A Formally Specified Type System and Operational Semantics for Higher-Order Procedural Variables

A F ormally Sp ecified T yp e System and Op erational Seman tics for Higher-Order Pro cedural V ariables T ristan Crolard and Emman uel Polono wski May 2009 TR–LA CL–2009–3 Lab oratoire d’Algorithmique, Complexit ´ e et Logique (LA CL) D´ epartement d’Informatique Univ ersit´ e Paris 12 – V al de Marne, F acult´ e des Science et T ec hnologie 61, Av en ue du G ´ en ´ eral de Gaulle, 94010 Cr ´ eteil cedex, F rance T el.: (33)(1) 45 17 16 47, F ax: (33)(1) 45 17 66 01 Lab oratory of Algorithmics, Complexity and Logic (LACL) Univ ersit y Paris 12 (Paris Est) T echnical Rep ort TR–LA CL–2009–3 T. Crolard and E. Polono wski. A F ormal ly Sp e cifie d T yp e System and Op er ational Semantics for Higher-Or der Pr o c e dur al V ariables c  T. Crolard and E. Polono wski, Ma y 2009. A F ormally Sp ecified T yp e System and Op erational Seman tics for Higher-Order Pro cedural V ariables T. Crolard and E. P olono wski Ma y 14, 2009 Abstract W e formally sp ecified the type system and op erational seman tics of Lo op ω with Ott and Isabelle/HOL proof assistan t. Moreo ver, both the type system and the seman tics of Lo op ω ha v e b een tested using Isab elle/HOL program extraction facilit y for inductiv ely defined relations. In particular, the program that computes the Ack ermann function t yp e c hec ks and b ehav es as exp ected. The main difference (apart from the choice of an Ada-like concrete syntax) with Lo op ω comes from the treatmen t of parameter passing. Indeed, since Ott do es not curren tly fully supp ort α -con version, w e rephrased the op erational semantics with explicit aliasing in order to implement the out parameter passing mo de. In tro duction W e formally sp ecified the type system and op erational semantics of Lo op ω as describ ed in [CPV09] with Ott [SNO + 07] and Isabelle/HOL pro of assistan t [NPW02]. Moreo ver, both the t yp e system and the semantics of Lo op ω ha v e b een tested using Isab elle/HOL program extraction facilit y for inductiv ely defined relations [BN02]. In particular, the program that computes the Ack ermann function (repro duced b elow) type c hec ks and b ehav es as exp ected. The main difference (apart from the c hoice of an Ada-like concrete syn tax) with the description given in [CPV09] comes from the treatment of parameter passing. Indeed, since Ott do es not currently fully supp ort α -conv ersion, we rephrased the op erational seman tics with explicit aliasing in order to implemen t the out parameter passing mode (instead of a simpler substitution-based semantics as in [CPV09]). On the other hand, the in parameter passing mo de is implemented exactly as in [CPV09] and relies on Ott generated substitution (see the Isab elle/HOL co de given in app endix). Section 1 con tains the description of an Ada-like grammar for Loop ω . W e then presen t the t yp e system in Section 2 and the structural op erational seman tic in section 3. Finally , in the app endix w e include the Isab elle/HOL theory generated b y Ott (all source files are av ailable on request). Example: the Ac kermann function p ro cedure Ack ( M : in int ; N : in int ; R : out int ) is P : pro c ( in int , out int ) := Incr ; b egin fo r I in 1 . . M lo op decla re Q : constant pro c ( in int , out int ) := P ; p ro cedure Aux ( S : in int ; R : out int ) is X : int := 0; b egin Q (1, X ); fo r J in 1 . . S lo op Q ( X , X ); end lo op ; R := X ; end ; b egin P := Aux ; end ; end lo op ; P ( N , R ); end ; 1 1 Syn tax index , i , j , l , n indices ident , x , y , z , p , f iden ts numb er , q terminals ::= | − → | → | ⇒ | ← | 7→ | | ` | ∅ | × | 6 = | := | h | i | ∼ | 6∈ |  mo de , m ::= mo des: | S | in | out | in out inte ger , k ::= | q | { k 1 + k 2 } | { k 1 − k 2 } | { k 1 × k 2 } b o ole an , b ::= | true | false | { b 1 and b 2 } | { b 1 o r b 2 } | { not b } | { k 1 = k 2 } | k 1 > k 2 | k 1 < k 2 exp , e ::= terms: | x v ar | v v alue | e 1 + e 2 addition | e 1 − e 2 subtraction | e 1 × e 2 m ultiplication | e 1 = e 2 equalit y | e 1 > e 2 greater | e 1 < e 2 less | e 1 and e 2 conjunction | e 1 o r e 2 disjunction | not e negation | ( e ) S paren theses stor e , µ ::= store 2 | ? S | [] | ( µ , x ← v ) | [ z 1 ← v 1 , ... , z n ← v n ] tr ac e , tr ::= | ? S | [ h c 1 , µ 1 i .. h c n , µ n i ] formula ::= | formula 1 .. formula n | judgement | x = x 0 | x 6 = x 0 | δ = δ 0 | δ 6 = δ 0 | m = m 0 | m 6 = m 0 | k > k 0 | k ≤ k 0 env , Γ ::= con texts: | {} empt y con text | { x 1 δ 1 , ... , x n δ n } explicit con text | Γ , x δ iden t declaration | Γ S paren theses | Γ , x 1 δ 1 , .... , x n δ n iden ts declaration | Γ , δ anon ymous declaration cmd , c ::= commands: | null n ull | x := e assignmen t | c 1 ; c 2 sequence | if e then c 1 ; else c 2 ; end if conditional | while e lo op c ; end lo op while lo op | ( c ) S | ? S | decla re d declaration | fo r x in e . . e 0 lo op c ; end lo op bind x in c for lo op | e ( e 1 , .. , e n ) Pro cedure call va , v ::= constan ts: | ? S | k in teger constan t | b b oolean true | p ro c ( x 1 : m 1 τ 1 ; .. ; x n : m n τ n ) is d bind x 1 .. x n in d ty , τ ::= t yp es: | int | bo ol | p ro c ( m 1 τ 1 , .. , m n τ n ) Pro cedure | void v oid δ ::= | : m τ |  → τ dcl , d ::= 3 | d [ v / x ] M | b egin end Empt y | b egin c ; end Blo c k | x : τ ; d bind x in d Uninit. v ariable | x : τ := e ; d bind x in d Init. v ariable | x : constant τ := e ; d bind x in d Constan t | p ro cedure p ( x 1 : m 1 τ 1 ; .. ; x n : m n τ n ) is d 1 ; d 2 bind x 1 .. x n in d 1 Pro c | [ x 1 : m 1 τ 1 = e 1 , .. , x n : m n τ n = e n ] d bind x 1 .. x n in d Aliases | ( x : m τ = e ) d bind x in d Alias value ::= | v v alue eval exp ::= | µ ( x ) = v F etch | e = µ v Expression ev aluation typing ::= | x δ ∈ Γ Lo okup | Γ ` e : τ Expression t yping | δ ∈ Γ LookupD | Γ ` e ∼ m τ Matc h | Γ ` ( e 1 , .. , e l ) ∼ ( m 1 τ 1 , .. , m n τ n ) Matc hList | Γ ` d : decl Declaration t yping | Γ ` c : comm Command typing eval c omm ::= | µ { x ← v } 7→ µ 0 Store Up date | h c , µ i 7→ k h c 0 , µ 0 i Man y Steps | h c ; µ i ⇒ k tr T race | h c ; µ i µ 0 F ull ev aluation | ( | x 0 i : m 0 i τ 0 i | ) # ( | e 0 j | ) = [ | x n : m n τ n = e n | ] Compatibilit y | h c , µ i 7→ h c 0 , µ 0 i One step ev aluation | h d , µ i 7→ h d 0 , µ 0 i Declaration ev aluation judgement ::= | eval exp | typing | eval c omm user syntax ::= | index | ident | numb er | terminals | mo de | inte ger | b o ole an | exp | stor e | tr ac e | formula | env | cmd | va | ty | δ | dcl | value 4 2 T yp e System Lo okup x δ ∈ Γ x δ ∈ Γ , x δ ( L o okup1 ) x 6 = x 0 x δ ∈ Γ x δ ∈ Γ , x 0 δ 0 ( L o okup2 ) Expression typing Γ ` e : τ m 6 = out x : m τ ∈ Γ Γ ` x : τ ( V ar ) Γ ` q : int ( IntCst ) Γ ` true : b o ol ( Bo olT rue ) Γ ` false : b o ol ( Bo olF alse ) Γ ` e 1 : int Γ ` e 2 : int Γ ` e 1 + e 2 : int ( Plus ) Γ ` e 1 : int Γ ` e 2 : int Γ ` e 1 − e 2 : int ( Minus ) Γ ` e 1 : int Γ ` e 2 : int Γ ` e 1 × e 2 : int ( Times ) Γ ` e 1 : τ Γ ` e 2 : τ Γ ` e 1 = e 2 : bo ol ( Equal ) Γ ` e 1 : int Γ ` e 2 : int Γ ` e 1 > e 2 : bo ol ( Gr e ater ) Γ ` e 1 : int Γ ` e 2 : int Γ ` e 1 < e 2 : bo ol ( L ess ) Γ ` e 1 : bo ol Γ ` e 2 : bo ol Γ ` e 1 and e 2 : bo ol ( And ) Γ ` e 1 : bo ol Γ ` e 2 : bo ol Γ ` e 1 o r e 2 : bo ol ( Or ) Γ ` e : bo ol Γ ` not e : bo ol ( Not ) Lo okupD δ ∈ Γ δ ∈ Γ , x δ ( L o okupD1 ) δ 6 = δ 0 δ ∈ Γ δ ∈ Γ , x δ 0 ( L o okupD2 ) 5 Matc h Γ ` e ∼ m τ Γ ` e : τ Γ ` e ∼ in τ ( Match1 ) x : m τ ∈ Γ m 6 = in Γ ` x ∼ out τ ( Match2 ) x : in out τ ∈ Γ Γ ` x ∼ in out τ ( Match3 ) Matc hList Γ ` ( e 1 , .. , e l ) ∼ ( m 1 τ 1 , .. , m n τ n ) Γ ` ( ) ∼ ( ) ( MatchList1 ) Γ ` e ∼ m τ Γ ` ( e 1 , .. , e l ) ∼ ( m 1 τ 1 , .. , m n τ n ) Γ ` ( e , e 1 , .. , e l ) ∼ ( m τ , m 1 τ 1 , .. , m n τ n ) ( MatchList2 ) Declaration typing Γ ` d : decl Γ ` begin end : decl ( Empty ) Γ ` c : comm Γ ` begin c ; end : decl ( Blo ck ) Γ , x : in out τ ` d : decl Γ ` x : τ ; d : decl ( UninitV ar ) Γ ` e : τ Γ , x : in out τ ` d : decl Γ ` x : τ := e ; d : decl ( InitV ar ) Γ ` e : τ Γ , x : in τ ` d : decl Γ ` x : constant τ := e ; d : decl ( Constant ) Γ , x 1 : m 1 τ 1 , .. , x n : m n τ n ` d 1 : decl Γ , p : in proc ( m 1 τ 1 , .. , m n τ n ) ` d 2 : decl Γ ` p ro cedure p ( x 1 : m 1 τ 1 ; .. ; x n : m n τ n ) is d 1 ; d 2 : decl ( Pr o c ) Command typing Γ ` c : comm Γ ` null : comm ( Nul l ) Γ ` c 1 : comm Γ ` c 2 : comm Γ ` c 1 ; c 2 : comm ( Se q ) m 6 = in x : m τ ∈ Γ Γ ` e : τ Γ ` x := e : comm ( Assign ) Γ ` e : bo ol Γ ` c 1 : comm Γ ` c 2 : comm Γ ` if e then c 1 ; else c 2 ; end if : comm ( IfThenElse ) Γ ` e : bo ol Γ ` c : comm Γ ` while e lo op c ; end loop : comm ( While ) Γ ` e : int Γ ` e 0 : int Γ , x : in int ` c : comm Γ ` fo r x in e . . e 0 lo op c ; end lo op : comm ( F or ) 6 Γ ` d : decl Γ ` decla re d : comm ( De cl ) Γ ` e : p ro c ( m 1 τ 1 , .. , m n τ n ) Γ ` ( e 1 , .. , e l ) ∼ ( m 1 τ 1 , .. , m n τ n ) Γ ` e ( e 1 , .. , e l ) : comm ( Pr o cCal l ) 3 Structural Op erational Seman tics F etch µ ( x ) = v ( µ , x ← v ) ( x ) = v ( F etch1 ) x 6 = x 0 µ ( x ) = v ( µ , x 0 ← v 0 ) ( x ) = v ( F etch2 ) Expression ev aluation e = µ v v = µ v ( E V alue ) µ ( x ) = v x = µ v ( E Ident ) e 1 = µ k 1 e 2 = µ k 2 e 1 + e 2 = µ { k 1 + k 2 } ( E Plus ) e 1 = µ k 1 e 2 = µ k 2 e 1 − e 2 = µ { k 1 − k 2 } ( E Minus ) e 1 = µ k 1 e 2 = µ k 2 e 1 × e 2 = µ { k 1 × k 2 } ( E Times ) e 1 = µ k 1 e 2 = µ k 2 e 1 > e 2 = µ k 1 > k 2 ( E Gr e ater ) e 1 = µ k 1 e 2 = µ k 2 e 1 < e 2 = µ k 1 < k 2 ( E L ess ) e 1 = µ k 1 e 2 = µ k 2 e 1 = e 2 = µ { k 1 = k 2 } ( E Equal ) e 1 = µ b 1 e 2 = µ b 2 e 1 and e 2 = µ { b 1 and b 2 } ( E And ) e 1 = µ b 1 e 2 = µ b 2 e 1 o r e 2 = µ { b 1 o r b 2 } ( E Or ) e = µ b not e = µ { not b } ( E Not ) Store Up date µ { x ← v } 7→ µ 0 ( µ , x ← v ) { x ← v 0 } 7→ ( µ , x ← v 0 ) ( Up date1 ) x 6 = x 0 µ { x ← v 0 } 7→ µ 0 ( µ , x 0 ← v ) { x ← v 0 } 7→ ( µ 0 , x 0 ← v ) ( Up date2 ) 7 Man y Steps h c , µ i 7→ k h c 0 , µ 0 i h c , µ i 7→ 0 h c , µ i ( ManySteps1 ) h null , µ i 7→ k h null , µ i ( ManySteps2 ) h c , µ i 7→ h c 0 , µ 0 i h c 0 , µ 0 i 7→ { k − 1 } h c 00 , µ 00 i h c , µ i 7→ k h c 00 , µ 00 i ( ManySteps3 ) T race h c ; µ i ⇒ k tr h c ; µ i ⇒ 0 [ ] ( T rac e1 ) h null ; µ i ⇒ k [ ] ( T rac e2 ) h c , µ i 7→ h c 0 , µ 0 i h c 0 ; µ 0 i ⇒ { k − 1 } [ h c 0 1 , µ 0 1 i .. h c 0 n , µ 0 n i ] h c ; µ i ⇒ k [ h c 0 , µ 0 i h c 0 1 , µ 0 1 i .. h c 0 n , µ 0 n i ] ( T rac e3 ) F ull ev aluation h c ; µ i µ 0 h null ; µ i µ ( Eval1 ) h c , µ i 7→ h c 0 , µ 0 i h c 0 ; µ 0 i µ 00 h c ; µ i µ 00 ( Eval2 ) Compatibilit y ( | x 0 i : m 0 i τ 0 i | ) # ( | e 0 j | ) = [ | x n : m n τ n = e n | ] ( ) # ( ) = [ ] ( E Comp at1 ) ( | x 0 i : m 0 i τ 0 i | ) # ( | e 0 j | ) = [ | x n : m n τ n = e n | ] ( x : m τ | x 0 i : m 0 i τ 0 i | ) # ( e | e 0 j | ) = [ x : m τ = e | x n : m n τ n = e n | ] ( E Comp at2 ) One step ev aluation h c , µ i 7→ h c 0 , µ 0 i h ( null ; c ) , µ i 7→ h c , µ i ( E Nul l ) h c 1 , µ i 7→ h c 0 1 , µ 0 i h ( c 1 ; c 2 ) , µ i 7→ h ( c 0 1 ; c 2 ) , µ 0 i ( E Se q ) e = µ v µ { x ← v } 7→ µ 0 h ( x := e ) , µ i 7→ h null , µ 0 i ( E Assign ) e = µ true h ( if e then c 1 ; else c 2 ; end if ) , µ i 7→ h c 1 , µ i ( E IfThenElse1 ) e = µ false h ( if e then c 1 ; else c 2 ; end if ) , µ i 7→ h c 2 , µ i ( E IfThenElse2 ) e = µ false h ( while e lo op c ; end lo op ) , µ i 7→ h null , µ i ( E While1 ) 8 e = µ true h ( while e loop c ; end lo op ) , µ i 7→ h ( c ; while e lo op c ; end lo op ) , µ i ( E While2 ) h decla re b egin end , µ i 7→ h null , µ i ( E De cl1 ) h d , µ i 7→ h d 0 , µ 0 i h decla re d , µ i 7→ h declare d 0 , µ 0 i ( E De cl2 ) e = µ k e 0 = µ k 0 k > k 0 h ( for x in e . . e 0 lo op c ; end lo op ) , µ i 7→ h null , µ i ( E F or1 ) e = µ k e 0 = µ k 0 k ≤ k 0 h ( for x in e . . e 0 lo op c ; end lo op ) , µ i 7→ h ( decla re x : constant int := k ; b egin c ; end ; for x in { k + 1 } . . k 0 lo op c ; end lo op ) , µ i ( E F or2 ) e = µ p ro c ( | x 0 i : m 0 i τ 0 i | ) is d ( | x 0 i : m 0 i τ 0 i | ) # ( | e 0 j | ) = [ | x n : m n τ n = e n | ] h e ( | e 0 j | ) , µ i 7→ h declare [ | x n : m n τ n = e n | ] d , µ i ( E Pr o cCal l ) Declaration ev aluation h d , µ i 7→ h d 0 , µ 0 i h b egin null ; end , µ i 7→ h b egin end , µ i ( E Blo ck1 ) h c , µ i 7→ h c 0 , µ 0 i h b egin c ; end , µ i 7→ h b egin c 0 ; end , µ 0 i ( E Blo ck2 ) h x : τ := e ; b egin end , µ i 7→ h begin end , µ i ( E InitV ar1 ) e = µ v h d , ( µ , x ← v ) i 7→ h d 0 , ( µ 0 , x ← v 0 ) i h x : τ := e ; d , µ i 7→ h x : τ := v 0 ; d 0 , µ 0 i ( E InitV ar2 ) h x : constant τ := e ; b egin end , µ i 7→ h begin end , µ i ( E Const1 ) e = µ v h d [ v / x ] , µ i 7→ h d 0 , µ 0 i h x : constant τ := e ; d , µ i 7→ h x : constant τ := v ; d 0 , µ 0 i ( E Const2 ) h procedure p ( | x n : m n τ n | ) is d 1 ; d , µ i 7→ h d [ proc ( | x n : m n τ n | ) is d 1 / p ] , µ i ( E Pr o c ) h ( x : m τ = e ) b egin end , µ i 7→ h b egin end , µ i ( E Alias1 ) e = µ v h d [ v / x ] , µ i 7→ h d 0 , µ 0 i h ( x : in τ = e ) d , µ i 7→ h d 0 , µ 0 i ( E Alias2 ) m 6 = in µ ( y ) = v h d , ( µ , x ← v ) i 7→ h d 0 , ( µ 0 , x ← v 0 ) i µ 0 { y ← v 0 } 7→ µ 00 h ( x : m τ = y ) d , µ i 7→ h ( x : m τ = y ) d 0 , µ 00 i ( E Alias3 ) h [ ] d , µ i 7→ h d , µ i ( E Aliases1 ) h [ | x n : m n τ n = e n | ] b egin end , µ i 7→ h b egin end , µ i ( E Aliases2 ) h ( x : m τ = e ) [ | x n : m n τ n = e n | ] d , µ i 7→ h d 0 , µ 0 i h [ x : m τ = e , | x n : m n τ n = e n | ] d , µ i 7→ h d 0 , µ 0 i ( E Aliases3 ) 9 A Generated Isab elle/HOL theory (* generated by Ott 0.10.17 from: _source-1-s.ott _source-1.ott _source-2-s.ott _source-2.ott _source-3-s.ott _source-3.ott _source-4.ott source.ott *) theory source imports Main Multiset begin (** syntax *) types "index" = "nat" types "ident" = "string" types "number" = "int" types "integer" = "int" datatype "mode" = M_In | M_Out | M_InOut types "boolean" = "bool" datatype "ty" = T_Int | T_Bool | T_Proc "(mode*ty) list" | T_Void datatype "dcl" = D_Empty | D_Block "cmd" | D_UninitVar "ident" "ty" "dcl" | D_InitVar "ident" "ty" "exp" "dcl" | D_Constant "ident" "ty" "exp" "dcl" | D_Proc "ident" "(ident*mode*ty) list" "dcl" "dcl" | D_Aliases "(ident*mode*ty*exp) list" "dcl" | D_Alias "ident" "mode" "ty" "exp" "dcl" and "va" = V_Int "integer" | V_Bool "boolean" | V_Proc "(ident*mode*ty) list" "dcl" and "cmd" = C_Null | C_Assign "ident" "exp" | C_Seq "cmd" "cmd" | C_IfThenElse "exp" "cmd" "cmd" | C_While "exp" "cmd" | C_Decl "dcl" | C_For "ident" "exp" "exp" "cmd" | C_ProcCall "exp" "exp list" and "exp" = E_Var "ident" | E_Value "va" | E_Plus "exp" "exp" | E_Minus "exp" "exp" | E_Times "exp" "exp" | E_Equal "exp" "exp" | E_Greater "exp" "exp" | E_Less "exp" "exp" | E_And "exp" "exp" | E_Or "exp" "exp" | E_Not "exp" datatype "df" = VarDecl "mode" "ty" | ReturnType "ty" 10 types "store" = "(ident*va) list" types "env" = "(ident*df) list" types "trace" = "(cmd*store) list" (** library functions *) lemma [mono]:" (!! x. f x --> g x) ==> list_all (%b. b) (map f foo_list)--> list_all (%b. b) (map g foo_list) " apply(induct_tac foo_list, auto) done lemma [mono]: "split f p = f (fst p) (snd p)" by (simp add: split_def) (** subrules *) consts is_value_of_exp :: "exp => bool" primrec "is_value_of_exp (E_Var x) = (False)" "is_value_of_exp (E_Value v) = ((True))" "is_value_of_exp (E_Plus e1 e2) = (False)" "is_value_of_exp (E_Minus e1 e2) = (False)" "is_value_of_exp (E_Times e1 e2) = (False)" "is_value_of_exp (E_Equal e1 e2) = (False)" "is_value_of_exp (E_Greater e1 e2) = (False)" "is_value_of_exp (E_Less e1 e2) = (False)" "is_value_of_exp (E_And e1 e2) = (False)" "is_value_of_exp (E_Or e1 e2) = (False)" "is_value_of_exp (E_Not e) = (False)" (** substitutions *) consts subst_ty_exp :: "exp => ident => (ty*exp) => (ty*exp)" subst_mode_ty_exp :: "exp => ident => mode*(ty*exp) => mode*(ty*exp)" subst_ident_mode_ty_exp :: "exp => ident => ident*(mode*ty*exp) => ident*(mode*ty*exp)" subst_ident_mode_ty_exp_list :: "exp => ident => (ident*mode*ty*exp) list => (ident*mode*ty*exp) list" subst_dcl :: "exp => ident => dcl => dcl" subst_va :: "exp => ident => va => va" subst_exp_list :: "exp => ident => exp list => exp list" subst_cmd :: "exp => ident => cmd => cmd" subst_exp :: "exp => ident => exp => exp" primrec "subst_ty_exp e_5 x_5 (ty1,exp1) = (ty1 , subst_exp e_5 x_5 exp1)" "subst_mode_ty_exp e_5 x_5 (mode1,ty_exp1) = (mode1 , subst_ty_exp e_5 x_5 ty_exp1)" "subst_ident_mode_ty_exp e_5 x_5 (ident1,mode_ty_exp1) = (ident1 , subst_mode_ty_exp e_5 x_5 mode_ty_exp1)" "subst_ident_mode_ty_exp_list e_5 x_5 Nil = (Nil)" "subst_ident_mode_ty_exp_list e_5 x_5 (ident_mode_ty_exp_0#ident_mode_ty_exp_list_0) = ((subst_ident_mode_ty_exp e_5 x_5 ident_mode_ty_exp_0) # (subst_ident_mode_ty_exp_list e_5 x_5 ident_mode_ty_exp_list_0))" "subst_dcl e_5 x_5 D_Empty = (D_Empty )" "subst_dcl e_5 x_5 (D_Block c) = (D_Block (subst_cmd e_5 x_5 c))" "subst_dcl e_5 x_5 (D_UninitVar x T d) = (D_UninitVar x T (if x_5 mem [x] then d else (subst_dcl e_5 x_5 d)))" "subst_dcl e_5 x_5 (D_InitVar x T e d) = (D_InitVar x T (subst_exp e_5 x_5 e) (if x_5 mem [x] then d else (subst_dcl e_5 x_5 d)))" "subst_dcl e_5 x_5 (D_Constant x T e d) = (D_Constant x T (subst_exp e_5 x_5 e) (if x_5 mem [x] then d else (subst_dcl e_5 x_5 d)))" "subst_dcl e_5 x_5 (D_Proc p (x_m_T_list) d1 d2) = (D_Proc p x_m_T_list (if x_5 mem (List.map (%((x_0::ident),(m_0::mode),(T_0::ty)).x_0) x_m_T_list) then d1 else (subst_dcl e_5 x_5 d1)) (subst_dcl e_5 x_5 d2))" "subst_dcl e_5 x_5 (D_Aliases (x_m_T_e_list) d) = (D_Aliases (subst_ident_mode_ty_exp_list e_5 x_5 x_m_T_e_list) (if x_5 mem (List.map (%((x_0::ident),(m_0::mode),(T_0::ty),(e_0::exp)).x_0) x_m_T_e_list) then d else (subst_dcl e_5 x_5 d)))" "subst_dcl e_5 x_5 (D_Alias x m T e d) = (D_Alias x m T (subst_exp e_5 x_5 e) (if x_5 mem [x] then d else (subst_dcl e_5 x_5 d)))" 11 "subst_va e5 x_5 (V_Int k) = (V_Int k)" "subst_va e5 x_5 (V_Bool b) = (V_Bool b)" "subst_va e5 x_5 (V_Proc (x_m_T_list) d) = (V_Proc x_m_T_list (if x_5 mem (List.map (%((x_0::ident),(m_0::mode),(T_0::ty)).x_0) x_m_T_list) then d else (subst_dcl e5 x_5 d)))" "subst_exp_list e_5 x5 Nil = (Nil)" "subst_exp_list e_5 x5 (exp_0#exp_list_0) = ((subst_exp e_5 x5 exp_0) # (subst_exp_list e_5 x5 exp_list_0))" "subst_cmd e_5 x5 C_Null = (C_Null )" "subst_cmd e_5 x5 (C_Assign x e) = (C_Assign x (subst_exp e_5 x5 e))" "subst_cmd e_5 x5 (C_Seq c1 c2) = (C_Seq (subst_cmd e_5 x5 c1) (subst_cmd e_5 x5 c2))" "subst_cmd e_5 x5 (C_IfThenElse e c1 c2) = (C_IfThenElse (subst_exp e_5 x5 e) (subst_cmd e_5 x5 c1) (subst_cmd e_5 x5 c2))" "subst_cmd e_5 x5 (C_While e c) = (C_While (subst_exp e_5 x5 e) (subst_cmd e_5 x5 c))" "subst_cmd e_5 x5 (C_Decl d) = (C_Decl (subst_dcl e_5 x5 d))" "subst_cmd e_5 x5 (C_For x e e’ c) = (C_For x (subst_exp e_5 x5 e) (subst_exp e_5 x5 e’) (if x5 mem [x] then c else (subst_cmd e_5 x5 c)))" "subst_cmd e_5 x5 (C_ProcCall e (e_list)) = (C_ProcCall (subst_exp e_5 x5 e) (subst_exp_list e_5 x5 e_list))" "subst_exp e_5 x5 (E_Var x) = ((if x=x5 then e_5 else (E_Var x)))" "subst_exp e_5 x5 (E_Value v) = (E_Value (subst_va e_5 x5 v))" "subst_exp e_5 x5 (E_Plus e1 e2) = (E_Plus (subst_exp e_5 x5 e1) (subst_exp e_5 x5 e2))" "subst_exp e_5 x5 (E_Minus e1 e2) = (E_Minus (subst_exp e_5 x5 e1) (subst_exp e_5 x5 e2))" "subst_exp e_5 x5 (E_Times e1 e2) = (E_Times (subst_exp e_5 x5 e1) (subst_exp e_5 x5 e2))" "subst_exp e_5 x5 (E_Equal e1 e2) = (E_Equal (subst_exp e_5 x5 e1) (subst_exp e_5 x5 e2))" "subst_exp e_5 x5 (E_Greater e1 e2) = (E_Greater (subst_exp e_5 x5 e1) (subst_exp e_5 x5 e2))" "subst_exp e_5 x5 (E_Less e1 e2) = (E_Less (subst_exp e_5 x5 e1) (subst_exp e_5 x5 e2))" "subst_exp e_5 x5 (E_And e1 e2) = (E_And (subst_exp e_5 x5 e1) (subst_exp e_5 x5 e2))" "subst_exp e_5 x5 (E_Or e1 e2) = (E_Or (subst_exp e_5 x5 e1) (subst_exp e_5 x5 e2))" "subst_exp e_5 x5 (E_Not e) = (E_Not (subst_exp e_5 x5 e))" (** definitions *) (*defns eval_exp *) inductive Fetch :: "store \ ident \ va \ bool" and ExpEval :: "exp \ store \ va \ bool" where (* defn Fetch *) Fetch1I: "Fetch ( (( x , v )# mu ) ) (x) (v)" | Fetch2I: "\ x ~= x’ ; Fetch (mu) (x) (v)\ \ Fetch ( (( x’ , v’ )# mu ) ) (x) (v)" | (* defn ExpEval *) E_ValueI: "ExpEval ((E_Value v)) (mu) (v)" | E_IdentI: "\Fetch (mu) (x) (v)\ \ ExpEval ((E_Var x)) (mu) (v)" | E_PlusI: "\ExpEval (e1) (mu) ((V_Int k1)) ; ExpEval (e2) (mu) ((V_Int k2))\ \ ExpEval ((E_Plus e1 e2)) (mu) ((V_Int ( k1 + k2 ) ))" | E_MinusI: "\ExpEval (e1) (mu) ((V_Int k1)) ; ExpEval (e2) (mu) ((V_Int k2))\ \ ExpEval ((E_Minus e1 e2)) (mu) ((V_Int ( k1 - k2 ) ))" | E_TimesI: "\ExpEval (e1) (mu) ((V_Int k1)) ; ExpEval (e2) (mu) ((V_Int k2))\ \ ExpEval ((E_Times e1 e2)) (mu) ((V_Int ( k1 * k2 ) ))" | E_GreaterI: "\ExpEval (e1) (mu) ((V_Int k1)) ; ExpEval (e2) (mu) ((V_Int k2))\ \ ExpEval ((E_Greater e1 e2)) (mu) ((V_Bool ( k1 > k2 ) ))" 12 | E_LessI: "\ExpEval (e1) (mu) ((V_Int k1)) ; ExpEval (e2) (mu) ((V_Int k2))\ \ ExpEval ((E_Less e1 e2)) (mu) ((V_Bool ( k1 < k2 ) ))" | E_EqualI: "\ExpEval (e1) (mu) ((V_Int k1)) ; ExpEval (e2) (mu) ((V_Int k2))\ \ ExpEval ((E_Equal e1 e2)) (mu) ((V_Bool ( k1 = k2 ) ))" | E_AndI: "\ExpEval (e1) (mu) ((V_Bool b1)) ; ExpEval (e2) (mu) ((V_Bool b2))\ \ ExpEval ((E_And e1 e2)) (mu) ((V_Bool ( b1 \ b2 ) ))" | E_OrI: "\ExpEval (e1) (mu) ((V_Bool b1)) ; ExpEval (e2) (mu) ((V_Bool b2))\ \ ExpEval ((E_Or e1 e2)) (mu) ((V_Bool ( b1 \ b2 ) ))" | E_NotI: "\ExpEval (e) (mu) ((V_Bool b))\ \ ExpEval ((E_Not e)) (mu) ((V_Bool (\ b ) ))" (*defns typing *) inductive Lookup :: "ident \ df \ env \ bool" and ExpTyping :: "env \ exp \ ty \ bool" and LookupD :: "df \ env \ bool" and Match :: "env \ exp \ mode \ ty \ bool" and MatchList :: "env \ exp list \ (mode*ty) list \ bool" and DeclTyping :: "env \ dcl \ bool" and CommTyping :: "env \ cmd \ bool" where (* defn Lookup *) Lookup1I: "Lookup (x) (df) ( (( x , df ) # G ) )" | Lookup2I: "\ x ~= x’ ; Lookup (x) (df) (G)\ \ Lookup (x) (df) ( (( x’ , df’ ) # G ) )" | (* defn ExpTyping *) VarI: "\ m ~= M_Out ; Lookup (x) ((VarDecl m T)) (G)\ \ ExpTyping (G) ((E_Var x)) (T)" | IntCstI: "ExpTyping (G) ((E_Value (V_Int q ))) (T_Int)" | BoolTrueI: "ExpTyping (G) ((E_Value (V_Bool true ))) (T_Bool)" | BoolFalseI: "ExpTyping (G) ((E_Value (V_Bool false ))) (T_Bool)" | PlusI: "\ExpTyping (G) (e1) (T_Int) ; ExpTyping (G) (e2) (T_Int)\ \ ExpTyping (G) ((E_Plus e1 e2)) (T_Int)" | MinusI: "\ExpTyping (G) (e1) (T_Int) ; ExpTyping (G) (e2) (T_Int)\ \ ExpTyping (G) ((E_Minus e1 e2)) (T_Int)" | TimesI: "\ExpTyping (G) (e1) (T_Int) ; ExpTyping (G) (e2) (T_Int)\ \ ExpTyping (G) ((E_Times e1 e2)) (T_Int)" | EqualI: "\ExpTyping (G) (e1) (T) ; ExpTyping (G) (e2) (T)\ \ ExpTyping (G) ((E_Equal e1 e2)) (T_Bool)" | GreaterI: "\ExpTyping (G) (e1) (T_Int) ; ExpTyping (G) (e2) (T_Int)\ \ ExpTyping (G) ((E_Greater e1 e2)) (T_Bool)" 13 | LessI: "\ExpTyping (G) (e1) (T_Int) ; ExpTyping (G) (e2) (T_Int)\ \ ExpTyping (G) ((E_Less e1 e2)) (T_Bool)" | AndI: "\ExpTyping (G) (e1) (T_Bool) ; ExpTyping (G) (e2) (T_Bool)\ \ ExpTyping (G) ((E_And e1 e2)) (T_Bool)" | OrI: "\ExpTyping (G) (e1) (T_Bool) ; ExpTyping (G) (e2) (T_Bool)\ \ ExpTyping (G) ((E_Or e1 e2)) (T_Bool)" | NotI: "\ExpTyping (G) (e) (T_Bool)\ \ ExpTyping (G) ((E_Not e)) (T_Bool)" | (* defn LookupD *) LookupD1I: "LookupD (df) ( (( x , df ) # G ) )" | LookupD2I: "\ df ~= df’ ; LookupD (df) (G)\ \ LookupD (df) ( (( x , df’ ) # G ) )" | (* defn Match *) Match1I: "\ExpTyping (G) (e) (T)\ \ Match (G) (e) (M_In) (T)" | Match2I: "\Lookup (x) ((VarDecl m T)) (G) ; m ~= M_In \ \ Match (G) ((E_Var x)) (M_Out) (T)" | Match3I: "\Lookup (x) ((VarDecl M_InOut T)) (G)\ \ Match (G) ((E_Var x)) (M_InOut) (T)" | (* defn MatchList *) MatchList1I: "MatchList (G) ([]) ([])" | MatchList2I: "\Match (G) (e) (m) (T) ; MatchList (G) ((e_list)) ((m_T_list))\ \ MatchList (G) (((e) # e_list)) (((m,T) # m_T_list))" | (* defn DeclTyping *) EmptyI: "DeclTyping (G) (D_Empty)" | BlockI: "\CommTyping (G) (c)\ \ DeclTyping (G) ((D_Block c))" | UninitVarI: "\DeclTyping ( (( x , (VarDecl M_InOut T) ) # G ) ) (d)\ \ DeclTyping (G) ((D_UninitVar x T d))" | InitVarI: "\ExpTyping (G) (e) (T) ; DeclTyping ( (( x , (VarDecl M_InOut T) ) # G ) ) (d)\ \ DeclTyping (G) ((D_InitVar x T e d))" | ConstantI: "\ExpTyping (G) (e) (T) ; DeclTyping ( (( x , (VarDecl M_In T) ) # G ) ) (d)\ \ DeclTyping (G) ((D_Constant x T e d))" | ProcI: "\DeclTyping ( ( (List.rev ((List.map (%((x_0::ident),(m_0::mode),(T_0::ty)).(x_0,(VarDecl m_0 T_0))) x_m_T_list)) @ G) ) ) (d1) ; DeclTyping ( (( p , (VarDecl M_In (T_Proc ((List.map (%((x_0::ident),(m_0::mode),(T_0::ty)).(m_0,T_0)) x_m_T_list)))) ) # G ) ) (d2)\ 14 \ DeclTyping (G) ((D_Proc p (x_m_T_list) d1 d2))" | (* defn CommTyping *) NullI: "CommTyping (G) (C_Null)" | SeqI: "\CommTyping (G) (c1) ; CommTyping (G) (c2)\ \ CommTyping (G) ((C_Seq c1 c2))" | AssignI: "\ m ~= M_In ; Lookup (x) ((VarDecl m T)) (G) ; ExpTyping (G) (e) (T)\ \ CommTyping (G) ((C_Assign x e))" | IfThenElseI: "\ExpTyping (G) (e) (T_Bool) ; CommTyping (G) (c1) ; CommTyping (G) (c2)\ \ CommTyping (G) ((C_IfThenElse e c1 c2))" | WhileI: "\ExpTyping (G) (e) (T_Bool) ; CommTyping (G) (c)\ \ CommTyping (G) ((C_While e c))" | ForI: "\ExpTyping (G) (e) (T_Int) ; ExpTyping (G) (e’) (T_Int) ; CommTyping ( (( x , (VarDecl M_In T_Int) ) # G ) ) (c)\ \ CommTyping (G) ((C_For x e e’ c))" | DeclI: "\DeclTyping (G) (d)\ \ CommTyping (G) ((C_Decl d))" | ProcCallI: "\ExpTyping (G) (e) ((T_Proc (m_T_list))) ; MatchList (G) ((e_list)) ((m_T_list))\ \ CommTyping (G) ((C_ProcCall e (e_list)))" (*defns eval_comm *) inductive StoreUpdate :: "store \ ident \ va \ store \ bool" and ManySteps :: "cmd \ store \ integer \ cmd \ store \ bool" and Trace :: "cmd \ store \ integer \ trace \ bool" and FullEvaluation :: "cmd \ store \ store \ bool" and Compat :: "(ident*mode*ty) list \ exp list \ (ident*mode*ty*exp) list \ bool" and OneStep :: "cmd \ store \ cmd \ store \ bool" and DeclEval :: "dcl \ store \ dcl \ store \ bool" where (* defn StoreUpdate *) Update1I: "StoreUpdate ( (( x , v )# mu ) ) (x) (v’) ( (( x , v’ )# mu ) )" | Update2I: "\ x ~= x’ ; StoreUpdate (mu) (x) (v’) (mu’)\ \ StoreUpdate ( (( x’ , v )# mu ) ) (x) (v’) ( (( x’ , v )# mu’ ) )" | (* defn ManySteps *) ManySteps1I: "ManySteps (c) (mu) ( 0 ) (c) (mu)" | ManySteps2I: "ManySteps (C_Null) (mu) (k) (C_Null) (mu)" | ManySteps3I: "\OneStep (c) (mu) (c’) (mu’) ; ManySteps (c’) (mu’) ( ( k - 1 ) ) (c’’) (mu’’)\ \ ManySteps (c) (mu) (k) (c’’) (mu’’)" 15 | (* defn Trace *) Trace1I: "Trace (c) (mu) ( 0 ) ( [] )" | Trace2I: "Trace (C_Null) (mu) (k) ( [] )" | Trace3I: "\OneStep (c) (mu) (c’) (mu’) ; Trace (c’) (mu’) ( ( k - 1 ) ) ( (c’_mu’_list) )\ \ Trace (c) (mu) (k) ( ((c’,mu’) # c’_mu’_list) )" | (* defn FullEvaluation *) Eval1I: "FullEvaluation (C_Null) (mu) (mu)" | Eval2I: "\OneStep (c) (mu) (c’) (mu’) ; FullEvaluation (c’) (mu’) (mu’’)\ \ FullEvaluation (c) (mu) (mu’’)" | (* defn Compat *) E_Compat1I: "Compat ([]) ([]) ([])" | E_Compat2I: "\Compat ((x’_m’_T’_list)) ((e’_list)) ((x_m_T_e_list))\ \ Compat (((x,m,T) # x’_m’_T’_list)) (((e) # e’_list)) (((x,m,T,e) # x_m_T_e_list))" | (* defn OneStep *) E_NullI: "OneStep ( (C_Seq C_Null c) ) (mu) (c) (mu)" | E_SeqI: "\OneStep (c1) (mu) (c1’) (mu’)\ \ OneStep ( (C_Seq c1 c2) ) (mu) ( (C_Seq c1’ c2) ) (mu’)" | E_AssignI: "\ExpEval (e) (mu) (v) ; StoreUpdate (mu) (x) (v) (mu’)\ \ OneStep ( (C_Assign x e) ) (mu) (C_Null) (mu’)" | E_IfThenElse1I: "\ExpEval (e) (mu) ((V_Bool true ))\ \ OneStep ( (C_IfThenElse e c1 c2) ) (mu) (c1) (mu)" | E_IfThenElse2I: "\ExpEval (e) (mu) ((V_Bool false ))\ \ OneStep ( (C_IfThenElse e c1 c2) ) (mu) (c2) (mu)" | E_While1I: "\ExpEval (e) (mu) ((V_Bool false ))\ \ OneStep ( (C_While e c) ) (mu) (C_Null) (mu)" | E_While2I: "\ExpEval (e) (mu) ((V_Bool true ))\ \ OneStep ( (C_While e c) ) (mu) ( (C_Seq c (C_While e c)) ) (mu)" | E_Decl1I: "OneStep ((C_Decl D_Empty)) (mu) (C_Null) (mu)" | E_Decl2I: "\DeclEval (d) (mu) (d’) (mu’)\ \ OneStep ((C_Decl d)) (mu) ((C_Decl d’)) (mu’)" | E_For1I: "\ExpEval (e) (mu) ((V_Int k)) ; ExpEval (e’) (mu) ((V_Int k’)) ; ( k > k’ ) \ \ OneStep ( (C_For x e e’ c) ) (mu) (C_Null) (mu)" | E_For2I: "\ExpEval (e) (mu) ((V_Int k)) ; ExpEval (e’) (mu) ((V_Int k’)) ; ( k <= k’ ) \ \ OneStep ( (C_For x e e’ c) ) (mu) ( (C_Seq (C_Decl (D_Constant x T_Int (E_Value (V_Int k)) (D_Block c))) (C_For x (E_Value (V_Int ( k + 1 ) )) (E_Value (V_Int k’)) c)) ) (mu)" | E_ProcCallI: "\ExpEval (e) (mu) ((V_Proc (x’_m’_T’_list) d)) ; Compat ((x’_m’_T’_list)) ((e’_list)) ((x_m_T_e_list))\ \ 16 OneStep ((C_ProcCall e (e’_list))) (mu) ((C_Decl (D_Aliases (x_m_T_e_list) d))) (mu)" | (* defn DeclEval *) E_Block1I: "DeclEval ((D_Block C_Null)) (mu) (D_Empty) (mu)" | E_Block2I: "\OneStep (c) (mu) (c’) (mu’)\ \ DeclEval ((D_Block c)) (mu) ((D_Block c’)) (mu’)" | E_InitVar1I: "DeclEval ((D_InitVar x T e D_Empty)) (mu) (D_Empty) (mu)" | E_InitVar2I: "\ExpEval (e) (mu) (v) ; DeclEval (d) ( (( x , v )# mu ) ) (d’) ( (( x , v’ )# mu’ ) )\ \ DeclEval ((D_InitVar x T e d)) (mu) ((D_InitVar x T (E_Value v’) d’)) (mu’)" | E_Const1I: "DeclEval ((D_Constant x T e D_Empty)) (mu) (D_Empty) (mu)" | E_Const2I: "\ExpEval (e) (mu) (v) ; DeclEval ( (subst_dcl (E_Value v ) x d ) ) (mu) (d’) (mu’)\ \ DeclEval ((D_Constant x T e d)) (mu) ((D_Constant x T (E_Value v) d’)) (mu’)" | E_ProcI: "DeclEval ((D_Proc p (x_m_T_list) d1 d)) (mu) ( (subst_dcl (E_Value (V_Proc (x_m_T_list) d1) ) p d ) ) (mu)" | E_Alias1I: "DeclEval ((D_Alias x m T e D_Empty)) (mu) (D_Empty) (mu)" | E_Alias2I: "\ExpEval (e) (mu) (v) ; DeclEval ( (subst_dcl (E_Value v ) x d ) ) (mu) (d’) (mu’)\ \ DeclEval ((D_Alias x M_In T e d)) (mu) (d’) (mu’)" | E_Alias3I: "\ m ~= M_In ; Fetch (mu) (y) (v) ; DeclEval (d) ( (( x , v )# mu ) ) (d’) ( (( x , v’ )# mu’ ) ) ; StoreUpdate (mu’) (y) (v’) (mu’’)\ \ DeclEval ((D_Alias x m T (E_Var y) d)) (mu) ((D_Alias x m T (E_Var y) d’)) (mu’’)" | E_Aliases1I: "DeclEval ((D_Aliases [] d)) (mu) (d) (mu)" | E_Aliases2I: "DeclEval ((D_Aliases (x_m_T_e_list) D_Empty)) (mu) (D_Empty) (mu)" | E_Aliases3I: "\DeclEval ((D_Alias x m T e (D_Aliases (x_m_T_e_list) d))) (mu) (d’) (mu’)\ \ DeclEval ((D_Aliases ((x,m,T,e) # x_m_T_e_list) d)) (mu) (d’) (mu’)" code_module Evaluation contains test1 = "ExpEval ( ( (E_Plus (E_Value (V_Int 2 )) (E_Value (V_Int 3 ))) ) ) ( Nil ) ( _ )" test2 = "ExpEval ( ( (E_Plus (E_Var ’’X’’) (E_Value (V_Int 3 ))) ) ) ( ([(’’X’’,(V_Int 5 ))]) ) ( _ )" ML {* DSeq.hd Evaluation.test1 *} code_module Typing (* file "Typing.sml" *) contains test1 = "ExpTyping ( Nil ) ((E_Var ’’X’’)) (T_Int)" test2 = "ExpTyping ( ((’’X’’,(VarDecl M_In T_Int)) # [(’’Y’’,(VarDecl M_In T_Int))]) ) ((E_Equal ( (E_Plus (E_Var ’’X’’) (E_Value (V_Int 1 ))) ) (E_Var ’’Y’’))) (T_Bool)" ML {* Typing.test1 *} ML {* Typing.test2 *} 17 code_module Evaluation contains test1 = "ExpEval ( ( (E_Plus (E_Value (V_Int 2 )) (E_Value (V_Int 3 ))) ) ) ( Nil ) ( _ )" test2 = "StoreUpdate ( ((’’X’’,(V_Int 2 )) # [(’’Y’’,(V_Int 3 ))]) ) (’’X’’) ((V_Int 3 )) ( _ )" test3 = "ManySteps ( (C_Assign ’’X’’ (E_Plus (E_Var ’’X’’) (E_Value (V_Int 1 )))) ) ( ([(’’X’’,(V_Int 2 ))]) ) ( 1 ) ( _ ) ( _ )" test4 = "FullEvaluation ( (C_Seq (C_Assign ’’X’’ (E_Plus (E_Var ’’X’’) (E_Var ’’Y’’))) (C_Assign ’’Y’’ (E_Plus (E_Var ’’X’’) (E_Var ’’Y’’)))) ) ( ((’’X’’,(V_Int 42 )) # [(’’Y’’,(V_Int 12 ))]) ) ( _ )" test5 = "FullEvaluation ( (C_IfThenElse (E_Var ’’B’’) (C_Assign ’’X’’ (E_Value (V_Int 1 ))) (C_Assign ’’Y’’ (E_Value (V_Int 1 )))) ) ( ((’’B’’,(V_Bool true )) # (’’X’’,(V_Int 0 )) # [(’’Y’’,(V_Int 0 ))]) ) ( _ )" ML {* DSeq.hd Evaluation.test1 *} ML {* DSeq.hd Evaluation.test2 *} ML {* DSeq.hd Evaluation.test3 *} ML {* DSeq.hd Evaluation.test4 *} ML {* DSeq.hd Evaluation.test5 *} code_module Typing (* file "Extraction.sml" *) contains test1 = "CommTyping ( ([(’’X’’,(VarDecl M_InOut T_Int))]) ) ((C_Assign ’’X’’ (E_Plus (E_Var ’’X’’) (E_Value (V_Int 1 )))))" test2 = "CommTyping ( ((’’X’’,(VarDecl M_InOut T_Int)) # (’’Y’’,(VarDecl M_In T_Bool)) # [(’’B’’,(VarDecl M_In T_Bool))]) ) ((C_IfThenElse (E_Var ’’B’’) (C_Assign ’’X’’ (E_Value (V_Int 1 ))) (C_Assign ’’Y’’ (E_Value (V_Int 1 )))))" ML {* Typing.test1 *} ML {* Typing.test2 *} code_module Evaluation contains test1 = "FullEvaluation ((C_Decl (D_Constant ’’B’’ T_Bool (E_Value (V_Bool false )) (D_Block (C_IfThenElse (E_Var ’’B’’) (C_Assign ’’X’’ (E_Value (V_Int 1 ))) (C_Assign ’’Y’’ (E_Value (V_Int 1 )))))))) ( ((’’X’’,(V_Int 0 )) # [(’’Y’’,(V_Int 0 ))]) ) ( _ )" test2 = "FullEvaluation ((C_For ’’I’’ (E_Value (V_Int 1 )) (E_Var ’’X’’) (C_Assign ’’Y’’ (E_Plus (E_Var ’’Y’’) (E_Var ’’X’’))))) ( ((’’X’’,(V_Int 5 )) # [(’’Y’’,(V_Int 0 ))]) ) ( _ )" ML {* DSeq.hd Evaluation.test1 *} ML {* DSeq.hd Evaluation.test2 *} code_module Typing (* file "Extraction.sml" *) contains test1 = "CommTyping ( ([(’’X’’,(VarDecl M_InOut T_Int))]) ) ((C_Assign ’’X’’ (E_Plus (E_Var ’’X’’) (E_Value (V_Int 1 )))))" test2 = "CommTyping ( ([(’’X’’,(VarDecl M_InOut T_Int))]) ) ((C_Decl (D_InitVar ’’X’’ T_Int (E_Value (V_Int 42 )) (D_Block (C_Seq (C_Assign ’’X’’ (E_Plus (E_Var ’’Y’’) (E_Value (V_Int 1 )))) (C_Seq (C_Assign ’’X’’ (E_Plus (E_Var ’’X’’) (E_Value (V_Int 1 )))) (C_Assign ’’Y’’ (E_Minus (E_Var ’’Y’’) (E_Value (V_Int 1 ))))))))))" test3 = "CommTyping ( ([(’’X’’,(VarDecl M_InOut T_Int))]) ) ((C_Decl (D_InitVar ’’Y’’ T_Bool (E_Value (V_Bool false )) (D_Block (C_For ’’I’’ (E_Value (V_Int 1 )) (E_Var ’’X’’) (C_Assign ’’X’’ (E_Plus (E_Var ’’Y’’) (E_Value (V_Int 1 )))))))))" 18 ML {* Typing.test1 *} ML {* Typing.test2 *} ML {* Typing.test3 *} code_module Typing contains test1 = "CommTyping ( ([(’’R’’,(VarDecl M_Out T_Bool))]) ) ((C_Decl (D_InitVar ’’Y’’ T_Int (E_Value (V_Int 42 )) (D_Proc ’’P’’ ((’’I’’,M_InOut,T_Int) # [(’’B’’,M_Out,T_Bool)]) (D_Block (C_Assign ’’B’’ ( (E_Equal (E_Var ’’I’’) (E_Value (V_Int 1 ))) ) )) (D_Block (C_ProcCall (E_Var ’’P’’) (((E_Var ’’Y’’)) # [((E_Var ’’R’’))])))))))" test2 = "CommTyping ( ([(’’R’’,(VarDecl M_Out T_Int))]) ) ((C_Decl (D_Proc ’’Incr’’ ((’’N’’,M_In,T_Int) # [(’’R’’,M_Out,T_Int)]) (D_Block (C_Assign ’’R’’ (E_Plus (E_Var ’’N’’) (E_Value (V_Int 1 ))))) (D_Proc ’’Ack’’ ((’’M’’,M_In,T_Int) # (’’N’’,M_In,T_Int) # [(’’R’’,M_Out,T_Int)]) (D_InitVar ’’P’’ (T_Proc ((M_In,T_Int) # [(M_Out,T_Int)])) (E_Var ’’Incr’’) (D_Block (C_Seq (C_For ’’I’’ (E_Value (V_Int 1 )) (E_Var ’’M’’) (C_Decl (D_Proc ’’Aux’’ ((’’S’’,M_In,T_Int) # [(’’R’’,M_Out,T_Int)]) (D_InitVar ’’X’’ T_Int (E_Value (V_Int 0 )) (D_Block (C_Seq (C_ProcCall (E_Var ’’P’’) (((E_Value (V_Int 1 ))) # [((E_Var ’’X’’))])) (C_Seq (C_For ’’J’’ (E_Value (V_Int 1 )) (E_Var ’’S’’) (C_ProcCall (E_Var ’’P’’) (((E_Var ’’X’’)) # [((E_Var ’’X’’))]))) (C_Assign ’’R’’ (E_Var ’’X’’)))))) (D_Block (C_Assign ’’P’’ (E_Var ’’Aux’’)))))) (C_ProcCall (E_Var ’’P’’) (((E_Var ’’N’’)) # [((E_Var ’’R’’))]))))) (D_Block (C_ProcCall (E_Var ’’Ack’’) (((E_Value (V_Int 2 ))) # ((E_Value (V_Int 2 ))) # [((E_Var ’’R’’))])))))))" test24 = "CommTyping ( ([(’’R’’,(VarDecl M_Out T_Int))]) ) ((C_Decl (D_Proc ’’Comp’’ ([(’’P1’’,M_In,(T_Proc ((M_In,T_Int) # [(M_Out,T_Int)])))] @ [(’’P2’’,M_In,(T_Proc ((M_In,T_Int) # [(M_Out,T_Int)])))] @ [(’’P3’’,M_Out,(T_Proc ((M_In,T_Int) # [(M_Out,T_Int)])))]) (D_Proc ’’P’’ ((’’N’’,M_In,T_Int) # [(’’R’’,M_Out,T_Int)]) (D_InitVar ’’X’’ T_Int (E_Value (V_Int 0 )) (D_Block (C_Seq (C_ProcCall (E_Var ’’P1’’) (((E_Var ’’N’’)) # [((E_Var ’’X’’))])) (C_ProcCall (E_Var ’’P2’’) (((E_Var ’’X’’)) # [((E_Var ’’R’’))]))))) (D_Block (C_Assign ’’P3’’ (E_Var ’’P’’)))) (D_Proc ’’Incr’’ ((’’N’’,M_In,T_Int) # [(’’R’’,M_Out,T_Int)]) (D_Block (C_Assign ’’R’’ (E_Plus (E_Var ’’N’’) (E_Value (V_Int 1 ))))) (D_Proc ’’IncrN’’ ((’’M’’,M_In,T_Int) # (’’N’’,M_In,T_Int) # [(’’R’’,M_Out,T_Int)]) (D_InitVar ’’P’’ (T_Proc ((M_In,T_Int) # [(M_Out,T_Int)])) (E_Var ’’Incr’’) (D_Block (C_Seq (C_For ’’I’’ (E_Value (V_Int 1 )) (E_Var ’’N’’) (C_ProcCall (E_Var ’’Comp’’) (((E_Var ’’P’’)) # ((E_Var ’’P’’)) # [((E_Var ’’P’’))]))) (C_ProcCall (E_Var ’’P’’) (((E_Var ’’M’’)) # [((E_Var ’’R’’))]))))) (D_Block (C_ProcCall (E_Var ’’IncrN’’) (((E_Value (V_Int 3 ))) # ((E_Value (V_Int 3 ))) # [((E_Var ’’R’’))]))))))))" ML {* Typing.test1 *} ML {* Typing.test2 *} ML {* Typing.test24 *} code_module Evaluation contains test1 = "ManySteps ((C_Decl (D_InitVar ’’Y’’ T_Int (E_Value (V_Int 42 )) (D_Proc ’’P’’ ((’’I’’,M_InOut,T_Int) # [(’’B’’,M_Out,T_Bool)]) (D_Block (C_Assign ’’B’’ ( (E_Equal (E_Var ’’I’’) (E_Value (V_Int 1 ))) ) )) (D_Block (C_ProcCall (E_Var ’’P’’) (((E_Var ’’Y’’)) # [((E_Var ’’R’’))]))))))) ( ([(’’R’’,(V_Bool false ))]) ) ( 1 ) ( _ ) ( _ )" test2 = "ManySteps ((C_Decl (D_InitVar ’’Y’’ T_Int (E_Value (V_Int 42 )) (D_Proc ’’P’’ ((’’I’’,M_InOut,T_Int) # [(’’B’’,M_Out,T_Bool)]) (D_Block (C_Assign ’’B’’ ( (E_Equal (E_Var ’’I’’) (E_Value (V_Int 1 ))) ) )) (D_Block (C_ProcCall (E_Var ’’P’’) (((E_Var ’’Y’’)) # [((E_Var ’’R’’))]))))))) ( ([(’’R’’,(V_Bool false ))]) ) ( 2 ) ( _ ) ( _ )" test3 = "ManySteps ((C_Decl (D_InitVar ’’Y’’ T_Int (E_Value (V_Int 42 )) (D_Proc ’’P’’ ((’’I’’,M_In,T_Int) # [(’’B’’,M_Out,T_Bool)]) (D_Block (C_Assign ’’B’’ ( (E_Equal (E_Var ’’I’’) (E_Value (V_Int 1 ))) ) )) (D_Block (C_ProcCall (E_Var ’’P’’) (((E_Var ’’Y’’)) # [((E_Var ’’R’’))]))))))) ( ([(’’R’’,(V_Bool false ))]) ) ( 3 ) ( _ ) ( _ )" test10 = "FullEvaluation ((C_Decl (D_InitVar ’’Y’’ T_Int (E_Value (V_Int 42 )) (D_Proc ’’P’’ ((’’I’’,M_In,T_Int) # [(’’B’’,M_Out,T_Bool)]) (D_Block (C_Assign ’’B’’ ( (E_Equal (E_Var ’’I’’) (E_Value (V_Int 1 ))) ) )) (D_Block (C_ProcCall (E_Var ’’P’’) (((E_Var ’’Y’’)) # [((E_Var ’’R’’))]))))))) ( ([(’’R’’,(V_Bool true ))]) ) ( _ )" 19 test20 = "Trace ((C_Decl (D_InitVar ’’Y’’ T_Int (E_Value (V_Int 42 )) (D_Proc ’’P’’ ((’’I’’,M_In,T_Int) # [(’’B’’,M_Out,T_Bool)]) (D_Block (C_Assign ’’B’’ ( (E_Equal (E_Var ’’I’’) (E_Value (V_Int 1 ))) ) )) (D_Block (C_ProcCall (E_Var ’’P’’) (((E_Var ’’Y’’)) # [((E_Var ’’R’’))]))))))) ( ([(’’R’’,(V_Bool false ))]) ) ( 20 ) ( _ )" test24 = "FullEvaluation ((C_Decl (D_Proc ’’Incr’’ ((’’N’’,M_In,T_Int) # [(’’R’’,M_Out,T_Int)]) (D_Block (C_Assign ’’R’’ (E_Plus (E_Var ’’N’’) (E_Value (V_Int 1 ))))) (D_Proc ’’Plus’’ ((’’M’’,M_In,T_Int) # (’’N’’,M_In,T_Int) # [(’’R’’,M_Out,T_Int)]) (D_InitVar ’’X’’ T_Int (E_Var ’’M’’) (D_Block (C_Seq (C_For ’’I’’ (E_Value (V_Int 1 )) (E_Var ’’N’’) (C_ProcCall (E_Var ’’Incr’’) (((E_Var ’’X’’)) # [((E_Var ’’X’’))]))) (C_Assign ’’R’’ (E_Var ’’X’’))))) (D_Block (C_ProcCall (E_Var ’’Plus’’) (((E_Value (V_Int 3 ))) # ((E_Value (V_Int 5 ))) # [((E_Var ’’R’’))]))))))) ( ([(’’R’’,(V_Int 0 ))]) ) ( _ )" test25 = "FullEvaluation ((C_Decl (D_Proc ’’Comp’’ ([(’’P1’’,M_In,(T_Proc ((M_In,T_Int) # [(M_Out,T_Int)])))] @ [(’’P2’’,M_In,(T_Proc ((M_In,T_Int) # [(M_Out,T_Int)])))] @ [(’’P3’’,M_Out,(T_Proc ((M_In,T_Int) # [(M_Out,T_Int)])))]) (D_Proc ’’P’’ ((’’N’’,M_In,T_Int) # [(’’R’’,M_Out,T_Int)]) (D_InitVar ’’X’’ T_Int (E_Value (V_Int 0 )) (D_Block (C_Seq (C_ProcCall (E_Var ’’P1’’) (((E_Var ’’N’’)) # [((E_Var ’’X’’))])) (C_ProcCall (E_Var ’’P2’’) (((E_Var ’’X’’)) # [((E_Var ’’R’’))]))))) (D_Block (C_Assign ’’P3’’ (E_Var ’’P’’)))) (D_Proc ’’Incr’’ ((’’N’’,M_In,T_Int) # [(’’R’’,M_Out,T_Int)]) (D_Block (C_Assign ’’R’’ (E_Plus (E_Var ’’N’’) (E_Value (V_Int 1 ))))) (D_Proc ’’IncrN’’ ((’’M’’,M_In,T_Int) # (’’N’’,M_In,T_Int) # [(’’R’’,M_Out,T_Int)]) (D_InitVar ’’P’’ (T_Proc ((M_In,T_Int) # [(M_Out,T_Int)])) (E_Var ’’Incr’’) (D_Block (C_Seq (C_For ’’I’’ (E_Value (V_Int 1 )) (E_Var ’’N’’) (C_ProcCall (E_Var ’’Comp’’) (((E_Var ’’P’’)) # ((E_Var ’’P’’)) # [((E_Var ’’P’’))]))) (C_ProcCall (E_Var ’’P’’) (((E_Var ’’M’’)) # [((E_Var ’’R’’))]))))) (D_Block (C_ProcCall (E_Var ’’IncrN’’) (((E_Value (V_Int 3 ))) # ((E_Value (V_Int 3 ))) # [((E_Var ’’R’’))])))))))) ( ([(’’R’’,(V_Int 0 ))]) ) ( _ )" test30 = "FullEvaluation ((C_Decl (D_Proc ’’Incr’’ ((’’N’’,M_In,T_Int) # [(’’R’’,M_Out,T_Int)]) (D_Block (C_Assign ’’R’’ (E_Plus (E_Var ’’N’’) (E_Value (V_Int 1 ))))) (D_Proc ’’Ack’’ ((’’M’’,M_In,T_Int) # (’’N’’,M_In,T_Int) # [(’’R’’,M_Out,T_Int)]) (D_InitVar ’’P’’ (T_Proc ((M_In,T_Int) # [(M_Out,T_Int)])) (E_Var ’’Incr’’) (D_Block (C_Seq (C_For ’’I’’ (E_Value (V_Int 1 )) (E_Var ’’M’’) (C_Decl (D_Constant ’’Q’’ (T_Proc ((M_In,T_Int) # [(M_Out,T_Int)])) (E_Var ’’P’’) (D_Proc ’’Aux’’ ((’’S’’,M_In,T_Int) # [(’’R’’,M_Out,T_Int)]) (D_InitVar ’’X’’ T_Int (E_Value (V_Int 0 )) (D_Block (C_Seq (C_ProcCall (E_Var ’’Q’’) (((E_Value (V_Int 1 ))) # [((E_Var ’’X’’))])) (C_Seq (C_For ’’J’’ (E_Value (V_Int 1 )) (E_Var ’’S’’) (C_ProcCall (E_Var ’’Q’’) (((E_Var ’’X’’)) # [((E_Var ’’X’’))]))) (C_Assign ’’R’’ (E_Var ’’X’’)))))) (D_Block (C_Assign ’’P’’ (E_Var ’’Aux’’))))))) (C_ProcCall (E_Var ’’P’’) (((E_Var ’’N’’)) # [((E_Var ’’R’’))]))))) (D_Block (C_ProcCall (E_Var ’’Ack’’) (((E_Value (V_Int 3 ))) # ((E_Value (V_Int 2 ))) # [((E_Var ’’R’’))]))))))) ( ([(’’R’’,(V_Int 0 ))]) ) ( _ )" ML {* print_depth 1000 *} ML {* DSeq.hd Evaluation.test24 *} ML {* DSeq.hd Evaluation.test25 *} ML {* DSeq.hd Evaluation.test30 *} ML {* val trace = DSeq.hd Evaluation.test24 *} ML {* List.nth (trace, 0) *} ML {* List.nth (trace, 1) *} ML {* List.nth (trace, 2) *} end 20 References [BN02] S. Berghofer and T. Nipko w. Executing higher order logic. In In Pr o c. TYPES Working Gr oup A nnual Me eting 2000, LNCS , pages 24–40. Springer-V erlag, 2002. [CPV09] T. Crolard, E. Polono wski, and P . V alarcher. Extending the loop language with higher-order procedural v ariables. Sp e cial issue of ACM TOCL on Implicit Computational Complexity , 10(4):1–37, 2009. [NPW02] T. Nipko w, L. C. Paulson, and M. W enzel. Isab el le/HOL: a pr o of assistant for higher-or der lo gic . Springer, 2002. [SNO + 07] P . Sewell, F. Zappa Nardelli, S. Owens, G. Peskine, T. Ridge, S. Sark ar, and R. Strni ˇ sa. Ott: effectiv e to ol supp ort for the working semanticist. SIGPLAN Not. , 42(9):1–12, 2007. 21