A coinductive semantics of the Unlimited Register Machine

We exploit (co)inductive specifications and proofs to approach the evaluation of low-level programs for the Unlimited Register Machine (URM) within the Coq system, a proof assistant based on the Calculus of (Co)Inductive Constructions type theory. Our formalization allows us to certify the implementation of partial functions, thus it can be regarded as a first step towards the development of a workbench for the formal analysis and verification of both converging and diverging computations.

💡 Research Summary

The paper presents a formalization of the Unlimited Register Machine (URM) within the Coq proof assistant, exploiting Coq’s support for coinductive types and guarded corecursion. The authors begin by motivating the need for a coinductive approach: URM programs are low‑level, assembly‑like sequences that can either terminate (converge) or run forever (diverge), which requires reasoning about infinite state spaces.

Section 2 introduces the theoretical background of coinduction in the Calculus of (Co)Inductive Constructions (CC(Co)Ind). The authors explain how infinite objects such as streams are represented by coinductive types, the necessity of the strict positivity condition for constructors, and the guardedness requirement that every corecursive call be preceded by a constructor. They illustrate the use of Coq’s cofix tactic to build infinite proofs, using a bisimulation relation (≈) on streams as a running example. The example demonstrates that a stream can be decomposed into its odd and even subsequences, merged back, and shown to be bisimilar to the original stream, all within a guarded coinductive proof.

In Section 3 the URM itself is encoded. Registers are modeled as an infinite family indexed by natural numbers, each holding a natural value. The four URM instructions—Zero (Z), Successor (S), Transfer (T), and Jump (J)—are defined as an inductive datatype Inst. A program is a finite non‑empty list of instructions (Pgm). Two representations of machine configurations are provided: a finite list (Cgn) that captures only the registers actually accessed by a given program, and an infinite stream (Cgn∞) that models the full infinite register tape. The authors define a “standard form” constraint on programs, requiring that every jump target be within the program’s length, and a compatibility relation between a program and a configuration, ensuring that all referenced register indices exist in the configuration.

Section 4 develops the operational semantics as a coinductive relation abstract_computation. The relation describes a single step of execution for each instruction type, updating the register mapping and the program counter. Because the relation is coinductive, it can describe both finite execution traces (which reach a configuration where the program counter points past the last instruction) and infinite traces (where the relation can be unfolded indefinitely). The semantics therefore captures both convergence (P (r₁,…,r_m) ↓ r) and divergence (P (r₁,…,r_m) ↑).

The authors illustrate the framework with two case studies. First, they formalize a program that adds the contents of two registers and stores the result in a third, then prove, using coinductive reasoning, that for any initial configuration the computation converges and the result is correct. Second, they construct a program that implements an infinite loop via a self‑jump and prove, again coinductively, that the corresponding execution diverges. These examples demonstrate that the same Coq development can certify both terminating and non‑terminating behaviours of URM programs.

The paper concludes by discussing current limitations of Coq’s guarded corecursion (e.g., difficulty handling non‑guarded recursion) and points to ongoing research aimed at extending the expressive power of coinductive definitions. The authors argue that their work constitutes a first step toward a verification workbench for low‑level, potentially infinite‑state computations, with potential applications in education (students can experiment with coinductive proofs on a concrete machine model), program transformation verification (type‑checkers, interpreters, compilers), and broader studies of infinite‑state systems.