gabriel draft sent
This commit is contained in:
parent
f26f4b7a0a
commit
048affd516
5 changed files with 1060 additions and 32 deletions
354
tesi/gabriel/part4.org
Normal file
354
tesi/gabriel/part4.org
Normal file
|
@ -0,0 +1,354 @@
|
||||||
|
# Add headers to export only this section
|
||||||
|
* Correctness of the algorithm
|
||||||
|
Running a program tₛ or its translation 〚tₛ〛 against an input vₛ
|
||||||
|
produces as a result /r/ in the following way:
|
||||||
|
| ( 〚tₛ〛ₛ(vₛ) = Cₛ(vₛ) ) → r
|
||||||
|
| tₛ(vₛ) → r
|
||||||
|
Likewise
|
||||||
|
| ( 〚tₜ〛ₜ(vₜ) = Cₜ(vₜ) ) → r
|
||||||
|
| tₜ(vₜ) → r
|
||||||
|
where result r ::= guard list * (Match blackbox | NoMatch | Absurd)
|
||||||
|
and guard ::= blackbox.
|
||||||
|
|
||||||
|
Having defined equivalence between two inputs of which one is
|
||||||
|
expressed in the source language and the other in the target language
|
||||||
|
vₛ ≃ vₜ (TODO define, this talks about the representation of source values in the target)
|
||||||
|
|
||||||
|
we can define the equivalence between a couple of programs or a couple
|
||||||
|
of decision trees
|
||||||
|
| tₛ ≃ tₜ := ∀vₛ≃vₜ, tₛ(vₛ) = tₜ(vₜ)
|
||||||
|
| Cₛ ≃ Cₜ := ∀vₛ≃vₜ, Cₛ(vₛ) = Cₜ(vₜ)
|
||||||
|
|
||||||
|
The proposed equivalence algorithm that works on a couple of
|
||||||
|
decision trees is returns either /Yes/ or /No(vₛ, vₜ)/ where vₛ and
|
||||||
|
vₜ are a couple of possible counter examples for which the constraint
|
||||||
|
trees produce a different result.
|
||||||
|
|
||||||
|
** Statements
|
||||||
|
Theorem. We say that a translation of a source program to a decision tree
|
||||||
|
is correct when for every possible input, the source program and its
|
||||||
|
respective decision tree produces the same result
|
||||||
|
|
||||||
|
| ∀vₛ, tₛ(vₛ) = 〚tₛ〛ₛ(vₛ)
|
||||||
|
|
||||||
|
|
||||||
|
Likewise, for the target language:
|
||||||
|
|
||||||
|
| ∀vₜ, tₜ(vₜ) = 〚tₜ〛ₜ(vₜ)
|
||||||
|
|
||||||
|
Definition: in the presence of guards we can say that two results are
|
||||||
|
equivalent modulo the guards queue, written /r₁ ≃gs r₂/, when:
|
||||||
|
| (gs₁, r₁) ≃gs (gs₂, r₂) ⇔ (gs₁, r₁) = (gs₂ ++ gs, r₂)
|
||||||
|
|
||||||
|
Definition: we say that Cₜ covers the input space /S/, written
|
||||||
|
/covers(Cₜ, S) when every value vₛ∈S is a valid input to the
|
||||||
|
decision tree Cₜ. (TODO: rephrase)
|
||||||
|
|
||||||
|
Theorem: Given an input space /S/ and a couple of decision trees, where
|
||||||
|
the target decision tree Cₜ covers the input space /S/, we say that
|
||||||
|
the two decision trees are equivalent when:
|
||||||
|
|
||||||
|
| equiv(S, Cₛ, Cₜ, gs) = Yes ∧ covers(Cₜ, S) → ∀vₛ≃vₜ ∈ S, Cₛ(vₛ) ≃gs Cₜ(vₜ)
|
||||||
|
|
||||||
|
Similarly we say that a couple of decision trees in the presence of
|
||||||
|
an input space /S/ are /not/ equivalent when:
|
||||||
|
|
||||||
|
| equiv(S, Cₛ, Cₜ, gs) = No(vₛ,vₜ) ∧ covers(Cₜ, S) → vₛ≃vₜ ∈ S ∧ Cₛ(vₛ) ≠gs Cₜ(vₜ)
|
||||||
|
|
||||||
|
Corollary: For a full input space /S/, that is the universe of the
|
||||||
|
target program we say:
|
||||||
|
|
||||||
|
| equiv(S, 〚tₛ〛ₛ, 〚tₜ〛ₜ, ∅) = Yes ⇔ tₛ ≃ tₜ
|
||||||
|
|
||||||
|
|
||||||
|
*** Proof of the correctness of the translation from source programs to source decision trees
|
||||||
|
|
||||||
|
We define a source term tₛ as a collection of patterns pointing to blackboxes
|
||||||
|
| tₛ ::= (p → bb)^{i∈I}
|
||||||
|
|
||||||
|
A pattern is defined as either a constructor pattern, an or pattern or
|
||||||
|
a constant pattern
|
||||||
|
| p ::= | K(pᵢ)ⁱ, i ∈ I | (p|q) | n ∈ ℕ
|
||||||
|
|
||||||
|
A decision tree is defined as either a Leaf, a Failure terminal or
|
||||||
|
an intermediate node with different children sharing the same accessor /a/
|
||||||
|
and an optional fallback.
|
||||||
|
Failure is emitted only when the patterns don't cover the whole set of
|
||||||
|
possible input values /S/. The fallback is not needed when the user
|
||||||
|
doesn't use a wildcard pattern.
|
||||||
|
%%% Give example of thing
|
||||||
|
|
||||||
|
| Cₛ ::= Leaf bb | Node(a, (Kᵢ → Cᵢ)^{i∈S} , C?)
|
||||||
|
| a ::= Here | n.a
|
||||||
|
| vₛ ::= K(vᵢ)^{i∈I} | n ∈ ℕ
|
||||||
|
|
||||||
|
\begin{comment}
|
||||||
|
Are K and Here clear here?
|
||||||
|
\end{comment}
|
||||||
|
|
||||||
|
We define the decomposition matrix /mₛ/ as
|
||||||
|
| SMatrix mₛ := (aⱼ)^{j∈J}, ((p_{ij})^{j∈J} → bbᵢ)^{i∈I}
|
||||||
|
\begin{comment}
|
||||||
|
Correggi prendendo in considerazione l'accessor
|
||||||
|
\end{comment}
|
||||||
|
|
||||||
|
We define the decision tree of source programs
|
||||||
|
〚tₛ〛
|
||||||
|
in terms of the decision tree of pattern matrices
|
||||||
|
〚mₛ〛
|
||||||
|
by the following:
|
||||||
|
〚((pᵢ → bbᵢ)^{i∈I}〛 := 〚(Root), (pᵢ → bbᵢ)^{i∈I} 〛
|
||||||
|
|
||||||
|
decision tree computed from pattern matrices respect the following invariant:
|
||||||
|
| ∀v (vᵢ)^{i∈I} = v(aᵢ)^{i∈I} → 〚m〛(v) = m(vᵢ)^{i∈I} for m = ((aᵢ)^{i∈I}, (rᵢ)^{i∈I})
|
||||||
|
where
|
||||||
|
| v(Here) = v
|
||||||
|
| K(vᵢ)ⁱ(k.a) = vₖ(a) if k ∈ [0;n[
|
||||||
|
\begin{comment}
|
||||||
|
TODO: EXPLAIN
|
||||||
|
\end{comment}
|
||||||
|
|
||||||
|
We proceed to show the correctness of the invariant by a case
|
||||||
|
analysys.
|
||||||
|
|
||||||
|
Base cases:
|
||||||
|
1. [| ∅, (∅ → bbᵢ)ⁱ |] := Leaf bbᵢ where i := min(I), that is a
|
||||||
|
decision tree [|ms|] defined by an empty accessor and empty
|
||||||
|
patterns pointing to blackboxes /bbᵢ/. This respects the invariant
|
||||||
|
because a decomposition matrix in the case of empty rows returns
|
||||||
|
the first expression and we known that (Leaf bb)(v) := Match bb
|
||||||
|
2. [| (aⱼ)ʲ, ∅ |] := Failure
|
||||||
|
|
||||||
|
Regarding non base cases:
|
||||||
|
Let's first define
|
||||||
|
| let Idx(k) := [0; arity(k)[
|
||||||
|
| let First(∅) := ⊥
|
||||||
|
| let First((aⱼ)ʲ) := a_{min(j∈J≠∅)}
|
||||||
|
\[
|
||||||
|
m := ((a_i)^i ((p_{ij})^i \to e_j)^{ij})
|
||||||
|
\]
|
||||||
|
\[
|
||||||
|
(k_k)^k := headconstructor(p_{i0})^i
|
||||||
|
\]
|
||||||
|
\begin{equation}
|
||||||
|
Groups(m) := ( k_k \to ((a)_{0.l})^{l \in Idx(k_k)} +++ (a_i)^{i \in I\backslash \{0\} }), \\
|
||||||
|
( if p_{0j} is k(q_l) then \\
|
||||||
|
(qₗ)^{l \in Idx(k_k)} +++ (p_{ij})^{i \in I\backslash \{0\}} \to e_j \\
|
||||||
|
if p_{0j} is \_ then \\
|
||||||
|
(\_)^{l \in Idx(k_k)} +++ (p_{ij})^{i \in I\backslash \{0\}} \to e_j \\
|
||||||
|
else \bot )^j ), \\
|
||||||
|
((a_i)^{i \in I\backslash \{0\}}, ((p_{ij})^{i \in I\backslash \{0\}} \to eⱼ if p_{0j} is \_ else \bot)^{j \in J})
|
||||||
|
\end{equation}
|
||||||
|
|
||||||
|
Groups(m) is an auxiliary function that decomposes a matrix m into
|
||||||
|
submatrices, according to the head constructor of their first pattern.
|
||||||
|
Groups(m) returns one submatrix m_r for each head constructor k that
|
||||||
|
occurs on the first row of m, plus one "wildcard submatrix" m_{wild}
|
||||||
|
that matches on all values that do not start with one of those head
|
||||||
|
constructors.
|
||||||
|
|
||||||
|
Intuitively, m is equivalent to its decompositionin the following
|
||||||
|
sense: if the first pattern of an input vector (v_i)^i starts with one
|
||||||
|
of the head constructors k, then running (v_i)^i against m is the same
|
||||||
|
as running it against the submatrix m_k; otherwise (its head
|
||||||
|
constructor is none of the k) it is equivalent to running it against
|
||||||
|
the wildcard submatrix.
|
||||||
|
|
||||||
|
We formalize this intuition as follows:
|
||||||
|
Lemma (Groups):
|
||||||
|
Let \[m\] be a matrix with \[Groups(m) = (k_r \to m_r)^k, m_{wild}\].
|
||||||
|
For any value vector \[(v_i)^l\] such that \[v_0 = k(v'_l)^l\] for some
|
||||||
|
constructor k,
|
||||||
|
we have:
|
||||||
|
\[
|
||||||
|
if k = kₖ for some k then
|
||||||
|
m(vᵢ)ⁱ = mₖ((v'ₗ)ˡ +++ (vᵢ)^{i∈I\backslash \{0\}})
|
||||||
|
else
|
||||||
|
m(vᵢ)ⁱ = m_{wild}(vᵢ)^{i∈I\backslash \{0\}}
|
||||||
|
\]
|
||||||
|
|
||||||
|
*** Proof:
|
||||||
|
Let \[m\] be a matrix with \[Group(m) = (k_r \to m_r)^k, m_{wild}\].
|
||||||
|
Let \[(v_i)^i\] be an input matrix with \[v_0 = k(v'_l)^l\] for some k.
|
||||||
|
We proceed by case analysis:
|
||||||
|
- either k is one of the kₖ for some k
|
||||||
|
- or k is none of the (kₖ)ᵏ
|
||||||
|
|
||||||
|
Both m(vᵢ)ⁱ and mₖ(vₖ)ᵏ are defined as the first matching result of
|
||||||
|
a family over each row rⱼ of a matrix
|
||||||
|
|
||||||
|
We know, from the definition of
|
||||||
|
Groups(m), that mₖ is
|
||||||
|
\[
|
||||||
|
((a){0.l})^{l∈Idx(kₖ)} +++ (aᵢ)^{i∈I\backslash \{0\}}),
|
||||||
|
(
|
||||||
|
if p_{0j} is k(qₗ) then
|
||||||
|
(qₗ)ˡ +++ (p_{ij})^{i∈I\backslash \{0\}} → eⱼ
|
||||||
|
if p_{0j} is _ then
|
||||||
|
(_)ˡ +++ (p_{ij})^{i∈I\backslash \{0\}} → eⱼ
|
||||||
|
else ⊥
|
||||||
|
)ʲ
|
||||||
|
\]
|
||||||
|
|
||||||
|
By definition, m(vᵢ)ⁱ is
|
||||||
|
m(vᵢ)ⁱ = First(rⱼ(vᵢ)ⁱ)ʲ for m = ((aᵢ)ⁱ, (rⱼ)ʲ)
|
||||||
|
(pᵢ)ⁱ (vᵢ)ⁱ = {
|
||||||
|
if p₀ = k(qₗ)ˡ, v₀ = k'(v'ₖ)ᵏ, k=Idx(k') and l=Idx(k)
|
||||||
|
if k ≠ k' then ⊥
|
||||||
|
if k = k' then ((qₗ)ˡ +++ (pᵢ)^{i∈I\backslash \{0\}}) ((v'ₖ)ᵏ +++ (vᵢ)^{i∈I\backslash \{0\}})
|
||||||
|
if p₀ = (q₁|q₂) then
|
||||||
|
First( (q₁pᵢ^{i∈I \backslash \{0\}}) vᵢ^{i∈I \backslash \{0\}}, (q₂pᵢ^{i∈I \backslash \{0\}}) vᵢ^{i∈I \backslash \{0\}} )
|
||||||
|
}
|
||||||
|
|
||||||
|
For this reason, if we can prove that
|
||||||
|
| ∀j, rⱼ(vᵢ)ⁱ = r'ⱼ((v'ₖ)ᵏ ++ (vᵢ)ⁱ)
|
||||||
|
it follows that
|
||||||
|
| m(vᵢ)ⁱ = mₖ((v'ₖ)ᵏ ++ (vᵢ)ⁱ)
|
||||||
|
from the above definition.
|
||||||
|
|
||||||
|
We can also show that aᵢ = a_{0.l}ˡ +++ a_{i∈I\backslash \{0\}} because v(a₀) = K(v(a){0.l})ˡ)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
** Proof of equivalence checking
|
||||||
|
\begin{comment}
|
||||||
|
TODO: put ^i∈I where needed
|
||||||
|
\end{comment}
|
||||||
|
\subsubsection{The trimming lemma}
|
||||||
|
The trimming lemma allows to reduce the size of a decision tree given
|
||||||
|
an accessor → π relation (TODO: expand)
|
||||||
|
| ∀vₜ ∈ (a→π), Cₜ(vₜ) = C_{t/a→π(kᵢ)}(vₜ)
|
||||||
|
We prove this by induction on Cₜ:
|
||||||
|
a. Cₜ = Leaf_{bb}: when the decision tree is a leaf terminal, we
|
||||||
|
know that
|
||||||
|
| Leaf_{bb/a→π}(v) = Leaf_{bb}(v)
|
||||||
|
That means that the result of trimming on a Leaf is the Leaf itself
|
||||||
|
b. The same applies to Failure terminal
|
||||||
|
| Failure_{/a→π}(v) = Failure(v)
|
||||||
|
c. When Cₜ = Node(b, (π→Cᵢ)ⁱ)_{/a→π} then
|
||||||
|
we look at the accessor /a/ of the subtree Cᵢ and
|
||||||
|
we define πᵢ' = πᵢ if a≠b else πᵢ∩π
|
||||||
|
Trimming a switch node yields the following result:
|
||||||
|
| Node(b, (π→Cᵢ)ⁱ)_{/a→π} := Node(b, (π'ᵢ→C_{i/a→π})ⁱ)
|
||||||
|
|
||||||
|
\begin{comment}
|
||||||
|
Actually in the proof.org file I transcribed:
|
||||||
|
e. Unreachabe → ⊥
|
||||||
|
This is not correct because you don't have Unreachable nodes in target decision trees
|
||||||
|
\end{comment}
|
||||||
|
|
||||||
|
For the trimming lemma we have to prove that running the value vₜ against
|
||||||
|
the decistion tree Cₜ is the same as running vₜ against the tree
|
||||||
|
C_{trim} that is the result of the trimming operation on Cₜ
|
||||||
|
| Cₜ(vₜ) = C_{trim}(vₜ) = Node(b, (πᵢ'→C_{i/a→π})ⁱ)(vₜ)
|
||||||
|
We can reason by first noting that when vₜ∉(b→πᵢ)ⁱ the node must be a Failure node.
|
||||||
|
In the case where ∃k| vₜ∈(b→πₖ) then we can prove that
|
||||||
|
| C_{k/a→π}(vₜ) = Node(b, (πᵢ'→C_{i/a→π})ⁱ)(vₜ)
|
||||||
|
because when a ≠ b then πₖ'= πₖ and this means that vₜ∈πₖ'
|
||||||
|
while when a = b then πₖ'=(πₖ∩π) and vt∈πₖ' because:
|
||||||
|
- by the hypothesis, vₜ∈π
|
||||||
|
- we are in the case where vₜ∈πₖ
|
||||||
|
So vₜ ∈ πₖ' and by induction
|
||||||
|
| Cₖ(vₜ) = C_{k/a→π}(vₜ)
|
||||||
|
We also know that ∀vₜ∈(b→πₖ) → Cₜ(vₜ) = Cₖ(vₜ)
|
||||||
|
By putting together the last two steps, we have proven the trimming
|
||||||
|
lemma.
|
||||||
|
|
||||||
|
\begin{comment}
|
||||||
|
TODO: what should I say about covering??? I swap π and π'
|
||||||
|
Covering lemma:
|
||||||
|
∀a,π covers(Cₜ,S) → covers(C_{t/a→π}, (S∩a→π))
|
||||||
|
Uᵢπⁱ ≈ Uᵢπ'∩(a→π) ≈ (Uᵢπ')∩(a→π) %%
|
||||||
|
|
||||||
|
|
||||||
|
%%%%%%% Also: Should I swap π and π' ?
|
||||||
|
\end{comment}
|
||||||
|
|
||||||
|
\subsubsection{Equivalence checking}
|
||||||
|
The equivalence checking algorithm takes as parameters an input space
|
||||||
|
/S/, a source decision tree /Cₛ/ and a target decision tree /Cₜ/:
|
||||||
|
| equiv(S, Cₛ, Cₜ) → Yes | No(vₛ, vₜ)
|
||||||
|
|
||||||
|
When the algorithm returns Yes and the input space is covered by /Cₛ/
|
||||||
|
we can say that the couple of decision trees are the same for
|
||||||
|
every couple of source value /vₛ/ and target value /vₜ/ that are equivalent.
|
||||||
|
\begin{comment}
|
||||||
|
Define "covered"
|
||||||
|
Is it correct to say the same? How to correctly distinguish in words ≃ and = ?
|
||||||
|
\end{comment}
|
||||||
|
| equiv(S, Cₛ, Cₜ) = Yes and cover(Cₜ, S) → ∀ vₛ ≃ vₜ∈S ∧ Cₛ(vₛ) = Cₜ(vₜ)
|
||||||
|
In the case where the algorithm returns No we have at least a couple
|
||||||
|
of counter example values vₛ and vₜ for which the two decision trees
|
||||||
|
outputs a different result.
|
||||||
|
| equiv(S, Cₛ, Cₜ) = No(vₛ,vₜ) and cover(Cₜ, S) → ∀ vₛ ≃ vₜ∈S ∧ Cₛ(vₛ) ≠ Cₜ(vₜ)
|
||||||
|
|
||||||
|
We define the following
|
||||||
|
| Forall(Yes) = Yes
|
||||||
|
| Forall(Yes::l) = Forall(l)
|
||||||
|
| Forall(No(vₛ,vₜ)::_) = No(vₛ,vₜ)
|
||||||
|
There exists and are injective:
|
||||||
|
| int(k) ∈ ℕ (arity(k) = 0)
|
||||||
|
| tag(k) ∈ ℕ (arity(k) > 0)
|
||||||
|
| π(k) = {n\vert int(k) = n} x {n\vert tag(k) = n}
|
||||||
|
where k is a constructor.
|
||||||
|
|
||||||
|
\begin{comment}
|
||||||
|
TODO: explain:
|
||||||
|
∀v∈a→π, C_{/a→π}(v) = C(v)
|
||||||
|
\end{comment}
|
||||||
|
|
||||||
|
We proceed by case analysis:
|
||||||
|
\begin{comment}
|
||||||
|
I start numbering from zero to leave the numbers as they were on the blackboard, were we skipped some things
|
||||||
|
I think the unreachable case should go at the end.
|
||||||
|
\end{comment}
|
||||||
|
0. in case of unreachable:
|
||||||
|
| Cₛ(vₛ) = Absurd(Unreachable) ≠ Cₜ(vₜ) ∀vₛ,vₜ
|
||||||
|
1. In the case of an empty input space
|
||||||
|
| equiv(∅, Cₛ, Cₜ) := Yes
|
||||||
|
and that is trivial to prove because there is no pair of values (vₛ, vₜ) that could be
|
||||||
|
tested against the decision trees.
|
||||||
|
In the other subcases S is always non-empty.
|
||||||
|
2. When there are /Failure/ nodes at both sides the result is /Yes/:
|
||||||
|
|equiv(S, Failure, Failure) := Yes
|
||||||
|
Given that ∀v, Failure(v) = Failure, the statement holds.
|
||||||
|
3. When we have a Leaf or a Failure at the left side:
|
||||||
|
| equiv(S, Failure as Cₛ, Node(a, (πᵢ → Cₜᵢ)ⁱ)) := Forall(equiv( S∩a→π(kᵢ)), Cₛ, Cₜᵢ)ⁱ)
|
||||||
|
| equiv(S, Leaf bbₛ as Cₛ, Node(a, (πᵢ → Cₜᵢ)ⁱ)) := Forall(equiv( S∩a→π(kᵢ)), Cₛ, Cₜᵢ)ⁱ)
|
||||||
|
The algorithm either returns Yes for every sub-input space Sᵢ := S∩(a→π(kᵢ)) and
|
||||||
|
subtree Cₜᵢ
|
||||||
|
| equiv(Sᵢ, Cₛ, Cₜᵢ) = Yes ∀i
|
||||||
|
or we have a counter example vₛ, vₜ for which
|
||||||
|
| vₛ≃vₜ∈Sₖ ∧ cₛ(vₛ) ≠ Cₜₖ(vₜ)
|
||||||
|
then because
|
||||||
|
| vₜ∈(a→πₖ) → Cₜ(vₜ) = Cₜₖ(vₜ) ,
|
||||||
|
| vₛ≃vₜ∈S ∧ Cₛ(vₛ)≠Cₜ(vₜ)
|
||||||
|
we can say that
|
||||||
|
| equiv(Sᵢ, Cₛ, Cₜᵢ) = No(vₛ, vₜ) for some minimal k∈I
|
||||||
|
4. When we have a Node on the right we define πₙ as the domain of
|
||||||
|
values not covered but the union of the constructors kᵢ
|
||||||
|
| πₙ = ¬(⋃π(kᵢ)ⁱ)
|
||||||
|
The algorithm proceeds by trimming
|
||||||
|
| equiv(S, Node(a, (kᵢ → Cₛᵢ)ⁱ, C_{sf}), Cₜ) :=
|
||||||
|
| Forall(equiv( S∩(a→π(kᵢ)ⁱ), Cₛᵢ, C_{t/a→π(kᵢ)})ⁱ +++ equiv(S∩(a→π(kᵢ)), Cₛ, C_{a→πₙ}))
|
||||||
|
The statement still holds and we show this by first analyzing the
|
||||||
|
/Yes/ case:
|
||||||
|
| Forall(equiv( S∩(a→π(kᵢ)ⁱ), Cₛᵢ, C_{t/a→π(kᵢ)})ⁱ = Yes
|
||||||
|
The constructor k is either included in the set of constructors kᵢ:
|
||||||
|
| k \vert k∈(kᵢ)ⁱ ∧ Cₛ(vₛ) = Cₛᵢ(vₛ)
|
||||||
|
We also know that
|
||||||
|
| (1) Cₛᵢ(vₛ) = C_{t/a→πᵢ}(vₜ)
|
||||||
|
| (2) C_{T/a→πᵢ}(vₜ) = Cₜ(vₜ)
|
||||||
|
(1) is true by induction and (2) is a consequence of the trimming lemma.
|
||||||
|
Putting everything together:
|
||||||
|
| Cₛ(vₛ) = Cₛᵢ(vₛ) = C_{T/a→πᵢ}(vₜ) = Cₜ(vₜ)
|
||||||
|
|
||||||
|
When the k∉(kᵢ)ⁱ [TODO]
|
||||||
|
|
||||||
|
The auxiliary Forall function returns /No(vₛ, vₜ)/ when, for a minimum k,
|
||||||
|
| equiv(Sₖ, Cₛₖ, C_{T/a→πₖ} = No(vₛ, vₜ)
|
||||||
|
Then we can say that
|
||||||
|
| Cₛₖ(vₛ) ≠ C_{t/a→πₖ}(vₜ)
|
||||||
|
that is enough for proving that
|
||||||
|
| Cₛₖ(vₛ) ≠ (C_{t/a→πₖ}(vₜ) = Cₜ(vₜ))
|
BIN
tesi/gabriel/part4.pdf
Normal file
BIN
tesi/gabriel/part4.pdf
Normal file
Binary file not shown.
659
tesi/gabriel/part4.tex
Normal file
659
tesi/gabriel/part4.tex
Normal file
|
@ -0,0 +1,659 @@
|
||||||
|
% Created 2020-04-09 Thu 01:36
|
||||||
|
% Intended LaTeX compiler: pdflatex
|
||||||
|
\documentclass[11pt]{article}
|
||||||
|
\usepackage[utf8]{inputenc}
|
||||||
|
\usepackage[T1]{fontenc}
|
||||||
|
\usepackage{graphicx}
|
||||||
|
\usepackage{grffile}
|
||||||
|
\usepackage{longtable}
|
||||||
|
\usepackage{wrapfig}
|
||||||
|
\usepackage{rotating}
|
||||||
|
\usepackage[normalem]{ulem}
|
||||||
|
\usepackage{amsmath}
|
||||||
|
\usepackage{textcomp}
|
||||||
|
\usepackage{amssymb}
|
||||||
|
\usepackage{capt-of}
|
||||||
|
\usepackage{hyperref}
|
||||||
|
\linespread{1.25}
|
||||||
|
\usepackage{algorithm}
|
||||||
|
\usepackage{comment}
|
||||||
|
\usepackage{algpseudocode}
|
||||||
|
\usepackage{amsmath,amssymb,amsthm}
|
||||||
|
\newtheorem{definition}{Definition}
|
||||||
|
\usepackage{mathpartir}
|
||||||
|
\usepackage{graphicx}
|
||||||
|
\usepackage{listings}
|
||||||
|
\usepackage{color}
|
||||||
|
\usepackage{stmaryrd}
|
||||||
|
\newcommand{\semTEX}[1]{{\llbracket{#1}\rrbracket}}
|
||||||
|
\newcommand{\EquivTEX}[3]{\mathsf{equiv}(#1, #2, #3)} % \equiv is already taken
|
||||||
|
\newcommand{\coversTEX}[2]{#1 \mathrel{\mathsf{covers}} #2}
|
||||||
|
\newcommand{\YesTEX}{\mathsf{Yes}}
|
||||||
|
\newcommand{\NoTEX}[2]{\mathsf{No}(#1, #2)}
|
||||||
|
\usepackage{comment}
|
||||||
|
\usepackage{mathpartir}
|
||||||
|
\usepackage{stmaryrd} % llbracket, rrbracket
|
||||||
|
\usepackage{listings}
|
||||||
|
\usepackage{notations}
|
||||||
|
\lstset{
|
||||||
|
mathescape=true,
|
||||||
|
language=[Objective]{Caml},
|
||||||
|
basicstyle=\ttfamily,
|
||||||
|
extendedchars=true,
|
||||||
|
showstringspaces=false,
|
||||||
|
aboveskip=\smallskipamount,
|
||||||
|
% belowskip=\smallskipamount,
|
||||||
|
columns=fullflexible,
|
||||||
|
moredelim=**[is][\color{blue}]{/*}{*/},
|
||||||
|
moredelim=**[is][\color{green!60!black}]{/!}{!/},
|
||||||
|
moredelim=**[is][\color{orange}]{/(}{)/},
|
||||||
|
moredelim=[is][\color{red}]{/[}{]/},
|
||||||
|
xleftmargin=1em,
|
||||||
|
}
|
||||||
|
\lstset{aboveskip=0.4ex,belowskip=0.4ex}
|
||||||
|
\author{Francesco Mecca}
|
||||||
|
\date{}
|
||||||
|
\hypersetup{
|
||||||
|
pdfkeywords={},
|
||||||
|
pdfsubject={},
|
||||||
|
pdfcreator={Emacs 26.3 (Org mode 9.1.9)},
|
||||||
|
pdflang={English}}
|
||||||
|
\begin{document}
|
||||||
|
|
||||||
|
\maketitle
|
||||||
|
\begin{comment}
|
||||||
|
TODO: neg is parsed incorrectly
|
||||||
|
TODO: chiedi a Gabriel se T e S vanno bene, ma prima controlla che siano coerenti
|
||||||
|
\section{{\bfseries\sffamily TODO} Scaletta [1/6]}
|
||||||
|
\label{sec:org530707f}
|
||||||
|
\begin{itemize}
|
||||||
|
\item[{$\boxtimes$}] Introduction
|
||||||
|
\item[{$\boxminus$}] Background [80\%]
|
||||||
|
\begin{itemize}
|
||||||
|
\item[{$\boxtimes$}] Low level representation
|
||||||
|
\item[{$\boxtimes$}] Lambda code [0\%]
|
||||||
|
\item[{$\boxtimes$}] Pattern matching
|
||||||
|
\item[{$\boxtimes$}] Symbolic execution
|
||||||
|
\item[{$\square$}] Translation Validation
|
||||||
|
\end{itemize}
|
||||||
|
\item[{$\square$}] Translation validation of the Pattern Matching Compiler
|
||||||
|
\begin{itemize}
|
||||||
|
\item[{$\square$}] Source translation
|
||||||
|
\begin{itemize}
|
||||||
|
\item[{$\square$}] Formal Grammar
|
||||||
|
\item[{$\square$}] Compilation of source patterns
|
||||||
|
\item[{$\square$}] Rest?
|
||||||
|
\end{itemize}
|
||||||
|
\item[{$\square$}] Target translation
|
||||||
|
\begin{itemize}
|
||||||
|
\item[{$\square$}] Formal Grammar
|
||||||
|
\item[{$\square$}] Symbolic execution of the Lambda target
|
||||||
|
\end{itemize}
|
||||||
|
\item[{$\square$}] Equivalence between source and target
|
||||||
|
\end{itemize}
|
||||||
|
\item[{$\square$}] Proof of correctness
|
||||||
|
\item[{$\square$}] Practical results
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
Magari prima pattern matching poi compilatore?
|
||||||
|
|
||||||
|
\end{comment}
|
||||||
|
\section{Correctness of the algorithm}
|
||||||
|
\label{sec:org4188d38}
|
||||||
|
Running a program t$_S$ or its translation $\llbracket$t$_S$$\rrbracket$ against an input v$_S$
|
||||||
|
produces as a result \emph{r} in the following way:
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
( $\llbracket$t$_S$$\rrbracket$$_S$(v$_S$) = C$_S$(v$_S$) ) $\to$ r\\
|
||||||
|
t$_S$(v$_S$) $\to$ r\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
Likewise
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
( $\llbracket$t$_T$$\rrbracket$$_T$(v$_T$) = C$_T$(v$_T$) ) $\to$ r\\
|
||||||
|
t$_T$(v$_T$) $\to$ r\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
where result r ::= guard list * (Match blackbox | NoMatch | Absurd)
|
||||||
|
and guard ::= blackbox.
|
||||||
|
|
||||||
|
Having defined equivalence between two inputs of which one is
|
||||||
|
expressed in the source language and the other in the target language
|
||||||
|
v$_S$ $\simeq$ v$_T$ (TODO define, this talks about the representation of source values in the target)
|
||||||
|
|
||||||
|
we can define the equivalence between a couple of programs or a couple
|
||||||
|
of decision trees
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
t$_S$ $\simeq$ t$_T$ := $\forall$v$_S$$\simeq$v$_T$, t$_S$(v$_S$) = t$_T$(v$_T$)\\
|
||||||
|
C$_S$ $\simeq$ C$_T$ := $\forall$v$_S$$\simeq$v$_T$, C$_S$(v$_S$) = C$_T$(v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
The proposed equivalence algorithm that works on a couple of
|
||||||
|
decision trees is returns either \emph{Yes} or \emph{No(v$_S$, v$_T$)} where v$_S$ and
|
||||||
|
v$_T$ are a couple of possible counter examples for which the constraint
|
||||||
|
trees produce a different result.
|
||||||
|
|
||||||
|
\subsection{Statements}
|
||||||
|
\label{sec:orgccf94c1}
|
||||||
|
Theorem. We say that a translation of a source program to a decision tree
|
||||||
|
is correct when for every possible input, the source program and its
|
||||||
|
respective decision tree produces the same result
|
||||||
|
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
$\forall$v$_S$, t$_S$(v$_S$) = $\llbracket$t$_S$$\rrbracket$$_S$(v$_S$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
|
||||||
|
Likewise, for the target language:
|
||||||
|
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
$\forall$v$_T$, t$_T$(v$_T$) = $\llbracket$t$_T$$\rrbracket$$_T$(v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
Definition: in the presence of guards we can say that two results are
|
||||||
|
equivalent modulo the guards queue, written \emph{r$_1$ $\simeq$gs r$_2$}, when:
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
(gs$_1$, r$_1$) $\simeq$gs (gs$_2$, r$_2$) $\Leftrightarrow$ (gs$_1$, r$_1$) = (gs$_2$ ++ gs, r$_2$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
Definition: we say that C$_T$ covers the input space \emph{S}, written
|
||||||
|
/covers(C$_T$, S) when every value v$_S$$\in $S is a valid input to the
|
||||||
|
decision tree C$_T$. (TODO: rephrase)
|
||||||
|
|
||||||
|
Theorem: Given an input space \emph{S} and a couple of decision trees, where
|
||||||
|
the target decision tree C$_T$ covers the input space \emph{S}, we say that
|
||||||
|
the two decision trees are equivalent when:
|
||||||
|
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
equiv(S, C$_S$, C$_T$, gs) = Yes $\wedge$ covers(C$_T$, S) $\to$ $\forall$v$_S$$\simeq$v$_T$ $\in $ S, C$_S$(v$_S$) $\simeq$gs C$_T$(v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
Similarly we say that a couple of decision trees in the presence of
|
||||||
|
an input space \emph{S} are \emph{not} equivalent when:
|
||||||
|
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
equiv(S, C$_S$, C$_T$, gs) = No(v$_S$,v$_T$) $\wedge$ covers(C$_T$, S) $\to$ v$_S$$\simeq$v$_T$ $\in $ S $\wedge$ C$_S$(v$_S$) $\ne$gs C$_T$(v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
Corollary: For a full input space \emph{S}, that is the universe of the
|
||||||
|
target program we say:
|
||||||
|
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
equiv(S, $\llbracket$t$_S$$\rrbracket$$_S$, $\llbracket$t$_T$$\rrbracket$$_T$, $\varnothing$) = Yes $\Leftrightarrow$ t$_S$ $\simeq$ t$_T$\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
|
||||||
|
\begin{enumerate}
|
||||||
|
\item Proof of the correctness of the translation from source programs to source decision trees
|
||||||
|
\label{sec:orgfa2a152}
|
||||||
|
|
||||||
|
We define a source term t$_S$ as a collection of patterns pointing to blackboxes
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
t$_S$ ::= (p $\to$ bb)\(^{\text{i$\in $I}}\)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
A pattern is defined as either a constructor pattern, an or pattern or
|
||||||
|
a constant pattern
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{lllll}
|
||||||
|
p ::= & K(p$_i$)$^i$, i $\in $ I & (p & q) & n $\in $ $\mathbb{N}$\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
A decision tree is defined as either a Leaf, a Failure terminal or
|
||||||
|
an intermediate node with different children sharing the same accessor \emph{a}
|
||||||
|
and an optional fallback.
|
||||||
|
Failure is emitted only when the patterns don't cover the whole set of
|
||||||
|
possible input values \emph{S}. The fallback is not needed when the user
|
||||||
|
doesn't use a wildcard pattern.
|
||||||
|
\%\%\% Give example of thing
|
||||||
|
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{ll}
|
||||||
|
C$_S$ ::= Leaf bb & Node(a, (K$_i$ $\to$ C$_i$)\(^{\text{i$\in $S}}\) , C?)\\
|
||||||
|
a ::= Here & n.a\\
|
||||||
|
v$_S$ ::= K(v$_i$)\(^{\text{i$\in $I}}\) & n $\in $ $\mathbb{N}$\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
\begin{comment}
|
||||||
|
Are K and Here clear here?
|
||||||
|
\end{comment}
|
||||||
|
|
||||||
|
We define the decomposition matrix \emph{m$_S$} as
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
SMatrix m$_S$ := (a$_j$)\(^{\text{j$\in $J}}\), ((p\(_{\text{ij}}\))\(^{\text{j$\in $J}}\) $\to$ bb$_i$)\(^{\text{i$\in $I}}\)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
\begin{comment}
|
||||||
|
Correggi prendendo in considerazione l'accessor
|
||||||
|
\end{comment}
|
||||||
|
|
||||||
|
We define the decision tree of source programs
|
||||||
|
$\llbracket$t$_S$$\rrbracket$
|
||||||
|
in terms of the decision tree of pattern matrices
|
||||||
|
$\llbracket$m$_S$$\rrbracket$
|
||||||
|
by the following:
|
||||||
|
$\llbracket$((p$_i$ $\to$ bb$_i$)\(^{\text{i$\in $I}}\)$\rrbracket$ := $\llbracket$(Root), (p$_i$ $\to$ bb$_i$)\(^{\text{i$\in $I}}\) $\rrbracket$
|
||||||
|
|
||||||
|
decision tree computed from pattern matrices respect the following invariant:
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
$\forall$v (v$_i$)\(^{\text{i$\in $I}}\) = v(a$_i$)\(^{\text{i$\in $I}}\) $\to$ $\llbracket$m$\rrbracket$(v) = m(v$_i$)\(^{\text{i$\in $I}}\) for m = ((a$_i$)\(^{\text{i$\in $I}}\), (r$_i$)\(^{\text{i$\in $I}}\))\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
where
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
v(Here) = v\\
|
||||||
|
K(v$_i$)$^i$(k.a) = v$_k$(a) if k $\in $ [0;n[\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
\begin{comment}
|
||||||
|
TODO: EXPLAIN
|
||||||
|
\end{comment}
|
||||||
|
|
||||||
|
We proceed to show the correctness of the invariant by a case
|
||||||
|
analysys.
|
||||||
|
|
||||||
|
Base cases:
|
||||||
|
\begin{enumerate}
|
||||||
|
\item\relax [| $\varnothing$, ($\varnothing$ $\to$ bb$_i$)$^i$ |] := Leaf bb$_i$ where i := min(I), that is a
|
||||||
|
decision tree [|ms|] defined by an empty accessor and empty
|
||||||
|
patterns pointing to blackboxes \emph{bb$_i$}. This respects the invariant
|
||||||
|
because a decomposition matrix in the case of empty rows returns
|
||||||
|
the first expression and we known that (Leaf bb)(v) := Match bb
|
||||||
|
\item\relax [| (a$_j$)$^j$, $\varnothing$ |] := Failure
|
||||||
|
\end{enumerate}
|
||||||
|
|
||||||
|
Regarding non base cases:
|
||||||
|
Let's first define
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
let Idx(k) := [0; arity(k)[\\
|
||||||
|
let First($\varnothing$) := $\bot$\\
|
||||||
|
let First((a$_j$)$^j$) := a\(_{\text{min(j$\in $J$\ne$$\varnothing$)}}\)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
\[
|
||||||
|
m := ((a_i)^i ((p_{ij})^i \to e_j)^{ij})
|
||||||
|
\]
|
||||||
|
\[
|
||||||
|
(k_k)^k := headconstructor(p_{i0})^i
|
||||||
|
\]
|
||||||
|
\begin{equation}
|
||||||
|
Groups(m) := ( k_k \to ((a)_{0.l})^{l \in Idx(k_k)} +++ (a_i)^{i \in I\backslash \{0\} }), \\
|
||||||
|
( if p_{0j} is k(q_l) then \\
|
||||||
|
(q_l)^{l \in Idx(k_k)} +++ (p_{ij})^{i \in I\backslash \{0\}} \to e_j \\
|
||||||
|
if p_{0j} is \_ then \\
|
||||||
|
(\_)^{l \in Idx(k_k)} +++ (p_{ij})^{i \in I\backslash \{0\}} \to e_j \\
|
||||||
|
else \bot )^j ), \\
|
||||||
|
((a_i)^{i \in I\backslash \{0\}}, ((p_{ij})^{i \in I\backslash \{0\}} \to e_j if p_{0j} is \_ else \bot)^{j \in J})
|
||||||
|
\end{equation}
|
||||||
|
|
||||||
|
Groups(m) is an auxiliary function that decomposes a matrix m into
|
||||||
|
submatrices, according to the head constructor of their first pattern.
|
||||||
|
Groups(m) returns one submatrix m\_r for each head constructor k that
|
||||||
|
occurs on the first row of m, plus one "wildcard submatrix" m\(_{\text{wild}}\)
|
||||||
|
that matches on all values that do not start with one of those head
|
||||||
|
constructors.
|
||||||
|
|
||||||
|
Intuitively, m is equivalent to its decompositionin the following
|
||||||
|
sense: if the first pattern of an input vector (v\_i)\^{}i starts with one
|
||||||
|
of the head constructors k, then running (v\_i)\^{}i against m is the same
|
||||||
|
as running it against the submatrix m\_k; otherwise (its head
|
||||||
|
constructor is none of the k) it is equivalent to running it against
|
||||||
|
the wildcard submatrix.
|
||||||
|
|
||||||
|
We formalize this intuition as follows:
|
||||||
|
Lemma (Groups):
|
||||||
|
Let \[m\] be a matrix with \[Groups(m) = (k_r \to m_r)^k, m_{wild}\].
|
||||||
|
For any value vector \[(v_i)^l\] such that \[v_0 = k(v'_l)^l\] for some
|
||||||
|
constructor k,
|
||||||
|
we have:
|
||||||
|
\[
|
||||||
|
if k = k_k for some k then
|
||||||
|
m(v_i)^i = m_k((v'_l)^l +++ (v_i)^{i\in I\backslash \{0\}})
|
||||||
|
else
|
||||||
|
m(v_i)^i = m_{wild}(v_i)^{i\in I\backslash \{0\}}
|
||||||
|
\]
|
||||||
|
|
||||||
|
\item Proof:
|
||||||
|
\label{sec:org8dad6fc}
|
||||||
|
Let \[m\] be a matrix with \[Group(m) = (k_r \to m_r)^k, m_{wild}\].
|
||||||
|
Let \[(v_i)^i\] be an input matrix with \[v_0 = k(v'_l)^l\] for some k.
|
||||||
|
We proceed by case analysis:
|
||||||
|
\begin{itemize}
|
||||||
|
\item either k is one of the k$_k$ for some k
|
||||||
|
\item or k is none of the (k$_k$)$^k$
|
||||||
|
\end{itemize}
|
||||||
|
|
||||||
|
Both m(v$_i$)$^i$ and m$_k$(v$_k$)$^k$ are defined as the first matching result of
|
||||||
|
a family over each row r$_j$ of a matrix
|
||||||
|
|
||||||
|
We know, from the definition of
|
||||||
|
Groups(m), that m$_k$ is
|
||||||
|
\[
|
||||||
|
((a){0.l})^{l\in Idx(k_k)} +++ (a_i)^{i\in I\backslash \{0\}}),
|
||||||
|
(
|
||||||
|
if p_{0j} is k(q_l) then
|
||||||
|
(q_l)^l +++ (p_{ij})^{i\in I\backslash \{0\}} \to e_j
|
||||||
|
if p_{0j} is _ then
|
||||||
|
(_)^l +++ (p_{ij})^{i\in I\backslash \{0\}} \to e_j
|
||||||
|
else \bot
|
||||||
|
)^j
|
||||||
|
\]
|
||||||
|
|
||||||
|
By definition, m(v$_i$)$^i$ is
|
||||||
|
m(v$_i$)$^i$ = First(r$_j$(v$_i$)$^i$)$^j$ for m = ((a$_i$)$^i$, (r$_j$)$^j$)
|
||||||
|
(p$_i$)$^i$ (v$_i$)$^i$ = \{
|
||||||
|
if p$_0$ = k(q$_l$)$^l$, v$_0$ = k'(v'$_k$)$^k$, k=Idx(k') and l=Idx(k)
|
||||||
|
if k $\ne$ k' then $\bot$
|
||||||
|
if k = k' then ((q$_l$)$^l$ \sout{+} (p$_i$)\(^{\text{i$\in $I}\backslash\ \text{$\backslash${0$\backslash$}}}\)) ((v'$_k$)$^k$ \sout{+} (v$_i$)\(^{\text{i$\in $I}\backslash\ \text{$\backslash${0$\backslash$}}}\))
|
||||||
|
if p$_0$ = (q$_1$|q$_2$) then
|
||||||
|
First( (q$_1$p$_i$\(^{\text{i$\in $I }\backslash\ \text{$\backslash${0$\backslash$}}}\)) v$_i$\(^{\text{i$\in $I }\backslash\ \text{$\backslash${0$\backslash$}}}\), (q$_2$p$_i$\(^{\text{i$\in $I }\backslash\ \text{$\backslash${0$\backslash$}}}\)) v$_i$\(^{\text{i$\in $I }\backslash\ \text{$\backslash${0$\backslash$}}}\) )
|
||||||
|
\}
|
||||||
|
|
||||||
|
For this reason, if we can prove that
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
$\forall$j, r$_j$(v$_i$)$^i$ = r'$_j$((v'$_k$)$^k$ ++ (v$_i$)$^i$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
it follows that
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
m(v$_i$)$^i$ = m$_k$((v'$_k$)$^k$ ++ (v$_i$)$^i$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
from the above definition.
|
||||||
|
|
||||||
|
We can also show that a$_i$ = a\(_{\text{0.l}}\)$^l$ \sout{+} a\(_{\text{i$\in $I}\backslash\ \text{$\backslash${0$\backslash$}}}\) because v(a$_0$) = K(v(a)\{0.l\})$^l$)
|
||||||
|
\end{enumerate}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
\subsection{Proof of equivalence checking}
|
||||||
|
\label{sec:orgffce3ea}
|
||||||
|
\begin{comment}
|
||||||
|
TODO: put ^i$\in $I where needed
|
||||||
|
\end{comment}
|
||||||
|
\subsubsection{The trimming lemma}
|
||||||
|
The trimming lemma allows to reduce the size of a decision tree given
|
||||||
|
an accessor $\to$ $\pi$ relation (TODO: expand)
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
$\forall$v$_T$ $\in $ (a$\to$$\pi$), C$_T$(v$_T$) = C\(_{\text{t/a$\to$$\pi$(k$_i$)}}\)(v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
We prove this by induction on C$_T$:
|
||||||
|
a. C$_T$ = Leaf\(_{\text{bb}}\): when the decision tree is a leaf terminal, we
|
||||||
|
know that
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
Leaf\(_{\text{bb/a$\to$$\pi$}}\)(v) = Leaf\(_{\text{bb}}\)(v)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
That means that the result of trimming on a Leaf is the Leaf itself
|
||||||
|
b. The same applies to Failure terminal
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
Failure\(_{\text{/a$\to$$\pi$}}\)(v) = Failure(v)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
c. When C$_T$ = Node(b, ($\pi$$\to$C$_i$)$^i$)\(_{\text{/a$\to$$\pi$}}\) then
|
||||||
|
we look at the accessor \emph{a} of the subtree C$_i$ and
|
||||||
|
we define $\pi$$_i$' = $\pi$$_i$ if a$\ne$b else $\pi$$_i$$\cap$$\pi$
|
||||||
|
Trimming a switch node yields the following result:
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
Node(b, ($\pi$$\to$C$_i$)$^i$)\(_{\text{/a$\to$$\pi$}}\) := Node(b, ($\pi$'$_i$$\to$C\(_{\text{i/a$\to$$\pi$}}\))$^i$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
\begin{comment}
|
||||||
|
Actually in the proof.org file I transcribed:
|
||||||
|
e. Unreachabe $\to$ $\bot$
|
||||||
|
This is not correct because you don't have Unreachable nodes in target decision trees
|
||||||
|
\end{comment}
|
||||||
|
|
||||||
|
For the trimming lemma we have to prove that running the value v$_T$ against
|
||||||
|
the decistion tree C$_T$ is the same as running v$_T$ against the tree
|
||||||
|
C\(_{\text{trim}}\) that is the result of the trimming operation on C$_T$
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
C$_T$(v$_T$) = C\(_{\text{trim}}\)(v$_T$) = Node(b, ($\pi$$_i$'$\to$C\(_{\text{i/a$\to$$\pi$}}\))$^i$)(v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
We can reason by first noting that when v$_T$$\notin$(b$\to$$\pi$$_i$)$^i$ the node must be a Failure node.
|
||||||
|
In the case where $\exists$k| v$_T$$\in $(b$\to$$\pi$$_k$) then we can prove that
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
C\(_{\text{k/a$\to$$\pi$}}\)(v$_T$) = Node(b, ($\pi$$_i$'$\to$C\(_{\text{i/a$\to$$\pi$}}\))$^i$)(v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
because when a $\ne$ b then $\pi$$_k$'= $\pi$$_k$ and this means that v$_T$$\in $$\pi$$_k$'
|
||||||
|
while when a = b then $\pi$$_k$'=($\pi$$_k$$\cap$$\pi$) and vt$\in $$\pi$$_k$' because:
|
||||||
|
\begin{itemize}
|
||||||
|
\item by the hypothesis, v$_T$$\in $$\pi$
|
||||||
|
\item we are in the case where v$_T$$\in $$\pi$$_k$
|
||||||
|
\end{itemize}
|
||||||
|
So v$_T$ $\in $ $\pi$$_k$' and by induction
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
C$_k$(v$_T$) = C\(_{\text{k/a$\to$$\pi$}}\)(v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
We also know that $\forall$v$_T$$\in $(b$\to$$\pi$$_k$) $\to$ C$_T$(v$_T$) = C$_k$(v$_T$)
|
||||||
|
By putting together the last two steps, we have proven the trimming
|
||||||
|
lemma.
|
||||||
|
|
||||||
|
\begin{comment}
|
||||||
|
TODO: what should I say about covering??? I swap $\pi$ and $\pi$'
|
||||||
|
Covering lemma:
|
||||||
|
$\forall$a,$\pi$ covers(C$_T$,S) $\to$ covers(C_{t/a$\to$$\pi$}, (S$\cap$a$\to$$\pi$))
|
||||||
|
U$_i$$\pi$$^i$ $\approx$ U$_i$$\pi$'$\cap$(a$\to$$\pi$) $\approx$ (U$_i$$\pi$')$\cap$(a$\to$$\pi$) %%
|
||||||
|
|
||||||
|
|
||||||
|
%%%%%%% Also: Should I swap $\pi$ and $\pi$' ?
|
||||||
|
\end{comment}
|
||||||
|
|
||||||
|
\subsubsection{Equivalence checking}
|
||||||
|
The equivalence checking algorithm takes as parameters an input space
|
||||||
|
\emph{S}, a source decision tree \emph{C$_S$} and a target decision tree \emph{C$_T$}:
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{ll}
|
||||||
|
equiv(S, C$_S$, C$_T$) $\to$ Yes & No(v$_S$, v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
When the algorithm returns Yes and the input space is covered by \emph{C$_S$}
|
||||||
|
we can say that the couple of decision trees are the same for
|
||||||
|
every couple of source value \emph{v$_S$} and target value \emph{v$_T$} that are equivalent.
|
||||||
|
\begin{comment}
|
||||||
|
Define "covered"
|
||||||
|
Is it correct to say the same? How to correctly distinguish in words $\simeq$ and = ?
|
||||||
|
\end{comment}
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
equiv(S, C$_S$, C$_T$) = Yes and cover(C$_T$, S) $\to$ $\forall$ v$_S$ $\simeq$ v$_T$$\in $S $\wedge$ C$_S$(v$_S$) = C$_T$(v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
In the case where the algorithm returns No we have at least a couple
|
||||||
|
of counter example values v$_S$ and v$_T$ for which the two decision trees
|
||||||
|
outputs a different result.
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
equiv(S, C$_S$, C$_T$) = No(v$_S$,v$_T$) and cover(C$_T$, S) $\to$ $\forall$ v$_S$ $\simeq$ v$_T$$\in $S $\wedge$ C$_S$(v$_S$) $\ne$ C$_T$(v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
We define the following
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
Forall(Yes) = Yes\\
|
||||||
|
Forall(Yes::l) = Forall(l)\\
|
||||||
|
Forall(No(v$_S$,v$_T$)::\_) = No(v$_S$,v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
There exists and are injective:
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
int(k) $\in $ $\mathbb{N}$ (arity(k) = 0)\\
|
||||||
|
tag(k) $\in $ $\mathbb{N}$ (arity(k) > 0)\\
|
||||||
|
$\pi$(k) = \{n\(\vert{}\) int(k) = n\} x \{n\(\vert{}\) tag(k) = n\}\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
where k is a constructor.
|
||||||
|
|
||||||
|
\begin{comment}
|
||||||
|
TODO: explain:
|
||||||
|
$\forall$v$\in $a$\to$$\pi$, C_{/a$\to$$\pi$}(v) = C(v)
|
||||||
|
\end{comment}
|
||||||
|
|
||||||
|
We proceed by case analysis:
|
||||||
|
\begin{comment}
|
||||||
|
I start numbering from zero to leave the numbers as they were on the blackboard, were we skipped some things
|
||||||
|
I think the unreachable case should go at the end.
|
||||||
|
\end{comment}
|
||||||
|
\begin{enumerate}
|
||||||
|
\item in case of unreachable:
|
||||||
|
\end{enumerate}
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
C$_S$(v$_S$) = Absurd(Unreachable) $\ne$ C$_T$(v$_T$) $\forall$v$_S$,v$_T$\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
\begin{enumerate}
|
||||||
|
\item In the case of an empty input space
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
equiv($\varnothing$, C$_S$, C$_T$) := Yes\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
and that is trivial to prove because there is no pair of values (v$_S$, v$_T$) that could be
|
||||||
|
tested against the decision trees.
|
||||||
|
In the other subcases S is always non-empty.
|
||||||
|
\item When there are \emph{Failure} nodes at both sides the result is \emph{Yes}:
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
equiv(S, Failure, Failure) := Yes\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
Given that $\forall$v, Failure(v) = Failure, the statement holds.
|
||||||
|
\item When we have a Leaf or a Failure at the left side:
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
equiv(S, Failure as C$_S$, Node(a, ($\pi$$_i$ $\to$ C$_T$$_i$)$^i$)) := Forall(equiv( S$\cap$a$\to$$\pi$(k$_i$)), C$_S$, C$_T$$_i$)$^i$)\\
|
||||||
|
equiv(S, Leaf bb$_S$ as C$_S$, Node(a, ($\pi$$_i$ $\to$ C$_T$$_i$)$^i$)) := Forall(equiv( S$\cap$a$\to$$\pi$(k$_i$)), C$_S$, C$_T$$_i$)$^i$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
The algorithm either returns Yes for every sub-input space S$_i$ := S$\cap$(a$\to$$\pi$(k$_i$)) and
|
||||||
|
subtree C$_T$$_i$
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
equiv(S$_i$, C$_S$, C$_T$$_i$) = Yes $\forall$i\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
or we have a counter example v$_S$, v$_T$ for which
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
v$_S$$\simeq$v$_T$$\in $S$_k$ $\wedge$ c$_S$(v$_S$) $\ne$ C$_T$$_k$(v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
then because
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
v$_T$$\in $(a$\to$$\pi$$_k$) $\to$ C$_T$(v$_T$) = C$_T$$_k$(v$_T$) ,\\
|
||||||
|
v$_S$$\simeq$v$_T$$\in $S $\wedge$ C$_S$(v$_S$)$\ne$C$_T$(v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
we can say that
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
equiv(S$_i$, C$_S$, C$_T$$_i$) = No(v$_S$, v$_T$) for some minimal k$\in $I\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
\item When we have a Node on the right we define $\pi$$_n$ as the domain of
|
||||||
|
values not covered but the union of the constructors k$_i$
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
$\pi$$_n$ = ¬($\bigcup$$\pi$(k$_i$)$^i$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
The algorithm proceeds by trimming
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
equiv(S, Node(a, (k$_i$ $\to$ C$_S$$_i$)$^i$, C\(_{\text{sf}}\)), C$_T$) :=\\
|
||||||
|
Forall(equiv( S$\cap$(a$\to$$\pi$(k$_i$)$^i$), C$_S$$_i$, C\(_{\text{t/a$\to$$\pi$(k$_i$)}}\))$^i$ \sout{+} equiv(S$\cap$(a$\to$$\pi$(k$_i$)), C$_S$, C\(_{\text{a$\to$$\pi$$_n$}}\)))\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
The statement still holds and we show this by first analyzing the
|
||||||
|
\emph{Yes} case:
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
Forall(equiv( S$\cap$(a$\to$$\pi$(k$_i$)$^i$), C$_S$$_i$, C\(_{\text{t/a$\to$$\pi$(k$_i$)}}\))$^i$ = Yes\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
The constructor k is either included in the set of constructors k$_i$:
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
k \(\vert{}\) k$\in $(k$_i$)$^i$ $\wedge$ C$_S$(v$_S$) = C$_S$$_i$(v$_S$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
We also know that
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
(1) C$_S$$_i$(v$_S$) = C\(_{\text{t/a$\to$$\pi$$_i$}}\)(v$_T$)\\
|
||||||
|
(2) C\(_{\text{T/a$\to$$\pi$$_i$}}\)(v$_T$) = C$_T$(v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
(1) is true by induction and (2) is a consequence of the trimming lemma.
|
||||||
|
Putting everything together:
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
C$_S$(v$_S$) = C$_S$$_i$(v$_S$) = C\(_{\text{T/a$\to$$\pi$$_i$}}\)(v$_T$) = C$_T$(v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
|
||||||
|
When the k$\notin$(k$_i$)$^i$ [TODO]
|
||||||
|
|
||||||
|
The auxiliary Forall function returns \emph{No(v$_S$, v$_T$)} when, for a minimum k,
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
equiv(S$_k$, C$_S$$_k$, C\(_{\text{T/a$\to$$\pi$$_k$}}\) = No(v$_S$, v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
Then we can say that
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
C$_S$$_k$(v$_S$) $\ne$ C\(_{\text{t/a$\to$$\pi$$_k$}}\)(v$_T$)\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
that is enough for proving that
|
||||||
|
\begin{center}
|
||||||
|
\begin{tabular}{l}
|
||||||
|
C$_S$$_k$(v$_S$) $\ne$ (C\(_{\text{t/a$\to$$\pi$$_k$}}\)(v$_T$) = C$_T$(v$_T$))\\
|
||||||
|
\end{tabular}
|
||||||
|
\end{center}
|
||||||
|
\end{enumerate}
|
||||||
|
\end{document}
|
BIN
tesi/tesi.pdf
BIN
tesi/tesi.pdf
Binary file not shown.
|
@ -18,7 +18,6 @@ TODO: chiedi a Gabriel se T e S vanno bene, ma prima controlla che siano coerent
|
||||||
- [ ] Formal Grammar
|
- [ ] Formal Grammar
|
||||||
- [ ] Symbolic execution of the Lambda target
|
- [ ] Symbolic execution of the Lambda target
|
||||||
- [ ] Equivalence between source and target
|
- [ ] Equivalence between source and target
|
||||||
- [ ] Statement of correctness
|
|
||||||
- [ ] Proof of correctness
|
- [ ] Proof of correctness
|
||||||
- [ ] Practical results
|
- [ ] Practical results
|
||||||
|
|
||||||
|
@ -1362,9 +1361,9 @@ Correggi prendendo in considerazione l'accessor
|
||||||
We define the decision tree of source programs
|
We define the decision tree of source programs
|
||||||
〚tₛ〛
|
〚tₛ〛
|
||||||
in terms of the decision tree of pattern matrices
|
in terms of the decision tree of pattern matrices
|
||||||
〚mₛ〛
|
〚mₛ〛
|
||||||
by the following:
|
by the following:
|
||||||
〚((pᵢ → bbᵢ)^{i∈I}〛 := 〚(Root), (pᵢ → bbᵢ)^{i∈I} 〛
|
〚((pᵢ → bbᵢ)^{i∈I}〛 := 〚(Root), (pᵢ → bbᵢ)^{i∈I} 〛
|
||||||
|
|
||||||
decision tree computed from pattern matrices respect the following invariant:
|
decision tree computed from pattern matrices respect the following invariant:
|
||||||
| ∀v (vᵢ)^{i∈I} = v(aᵢ)^{i∈I} → 〚m〛(v) = m(vᵢ)^{i∈I} for m = ((aᵢ)^{i∈I}, (rᵢ)^{i∈I})
|
| ∀v (vᵢ)^{i∈I} = v(aᵢ)^{i∈I} → 〚m〛(v) = m(vᵢ)^{i∈I} for m = ((aᵢ)^{i∈I}, (rᵢ)^{i∈I})
|
||||||
|
@ -1467,13 +1466,13 @@ m(vᵢ)ⁱ = First(rⱼ(vᵢ)ⁱ)ʲ for m = ((aᵢ)ⁱ, (rⱼ)ʲ)
|
||||||
First( (q₁pᵢ^{i∈I \backslash \{0\}}) vᵢ^{i∈I \backslash \{0\}}, (q₂pᵢ^{i∈I \backslash \{0\}}) vᵢ^{i∈I \backslash \{0\}} )
|
First( (q₁pᵢ^{i∈I \backslash \{0\}}) vᵢ^{i∈I \backslash \{0\}}, (q₂pᵢ^{i∈I \backslash \{0\}}) vᵢ^{i∈I \backslash \{0\}} )
|
||||||
}
|
}
|
||||||
|
|
||||||
For this reason, if we can prova that
|
For this reason, if we can prove that
|
||||||
| ∀j, rⱼ(vᵢ)ⁱ = r'ⱼ((v'ₖ)ᵏ ++ (vᵢ)ⁱ)
|
| ∀j, rⱼ(vᵢ)ⁱ = r'ⱼ((v'ₖ)ᵏ ++ (vᵢ)ⁱ)
|
||||||
it follows that
|
it follows that
|
||||||
| m(vᵢ)ⁱ = mₖ((v'ₖ)ᵏ ++ (vᵢ)ⁱ)
|
| m(vᵢ)ⁱ = mₖ((v'ₖ)ᵏ ++ (vᵢ)ⁱ)
|
||||||
from the above definition.
|
from the above definition.
|
||||||
|
|
||||||
We can also show that aᵢ = a){0.l}ˡ +++ a_{i∈I\backslash \{0\}} because v(a₀) = K(v(a){0.l})ˡ)
|
We can also show that aᵢ = a_{0.l}ˡ +++ a_{i∈I\backslash \{0\}} because v(a₀) = K(v(a){0.l})ˡ)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -1484,36 +1483,52 @@ TODO: put ^i∈I where needed
|
||||||
\end{comment}
|
\end{comment}
|
||||||
\subsubsection{The trimming lemma}
|
\subsubsection{The trimming lemma}
|
||||||
The trimming lemma allows to reduce the size of a decision tree given
|
The trimming lemma allows to reduce the size of a decision tree given
|
||||||
an accessor → π relation (In other words???)
|
an accessor → π relation (TODO: expand)
|
||||||
| ∀vₜ ∈ (a→π), Cₜ(vₜ) = C_{t/a→π(kᵢ)}(vₜ)
|
| ∀vₜ ∈ (a→π), Cₜ(vₜ) = C_{t/a→π(kᵢ)}(vₜ)
|
||||||
We prove this by induction on Cₜ:
|
We prove this by induction on Cₜ:
|
||||||
a. Case where Cₜ = Leaf_{bb}:
|
a. Cₜ = Leaf_{bb}: when the decision tree is a leaf terminal, we
|
||||||
Leaf_{bb/a→π}(v) = Leaf_{bb}(v)
|
know that
|
||||||
That means that the result of trimming on a Leaf is
|
| Leaf_{bb/a→π}(v) = Leaf_{bb}(v)
|
||||||
the Leaf itself
|
That means that the result of trimming on a Leaf is the Leaf itself
|
||||||
b. Same for failure terminal
|
b. The same applies to Failure terminal
|
||||||
e. Unreachabe → ⊥
|
| Failure_{/a→π}(v) = Failure(v)
|
||||||
c. When Cₜ = Node(b, (π→Cᵢ)ⁱ)_{/a→π} then
|
c. When Cₜ = Node(b, (π→Cᵢ)ⁱ)_{/a→π} then
|
||||||
we define πᵢ' = πᵢ if a≠b else πᵢ∩π ;
|
we look at the accessor /a/ of the subtree Cᵢ and
|
||||||
Node(b, (π→Cᵢ)ⁱ)_{/a→π} := Node(b, (π'ᵢ→C_{i/a→π})ⁱ)
|
we define πᵢ' = πᵢ if a≠b else πᵢ∩π
|
||||||
|
Trimming a switch node yields the following result:
|
||||||
|
| Node(b, (π→Cᵢ)ⁱ)_{/a→π} := Node(b, (π'ᵢ→C_{i/a→π})ⁱ)
|
||||||
|
|
||||||
Goal: prove that Cₜ(vₜ) = Node(b, (πᵢ'→C_{i/a→π})ⁱ)(vₜ)
|
|
||||||
Either vₜ∉(b→πᵢ)ⁱ and that means that the node is a Failure node
|
|
||||||
Or vₜ∈(b→πₖ) for some k, then
|
|
||||||
C_{k/a→π}(vₜ) = Node(b, (πᵢ'→C_{i/a→π})ⁱ)(vₜ)
|
|
||||||
because when a ≠ b then πₖ'= πₖ => vₜ∈πₖ'
|
|
||||||
while when a = b then πₖ'=(πₖ∩π)
|
|
||||||
- vₜ∈π because of hypothesis
|
|
||||||
- we already know that vₜ∈πₖ
|
|
||||||
So vₜ ∈ πₖ' and by induction Cₖ(vₜ) = C_{k/a→π}(vₜ)
|
|
||||||
and Cₜ(vₜ) = Cₖ(vₜ) when vₜ∈(b→πₖ)
|
|
||||||
This proves that Node(b, (πᵢ'→C_{i/a→π})ⁱ)(vₜ) = Cₜ(vₜ)
|
|
||||||
|
|
||||||
Covering lemma:
|
|
||||||
∀a,π covers(Cₜ,S) => covers(C_{t/a→π}, (S∩a→π))
|
|
||||||
Uᵢπⁱ ≈ Uᵢπ'∩(a→π) ≈ (Uᵢπ')∩(a→π) %%
|
|
||||||
\begin{comment}
|
\begin{comment}
|
||||||
Should I swap π and π'
|
Actually in the proof.org file I transcribed:
|
||||||
|
e. Unreachabe → ⊥
|
||||||
|
This is not correct because you don't have Unreachable nodes in target decision trees
|
||||||
|
\end{comment}
|
||||||
|
|
||||||
|
For the trimming lemma we have to prove that running the value vₜ against
|
||||||
|
the decistion tree Cₜ is the same as running vₜ against the tree
|
||||||
|
C_{trim} that is the result of the trimming operation on Cₜ
|
||||||
|
| Cₜ(vₜ) = C_{trim}(vₜ) = Node(b, (πᵢ'→C_{i/a→π})ⁱ)(vₜ)
|
||||||
|
We can reason by first noting that when vₜ∉(b→πᵢ)ⁱ the node must be a Failure node.
|
||||||
|
In the case where ∃k| vₜ∈(b→πₖ) then we can prove that
|
||||||
|
| C_{k/a→π}(vₜ) = Node(b, (πᵢ'→C_{i/a→π})ⁱ)(vₜ)
|
||||||
|
because when a ≠ b then πₖ'= πₖ and this means that vₜ∈πₖ'
|
||||||
|
while when a = b then πₖ'=(πₖ∩π) and vt∈πₖ' because:
|
||||||
|
- by the hypothesis, vₜ∈π
|
||||||
|
- we are in the case where vₜ∈πₖ
|
||||||
|
So vₜ ∈ πₖ' and by induction
|
||||||
|
| Cₖ(vₜ) = C_{k/a→π}(vₜ)
|
||||||
|
We also know that ∀vₜ∈(b→πₖ) → Cₜ(vₜ) = Cₖ(vₜ)
|
||||||
|
By putting together the last two steps, we have proven the trimming
|
||||||
|
lemma.
|
||||||
|
|
||||||
|
\begin{comment}
|
||||||
|
TODO: what should I say about covering??? I swap π and π'
|
||||||
|
Covering lemma:
|
||||||
|
∀a,π covers(Cₜ,S) → covers(C_{t/a→π}, (S∩a→π))
|
||||||
|
Uᵢπⁱ ≈ Uᵢπ'∩(a→π) ≈ (Uᵢπ')∩(a→π) %%
|
||||||
|
|
||||||
|
|
||||||
|
%%%%%%% Also: Should I swap π and π' ?
|
||||||
\end{comment}
|
\end{comment}
|
||||||
|
|
||||||
\subsubsection{Equivalence checking}
|
\subsubsection{Equivalence checking}
|
||||||
|
|
Loading…
Reference in a new issue