E1 E2)
• case E1 (?X.E) and E2 (?X.E)
• 5.1. (E1 E2) ? X Ã(?X.E) E by A1
• case E1 (?X.E) and E2 ? F
• 5.1. E2 ? E2 by ??
• 5.2. (E1 E2) ? (E1 E2)
• case E1 ? F
• 5.1. E1 ? E1 by IH(,E1) with (4) and E1 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by A3 with (5.1)

95
Proof Progress Lemma

• 5. 9 e. (E1 E2) ? e by cases (E1 E2)
• case E1 (?X.E) and E2 (?X.E)
• 5.1. (E1 E2) ? X Ã(?X.E) E by A1
• case E1 (?X.E) and E2 ? F
• 5.1. E2 ? E2 by IH(,E2) with (4) and E2 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by ??
• case E1 ? F
• 5.1. E1 ? E1 by IH(,E1) with (4) and E1 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by A3 with (5.1)

96
Proof Progress Lemma

• 5. 9 e. (E1 E2) ? e by cases (E1 E2)
• case E1 (?X.E) and E2 (?X.E)
• 5.1. (E1 E2) ? X Ã(?X.E) E by A1
• case E1 (?X.E) and E2 ? F
• 5.1. E2 ? E2 by IH(,E2) with (4) and E2 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by A2 with (5.1)
• case E1 ? F
• 5.1. E1 ? E1 by IH(,E1) with (4) and E1 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by A3 with (5.1)

97
Proof Progress Lemma

• 5. 9 e. (E1 E2) ? e by cases (E1 E2)
• case E1 (?X.E) and E2 (?X.E)
• 5.1. (E1 E2) ? X Ã(?X.E) E by A1
• case E1 (?X.E) and E2 ? F
• 5.1. E2 ? E2 by IH(,E2) with (4) and E2 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by A2 with (5.1)
• case E1 ? F
• 5.1. E1 ? E1 by ??
• 5.2. (E1 E2) ? (E1 E2)

98
Proof Progress Lemma

• 5. 9 e. (E1 E2) ? e by cases (E1 E2)
• case E1 (?X.E) and E2 (?X.E)
• 5.1. (E1 E2) ? X Ã(?X.E) E by A1
• case E1 (?X.E) and E2 ? F
• 5.1. E2 ? E2 by IH(,E2) with (4) and E2 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by A2 with (5.1)
• case E1 ? F
• 5.1. E1 ? E1 by IH(,E1) with (4) and E1 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by ??

99
Proof Progress Lemma

• 5. 9 e. (E1 E2) ? e by cases (E1 E2)
• case E1 (?X.E) and E2 (?X.E)
• 5.1. (E1 E2) ? X Ã(?X.E) E by A1
• case E1 (?X.E) and E2 ? F
• 5.1. E2 ? E2 by IH(,E2) with (4) and E2 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by A2 with (5.1)
• case E1 ? F
• 5.1. E1 ? E1 by IH(,E1) with (4) and E1 ?
  F
• 5.2. (E1 E2) ? (E1 E2) by A3 with (5.1)

100
Summary

• Soundness Theorem
• If E ok and E ? E then stuck(E)
• Preservation Lemma
• If E ok and E ? E then E ok
• Progress Lemma
• If E ok then (steps(E) or isFinal(E))
• Substitution Lemma
• If ? X E ok and E ok then
• ? XÃEE ok

101
Summary

• Soundness follows from Preservation and Progress
  by induction on the ?? relation
• Soundness means well formed programs dont get
  stuck

102
Summary

• Soundness follows from Preservation and Progress
  by induction on the ? relation
• Soundness means well formed programs dont get
  stuck

103
Summary

• Soundness follows from Preservation and Progress
  by induction on the ? relation
• Soundness means well formed programs dont get
  stuck
• Preservation follows by induction on the ??
  relation

104
Summary

• Soundness follows from Preservation and Progress
  by induction on the ? relation
• Soundness means well formed programs dont get
  stuck
• Preservation follows by induction on the ?
  relation

105
Summary

• Soundness follows from Preservation and Progress
  by induction on the ? relation
• Soundness means well formed programs dont get
  stuck
• Preservation follows by induction on the ?
  relation
• Progress follows by induction on the
  wellformedness relation ??

106
Summary

• Soundness follows from Preservation and Progress
  by induction on the ? relation
• Soundness means well formed programs dont get
  stuck
• Preservation follows by induction on the ?
  relation
• Progress follows by induction on the
  wellformedness relation (? E ok)

107
Lesson Learned

• High-level structure of soundness proof
• All soundness for SOS semantics proofs are
  basically the same
• The details vary in small but important ways
• Proofs are straightforward but tedious
• Details easy to get confused if not organized
• Someone ought to automate these proofs or at
  least their checking
• See Twelf, Coq, Isabella/HOL etc.