correzioni Gabriel piu` apici

This commit is contained in:
Francesco Mecca 2020-04-10 00:37:36 +02:00
parent 67ae30a28d
commit 1ec9393e38
2 changed files with 46 additions and 43 deletions

Binary file not shown.

View file

@ -1,4 +1,5 @@
\begin{comment} \begin{comment}
TODO: not all todos are explicit. Check every comment section
TODO: chiedi a Gabriel se T e S vanno bene, ma prima controlla che siano coerenti TODO: chiedi a Gabriel se T e S vanno bene, ma prima controlla che siano coerenti
* TODO Scaletta [1/6] * TODO Scaletta [1/6]
- [X] Introduction - [X] Introduction
@ -1251,10 +1252,10 @@ $(\EquivTEX S {C_S} {C_T} G)$, defined below.
* Correctness of the algorithm * Correctness of the algorithm
Running a program tₛ or its translation 〚tₛ〛 against an input vₛ Running a program tₛ or its translation 〚tₛ〛 against an input vₛ
produces as a result /r/ in the following way: produces as a result /r/ in the following way:
| ( 〚tₛ〛ₛ(vₛ) = Cₛ(vₛ) ) → r | ( 〚tₛ〛ₛ(vₛ) Cₛ(vₛ) ) → r
| tₛ(vₛ) → r | tₛ(vₛ) → r
Likewise Likewise
| ( 〚tₜ〛ₜ(vₜ) = Cₜ(vₜ) ) → r | ( 〚tₜ〛ₜ(vₜ) Cₜ(vₜ) ) → r
| tₜ(vₜ) → r | tₜ(vₜ) → r
where result r ::= guard list * (Match blackbox | NoMatch | Absurd) where result r ::= guard list * (Match blackbox | NoMatch | Absurd)
and guard ::= blackbox. and guard ::= blackbox.
@ -1268,10 +1269,10 @@ of decision trees
| tₛ ≃ tₜ := ∀vₛ≃vₜ, tₛ(vₛ) = tₜ(vₜ) | tₛ ≃ tₜ := ∀vₛ≃vₜ, tₛ(vₛ) = tₜ(vₜ)
| Cₛ ≃ Cₜ := ∀vₛ≃vₜ, Cₛ(vₛ) = Cₜ(vₜ) | Cₛ ≃ Cₜ := ∀vₛ≃vₜ, Cₛ(vₛ) = Cₜ(vₜ)
The proposed equivalence algorithm that works on a couple of The result of the proposed equivalence algorithm is /Yes/ or /No(vₛ,
decision trees is returns either /Yes/ or /No(vₛ, vₜ)/ where vₛ and vₜ)/. In particular, in the negative case, vₛ and vₜ are a couple of
vₜ are a couple of possible counter examples for which the constraint possible counter examples for which the decision trees produce a
trees produce a different result. different result.
** Statements ** Statements
Theorem. We say that a translation of a source program to a decision tree Theorem. We say that a translation of a source program to a decision tree
@ -1312,12 +1313,12 @@ target program we say:
*** Proof of the correctness of the translation from source programs to source decision trees *** Proof of the correctness of the translation from source programs to source decision trees
We define a source term tₛ as a collection of patterns pointing to blackboxes We define the source term tₛ as a collection of patterns pointing to blackboxes
| tₛ ::= (p → bb)^{i∈I} | tₛ ::= (p → bb)^{i∈I}
A pattern is defined as either a constructor pattern, an or pattern or A pattern is defined as either a constructor pattern, an or pattern or
a constant pattern a constant pattern
| p ::= | K(pᵢ)ⁱ, i ∈ I | (p|q) | n ∈ | p ::= \vert K(pᵢ)ⁱ, i ∈ I \vert (p\vert{}q) \vert n ∈
A decision tree is defined as either a Leaf, a Failure terminal or A decision tree is defined as either a Leaf, a Failure terminal or
an intermediate node with different children sharing the same accessor /a/ an intermediate node with different children sharing the same accessor /a/
@ -1327,9 +1328,9 @@ possible input values /S/. The fallback is not needed when the user
doesn't use a wildcard pattern. doesn't use a wildcard pattern.
%%% Give example of thing %%% Give example of thing
| Cₛ ::= Leaf bb | Switch(a, (Kᵢ → Cᵢ)^{i∈S} , C?) | Cₛ ::= Leaf bb \vert Switch(a, (Kᵢ → Cᵢ)^{i∈S} , C?)
| a ::= Here | n.a | a ::= Here \vert n.a
| vₛ ::= K(vᵢ)^{i∈I} | n ∈ | vₛ ::= K(vᵢ)^{i∈I} \vert n ∈
\begin{comment} \begin{comment}
Are K and Here clear here? Are K and Here clear here?
@ -1361,12 +1362,12 @@ We proceed to show the correctness of the invariant by a case
analysys. analysys.
Base cases: Base cases:
1. [| ∅, (∅ → bbᵢ)ⁱ |] := Leaf bbᵢ where i := min(I), that is a 1. [| ∅, (∅ → bbᵢ)ⁱ |] ≡ Leaf bbᵢ where i := min(I), that is a
decision tree [|ms|] defined by an empty accessor and empty decision tree [|ms|] defined by an empty accessor and empty
patterns pointing to blackboxes /bbᵢ/. This respects the invariant patterns pointing to blackboxes /bbᵢ/. This respects the invariant
because a decomposition matrix in the case of empty rows returns because a decomposition matrix in the case of empty rows returns
the first expression and we known that (Leaf bb)(v) := Match bb the first expression and (Leaf bb)(v) := Match bb
2. [| (aⱼ)ʲ, ∅ |] := Failure 2. [| (aⱼ)ʲ, ∅ |] Failure
Regarding non base cases: Regarding non base cases:
Let's first define Let's first define
@ -1397,9 +1398,9 @@ that matches on all values that do not start with one of those head
constructors. constructors.
Intuitively, m is equivalent to its decomposition in the following Intuitively, m is equivalent to its decomposition in the following
sense: if the first pattern of an input vector (v_i)^i starts with one sense: if the first pattern of an input vector (vᵢ)ⁱ starts with one
of the head constructors k, then running (v_i)^i against m is the same of the head constructors k, then running (vᵢ)ⁱ against m is the same
as running it against the submatrix m_k; otherwise (its head as running it against the submatrix m; otherwise (its head
constructor is none of the k) it is equivalent to running it against constructor is none of the k) it is equivalent to running it against
the wildcard submatrix. the wildcard submatrix.
@ -1466,21 +1467,23 @@ TODO: put ^i∈I where needed
\end{comment} \end{comment}
\subsubsection{The trimming lemma} \subsubsection{The trimming lemma}
The trimming lemma allows to reduce the size of a decision tree given The trimming lemma allows to reduce the size of a decision tree given
an accessor → π relation (TODO: expand) an accessor /a/ → π relation (TODO: expand)
| ∀vₜ ∈ (a→π), Cₜ(vₜ) = C_{t/a→π(kᵢ)}(vₜ) | ∀vₜ ∈ (a→π), Cₜ(vₜ) = C_{t/a→π}(vₜ)
We prove this by induction on Cₜ: We prove this by induction on Cₜ:
a. Cₜ = Leaf_{bb}: when the decision tree is a leaf terminal, we
know that
| Leaf_{bb/a→π}(v) = Leaf_{bb}(v)
That means that the result of trimming on a Leaf is the Leaf itself
b. The same applies to Failure terminal
| Failure_{/a→π}(v) = Failure(v)
c. When Cₜ = Switch(b, (π→Cᵢ)ⁱ)_{/a→π} then
we look at the accessor /a/ of the subtree Cᵢ and
we define πᵢ' = πᵢ if a≠b else πᵢ∩π
Trimming a switch node yields the following result:
| Switch(b, (π→Cᵢ)ⁱ)_{/a→π} := Switch(b, (π'ᵢ→C_{i/a→π})ⁱ)
- Cₜ = Leaf_{bb}: when the decision tree is a leaf terminal, the result of trimming on a Leaf is the Leaf itself
| Leaf_{bb/a→π}(v) = Leaf_{bb}(v)
- The same applies to Failure terminal
| Failure_{/a→π}(v) = Failure(v)
- When Cₜ = Switch(b, (π→Cᵢ)ⁱ)_{/a→π} then we look at the accessor
/a/ of the subtree Cᵢ and we define πᵢ' = πᵢ if a≠b else πᵢ∩π Trimming
a switch node yields the following result:
| Switch(b, (π→Cᵢ)^{i∈I})_{/a→π} := Switch(b, (π'ᵢ→C_{i/a→π})^{i∈I})
\begin{comment}
TODO: understand how to properly align lists
check that every list is aligned
\end{comment}
\begin{comment} \begin{comment}
Actually in the proof.org file I transcribed: Actually in the proof.org file I transcribed:
e. Unreachabe → ⊥ e. Unreachabe → ⊥
@ -1488,14 +1491,14 @@ This is not correct because you don't have Unreachable nodes in target decision
\end{comment} \end{comment}
For the trimming lemma we have to prove that running the value vₜ against For the trimming lemma we have to prove that running the value vₜ against
the decistion tree Cₜ is the same as running vₜ against the tree the decision tree Cₜ is the same as running vₜ against the tree
C_{trim} that is the result of the trimming operation on Cₜ C_{trim} that is the result of the trimming operation on Cₜ
| Cₜ(vₜ) = C_{trim}(vₜ) = Switch(b, (πᵢ'→C_{i/a→π}))(vₜ) | Cₜ(vₜ) = C_{trim}(vₜ) = Switch(b, (πᵢ'→C_{i/a→π})^{i∈I})(vₜ)
We can reason by first noting that when vₜ∉(b→πᵢ)ⁱ the node must be a Failure node. We can reason by first noting that when vₜ∉(b→πᵢ)ⁱ the node must be a Failure node.
In the case where ∃k| vₜ∈(b→πₖ) then we can prove that In the case where ∃k \vert{} vₜ∈(b→πₖ) then we can prove that
| C_{k/a→π}(vₜ) = Switch(b, (πᵢ'→C_{i/a→π}))(vₜ) | C_{k/a→π}(vₜ) = Switch(b, (πᵢ'→C_{i/a→π})^{i∈I})(vₜ)
because when a ≠ b then πₖ'= πₖ and this means that vₜ∈πₖ' because when a ≠ b then πₖ'= πₖ and this means that vₜ∈πₖ'
while when a = b then πₖ'=(πₖ∩π) and vt∈πₖ' because: while when a = b then πₖ'=(πₖ∩π) and v∈πₖ' because:
- by the hypothesis, vₜ∈π - by the hypothesis, vₜ∈π
- we are in the case where vₜ∈πₖ - we are in the case where vₜ∈πₖ
So vₜ ∈ πₖ' and by induction So vₜ ∈ πₖ' and by induction
@ -1517,7 +1520,7 @@ Covering lemma:
\subsubsection{Equivalence checking} \subsubsection{Equivalence checking}
The equivalence checking algorithm takes as parameters an input space The equivalence checking algorithm takes as parameters an input space
/S/, a source decision tree /Cₛ/ and a target decision tree /Cₜ/: /S/, a source decision tree /Cₛ/ and a target decision tree /Cₜ/:
| equiv(S, Cₛ, Cₜ) → Yes | No(vₛ, vₜ) | equiv(S, Cₛ, Cₜ) → Yes \vert{} No(vₛ, vₜ)
When the algorithm returns Yes and the input space is covered by /Cₛ/ When the algorithm returns Yes and the input space is covered by /Cₛ/
we can say that the couple of decision trees are the same for we can say that the couple of decision trees are the same for
@ -1563,8 +1566,8 @@ I think the unreachable case should go at the end.
|equiv(S, Failure, Failure) := Yes |equiv(S, Failure, Failure) := Yes
Given that ∀v, Failure(v) = Failure, the statement holds. Given that ∀v, Failure(v) = Failure, the statement holds.
3. When we have a Leaf or a Failure at the left side: 3. When we have a Leaf or a Failure at the left side:
| equiv(S, Failure as Cₛ, Switch(a, (πᵢ → Cₜᵢ)ⁱ)) := Forall(equiv( S∩a→π(kᵢ)), Cₛ, Cₜᵢ)ⁱ) | equiv(S, Failure as Cₛ, Switch(a, (πᵢ → Cₜᵢ)^{i∈I})) := Forall(equiv( S∩a→π(kᵢ)), Cₛ, Cₜᵢ)^{i∈I})
| equiv(S, Leaf bbₛ as Cₛ, Switch(a, (πᵢ → Cₜᵢ)ⁱ)) := Forall(equiv( S∩a→π(kᵢ)), Cₛ, Cₜᵢ)ⁱ) | equiv(S, Leaf bbₛ as Cₛ, Switch(a, (πᵢ → Cₜᵢ)^{i∈I})) := Forall(equiv( S∩a→π(kᵢ)), Cₛ, Cₜᵢ)^{i∈I})
The algorithm either returns Yes for every sub-input space Sᵢ := S∩(a→π(kᵢ)) and The algorithm either returns Yes for every sub-input space Sᵢ := S∩(a→π(kᵢ)) and
subtree Cₜᵢ subtree Cₜᵢ
| equiv(Sᵢ, Cₛ, Cₜᵢ) = Yes ∀i | equiv(Sᵢ, Cₛ, Cₜᵢ) = Yes ∀i
@ -1577,13 +1580,13 @@ I think the unreachable case should go at the end.
| equiv(Sᵢ, Cₛ, Cₜᵢ) = No(vₛ, vₜ) for some minimal k∈I | equiv(Sᵢ, Cₛ, Cₜᵢ) = No(vₛ, vₜ) for some minimal k∈I
4. When we have a Switch on the right we define πₙ as the domain of 4. When we have a Switch on the right we define πₙ as the domain of
values not covered but the union of the constructors kᵢ values not covered but the union of the constructors kᵢ
| πₙ = ¬(⋃π(kᵢ)) | πₙ = ¬(⋃π(kᵢ)^{i∈I})
The algorithm proceeds by trimming The algorithm proceeds by trimming
| equiv(S, Switch(a, (kᵢ → Cₛᵢ), C_{sf}), Cₜ) := | equiv(S, Switch(a, (kᵢ → Cₛᵢ)^{i∈I}, C_{sf}), Cₜ) :=
| Forall(equiv( S∩(a→π(kᵢ)ⁱ), Cₛᵢ, C_{t/a→π(kᵢ)})ⁱ +++ equiv(S∩(a→π(kᵢ)), Cₛ, C_{a→πₙ})) | Forall(equiv( S∩(a→π(kᵢ)^{i∈I}), Cₛᵢ, C_{t/a→π(kᵢ)})^{i∈I} +++ equiv(S∩(a→πₙ), Cₛ, C_{a→πₙ}))
The statement still holds and we show this by first analyzing the The statement still holds and we show this by first analyzing the
/Yes/ case: /Yes/ case:
| Forall(equiv( S∩(a→π(kᵢ)ⁱ), Cₛᵢ, C_{t/a→π(kᵢ)})ⁱ = Yes | Forall(equiv( S∩(a→π(kᵢ)^{i∈I}), Cₛᵢ, C_{t/a→π(kᵢ)})^{i∈I} = Yes
The constructor k is either included in the set of constructors kᵢ: The constructor k is either included in the set of constructors kᵢ:
| k \vert k∈(kᵢ)ⁱ ∧ Cₛ(vₛ) = Cₛᵢ(vₛ) | k \vert k∈(kᵢ)ⁱ ∧ Cₛ(vₛ) = Cₛᵢ(vₛ)
We also know that We also know that