Inductive Definitions

1
Inductive Definitions

• COS 510
• David Walker

2
Inductive Definitions

• Inductive definitions play a central role in the
  study of programming languages
• They specify the following aspects of a language
• Concrete syntax (via CFGs)
• Abstract syntax (via CFGs/ML datatypes)
• Static semantics (via typing rules)
• Dynamic semantics (via evaluation rules)

3
Reading

• Read Pierces Text
• Chapter 2 (skim definitions understand 2.4)
• we will use sets, relations, functions, sequences
• you should know basics such as mathematical
  induction, reflexivity, transitivity, symmetry,
  total and partial orders, domains and ranges of
  functions, etc.
• Chapter 3

4
Inductive Definitions

• An inductive definition consists of
• One or more judgments (ie assertions)
• A set of rules for deriving these judgments
• For example
• Judgment is n nat
• Rules
• zero nat
• if n nat, then succ(n) nat.

5
Inference Rule Notation

• Inference rules are normally written as
• where J and J1,..., Jn are judgements. (For
  axioms, n 0.)

J1 ... Jn J
6
An example

• For example, the rules for deriving n nat are
  usually written

zero nat
n nat succ(n) nat
7
Derivation of Judgments

• A judgment J is derivable iff either
• there is an axiom
• or there is a rule
• such that J1, ..., Jn are derivable

J
J1 ... Jn J
8
Derivation of Judgments

• We may determine whether a judgment is derivable
  by working backwards.
• For example, the judgment
• succ(succ(zero)) nat
• is derivable as follows

optional names of rules used at each step
a derivation (ie a proof)
(zero)
zero nat succ(zero)
nat succ(succ(zero)) nat
(succ)
(succ)
9
Binary Trees

• Here is a set of rules defining the judgment t
  tree stating that t is a binary tree
• Prove that the following is a valid judgment
• node(empty, node(empty, empty)) tree

t1 tree t2 tree node (t1, t2) tree
empty tree
10
Rule Induction

• By definition, every derivable judgment
• is the consequence of some rule...
• whose premises are derivable
• That is, the rules are an exhaustive description
  of the derivable judgments
• Just like an ML datatype definition is an
  exhaustive description of all the objects in the
  type being defined

11
Rule Induction

• To show that every derivable judgment has a
  property P, it is enough to show that
• For every rule,
• if J1, ..., Jn have the property P, then J has
  
• property P
• This is the principal of rule induction.

J1 ... Jn J
12
Example Natural Numbers

• Consider the rules for n nat
• We can prove that the property P holds of every n
  such that n nat by rule induction
• Show that P holds of zero
• Assuming that P holds of n, show that P holds of
  succ(n).
• This is just ordinary mathematical induction!!

13
Example Binary Tree

• Similarly, we can prove that every binary tree t
  has a property P by showing that
• empty has property P
• If t1 has property P and t2 has property P, then
  node(t1, t2) has property P.
• This might be called tree induction.

14
Example The Height of a Tree

• Consider the following equations
• hgt(empty) 0
• hgt(node(t1, t2)) 1 max(hgt(t1), hgt(t2))
• Claim for every binary tree t there exists a
  unique integer n such that hgt(t) n.
• That is, the above equations define a function.

15
Example The Height of a Tree

• We will prove the claim by rule induction
• If t is derivable by the axiom
• then n 0 is determined by the first equation
• hgt(empty) 0
• is it unique? Yes.

empty tree
16
Example The Height of a Tree

• If t is derivable by the rule
• then we may assume that
• exists a unique n1 such that hgt(t1) n1
• exists a unique n2 such that hgt(t2) n2
• Hence, there exists a unique n, namely
• 1max(n1, n2)
• such that hgt(t) n.

t1 tree t2 tree node (t1, t2) tree
17
Example The Height of a Tree

• This is awfully pedantic, but it is useful to see
  the details at least once.
• It is not obvious a priori that a tree has a
  well-defined height!
• Rule induction justified the existence of the
  function hgt.
• It is obvious from the equations that there is
  at most one n such that hgt(t) n. The proof
  shows that there exists at least one.

18
Inductive Definitions in PL

• In this course, we will be looking at inductive
  definitions that determine
• abstract syntax
• static semantics (typing)
• dynamic semantics (evaluation)
• other properties of programs and programming
  languages

19
Inductive Definitions

• First up Syntax

20
Abstract vs Concrete Syntax

• the concrete syntax of a program is a string of
  characters
• ( 3 2 ) 7
• the abstract syntax of a program is a tree
  representing the computationally relevant portion
  of the program

7
3
2
21
Abstract vs Concrete Syntax

• the concrete syntax of a program contains many
  elements necessary for parsing
• parentheses
• delimiters for comments
• rules for precedence of operators
• the abstract syntax of a program is much simpler
  it does not contain these elements
• precedence is given directly by the tree
  structure

22
Abstract vs Concrete Syntax

• in this class, we work with abstract syntax
• we want to define what programs mean
• will work with the simple ASTs
• nevertheless, we need a notation for writing down
  abstract syntax trees
• when we write (3 2) 7, you should visualize
  the tree

7
3
2
23
Arithmetic Expressions, Informally

• Informally, an arithmetic expression e is
• a boolean value
• an if statement (if e1 then e2 else e3)
• the number zero
• the successor of a number
• the predecessor of a number
• a test for zero (isZero e)

24
Arithmetic Expressions, Formally

• An arithmetic expression e is
• a boolean value
• an if statement (if e1 then e2 else e3)

true exp
false exp
t1 exp t2 exp t3 exp if t1 then t2 else
t3 exp
25
Arithmetic Expressions, formally

• An arithmetic expression e is
• a boolean, an if statement, a zero, a successor,
  a predecessor or a 0 test

e1 exp e2 exp e3 exp if e1 then e2 else
e3 exp
true exp
false exp
e exp succ e exp
e exp pred e exp
e exp iszero e exp
zero exp
26
BNF

• Defining every bit of syntax by inductive
  definitions can be lengthy and tedious
• Syntactic definitions are an especially simple
  form of inductive definition
• context insensitive
• unary predicates
• There is a very convenient abbreviation BNF

27
Arithmetic Expressions, in BNF

• e true false if e then e else e
• 0 succ e pred e iszero e

pick a new letter (Greek symbol/word) to
represent any object in the set of objects being
defined
separates alternatives (7 alternatives implies
7 inductive rules)
subterm/ subobject is any e object
28
An alternative definition

• b true false
• e b if e then e else e
• 0 succ e pred e iszero e

corresponds to two inductively defined judgements
2. e exp
1. b bool
b bool b exp
the key rule is an inclusion of booleans in
expressions
29
Metavariables

• b true false
• e b if e then e else e
• 0 succ e pred e iszero e

• b and e are called metavariables
• they stand for classes of objects, programs, and
  other things
• they must not be confused with program variables

30
2 Functions defined over Terms
constants(true) true constants (false)
false constants (0) 0 constants(succ e)
constants(pred e) constants(iszero e)
constants e constants (if e1 then e2 else e3)
Ui1-3 (constants ei)
size(true) 1 size(false) 1 size(0)
1 size(succ e) size(pred e) size(iszero e)
size e 1 size(if e1 then e2 else e3) Ui1-3
(size ei) 1
31
A Lemma

• The number of distinct constants in any
  expression e is no greater than the size of e
• constants e size e
• How to prove it?

32
A Lemma

• The number of distinct constants in any
  expression e is no greater than the size of e
• constants e size e
• How to prove it?
• By rule induction on the rules for e exp
• More commonly called induction on the structure
  of e
• a form of structural induction

33
Structural Induction

• Suppose P is a predicate on expressions.
• structural induction
• for each expression e, we assume P(e) holds for
  each subexpression e of e and go on to prove
  P(e)
• result we know P(e) for all expressions e
• youll use this idea every single week in the
  rest of the course.

34
Back to the Lemma

• The number of distinct constants in any
  expression e is no greater than the size of e
• constants e size e
• Proof
• By induction on the structure of e.
• case e is 0, true, false ...
• case e is succ e, pred e, iszero e ...
• case e is (if e1 then e2 else e3) ...

always state method first
separate cases (1 case per rule)
35
The Lemma

• Lemma constants e size e
• Proof ...
• case e is 0, true, false
• constants e e (by def of
  constants)
• 1
  (simple calculation)
• size e (by def
  of size)

2-column proof
justification
calculation
36
A Lemma

• Lemma constants e size e
• ...
• case e is pred e
• constants e constants e (def of
  constants)
• size e
  (IH)
• lt size e (by def
  of size)

37
A Lemma

• Lemma constants e size e
• ...
• case e is (if e1 then e2 else e3)
• constants e Ui1..3 constants ei
  (def of constants)
• Sumi1..3 constants
  ei (property of sets)
• Sumi1..3 (size ei) (IH on each
  ei)
• lt size e (def of size)

38
A Lemma

• Lemma constants e size e
• ...
• other cases are similar. QED

this had better be true
use Latin to show off ?
39
A Lemma

• In reality, this lemma is so simple that you
  might not bother to write down all the details
• By induction on the structure of e. is a
  sufficient statement
• BUT, when you omit the details of a proof, you
  had better be sure it is trivial!
• when in doubt, present the details.
• NEVER hand-wave through a proof
• it is better to admit you dont know then to fake
  it
• if you cannot do part of the proof for homework,
  explicitly state the part of the proof that fails
  (if I had lemma X here, then ...)

40
What is a proof?

• A proof is an easily-checked justification of a
  judgment (ie a theorem)
• different people have different ideas about what
  easily-checked means
• the more formal a proof, the more
  easily-checked
• in this class, we have a pretty high bar
• If there is one thing youll learn in this class,
  it is how to write a proof!

41
Inductive Definitions

• Next up Evaluation

42
Evaluation

• There are many different ways to formalize the
  evaluation of expressions
• In this course we will use different sorts of
  operational semantics
• direct expression of how an interpreter works
• can be implemented in ML directly
• easy to prove things about
• scales up to complete languages easily

43
Values

• A value is an object that has been completely
  evaluated
• The values in our language of arithmetic
  expressions are
• v true false zero succ v
• These values are a subset of the expressions
• By calling succ v a value, were treating succ
  v like a piece of data succ v is not function
  application
• succ zero is a value that represents 1
• succ (succ zero) is the value that represents 2
• we are counting in unary
• Remember, there is an inductive definition behind
  all this

44
Defining evaluation

• single-step evaluation judgment
• e ? e
• in English, we say expression e evaluates to e
  in a single step

45
Defining evaluation

• single-step evaluation judgment
• e ? e
• evaluation rules for booleans

if true then e2 else e3 ?
e2
if false then e2 else e3 ?
e3
46
Defining evaluation

• single-step evaluation judgment
• e ? e
• evaluation rules for booleans

if true then e2 else e3 ?
e2
if false then e2 else e3 ?
e3
what if the first position in the if is not
true or false?
47
Defining evaluation

• single-step evaluation judgment
• e ? e
• evaluation rules for booleans

rules like this do the real work
if true then e2 else e3 ?
e2
if false then e2 else e3 ?
e3
a search rule
e1 ? e1 if e1 then e2
else e3 ? if e1 then e2 else e3
48
Defining evaluation

• single-step evaluation judgment
• e ? e
• evaluation rules for numbers

e ? e succ e ? succ e
e ? e pred e ? pred e
e ? e iszero e ? iszero e
iszero (succ v) ? false
pred (succ v) ? v
iszero (zero) ? true
49
Defining evaluation

• single-step evaluation judgment
• e ? e
• other evaluation rules
• there are none!
• Consider the term iszero true
• We call such terms stuck
• They arent values, but no rule applies
• They are nonsensical programs
• An interpreter for our language will either raise
  an exception when it tries to evaluate a stuck
  program or maybe do something random or even
  crash!
• It is a bad scene.

50
Defining evaluation

• Multistep evaluation e ? e
• In English e evaluates to e in some number of
  steps (possibly 0)

e ? e
(reflexivity)
e ? e e ? e e ? e
(transitivity)
51
Single-step Induction

• We have defined the evaluation rules inductively,
  so we get a proof principle
• Given a property P of the single-step rules
• For each rule
• we get to assume P(ei ? ei) for i 1..k and
  must prove the conclusion P(e ? e)
• Result we know P(e ? e) for all valid judgments
  with the form e ? e
• called induction on the structure of the
  operational semantics

e1 ? e1 .... ek ? ek e ? e
52
Multi-step Induction

• Given a property P of the multi-step rules
• For each rule
• we get to assume P(ei ? ei) for i 1..k and
  must prove the conclusion P(e ? e)

e1 ? e1 .... ek ? ek e ?
e
53
Multi-step Induction

• In other words, given a property P of the
  multi-step rules
• we must prove
• P(e ? e)
• P(e ? e) when
• and we get to assume P(e ? e) and (of course)
  any properties we have proven already of the
  single step relation e ? e
• this means, to prove things about multi-step
  rules, we normally first need to prove a lemma
  about the single-step rules

e ? e e ? e e ? e
54
A Theorem

• Remember the function size(e) from earlier
• Theorem if e ? e then size(e) lt size(e)
• Proof ?

55
A Theorem

• Remember the function size(e) from earlier
• Theorem if e ? e then size(e) lt size(e)
• Proof By induction on the structure of the
  multi-step operational rules.

56
A Theorem

• Remember the function size(e) from earlier
• Theorem if e ? e then size(e) lt size(e)
• Proof By induction on the structure of the
  multi-step operational rules.
• consider the transitivity rule
• ... we are going to need a similar property of
  the single step evaluation function

e ? e e ? e e ? e
57
A Lemma

• Lemma if e ? e then size(e) lt size(e)
• Proof ?

58
A Lemma

• Lemma if e ? e then size(e) lt size(e)
• Proof By induction on the structure of the
  multi-step operational rules.
• one case for each rule, for example
• case
• case

e ? e succ e ? succ e
pred (succ v) ? v
59
A Lemma

• Once we have proven the lemma, we can then prove
  the theorem
• Theorem if e ? e then size(e) lt size(e)
• When writing out a proof, always write lemmas in
  order to make it clear there is no circularity in
  the proof!
• The consequence of our theorem evaluation always
  terminates
• our properties are starting to get more useful!

60
Summary

• Everything in this class will be defined using
  inductive rules
• These rules give rise to inductive proofs
• How to succeed in this class
• Dave how do we prove X?
• Student by induction on the structure of Y.

thats the only tricky part