Translation Correctness for Expressions



  • evaluation: $eval\ :\ Expression \to Int$
  • compilation: $[\![ \_ ]\!]\ :\ Expression \to List[Instruction]$
  • virtual machine: $run\ : \ List[Instruction] \to List[Int] \to List[Int]$

For simplicity we will omit environments mapping variables

  • does not affect this proof

We often write X instead of List(X) when X is one element

Also, we often use same symbol '*' for

  • operator in the tree
  • operator in instruction sequence
  • corresponding mathematical operator

Key Facts

Evaluation of expressions:

   eval(e_1 * e_2) = eval(e_1) * eval(e_2)


   [\![ e_1 * e_2 ]\!] = [\![e_1]\!] ::: [\![e_2]\!] :::\ {*}


  • the last occurrence of is the imul instruction
  • $e_1*e_2$ denotes a tree with node type $*$ and children $e_1$, $e_2$

run-virtual machine: From definition of $run$ and by induction on $L_1$,

    run\ (L_1 ::: L_2)\ S = run\ L_2\ (run\ L_1\ S)

Of course

    run\ (* ::: L)\ (S:::x_1:::x_2) = run\ L\ (S:::x)

where $x$ is the result of computing $x_1*x_2$, and

    run\ (c ::: L)\ S = run\ L\ (S:::c)

for constant $c$, and

    run\ EmptyList\ S = S

Correctness Theorem

For every $e$,

   run\ [\![ e ]\!]\ List()\ \ =\ \ List(eval(e))

Attempt at Inductive Proof

Induction on structure of $e$

   run\ [\![e_1 * e_2]\!]\ S = \\
   run\ ([\![e_1]\!] ::: [\![e_2]\!] ::: *)\ S = \\
   run\ ([\![e_2]\!] ::: *)\ (run\ [\![e_1]\!]\ S) = \\

Induction Hypothesis

For every expression $e$ and every list of integers $S$,

   run\ [\![ e ]\!]\ S\ \ =\ \ S ::: eval(e)

Inductive Proof

   run\ [\![e_1 * e_2]\!]\ S = \\
   run\ ([\![e_1]\!] ::: [\![e_2]\!] ::: *)\ S = \\
   run\ ([\![e_2]\!] ::: *)\ (run\ [\![e_1]\!]\ S) = \\
   run\ ([\![e_2]\!] ::: *)\ (S ::: eval(e_1)) = \\
   run\ (*)\ (run\ [\![e_2]\!]\ (S ::: eval(e_1))) = \\
   run\ (*)\ (S ::: eval(e_1) ::: eval(e_2)) = \\
   S ::: (eval(e_1) * eval(e_2)) = \\
   S ::: eval(e_1 * e_2)