diff options
| -rw-r--r-- | wiley.ps | 21900 | ||||
| -rw-r--r-- | wiley.ps.gz | bin | 0 -> 431755 bytes |
2 files changed, 0 insertions, 21900 deletions
diff --git a/wiley.ps b/wiley.ps deleted file mode 100644 index f18f0cf..0000000 --- a/wiley.ps +++ /dev/null @@ -1,21900 +0,0 @@ -%!PS-Adobe-2.0 -%%Creator: dvips(k) 5.78 Copyright 1998 Radical Eye Software (www.radicaleye.com) -%%Title: notes.dvi -%%Pages: 250 -%%PageOrder: Ascend -%%BoundingBox: 0 0 596 842 -%%EndComments -%DVIPSCommandLine: dvips -f notes.dvi -%DVIPSParameters: dpi=600, compressed -%DVIPSSource: TeX output 1999.09.29:1650 -%%BeginProcSet: texc.pro -%! -/TeXDict 300 dict def TeXDict begin /N{def}def /B{bind def}N /S{exch}N -/X{S N}B /TR{translate}N /isls false N /vsize 11 72 mul N /hsize 8.5 72 -mul N /landplus90{false}def /@rigin{isls{[0 landplus90{1 -1}{-1 1} -ifelse 0 0 0]concat}if 72 Resolution div 72 VResolution div neg scale -isls{landplus90{VResolution 72 div vsize mul 0 exch}{Resolution -72 div -hsize mul 0}ifelse TR}if Resolution VResolution vsize -72 div 1 add mul -TR[matrix currentmatrix{dup dup round sub abs 0.00001 lt{round}if} -forall round exch round exch]setmatrix}N /@landscape{/isls true N}B -/@manualfeed{statusdict /manualfeed true put}B /@copies{/#copies X}B -/FMat[1 0 0 -1 0 0]N /FBB[0 0 0 0]N /nn 0 N /IE 0 N /ctr 0 N /df-tail{ -/nn 8 dict N nn begin /FontType 3 N /FontMatrix fntrx N /FontBBox FBB N -string /base X array /BitMaps X /BuildChar{CharBuilder}N /Encoding IE N -end dup{/foo setfont}2 array copy cvx N load 0 nn put /ctr 0 N[}B /df{ -/sf 1 N /fntrx FMat N df-tail}B /dfs{div /sf X /fntrx[sf 0 0 sf neg 0 0] -N df-tail}B /E{pop nn dup definefont setfont}B /ch-width{ch-data dup -length 5 sub get}B /ch-height{ch-data dup length 4 sub get}B /ch-xoff{ -128 ch-data dup length 3 sub get sub}B /ch-yoff{ch-data dup length 2 sub -get 127 sub}B /ch-dx{ch-data dup length 1 sub get}B /ch-image{ch-data -dup type /stringtype ne{ctr get /ctr ctr 1 add N}if}B /id 0 N /rw 0 N -/rc 0 N /gp 0 N /cp 0 N /G 0 N /sf 0 N /CharBuilder{save 3 1 roll S dup -/base get 2 index get S /BitMaps get S get /ch-data X pop /ctr 0 N ch-dx -0 ch-xoff ch-yoff ch-height sub ch-xoff ch-width add ch-yoff -setcachedevice ch-width ch-height true[1 0 0 -1 -.1 ch-xoff sub ch-yoff -.1 sub]/id ch-image N /rw ch-width 7 add 8 idiv string N /rc 0 N /gp 0 N -/cp 0 N{rc 0 ne{rc 1 sub /rc X rw}{G}ifelse}imagemask restore}B /G{{id -gp get /gp gp 1 add N dup 18 mod S 18 idiv pl S get exec}loop}B /adv{cp -add /cp X}B /chg{rw cp id gp 4 index getinterval putinterval dup gp add -/gp X adv}B /nd{/cp 0 N rw exit}B /lsh{rw cp 2 copy get dup 0 eq{pop 1}{ -dup 255 eq{pop 254}{dup dup add 255 and S 1 and or}ifelse}ifelse put 1 -adv}B /rsh{rw cp 2 copy get dup 0 eq{pop 128}{dup 255 eq{pop 127}{dup 2 -idiv S 128 and or}ifelse}ifelse put 1 adv}B /clr{rw cp 2 index string -putinterval adv}B /set{rw cp fillstr 0 4 index getinterval putinterval -adv}B /fillstr 18 string 0 1 17{2 copy 255 put pop}for N /pl[{adv 1 chg} -{adv 1 chg nd}{1 add chg}{1 add chg nd}{adv lsh}{adv lsh nd}{adv rsh}{ -adv rsh nd}{1 add adv}{/rc X nd}{1 add set}{1 add clr}{adv 2 chg}{adv 2 -chg nd}{pop nd}]dup{bind pop}forall N /D{/cc X dup type /stringtype ne{] -}if nn /base get cc ctr put nn /BitMaps get S ctr S sf 1 ne{dup dup -length 1 sub dup 2 index S get sf div put}if put /ctr ctr 1 add N}B /I{ -cc 1 add D}B /bop{userdict /bop-hook known{bop-hook}if /SI save N @rigin -0 0 moveto /V matrix currentmatrix dup 1 get dup mul exch 0 get dup mul -add .99 lt{/QV}{/RV}ifelse load def pop pop}N /eop{SI restore userdict -/eop-hook known{eop-hook}if showpage}N /@start{userdict /start-hook -known{start-hook}if pop /VResolution X /Resolution X 1000 div /DVImag X -/IE 256 array N 2 string 0 1 255{IE S dup 360 add 36 4 index cvrs cvn -put}for pop 65781.76 div /vsize X 65781.76 div /hsize X}N /p{show}N -/RMat[1 0 0 -1 0 0]N /BDot 260 string N /rulex 0 N /ruley 0 N /v{/ruley -X /rulex X V}B /V{}B /RV statusdict begin /product where{pop false[ -(Display)(NeXT)(LaserWriter 16/600)]{dup length product length le{dup -length product exch 0 exch getinterval eq{pop true exit}if}{pop}ifelse} -forall}{false}ifelse end{{gsave TR -.1 .1 TR 1 1 scale rulex ruley false -RMat{BDot}imagemask grestore}}{{gsave TR -.1 .1 TR rulex ruley scale 1 1 -false RMat{BDot}imagemask grestore}}ifelse B /QV{gsave newpath transform -round exch round exch itransform moveto rulex 0 rlineto 0 ruley neg -rlineto rulex neg 0 rlineto fill grestore}B /a{moveto}B /delta 0 N /tail -{dup /delta X 0 rmoveto}B /M{S p delta add tail}B /b{S p tail}B /c{-4 M} -B /d{-3 M}B /e{-2 M}B /f{-1 M}B /g{0 M}B /h{1 M}B /i{2 M}B /j{3 M}B /k{ -4 M}B /w{0 rmoveto}B /l{p -4 w}B /m{p -3 w}B /n{p -2 w}B /o{p -1 w}B /q{ -p 1 w}B /r{p 2 w}B /s{p 3 w}B /t{p 4 w}B /x{0 S rmoveto}B /y{3 2 roll p -a}B /bos{/SS save N}B /eos{SS restore}B end - -%%EndProcSet -TeXDict begin 39158280 55380996 1000 600 600 (notes.dvi) -@start -%DVIPSBitmapFont: Fa cmsy6 6 1 -/Fa 1 49 df<EA01E0EA03F0A4EA07E0A213C0120FA21380A2EA1F00A2121EA2123E123C -A25AA3127012F05A12600C1A7E9B12>48 D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fb cmcsc10 12 26 -/Fb 26 123 df<EC7FC0903803FFF890380FC07E90393F001F80017E6D7E496D7E48486D -7E48486D7EA248486D7E000F8149147E001F157FA3003F1680A249143F007F16C0A600FF -16E0B3A2007F16C0A66C6CEC7F80A3001F1600A36C6C14FEA200075D6D130100035D6C6C -495A6C6C495A017E495A6D495A90260FC07EC7FC903803FFF89038007FC02B447BC137> -48 D<1438147814F81303130F13FFB5FC13F713071200B3B3B0497E497EB712C0A32242 -76C137>I<49B4FC010F13F0013F13FC9038FC03FF2601E00013C0D807C0EB3FE048486D -7E90C76C7E001E6E7E4881003814030078811270007C80B416807F7F81A46C485B6CC7FC -C8FC17005DA25E15075E4B5AA24B5A5E4B5A4B5A4BC7FC5D4A5A4A5A4A5AEC0FC04A5A92 -C8FC143E5C5C495A4948EB0380EB078049C7FC011EEC07005B5B5B48485C485A49141E48 -B612FE5A5A5A5AB75AA329427AC137>I<157015F8A34A7EA24A7EA3EC077FA2020F7FEC -0E3FA2021E7FEC1C1FA24A6C7EA202787FEC7007A24A6C7EA2010180ECC001A2010380EC -8000A249C7127FA2498191B6FCA24981011CC7121F013C810138140FA201788101701407 -A201F06E7E5B000182487E000782D81FF84A7EB5027F13F8A335347CB33D>97 -D<B77E16F016FC3A03FC0003FF6C4801001380EE3FC017E0161FEE0FF0A217F8A21607A2 -160FA217F0161F17E0EE3FC0EE7F80EEFF00ED03FE90B612F0A29039F80007FE9238007F -80EE1FC0EE0FF0EE07F817FC160317FE160117FFA617FE1603A2EE07FCEE0FF8EE1FF0EE -3FE0486C903801FFC0B8120016FC16E030337BB23A>I<4AB4EB0180021FEBF00391B5EA -FC0701039038007E0FD907F8EB0F9FD91FE0EB03DF4948EB01FF01FFC8FC4848157F4848 -153FA24848151F4848150F121F491507123F5BA2007F1603A3484892C7FCAB6C7EEF0380 -A2123FA27F001F16076D1600000F5E6C6C150E6C6C151E171C6C6C153C6C6C5DD93FC05C -6D6CEB03E0D907F8495A902703FF807FC7FC0100EBFFFC021F13F00201138031357BB33B ->I<B7FC16F016FC3A03FE0003FF6C489038007F80EE1FE0707E707E707E1601707E177F -A21880173F18C0A2EF1FE0A418F0AA18E0A4EF3FC0A21880177F180017FE16015F4C5AEE -0FF04C5AEE7FC0486CD903FFC7FCB712FC16F093C8FC34337BB23E>I<B812F0A3D803FE -C7123F6C48EC07F816011600A21778A21738A3171C1507A31700A25DA25D157F90B6FCA3 -9038FC007F151F81A2811707A3170E92C7FCA4171EA2173CA2177C17FC16011607486C14 -3FB812F8A330337BB238>I<B812C0A3D803FEC7FC6C48EC1FE0160716031601A21600A4 -1770A2150EA21700A3151EA2153E15FE90B5FCA3EBFC00153E151EA2150EA592C8FCAB48 -B4FCB512FEA32C337BB235>I<DA03FF1303021FEBE00791B5EAF80F0103903800FE1FD9 -0FF8EB1F3FD91FE0EB07BFD97F806DB4FC49C77E484880484881484881A2484881121F49 -81123F5BA2007F82A25B00FF93C7FCAA4BB512F86C7EA2DB00011380003F6F1300837F12 -1F7F120F6C7E7F12036C7E6C6C5DEB7FC0D91FE05BD90FF8EB07DF903A03FF803F8F0100 -9038FFFE07021FEBF80302030180C7FC35357BB340>I<B5D8F803B512E0A3D803FEC738 -0FF8006C486E5AB390B7FCA301FCC71207B3A3486C4A7EB5D8F803B512E0A333337BB23D ->I<B512F8A33803FE006C5AB3B3A7487EB512F8A315337BB21E>I<90383FFFFEA3903800 -7FE0EC1FC0B3B1127EB4FCA4EC3F805A0070EB7F006C137E001E5B380F83F83803FFE0C6 -90C7FC1F347BB22A>I<B500F890380FFFF0A3D803FEC76C13806C48913803FC0017F04C -5A5F4CC7FC161E5E5E5EED03E04B5A4B5A4BC8FC153E5D15F014014A7E4A7E140F4A7EEC -7CFF4A6C7EEBFDF09039FFE03FC04A6C7EEC800FD9FE007F496D7E6F7EA26F7E6F7E8283 -707E707EA2707E707E83160383486C913807FF80B500F8011F13F8A335337BB23F>I<B5 -12FEA3000390C9FCEA01FCB3A9EE01C0A416031780A41607A2160F161FA2167FEEFF0048 -6C1307B8FCA32A337BB233>I<D8FFFEEE7FFFA26D93B5FC000318C06C1880D9DF80EC01 -DFA2D9CFC0EC039FA3D9C7E0EC071FA2D9C3F0140EA3D9C1F8141CA2D9C0FC1438A3027E -1470A26E14E0A391391F8001C0A291390FC00380A3913907E00700A2913803F00EA36E6C -5AA26E6C5AA3ED7E70A26F5AA3486C6D5A487ED81FFC6D48EB3FC0B50080020FB5FCA2ED -070040337BB24A>I<D8FFFC91383FFFE07FA2D801FF020713006EEB01FC6E6D5A1770EB -DFE0EBCFF013C780EBC3FC13C180EBC0FF80816E7E6E7EA26E7E6E7E1403816E7E140081 -ED7F80ED3FC0A2ED1FE0ED0FF0150716F8ED03FC150116FEED00FF167F17F0163F161FA2 -160F1607486C1403487ED81FFC1401B56C1300A2177033337BB23D>I<EC07FF023F13E0 -903901FE03FC903907F0007FD90FC0EB1F80D93F80EB0FE049C76C7E01FE6E7E48486E7E -48486E7E4848157FA24848ED3F80001F17C0A24848ED1FE0A3007F17F049150FA300FF17 -F8AA007F17F06D151FA2003F17E0A26D153F001F17C0A26C6CED7F80000717006D5D0003 -5E6C6C4A5A6C6C4A5A017F4A5A6D6C495AD90FC0EB1F80D907F0017FC7FC903901FE03FC -9039003FFFE0020790C8FC35357BB33F>I<B7FC16F016FC3A03FE0003FF6C489038007F -80EE3FC0EE1FE0EE0FF0A2EE07F8A217FCA617F8A2EE0FF0A2EE1FE0EE3FC0EEFF00ED03 -FE90B612F816C001FCC9FCB3A2487EB512F8A32E337BB238>I<EC07FF023F13E0903901 -FE03FC903907F0007FD90FC0EB1F80D93F80EB0FE049C76C7E01FE6E7E48486E7E48486E -7E0007824981000F17804848ED3FC0A2003F17E049151FA2007F17F0A249150FA200FF17 -F8AA007F17F0A26D151F003F17E0A36C6CED3FC0A26C6CED7F80000702F814009026F803 -FE5B0003D907075B3B01FC0E0381FC3B00FE0C01C3F8017F903800E7F0D93F8CEBEFE0D9 -0FCCEB7F80D907FE91C7FC903901FF03FC9027003FFFF813180207133C91C7123E183804 -3F137893381FC1F8EFFFF0A37013E0A27013C0701380701300EE007C35427BB33F>I<B6 -12F8EDFF8016E03A03FE000FF86C48EB03FEED00FF707E707E83161FA283A55FA24C5A5F -4CC7FC16FEED03FCED1FF090B6128003FCC8FC9038FC003FED0FC06F7E6F7E6F7E821500 -82A382A383A4EFC01CA2167FEFE03C486C023F1338B500F890381FF07893380FF8F09338 -03FFE0CAEA7F8036347BB23C>I<90390FF0018090387FFE0348B512873907F00FEF390F -C001FF48C7FC003E143F151F5A150F5A1507A36C1403A27E6C91C7FC6C7E7FEA3FF8EBFF -806C13FC6CEBFFC06C14F06C80C614FE011F7F01031480D9001F13C014019138003FE015 -1F150FED07F0150312E01501A37EA216E06C1403A26CEC07C06CEC0F806C6CEB1F0001E0 -133ED8FBFE13FC00F0B55AD8E01F13E0D8C00390C7FC24357BB32E>I<007FB812C0A390 -3A8007FC003F277E0003F8130F007C16070078160300701601A200F017E0A2481600A6C7 -1600B3AA4A7E4A7E010FB512FEA333327CB13B>I<B500F890383FFFE0A3D803FEC70007 -13006C48EC01FC705A1770B3AE000016F06D5DA2017E1401017F4A5A7F6D6C495A6E49C7 -FC6D6C131ED903F0137C903901FE03F89039007FFFE0021F1380DA03FCC8FC33347BB23D ->I<B500F091387FFF80A30003018091381FFC006C90C8EA0FE06C6D5D017F5E6D6C4AC7 -FC171E6D6C5C6D6C143817786D6C5C6D6C5C16016D6C495A6D6C5C16076E6C48C8FC9138 -3FC00E161E6E6C5A91380FF03816786E6C5A6E6C5AEDFDC0EC01FF6E5B93C9FC81B14B7E -023F13FEA339337EB23D>121 D<003FB7FCA39039FC0001FE01E01303018014FC90C7EA -07F8003E140F003C15F0007CEC1FE00078EC3FC0A2ED7F800070ECFF00A24A5A4A5AC712 -075D4A5A141F5D4A5A4A5AA24AC7FC495AA2495A495A130F4A1307495A133F5C495A49C7 -FC160F485A485AA24848141E485A001F153E49147E484814FE007F140349131FB7FCA328 -337BB232>I E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fc cmmi8 8 17 -/Fc 17 117 df<14C0A5497EA700F0EC03C039FF83F07F003FB61200000F14FC000114E0 -6C6C1380D91FFEC7FCEB07F8497EA2497EEB3F3FEB3E1F496C7EEB7807496C7EA248486C -7E48486C7E49137090C71230222180A023>63 D<013FB512FEEEFFC0903A00FE0007F0EE -01F84AEB007E8301018118804A140F18C00103150718E05CA21307A25CA2130FA24A140F -A2131F18C04A141FA2013F1680173F91C81300A249157EA2017E5D5F01FE14014C5A494A -5A4C5A00014BC7FC163E4914FCED03F00003EC1FC0B7C8FC15F8332D7CAC3A>68 -D<013FB71280A2D900FEC7127F170F4A1407A20101150318005CA21303A25C1630010714 -7094C7FC4A136016E0130F15019138C007C091B5FC5BECC0074A6C5AA2133FA20200EB00 -0CA249151C92C71218017E1538173001FE15705F5B4C5A000115034C5A49140F161F0003 -4AB4C7FCB8FC5E312D7DAC34>I<90383FFFFCA2903800FE00A25CA21301A25CA21303A2 -5CA21307A25CA2130FA25CA2131FA25CA2133FA291C7FCA25BA2137EA213FEA25BA21201 -A25BA21203B512E0A21E2D7DAC1F>73 D<ED7FC0913807FFF891381F807E91397C001F80 -D901F0EB0FC0D907E0EB03E0D90F8014F049C71201013EEC00F84915FC5B12014848157E -485AA2485A121FA2485A17FE90C9FC5AA300FEED01FCA3EE03F8A217F0160717E0160FEE -1FC01780007EED3F005E6C157E5E6C6C495AED03E06C6CEB0FC06C6C49C7FCD803F8137E -3900FE03F890383FFFC0D907FEC8FC2F2F7CAD36>79 D<013FB6FC17E0903A00FE0007F0 -EE01FC4AEB007EA2010181A25C1880010316005F5CA2010715FEA24A5C4C5A010F4A5A4C -5A4AEB1F8004FFC7FC91B512F84914C00280C9FCA3133F91CAFCA35B137EA313FE5BA312 -015BA21203B512E0A2312D7DAC2D>I<913807F00691383FFE0E9138F80F9E903903E001 -FE903807800049C7127C131E49143CA2491438A313F81630A26D1400A27FEB7F8014F86D -B47E15F06D13FC01077F01007F141F02011380EC003F151F150FA215071218A3150F0038 -1500A2151EA2007C5C007E5C007F5C397B8003E039F1F00F8026E07FFEC7FC38C00FF027 -2F7CAD2B>83 D<B500C090380FFFC0A2D807F8C73801FC006C48EC00F05F4C5A5F6D4AC7 -FC120116065EA25E6D5C12005E5EA24B5A6D49C8FCA2017E13065DA25D017F5BA26D5B5D -A24A5A0283C9FCA2EB1F86148CA2149814F0A26D5A5CA25C91CAFCA21306322E7CAC29> -86 D<90260FFFFCEB7FFFA29026007FC0EB0FF06E48148018006E6C131E1718020F5C6F -5B02075C6F485A020349C7FCEDF8065E6E6C5A5E6E6C5A5EED7F8093C8FC6F7EA26F7E15 -3F156FEDCFE0EC018791380307F0EC0703020E7F141C4A6C7E14704A6C7E495A4948137F -49C7FC010E6E7E5B496E7E5BD801F081D807F8143FD8FFFE0103B5FCA2382D7EAC3A>88 -D<EB07E0EB1FF890387C1CE0EBF80D3801F00F3803E007EA07C0120FD81F8013C0A2EA3F -00140F481480127EA2141F00FE14005AA2EC3F02EC3E06A25AEC7E0E007CEBFE0C14FC01 -01131C393E07BE18391F0E1E38390FFC0FF03903F003C01F1F7D9D25>97 -D<13F8121FA21201A25BA21203A25BA21207A25BA2120FEBC7E0EB9FF8EBB83C381FF01E -EBE01F13C09038800F80EA3F00A2123EA2007E131FA2127CA2143F00FC14005AA2147EA2 -147C14FC5C387801F01303495A383C0F806C48C7FCEA0FFCEA03F0192F7DAD1E>I<EB01 -F8EB0FFE90383E0780EB7C01D801F813C03803F0073807E00FEA0FC001801380121F48C8 -FCA25A127EA312FE5AA51560007C14E0EC01C0EC03806CEB0F00001E131C380F81F83807 -FFE0C648C7FC1B1F7D9D1F>I<157C4AB4FC913807C380EC0F87150FEC1F1FA391383E0E -0092C7FCA3147E147CA414FC90383FFFF8A2D900F8C7FCA313015CA413035CA413075CA5 -130F5CA4131F91C8FCA4133EA3EA383C12FC5BA25B12F0EAE1E0EA7FC0001FC9FC213D7C -AE22>102 D<14FCEB03FF90380F839C90381F01BC013E13FCEB7C005B1201485A15F848 -5A1401120F01C013F0A21403121F018013E0A21407A215C0A2000F130F141F0007EB3F80 -EBC07F3803E1FF3800FF9F90383E1F0013005CA2143EA2147E0038137C00FC13FC5C495A -38F807E038F00F80D87FFEC7FCEA1FF81E2C7E9D22>I<90387C01F89038FE07FE3901CF -8E0F3A03879C0780D907B813C0000713F000069038E003E0EB0FC0000E1380120CA2D808 -1F130712001400A249130F16C0133EA2017EEB1F80A2017C14005D01FC133E5D15FC6D48 -5A3901FF03E09038FB87C0D9F1FFC7FCEBF0FC000390C8FCA25BA21207A25BA2120FA2EA -FFFCA2232B829D24>112 D<903807E03090381FF87090387C1CF0EBF80D3801F00F3903 -E007E0EA07C0000F1303381F800715C0EA3F00A248130F007E1480A300FE131F481400A3 -5C143E5A147E007C13FE5C1301EA3E07EA1F0E380FFCF8EA03F0C7FC13015CA313035CA2 -1307A2EBFFFEA21C2B7D9D20>I<130E131FA25BA2133EA2137EA2137CA213FCA2B512F8 -A23801F800A25BA21203A25BA21207A25BA2120FA25BA2001F1310143013001470146014 -E0381E01C0EB0380381F0700EA0F0EEA07FCEA01F0152B7EA919>116 -D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fd cmr6 6 7 -/Fd 7 110 df<1438B2B712FEA3C70038C7FCB227277C9F2F>43 -D<13FF000313C0380781E0380F00F0001E137848133CA248131EA400F8131FAD0078131E -A2007C133E003C133CA26C13786C13F0380781E03803FFC0C6130018227DA01E>48 -D<13E01201120712FF12F91201B3A7487EB512C0A212217AA01E>I<EA01FC3807FF8038 -1C0FC0383003E0386001F0EB00F812F86C13FCA2147C1278003013FCC7FC14F8A2EB01F0 -EB03E014C0EB0780EB0F00131E13385B5B3801C00CEA0380380600185A5A383FFFF85AB5 -12F0A216217CA01E>I<13FF000313C0380F03E0381C00F014F8003E13FC147CA2001E13 -FC120CC712F8A2EB01F0EB03E0EB0FC03801FF00A2380003E0EB00F01478147C143E143F -1230127812FCA2143E48137E0060137C003813F8381E03F0380FFFC00001130018227DA0 -1E>I<14E01301A213031307130F130D131913391371136113C11201EA03811301120612 -0E121C12181230127012E0B6FCA2380001E0A6EB03F0EB3FFFA218217DA01E>I<3A0F0F -F00FF03AFF3FFC3FFC9039703E703E3A1FC01FC01F6C486C487EA201001300AD3BFFF0FF -F0FFF0A22C157D9432>109 D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fe cmbsy10 12 2 -/Fe 2 21 df<007FBA12F8BB12FCA46C19F84606779B59>0 D<1A78F101FC1907191F19 -7F953801FFF8060713C0061F1300F07FFC943801FFF0050713C0051F90C7FCEF7FFC9338 -01FFF0040713C0041F90C8FCEEFFFC030313F0030F13C0033F90C9FCEDFFFC020313F002 -0F1380DA3FFECAFCECFFF8010313E0010F1380D93FFECBFCEBFFF8000313E0000F1380D8 -3FFECCFCEAFFF813E0A213F8EA7FFE380FFF80000313E0C613F8EB3FFE90380FFF800103 -13E0010013F8EC3FFE91380FFF80020313E0020013FCED3FFF030F13C0030313F0030013 -FCEE3FFF040713C0040113F09338007FFCEF1FFF050713C0050113F09438007FFCF01FFF -060713C0060113F09538007FFC191F19071901F100781A00B2003FBA12F04819F8BB12FC -A36C19F8465C77C459>20 D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Ff cmmib10 12 2 -/Ff 2 64 df<127812FE6C7E13E013F8EA3FFE380FFF80000313E0C613F8EB3FFE90380F -FF80010313E0010013F8EC3FFE91380FFF80020313F0020013FCED3FFF030F13C0030313 -F0030013FCEE1FFF040713C0040113F09338007FFCEF1FFF050713C0050113F09438007F -FCF01FFF060713C0060113F89538007FFC191FA2197F953801FFF8060713C0061F1300F0 -7FFC943801FFF0050713C0051F90C7FCEF7FFC933801FFF0040713C0041F90C8FCEEFFFC -030313F0030F13C0033F90C9FCEDFFFC020313F0020F1380DA3FFECAFCECFFF8010313E0 -010F1380D93FFECBFCEBFFF8000313E0000F1380D83FFECCFCEAFFF813E0138048CDFC12 -78464477BA59>62 D<156015F0A34A7EA64A7EA64A7E00401720D8FFC0ED3FF0D9FF87EB -1FFF91B7FC6C17E0001F17800007EEFE00000116F86C6C15E0011F158001074AC7FC0101 -14F86D5C6E5BA291B57EA24980A249EB9FFC150F49486C7EECFC0349486C7E4A7E49486D -7E4A133F49486D7E91C7120F013E1407496E7E0178140101306E5A34327EB139>I -E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fg cmex10 10 12 -/Fg 12 126 df<EE03C0160F163F167F923801FF004B5A4B5AED0FF04B5A4B5A4B5A4BC7 -FC5C5D4A5A14075D4A5AA2141F5DA24A5AA44A5AB3B3B3B214FF92C8FCA35B5CA2495AA2 -5C13075C130F495A5C133F495A49C9FC485A485A485A485AEA1FC0485AB4CAFC12FCA2B4 -FCEA3F806C7EEA0FF06C7E6C7E6C7E6C7E6D7E6D7E131F806D7E130780130380A26D7EA2 -807FA381147FB3B3B3B26E7EA46E7EA281140FA26E7E8114036E7E81806F7E6F7E6F7E6F -7EED07FC6F7E6F7E9238007FC0163F160F16032AF8748243>40 D<EC01F01407140F143F -147F903801FFC0491380491300495A495A495A495A5C495A485B5A91C7FC485AA2485AA2 -485AA2123F5BA2127F5BA412FF5BB3B3A71C4B607E4A>56 D<EAFFC0B3B3A77F127FA47F -123FA27F121FA26C7EA26C7EA26C7E807E6C7F6D7E806D7E6D7E6D7E6D7E6D13806D13C0 -9038007FF0143F140F140714011C4B60804A>58 D<EC1FF8B3B3A7143F15F0A4EC7FE0A3 -15C014FFA2491380A215005B5C1307495A5C131F495A5C495A495A4890C7FC485A485A48 -5A485AEA7FE0EAFF8090C8FC12FCB4FC7FEA7FE0EA1FF06C7E6C7E6C7E6C7E6C7F6D7E6D -7E806D7E130F806D7E1303807F1580A26D13C0A2147F15E0A3EC3FF0A415F8141FB3B3A7 -1D9773804A>60 D<EAFFC0B3A90A1B60804A>62 D<0078EF078000FCEF0FC0B3B3B3B3A4 -BAFCA47E6C18803A537B7F45>70 D<0078EF078000FCEF0FC0B3B3B3A46C171F007E1880 -A2007F173F6C1800A26D5E001F177E6D16FE6C6C4B5A6D15036C6C4B5A6C6C4B5A6C6C4B -5A6C6C6CEC7FC06D6C4A5AD93FF8010790C7FC6DB4EB3FFE6D90B55A010315F06D5D6D6C -1480020F01FCC8FC020113E03A537B7F45>83 D<913801FFE0020F13FC027FEBFF8049B6 -12E04981010F15FC499038003FFED93FF8EB07FFD97FC001007F49486E7E4848C8EA1FE0 -48486F7E48486F7E48486F7E49150148486F7E49167E003F177F90CA7EA2481880007E17 -1FA200FE18C048170FB3B3B3A40078EF07803A537B7F45>I<EE7F80ED0FFF157F4AB5FC -140F143F5C49B6FC13075B4991C7FC4913E090B5C8FC4813F84813E014804848C9FC485A -EA1FF0485A5B485A48CAFCA25A5A5A291B838925>122 D<B4FC13F813FF14C014F814FE -8015C015F081C66C7F01037F9039007FFF80020F7F02037F1400ED3FF06F7EED07FC6F7E -15016F7EEE7F80A2163F161F160F291B818925>I<12F87E7E7EA26C7E6C7E7F6C7EEA0F -FC6C7E6C6C7E14E06C13F86C13FF013F13E06D13FF6DECFF807F13016D7E80140F14016E -7E150FED007F291B839A25>I<EE0F80161F163F167FA2EEFF004B5A15034B5AED1FF84B -5AEDFFE01403020F5B027F5B902603FFFEC7FC017F5BB65A5D15C092C8FC5C14F814C091 -C9FC13F890CAFC291B819A25>I E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fh lasy10 12 2 -/Fh 2 51 df<127012FCB4FC13C013F0EAF7FCEAF1FF38F07FC0EB1FF0EB07FCEB01FF90 -38007FC0EC1FF0EC07FE913801FF809138007FE0ED1FF8ED03FE923800FF80EE3FE0EE0F -F8EE03FE933800FF80EF3FE0EF0FF8EF03FE943800FF80F03FE0F00FF0A2F03FE0F0FF80 -943803FE00EF0FF8EF3FE0EFFF80DC03FEC7FCEE0FF8EE3FE0EEFF80DB03FEC8FCED1FF8 -ED7FE0913801FF80DA07FEC9FCEC1FF0EC7FC04948CAFCEB07FCEB1FF0EB7FC0D8F1FFCB -FCEAF7FCEAFFF013C090CCFC12FC12703C3A78B54D>3 D<003FB9FC481880BAFCA200F0 -CA1207B3B3ADBAFCA37E393977BE4A>50 D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fi cmsy8 8 6 -/Fi 6 85 df<B812C0A32A037A9137>0 D<130C131EA50060EB01800078130739FC0C0F -C0007FEB3F80393F8C7F003807CCF83801FFE038007F80011EC7FCEB7F803801FFE03807 -CCF8383F8C7F397F0C3F8000FCEB0FC039781E078000601301000090C7FCA5130C1A1D7C -9E23>3 D<137813FE1201A3120313FCA3EA07F8A313F0A2EA0FE0A313C0121F1380A3EA -3F00A3123E127E127CA35AA35A0F227EA413>48 D<171017F0160116031607A2160FA216 -1F161B163B1633167316E3A2ED01C316831503EE03F81507150E1601151C1538A2157015 -E0A2EC01C0EC038083EC0700140E92B5FC141F5C5C0270C77E5C495AD82003157E387007 -80D8780FC8127FEAFE3ED8FFFE160449ED3F9C4916F86C4816E06C48ED1FC06C48ED0E00 -0007CBFC36337EAF38>65 D<496C13FC0107EB07FF011F011F1380017F017F13C03B01FF -81E07FE03A039F03801F3A021F0F000F26003F1E13075C4A14C014F84AEB0F804A14004A -131E017F14384A5B4B5A9138000F80033EC7FC9038FE01FF020713E0021F13F849487F91 -38001FFE4848EB03FF1500EE7F8049143FA20003151FA25BA21207491500A2000F153E5B -5E001F1578013C5C01FEEB01C03A3FFFC01F80003ED9FFFEC7FC486C13F8D8703F13C026 -C007FCC8FC2B2F7EAD2E>I<180C183C0107B712F8011F16E0017F16C048B81200270380 -007CC8FC000FC712FC121E123E007E495A127C12FC12F000C0495AC7FCA34A5AA44A5AA4 -4A5AA4143F92C9FCA4147EA3147C14FCA25C1301A25C13035CA2495A5C010ECAFC130836 -347DAE27>84 D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fj cmbx12 17.28 43 -/Fj 43 122 df<94387FFF80041FB512F04BB612FC030F81037F6F7E4AB5D8E0077F4A49 -C76C7E020F01F0EC1FF04A01C0147F4A90C8487E4A485C4A484A7F49495C495BA2495B4E -7F49705B5DA3725B725B725B735A96C9FCAB0503B512FEBBFCA6D8000F01E0C7120184B3 -B3AF003FB6D8F803B71280A651657DE45A>12 D<EA01FCEA07FF4813804813C04813E048 -13F0A2B512F8A76C13F0A26C13E06C13C06C13806C1300EA01FC151574942D>46 -D<16F04B7E1507151F153FEC01FF1407147F010FB5FCB7FCA41487EBF007C7FCB3B3B3B2 -007FB91280A6395D74DC51>49 D<913801FFF8023FEBFFC049B612FC010715FF011F16C0 -4916F09026FFFC0180489026C0003F13FE4890C7000F7FD807FC0203148048486E14C048 -486E14E0496F13F0D83FFC816D17F8486C816E6E13FCB57E19FE6E80A219FFA283A36C5B -A26C5B6C90C8FCD807FC5DEA01F0CA14FEA34D13FCA219F85F19F04D13E0A24D13C01980 -94B512004C5B604C5B4C5B4C5B604C5B4C48C7FC4C5A4C5A4B13E04B5B4B5B4CC8FC4B5A -4B5A4B5ADB7FC0143F4B5A4A90C8FC4A5A4A48157EEC0FF04A5A4A5A4A5A4AC912FEEB01 -FC495A4948ED01FC4948150749B8FC5B5B90B9FC5A4818F85A5A5A5A5ABAFCA219F0A440 -5D78DC51>I<92B5FC020F14F8027F14FF49B712E001078249D9C01F13FC90273FFC0003 -7FD97FE001007FD9FF806E7F4848C86C7F6D834801C06E7F487F6E826E80486D82A4805C -A37E4A4A5B6C5B6C5B6C495E011FC85A90C95CA24D5B6194B5FC4C91C7FC604C5B4C13F0 -041F5B047F1380030FB5C8FC020FB512FC17E0178017F8EFFF8091C7001F13E0040313F8 -7013FE706C7E7113C0717F85717F85838585A2711480A31AC0A2EA03FCEA0FFF487F487F -487FA2B57EA21A80A35F1A005C6C604A5C616C494A5B49C8FCD81FF84B5B6C6C4B5B6CB4 -6C91B55A6C01F001035C6C9026FF801F49C7FC6C6C90B65A6D16F0010F16C0010193C8FC -D9003F14F0020149C9FC425E79DC51>I<F01F804E7E187F18FFA25F5F5F5FA25F5F5FA2 -94B5FC5E5E5EA25E5EEE3FBFEE7F3FA216FEED01FCED03F8ED07F0A2ED0FE0ED1FC0ED3F -8016005D15FE4A5A4A5AA24A5A4A5A4A5A4A5AA24AC7FC14FE495A5C1303495A495A495A -5C133F49C8FC13FE485AA2485A485A485A5B121F485A48C9FC12FEBCFCA6CA6CEBC000B1 -037FB8FCA6485E7CDD51>I<01C0EE01C0D801F8160F01FF167F02F0EC07FFDAFF8090B5 -FC92B712801900606060606060604DC7FC5F17F017C04CC8FC16F8D9FC7F90C9FC91CBFC -AEED3FFF0203B512F0021F14FE027F6E7E01FDB712E090B5D8E00F7F9126FC000313FC02 -F001007F02C06E7E91C86C13804917C0496F13E05B6C486F13F090C9FC19F8A219FC8319 -FEA419FFA3EA03F0EA0FFC487E487E487FA2B57EA319FEA35C4D13FC6C90C8FC4917F85B -D83FF04B13F013806C6C17E06D4B13C06C6C4B13806C6C92B51200D803FE4A5B6C6C6C49 -5B6C01E0011F5BD97FFE90B55A6DB712C06D5E01074BC7FC010115F0D9003F1480020301 -F0C8FC405E78DC51>I<EE1FFF0303B512E0031F14F892B612FE020381020FD9F8037F4A -9039C0007FC0027F90C7EA1FE0DAFFFC6E7E4901F014074949EC7FF8494914FF49495B49 -90C7487F5B49485C495AA2485BA25A48496E5BA248705B715B4A6F5A4894C8FCA35AA25C -5A923801FFE0030F13FE033F6D7E4B14E002C1B612F8B526C3FE037F913AC7F0007FFF03 -C0011F7FDACF806D7F02DFC76C7F02DE6E7F14FE4A6E7F854A82A24A8283A24A1780A41A -C05CA27EA77EA3806C1980A37E1A007E5F6C6D5EA26C606E4A5B7E6D6C4A5B6E5E6D6C4A -5B6D6D495B6D01E0017F90C7FC01039039FC03FFFE6D90B612F86D5E023F15C0020F92C8 -FC020114FCDA001F1380425E79DC51>I<EA01FCEA07FF4813804813C04813E04813F0A2 -B512F8A76C13F0A26C13E06C13C06C13806C1300EA01FCC8FCB3A4EA01FCEA07FF481380 -4813C04813E04813F0A2B512F8A76C13F0A26C13E06C13C06C13806C1300EA01FC154074 -BF2D>58 D<F00FE04E7EA24E7EA34E7EA24E7EA34D7FA24D80A24D80A34D80A24D80A34D -80A2DD7FBF7FA2181F05FF8017FE04016D7FA24D7E04038217F804076D80A24D7E040F82 -17E0041F6D80A24D7F043F825F047F6E7FA294C77E4C825E03016F7FA24C800303845E03 -076F80A24C80030F845E031F6F80A24C81033F845E037F707F93B9FCA292BA7EA24A85A2 -03FCC912070203865D020771805D86020F864B82021F865D87023F864B83027F8692CBFC -874A864A840101875C0103738090381FFFC0B700E092B812FEA66F647BE37A>65 -D<BB12F0F2FF801BF81BFEF3FFC088D800010280C814F8081F7F080713FF748074808675 -7F757FA2757FA28987A289A965A263656365636598B55A505C5091C7FC505B081F5B087F -13F04FB512C096B6C8FC93B812F81BC01BF8F3FF801CE00480C8001F13F8080313FE746D -7E746C7F757F757F89757F757F89871E80A27514C0A41EE087A663A21EC0A3631E80A251 -14006365515B63515B98B55A08035C080F5C97B6C7FCBD5A1CF81CE099C8FC1BF898C9FC -63627AE173>I<942601FFFEED03C0057FD9FFF01407040FB600FE140F047FDBFFC0131F -0303B800F0133F030F05FC137F033F9127F8007FFE13FF92B548C73807FF81020302F002 -0113C34A02809138003FF7021F49C96CB5FC4A01F816074A01E08291B54816004991CB7E -494984494984495B494984498649498490B55A88485C884891CDFC481C7F5C5A1D3F5C5A -A21D1F485BA34899C7FCA35CA2B5FCB07EA280A37EA2F50FC06C7FA37E801D1F6C1D8080 -7E6C6E193F1E006C6E611D7E6D6D19FE6D6D616D1A016D6D4E5A6D6D18076D6D4E5A6D6D -6C4D5A6D6E4D5A6E6D4D5A6E01F84C48C7FC6E01FEEE07FE02076D6CED1FFC6E02F0ED7F -F0020002FE913803FFE0033FD9FFF8013F1380030F91B7C8FC030317FCDB007F16E0040F -1680DC007F02F8C9FC050191CAFC626477E275>I<BB12E0F2FF801BF01BFE757E1CF0D8 -00010280C7000780DF003F13FE08076D7E080180746C7F091F7F7513FC757F09017F878A -767F767F888A767FA2767FA2767FA28A881F80A37614C0A41FE0A5891FF0B09AB512E0A5 -1FC0A4521480A31F006466A2525BA2525BA2525B525BA2525B99B55A5191C7FC515B515B -091F5B097F5B50B512C008075C083F91C8FC0707B512FCBD12F01CC051C9FC1BF81B8008 -E0CAFC6C627AE17C>I<BD12FCA488A2D8000102C0C71201F1000F1A01F2007F1B3F1B0F -1B07757EA28787A288A3F43F80A31C1FA3197EA3F40FC0A499C7FC19FEA31801A2180318 -07181F18FF93B6FCA6EEC000181F180718031801A21800A21D7E197EA21DFCA696C81201 -1DF8A31C03A3F407F0A31C0FA21C1F1C3F1DE01C7F1CFF63631B0F093F13C098B5FC1A07 -97B6FCBEFCA31D80A35F617AE06A>I<BD12E0A41CF0A2D8000102C0C71207F1003F1A0F -1A031A001B7F1B3FF31FF81B0FA21B07A21B03A21B011CFCA31B00A419FCA21C7EA41C00 -A21801A31803A21807180F183FEF01FF93B6FCA6EEC001EF003F180F18071803A21801A3 -1800A896C9FCB3A5B912F8A657617AE065>I<B700E0040FB712808282A28282D800016E -DC000101FCC7FC719338001FC0A283838302FD8014FC6F7F6F7F836F80816F806F80846F -806F8082707F8470807080827080857080708083717F8571807180837180718086718084 -727F727F8772807280847280877280737F85737F1C807314C07314E0857314F07314F81C -FC7413FE867413FF74149F1DDF7414FF868686A287878787A287878787A28888888888A2 -8890261FFFC084B700F8831D7FA21D3F1D1F775A71627AE17E>78 -D<BB7E1AFCF2FFC01BF81BFE757ED800010280C7001F80070114F0DF003F7F080F7F747F -747F7414807414C0A27513E0A21DF0A27513F8A41DFCA91DF8A45113F0A21DE0A298B512 -C01D8062501400505B505B083F5B4FB512E0071F5C93B9C7FC1BFC1BF01B8008F0C8FC04 -C0CCFCB3B3A2B97EA65E627AE16E>80 D<DBFFFEEC01E0020FD9FFE01303027F02FC1307 -49B7EA800F010716E0011FEEF01F49D9C007EBFC3F4948C7383FFE7FD9FFF00207B5FC48 -4914014801806E7E4890C97E48170F4982001F834982123F844848177FA2193FA200FF18 -1FA36D170FA27FA26D17078080806E93C7FC6C13FCECFF8015F86CECFFC016FC6CEDFFE0 -17FE6CEEFFE018F86C17FE6C717E6C846C18F06D836D836D836D83010318807F6D6C17C0 -020F17E01401DA000F16F01500040715F8EE007F050314FC1700183F84060713FE84A200 -7C8300FC83A2197FA3193F7EA21AFC7EA36D18F86D177FA26D18F06D17FF6D18E06D5E6D -18C06D6C4B138002E05D02F84B130002FEED3FFE9026CFFFE0ECFFFC018701FF010713F0 -010191B65A486C6C5E021F93C7FC48010315FC48D9007F14E048020149C8FC476477E25A ->83 D<001FBEFCA64849C79126E0000F148002E0180091C8171F498601F81A0349864986 -A2491B7FA2491B3F007F1DC090C9181FA4007E1C0FA600FE1DE0481C07A5CA95C7FCB3B3 -B3A3021FBAFCA663617AE070>I<B800F8011FB80203B7FCA6D8000F91C9000102E0CAEB -FE006D72F207F0707260230F6D73627072171F6D6A708277173F6D7397C7FC70846B6E72 -197E707217FE6E726170855118016E6870731503636E68704C6E15076E68718451180F6E -DE7E7F607172151F6E06FE61714B7E08016F153F6E4E6C95C8FC71840803616F4D6C177E -7102076F15FE6F66714B7E080F7013016F4D6C5F7185081F18036F4D6C5F71023F701307 -6F94C75F728450180F6F047E6E5E7272131F1AFE6F4C6E5EDEE00171133F6F4C6E93C9FC -06F084070361704B6E157E06F87213FE1907704B6E5DDEFC0F1881704B6E5D06FE19C107 -1F18C3704B6E5DDEFF3F18E7706407BFC9FC07FF18FF704A705CA3704A705CA27099CAFC -4F82A27149705BA37149705BA27149705BA37149705BA37190CB5BA27148725AA3714872 -5A714872CBFCA0637DE1A7>87 D<913807FFFC91B612E0010715FC011F15FF4916C09027 -7FFC003F7FD9FFC0010F7F4801F001037F486D6D7F707F486D6E7E85717FA2717FA36C49 -6E7FA26C5B6C5BEB3F8090C9FCA70303B6FC92B7FC140F147F0103B5EAFE0F010F148001 -3FEBFC004913E048B512804849C7FC485B4813F05A5C485B5A5CA2B5C8FCA45FA25F806C -5E806C16FB6ED903F37F6C6DD907E313FF6C01FCD91FC114FE6C9027FF80FF8114FF0001 -91B5C6FC6C6C4A7F011F02F8131F010302E0010313FE9026003FFECAFC48437BC14E>97 -D<903807FF80B6FCA6C6FC7F7FB3A8EFFFF8040FEBFF80047F14F00381B612FC038715FF -038F010014C0DBBFF0011F7FDBFFC001077F93C700017F4B6E7F03F86F7E4B6F7E4B1780 -4B6F13C0A27313E0A27313F0A21BF8A37313FCA41BFEAE1BFCA3611BF8A31BF0611BE0A2 -4F13C06F17804F13006F5D6F4B5A6F4A5B4AB44A5B4A6C6C010F5B9126F83FE0013F13C0 -9127F00FFC01B55A4A6CB648C7FCDAC00115F84A6C15E091C7001F91C8FC90C8000313E0 -4F657BE35A>I<92380FFFF04AB67E020F15F0023F15FC91B77E01039039FE001FFF4901 -F0010113804901C0010713C049494913E0017F90C7FC49484A13F05C485B5A485BA2485B -7113E05A4A6E13C048701380943800FE0095C7FC5A5CA3B5FCAE7E80A37EA2806C18FCA2 -6C6D150119F86C7F6C17036EED07F06C6D16E06C6D150F6D6DEC1FC06D6DEC7F806D01F0 -ECFF00010701FCEB03FE6D9039FF803FFC010091B512F0023F5D020F1580020102FCC7FC -DA000F13C03E437BC148>I<F17FF8050FB5FCA6EF000F8484B3A892380FFF804AB512F8 -020F14FE023FECFF8391B712E301039138007FF34901F8EB0FFB011F01E00103B5FC4901 -8013004990C87E4948814849814849814A815A485BA25A5C5AA35A5CA3B5FCAE7EA46C7F -A37EA26C7FA26C6D5DA26C6D5D6C5F6C6D5D6D6C92B5FC6D6C0203806D01C049806D01F0 -D91FF7EBFFFE6D9039FE01FFE7010190B612876D6CECFE07021F14F8020314E09127003F -FE00ECC0004F657BE35A>I<92380FFFC04AB512FC020FECFF80023F15E091B712F80103 -D9FE017F499039F0003FFE4901C0EB0FFF4990C76C7F49486E7F49486E7F49486E7F4884 -4849157F48844A153F48845A4A151F855AA3485B721380A3B5FCA291B9FCA41A000280CB -FCA67EA3807EA37E6E160F6CF01F80A26C6D163F6C19006E5E6C6D16FE6C606D6C15016D -6C6CEC07F86D6D4A5A6D01F0EC3FE0010301FC49B45A6D9026FFC01F90C7FC6D6C90B55A -021F15F8020715E0020092C8FC030713F041437CC14A>I<EE3FFC0307B51280033F14C0 -4AB612F0020715F84A9038F03FFC4AEB807F913A7FFE00FFFE4A5A4B4813FF4913F05B49 -13E0A24913C0A27013FE4949EB7FFCEF3FF8EF1FF0EF07C094C7FCB0B812C0A6D8001F01 -C0C8FCB3B3B0007FB612FCA638657CE431>I<DBFFFEEC0FF8020FD9FFE0EBFFFE027FDA -FC037F49B7000F1480010793B6FC49D9F01F02F913C049D9800314814948C7EBFC034948 -027F7F4948EC3FFE4805FF14804A6E6D130048F0803E97C7FC48496E7FA34884A96C60A3 -6C6D4A5BA26C95C8FC6E5C6C5F6D6C4A5A6D6C4A5A90271FFF80035BDBF01F5B4990B65A -4993C9FCD97C7F14FCD9FC0F14E049C649CAFC000191CCFCA37FA212037F6C7E8014E091 -B77E18FEF0FFC06C18F019FC6D17FF6D84866D846D84013F8448BAFC48854801E0C71201 -4890C9000F7F484816014848EE007F4848717E8512FF5B85A56D5F007F616D173F003F61 -6D177F6C6C4D5A6C01C003035B6C6D4B5B6C01F8031F5BC601FF92B5C7FC6D01F8011F5B -011F90B712F8010717E0010094C8FC020F15F0DA003F01FCC9FC4A5F7CC051>I<903807 -FF80B6FCA6C6FC7F7FB3A8EF1FFF94B512F0040714FC041F14FF4C8193267FE07F7F9227 -81FE001F7FDB83F86D7FDB87F07FDB8FC0814C7F039FC78015BE03BC8003FC825DA25DA2 -5DA45DB3B2B7D8F007B71280A651647BE35A>I<EB0FE0EB3FF8497E497E487F4880A248 -80A76C5CA26C91C7FC6C5B6D5A6D5AEB0FE090C9FCAF903807FF80007FB5FCA6C6FC7F7F -B3B3AEB712C0A622657BE42C>I<903807FF80B6FCA6C6FC7F7FB3A90503B61280A6DD00 -3FEB8000DE0FF8C7FC4E5A4E5A4E5A4E5ADD03FEC8FC4D5A4D5A4D5A4D5AEFFF804C90C9 -FC4C5A4C5A4C5AEE3FE04C5A4C7E158103837F038F7F039F7F15BF92B57E838415FC4B6C -7F4B6C7F03E080ED801F707F707F8482707F7080A2717F717F8583717F717F8583717F71 -80868495B512F0B7D8E00FECFFF0A64C647BE355>107 D<903807FF80B6FCA6C6FC7F7F -B3B3B3B3ADB712E0A623647BE32C>I<902607FF80D91FFFEEFFF8B691B500F00207EBFF -80040702FC023F14E0041F02FF91B612F84C6F488193267FE07F6D4801037F922781FE00 -1F9027E00FF0007FC6DA83F86D9026F01FC06D7F6DD987F06D4A487F6DD98FC0DBF87EC7 -804C6D027C80039FC76E488203BEEEFDF003BC6E4A8003FC04FF834B5FA24B5FA24B94C8 -FCA44B5EB3B2B7D8F007B7D8803FB612FCA67E417BC087>I<902607FF80EB1FFFB691B5 -12F0040714FC041F14FF4C8193267FE07F7F922781FE001F7FC6DA83F86D7F6DD987F07F -6DD98FC0814C7F039FC78015BE03BC8003FC825DA25DA25DA45DB3B2B7D8F007B71280A6 -51417BC05A>I<923807FFE092B6FC020715E0021F15F8027F15FE494848C66C6C7E0107 -01F0010F13E04901C001037F4990C87F49486F7E49486F7E49486F7E48496F13804819C0 -4A814819E04819F04A814819F8A348496F13FCA34819FEA4B518FFAD6C19FEA46C6D4B13 -FCA36C19F8A26C6D4B13F0A26C6D4B13E06C19C06E5D6C19806C6D4B13006D6C4B5A6D6C -4B5A6D01C001035B010701F0010F13E06D01FE017F5B010090B7C7FC023F15FC020715E0 -020092C8FC030713E048437CC151>I<902607FF80EBFFF8B6010FEBFF80047F14F00381 -B612FC038715FF038F010114C09227BFF0003F7FC6DAFFC0010F7F6D91C76C7F6D490201 -7F03F86E7F4B824B6F13804B6F13C0A27313E0A21BF0851BF8A2851BFCA47313FEAE4F13 -FCA41BF861A21BF0611BE0611BC06F4B13801B006F92B5FC6F4A5B6F4A5B03FF4A5B7001 -1F5B04E0017F13C09226CFFC03B55A03C7B648C7FC03C115F803C015E0041F91C8FC0403 -13E093CBFCB3A3B712F0A64F5D7BC05A>I<DB0FFFEC01F04AB500E01303020F02F81307 -023F14FE91B7130F01030280EB801F49903AFC001FC03F011F01F0EB0FE04901C0903803 -F07F4949903801F8FF90B5C87E484992B5FC48498184485B48835C48835C5A845C5AA4B5 -5AAE6C7FA47E80A27EA26C6D5D606C7F606C6D5D6C7F6C94B5FC6D6C5C6D6D13076D01E0 -EB0FEF6D01F8EB3FCF6D9039FE01FF8F010190B6120F6D6C14FC021F14F0020314C09139 -003FFE0092C8FCB3A3053FB612FCA64E5D7BC055>I<D90FFFEB0FFCB690383FFF8093B5 -12E04B14F04B14F8923907FC7FFC92390FE0FFFEC6EC1F806DD93F0113FF6D133E157E15 -7C15F8A215F07013FEA24BEB7FFCEF3FF8EF0FE04B90C7FCA55DB3B0B712F8A638417BC0 -42>I<913A3FFF8007800107B5EAF81F011FECFE3F017F91B5FC48B8FC48EBE0014890C7 -121FD80FFC1407D81FF0801600485A007F167F49153FA212FF171FA27F7F7F6D92C7FC13 -FF14E014FF6C14F8EDFFC06C15FC16FF6C16C06C16F06C826C826C826C82013F1680010F -16C01303D9007F15E0020315F0EC001F1500041F13F81607007C150100FC81177F6C163F -A2171F7EA26D16F0A27F173F6D16E06D157F6D16C001FEEDFF806D0203130002C0EB0FFE -02FCEB7FFC019FB65A010F5DD8FE0315C026F8007F49C7FC48010F13E035437BC140>I< -EC07E0A6140FA5141FA3143FA2147FA214FF5BA25B5B5B5B137F48B5FC000F91B512FEB8 -FCA5D8001F01E0C8FCB3AFEF0FC0AC171F6D6D1480A2173F6D16006F5B6D6D137E6D6D5B -6DEBFF836EEBFFF86E5C020F14C002035C9126003FFCC7FC325C7DDA3F>I<902607FFC0 -ED3FFEB60207B5FCA6C6EE00076D826D82B3B3A260A360A2607F60183E6D6D147E4E7F6D -6D4948806D6DD907F0ECFF806D01FFEB3FE06D91B55A6E1500021F5C020314F8DA003F01 -8002F0C7FC51427BC05A>I<B700C00103B512FCA6C66C01C0C8381FFE006D6DED07F0A2 -6D6D5E190F6D6D5E191F6D606F153F6D95C7FC6F5DA26D6D157E19FE6D6E5C18016E5E70 -13036E5E701307A26E6D5C180F6E6D5C181F6E6D5C183F6E93C8FC705BA26E6D13FEA26E -6E5A17816FEBC1F817C36F5C17E76F5C17FFA26F5CA26F5CA26F91C9FCA26F5BA36F5BA2 -705AA2705AA2705AA2705A4E417DBF55>I<007FB600C0017FB512F8A6D8001F01F8C700 -03EBE0006D040090C7FC6D6D4A5A6D6D4A5A6D6D4A5A70495A6D4C5A6E7F6E6D495A6E6D -495A7049C8FC6E4A5A6E6D485A6E6D485A6E13FFEF8FF06EEC9FE06FEBFFC06F5C6F91C9 -FC5F6F5B816F7F6F7F8481707F8493B57E4B805D4B80DB0FF37FDB1FE17F04C080153F4B -486C7F4B486C7F4A486D7F4A486D7F4A5A4B6D7F020F6E7F4A486D7F4A486D804A5A4AC8 -6C7F49486F7F4A6F7F0103707FEB3FFFB600F049B7FCA650407EBF55>120 -D<B700C00103B512FCA6D8003F01C0C8381FFE006FED07F0A26D6D5E190F6D6D5E191F6D -6D5E193F6D95C7FC6F5D6D177E6F15FEA26D6E495AA26E6D5C18036E6D5C18076E5E7013 -0F6E5E70131FA26E6D495AA26E6D91C8FC606E6D137E18FE6E5D17816F5C17C3A26FEBE7 -F0A26FEBF7E017FF6F5CA26F5CA26F91C9FCA36F5BA26F5BA2705AA2705AA2705AA35FA2 -5F163F94CAFC5E167E16FED807E05CD81FF81301487E486C495AA2B5495AA24B5A5E151F -4B5A6C4849CBFC15FEEBFC01393FF807FC391FF03FF06CB55A6C5C6C91CCFCC613FCEB1F -E04E5D7DBF55>I E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fk cmr10 10 36 -/Fk 36 122 df<121C127FEAFF80A213C0A3127F121C1200A412011380A2120313005A12 -06120E5A5A5A12600A19798817>44 D<121C127FEAFF80A5EA7F00121C0909798817>46 -D<EB01C013031307131F13FFB5FCA2131F1200B3B3A8497E007FB512F0A31C3879B72A> -49 D<EB0FF0EB7FFE48B57E3903E03FE0390F000FF0000E6D7E486D7E486D7E12300070 -6D7E126012FCB4EC7F807FA56CC7FC121CC8FCEDFF00A34A5A5D14035D4A5A5D140F4A5A -4A5A92C7FC147C5C495A495A495A495A91C8FC011EEB01805B5B49130348481400485A48 -5A000EC75A000FB6FC5A5A485CB6FCA321387CB72A>I<EB07F8EB3FFF4913C03901F80F -F03903C007F848486C7E380E0001000F80381FE0006D7FA56C5A6C5AC85A1401A25D4A5A -A24A5A5DEC0F80027EC7FCEB1FFCECFF809038000FE06E7EEC01FC816E7EED7F80A216C0 -A2153F16E0A2121EEA7F80487EA416C049137F007F1580007EC7FC0070ECFF006C495A12 -1E390F8003F83907F00FF00001B512C06C6C90C7FCEB0FF8233A7DB72A>I<1538A3157C -A315FEA34A7EA34A6C7EA202077FEC063FA2020E7FEC0C1FA2021C7FEC180FA202387FEC -3007A202707FEC6003A202C07F1501A2D901807F81A249C77F167FA20106810107B6FCA2 -4981010CC7121FA2496E7EA3496E7EA3496E7EA213E0707E1201486C81D80FFC02071380 -B56C90B512FEA3373C7DBB3E>65 D<913A01FF800180020FEBE003027F13F8903A01FF80 -7E07903A03FC000F0FD90FF0EB039F4948EB01DFD93F80EB00FF49C8127F01FE153F1201 -4848151F4848150FA248481507A2485A1703123F5B007F1601A35B00FF93C7FCAD127F6D -ED0180A3123F7F001F160318006C7E5F6C7E17066C6C150E6C6C5D00001618017F15386D -6C5CD91FE05C6D6CEB03C0D903FCEB0F80902701FF803FC7FC9039007FFFFC020F13F002 -011380313D7BBA3C>67 D<B648B512FEA30001902680000313006C90C76C5AB3A491B6FC -A391C71201B3A6486D497EB648B512FEA337397DB83E>72 D<B649B5FCA3000101809038 -007FF06C90C8EA3F80053EC7FC173C17385F5F4C5A4C5A4CC8FC160E5E5E5E5E4B5AED07 -80030EC9FC5D153E157E15FF5C4A7F4A6C7E140E4A6C7E4A6C7E14704A6C7E4A6C7E1480 -4A6C7E6F7EA26F7F707EA2707E707EA2707EA2707E707EA2707E707F8484486D497FB601 -1FEBFF80A339397DB841>75 D<B612E0A3000101C0C8FC6C90C9FCB3AD1718A517381730 -A31770A317F0A216011603160FEE1FE0486D13FFB8FCA32D397DB834>I<B712C016F816 -FE000190398001FF806C90C7EA3FC0EE0FE0EE07F0EE03F817FC17FE1601A217FFA717FE -A2EE03FCA2EE07F817F0EE0FE0EE3FC0923801FF0091B512FC16F091C9FCB3A5487FB6FC -A330397DB839>80 D<B612FEEDFFE016F8000190388007FE6C90C76C7EEE3FC0707E707E -707EA2707EA283A65FA24C5AA24C5A4C5AEE3F8004FFC8FCED07FC91B512E05E9138000F -F0ED03F8ED00FE82707E707EA2161F83A583A6F00180A217F8160F1803486D01071400B6 -6D6C5A04011306933800FE0ECAEA3FFCEF07F0393B7DB83D>82 D<D90FF813C090383FFE -0190B512813903F807E33907E000F74848137F4848133F48C7121F003E140F007E1407A2 -007C140312FC1501A36C1400A37E6D14006C7E7F13F86CB47E6C13F8ECFF806C14E06C14 -F86C14FEC680013F1480010714C0EB007F020713E0EC007FED3FF0151F150FED07F8A200 -C01403A21501A37EA216F07E15036C15E06C14076C15C06C140F6DEB1F80D8FBF0EB3F00 -D8F0FE13FE39E03FFFF8010F13E0D8C00190C7FC253D7CBA2E>I<003FB812E0A3D9C003 -EB001F273E0001FE130348EE01F00078160000701770A300601730A400E01738481718A4 -C71600B3B0913807FF80011FB612E0A335397DB83C>I<B6903807FFFEA3000101809038 -007FE06C90C8EA1F80EF0F001706B3B2170E6D150C80171C133F17186D6C14385F6D6C14 -F06D6C5C6D6C495A6D6CEB07806D6C49C7FC91387F807E91381FFFF8020713E09138007F -80373B7DB83E>I<007FB590383FFFFCA3C601F801071380D97FE0D903FCC7FC013FEC01 -F06D6C5C5F6D6C5C6D6C13034CC8FC6D6C1306160E6D6C5B6DEB8018163891387FC0306E -6C5A16E06E6C5A91380FF18015FB6EB4C9FC5D14036E7EA26E7F6F7EA24B7E15DF913801 -9FF09138038FF8150F91380607FC91380E03FE140C4A6C7EEC38000230804A6D7E14E04A -6D7E49486D7E130391C76C7E01066E7E130E010C6E7E011C1401013C8101FE822607FF80 -010713E0B500E0013FEBFF80A339397EB83E>88 D<EB1FE0EBFFFC3803E03F3907000F80 -390F8007E0486C6C7E13E06E7EA26E7E6C5A6C5AC8FCA4147FEB07FFEB3FE0EBFE00EA03 -F8EA0FF0EA1FC0123F485A90C7FC160C12FEA31401A26C13036CEB077C903980063E1838 -3FC01E3A0FE0781FF03A03FFF00FE03A007F8007C026277DA52A>97 -D<EA03F012FFA3120F1203B0EC1FE0EC7FF89038F1E03E9039F3801F809039F7000FC001 -FEEB07E049EB03F049EB01F85BED00FCA216FEA2167E167FAA167E16FEA216FC15016D14 -F8ED03F07F01EEEB07E001C6EB0FC09039C7801F00903881E07E903800FFF8C7EA1FC028 -3B7EB92E>I<EB03FC90381FFF8090387E03E03901F80070484813F83907E001FC380FC0 -03A2EA1F80123F90380001F848EB00F01500A2127E12FEAA127E127FA26C14067F001F14 -0E6D130C000F141C6C6C13386C6C13706C6C13E039007C07C090381FFF00EB07F81F277D -A525>I<ED0FC0EC03FFA3EC003F150FB0EB03F8EB1FFF90387E078F9038F801EF3903F0 -007F4848133F4848131FA24848130F123F90C7FC5AA2127E12FEAA127E127FA27EA26C6C -131FA26C6C133F6C6C137F6C6CEBEFF03A01F801CFFF39007C078F90381FFE0FD907F813 -C0283B7DB92E>I<EB07F8EB1FFF90387C0FC03901F803E03903F001F0D807E013F8380F -C0004848137CA248C7127E153E5A153F127E12FEA3B7FCA248C8FCA5127EA2127FA26C14 -037F001F14076C6C13060007140E6D131CD801F013386C6C137090387E03E090381FFF80 -903803FC0020277EA525>I<147E903803FF8090380FC1E0EB1F8790383F0FF0137EA213 -FCA23901F803C091C7FCADB512FCA3D801F8C7FCB3AB487E387FFFF8A31C3B7FBA19>I< -ED03F090390FF00FF890393FFC3C3C9039F81F707C3901F00FE03903E007C03A07C003E0 -10000FECF000A248486C7EA86C6C485AA200075C6C6C485A6D485A6D48C7FC38073FFC38 -060FF0000EC9FCA4120FA213C06CB512C015F86C14FE6CECFF804815C03A0F80007FE048 -C7EA0FF0003E140348140116F8481400A56C1401007C15F06CEC03E0003F1407D80F80EB -0F80D807E0EB3F003901FC01FC39007FFFF0010790C7FC26387EA52A>I<EA03F012FFA3 -120F1203B0EC0FF0EC3FFCECF03F9039F1C01F809039F3800FC0EBF70013FE496D7EA25B -A35BB3A3486C497EB500C1B51280A3293A7EB92E>I<EA0380EA0FE0487EA56C5AEA0380 -C8FCAAEA03F012FFA312071203B3AA487EB512C0A312387EB717>I<EA03F012FFA3120F -1203B1913801FFFCA39138007FC01600157C15705D4A5A4A5A4AC7FC141E1438147814FC -13F1EBF3FEEBF73F01FE7FEBF81F496C7E8114076E7E6E7E811400157E157F811680ED1F -C0486CEB3FF0B500C0B5FCA3283A7EB92C>107 D<EA03F012FFA3120F1203B3B3AD487E -B512C0A3123A7EB917>I<2703F00FF0EB1FE000FFD93FFCEB7FF8913AF03F01E07E903B -F1C01F83803F3D0FF3800FC7001F802603F70013CE01FE14DC49D907F8EB0FC0A2495CA3 -495CB3A3486C496CEB1FE0B500C1B50083B5FCA340257EA445>I<3903F00FF000FFEB3F -FCECF03F9039F1C01F803A0FF3800FC03803F70013FE496D7EA25BA35BB3A3486C497EB5 -00C1B51280A329257EA42E>I<EB03FE90380FFF8090383E03E09038F800F84848137C48 -487F48487F4848EB0F80001F15C090C712074815E0A2007EEC03F0A400FE15F8A9007E15 -F0A2007F14076C15E0A26C6CEB0FC0000F15806D131F6C6CEB3F006C6C137EC66C13F890 -387E03F090381FFFC0D903FEC7FC25277EA52A>I<3807E01F00FFEB7FC09038E1E3E090 -38E387F0380FE707EA03E613EE9038EC03E09038FC0080491300A45BB3A2487EB512F0A3 -1C257EA421>114 D<EBFF03000313E7380F80FF381E003F487F487F00707F12F0A2807E -A27EB490C7FCEA7FE013FF6C13E06C13F86C7F00037FC67F01071380EB007F141F00C0EB -0FC01407A26C1303A37E15806C13077EEC0F00B4131E38F3C07C38E1FFF038C03F801A27 -7DA521>I<1318A51338A31378A313F8120112031207001FB5FCB6FCA2D801F8C7FCB215 -C0A93800FC011580EB7C03017E13006D5AEB0FFEEB01F81A347FB220>I<D803F0EB07E0 -00FFEB01FFA3000FEB001F00031407B3A4150FA3151F12016D133F0000EC77F86D9038E7 -FF8090383F03C790381FFF87903A03FC07E00029267EA42E>I<B53A1FFFE03FFEA3260F -F8009038000FF86C48017EEB03E018C00003023EEB0180A26C6C013FEB0300A36C6CEC80 -06156FA2017E9038EFC00C15C7A2D93F016D5A15830281EBF038D91F831430150102C3EB -F87090260FC6001360A2D907E66D5A02EC137CA2D903FCEB7F804A133FA2010192C7FC4A -7FA20100141E4A130E0260130C37257EA33C>119 D<B538803FFEA33A0FF8000FF06C48 -EB07C00003EC03806C7E16007F00001406A2017E5BA2137F6D5BA26D6C5AA2ECC070010F -1360A26D6C5AA214F101035BA2D901FBC7FCA214FF6D5AA2147CA31438A21430A2147014 -60A25CA2EA7C0100FE5B130391C8FC1306EAFC0EEA701C6C5AEA1FF0EA0FC027357EA32C ->121 D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fl cmbx10 10 6 -/Fl 6 115 df<B500F80403B512F06E5EA26E5ED8007FF1E000A2D97BFF161EA201796D -5DA201786D5DA26E6C5DA36E6C4A5AA26E6C4A5AA26E6C4A5AA26E6C4A5AA26E6C141EA3 -6E6D5BA26E6D5BA26F6C5BA26F6C485AA36F6C485AA26F6C485AA26F6C48C7FCA2923803 -FF1EA36F13BCA26F13F8A2705AA2705AA213FCB500FC6D4848B612F0A2EE0F80EE070054 -397DB85B>77 D<EB3FFE0003B512E0000F14F8391FF00FFE003FEB03FF6D6C7F6E7FA26F -7EA26C5A6C5AEA0380C8FCA2EC3FFF010FB5FC137F3901FFF87F00071380380FFE00EA3F -F85B485A12FF5BA415FF6D5A127F263FF00713F83B1FFC1FBFFFC0390FFFFE1F0003EBF8 -0F39003FE0032A257DA42E>97 D<EE7F80ED7FFFA4150381AF903801FF81010F13F1013F -13FD9038FFC07F0003EB001FD807FC1307000F8048487F5B123FA2485AA312FFAA127FA2 -7F123FA26C6C5B000F5C6C6C5B6C6C4913C02701FF80FD13FE39007FFFF9011F13E10103 -13012F3A7DB935>100 D<EA01F0EA07FC487EA2487EA56C5AA26C5AEA01F0C8FCA913FF -127FA412077EB3A9B512F8A4153B7DBA1B>105 D<01FEEB7FC000FF903803FFF8020F13 -FE91381F03FFDA3C011380000713780003497E6D4814C05CA25CA291C7FCB3A3B5D8FC3F -13FFA430257DA435>110 D<9038FE03F000FFEB0FFEEC3FFF91387C7F809138F8FFC000 -075B6C6C5A5CA29138807F80ED3F00150C92C7FC91C8FCB3A2B512FEA422257EA427> -114 D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fm cmr7 7 1 -/Fm 1 50 df<13381378EA01F8121F12FE12E01200B3AB487EB512F8A215267BA521>49 -D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fn cmr8 8 37 -/Fn 37 122 df<9138FF807E01079038E1FF80903A1F807FC3C0D93E00EB87E049EBFF07 -4913FE485A00039138FC018049017CC7FCAAB712FCA22703E0007CC7FCB3A6486C13FE3A -7FFF0FFFF0A22B2F7FAE29>11 D<14FF010713E090381F80F090383E003849137C4913FC -485A1203491378153092C7FCA7157CB612FCA23803E000157CB3A5486C13FE3A7FFF0FFF -E0A2232F7FAE27>I<EC0380B3A4B812FCA3C7D80380C7FCB3A42E2F7CA737>43 -D<EB3FC0EBFFF03803E07C48487E48487E497E001EEB0780A2003E14C0A248EB03E0A500 -FC14F0B0007C14E0A3007E1307003E14C0A36CEB0F806C14006D5A3807C03E3803F0FC38 -00FFF0EB3FC01C2D7DAB23>48 D<130C133C137CEA03FC12FFEAFC7C1200B3B113FE387F -FFFEA2172C7AAB23>I<EB7F803801FFF0380780FC380E003F48EB1F8048EB0FC05A0060 -EB07E012F000FC14F07E1403A3007C1307C7FCA215E0140F15C0141F1580EC3F00147E14 -7C5C495A495A495A495A011EC7FC5B5B4913305B485A4848136048C7FC000E14E0001FB5 -FC5A4814C0B6FCA21C2C7DAB23>I<EB3FC03801FFF03807C0FC380E007E487FEC1F8000 -3F14C0A2EB800F1300A2000C131FC7FC1580A2EC3F00143E5C5CEB03F0EBFFC014F0EB00 -FC143FEC1F8015C0140F15E0A2EC07F0A21238127C12FEA3EC0FE012F8006014C0007013 -1F6C1480001EEB3F00380780FC3801FFF038007FC01C2D7DAB23>I<140EA2141E143EA2 -147E14FEA2EB01BE1303143E1306130E130C131813381330136013E013C0EA0180120313 -001206120E120C5A123812305A12E0B612FCA2C7EA3E00A9147F90381FFFFCA21E2D7EAC -23>I<000CEB0180380FC01F90B512005C5C14F014C0D80C7EC7FC90C8FCA8EB1FC0EB7F -F8380DE07C380F801F01001380000E130F000CEB07C0C713E0A2140315F0A4127812FCA4 -48EB07E012E0006014C00070130F6C14806CEB1F006C133E380780F83801FFE038007F80 -1C2D7DAB23>I<EB03F8EB0FFE90383E0780EBF8013901F007C03803E00FEA07C0EA0F80 -A2391F00078091C7FC123EA2127EA2127CEB0FC038FC3FF0EBF07C38FDC01EB4487E0100 -1380EC07C04814E0A214034814F0A4127CA3127EA2003E14E01407121E001F14C06CEB0F -803907801F003803C03E6C6C5A38007FF0EB1FC01C2D7DAB23>I<EB3F80EBFFF03803E0 -783807C03E48487E48487E003E14801407007E14C0127C00FC14E01403A315F0A5007C13 -07127EA2003E130F7E6C131F3807803B3803E0F33800FFC390383F03E013001407A215C0 -A2140F001E1480003F14005C143E143C003E5B001C5B380E03E03807FF80D801FEC7FC1C -2D7DAB23>57 D<4A7E4A7EA34A7EA24A7EA3EC1BF81419A2EC30FCA2EC70FEEC607EA24A -7EA349486C7EA2010380EC000FA201066D7EA3496D7EA2011FB57EA29038180001496D7E -A349147EA201E0147F4980A20001ED1F801203000716C0D80FF0EC3FE0D8FFFC0103B5FC -A2302F7EAE35>65 D<B612FCEDFF803A03F8000FC00001EC03F06F7E6F7E82167E167FA6 -167E16FE5E4B5A4B5AED0FE0ED7F8090B6C7FC16E09039F80003F0ED01FC6F7E167F8217 -80161F17C0A61780163F17005E16FEED03FC0003EC0FF0B712C04BC7FC2A2D7DAC32>I< -B612F815FF3A03F8001FE00001EC03F0ED00F8167E82EE1F80160F17C0EE07E0A2EE03F0 -A217F81601A317FCAA17F8A3EE03F0A217E0160717C0160FEE1F80EE3F00167E5EED03F0 -0003EC1FE0B7128003F8C7FC2E2D7DAC36>68 D<B712FEA23903F800010001EC003E8282 -82A282A3178016011518A293C7FCA31538157815F890B5FCA2EBF800157815381518A217 -60A392C712C0A4160117801603A21607160F163F0003913801FF00B8FCA22B2D7EAC30> -I<B612FCEDFF803A03F8000FE00001EC03F0ED00F882167E167F821780A617005E167E5E -5EED03F0ED0FE090B6128003FCC7FC01F8C9FCB2487EB512F0A2292D7EAC30>80 -D<90383F80303901FFF0703807C07C390F000EF0001E13074813034813011400127000F0 -1470A315307EA26C1400127E127FEA3FE013FE381FFFE06C13FC6C13FF00011480D8003F -13E013039038003FF0EC07F81401140015FC157C12C0153CA37EA215787E6C14706C14F0 -6CEB01E039F78003C039E3F00F0038E07FFE38C00FF01E2F7CAD27>83 -D<B500C090380FFFC0A2D807FCC73803FE006C48EC00F800015E5F6C7E5F6D1401017E5D -A26D4AC7FCA26E5B011F140680010F5CA26D6C5BA26E133801031430A26D6C5BA26E13E0 -01005C8091387E0180A26E48C8FCA21583EC1F86A2EC0FCCA215FC6E5AA26E5AA36E5AA2 -6E5A322E7FAC35>86 D<EAFFE0A3EAE000B3B3B3A7EAFFE0A30B4379B114>91 -D<EAFFE0A31200B3B3B3A712FFA30B437FB114>93 D<13FF000713C0380F01F0381C00F8 -003F137C80A2143F001E7FC7FCA4EB07FF137F3801FE1FEA07F0EA1FC0EA3F80EA7F0012 -7E00FE14065AA3143F7E007E137F007FEBEF8C391F83C7FC390FFF03F83901FC01E01F20 -7D9E23>97 D<EB1FE0EB7FFC3801F01E3803E0073907C01F80EA0F80EA1F005A003EEB0F -00007E90C7FCA2127C12FCA9127EA215C07E6C130101801380380FC0033907E007003801 -F03E38007FF8EB1FC01A207E9E1F>99 D<15F8141FA214011400ACEB0FE0EB7FF83801F8 -1E3803E0073807C003380F8001EA1F00481300123E127EA25AA9127C127EA2003E13017E -EB8003000F13073903E00EFC3A01F03CFFC038007FF090391FC0F800222F7EAD27>I<EB -1F80EBFFF03803E0783807C03E380F801E381F001FEC0F80123E007E130715C0127C12FC -A3B6FCA200FCC8FCA5127EA2003E14C0123F6C1301390F80038001C013003803E00F3801 -F03C38007FF8EB1FC01A207E9E1F>I<EB03F0EB0FFCEB3E1EEB7C3F13F8EA01F0A23803 -E00C1400AAB512E0A23803E000B3A6487E387FFF80A2182F7FAE16>I<EA0780EA0FC0EA -1FE0A4EA0FC0EA0780C7FCA8EA07C012FFA2120F1207B3A5EA0FE0EAFFFCA20E2E7EAD14 ->105 D<130FEB1F80EB3FC0A4EB1F80EB0F0090C7FCA8EB07C013FFA2130F1307B3AD12 -30127838FC0F80A21400485AEA783EEA3FF8EA07E0123C83AD16>I<EA07C012FFA2120F -1207ADEC1FFEA2EC0FF0EC07C05D020EC7FC5C5C5C5CEBC3C013C7EBCFE0EBDFF013F9EB -F0F8497EEBC07E143E80816E7E14076E7E816E7E486C487E3AFFFE07FF80A2212E7EAD25 ->I<2607C07FEB07F03BFFC3FFC03FFC903AC783F0783F3C0FCE01F8E01F803B07DC00F9 -C00F01F8D9FF8013C04990387F000749137EA249137CB2486C01FEEB0FE03CFFFE0FFFE0 -FFFEA2371E7E9D3C>109 D<3807C0FE39FFC3FF809038C703E0390FDE01F0EA07F8496C -7EA25BA25BB2486C487E3AFFFE1FFFC0A2221E7E9D27>I<EB1FE0EB7FF83801F03E3803 -C00F3907800780390F0003C04814E0003EEB01F0A248EB00F8A300FC14FCA9007C14F8A2 -6CEB01F0A26CEB03E0A2390F8007C03907C00F803901F03E0038007FF8EB1FE01E207E9E -23>I<3807C0FE39FFC7FF809038CF03E0390FDC01F03907F800FC49137E49133E49133F -ED1F80A3ED0FC0A8151F1680A2ED3F00A26D137E6D137C5D9038FC01F09038CE07E09038 -C7FF80D9C1FCC7FC01C0C8FCA9487EEAFFFEA2222B7E9D27>I<380781F838FF87FEEB8E -3FEA0F9CEA07B813B0EBF01EEBE000A45BB0487EB5FCA2181E7E9D1C>114 -D<3801FE183807FFB8381E01F8EA3C00481378481338A21418A27E7EB41300EA7FF06CB4 -FC6C13C06C13F0000113F838001FFC130138C0007E143EA26C131EA27EA26C133CA26C13 -7838FF01F038E3FFC000C0130017207E9E1C>I<1360A413E0A312011203A21207121FB5 -12F0A23803E000AF1418A714383801F03014703800F860EB3FE0EB0F80152A7FA81B>I< -3AFFFC07FF80A23A0FF003FC000003EB01F0000114C06D485A000091C7FCEB7C06EB3E0E -6D5A14B8EB0FB0EB07E013036D7E497E1307EB067C497EEB1C1F01387FEB700F496C7E6E -7ED803C07F00076D7E391FE003FC3AFFF007FFC0A2221D7F9C25>120 -D<3AFFFC01FFC0A23A0FE0007E000007147C1538000314306D137000011460A26C6C5BA2 -EBFC01017C5BEB7E03013E90C7FCA2EB1F06A2148EEB0F8CA2EB07D8A2EB03F0A36D5AA2 -6D5AA2495AA2130391C8FC1278EAFC06A25B131CEA7838EA7070EA3FE0EA0F80222B7F9C -25>I E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fo cmmi12 12 16 -/Fo 16 122 df<EB01FCD907FF15E0011F13C0017F6DEB01C090B56C1480486E13032603 -FE0715002707F000FC5B01C0017C130648C76C130E001E021E130C001C80003C6E131C00 -381618486E1338EE8030006002011370176000E016E0C86D5A150016C15F16C394C7FC16 -E316E71666166E166CA2167C1678A3167016F05EA35EA31501A25E1503A44BC8FCA35D15 -0EA45DA45DA333417EAB33>13 D<1730A317701760A317E05FA316015FA3160394C8FCA3 -5E1606A3160E160C013E1607D9FF80ED1F802603C3C0011CEB3FC0260703E01318260601 -F0157F000E173F001C1538D818030230131F0038170F0030170700701570D86007026013 -035CA2D8E00F02E0148000C049491301EA001F4A150303011500013F5C14006049010314 -06017E91C7FC180E180C01FE49141C4901061418183860030E1460030C14E04D5A4D5A03 -1C49C7FC0318130E017E5D5F6D01385B90261F80305BD90FC0EB03C0D907F0010FC8FC90 -3901FE707C9039003FFFF002031380DA0060C9FC15E05DA314015DA3140392CAFCA35C14 -06A3140E140C3A597DC43F>32 D<EC07FE91387FFFC049B512F0010714F890391FF003FE -49C7127E0178143E01E0140848481400485A90C9FC5A1206A412077EEB803E3901E7FFC0 -39007FC1E014FFD801E75BD80380C8FC48C9FC120E5A5A5A1260A212E05AA4ED01806C14 -036C150000705C0078140E003E143C391FC003F86CB512E000035CC649C7FCEB1FF0272F -7EAC2E>34 D<F101C04F7E190186A21900861A781A7C86A286747EA2747E747E87747E74 -7E1B7E87F31F80F30FC0F307F0007FBC12F8BD12FEA27E571C7BB262>42 -D<137EEA01FF1207EA0FFEEA1FC0EA3F00127C127812F85AA67E1278127C123FEA1FC0EA -0FFEEA07FF1201EA007E10187BAE1B>44 D<121EEA7F80A2EAFFC0A4EA7F80A2EA1E000A -0A78891B>58 D<121EEA7F8012FF13C0A213E0A3127FEA1E601200A413E013C0A3120113 -80120313005A1206120E5A5A5A12600B1D78891B>I<F001C0F007E0181FF07FC0943801 -FF00EF07FCEF1FF0EF7FC04C48C7FCEE0FFCEE3FF0EEFFC0030390C8FCED0FF8ED3FE0ED -FF80DA03FEC9FCEC1FF8EC7FE0903801FF80D907FECAFCEB1FF0EB7FC04848CBFCEA07FC -EA1FF0EA7FC048CCFCA2EA7FC0EA1FF0EA07FCEA01FF38007FC0EB1FF0EB07FE903801FF -809038007FE0EC1FF8EC03FE913800FF80ED3FE0ED0FF8ED03FF030013C0EE3FF0EE0FFC -EE01FF9338007FC0EF1FF0EF07FCEF01FF9438007FC0F01FE01807F001C03B3878B44C> -I<127012FCB4FCEA7FC0EA1FF0EA07FCEA01FF38007FC0EB1FF0EB07FE903801FF809038 -007FE0EC1FF8EC03FE913800FF80ED3FE0ED0FF8ED03FF030013C0EE3FF0EE0FFCEE01FF -9338007FC0EF1FF0EF07FCEF01FF9438007FC0F01FE0A2F07FC0943801FF00EF07FCEF1F -F0EF7FC04C48C7FCEE0FFCEE3FF0EEFFC0030390C8FCED0FF8ED3FE0EDFF80DA03FEC9FC -EC1FF8EC7FE0903801FF80D907FECAFCEB1FF0EB7FC04848CBFCEA07FCEA1FF0EA7FC048 -CCFC12FC12703B3878B44C>62 D<15C0A54A7EA84A7EA500FCEE0FC0D87FE0913801FF80 -D81FFF91383FFE0000079039FBF7FFF8000190B612E0D8003F92C7FC010F14FC010314F0 -010014C0023F90C8FC6E5AA24A7E4A7FA29138FF3FC0ECFE1F49486C7EECF80749486C7E -49486C7EECC0004948137C91C7123C49143E011E141E4980013880496E7E016014013230 -81B031>I<91B87E19F019FC02009039C00007FF6F489038007FC003FFED1FE0737E93C8 -6C7E737E19014A707E5D1A7FA20203EF3F805DA21BC014075DA3140F4B17E0A3141F4B17 -C0A3143F4B167FA3027F18804B16FFA302FF180092C95A62A24917034A5F19076201034D -5A5C4F5A620107173F4A5F4FC7FC19FE010F4C5A4A15034E5AF00FE0011F4C5A4A4B5A06 -FFC8FC013FED01FCEF0FF84AEC3FE001FF913803FF80B848C9FC17F094CAFC4B447CC351 ->68 D<EC0FC0EC7FF0903901F8381C903907E01C7E90380FC00E90393F0007FE496D5A13 -FE485A49130100035D485A120F491303001F5DA2485A1507007F5D5BA2150F00FF5D90C7 -FCA2151F5E5AA2033F1330EE00701760A24B13E017C015FE007E130102031301003ED907 -3E1380003F010E13036C011C14006C6C486C5A3A07C0F00F0E3A01FFC007FC3A007F0001 -F02C2D7CAB33>97 D<01F8D903FCEC7F80D803FED91FFF903803FFE0D8071F903B7C0FC0 -0F81F83E0E0F80E007E01C00FC001C9026C3C0030178137C271807C700D9F0E0137E02CE -902601F1C0133E003801DCDAFB80133F003001D892C7FCD90FF814FF0070495C0060495C -A200E04949485CD8C01F187E4A5C1200040715FE013F6091C75BA2040F14014960017E5D -1903041F5D13FE494B130762043F160E0001060F130C4992C713C0191F4CED801C00031A -1849027E1638F2003004FE167000071A60494A16E0F201C0030192380F0380000FF18700 -494AEC03FED80380D90070EC00F84F2D7DAB55>109 D<01F8EB03FCD803FEEB1FFFD807 -1F90387C0FC03B0E0F80E007E03A0C07C3C003001CD9C7007F001801CE1301003801DC80 -003013D8EB0FF800705B00605BA200E0491303D8C01F5D5C12001607013F5D91C7FCA216 -0F495D137E161F5F13FE49143F94C7FC187000014B136049147E16FE4C13E0000317C049 -150104F81380170300071700495D170EEE781C000FED7C3849EC1FF0D80380EC07C0342D -7DAB3A>I<02FCEB07E0903A03FF801FFC903A0F07C0781E903A1C03E0E01F903A3801F1 -C07FD9700013804901FB13FF4848EBFF00495B000316FE90C71438484A13001206140100 -0E5C120CC7FC14035DA314075DA3140F5DA3021F143817305D1770023F1460121E003F16 -E0267F807FEB01C0026F148000FF01EF1303D901CFEB070000FE903887C00E267C03835B -3A3C0F01E0783A1FFC00FFE0D803F0EB3F80302D7EAB37>120 D<133ED9FF8014E02603 -C3C0EB03F0380703E0380601F0000E1507001C16E0EA180312380030150F007016C0EA60 -075C161FD8E00F158000C05BEA001F4A133F1700133F91C7FC5E49147E137EA216FE01FE -5C5BA215015E485AA215035EA200001407150F6D5C017C131F153F6D13FF90391F03CFC0 -903807FF8F903801FC0F90C7121F5EA2153F93C7FCD807C05BD81FE0137E5DA24848485A -4A5A01805B39380007C00018495A001C49C8FC6C137C380781F83803FFE0C66CC9FC2C40 -7DAB30>I E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fp cmbx12 14.4 46 -/Fp 46 122 df<EEFFFC031FEBFF804AB612E0020781021F9038C00FF8913A7FFE0003FC -DAFFF0EB00FE4949EB03FF4901805B4990C7487F49485CA2495A4D7F013F6F5B5CA37190 -C7FC715AEF01F894C9FCA90403B512C0BAFCA526003FFCC7120783B3B3A6003FB5D8FC03 -B612C0A542547DD34B>12 D<151E153E157E15FCEC01F8EC07F0EC0FE0EC1FC01580143F -EC7F0014FE1301495A5C1307495AA2495A133F5C137FA2495AA24890C7FCA25A5BA21207 -A2485AA3121F5BA3123FA25BA3127FA55B12FFB3A3127F7FA5123FA37FA2121FA37F120F -A36C7EA21203A27F7EA26C7FA26D7EA2133F80131F6D7EA26D7E1303806D7E1300147FEC -3F80141F15C0EC0FE0EC07F0EC01F8EC00FC157E153E151E1F7973D934>40 -D<127012F8127C127E7EEA1FC06C7E6C7E12037F6C7E6C7E7F6D7E133F806D7EA26D7E80 -130780A26D7EA26D7EA215807FA215C0A2EC7FE0A315F0143FA315F8A2141FA315FCA514 -0F15FEB3A315FC141FA515F8A3143FA215F0A3147F15E0A3ECFFC0A21580A25B1500A249 -5AA2495AA25C130F5C495AA2495A5C137F49C7FC5B485A485A5B1207485A485A48C8FC12 -7E127C5A12701F7979D934>I<B712F0AB240B7F9F2D>45 D<EC3FFE0103B512E0010F14 -FC013F14FF90B712C048D9C07F7F2703FE000F13F8D807F801037FD80FE06D7F48486D7F -48488001F01680486C6E13C07F486C6E13E07FA27013F0A56C5AA26C5AEA0FF0EA03C0C9 -14E05EA218C05E1880A24C13005F4C5A4B5B5F4B5B5F4B5B4B90C7FC4B5A5E4B5AED7FE0 -4B5A4A5B4A48C8FC4A5A5D4A48EB01F04A5AEC3F804AC7FC02FEEC03E0495A495A495A49 -5AD91F80140749C8FC013E150F017FB7FC90B812C05A5A5A5A5A5A5AB9FC1880A4344E79 -CD43>50 D<177C17FE1601A216031607160FA2161F163F167F16FFA25D5D5DA2ED0FBF15 -1FED3F3F157E157C15F81401EC03F0EC07E015C0140FEC1F80EC3F00143E5C14FC495A49 -5A5C495A130F495A91C7FC133E137E5B485A5B485A1207485A5B48C8FC5A127E5ABA12C0 -A5C96C48C7FCAF020FB712C0A53A4E7CCD43>52 D<ED0FFF92B512E0020780021F14FC91 -397FFE03FE903A01FFF0007F4901C0EB3F804990C7121F4948EC7FC0494814FF49484913 -E049485B01FF5C485BA2485B5AA2486F13C04A6D1380486F1300177E94C7FC5AA291CAFC -5AA21508913801FFF8020713FFB54814C04A14F04AC66C7E023C6D7E4A6D7E4A6D7E7013 -804A15C0A24A15E07013F05C18F8A491C714FCA37EA67EA46C17F880A27E18F06C5D18E0 -6C6D15C07E6E4913806C6D15006D6C495A6D6CEB7FFC6DB448485A6D90B55A010315C001 -0092C7FC023F13FC020713C0364F7ACD43>54 D<171F4D7E4D7EA24D7EA34C7FA24C7FA3 -4C7FA24C7FA34C7FA24C80A283047F80EE7E3F04FE8016FC830301814C7E03038116F083 -0307814C7E030F8116C083031F814C7E033F8293C7FC844B82037E8003FE825D84020183 -4B800203835D840207834B80020F8392B8FCA24A83A24A8492C9FC854A84027E8202FE84 -5C850101854A820103855C850107854A82010F855C011F83D9FFFC84B600F8020FB712E0 -A55B537BD266>65 D<BA12C019FEF1FFC01AF01AFCD8000701F0C7000313FFDE007F7F73 -7F070F7F737F878587858785A287A84F5BA263616361634F5B4F5B077F90C7FC4E485A06 -0713F892B812E097C8FC861AF003F0C7000313FE9539003FFF80070F13E0737F07017F87 -737F747E1C807413C0A27413E0A31CF0A386A362A31CE0A2621CC0A250138097B5FC1C00 -4F5B19074F5B073F13F04EB55ABC128098C7FC1AF81AC007F8C8FC54527CD160>I<9326 -01FFFCEC01C0047FD9FFC013030307B600F81307033F03FE131F92B8EA803F0203DAE003 -EBC07F020F01FCC7383FF0FF023F01E0EC0FF94A01800203B5FC494848C9FC4901F88249 -49824949824949824949824990CA7E494883A2484983485B1B7F485B481A3FA24849181F -A3485B1B0FA25AA298C7FC5CA2B5FCAE7EA280A2F307C07EA36C7FA21B0F6C6D1980A26C -1A1F6C7F1C006C6D606C6D187EA26D6C606D6D4C5A6D6D16036D6D4C5A6D6D4C5A6D01FC -4C5A6D6DEE7F806D6C6C6C4BC7FC6E01E0EC07FE020F01FEEC1FF80203903AFFE001FFF0 -020091B612C0033F93C8FC030715FCDB007F14E0040101FCC9FC525479D261>I<BA7E19 -FCF1FF801AF01AFCD8000701F0C7000F13FF060014C0071F7F070713F807017F737F747E -747F747F86747F747F8886888688A2757EA31D8087A21DC0A51DE0A387A963A31DC0A51D -80A2631D00A3515AA2646264505B6264505B505B5090C7FCF2FFFE4F5B07075B071F5B96 -B512C0060F91C8FCBB5A1AF01AC007FCC9FC19805B527CD167>I<BC1280A5D8000701F8 -C7000114C0F0001F19071901851A7F1A3F1A1FA2F20FE0A21A07A31A03A318F81BF01A01 -A497C7FC1701A317031707170F177F92B6FCA59238F8007F170F170717031701A317001B -3EA31B7CA395C8FCA21BFCA21BF8A21A01A31A031BF01A071A0FA21A1F1A3FF27FE0F101 -FF1907191F0603B5FCBCFCA21BC0A34F517CD058>I<BB12FEA5D8000701F8C700077FF0 -007F191F190785858586861B80A21A1FA31A0FA41BC006F81307A497C7FCA31701A31703 -1707170F177F92B6FCA59238F8007F170F170717031701A31700A795C9FCB3B812F8A54A -517CD055>I<B812F8A5D8000701F8CAFCB3B3A91A7CA41AFC1AF8A51901A31903A21907 -1AF0190FA2191F193F197F19FF180360183F4DB5FCBB12E0A546527CD151>76 -D<B600FC073FB512FE6F61A26F96B6FCA2D80007F5C00070EF01EFA202EF6DEF03CFA202 -E76DEF078FA202E36DEF0F0FA202E16D171EA302E06D173CA26F6C1778A26F6C17F0A26F -6DED01E0A26F6DED03C0A36F6DED0780A26F6DED0F00A26F6D151EA26F6D5DA3706C5DA2 -706C5DA2706D495AA2706D495AA2706D495AA3706D49C7FCA2706D131EA2706D5BA2716C -5BA3716C5BA271EB81E0A271EBC3C0A271EBE780A27101FFC8FCA3715BA2715BA2725AA2 -725AA2D93FFC6F5AB74DB712FEA2725AA2725A77527CD180>I<B600F893B7FC81818182 -D800076E9239003FFC00F307E082828202EF7F8214E702E37F02E18002E080836F7F816F -7F6F7F6F7F83816F806F80707F707F8482707F707F707F85827080717F717F717F858371 -7F717F7114801AC0837213E07213F07213F87213FC1AFE847213FF7214877214C71BE773 -13F7857313FF8585A28585858686A286868686A286861B7FD93FFC183FB7171FA21B0F1B -07755A60527CD169>I<93380FFFC00303B6FC031F15E092B712FC0203D9FC0013FF020F -01C0010F13C0023F90C7000313F0DA7FFC02007F494848ED7FFE4901E0ED1FFF49496F7F -49496F7F4990C96C7F49854948707F4948707FA24849717E48864A83481B804A83481BC0 -A2481BE04A83A2481BF0A348497113F8A5B51AFCAF6C1BF86E5FA46C1BF0A26E5F6C1BE0 -A36C6D4D13C0A26C6D4D1380A26C1B006C6D4D5A6E5E6C626D6C4C5B6D6D4B5B6D6D4B5B -6D6D4B5B6D6D4B5B6D6D4B90C7FC6D6D4B5A6D01FF02035B023F01E0011F13F0020F01FC -90B512C0020390B7C8FC020016FC031F15E0030392C9FCDB001F13E0565479D265>I<BA -FC19F819FF1AE086D8000701F0C7001F13FC060113FF726C13807313C0070F13E01BF085 -7313F81BFCA27313FEA41BFFA81BFEA31BFC61A21BF84F13F04F13E0614F13C04F13004E -485A061F5B92B812F01AC04FC7FC19E003F8CBFCB3AEB812C0A550527CD15C>I<B912F0 -F0FF8019F819FF1AC0D8000701F0C714F0060F7F060113FE727F737F737F85737F87A273 -7FA387A863A2616363A24F5B4F5B4F90C8FC4F5A06035B060F13F095B512C092B8C9FC19 -F819E019F89226F0000313FE9439007FFF80061F7F727F727F86727F8486A2727FA887A7 -1D1C1D3E8785A275137E73157C7315FC736D13F8B86C6DEBF801739038FE07F07390B512 -E0736C14C0080F1400CEEA7FFC5F537CD164>82 D<91260FFF80130791B500F85B010702 -FF5B011FEDC03F49EDF07F9026FFFC006D5A4801E0EB0FFD4801800101B5FC4848C87E48 -488149150F001F824981123F4981007F82A28412FF84A27FA26D82A27F7F6D93C7FC14C0 -6C13F014FF15F86CECFF8016FC6CEDFFC017F06C16FC6C16FF6C17C06C836C836D826D82 -010F821303010082021F16801400030F15C0ED007F040714E01600173F050F13F08383A2 -00788200F882A3187FA27EA219E07EA26CEFFFC0A27F6D4B13806D17006D5D01FC4B5A01 -FF4B5A02C04A5A02F8EC7FF0903B1FFFC003FFE0486C90B65AD8FC0393C7FC48C66C14FC -48010F14F048D9007F90C8FC3C5479D24B>I<003FBC1280A59126C0003F9038C0007F49 -C71607D87FF8060113C001E08449197F49193F90C8171FA2007E1A0FA3007C1A07A500FC -1BE0481A03A6C994C7FCB3B3AC91B912F0A553517BD05E>I<B700FC017FB600FE91B612 -F0A5D8003F01C0C8001F01E0C9EBF8006F71EE0FC06D7161876F1C1F6D7196C7FC6F8373 -606D1E3E6F836D7160876F1CFC6D666F4B801F016D66704A806E525A88704A17076E059F -5F70021F80080F160F6E6570023F806EDC3E074CC8FC8870027E5F6EDC7C03163E7002FC -804F6C167E6E1C7C700101814F6C16FC6E745B70010317016E4C6D5D060716C00580496D -14036F63DDC00F16E04F6D14076F07F05BDDE01F170F6F92C76C5D1DF8DDF03E6E141F6F -98C9FCDDF87E16FC067C6E5C6FF1FE3EDDFCFC177E6F4A6E147C1DFFDDFFF06E14FC6F62 -A24E816F62A270496F5BA24E817061A295C97E7061A270487090CAFCA37048705AA24D16 -01040360A27048705A84537DD18B>87 D<EC7FFF0107B512F0013F14FE90B77E48D9E00F -7F2703FE000113F0486C6D7F6EEB3FFC48826E131F83707FA36C496D7FA26C90C7FC6C5A -C9FCA6037FB5FC020FB6FC91B7FC01071487013FEBF0074913803901FFFC004813F0485B -485B485B4890C7FC5A5BA2485AA45EA26D5C007F151D163D6C6C02797F6C6D01F113F86C -9026C003E0EBFFE06C9027F81FC07F13F06C90B5487EC64B7E011F01FC010713E0010101 -E090C8FC3C387CB641>97 D<EB3FF0B5FCA51203C6FCB3A4923801FFE0030F13FE033FEB -FFC092B612F002F301017F913AF7F8003FFEDAFFE0EB0FFF03806D7F92C76C7F4A6E7F4A -824A6E7FA2727EA285A28584A31A80AC1A00A44E5AA36118FF616E4A5BA26E4A5B6E4A5B -6F495BDACFC04990C7FCDA87F0EB7FFC913A03FE03FFF849C6B612E0496D148049011F01 -FCC8FC90C7000313C041547BD24B>I<913801FFF8021FEBFF8091B612F0010315FC010F -9038C00FFE903A1FFE0001FFD97FFC491380D9FFF05B4817C048495B5C5A485BA2486F13 -8091C7FC486F1300705A4892C8FC5BA312FFAD127F7FA27EA2EF03E06C7F17076C6D15C0 -7E6E140F6CEE1F806C6DEC3F006C6D147ED97FFE5C6D6CEB03F8010F9038E01FF0010390 -B55A01001580023F49C7FC020113E033387CB63C>I<4DB47E0407B5FCA5EE001F1707B3 -A4913801FFE0021F13FC91B6FC010315C7010F9038E03FE74990380007F7D97FFC0101B5 -FC49487F4849143F484980485B83485B5A91C8FC5AA3485AA412FFAC127FA36C7EA37EA2 -6C7F5F6C6D5C7E6C6D5C6C6D49B5FC6D6C4914E0D93FFED90FEFEBFF80903A0FFFC07FCF -6D90B5128F0101ECFE0FD9003F13F8020301C049C7FC41547CD24B>I<913803FFC0023F -13FC49B6FC010715C04901817F903A3FFC007FF04948EB1FF8D9FFE06D7E488248496D7E -48814A15805A4890C76C13C0A24817E0A282485A18F0A312FFA390B8FCA318E049CAFCA5 -127FA46C7EA26C17E0EF01F06C7F17036C17E06C6D14076C6DEC0FC06CEE1F806D6CEC3F -00D93FFC14FE6D6CEB03FC903A0FFFC03FF8010390B55A010015C0021F49C7FC020113F0 -34387CB63D>I<ED3FFC0203B5FC020F14C0023F14E09139FFF81FF0499038C03FF849EB -807F49903800FFFC495A495AA2495AA2EE7FF8495AEE3FF0EE0FC093C7FCAEB712E0A526 -007FF8C8FCB3B3A7007FB512FEA52E547CD329>I<DA3FFF14FF0103B5D8F00713C0010F -DAFC1F13E0013FECFF7F90267FFC0F9038FF9FF09026FFE001EBF83F48496C13E0484990 -387FF01F4890C7D83FF813E0489338FC0FC0F0078048486E6CC7FCA2003F82A9001F5EA2 -6C6C4A5AA26C5E6C6D495A6C6D495A6C6D485BDAFC0F5B4890B6C8FCD803EF14FC01C314 -F02607C03F90C9FC91CBFCA2120FA37FA213F813FE90B7FC6C16F817FF18C06C836C836C -836D828448B9FC12074848C700031480D81FF8EC003F4848150748486F13C083485A83A5 -6D5D007F18806D5D003F18006C6C4B5AD80FFEED1FFC6C6C6CEC7FF86C01E049485A6C01 -FE011F5B6C6CB71280010F03FCC7FC010115E0D9000F01FCC8FC3C4F7CB543>I<EB3FF0 -B5FCA51203C6FCB3A4EE1FFC93B512C0030314F0030F8092391FE07FFC92393F001FFE03 -7C8003F07FDAF1E081ECF3C0DAF7807F8502FFC7FC5CA25CA45CB3ACB6D8F807B612C0A5 -42537BD24B>I<137F497E487F487F487F487FA76C5B6C5B6C5B6C5B6DC7FC90C8FCADEB -3FF0B5FCA512017EB3B3A6B612E0A51B547BD325>I<EB3FF0B5FCA51203C6FCB3A54CB5 -12F8A59339003FFE00EF1FE04D5A4D5A4DC7FCEE01FCEE07F84C5A4C5AEE3F8004FFC8FC -4B5A4B5AED07F0ED1FE0153F4B7E4B7E02F37F02F77F91B5FC82039F7F030F7F4A7EDAF8 -037F02F0806F7F6F7F167F707E83707F707F8284707F707F82717E84717E1980B6D8F003 -B6FCA540537CD247>107 D<EB3FF0B5FCA512017EB3B3B3B1B612F0A51C537BD225>I<D9 -3FF0D91FFCEDFFE0B591B500C0010713FE030302F0011F6D7E030F6E017F8092271FE07F -FCD9FF037F922A3F001FFE01F8007F0003027C9126FF03E080C602F06DD90780137FDAF1 -E0038FC77FDAF3C0159EDAF7806D01BC143F07FC8102FFC75C4A5EA24A5EA44A5EB3ACB6 -D8F807B6D8C03FB512FEA567367BB570>I<D93FF0EB1FFCB591B512C0030314F0030F80 -92391FE07FFC92393F001FFE0003027C80C602F07FDAF1E081ECF3C0DAF7807F8502FFC7 -FC5CA25CA45CB3ACB6D8F807B612C0A542367BB54B>I<913801FFE0021F13FE91B612C0 -010315F0010F9038807FFC903A1FFC000FFED97FF86D6C7E49486D7F48496D7F48496D7F -4A147F48834890C86C7EA24883A248486F7EA3007F1880A400FF18C0AC007F1880A3003F -18006D5DA26C5FA26C5F6E147F6C5F6C6D4A5A6C6D495B6C6D495B6D6C495BD93FFE011F -90C7FC903A0FFF807FFC6D90B55A010015C0023F91C8FC020113E03A387CB643>I<903A -3FF001FFE0B5010F13FE033FEBFFC092B612F002F301017F913AF7F8007FFE0003D9FFE0 -EB1FFFC602806D7F92C76C7F4A824A6E7F4A6E7FA2717FA285187F85A4721380AC1A0060 -A36118FFA2615F616E4A5BA26E4A5B6E4A5B6F495B6F4990C7FC03F0EBFFFC9126FBFE07 -5B02F8B612E06F1480031F01FCC8FC030313C092CBFCB1B612F8A5414D7BB54B>I<9126 -01FFE0EB0780021F01F8130F91B500FE131F0103ECFF80010F9039F03FC03F499039800F -E07F903A7FFE0003F04948903801F8FF4849EB00FD4849147F4A805A4849805A4A805AA2 -91C87E5AA35B12FFAC6C7EA37EA2806C5EA26C6D5CA26C6D5C6C6D5C6C93B5FC6C6D5B6D -6C5B6DB4EB0FEF010F9038C07FCF6D90B5120F010114FED9003F13F80203138091C8FCB1 -040FB61280A5414D7CB547>I<90397FE003FEB590380FFF80033F13E04B13F09238FE1F -F89139E1F83FFC0003D9E3E013FEC6ECC07FECE78014EF150014EE02FEEB3FFC5CEE1FF8 -EE0FF04A90C7FCA55CB3AAB612FCA52F367CB537>I<903903FFF00F013FEBFE1F90B7FC -120348EB003FD80FF81307D81FE0130148487F4980127F90C87EA24881A27FA27F01F091 -C7FC13FCEBFFC06C13FF15F86C14FF16C06C15F06C816C816C81C681013F1580010F15C0 -1300020714E0EC003F030713F015010078EC007F00F8153F161F7E160FA27E17E07E6D14 -1F17C07F6DEC3F8001F8EC7F0001FEEB01FE9039FFC00FFC6DB55AD8FC1F14E0D8F80714 -8048C601F8C7FC2C387CB635>I<143EA6147EA414FEA21301A313031307A2130F131F13 -3F13FF5A000F90B6FCB8FCA426003FFEC8FCB3A9EE07C0AB011FEC0F8080A26DEC1F0015 -806DEBC03E6DEBF0FC6DEBFFF86D6C5B021F5B020313802A4D7ECB34>I<D93FF8913801 -FFC0B50207B5FCA50003ED001FC61607B3AE5FA35FA2017F5D173B177B6D6C14F3DC01E3 -13F06D6CD907C3EBFFC0903A0FFFC03F836D90B51203010114FE6D6C13F8020701E091C7 -FC42377BB54B>I<B600F00107B5FCA5C601F8C8EA7FC06EED3F00A26D6C153E187E013F -167C6E15FC6D5E6F13016D5E6F13036D5E8117076D6D5C170F6D6D5C171F6D93C7FC6F5B -027F143E6F137E023F147C6F13FCA26E6D5A16816EEBC1F016C36E5C16E76E5C16FF6E5C -A26E91C8FCA36F5AA26F5AA26F5AA26F5AA26F5A6F5A40357DB447>I<B6D8E07FB5D8C0 -03B512C0A5000101F0C701F0C7381FF8006E027FED07E06C715DA26E023F150F017F705D -6E181F013F7092C7FC177F6E606D92B5143E6F177E6D71137C5E03C001F315FC6D02036E -5B03E001E114016D05E05B160703F001C014036D020F02F05B03F8EB807FF1F8076D021F -5E03FCD9003F130F027F04FC5B5EDBFE3E90381FFE1F023F017E93C8FCDBFF7C010F5B6E -EEFF3E16FC4C6D13FE6E5F4C7F6E5FA24C7F6E5F4C7F6E5FA24C147F6E5F93C8123F6F5E -A2033E6FC9FC5A357DB461>I<007FB500F090387FFFFEA5C66C48C7000F90C7FC6D6CEC -03F86D6D495A6D6D495A6D4B5A6F495A6D6D91C8FC6D6D137E6D6D5B91387FFE014C5A6E -6C485A6EEB8FE06EEBCFC06EEBFF806E91C9FCA26E5B6E5B6F7E6F7EA26F7F834B7F4B7F -92B5FCDA01FD7F03F87F4A486C7E4A486C7E020F7FDA1FC0804A486C7F4A486C7F02FE6D -7F4A6D7F495A49486D7F01076F7E49486E7E49486E7FEBFFF0B500FE49B612C0A542357E -B447>I<B600F00107B5FCA5C601F8C8EA7FC06EED3F00A26D6C153E187E013F167C6E15 -FC6D5E6F13016D5E6F13036D5E8117076D6D5C170F6D6D5C171F6D93C7FC6F5B027F143E -6F137E023F147C6F13FCA26E6D5A16816EEBC1F016C36E5C16E76E5C16FF6E5CA26E91C8 -FCA36F5AA26F5AA26F5AA26F5AA26F5AA35E150F5E151F93C9FC5DD81FC0133E486C137E -486C137C486C13FC5D14015D14034A5A6C48485A49485A263FC07FCAFCEB81FE6CB45A6C -13F000035BC690CBFC404D7DB447>I E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fq line10 10 10 -/Fq 10 84 df<1C0C1C1E1C3E1C7C1CF8F301F0F303E0F307C0F30F80F31F001B3E6363 -505A505A505A505A50C7FC1A3E62624F5A4F5A4F5A4F5A4FC8FC193E61614E5A4E5A4E5A -4E5A4EC9FC183E60604D5A4D5A4D5A4D5A4DCAFC173E5F5F4C5A4C5A4C5A4C5A4CCBFC16 -3E5E5E4B5A4B5A4B5A4B5A4BCCFC153E5D5D4A5A4A5A4A5A4A5A4ACDFC143E5C5C495A49 -5A495A495A49CEFC133E5B5B485A485A485A485A48CFFC123E5A5A5A1260575782D453> -0 D<1718173C177C177817F817F0160117E0160317C016071780160F17005E161E163E16 -3C167C167816F85E15015E15035E15075E150F93C7FC5D151E153E153C157C157815F85D -14015D14035D14075D140F92C8FC5C141E143E143C147C147814F85C13015C13035C1307 -5C130F91C9FC5B131E133E133C137C137813F85B12015B12035B12075B120F90CAFC5A12 -1E123E123C127C127812F85A12602E5782D42A>I<1C0C1C3E1CFEF303FCF30FF8F33FE0 -F3FF80973803FE00F20FF8F23FE0F2FF80DF03FEC7FCF10FF8F13FE0F1FF80DE03FEC8FC -F00FF8F03FE0F0FF80DD03FEC9FCEF0FF8EF3FE0EFFF80DC03FECAFCEE0FF8EE3FE0EEFF -80DB03FECBFCED0FF8ED3FE0EDFF80DA03FECCFCEC0FF8EC3FE0ECFF80D903FECDFCEB0F -F8EB3FE0EBFF80D803FECEFCEA0FF8EA3FE0EA7F8000FECFFC12F81260572E82AB53>8 -D<1C0C1C3E1C7EF301FCF303F8F30FE0F31FC0F37F001BFEF203F8505AF21FC0505A08FE -C7FC4F5AF107F04F5AF13F804FC8FCF001FC4E5AF00FE04E5A067FC9FC18FEEF03F84D5A -EF1FC0EF7F8005FECAFCEE03FCEE07F0EE1FC04C5A04FECBFC4B5AED07F04B5AED3F804B -CCFCEC01FC4A5AEC0FE04A5A027FCDFC14FEEB03F8495AEB1FC0495A01FECEFC485AEA07 -F0485AEA3F8048CFFC12FC5A1260573B82B853>17 D<F10180F103C019071A80190FF11F -00193E193C197C614E5A6118034E5A4E5A96C7FC60183E60187818F84D5A4D5A6017074D -5A4DC8FC171E173E5F5F5F16014C5A4C5A5F160F4CC9FC163E163C167C5E4B5A5E15034B -5A4B5A93CAFC5D153E5D157815F84A5A4A5A5D14074A5A4ACBFC141E143E5C5C5C130149 -5A495A5C130F49CCFC133E133C137C5B485A5B1203485A485A90CDFC5A123E5A127812F8 -5A1260425782D43E>19 D<126012F07E127C7E7E6C7E6C7E6C7E6C7E6C7E137C7F7F6D7E -6D7E6D7E6D7E6D7E147C80806E7E6E7E6E7E6E7E6E7E157C81816F7E6F7E6F7E6F7E6F7E -167C8282707E707E707E707E707E177C8383717E717E717E717E717E187C8484727E727E -727E727E727E197C8585737E737E737E737E737E1A7C8686747E747E747E747E747E1B7C -8787F30F80F307C0F303E0F301F0F300F81C7C1C3E1C1E1C0C575782D453>64 -D<126012F07E1278127C123C123E121E121F7E7F12077F12037F12017F12007F1378137C -133C133E131E131F7F801307801303801301801300801478147C143C143E141E141F8081 -1407811403811401811400811578157C153C153E151E151F818215078215038215018215 -00821678167C163C163E161E161F821780160717C0160317E0160117F0160017F8177817 -7C173C17182E5782D42A>I<126012F812FEEA7F80EA3FE0EA0FF8EA03FEC66C7EEB3FE0 -EB0FF8EB03FE903800FF80EC3FE0EC0FF8EC03FE913800FF80ED3FE0ED0FF8ED03FE9238 -00FF80EE3FE0EE0FF8EE03FE933800FF80EF3FE0EF0FF8EF03FE943800FF80F03FE0F00F -F8F003FE953800FF80F13FE0F10FF8F103FE963800FF80F23FE0F20FF8F203FE973800FF -80F33FE0F30FF8F303FCF300FE1C3E1C0C572E82AB53>72 D<126012F87E127F6C7EEA0F -E06C7EEA01FC6C7EEB3F806D7EEB07F06D7EEB00FE147FEC1FC06E7EEC03F86E7EEC007F -6F7EED0FE06F7EED01FC6F7EEE3F80707EEE07F0EE03FCEE00FEEF7F80EF1FC0EF07F071 -7EEF00FE187FF01FC0727EF003F8727EF0007F737EF10FE0737EF101FC737EF23F80747E -F207F0747EF200FE1B7FF31FC0F30FE0F303F8F301FCF3007E1C3E1C0C573B82B853>81 -D<126012F07E1278127C7E7E7E7F6C7E6C7E12017F6C7E137C133C133E7F6D7E1307806D -7E6D7E130080147C80141E141F6E7E6E7E1403816E7E6E7E1578157C818181826F7E6F7E -1501826F7E167C163C163E82707E160783707E707E160083177C83171E171F717E717E17 -0384717E717E1878187C84848485727E727E180185727E197C193C193E85F10F8019071A -C01903F10180425782D43E>83 D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fr cmtt12 12 70 -/Fr 70 127 df<00085B003EEB07C0007FEB0FE0A24814F0A26C14E0B3A2007E1307003E -14C0A20008EB01001C1E75BD33>34 D<D803E01438D80FF8147C486C14FEA2486C13015E -EA7F7FD87E3F13035E00FEEB8007D8FC1F5CA2150F5EA2151F5ED8FE3F133F007E01005B -A2D87F7F137FD83FFE91C7FC5D6C485BA2380FF801D803E05BC7FC14035D14075DA2140F -5D141F5DA2143F5DA2147F92C8FC5C5CA213015C13035CA20107147C4A48B4FC4B138013 -0F4A4813C0131F9139C00FEFE016C7013F011F13F002801383137F1400A25B5BA2120149 -14C70003020F13E04914EF923807FFC01207496D1380A26C486D13006C48EB007C2C4D7D -C433>37 D<EB03E0EB0FF8497E497E497E90B5FC9038FE3F803801FC1F13F8000380EBF0 -0FA7141F5D91393F87FFE001F84913F00001137F147E14FE9026F9FC0713E001FF903801 -F8006C13F8ECF00302E05B1507D97FC05B14809038FF000F485D148048141F4801C05B5A -391FEFE03FD83FC791C7FC903887F07FD87F03137EECF8FE6D6C5A12FEEB00FF6E5AA291 -393FF00180EE03C091391FE007E0140F6CEB1FF06C133FEC7FF8903980FFFE0FD83FC301 -FF13C0D9FFFC13FF6C496C13806C497E6CD9E00F13006C90388007FE3A00FE0001F82C3F -7DBD33>I<EA07C0EA0FF0EA1FF8A213FCA213FE120F1207EA007EA613FE13FCA21201EA -03F8A2EA07F0120FEA1FE0EA7FC0EAFF8013005A5A12700F1E6EBC33>I<140FEC3F8014 -7F14FF491300495AEB07F8495A495A495A495A49C7FC5B12015B485A12075B120F5B121F -5BA2123F5BA2127F90C8FCA45A5AAD7E7EA47F123FA27F121FA27F120F7F12077F12036C -7E7F12007F6D7E6D7E6D7E6D7E6D7EEB03FE6D7E6D1380147F143FEC0F00194D6FC433> -I<127812FE7E7F6C7E6C7EEA0FF06C7E6C7E6C7E6C7E6D7E133F80131F6D7E8013078013 -03801301A2801300A28080A41580143FAD147F1500A45C5CA213015CA213035C13075C13 -0F5C495A133F5C137F49C7FC485A485A485A485AEA3FE0485A485A90C8FC5A1278194D78 -C433>I<14F0497EA8007015E000F8EC01F000FE140700FF140F01C1133F01F113FF263F -F9F913C0000FB61200000314FCC614F06D5B011F1380D907FEC7FC90381FFF80017F13E0 -90B57E000314FC000F14FF263FF9F913C026FFF1F813F001C1133F0101130F00FE140700 -F814010070EC00E000001500A86D5A242B79B333>I<140E141F4A7EB0003FB7FC481680 -B812C0A36C16806C1600C7D83F80C7FCB06EC8FC140E2A2B7CB333>I<EA07C0EA0FF0EA -1FF8123F13FCA213FEA2121F120F1207EA007E13FEA213FC1201EA03F81207EA0FF0EA7F -E012FF13C013005A12780F196E8A33>I<003FB612FC4815FEB8FCA36C15FE6C15FC2807 -7BA133>I<121FEA3F80EA7FC0EAFFE0A5EA7FC0EA3F80EA1F000B0B6C8A33>I<167016F8 -ED01FCA2150316F8150716F0A2150F16E0151F16C0153F1680157F1600A25D5D14015D14 -035D14075DA2140F5D141F5D143F5D147F92C7FCA25C5C13015C13035CA213075C130F5C -131F5C133F5CA2137F91C8FC5B5B12015B12035BA212075B120F5B121F5B123F5BA2127F -90C9FC5A5AA2127C1238264D7AC433>I<14FF010313C0010F13F0497F497F497F9038FF -81FF3A01FE007F804848EB3FC049131F4848EB0FE0A24848EB07F0A24848EB03F8A24848 -EB01FCA348C812FEA4007E157E00FE157FAE6C15FF6C15FEA46D1301003F15FCA26D1303 -001F15F8A26C6CEB07F0A26C6CEB0FE06D131F6C6CEB3FC0A26CB4EBFF806C018113006D -B45A6D5B6D5B6D5B010313C0010090C7FC283F7BBD33>I<EB01E0497EA21307A2130FA2 -131F133F137F13FF1203123F5AEAFFF713E71387EA7E071200B3B3A2003FB512FE488016 -80A216006C5C213E76BD33>I<EB03FF011F13E0017F13FC48B57E48ECFF804815C0260F -FE0313E03A1FF0007FF049EB1FF84848130F49EB03FC127F90C7EA01FE4814005A6C15FF -167FA3127E123CC9FCA216FF16FEA2150116FC150316F81507ED0FF0ED1FE0153F16C0ED -7F80EDFF004A5AEC07FC4A5A4A5A4A5A4A5A4A5A4990C7FC495AEB07F8EB1FF0495A495A -495A4890C8FC4848143E4848147FEA0FF0485A48B7FCB8FCA37E6C15FE283E7BBD33>I< -903801FFC0010F13F8013F13FE90B67E48814881489038807FF03A0FFC000FF801F06D7E -484813036F7EA21500A26C5A6C5AC9FC15015EA215034B5A150F4B5A4B5A913803FFC001 -03B55A4991C7FC5D8116C06D8090C76C7EED0FF8ED03FC6F7E6F7E821780163FA2EE1FC0 -A3123C127EB4FCA2163F1780167F6C16006D5C6D495A6C6C1303D81FF8EB0FFC3A0FFF80 -7FF86C90B55A6C5D6C15806C6C91C7FC010F13FC010113C02A3F7CBD33>I<0007B612F0 -4815F85AA316F001C0C8FCB0ECFFC001C713F801DF7F90B6FC168016C0028013E09039FC -001FF001F0EB0FF849130749EB03FC6C4813016CC713FEC9FCA216FF167FA41218127EA2 -B415FF16FEA24814016C15FC6C14036DEB07F86D130F6C6CEB1FF06C6CEB7FE09039FE03 -FFC06CB612806C150000015C6C14F8013F13E0010390C7FC283E7BBC33>53 -D<127CB8128017C0A4178048C813004B5A4B5A007C4A5AC8485A5E151F4B5A4B5A93C7FC -5D5D4A5A14035D14075D140F5D141F5D143F5DA24AC8FCA25C5CA213015CA3495AA41307 -5CA5130F5CAA6D5A6D5A2A3F7CBD33>55 D<121FEA3F80EA7FC0EAFFE0A5EA7FC0EA3F80 -EA1F00C7FCB3A3121FEA3F80EA7FC0EAFFE0A5EA7FC0EA3F80EA1F000B2B6CAA33>58 -D<EA07C0EA0FE0EA1FF0EA3FF8A5EA1FF0EA0FE0EA07C0C7FCB3A3EA07C0EA0FE0EA1FF0 -EA3FF8A213FCA3121F120F12071200A2120113F81203EA07F0120FEA1FE0127FEAFFC013 -80130012FC12700E396EAA33>I<161C167E16FF15035DED1FFEED3FFCEDFFF84A13E002 -0713C04A1300EC3FFEEC7FF849485A4913C0010F5B4948C7FCEB7FFCEBFFF000035B4813 -80001F90C8FCEA3FFC485AEAFFE05B7FEA7FF86C7E6CB4FC00077F6C13E0C67FEB7FFCEB -1FFE6D6C7E01037F6D13F06D6C7EEC3FFEEC0FFF6E13C0020113E06E13F8ED3FFCED1FFE -ED07FF811500167E161C28337BB733>I<003FB7FC481680B812C0A36C16806C1600CBFC -A9003FB7FC481680B812C0A36C16806C16002A177CA933>I<1238127EB4FC13C07FEA7F -F86C7E6CB4FC00077F6C13E0C67FEB7FFCEB1FFE6D6C7E01037F6D13F06D6C7EEC3FFEEC -0FFF6E13C0020113E06E13F8ED3FFCED1FFEED07FF815DED1FFEED3FFCEDFFF84A13E002 -0713C04A1300EC3FFEEC7FF849485A4913C0010F5B4948C7FCEB7FFCEBFFF000035B4813 -80001F90C8FCEA3FFC485AEAFFE05B90C9FC127E123828337BB733>I<EC1F804A7E4A7E -A34A7EA314F901017FA501037FA214F0A201077FA4ECE07E010F137FA449486C7EA54948 -6C7EA4017F80EC000FA291B5FCA290B67EA43A01FE0007F8491303A4000381491301A300 -0781491300D87FFF90380FFFE0B56C4813F06E5AA24A7E6C496C13E02C3E7DBD33>65 -D<007FB512F8B7FC16C082826C813A03F8000FFCED03FE15016F7E82A2EE3F80A7EE7F00 -A25E4B5AA2ED07FCED1FF890B65A5E1680828216F89039F8000FFCED01FE6F7EEE7F8016 -3F17C0161FA2EE0FE0A7161F17C0A2163FEE7F8016FF4B1300150F007FB65AB75A5E16E0 -5E6C4AC7FC2B3D7DBC33>I<91391FE00780DAFFFC13C00103EBFF0F010F148F4914FF5B -90387FF81F9038FFC00748497E4848487E497F485A167F485A49143F121F5B003F151F5B -A2127F90C8EA0F8093C7FCA25A5AAD7E7EA36DEC0F80003FED1FC0A27F121F7F000F153F -6D15806C7E167F6C6CECFF007F3A01FF8003FE6C6D485A90397FF81FF86DB55A6D5C6D5C -010391C7FC010013FCEC1FE02A3F7CBD33>I<003FB512F04814FCB7FC826C816C813A03 -F8007FF0ED1FF8ED07FC15036F7E8281EE7F80A2163F17C0161FA217E0160FA4EE07F0AD -160F17E0A4161F17C0163FA21780167FEEFF00A24B5A15034B5AED1FF8ED7FF0003FB6FC -4815C0B75A93C7FC6C14FC6C14F02C3D7EBC33>I<003FB712E04816F0B8FCA27E7ED801 -FCC71207A8EE03E093C7FCA6151F4B7EA490B6FCA69038FC003FA46FC7FC92C8FCA817F8 -EE01FCA9003FB7FC5AB8FCA27E6C16F82E3D7EBC33>I<003FB712E04816F0B8FCA27E7E -D801FCC71207A8EE03E093C7FCA7151F4B7EA490B6FCA69038FC003FA46FC7FC92C8FCB1 -383FFFF8487FB57EA26C5B6C5B2C3D7DBC33>I<003FB612804815C0B712E0A26C15C06C -1580260003F8C7FCB3B3AD003FB612804815C0B712E0A26C15C06C1580233D78BC33>73 -D<387FFFF8B57E80A25C6C5BD801FCC9FCB3B3A3EE03E0EE07F0A9007FB7FCB8FCA46C16 -E02C3D7DBC33>76 D<D83FF8EC1FFC486CEC3FFE486CEC7FFFA2007F16FE6C6CECFFFC00 -0716E001EF14F7EC8001A39039E7C003E7A3ECE007A201E314C7A2ECF00FA201E11487EC -F81FA201E01407A2ECFC3FA2EC7C3EA2EC7E7EEC3E7CA3EC1E78EC1FF8A2EC0FF0A3EC07 -E0EC03C091C7FCAED83FFCEC3FFC486CEC7FFEB591B5FCA26C48EC7FFE6C48EC3FFC303D -7FBC33>I<D87FFC90381FFFE0486C4913F07FA36C6D6C13E00003913800FC0013F780A2 -13F380A3EBF1F0A38013F0A280A2147C147EA2143E143FA2801580A3140F15C0A2140715 -E0A2140315F0A21401A215F81400A3157CA3153C153EA2151E151F387FFF80B5EAC00FA3 -15076C496C5A2C3D7DBC33>I<003FB512FC48ECFF80B712E016F86C816C813A01FC000F -FF030313801500EE7FC0163FEE1FE0160FA217F01607A6160F17E0A2161FEE3FC0167FEE -FF801503030F130090B65A5E5E16E0168003FCC7FC01FCC9FCB3383FFFE0487FB57EA26C -5B6C5B2C3D7EBC33>80 D<007FB57EB612F815FE81826C812603F8007FED3FF0ED0FF815 -076F7E1501A26F7EA74B5AA215034B5A150FED3FF0EDFFE090B65A5E93C7FC5D8182D9F8 -007F153F6F7E150F821507AA173E177FA416F8030313FF267FFFC014FEB538E001FF17FC -81EE7FF86C49EB3FF0C9EA0FC0303E7EBC33>82 D<D907FE137890393FFFC07C90B5EAF0 -FC4814FC000714FF5AEBFC03391FF0007F4848133F0180131F007F140F90C71207481403 -5AA21501A46CEC00F86C15007F7F6C7E7FEA1FFE380FFFE06C13FF6C14F06C14FC6C6C13 -FF011F1480010314C0D9003F13E0020313F09138003FF8ED0FFC1507ED03FE1501150016 -FFA2007C157F12FEA56C15FF16FE7FED01FC6D130301F0EB07F801FC130F9039FF807FF0 -91B512E016C000FC1580013FEBFE00D8F80F5BD8780013E0283F7BBD33>I<003FB712F8 -4816FCB8FCA43AFE000FE001A8007CED00F8C71500B3B3A40107B512C049804980A26D5C -6D5C2E3D7EBC33>I<273FFFE001B5FC486D481480B56C4814C0A26C496C14806C496C14 -00D801FCC7EA0FE0B3B3A36D141F00005EA26D143F6D5DA26D6C49C7FC6E5B6D6C485AEC -F00390390FFC0FFC6DB55A6D5C6D5C6D6C1380DA1FFEC8FCEC07F8323E80BC33>I<D87F -FF903803FFF8B56C4813FCA46C496C13F8D807F09038003F806D147F00031600A36D5C00 -015DA46C6C495AA46D13036D5CA3EC8007013F5CA3ECC00F011F5CA46D6C485AA46D6C48 -5AA4010391C7FC6E5AA30101137EA2ECFCFEA201005BA5EC7FF8A46E5AA26E5A6E5A2E3E -7EBC33>I<D83FFCEC3FFC486CEC7FFEB591B5FCA26C48EC7FFE6C48EC3FFCD80FC0EC03 -F0A76D1407000716E0A86C6CEC0FC0A2EC07E0EC0FF0EC1FF8A3000116809039F83FFC1F -EC3E7CA4EC7E7EA200001600A2EC7C3E01FC5CECFC3FA3ECF81F017C143EA590397DF00F -BEA3013D14BC90393FE007FCA5ECC003011F5C6D486C5A303E7FBC33>I<007FB512C0B6 -12E0A415C048C8FCB3B3B3ABB612C015E0A46C14C01B4D6CC433>91 -D<1238127C12FEA27E7E7F123FA27F121F7F120F7F12077F1203A27F12017F12007F7F80 -133FA280131F80130F801307801303A28013018013008080A281143F81141F81140F8114 -07A28114038114018114008181A21680153F16C0151F16E0150F16F01507A216F8150316 -FC1501A2ED00F81670264D7AC433>I<007FB512C0B612E0A47EC7120FB3B3B3AB007FB5 -FCB6FCA46C14C01B4D7DC433>I<EB7FFE0003B512C04814F048804880819038E007FF02 -007F6C486D7E6C48133FC8121F82150FA4EC0FFF0103B5FC131F90B6FC120348140F4813 -80381FFC00EA3FE0485A5B48C7FC5AA47E151F6C6C133F6D13FF263FF8077F6CB712F06C -16F86C14F76C14E3C61401903A3FF8003FF02D2B7BAA33>97 D<EA3FFC487E12FFA2127F -123F1200AC4AB4FC020F13C0023F13F04A13FC91B57E90B7FCDAFE071380DAF80013C002 -E0137F4AEB3FE04A131F91C7EA0FF016074915F81603A217FC1601A81603A217F87F1607 -17F06E130F6EEB1FE0163F6EEB7FC09139F801FF80DAFE07130091B55A495C6E5B6E13E0 -D97E0F138090263C03FEC7FC2E3D7FBC33>I<ECFFFC0107EBFF80011F14C0017F14E090 -B612F05A48EB800F3807FE00D80FF8EB07E049EB03C0484890C7FC485AA2485A90C9FCA3 -5A5AA77E7EA27FA26C6CEB01F06DEB03F8121FD80FF813076D14F06CB4131F6C9038E07F -E06C90B5FC6C15C06D1400011F5B010713F8010013C0252B79AA33>I<ED7FF84B7E5CA2 -80157F1501ACEB01FF010F13C1013F13F14913FD90B6FC5A4813803907FE003FD80FF813 -1F4848130F491307484813035B007F140190C7FCA25AA25AA87E7E15037F003F14077F6C -6C130F6D131F6C6C133F6D137F3907FF81FF6C90B612F06C02FD13F86C02F913FC013F13 -E1010F018113F8902601FE0013F02E3D7DBC33>I<ECFF80010713F0011F13FC017F13FF -90B612804815C048018013E03907FE001FD80FF8EB0FF049EB07F848481303485A49EB01 -FC127F90C7FC16FE150012FEB7FCA516FC48C9FC7E7EA27F123F6D147C001F15FE7F6C6C -1301EA07FC6DEB07FC3A03FFC03FF86C90B5FC6C6C14F06D14C0010F14800103EBFE0090 -38007FF0272B7BAA33>I<ED3FF0913801FFFC020713FE141F4A13FF5CECFFC04913004A -137E494813184A1300A8003FB612F84815FCB7FCA36C15F8260003F8C7FCB3AD003FB612 -804815C0A46C1580283D7DBC33>I<EE1FC0D901FEEBFFF090260FFFC313F8013F13F749 -90B512FC90B7FC4815F148010313812607FC00EB80F849017F1360484890383FC0004913 -1FA2001F8149130FA66D131F000F5DA26D133F6C6C495A6D13FF2603FF0390C7FCECFFFE -485C5D5DD80FCF13C0D9C1FEC8FC01C0C9FCA36C7E7F6CB512FEEDFFC06C15F800078148 -15FF4816809026E0000713C0D83F80EB007F48C8EA1FE0160F007E150700FE16F0481503 -A56C1507007FED0FE06D141FD83FE0EC7FC0D81FF8903801FF80270FFF801F13006C90B5 -5A6C5DC615F0013F14C0010F91C7FC010013F02E437DAB33>I<EA3FFC487E12FFA2127F -123F1200AC4AB4FC020713C0021F13F0027F7F91B57E90B6FC9138FE03FEECF801ECF000 -02C07F825C91C7FCA35BB3A43B3FFFF80FFFFC486D4813FEB56C4813FFA26C496C13FE6C -496C13FC303D7FBC33>I<14E0EB03F8A2497EA36D5AA2EB00E091C8FCAA383FFFF8487F -A47EEA0001B3AD007FB612C0B712E016F0A216E06C15C0243E78BD33>I<EA7FF8487EA4 -127F1200AC4AB512C04A14E04A14F0A26E14E06E14C09139000FF0004B5A4B5A4B5A4BC7 -FC4A5A4A5A4A5A4A5A4A5A4A5A4A5A4A7E01FD7F90B5FC81ECF3F8ECE3FC14C1EC80FEEC -007F5B496D7E6F7E82150F6F7E6F7E8215016F7E3B7FFFF80FFFF0B56C4813F817FCA217 -F86C496C13F02E3D7EBC33>107 D<383FFFFC487FB5FCA27E7EC7FCB3B3AD003FB612F8 -4815FCB712FEA26C15FC6C15F8273D7ABC33>I<267FC0FC137E3BFFE3FF01FF8001EF01 -877F90B500CF7F15DF6C91B57E0007010F1387496CEB03F801FC13FE9039F803FC01A201 -F013F8A301E013F0B3A53C7FFE0FFF07FF80B548018F13C0A46C486C01071380322B80AA -33>I<393FFC01FF267FFE0713C000FF011F13F0027F7F007F90B57E6CB6FCC69038FE03 -FEECF801ECF00002C07F825C91C7FCA35BB3A43B3FFFF80FFFFC486D4813FEB56C4813FF -A26C496C13FE6C496C13FC302B7FAA33>I<EB01FE90380FFFC0013F13F0497F48B512FE -48804801031380EBFC00D80FF0EB3FC04848EB1FE049130F003F15F0491307007F15F890 -C71203A2007E140100FE15FCA86C14036C15F8A36D1307003F15F06D130F6C6CEB1FE06D -133F6C6CEB7FC06C6CEBFF80EBFF036C90B512006C5C6C6C13F86D5B010F13C0D901FEC7 -FC262B7AAA33>I<393FFC01FF267FFE0F13C000FF013F13F04A13FC007F90B57E6CB7FC -C6D9FE071380DAF80013C002E0137F4AEB3FE04A131F91C7EA0FF016074915F81603A217 -FC1601A81603A217F87F160717F06E130F6EEB1FE0163F6EEB7FC09139F801FF80DAFE07 -130091B55A495C6E5B6E13E0020F1380DA03FEC7FC91C9FCB0383FFFF8487FB57EA26C5B -6C5B2E417FAA33>I<02FF137C0107EBE0FE011F13F0017F13FC90B512FE4814FF4813C0 -3907FE003FD80FF8131F4848130F49130748481303A24848130190C7FCA2481400A25AA8 -7E7E15017F003F14037F6C6C13076D130F6C6C131F6C6C137F9038FF81FF6CEBFFFE6C14 -FC6C6C13F86D13F0010F13C0903801FE0090C8FCB092387FFFFC92B512FEA46F13FC2F41 -7CAA33>I<3A7FFF8003FEB539C01FFF80037F13E002C1B5FC02C314F06C13C73A001FCF -FE0FECDFF09139FFC007E092388003C04AC8FCA25C5C5CA25CA45CB1007FB512FEB7FCA4 -6C5C2C2B7DAA33>I<90381FFE0F90B5EACF80000314FF120F5A5A387FF003EB800000FE -C7127F153F5AA36CEC1F006C91C7FCEA7FC0EA3FFEEBFFF06CEBFF80000714F06C14FCC6 -6C7F010F7FD9003F1380020113C09138003FE0007C140F00FEEC07F01503A27EA27F6D13 -076DEB0FE06D131F9039FC01FFC090B61280A200FDECFE0000FC5CD8F83F13F0D8780790 -C7FC242B79AA33>I<EB03C0497E130FAA003FB612FC4881B7FCA36C5D26000FE0C8FCB3 -A3161FEE3F80A5167F6E14006D6C485A9138FE07FE6DB5FC5E6D5C6D14E0023F1380DA07 -FCC7FC29377EB633>I<D83FFCEB1FFE486C497E00FF5CA2007F80003F800000EC007FB3 -A75EA25D6D5B5D90387FC03F91B612FC6D15FE6DEC7FFF6D13FE6D01F813FE01009038C0 -3FFC302B7FAA33>I<3B3FFFC00FFFF0486D4813F8B56C4813FCA26C496C13F86C496C13 -F0D801F8C7EA7E006D14FE00005DA26D1301017E5CA2017F13036D5CA2EC8007011F5CA2 -ECC00F010F5CA36D6C485AA3ECF03F010391C7FCA26E5A0101137EA2ECFCFE01005BA214 -FF6E5AA36E5AA26E5A6E5A2E2B7EAA33>I<3B7FFF8007FFF8B56C4813FC6E5AA24A7E6C -496C13F8D80FC0C7EA0FC06D141F00071680A56D143F00031600A3EC0FC0EC1FE0A23A01 -F83FF07EA3EC7FF8147CA20000157C9039FCFCFCFCA3ECF87CA2017C5C017D137EECF03E -A2017F133FA26D486C5AA3ECC00F90390F8007C02E2B7EAA33>I<3B3FFFC07FFF80486D -B512C0B500F114E0A26C01E014C06C496C13803B00FE000FE000017F495AEB3F804B5A6D -6C48C7FC90380FE07E903807F0FEECF1FC903803FBF8EB01FF6D5B5D6E5A143F6E5A143F -814A7E14FF903801FBF0ECF9F8903803F1FCEB07E0157E90380FC07F011F6D7E90383F80 -1F02007F496D7E01FE6D7E484813033B7FFFC03FFFE0B56C4813F0A46C496C13E02C2B7D -AA33>I<3B7FFF801FFFE0B56C4813F06E4813F8A24A6C13F06C496C13E0D803F8C7EAFC -00000114015E7F000014036D5C137EA2017F495A7FA26E485A131FA26D6C485AA214E001 -0749C7FCA214F01303157EEB01F8A2157C010013FC14FC5D147C147DEC3FF0A36E5AA36E -5AA2141F5DA2143F92C8FCA3147EA214FE003F5B1301387F83F81387EB1FF0EBFFE06C5B -5C6C90C9FC6C5AEA03F02D417DAA33>I<000FB712804816C05AA317800180C713004B5A -4B5A4B5A4B5A6CC7485AC8485A4B5A4BC7FC4A5A4A5A4A5A4A5A4A5A4A5A4A5A4AC8FC49 -5A495A495A495A495A495A495A49C7EA0F804848EC1FC0485A485A485A485A485A48B7FC -B8FCA46C16802A2B7DAA33>I<1238127C12FEB3B3B3B3127C1238074D6AC433>124 -D<013E13079039FF800F8000039038C01FC048EBE03F48EBF07F489038F9FF803A7FE7FF -FE00D8FF835B01015B486C5B007CEB7FC00038011FC7FC220C78BC33>126 -D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fs cmti12 12 62 -/Fs 62 125 df<4CB414FC040F9039C003FF80933B3F81F00783C0933B7C00781F01E04C -9038F83F03923C01F001FC3E07F003030103EB7E0F922607E007EB7C1F19FCDB0FC001F8 -14E0943A03F0F80FC0DD01E1EB0780031FD9000190C7FC5E180361153F93C7FCA2180761 -5D157EA2180F6115FE91B912F0A3DA00FCC7D81F80C7FC1401A25D183F96C8FCA214035D -A260187E14075DA218FE60140F5DA2170160141F5DA2170360143F92C7FCA21707605C14 -7EA2170F6014FE5CA24D5AA2495A95C9FC5F5C0103153E177E001CEBE038007F02FE137C -26FF07E114FC02C15C4C5AEB0F8100FE903901FC03E0D8F81F9038F007C03B701E00E00F -80D8783CD9F83ECAFCD81FF0EB3FF8D807C0EB0FE04C5A83C53C>11 -D<EF7FF80407B5FC93391FC00FC093393E0001E004FCEB00F04B4813014B4813075E0307 -140FA24B5A19E0031FEC03804C90C7FCA3153F93C9FCA45D157EA415FE91B8FCA260DA00 -FCC7127E020115FE4B5CA317016014035D170360A214074B130760A3020F140F4B5CA317 -1F021F5D5DA2053F13E01801023F16C092C7FCA2EF7F03057E13805C027E15071900173E -180E02FEEC1E1E4AEC1F1CEF07F8EF01E094C8FC495AA35C1303A2001C5B127FEAFF075C -A2495A00FE90CBFCEAF81FEA701EEA783CEA1FF0EA07C03C5A83C537>I<EFFFC00407EB -F83F93381F807E93397E000F7F04F8EB1F7E4B48EB3FFE0303147F4B4813FF19FC4B5A18 -7E183D4B48EB01F8A31803033F15F093C7FCA218074B15E0A2157E180F19C0A215FE91B8 -FC1980A2DA00FCC7121F0201153F4B1500A3600203157E5DA218FE6014075D170160A214 -0F4B130360A3021F14074B5CA3050F1338023FEDC07892C71470A3051F13F04AED80E014 -7E188119C0170F02FEED83804AEC0787F0C700EF01FEEF0078494892C7FCA4495AA3001C -5BEA7F0700FF5BA25C130F00FE90CBFCEAF81E12F0EA783CEA1FF0EA07C0405A83C539> -I<141EEC3F80ECFFC0A35B1580A315005BA25CA35C1307A25CA35C130FA25CA35C131FA2 -5CA349C7FCA3133EA35BA31378A35BA35BA35B90C8FCA9120FEA3FC0127FA212FFA35B6C -C8FC123C1A4776C61E>33 D<13F0EA03F8EA07FC120FA6EA03CCEA001C1318A213381330 -A2137013E013C0120113801203EA0700120E5A5A5A5A5A0E1D6BC41E>39 -D<13F0EA03FC1207A2EA0FFEA4EA07FCEA03CCEA000C131C1318A2133813301370136013 -E0EA01C013801203EA0700120E5A5A5A5A5A0F1D7A891E>44 D<007FB5FCB6FCA214FEA2 -1805789723>I<16C01501A215031507ED0F80151F153F157F913801FF005C140F147F90 -3807FCFEEB0FF0EB0700EB00015DA314035DA314075DA3140F5DA3141F5DA3143F5DA314 -7F92C7FCA35C5CA313015CA313035CA313075CA2130FA2131F133FB612FCA25D224276C1 -32>49 D<ED03FCED1FFF037F13C0913801FE07913903F001E091380FE00091381F800391 -383F000F027E131F5C495A495A010715C04948EB07004A90C7FC131F495AA249C9FCA213 -FE1201A2485AEC07F09038F83FFC0007EBF81F9039F9C00F803A0FFB8007C0EBF70001FE -80491303001F815B5B82485AA3491307127F5BA2150F5E90C7FCA2151F485DA25A4B5AA2 -007E5D157F93C7FC5D5D4A5A003E495A003F5C4A5A6C6C485A000FEB3F80D9C0FEC8FC38 -03FFFC6C13F038007F802B4475C132>54 D<ED1FE0EDFFFC020313FF913907E03F809139 -1F800FC091393E0007E04A13034A14F049481301495AA2495AA2495AA21603011F15E0A2 -16076E14C0EE0F806E131F6EEB3F006E133E6D6C5B02FF13F0ED83E06DEBC7C06D01FFC7 -FC6D13FC6D5B6E7E6E7E91B57ED901EF7FD907837FEB1F01D93E007F496D7E49133F4848 -131F4848130F48486D7E48481303001F140190C7FC5A003E1400007E5D127CA2150100FC -5D5A4B5AA24B5A127C4B5A4BC7FC6C143E003F5C6C495A390FC003F03907F01FC06CB5C8 -FCC613FCEB1FE02C4477C132>56 D<ED3FC0EDFFF0020313FC91380FE07E91383F803F4A -487E02FC14800101140F494814C0495A495AA2495A133F4A14E0137FA249C7FC161FA248 -16C05BA2163F12035BA2167F17804914FFA34B130012015D5D00005D6D130F017C131D15 -3B6DEB73FC90381F03E3903907FF83F8903801FC0790C7FC5E150F5E151F5E4B5AA24BC7 -FCA2001C14FE007F5C48495A4A5A14074A5A485C00F8013FC8FC48137E5C387C07F0383F -FFE06C1380D803FCC9FC2B4476C132>I<130FEB1FC0133FEB7FE013FFA214C0EB7F8014 -00131E90C7FCB3A5120FEA3FC0127FA212FFA35B6CC7FC123C132B76AA1E>I<EF038017 -07A24D7EA2171FA2173F177FA217FFA25EA2EE03BF1607173F160F160E161C841638171F -167016F016E0ED01C0A2ED0380A2ED0700A2150E151E151C5D845D170F5D14015D14035D -4AC7FC92B6FC5CA2021CC7120F143C14385CA24A81A249481407A2495A130791C8FC130E -131EA25B137C13FC00014C7ED807FE151FB500E00107B512F8A219F03D477BC648>65 -D<DC0FF8130393B513070307ECC00F923A1FF803E01F923A7FC000F81E4BC7EA7C3EDA03 -FCEC3C7EDA0FF0EC1EFE4A48EC0FFC4A4814074AC8FC02FE1503494816F8130349481501 -495A494816F0495A137F5C01FF17E04890C9FCA2485A19C0485AA2485A95C7FC121F5BA2 -123F5BA3127F5BA4485AA41838A218781870A218F0007F5F1701601703003F5F17076D4B -C7FC001F160E171E6C6C5D6D5D00075E6C6C4A5A6DEC07C06C6C4A5AD8007F023EC8FCD9 -3FC013FC90391FF807F00107B512C0010191C9FC9038001FF0404872C546>67 -D<91B712F818FF19C00201903980003FF06E90C7EA0FF84AED03FCF000FE4B157FA2F13F -800203EE1FC05DF10FE0A214074B16F01907A2140F5D1AF8A2141F5DA2190F143F5D1AF0 -A2147F4B151FA302FF17E092C9123FA34918C04A167F1A80A2010317FF4A1700A24E5A13 -074A4B5A611807010F5F4A4B5A181F61011F4C5A4A4BC7FC18FE4D5A013F4B5A4A4A5A4D -5A017FED3FC005FFC8FC4AEB03FE01FFEC1FF8B812E094C9FC16F845447AC34A>I<91B9 -12C0A30201902680000313806E90C8127F4A163F191F4B150FA30203EE07005DA314074B -5D190EA2140F4B1307A25F021F020E90C7FC5DA2171E023F141C4B133C177C17FC027FEB -03F892B5FCA39139FF8003F0ED00011600A2495D5CA2160101034B13705C19F061010791 -C8FC4A1501611803010F5F4A150796C7FC60131F4A151E183E183C013F167C4A15FC4D5A -017F1503EF0FF04A143F01FF913803FFE0B9FCA26042447AC342>I<91B91280A3020190 -2680000713006E90C8FC4A163FA24B81A30203160E5DA314074B151E191CA2140F5D1707 -5F021F020E90C7FC5DA2171E023F141C4B133CA2177C027F5CED800392B5FCA291B65AED -00071601A2496E5A5CA2160101035D5CA2160301075D4A90CAFCA3130F5CA3131F5CA313 -3F5CA2137FA313FFB612E0A341447AC340>I<DC0FF81306DCFFFE130E03079038FF801E -923A1FF807E03E923A7F8001F03CDA01FEC7EA787CDA03F8EC3CFCDA0FF0141D4A48EC1F -F8DA3F80140F4AC8FCD901FE1507494816F05C01071603495A494816E0495A137F5C01FF -17C04890C9FC5B12031980485AA2485A95C7FC121F5BA2123F5BA3127F5BA4485A043FB5 -12E0A39339001FF80060A360A2007F163F60A3177F003F5F7F121F17FF6D93C7FC000F5D -6C6C5C7F6C6C4A5A6C6CEC1F3E6C6C143ED93FC0EBF81E903A1FF007F01C0107B5EAC00C -010149C9FC9038003FF03F4872C54B>I<91B6D8803FB512E0A302010180C7387FE0006E -90C86C5A4A167FA24B5EA219FF14034B93C7FCA26014074B5DA21803140F4B5DA2180714 -1F4B5DA2180F143F4B5DA2181F147F92B75AA3DAFF80C7123F92C85BA2187F5B4A5EA218 -FF13034A93C8FCA25F13074A5DA21703130F4A5DA21707131F4A5DA2170F133F4A5DA201 -7F151FA24A5D496C4A7EB6D8803FB512E0A34B447AC348>I<027FB512E091B6FCA20200 -EBE000ED7F8015FFA293C7FCA35C5DA314035DA314075DA3140F5DA3141F5DA3143F5DA3 -147F5DA314FF92C8FCA35B5CA313035CA313075CA3130F5CA3131F5CA2133FA25CEBFFE0 -B612E0A25D2B447BC326>I<91B66C90383FFFF8A302010180C7000F13006E90C8EA07FC -4A17F01AC04B4B5A4FC7FC193C02035E4B5DF003E0F0078002074BC8FC4B141E6018F802 -0F4A5A4BEB03C04D5A4DC9FC021F141E4B137C17F04C5A023F495A4B487E161F163F027F -497EED80FFED81EF923883CFF89138FF8F8FED1E07033C7F157849EBF00303E07F15C092 -380001FF495A5C707FA213074A6E7EA2173F010F825C171F84131F4A140F84A2013F6F7E -5CA2017F6F7EA24A4A7E496C4A7FB66C90B512FC5E614D447AC34B>75 -D<91B612F0A25F020101C0C7FC6E5B4A90C8FCA25DA314035DA314075DA3140F5DA3141F -5DA3143F5DA3147F5DA314FF92C9FCA35B5CA3010316104A1538A21878010716705C18F0 -18E0010F15015C18C01703011F15074A1580170FA2013FED1F004A5C5F017F15FE16034A -130F01FFEC7FFCB8FCA25F35447AC33D>I<91B56C93387FFFC08298B5FC02014DEBC000 -6E614A5FA203DF4C6CC7FC1A0E63912603CFE05D038F5F1A381A711407030FEEE1FCA2F1 -01C3020FEE0383020E60F107036F6C1507021E160E021C60191CF1380F143C023804705B -A2F1E01F0278ED01C091267003F85EF003801A3F02F0ED070002E0030E5CA24E137F1301 -02C04B91C8FC606201036D6C5B02805F4D5A943803800113070200DA07005BA2050E1303 -495D010E606F6C5A1907011E5D011C4B5CA27048130F133C01384B5C017892C7FC191F01 -F85C486C027E5DD807FE027C4A7EB500F00178013FB512C0A216705A447AC357>I<91B5 -6C49B512E0A28202009239000FFC00F107F0706E5A4A5F15DF705D1907EC03CFDB8FF892 -C7FCA203875D02077F0303150EA270141EEC0F01020E161C826F153C141E021C6E133816 -7F1978023C800238013F1470A27113F00278131F02705E83040F130102F014F84A5E1607 -EFFC0313014A01035C17FE1807010314014A02FF90C8FCA2705B0107168F91C8138E177F -18DE5B010EED3FDC18FCA2011E151F011C5EA2170F133C01386F5A1378A201F81503486C -5EEA07FEB500F01401A2604B447AC348>I<EE1FF84BB5FC923907F01FC092391F8003F0 -92397E0001F8DA01F86D7EDA03E0147EDA0FC0804A48EC1F804AC813C0027E150F4A16E0 -49481507494816F01307495A494816F8013F16035C137F49C9FC4917FC120112035B1207 -491607120FA25B121F19F849160F123FA34848EE1FF0A3183F19E0485A19C0187FA2F0FF -80A219005F604D5AA2007F4C5A4D5AA24D5A003F5F4D5A6D4BC7FC001F5E4C5A6C6C5DEE -03F06C6C4A5A0003ED1FC06C6C4A5A6C6C027EC8FC017EEB01F890393F8007F090390FE0 -3F80902603FFFEC9FC9038007FE03E4872C54B>I<91B712F018FEF0FF80020190398000 -7FE06E90C7EA1FF04AED07F818034B15FCF001FE1403A24B15FFA21407A25DA2140FF003 -FE5DA2021F16FC18074B15F8180F023F16F0F01FE04B15C0F03F80027FED7F0018FE4BEB -03FCEF0FF002FFEC7FC092B6C7FC17F892CAFC5BA25CA21303A25CA21307A25CA2130FA2 -5CA2131FA25CA2133FA25CA2137FA25C497EB67EA340447AC342>I<EE1FF84BB5FC9239 -07F01FC092391F8007F092397E0001F8DA01F86D7E4A48147EDA0FC0804A4815804AC8EA -1FC0147E4AED0FE013014948ED07F0495A495A011F17F8495A5C137F49C9120319FC485A -000317075B12075B120FA25B121FF00FF85B123FA34848EE1FF0A449EE3FE012FF19C018 -7FA2198018FF190090C95A604D5AA26C4C5A6D5E170F03F85C003FD907FE495ADA0F0749 -5ADA1C0349C7FC3A1FC0380180023014FE000F0170EB81FCD9E060EB83F00007913800C7 -E03B03F0E001CFC02601F8C0EBFF80D800FC4AC8FCD97EE013F890393F6007F090270FF0 -3FC013300103B5FC9026007FE11470DA0003146018E0A2170170485A170770485A923807 -F83F93B5C7FCA26F5B5FA25F6F5B6F13C0043FC8FC3E5972C54B>I<91B77E18F818FE02 -0190398001FF806E90C7EA3FC04AED1FE0F00FF04BEC07F8180319FC14034B15FEA31407 -5DA3020FED07FC5DA2F00FF8141F4B15F0F01FE0F03FC0023F16804BEC7F0018FEEF03F8 -027F4A5A4BEB1FC04CB4C7FC92B512F891B612E092380003F8EE00FE177F496F7E4A6E7E -A28413034A140FA2171F13075CA2173F130F5CA24D5A131F5CA3013F170E5CA2017FEE80 -1E191C4A163C496C1638B66C90383FC070051F13F094380FE1E0CA3803FF80943800FE00 -3F467AC347>I<DB03FE130C92390FFF801C037FEBE03C9238FE03F8913A03F0007C7C4A -48EB3EF84A48131F4A48130F4AC7FC027EEC07F05C1703495A18E0495AA213074A15C0A3 -130F1880A28094C7FCA280806D7EECFFE015FC6DEBFF806D14F016FC6D14FF023F80020F -801403DA003F7F150703007F163F161F160FA21607A3120716031607A2485EA2120E160F -001E5EA2001F4B5AA2484BC7FC6D143E167E6D5C007F4A5A6D495AD87CF0495AD8787CEB -1F8027F03F807FC8FC90381FFFFCD8E00713F039C0007F80364879C537>I<48B912F85A -A2913B0007FC001FF0D807F84A130701E0010F140349160148485C90C71500A2001E021F -15E05E121C123C0038143F4C1301007818C0127000F0147F485DA3C800FF91C7FC93C9FC -A35C5DA314035DA314075DA3140F5DA3141F5DA3143F5DA3147F5DA314FF92CAFCA35B5C -A21303A21307497E007FB612C0A25E3D446FC346>I<B6913807FFFEA25C000301C00200 -13E06C90C9EA7F00183E183C60A26C1770601701604D5AA24DC7FC5F170E6E5CA2017F5D -177817705FA24C5AA24C5A16076E91C8FC160E133F5E163C16385EA25E15015E6E485AA2 -4BC9FC131F150E151E151C5DA25D15F05DECF1C0A290380FF38014F792CAFC14FEA25CA2 -5C5CA25C13075CA25C91CBFC3F466CC348>86 D<023FB5D8C003B512E0A21780020001F8 -C7387FFC006F48EC3FE06F48158097C7FC031F153E705C1978030F15E07013014E5A0307 -4A5A7091C8FC180E03035C705B187803015C70485A606FEB83800587C9FC178FEE7FDE17 -FC5F705A5F161F83A2160F4C7EA2163FEE77FC16F7ED01E3923803C3FEED07831601030E -7F151CED3C004B805D4B6D7E4A5A4A5A4AC76C7E5C141E4A6E7E14384A140F4A81495A01 -031507494881130F133F017F4B7E2603FFC04A7E007F01F849B512FEB5FC614B447CC348 ->88 D<007FB54AB51280B65CA2000101E09139007FF0006C49ED3FC04A93C7FC6D6C153E -601878013F5E6E4A5A604D5A6D6C4AC8FC5F171E010F151C6E5C5F010715F06E495A5F4C -5A6D6C49C9FC5E161E0101141C6E5B5E16F06DEB81E05EED8380DA7F87CAFC15CF15DEEC -3FDC15F85DA26E5A5D143FA35D147FA392CBFC5CA35C1301A35C1303A3495AA3497E000F -B512F8A341446DC348>I<021FB712F85C19F093C7121F03F0EC3FE0DA7FC0EC7FC04BEC -FF80027EC813004A5C4A4A5A4D5A49484A5A4A5D4D5A4A143F01034B5A4A4A5A4C90C7FC -01075D91C712034C5A4C5A90C8485A5F163F4C5A4C5A4B90C8FC5E15034B5A4B5A4B5A5E -4B5A157F4B5A4A90C9FC4A5A5D14074A5A4A4814E04A5A5D027F14014A485C4990C7FC49 -4814034A5D130749481407495A49484AC7FC5C49485C01FF151E4890C8123E4848157E48 -4815FE494A5A000F1503484814074848EC3FF84848EB03FF90B7FCB8FC5F3D4479C33C> -I<EC1F80EC7FE0903901F07070903907C039F890380F801D90381F001F013E6D5A137E5B -484813075E485A120749130F000F5DA2485A151F003F5D5BA2153F007F92C7FC90C7FCA2 -5D157E12FEA29238FE0380EDFC071700A2007E13015E913803F80E1407003E010F131E16 -1C6C131C02385B3A0F80F078783A07C3E07C703A01FF801FE03A007E000780292D76AB32 ->97 D<EB0FE0EA07FFA338001FC0130F131FA25CA3133F91C8FCA35B137EA313FE5BA312 -015BEC1F80EC7FE03903F9E0F89038F3C07C9038F7003E13FE48487F5BA2491480485AA2 -5BA2121F5BA2153F123F90C7FCA2157F481500127EA25D5D5AA24A5AA24A5AA2007C5C4A -5A140F5D4A5A003C49C7FC003E137E001E5B6C485A380783E03803FF80C648C8FC214676 -C42D>I<EC0FE0EC7FF8903801F81E903807E00F90390F80078090381F0003017E14C049 -131F0001143F5B4848EB7F801207485AED3E00484890C7FCA2485AA2127F90C9FCA35A5A -A45AA5ED0180ED03C0ED0780A2007CEC0F00007E141E003E147C15F06CEB03E0390F800F -802607C07EC7FC3801FFF838007FC0222D75AB2D>I<EE07F0ED03FFA39238000FE01607 -160FA217C0A2161FA21780A2163FA21700A25EA2167EA216FEA25EEC1F80EC7FE1903801 -F071903907C039F890380F801D90381F001F013E130F017E5C5B48481307A248485C1207 -49130F120F5E485A151F123F495CA2153F127F90C790C7FCA25DA200FE147EA29238FE03 -80160703FC1300A2007E13015E913803F80E1407003E010F131E161C6C131C02385B3A0F -80F078783A07C3E07C703A01FF801FE03A007E0007802C4676C432>I<EC0FE0EC7FF890 -3801F83E903807C00F90391F800780EB3F00017E14C0491303485A48481307000715805B -000F140F484814005D4848133E15FCEC07F0007FEBFFC0D9FFFEC7FC14C090C9FC5A5AA5 -5AA4ED0180ED03C0007CEC0780A2007EEC0F00003E141E157C6C14F06CEB03E03907800F -802603C07EC7FC3801FFF838003FC0222D75AB2D>I<EE0F80EE3FE0EEF870923801F038 -923803E0F8923807E1FC16C3ED0FC7A2EE87F892381F83F0EE81E0EE8000153F93C7FCA4 -5D157EA415FE5DA349B512FEA390260001F8C7FCA314035DA414075DA4140F5DA4141F5D -A4143F92C8FCA55C147EA314FE5CA413015CA4495AA35C1307121C007F5B12FF495AA291 -C9FC485AEAF81E485AEA7878EA1FF0EA07C02E5A83C51E>I<15FCEC03FF91390F838380 -91393E01CFC091387C00EF4A13FF4948137F010315804948133F495A131F4A1400133F91 -C75A5B167E13FE16FE1201495CA215011203495CA21503A2495CA21507A25EA2150F151F -5E0001143F157F6C6C13FF913801DF8090387C039F90383E0F3FEB0FFCD903F090C7FC90 -C7FC5DA2157EA215FEA25DA2001C495A127F48495A14074A5A485C023FC8FC00F8137E38 -7C01F8381FFFE0000390C9FC2A407BAB2D>I<14FE137FA3EB01FC13001301A25CA21303 -A25CA21307A25CA2130FA25CA2131FA25C157F90393F83FFC091388F81F091381E00F802 -387F4948137C5C4A137EA2495A91C7FCA25B484814FE5E5BA2000314015E5BA200071403 -5E5B1507000F5DA249130F5E001F1678031F1370491480A2003F023F13F0EE00E090C7FC -160148023E13C01603007E1680EE070000FEEC1E0FED1F1E48EC0FF80038EC03E02D467A -C432>I<143C147E14FE1301A3EB00FC14701400AE137C48B4FC3803C780380703C0000F -13E0120E121C13071238A21278EA700F14C0131F00F0138012E0EA003F1400A25B137EA2 -13FE5B12015BA212035B141E0007131C13E0A2000F133CEBC038A21478EB807014F014E0 -EB81C0EA0783EBC7803803FE00EA00F8174378C11E>I<16F0ED03F8A21507A316F0ED01 -C092C7FCAEEC01F0EC07FCEC1E1EEC380F0270138014E0130114C0EB03800107131F1400 -A2130E153F131E011C140090C7FC5DA2157EA215FEA25DA21401A25DA21403A25DA21407 -A25DA2140FA25DA2141FA25DA2143FA292C7FCA25C147EA214FE001C5B127F48485A495A -A248485A495AD8F81FC8FCEA707EEA3FF8EA0FC0255683C11E>I<14FE137FA3EB01FC13 -001301A25CA21303A25CA21307A25CA2130FA25CA2131FA25C167E013F49B4FC92380783 -C09138000E07ED3C1F491370ED603F017E13E0EC01C09026FE03801380913907000E00D9 -FC0E90C7FC5C00015B5C495AEBF9C03803FB8001FFC9FCA214F03807F3FCEBF07F9038E0 -1FC06E7E000F130781EBC003A2001F150FA20180140EA2003F151E161C010013E0A2485D -A2007E1578167000FE01015B15F1489038007F800038021FC7FC2A467AC42D>I<EB03F8 -EA01FFA3380007F013031307A214E0A2130FA214C0A2131FA21480A2133FA21400A25BA2 -137EA213FEA25BA21201A25BA21203A25BA21207A25BA2120FA25BA2121FA25BA2123FA2 -90C7FCA2387F01C01303007E1380A2130700FE130012FCA25B130EEA7C1E131CEA3C3CEA -3E786C5AEA07C0154678C419>I<D801F0D90FE0EB07F0D803FCD97FF8EB3FFC28071E01 -F03EEBF81F3E0E1F03C01F01E00F80271E0F8700D983807F001C018E90390F870007003C -019C148E003801B802DC8002F814FC26781FF05C0070495CA24A5C00F0494948130FD8E0 -3F6091C75B1200043F141F4960017E92C7FCA24C143F01FE95C7FC49147E6104FE147E12 -01494A14FE610301EE0780000305011400494A14F8A2030302035B0007F0F00E495C1A1E -0307EDE01C000F193C494A153862030F020113F0001FF0F1E0494A903800FF800007C7D8 -0380023EC7FC492D78AB50>I<D801F0EB0FE0D803FCEB7FF83A071E01F03E3A0E0F03C0 -1F001ED987001380001C018E130F003C139C003801B814C014F838781FF000705BA25C00 -F049131FD8E03F158091C7FC1200163F491500137EA25E01FE147E5B16FE5E1201491301 -5E170F00030203130E4914F0A20307131E0007EDE01C5B173CEEC038000F167849157017 -E0ED03C1001FEDE3C049903801FF000007C8127C302D78AB37>I<EC0FE0EC7FFC903801 -F83E903907E00F8090390F8007C0EB1F00017EEB03E04914F0A248481301484814F81207 -485AA2485AA2485A1503127F90C7FCA215074815F05AA2150F16E05AED1FC0A21680153F -16005D157E5D007C495A007E495A003E5C4A5A6CEB1F80260F803EC7FC3807C0FC3801FF -F038003F80252D75AB32>I<D903E0137E903A07F801FF80903A0E3C0783E0903A1C1E0F -01F0903A3C1F1C00F801385B017849137C01705BA24A48137E01E05BA292C7FC00015B13 -C0147EC7FC02FE14FEA25CA20101140117FC5CA20103140317F85CA20107EC07F0A24AEB -0FE0A2010F15C0EE1F80163F1700496C137E5E4B5A9138B803F090393F9C07E091389E0F -80DA07FEC7FCEC01F849C9FCA2137EA213FEA25BA21201A25BA21203A21207B512F0A25C -2F3F7FAB32>I<91381F800C91387FE01C903901F0703C903907C0387890390F801CF890 -381F001D013E130F017E14F05B48481307A2484814E012075B000F140F16C0485AA2003F -141F491480A3007F143F90C71300A35D00FE147EA315FE5DA2007E1301A24A5A1407003E -130FA26C495A143B380F80F33807C3E73901FF87E038007E071300140F5DA3141F5DA314 -3F92C7FCA25CA25C017F13FEA25D263F76AB2D>I<D801F0EB3F803A03FC01FFF03A071E -03C0F83A0E0F0F007C001E90389E01FC001C139CECB803003813F0A2D91FE013F80078EC -00E00070491300A200F05BEAE03F91C8FC1200A25B137EA313FE5BA312015BA312035BA3 -12075BA3120F5BA3121F5B0007C9FC262D78AB29>I<EC0FE0EC7FF8903801F01E903803 -C00F90390780078090380F0003011E14C0150749131FA2017CEB3F801378137CED0E0092 -C7FC137E137F14F014FF6D13C06D13F06D7F6D7F1300EC0FFE14011400157F81120E003F -141E487EA2153E48C7123CA200FC5C12705D0078495A6C495A6CEB0F80260F803EC7FC38 -03FFF838007FC0222D7AAB28>I<1470EB01F8A313035CA313075CA3130F5CA3131F5CA2 -007FB512E0B6FC15C0D8003FC7FCA25B137EA313FE5BA312015BA312035BA312075BA312 -0F5BA2EC0780001F140013805C140E003F131EEB001C143C14385C6C13F0495A6C485AEB -8780D807FEC7FCEA01F81B3F78BD20>I<137C48B414072603C780EB1F80380703C0000F -7F000E153F121C0107150012385E1278D8700F147E5C011F14FE00F05B00E05DEA003FEC -0001A2495C137E150313FE495CA215071201495CA2030F13380003167849ECC070A3031F -13F0EE80E0153F00011581037F13C06DEBEF8300000101148090397C03C787903A3E0F07 -C70090391FFE01FE903903F000782D2D78AB34>I<017C143848B414FC3A03C78001FE38 -0703C0000F13E0120E001C14000107147E1238163E1278D8700F141E5C131F00F049131C -12E0EA003F91C7123C16385B137E167801FE14705BA216F0000115E05B150116C0A24848 -EB0380A2ED0700A2150E12015D6D5B000014786D5B90387C01E090383F0780D90FFFC7FC -EB03F8272D78AB2D>I<017CEE038048B4020EEB0FC02603C780013FEB1FE0380703C000 -0E7F5E001C037E130F01071607123804FE130300785DEA700F4A1501011F130100F00180 -4914C012E0EA003FDA000314034C14805B137E0307140701FE1700495CA2030F5C000117 -0E495CA260A24848495A60A2601201033F5C7F4B6C485A000002F713036D9039E7E00780 -90267E01C349C7FC903A1F0781F81E903A0FFF007FF8D901FCEB0FE03B2D78AB41>I<02 -F8133FD907FEEBFFE0903A0F0F83C0F0903A1C07C780F890393803CF03017013EE01E0EB -FC07120101C013F8000316F00180EC01C000074AC7FC13001407485C120EC7FC140F5DA3 -141F5DA3143F92C8FCA34AEB03C01780147EA202FEEB0700121E003F5D267F81FC130E6E -5BD8FF83143CD903BE5B26FE079E5B3A7C0F1F01E03A3C1E0F83C0271FF803FFC7FC3907 -E000FC2D2D7CAB2D>I<137C48B414072603C780EB1F80380703C0000F7F000E153F001C -1600130712385E0078157EEA700F5C011F14FE00F0495B12E0EA003FEC00015E5B137E15 -0301FE5C5BA2150700015D5BA2150F00035D5BA2151F5EA2153F12014BC7FC6D5B00005B -EB7C0390383E0F7EEB1FFEEB03F090C712FE5DA214015D121F397F8003F0A24A5A484848 -5A5D48131F00F049C8FC0070137E007813F8383801F0381E07C06CB4C9FCEA01FC294078 -AB2F>I<027C130749B4130F49EB800E010F141E49EBC03CEDE03890393F03F07890397C -00FDF00178EB3FE00170EB03C001F0148049130790C7EA0F00151E5D5D5D4A5A4A5A4A5A -4AC7FC141E5C5C5C495A495A495A49C8FC011E14F04914E05B491301485A4848EB03C0D8 -07B0130701FEEB0F80390FCF801F3A1F07E07F00393E03FFFED83C015B486C5B00705C00 -F0EB7FC048011FC7FC282D7BAB28>I<B812F0A22C02779B32>I<BE12C0A25A02759B64> -I E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Ft cmsy10 12 52 -/Ft 52 120 df<007FB912E0BA12F0A26C18E03C04789A4D>0 D<121FEA3F80EA7FC0EA -FFE0A5EA7FC0EA3F80EA1F000B0B789E1C>I<0060160600F0160F6C161F007C163E6C16 -7C6C16F86C6CEC01F06C6CEC03E06C6CEC07C06C6CEC0F806C6CEC1F00017C143E6D5C6D -5C6D6C485A6D6C485A6D6C485A6D6C485A6D6C48C7FCEC7C3E6E5A6E5A6E5A6E5AA24A7E -4A7EEC3E7C4A7E4A7E49486C7E49486C7E49486C7E49486C7E49C77E013E147C49804980 -4848EC0F804848EC07C04848EC03E04848EC01F048C912F8003E167C48163E48161F4816 -0F00601606303072B04D>I<14034A7E4A7E4A7E4A7EEC7CF8ECF87C49487E49487E4948 -6C7E49486C7E49486C7E013E6D7E496D7E49147C4848804848804848EC0F804848EC07C0 -48C8EA03E0003EED01F048ED00F848167CA2007C16F86CED01F06CED03E06C6CEC07C06C -6CEC0F806C6CEC1F006C6C143E6C6C5C017C5C6D495A6D495A6D6C485A6D6C485A6D6C48 -C7FC903801F03E6D6C5AEC7CF8EC3FF06E5A6E5A6E5A6EC8FC2E2E7EAF33>5 -D<49B4FC010F13E0013F13F890B512FE48EB01FF3A03F8003F80D807E0EB0FC0D80F80EB -03E048C7EA01F0001E1400003E15F8003C1578007C157C0078153C00F8153E48151EA86C -153E0078153C007C157C003C1578003E15F8001E15F0001F14016C6CEB03E0D807E0EB0F -C0D803F8EB3F803A01FF01FF006CEBFFFE013F13F8010F13E0010190C7FC27267BAB32> -14 D<49B4FC010F13E0013F13F890B512FE48804815804815C04815E04815F0A24815F8 -A24815FCA2B712FEAA6C15FCA26C15F8A26C15F0A26C15E06C15C06C15806C15006C5C01 -3F13F8010F13E0010190C7FC27267BAB32>I<007FBA1280BB12C0A26C1980CEFCB0007F -BA1280BB12C0A26C1980CEFCB0007FBA1280BB12C0A26C1980422C7BAE4D>17 -D<92B712E0020F16F0143F91B812E001030180C9FCD90FF8CAFCEB1FE0EB3F80017ECBFC -13F8485A485A485A5B120F48CCFC121E123E123CA2127C1278A212F85AAA7E1278A2127C -123CA2123E121E121F6C7E12077F6C7E6C7E6C7E137E6D7EEB1FE0EB0FF8903803FF8001 -0090B712E0023F16F0140F020016E092CAFCB0001FB912E04818F0A26C18E03C4E78BE4D ->I<007FB612F0B8FC17C06C16F0C9EA1FFCEE01FF706C7EEF1FC0EF07E0EF01F0717E18 -7C84181E181FF00F80180719C01803A219E01801A219F01800AA180119E0A2180319C0A2 -18071980180FF01F00181E183E60604D5AEF07E0EF1FC0EF7F804C48C7FCEE1FFC007FB7 -12F0B812C094C8FC6C15F0CDFCB0007FB91280BA12C0A26C18803C4E78BE4D>I<19E0F0 -03F0180FF03FE0F0FF80943803FE00EF0FF8EF3FE0EFFF80DC03FEC7FCEE0FF8EE3FE0EE -FF80DB03FEC8FCED1FF8ED7FE0913801FF80DA07FEC9FCEC1FF0EC7FC04948CAFCEB07FC -EB1FF0EB7FC04848CBFCEA07FCEA1FF0EA7FC048CCFCA2EA7FC0EA1FF0EA07FCEA01FF38 -007FC0EB1FF0EB07FCEB01FF9038007FC0EC1FF0EC07FC913801FF809138007FE0ED1FF8 -ED07FE923800FF80EE3FE0EE0FF8EE03FE933800FF80EF3FE0EF0FF8EF03FE943800FF80 -F03FE0F00FF01803F000E01900B0007FB912E0BA12F0A26C18E03C4E78BE4D>I<127012 -FCB4FCEA7FC0EA1FF0EA07FCEA01FF38007FC0EB1FF0EB07FCEB01FF9038007FC0EC1FF0 -EC07FC913801FF809138007FE0ED1FF8ED07FE923800FF80EE3FE0EE0FF8EE03FE933800 -FF80EF3FE0EF0FF8EF03FE943800FF80F03FE0F00FF0A2F03FE0F0FF80943803FE00EF0F -F8EF3FE0EFFF80DC03FEC7FCEE0FF8EE3FE0EEFF80DB03FEC8FCED1FF8ED7FE0913801FF -80DA07FEC9FCEC1FF0EC7FC04948CAFCEB07FCEB1FF0EB7FC04848CBFCEA07FCEA1FF0EA -7FC048CCFC12FC1270CDFCB0007FB912E0BA12F0A26C18E03C4E78BE4D>I<D907F81780 -D93FFFEE01C090B512C04814F048804814FE270FF807FF1503261FC00001C0158048C7D8 -3FE01407003EDA0FF8140F486E6CEC1F000078DA01FF5C00706E01C013FE00F092393FF8 -07FC486FB55A04075C705C04005C053F90C7FC0040EE07F8CEFCA4D907F81780D93FFFEE -01C090B512C04814F048804814FE270FF807FF1503261FC00001C0158048C7D83FE01407 -003EDA0FF8140F486E6CEC1F000078DA01FF5C00706E01C013FE00F092393FF807FC486F -B55A04075C705C04005C053F90C7FC0040EE07F8422C7BAF4D>25 -D<1AF0A3861A78A21A7C1A3CA21A3E1A1E1A1F747EA2747E747E87747E747E1B7E87757E -F30FE0F303F8007FBC12FEBE1280A26CF3FE00CEEA03F8F30FE0F31F8051C7FC1B7E6350 -5A505A63505A505AA250C8FC1A1E1A3E1A3CA21A7C1A78A21AF862A359347BB264>33 -D<18034E7E85180385180185727E1978197C8585737E86737E737E007FBA7EBB7E866C85 -CDEA0FC0747EF203F8F200FEF37F80F31FE0F307FC983801FF80A2983807FC00F31FE0F3 -7F8009FEC7FCF203F8F207E0505A007FBBC8FCBB5A626C61CCEA03F04F5A4F5A624FC9FC -193E61197819F84E5A6118036118076172CAFC59387BB464>41 D<02C0130C496C131EB3 -B3AF00C0170C00F0173C00FC17FC00FE1601D83F81ED07F0D80FC1ED0FC0D807E1ED1F80 -D801F9ED7E00D800FD5D017FEC1FF8011F15E0010F5D01075D010392C7FC6D6C133E0100 -143C6E137C027C5B6E485A021E5BEC1F03020F5B9138078780A2DA03CFC8FCA2EC01FEA2 -6E5AA31578A31530A236587DC43D>43 D<031CED01C0033E4B7E033C1501037C82037815 -0003F8824B16780201177C4B163C0203173E4A48824B82020F844ACA6C7E023E717E027E -8491BA7E498549854985D90FC0CBEA1F804948727E017FCCEA07F001FCF101F8D803F8F1 -00FED80FE0F23F80D83FC0F21FE0B4CEEA07F8A2D83FC0F21FE0D80FE0F23F80D803F8F2 -FE00C66CF101F8017FF107F0D91F80F00FC06D6C4E5A6DBBC7FC6D616D616D61027ECAEA -03F0023E606E4D5A6E6C4C5A020795C8FC6F5E6E6C163E0201173C6F167C020017786F16 -F803785E037C1501033C5E033E1503031C6F5A5D387DB464>I<92B6FC020F1580143F91 -B7120001030180C8FCD90FF8C9FCEB1FE0EB3F80017ECAFC13F8485A485A485A5B120F48 -CBFC121E123E123CA2127C1278A212F85AA3B9FC1880A2180000F0CBFCA37E1278A2127C -123CA2123E121E121F6C7E12077F6C7E6C7E6C7E137E6D7EEB1FE0EB0FF8903803FF8001 -0090B6FC023F1580140F02001500313A78B542>50 D<1706170F171F171E173E173C177C -177817F817F0160117E0160317C016071780160F17005E161E163E163C167C167816F85E -15015E15035E15075E150F93C7FC5D151E153E153C157C157815F85D14015D14035DA214 -075D140F92C8FC5C141E143E143C147C147814F85C13015C13035C13075C130F91C9FC5B -131E133E133C137C137813F85B12015B12035B12075B120F90CAFC5A121E123E123C127C -127812F85A1260305C72C600>54 D<126012F0B012FC12FEA212FC12F0B0126007267BAB -00>I<0060171800F0173CA26C177C00781778A2007C17F8003C17F0003E1601001E17E0 -A2001F16036C17C0A26D1507000717806D150F00031700A26D5D0001161EA26D153E0000 -163C90B712FC6D5DA3013CC85AA2013E1401011E5D011F14036D5DA26E130701075DA26E -130F010392C7FC6E5B0101141EA26E133E0100143CA26E137C02781378027C13F8023C5B -A2EC3E01021E5BA2EC1F03020F5B158702075BA215CF020390C8FCA215FF6E5AA26E5AA3 -1578A21530364780C437>I<007FB712E0B812F0A27ECAFCB3AA001FB7FC5A5A7ECAFCB3 -AB007FB7FCB8FCA26C16E02C457BC437>I<007FB812FCB912FEA27ECB121EB3A4180C37 -1B7BA342>I<4B7E4B7EA215075EA2ECFF87010313EF90260F80FFC7FC90383E003F497F -498048488048488049133F0007EC3DF049133C000FEC7CF8157848C7137CA248ECF87E15 -F0A2140148ECE07F007E81A2140315C0A200FE010714801580A3140F1500A25C141EA314 -3E143CA3147C1478A214F85CA31301007E491400A213035C007F5DA2D83F07147E5CA213 -0F001F90C7127C018F14FC000F5D139F01DE130100075DD803FE495A5B00014A5A00004A -5A017C49C7FC017E133E90387F80F89038FBFFE001F0138091C9FCA212015BA26C5A2955 -7CCC32>I<16C04B7EB3B3B3A7007FBA1280BB12C0A26C198042427BC14D>63 -D<190E193E197EF001FE1803A21807A2180FA2181FA2183F183B187B187318F318E31701 -18C31703188317071803170F171EA2173CA21778177017F0EE01E0A2EE03C0A2DC07807F -EE0F00A2161EA24C7F5EA25E15015E4B5A15074C81DB0F1FB6FCED1F7F4BB7FCA25D92B8 -FC03F0C8FC0201834A5A4A5A5D0030130F007049C96C7E143E00F8137E6C5B6C48488326 -FF87F0043F133801FFF0F8F04AEFFFE04A18C04A70138091CAEBFE006C48EF0FF86C48EF -07C06C4894C8FCEA07E04D4D7DC750>65 D<DA01C0EB01FE020791381FFF80DA1F8090B5 -12E0027F010314F0D901FF010F14F80107023F14FC49EC7E01499139F8007FFE013CD983 -E0131F01204948130F0100494813074BC7FC033E1403037E15FC495B5D19F85D4BEC07F0 -19E04B15C049EE0F804BEC1F00187E92C812F8EF03F04948EC1FC0EF7F80DC03FEC7FC4A -EB1FF893B5FC90260FF80314C04B14F04B804A4880DB00077F011F02007F053F13804A14 -0F7113C0834948807113E0A2187F495AA2183F91C9FCA24917C0A25B00011880A249EE7F -00187E485A604D5A2607F0305DD9F1F04A5A48486C4A5AD9EFFEEC1F80496C6C017EC7FC -001F9138F003FC019F90B512F0D83F8F15C0010792C8FCD87E0114F82678007F13C000E0 -D90FFCC9FC3F487DC541>I<EE01FE93381FFF8093B512C0030714E0151F157F913801FE -01913903F0007FDA07C0133F021FC713C0143E5C4A1580495A4948EC7F001307495A4948 -14FEA249C7485A495D137E494A5AEE07C0000193C7FC484891C8FCA2485AA3485AA2121F -A25B123FA4485AA512FFA77FA3171E6D5D007F16FC4C5A6D4A5A6D5D003F4B5A6D4A5A6D -4AC7FC6C6C143E6C01C013F89138F803F06C90B55A6C15806C4AC8FC6C14F8013F13C0D9 -07FCC9FC33487FC534>I<031FB512C00203B7FC021F16E091B812F8010317FE010F717E -90283FE07FC03F80D97E00020080D801F84A011F7FD803E004077F484804017F000FEF00 -7F4848717E003F02FF151F737E48C782007E92C8FC4872138012F0008084C8FC4A5A85A4 -4A5AA21B00A34A5AA24F5A5D62140FA24B4B5A141F4F5A4B5EA2023F4C5A4F5A5D027F4C -C7FC197E92C9127C6102FE4B5A4E5A4E5A49484B5A063EC8FC01035E4A4A5AEF07E04948 -EC1FC005FFC9FCEE07FC4948EBFFF091B61280017F4ACAFC90B612F04815804802F8CBFC -4891CCFC49447EC34D>I<0403B712F8043F16FE4BB9FC1507151F157FDBFC0090C7EA07 -FE912703F001FEEC01F8DA07C017F0DA0F801780021F94C7FCEC3F004A495A147E14FE5C -49485C4A1307495A91C7FC90C85B160FA25FA2161F5FA2163F5FA2167F94B612C0A293B7 -FC624FC7FC4B5D04FCC712704B4891C8FCA34B5AA24B5AA25E151F5E153FA24BCBFCA215 -FEA25D14015D486C485AEA07C0001F495A383FE00FD87FF05B39FFFC1F80D87FFF90CCFC -14FE6C5B6C13F06C5B00031380D800FCCDFC50477EC348>70 D<EF07F8EF7FFE4CB5FC04 -0714805E043F14C0EE7C0F923801F8034B487EED07E0030F7F4B5A4B5AA24BC713804B15 -004B14FC020115F04B14C0020392C7FC5D1407A24A5AA2141F5DA2143F5DA2147F5DA214 -FFA292CAFC5BA35C1303A35C1307A25CA2130F5CA2495AA349481608197C494816F891C9 -1203180790B56CEC0FF04814F803FFEC1FE04803F014C004FE1480489239FFE03F00D80F -E0EDFFFC261FC00F5D263F800115E0007EC7001F5C007C020391C7FC00F09138003FF03E -487DC545>76 D<DC03801960040F1AE04C7E043F1901047FF103C01E071E0F1E1F83F63F -8004FF197F1EFF65715F651F004B6104EF60DCCFF85F1D7E1DFD0303F1F9FE0487EF01F1 -711603F407E10307F00FC10407EF1F83706CEE3F031C7E030F62030E18FC706CED01F8F3 -03F0031CEF07E098380FC007706DEC1F804BEF3F00661B7E4B6D6C5C505A505A4B6E4948 -130F053F4A5A02014D5A4B163F716C49C7FC4A4804FE5D6272485A4AC7000F495A72485A -4A4C48141F020E0207495A7248C8FC4A0203137EF0FFFE023C5E02386E5B02785E02706E -5B02F05E0010496F5AD8380194C9FC267C03C0153ED87F87041CEFF830B548031018F095 -CAEBFFE091CE14C0491D809A380FFE00491CF86C48F307C06C4898C8FCEA07E06C4B7DC5 -78>I<F50FE01DFF1C031C0F64645213C0161E043E94B5128004FEF0C0004B6CDC01FCC7 -FC1CF01CC0515A4B7FA251C8FC83A21B0E8316BF03075FA2EE9FF0041F163C1B3883ED0F -0F63030E7F16071BF0031E6D5D1603151C711401705E153C033880704B5AA20378800370 -017F14077291C9FCA203F0133F4B6E5B051F140EA24A4880050F141E1A1C4A4880170772 -133C4AC71538170384020E6E1478F18070A24A6E13C01AF0726C5A5CF03FF0027816F102 -7092381FF9C0001801F016FD001C49150FD83E0117FF267FC3C08101FF705B5CB58291C9 -91CAFC725A6C4817786C4894CBFC6C5AEA03F0635283CC52>I<DB01C0EB3FC0923A0780 -01FFF892261F000F13FE033E013F7F03FC90B61280912601F00115C0912803E007E03F13 -E0913A0F800F800791281F001F000113F0023E013E6D13F84A49147F4A49143F902601F0 -0116FC49484848141F49484848140F130F4948484815FE90263F001F15075E017E133F49 -91C8FC4B15034848137E00035C495B0007495A15804848CAFC1AFC121F5BA2123FF107F8 -A2485AA21AF0190FA200FF19E0A2F11FC0A21A80193F1A006D177EA2614E5A7F007F4D5A -4E5A6D5F4E5A6C6C4CC7FC6D163E606C6C5E6D4B5A6C6DEC07C06C01E04A5A6E023FC8FC -6C01FC14FC6C9039FFC00FF86C91B512E06D1580011F02FCC9FC6D14F0010391CAFC9038 -003FF047487AC54F>I<031FB512F00203B77E021F16F091B812FC010317FF010F188090 -283FE07FC00F14C0D97E00DA007F13E0D801F84A010F13F0D803E016034848040013F800 -0F187F4848EF3FFC003F02FF151FA248C790C8120F127E48180712F0008019F8C75A5DA2 -1AF0190F1AE04A5A1AC0F11F80A24BED3F000207167E197C614E5A4A484A5A4E5A061FC7 -FC4B143E18FC021FEC07F0EF7FE09239C07FFF8091273FC1FFFCC8FC03C313F0038F1380 -DB9FFCC9FC027F13800380CAFC92CBFC5CA25CA2495AA3495AA213075CA2130F5CA2495A -A3495A91CCFC137E137C136046497EC345>I<031FB512FC0203B712E0021F16FC91B9FC -010318C0010F8490283FE07FC00380D97E00DA001F7FD801F84A1303D803E004007F4848 -173F000F181F4848170F003F14FF190748C790C8FC007E615A12F0008061C75A4B4B5AA2 -62191F624A484BC7FC193E61614E5A4A48EC07E0F00F80063FC8FCEF03FC4B48B45A020F -010F13E04C90C9FC4B485A4C7E021F90B5FC041F7FDBC0077F023F7F707F158082027F6E -7E92C7FC717E5C4A81171F13014A6E7E1B0349486E6C141F1B3E73137C49486E6D13F8F2 -01F049486E9038E003E09638F007C0719038FC1F80494892397FFFFE006249486F13F091 -C96C13C0013C7048C7FC0170EE03F050467EC354>82 D<EF7FF0933807FFFE043FEBFF80 -93B612E0030315F0030F15F892381F800F92267E000113FC03F8EB007F4A48141F020315 -0F4A5A020FED07F85D021F16F0023F16E019C0F00F00027F150895C7FC81A281A2816E7E -816E6C7E16E06E13F86E13FE6EEBFFC06E14F06E6C13FC031F7F03076D7E030180DB003F -7F040F7F04037F82706C7E173F010E6F7E017C150F5BD803F01507485A48481503121F48 -485EA2127F60A200FF4C5A7F604D5A6D5E6D4BC7FC6C6C153E6D5D01FFEC01F06C01C0EB -07E06C01FCEB7FC06C90B6C8FC6C15FC6C15E0C61580013F01FCC9FC010313803E487EC5 -3C>I<1B3C1B7CF201F8020FB912F091BA12E001031980010FF0FE004918F8017F188001 -F8C7D807F0C9FCD803F0140F4848141F120F48485D003F153FA2127F5F4848147F90C8FC -5A00F85E00E015FFC9FCA294CAFC5DA35E1503A35E1507A35E150FA35E151FA35E153FA3 -5E157FA35E15FFA293CBFCA25CA25D1403A25DA24A5AA34A5AA24A5AA25D143F5D027ECC -FC147814604E4E7CC636>I<D907F81678D93FFF16FE4901C04A7E48B56C1680486E5CD8 -07C36D16C0390F807FFC9038001FFEC7000F9238003FE06E6C150F6E16076E6D1403A26E -6D1401A2157F7015C0153FA219036F6C1580A3F107006F7E61190E191E0307151CA261A2 -70147861A24E5A03035D18034E5AA24EC7FC181EA2606018F8604D5A17034D5A4D5A95C8 -FC5F173E5F5FEEFDF016FF5F5F5F94C9FC5E5E00204A5A00705D4B5A00F04A5A6CEC7F80 -4BCAFC6C495A6CEB07F839FF801FF09038E07FE06CB55A92CBFC6C5B5C6C13F06C13C000 -0390CCFCEA00FC43527DC343>89 D<0060170C00F0171EB3B3A76C173E0078173CA2007C -177C6C17F8001E17F0001F16016C6CED03E0D807E0ED0FC06C6CED1F80D801FEEDFF006C -6C6CEB03FED93FFCEB7FF86DB65A0103158001004AC7FC020713C0373D7BBA42>91 -D<913807FFC091B512FE01036E7E011F15F0903A3FFC007FF8D9FF80EB03FE4848C87ED8 -03F0ED1F804848ED0FC0D80F80ED03E048C9EA01F0001E1600003E17F848177C0078173C -A200F8173E48171EB3B3A70060170C373D7BBA42>I<1538157CA315FEA24A7E15EF0203 -7F15C702077F1583A2020F7F1501021F7FEC1E00023E7F023C1378027C137C0278133CA2 -02F8133E4A131E0101141F4A7F0103814A13070107814A1303A2010F8191C71201498101 -1E1400013E81013C1578017C157C0178153C01F8153E49151EA20001161F498100031780 -491507000717C0491503000F17E090C91201A24817F0001E1600003E17F8003C1778007C -177C0078173C00F8173E48171EA20060170C373D7BBA42>94 D<0060170C00F0171EA26C -173E0078173C007C177C003C1778003E17F8001E17F0001F16016C17E0A26D1503000717 -C06D1507000317806D150F000117006D5D0000161EA26D153E0178153C017C157C013C15 -78013E15F8011E5D011F14016D5D6E130301075DA26E130701035D6E130F010192C7FC6E -5B0100141E6E133E0278133CA2027C137C023C1378023E13F8021E5BEC1F01020F5B1583 -02075BA215C702035B15EF020190C8FC15FF6E5AA2157CA31538373D7BBA42>I<126012 -F0B3ADB9128018C0A300F0CBFCB3AE126032457BC43D>I<ED0FE015FF913803FC00EC0F -E0EC3FC04A5A4AC7FC5C495AA2495AB3AD495AA2495A131F495A495A01FEC8FCEA07F8EA -FFE0A2EA07F8EA00FEEB7F806D7E6D7E130F6D7EA26D7EB3AD6D7EA26D7E806E7E6E7EEC -0FE0EC03FC913800FFE0150F236479CA32>102 D<12FEEAFFE0EA07F8EA00FEEB7F806D -7E6D7E130F6D7EA26D7EB3AD6D7EA26D7E806E7E6E7EEC0FE0EC03FC913800FFE0A29138 -03FC00EC0FE0EC3FC04A5A4AC7FC5C495AA2495AB3AD495AA2495A131F495A495A01FEC8 -FCEA07F8EAFFE048C9FC236479CA32>I<140C141EA2143E143C147C1478A214F814F013 -0114E0A2130314C013071480A2130F14005B131EA2133E133C137C1378A213F85BA21201 -5B12035BA212075B120F90C7FCA25A121E123E123CA2127C127812F85AA27E1278127C12 -3CA2123E121E121F7EA27F12077F1203A27F12017F1200A27F1378A2137C133C133E131E -A2131F7F14801307A214C0130314E01301A214F0130014F81478A2147C143C143E141EA2 -140C176476CA27>I<126012F0A27E1278127C123CA2123E121E121F7EA27F12077F1203 -A27F12017F1200A27F1378137C133CA2133E131EA2131F7F14801307A214C0130314E013 -01A214F0130014F81478A2147C143C143E141EA2143E143C147C1478A214F814F0130114 -E0A2130314C013071480A2130F14005B131EA2133E133CA2137C137813F85BA212015B12 -035BA212075B120F90C7FCA25A121E123E123CA2127C127812F85AA2126017647BCA27> -I<126012F0B3B3B3B3B3A81260046474CA1C>I<126012F0A27E1278A2127C123C123E12 -1EA2121F7EA27F1207A27F12037F1201A27F1200A27F1378A2137C133C133E131EA2131F -7FA2801307A2801303801301A2801300A2801478A2147C143C143E141EA2141F80A28114 -07811403A2811401A2811400A2811578157C153CA2153E151EA2151F81A21680150716C0 -1503A216E01501A216F01500A216F81678167C163CA2163E161EA2160C27647BCA32> -110 D<0060173000F01778B3B3B2B912F8A36C17F0353B7ABA42>116 -D<003FB912F84818FCA219F80078CCFCB3B3AE007FB912F819FCA26C18F8CDFCB0007FB9 -12F8BA12FCA26C18F83E4E78BE4D>118 D<007FB912F0BA12F8A27ECC1278B3B3AE007F -B912F8BAFCA26C18F0CDFCB0007FB912F8BA12FCA26C18F83E4E7ABE4D>I -E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fu cmr12 12 91 -/Fu 91 128 df<B91280A300019038C000036C6C489038003FC0171F17071703A21701A2 -EF00E0A31860A418701830A31800B3B3A58048487EB612F8A334447CC33D>0 -D<027FB67EA39126001FFEC9FC6F5A6F5AA8B46CEFFF8001E01603D81FF0933807FC006C -6C4C5A0007606D161F000360A26D163F000160AC6C6C5F187FA4D97F804BC7FCA2013F5E -02C01401131F02E04A5A010F5ED907F01407D903F85DD901FC4A5AD900FE4A5A027F027F -C8FCDA1FC713FE0207B512F8020114C09126001FFCC9FCED07F8A84B7E4B7E027FB67EA3 -41447BC34C>9 D<9239FFC001FC020F9038F80FFF913B3F803E3F03C0913BFC00077E07 -E0D903F890390FFC0FF0494890383FF81F4948EB7FF0495A494814E049C7FCF00FE04991 -393FC0038049021F90C7FCAFB912F0A3C648C7D81FC0C7FCB3B2486CEC3FF0007FD9FC0F -B512E0A33C467EC539>11 D<4AB4FC020F13E091387F80F8903901FC001C49487FD907E0 -130F4948137F011FECFF80495A49C7FCA25B49EC7F00163E93C7FCACEE3F80B8FCA3C648 -C7FC167F163FB3B0486CEC7FC0007FD9FC1FB5FCA330467EC536>I<913801FFC0020FEB -FB8091387F803F903801FC00494813FFEB07E0EB1FC0A2495A49C7FC167F49143F5BAFB8 -FCA3C648C7123FB3B2486CEC7FC0007FD9FC1FB5FCA330467EC536>I<DBFF80EB3FE002 -0F9039F001FFFC913B3F807C0FF01F913CFC000E3F800380D903F86D48486C7E4948D90F -FC804948D93FF8130F4948017F4A7E49485C49C75BA25B494B6D5A041F6E5A96C8FCACF1 -07F0BBFCA3C648C7391FC0001F190F1907B3B0486C4A6C497E007FD9FC0FB50083B512E0 -A34B467EC551>I<131F1480133F137FA2EBFF00485A485A5B485A485A138048C7FC123E -123C5A12E0124011126CC431>19 D<1606A25E161C1618163816305EEC7F80903903FFF0 -C090380FC0FC90393E001F8049130F01F0EB03C04848497E0003814848EB0CF84848147C -1518001F157E48C7487E157015604802E01380007EECC01FEC0180A200FED9030013C0A2 -1406140E140C141C14185CA25C007E16805CD87F01143F003F4914001303001F90C7123E -0186147E000F157C01CC14FC00075DD803F8495A00014A5A00004A5A017E011FC7FC9038 -7F807E9038C7FFF89038C07F804848C9FCA248CAFC5A1206120E120C5AA22A3F7DB431> -28 D<121EEA7F80EAFFC0A9EA7F80ACEA3F00AB121EAC120CA5C7FCAA121EEA7F80A2EA -FFC0A4EA7F80A2EA1E000A4778C61B>33 D<001EEB03C0397F800FF000FF131F01C013F8 -A201E013FCA3007F130F391E6003CC0000EB000CA401E0131C491318A300011438491330 -0003147090C712604814E0000614C0000E130148EB038048EB070048130E0060130C1E1D -7DC431>I<EC03F0EC0FF8EC3E1EEC7C0E4A7E49487E130302E07F01071301A3EB0FC0A4 -150393CAFC14E05D1506150E5D1518010713386E5A156015E0ECF1C0DAFB800107B512C0 -6DB4C7FC5C4A9139007FFC000101EE1FE019806E6FC7FC0100160E497E495E496C6C1418 -010E1638496C6C1430011816709026381FE05C01705E496C6C1301D801C06D5C00030107 -1403D807806D91C8FC000F6D6C5B001F0101140E003F6E130C90C7EB801C48027F5BEEC0 -304891383FE070031F5B705AED0FF9923807FB806D6DB4C812C05E6F7E007F6E6D13016D -6E6C14804C6C13036C6C496D1400001F912603CFF85B6C6C90260F07FC130E6C6C90263E -01FE133C3D03FE01F800FF80F8C6B54890383FFFF0013F0180010713C0D907FCC890C7FC -42497CC64C>38 D<121EEA7F8012FF13C0A213E0A3127FEA1E601200A413E013C0A31201 -1380120313005A1206120E5A5A5A12600B1D78C41B>I<140C141C1438147014E0EB01C0 -1303EB0780EB0F00A2131E5BA25B13F85B12015B1203A2485AA3485AA348C7FCA35AA212 -3EA2127EA4127CA312FCB3A2127CA3127EA4123EA2123FA27EA36C7EA36C7EA36C7EA212 -017F12007F13787FA27F7FA2EB0780EB03C01301EB00E014701438141C140C166476CA26 ->I<12C07E12707E7E7E120F6C7E6C7EA26C7E6C7EA21378137C133C133E131E131FA2EB -0F80A3EB07C0A3EB03E0A314F0A21301A214F8A41300A314FCB3A214F8A31301A414F0A2 -1303A214E0A3EB07C0A3EB0F80A3EB1F00A2131E133E133C137C13785BA2485A485AA248 -5A48C7FC120E5A5A5A5A5A16647BCA26>I<14F0A2805CA70078EC01E000FCEC03F0B414 -0FD87F80EB1FE0D83FC0EB3FC03A0FF060FF003903F861FC3900FC63F090383F6FC0D90F -FFC7FCEB03FCEB00F0EB03FCEB0FFF90383F6FC09038FC63F03903F861FC390FF060FF3A -3FC0F03FC0D87F80EB1FE0D8FF00EB0FF000FC14030078EC01E0C790C7FCA7805CA2242B -7ACA31>I<16C04B7EB3AB007FBAFCBB1280A26C1900C8D801E0C9FCB3AB6F5A41407BB8 -4C>I<121EEA7F8012FF13C0A213E0A3127FEA1E601200A413E013C0A312011380120313 -005A1206120E5A5A5A12600B1D78891B>I<B612C0A61A067F9721>I<121EEA7F80A2EAFF -C0A4EA7F80A2EA1E000A0A78891B>I<1618163CA2167C1678A216F816F0A2150116E015 -0316C0A215071680A2150F1600A25D151EA2153E153CA2157C157815F85DA214015DA214 -035DA214075DA2140F92C7FC5C141EA2143E143CA2147C1478A214F85CA213015CA21303 -5C13075CA2130F91C8FCA25B131EA2133E133CA2137C137813F85BA212015BA212035BA2 -12075BA2120F90C9FCA25A121E123E123CA2127C1278A212F85AA2126026647BCA31>I< -14FF010713E090381F81F890383E007C01FC133F4848EB1F8049130F4848EB07C04848EB -03E0A2000F15F0491301001F15F8A2003F15FCA390C8FC4815FEA54815FFB3A46C15FEA5 -6D1301003F15FCA3001F15F8A26C6CEB03F0A36C6CEB07E0000315C06D130F6C6CEB1F80 -6C6CEB3F00013E137C90381F81F8903807FFE0010090C7FC28447CC131>I<143014F013 -011303131F13FFB5FC13E713071200B3B3B0497E497E007FB6FCA3204278C131>I<EB03 -FE90381FFFC0017F13F03901F80FFC3903C001FE48486C7E000EC7EA7F8048EC3FC0ED1F -E04815F00030140F007015F800601407126CB415FC7F7F1503A46C4813076CC7FCC8FC16 -F8A2150F16F0151F16E0A2ED3FC0ED7F8016005D5D4A5A4A5A4A5A5D4A5A4A5A4AC7FC14 -7C5C5C495A495A495A49C7120C131E5B013814185B5B485A4848143848C81230000E1570 -001FB612F0A25A5AB712E0A326427BC131>I<49B4FC010F13E0013F13FC9038FE01FE3A -01F0007F80D803C0EB3FC048C7EA1FE0120EED0FF0EA0FE0486C14F8A215077F5BA26C48 -130FEA03C0C813F0A3ED1FE0A2ED3FC01680ED7F0015FE4A5AEC03F0EC1FC0D90FFFC7FC -15F090380001FCEC007FED3F80ED1FC0ED0FE016F0ED07F816FC150316FEA2150116FFA3 -121EEA7F80487EA416FE491303A2007EC713FC00701407003015F80038140F6C15F06CEC -1FE06C6CEB3FC0D803E0EB7F803A01FE01FE0039007FFFF8010F13E0010190C7FC28447C -C131>I<ED0380A21507150FA2151F153FA2157F15FFA25CEC03BF153F14071406140C14 -1C141814301470146014C013011480EB03005B13065B131C13185B1370136013E0485A5B -120390C7FC1206120E120C5A123812305A12E0B812C0A3C8383F8000ADEDFFE0027FEBFF -C0A32A437DC231>I<000615C0D807C0130701FCEB7F8090B612005D5D5D15E015802606 -3FFCC7FC90C9FCAE14FF010713C090381F01F090383800FC01F0137ED807C07F49EB1F80 -16C090C7120F000615E0C8EA07F0A316F81503A216FCA5123E127F487EA416F890C71207 -5A006015F0A20070140F003015E00038EC1FC07E001EEC3F806CEC7F006C6C13FE6C6C48 -5A3901F807F039007FFFE0011F90C7FCEB07F826447BC131>I<EC07FCEC3FFF91B512C0 -903903FC03E0903907E000F0D91FC0133849C71258017EEB01FC01FE1303491307485A48 -5AA24848EB03F8000FEC01F092C7FC485AA3485AA3127FA29038007F80903801FFF09038 -0780FC39FF0E003E49EB1F8049EB0FC049EB07E0136001E0EB03F04914F8150116FC5BED -00FEA390C812FFA47EA57F123FA216FE121F15016D14FC120FED03F86C7EED07F06C6C14 -E06C6CEB0FC06C6CEB1F80017EEB3F0090383F80FE90380FFFF8010313E0010013802844 -7CC131>I<121CA2EA1F8090B712C0A3481680A217005E0038C8120C0030151C00705D00 -60153016705E5E4814014B5A4BC7FCC81206150E5D151815385D156015E04A5AA24A5A14 -0792C8FC5CA25C141E143EA2147E147CA214FCA21301A3495AA41307A6130FAA6D5AEB01 -C02A457BC231>I<14FF010713E0011F13F890387F00FE01FC133FD801F0EB1F804848EB -0FC049EB07E00007EC03F048481301A290C713F8481400A47FA26D130116F07F6C6CEB03 -E013FC6C6CEB07C09039FF800F806C9038C01F006CEBF03EECF87839007FFEF090383FFF -C07F01077F6D13F8497F90381E7FFFD97C1F1380496C13C02601E00313E048486C13F000 -079038007FF84848EB3FFC48C7120F003EEC07FE150148140016FF167F48153FA2161FA5 -6C151E007C153EA2007E153C003E157C6C15F86DEB01F06C6CEB03E06C6CEB07C0D803F8 -EB1F80C6B4EBFF0090383FFFFC010F13F00101138028447CC131>I<14FF010713E0011F -13F890387F80FC9038FC007E48487F4848EB1F804848EB0FC0000FEC07E0485AED03F048 -5A16F8007F140190C713FCA25AA216FE1500A516FFA46C5CA36C7E5D121F7F000F5C6C6C -1306150E6C6C5B6C6C5BD8007C5B90383F01E090390FFF80FE903801FE0090C8FC150116 -FCA4ED03F8A216F0D80F801307486C14E0486C130F16C0ED1F80A249EB3F0049137E001E -C75A001C495A000F495A3907E01FE06CB51280C649C7FCEB1FF028447CC131>I<121EEA -7F80A2EAFFC0A4EA7F80A2EA1E00C7FCB3A5121EEA7F80A2EAFFC0A4EA7F80A2EA1E000A -2B78AA1B>I<121EEA7F80A2EAFFC0A4EA7F80A2EA1E00C7FCB3A5121E127FEAFF80A213 -C0A4127F121E1200A512011380A3120313005A1206120E120C121C5A5A12600A3E78AA1B ->I<007FBAFCBB1280A26C1900CEFCB0007FBAFCBB1280A26C190041187BA44C>61 -D<EB0FFC90387FFFC03901F007F039078001FC000EC77E48147F48EC3F804815C0006014 -1F00FE15E07E7FA56CC7FC001CEC3FC0C8FCED7F80A2EDFF004A5AEC03F84A5A5D4A5A4A -5A92C7FC143E143C5CA2147014F05CA25C1301A35CA990C9FCAAEB03C0EB0FF0A2497EA4 -6D5AA2EB03C023467BC52E>63 D<16C04B7EA34B7EA34B7EA34B7EA3ED19FEA3ED30FFA2 -03707FED607FA203E07FEDC03FA2020180ED801FA2DA03007F160FA20206801607A24A6D -7EA34A6D7EA34A6D7EA20270810260147FA202E08191B7FCA249820280C7121FA249C87F -170FA20106821707A2496F7EA3496F7EA3496F7EA201788313F8486C83D80FFF03037FB5 -00E0027FEBFFC0A342477DC649>65 D<B8FC17E017FC00019039C00003FF6C6C4801007F -EF3FC0717E717E717E84170384170184A760A21703601707604D5A4D5AEF7FC04DC7FCEE -03FEEE3FF091B65A17FC0280C7B47EEF1FC0EF0FF0717E717E717E717E1980187F19C0A2 -183F19E0A8F07FC0A2198018FF4D1300A24D5AEF0FFC4D5AEF7FE048486C903803FFC0B9 -C7FC17FC17C03B447CC345>I<DB0FFE146092B500C013E0020314F0913A0FFC01FC0191 -393FC0003E02FFC7EA0F83D903FCEC03C74948EC01E74948EC00FF4948157F4948153F49 -48151F49C9120F485A491607120348481603A248481601A248481600A2123FA249176012 -7FA31900485AAE6C7EA21960A2123F7FA2001F18E07F000F18C0A26C6C160119806C6C16 -0312016DEE07006C6C16066D6C150E6D6C5D6D6C5D6D6C15786D6C5D6D6C4A5AD900FFEC -0780DA3FC0011FC7FCDA0FFC13FC0203B512F0020014C0DB0FFEC8FC3B487BC546>I<B8 -FC17F017FC00019039C00007FF6C499038007FC0017FED1FE0EF07F0EF03FC717E717E84 -727E727E727EA2727E85180385A2180185A38584A31A80AD1A00A36061A3611803611807 -61180F614E5A183F614EC7FC18FEEF03FC4D5AEF1FE001FFED7FC0486DD907FFC8FCB812 -FC17F094C9FC41447CC34B>I<B912F8A3000101C0C7127F6C6C48EC07FC17011700187C -183C181CA284A31806A4180704067FA395C7FCA4160EA2161E163E16FE91B5FCA3EC8000 -163E161E160EA21606A319C0A3F0018093C7FCA41803A21900A260A260A2181EA2183E18 -7EEF01FE170748486C147FB95AA33A447CC342>I<B912F0A3000101C0C7127F6C6C48EC -0FF817031701170018781838A2181CA3180CA4180E1806160CA21800A5161CA2163C167C -ED01FC91B5FCA3EC8001ED007C163C161CA2160CA793C8FCB08048487EB612F8A337447C -C340>I<DB0FFE146092B500C013E0020314F0913A0FFC01FC0191393FC0003E02FFC7EA -0F83D903FCEC03C74948EC01E74948EC00FF4948157F4948153F4948151F49C9120F485A -491607120348481603A248481601A248481600A2123FA2491760127FA396C7FC485AAD4C -B612C06C7EA293C7387FF000725A003F171F7FA2121F7F120FA26C7EA26C7E6C7EA26C7E -6D7E6D6C153F6D7E6D6C157F6D6C15E7D903FEEC01C7D900FFEC0383DA3FE0EB0F01DA0F -FCEBFE000203B500F81360020002E090C7FCDB0FFEC9FC42487BC54D>I<B6D8C003B6FC -A3000101E0C70007138026007F80913801FE00B3A991B7FCA30280C71201B3AC2601FFE0 -913807FF80B6D8C003B6FCA340447CC349>I<B612F0A3C6EBF0006D5A6D5AB3B3B3A449 -7E497EB612F0A31C447DC323>I<010FB512FEA3D9000313806E130080B3B3AB123F487E -487EA44A5A13801300006C495A00705C6C13076C5C6C495A6CEB1F802603E07FC7FC3800 -FFFCEB1FE027467BC332>I<B600C049B512C0A3000101E0C8387FFC006C49ED3FE06D48 -1680063EC7FC183C183860604D5A4D5A4DC8FC171E17385F5F4C5A4C5A4CC9FC160E5E5E -5E5E4B5A4B7E4B7E150F4B7E4B7E1577EDE3FE913881C1FFEC8381DA87007F028E6D7E14 -9C02B86D7E02F06D7E14C04A6D7E707EA2707E707EA2707F717EA2717E717EA2717E717E -A2717E717EA2717F8585496C82486D4A13FCB600C0011FEBFFE0A343447CC34C>I<B612 -F8A3000101E0C9FC6C6C5A5CB3B31830A418701860A518E0A3EF01C0A217031707A2170F -173F177FEE01FF48486C011F1380B9FCA334447CC33D>I<B56C933807FFFC6E5EA20001 -F1FE0026006FE0EE1BF8A3D967F01633A2D963F81663A3D961FC16C3A3D960FEED0183A2 -027FED0303A36E6C1406A36E6C140CA26E6C1418A36E6C1430A36E6C1460A26E6C14C0A3 -6E6CEB0180A3037FEB0300A292383F8006A36F6C5AA36F6C5AA26F6C5AA36F6C5AA36F6C -5AA26FB45AA370C7FC13F0A2486C143ED80FFFEF0FFEB500F0011C0107B512FCA34E447B -C359>I<B56C020FB5FC8080C6040013F06D6CED1F80D96FF8ED0F00A2D967FC1506EB63 -FEA2EB61FF01607FA26E7E6E7EA26E7E6E7EA26E7E6E7EA26E7E6E7FA26F7E6F7EA26F7E -6F7EA26F7E6F7EA26F7E6F1380A2EE7FC0EE3FE0A2EE1FF0EE0FF8A2EE07FCEE03FEA2EE -01FF701386A2EF7FC6EF3FE6A2EF1FF6EF0FFEA217071703A217011700A201F0167E183E -487ED80FFF161EB500F0150EA2180640447CC349>I<ED1FFC4AB512C0913907F007F091 -391F8000FC027EC7123FD901F8EC0FC049486E7E49486E7E49486E7E49486E7E49C9127E -017E8201FE834848707E4848707EA24848707EA2000F84491603001F84A24848707EA300 -7F84A24982A300FF1980AD6C6C4C1300A4003F606D1603A2001F60A26C6C4C5AA26C6C4C -5AA20003606D161F6C6C4C5A000060017F4CC7FC6E5D013F5E6D6C4A5AD907E0EC03F06D -6C4A5AD901FCEC1FC0D9007E4AC8FCDA1F8013FC913907F007F00201B512C09126001FFC -C9FC41487BC54C>I<B712FCEEFFC017F800019039C0000FFC6C6C48EB01FF9338007F80 -EF1FE0170FEF07F018F8EF03FCA218FE1701A218FFA718FEA2170318FCA2EF07F818F0EF -0FE0EF1FC0EF7F80933801FE00EE0FFC91B612F017800280C9FCB3AA3801FFE0B612C0A3 -38447CC342>I<B712E016FF17C000019039C0003FF86C6C48EB03FCEE00FF717E717E71 -7E717E717EA284170384A760A21707604D5AA24D5A4D5A4DC8FCEE01FEEE07F8EE3FE091 -B6C9FC16FC913980007F80EE0FE0707EEE03FC707E160083717EA2717EA784A71A608417 -1FA21AE0716C13C02601FFE002071301B600C01680943801FC03943900FE0700CBEA3FFE -F007F843467CC348>82 D<49B41303010FEBE007013F13F89039FE00FE0FD801F8131FD8 -07E0EB079F49EB03DF48486DB4FC48C8FC4881003E81127E82127C00FC81A282A37E82A2 -7EA26C6C91C7FC7F7FEA3FF813FE381FFFE06C13FE6CEBFFE06C14FC6C14FF6C15C0013F -14F0010F80010180D9001F7F14019138001FFF03031380816F13C0167F163F161F17E000 -C0150FA31607A37EA36C16C0160F7E17806C151F6C16006C5D6D147ED8FBC05CD8F9F049 -5AD8F07C495A90393FC00FE0D8E00FB51280010149C7FC39C0003FF02B487BC536>I<00 -3FB912F8A3903BF0001FF8001F01806D481303003EC7150048187C0078183CA20070181C -A30060180CA5481806A5C81600B3B3A54B7EED7FFE49B77EA33F447DC346>I<B600C001 -0FB5FCA3000101E0C813F026007F80ED1F80F00F00A21806B3B3A7180E6D6C150CA2181C -131F6E1518010F163818306D6C1570606D6C14016D6C5D6D6CEC0780027F4AC7FC6E6C13 -1EDA1FE0137C913907FC03F00201B55A6E6C1380DB07FCC8FC40467CC349>I<B692383F -FFF0A3000301E003071300C649ED01FC4A5E017F705A6E5E133F616E1501011F5FA26D6C -4BC7FCA28001071606A26E150E0103160CA26D6C5DA2806D5EA26F1470027F156081023F -5DA281021F4A5AA26F1303020F92C8FC8102071406A26F130E0203140CA26E6C5BA2816E -5CA2EE8070037F1360A26F6C5AA216E092381FE180A216F3030F90C9FC16FBED07FEA36F -5AA36F5AA26F5AA3166044467EC349>I<B60107B500F890380FFFFEA3000301E0D9001F -90C813F06C0180DA0FFCED3FC091C86C48ED1F006C871C0E6D6C6E7E1C0CA26D6C6F5DA3 -6EDA06FF1538011F1A30A26E020E6D1470010FDB0C7F1560A26E021C7F0107DB183F5DA2 -856D6CDA301F4A5AA36D6C4A6C6C49C7FCA36D6C4A6C6C1306A3DB80016E130E027FDA80 -03140CA2DBC00380023FDA00015CA203E081021F01066D5CA36E6C486E6C5AA36E6C486E -6C5AA36F48EC1FE1020360A2DBFE7015F302010160020F90C8FCA2DBFFE015FB6E49EC07 -FEA36F486E5AA36FC86C5AA3031E6F5AA4030C16605F467EC364>I<003FB500E0011FB5 -FCA3C691C7000713E0D93FFC020190C7FC6D4815FC010F6F5A6D6C15E0A26D6C4A5A6D6C -5D4DC8FC6D6D5B6E6C13065F6E6C131C6E6C13185F6E6C13706E6C13605F913803FE01DA -01FF5B4CC9FC6E1387ED7FC616CCED3FFC6F5A5E6F7E6F7EA26F7E82A203067F150E9238 -0C7FC04B6C7E15389238301FF04B6C7E15E04B6C7E4A486C7E14034B6C7E02066D7F140E -020C6E7E4A6E7E143802306E7E4A6E7E14E04A6E7E49486E7E130349C86C7E496F7F5B49 -6C8201FF83000701E0020313F8B500F8021FEBFFF0A344447EC349>I<B66C91380FFFFC -A3000101F8C8000313C026007FE0923800FE0061013F17F06D6C5E80010F5F6D6C4B5A18 -036D6C93C7FC6E15066D160E6D6D140C181C6E6C14186E6C5C18706E6C146018E06E6C5C -6E6C495A17036E6C91C8FC5F6E6C13066E6D5A171C92387FC0185FED3FE06F6C5A17E06F -6C5AEEF980ED07FF6F90C9FCA26F5AB3A6923807FF800203B6FCA346447FC349>I<EAFF -FCA4EAF000B3B3B3B3B3A2EAFFFCA40E6476CA1B>91 D<01C01318000114384848137048 -C712E0000EEB01C0000C1480001C13030018140000385B003013060070130E0060130CA3 -00E0131C481318A400CFEB19E039FFC01FF801E013FCA3007F130FA2003F130701C013F8 -390F0001E01E1D71C431>I<EAFFFCA4EA003CB3B3B3B3B3A2EAFFFCA40E647ECA1B>I<13 -C01201EA0380EA0700120E120C121C12181238123012701260A312E05AA412CFEAFFC013 -E0A3127FA2123F13C0EA0F000B1D79C41B>96 D<EB07FC90383FFF809038F80FE03903C0 -03F048C66C7E000E6D7ED80FC0137E486C137F6D6D7EA36F7EA26C5AEA0380C8FCA4EC0F -FF49B5FC90380FFE1FEB3FC0EBFF00EA03FC485A485A485A485A127F5B176048C7FCA315 -3FA36D137F007F14EF6D9038C7E0C0003F13013A1FE00783F13B07F81E03FF802701FFFC -0113003A001FE0007C2B2E7CAC31>I<EA01FC12FFA3120712031201B3EC03FC91380FFF -8091383C07E091387001F89039FDE0007E02807F01FFEC1F8091C713C049EC0FE0491407 -17F0A2EE03F8A217FCA2160117FEAB17FC1603A217F8A2EE07F0A26DEC0FE017C06D141F -01FBEC3F80D9F380EB7E00D9E1C05B9039E0F001F89039C03C07E09039801FFF80C7D803 -FCC7FC2F467DC436>I<EC7F80903803FFF090380FC07C90383F000F01FCEB03804848EB -01C00003140F4848EB1FE049133F120F485AA2485AED1FC0007FEC070092C7FCA290C9FC -5AAB7E7FA2123F16307F001F15706C6C146016E06C6C14C06C6C13010001EC03806C6CEB -0700013F131E90381FC078903807FFF001001380242E7DAC2B>I<167FED3FFFA3150181 -82B3EC7F80903803FFF090380FC07C90383F000E017E1307496D5AD803F87F48487F5B00 -0F81485AA2485AA2127FA290C8FC5AAB7E7FA2123FA26C7EA2000F5D7F6C6C5B00035C6C -6C9038077F806C6C010E13C0013F011C13FE90380FC0F8903803FFE09026007F0013002F -467DC436>I<EB01FE903807FFC090381F03F090387E00FC49137E48487F485A4848EB1F -80000F15C049130F121F484814E01507A2007F15F090C7FCA25AA390B6FCA290C9FCA67E -A27FA2123F16306C7E1670000F15606D14E06C6C14C0000314016C6CEB03806C6CEB0700 -013E131E90381F80F8903803FFE0010090C7FC242E7DAC2B>I<EC0FE0EC7FF8903801F8 -1E903803F03F90390FE07F8090381FC0FF5C133F495AA2ED7F0001FE131C92C7FCAFB67E -A3C648C8FCB3B2486C7E007F13FFA321467EC51E>I<EE0F80D901FCEB7FE0903A0FFF81 -F0F090393F07E3819039FC01FF033A01F800FE014848017E13E00007027FC7FC497F000F -8149131F001F81A9000F5D6D133F000792C7FC6D5B0003147E6C6C5B6D485A3903BF07E0 -90380FFF80260701FCC8FC90CAFCA25AA37F6C7E7F90B512F86C14FF16E06C15F86C6C80 -48B67E3A07C0000FFF48481300003FC8EA3F80003E151F48ED0FC0A2481507A56C150F00 -7C1680007E151F003E16006C153E6C6C5CD807E0495AD801F8EB07E0D8007FEB3F809026 -1FFFFEC7FC010113E02C427DAC31>I<EA01FC12FFA3120712031201B3EC01FE913807FF -C091381E07F091383801F802707FECE000D9FDC07F5C01FF147F91C7FCA25BA35BB3A848 -6CECFF80B5D8F83F13FEA32F457DC436>I<EA01E0EA07F8A2487EA46C5AA2EA01E0C8FC -ADEA01FC12FFA3120712031201B3B0487EB512F8A315437DC21C>I<143C14FFA2491380 -A46D1300A2143C91C7FCADEC7F80EB3FFFA31300147F143FB3B3AA123E127F39FF807F00 -A2147EA25C6C485A383C01F06C485A3807FF80D801FEC7FC195785C21E>I<EA01FC12FF -A3120712031201B3A292381FFFE0A36F1300ED07F816E05E5E030EC7FC5D5D5D5D4A5A4A -5A4AC8FC5CEC3F804A7E14FF9038FDCFE09038FF8FF01407496C7E01FC7F14016E7E8181 -6F7E82151F6F7E821507826F7E8282486C491380B5D8F81F13F8A32D457DC433>I<EA01 -FC12FFA3120712031201B3B3B3A5487EB512F8A315457DC41C>I<D801FC01FFEC1FE000 -FF010701E0EBFFFC913B0F03F801E07F913C3C01FC07803F800007903C7000FE0E001FC0 -000349D97E1C130F2601FDC0D97F38804A143001FFDA3FF06D7E91C75BA2495DA3495DB3 -A8486C4A6C497EB5D8F81FB50003B512E0A34B2C7DAB52>I<3901FC01FE00FF903807FF -C091381E07F091383801F8000701707F0003EBE0002601FDC07F5C01FF147F91C7FCA25B -A35BB3A8486CECFF80B5D8F83F13FEA32F2C7DAB36>I<EC7F80903803FFF090380FC0FC -90383E001F496D7E496D7E48486D7E48486D7E48486D7E000F81A24848147E003F157FA2 -90C87E481680A44816C0AA6C1680A26D147F003F1600A2001F157E6D14FE000F5D6D1301 -00075D6C6C495A6C6C495A6C6C495A013E49C7FC90381FC0FE903807FFF89038007F802A -2E7DAC31>I<3901FC03FC00FF90380FFF8091383C07E091387001F83A07FDE000FE0001 -0180137F01FFEC3F8091C7EA1FC04915E049140F17F0160717F8160317FCA3EE01FEABEE -03FCA3EE07F8A217F0160F6D15E0EE1FC06D143F17806EEB7E00D9FDC05B9039FCF003F8 -91383C0FE091381FFF80DA03FCC7FC91C9FCAE487EB512F8A32F3F7DAB36>I<91387F80 -03903903FFE00790380FE07890393F801C0F90387E000E496D5AD803F8EB039F0007EC01 -BF4914FF48487F121F5B003F81A2485AA348C8FCAB6C7EA3123F7F121F6D5C120F6D5B12 -076C6C5B6C6C497E6C6C130E013F131C90380FC0F8903803FFE09038007F0091C7FCAEEE -FF80033F13FEA32F3F7DAB33>I<3903F803F000FFEB1FFCEC3C3EEC707F0007EBE0FF38 -03F9C000015B13FBEC007E153C01FF13005BA45BB3A748B4FCB512FEA3202C7DAB26>I< -90383FE0183901FFFC383907E01F78390F0003F8001E1301481300007C1478127800F814 -38A21518A27EA27E6C6C13006C7E13FC383FFFE06C13FC6C13FF6C14C06C14E0C614F001 -1F13F81300EC0FFC140300C0EB01FE1400157E7E153EA27EA36C143C6C147C15786C14F8 -6CEB01F039F38003E039F1F00F8039E07FFE0038C00FF01F2E7DAC26>I<1306A5130EA4 -131EA3133E137EA213FE12011207001FB512F0B6FCA2C648C7FCB3A4150CAA017E131C01 -7F1318A26D133890381F8030ECC070903807E0E0903801FFC09038007F001E3E7EBC26> -I<D801FC147F00FFEC3FFFA300071401000380000181B3A85EA35DA212006D5B017E9038 -077F80017F010E13C06D011C13FE90380FC078903803FFF09026007F8013002F2D7DAB36 ->I<B539F001FFFCA3000790C7EA7FE06C48EC1F8000011600160E1200160C017F5CA280 -013F5CA26E1370011F146080010F5CA2ECF00101075CA26D6C48C7FCA26E5A01011306A2 -6D6C5AA214FF6E5AA215B8EC3FB015F06E5AA36E5AA26E5AA36EC8FC2E2C7EAA33>I<B5 -00E0B539E03FFF80A30007903C000FFE000FFC00D803FCD903F8EB03F8F001E012010301 -5D6D80000060A26D6E13036DD9037E91C7FCA20280017F5B013FD9063F1306A2D91FC06E -5AED0C1FA2D90FE06E5AED180FA2D907F06E5AED3007A2D903F86E5AED6003A2902601FC -E06D5AEDC00117FCD900FFECFD80ED800017FF027F92C8FC92C77EA26E147E023E143EA2 -021E143C021C141CA2412C7EAA46>I<B539F007FFFCA30003D9C00113C0C6496C130001 -7F14FC013F5C6E13E06D7E010F495A6D6C485A02F890C7FC903803FC060101130E6E5A90 -3800FF186E5AEC3FF05D141F140F6E7E81140FEC0DFCEC19FEEC38FF4A7E9138603F8002 -C07F0101131F49486C7E02007F01066D7E010E1303496D7E013C80017C80D801FC1580D8 -0FFE4913C0B5D8800F13FFA3302B7FAA33>I<B539F001FFFCA3000790C7EA7FE06C48EC -1F8000011600160E0000150C6D141C6D1418A26E1338013F1430A26D6C5BA26E13E0010F -5CA26D6C485AA2ECF803010391C7FCA2903801FC06A2ECFE0E0100130CA2EC7F18A215B8 -EC3FB0A2EC1FE0A36E5AA26E5AA36EC8FCA21406A35CA25CA2123C007E5BB4FC5CA25CEA -FE01387C0380D87007C9FCEA3C1EEA0FFCEA03F02E3F7EAA33>I<003FB612E0A29038C0 -003F90C713C0003CEC7F800038ECFF00A20030495A0070495AA24A5A0060495AA24A5A4A -5AA2C7485A4AC7FC5B5C495A13075C495A131F4A1360495A495AA249C712C0485AA2485A -485A1501485A48481303A24848EB07804848131F00FF14FF90B6FCA2232B7DAA2B>I<B9 -FCA23002809B31>I<BF1280A26102809B62>I<001EEB0780007FEB0FE039FF801FF0EBC0 -3FA4EB801F397F000FE0001EEB07801C0A76C231>127 D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fv cmbx12 24.88 45 -/Fv 45 122 df[<96380FFFFE060FB612E04DB712FC051F16FF94B912C0040784041F18 -F8047F9126FC001F7F4BB6008001017F030702F8C8EA3FFF4B02E0030F7F033F02804B7F -4B49C9127F92B54893B57E4A02F05D4A4A4B804A4A5D4A4A84634A91C9FC4A5BA24A5B51 -80755C91B5FC5EA3755CA2755C755C755CE23FFEC8FCF40FF899CAFCAF083FB612FCBFFC -A9C702FCC912038787B3B3B3B2003FB800F0013FB812F0A9>116 -144 123 271 129 12 D[<EF01F8EF07FC170F171F177FEE01FF1607161F93B5FC150315 -3F0203B6FC49B7FCB9FCA615C3ECFC03EBFE00C8FCB3B3B3B3B3AE007FBC1280A9>81 -135 110 262 116 49 D[<93381FFFF00303B612E0033F15FC4AB812C0020717F0021F17 -FC027F17FF49BA12C0010719F049DA800F814901F8C715FE4901C0021F804948C8000781 -49486F814801F00300814849708048018070804890CA6C806E70804813F002FC7080486D -70158080486E6F15C0817315E081B6836F19F0A3861DF8A56C5CA26C5CA26C5C6C91CAFC -6C5B000113F826007FE01AF090CCFC62A21DE0A297B6FC1DC0A24F1580A24F150064A24F -5C64614F5C644F5C644F91C7FC96B55A4E5C634E5C4E5C4E5C98C8FC4E5B4E5B4E5B95B5 -12E04D5C624D49C9FC4D5B4D5B4D13E04D5B4D5B4D48CAFC4C5B4C5B4C5B4C01C0ED0FF8 -4C5B4C90C9FC4C5A4C48EE1FF04B13F04B5B4B5B4B5B4B90CAFCDB3FFC173F4B4818E04B -5A4A5B4A49177F4A90CBFC4A4818FF5D4A485F4A48053F13C04ABBFC91BCFC5B5B5B5B49 -1B805B5B90BDFC5A5A5A5A481C005A5ABEFCA464A4>93 135 117 -262 116 I[<933807FFFE93B612F8030FEDFF80033F16F04AB812FE0207717E4A18E002 -3F844A9026FC003F14FC49B500C00107804901FCC70001804901F06E6C14C04901C06F80 -4990C97E4A708049488549B46C6F8015E090B500F8846F8148878181A2481C808285A461 -A36C92C8FC1D006C5CA26D5B6D494B5C6D5B010713C0010190C95D90CB5A64A24F5C6461 -644F5C96B6C7FC634E5C4E5C4E14E04E5C063F5C95B548C8FC050314F80407B612E00307 -B712804B4BC9FC19F885F1FFC01AF86F16FF92C86C14C0060714F0060114FC7280073F6D -7E738073807314F888738085881D807315C0A21DE0861DF0A21DF8A27414FCA41DFEEB7F -F03801FFFC487F000F6D7E4880A248804880A3B67E1DFCA45014F8A34B19F07E97B612E0 -5D1DC06C5C4B4B15806C91C9FC02FC4C15006C494C5C6C01C0616E4C5C6C01F84C5C6C01 -FE4C5C6C6D6C4B5C6D01F04AB65A011F01FF020792C7FC6D02F8017F14FC010391B85A01 -0019E0023F1880020F4DC8FC020317F0DA007F1680030303F8C9FCDB000F49CAFC>95 -137 118 262 116 I[<F37FC0517E6262A2626262A2626297B5FC61A2616161A2616161 -96B6FCA2606060A2606060F07FEF19CF18FF4D138F4D130F18FE1707EF0FFCEF1FF8EF3F -F018E0177FEFFFC04C138018005E4C5A4C5A4C5A5F163F4C5A4C5A5F5D4B90C7FC4B5A4B -5A5E151F4B5A4B5A5E15FF4A5B4A90C8FC4A5A5D140F4A5A4A5A5D147F4A5A495B4990C9 -FC5C1307495A495A5C133F495A495A485B91CAFC5A485A485A5B121F485A485A485A90BE -12FEA9CC003F02E0C7FCB3A6040FBA12FEA9>103 136 122 263 -116 I[<010E1AE0D91FC0F007F002F0183F02FFEF01FF03E0160F03FF4BB5FC04FE91B6 -5A93B95AA26499C7FC6363636363636398C8FC1AFC621AE06297C9FC19FC19F019C04ECA -FC18F0DAF87F49CBFC92CEFCB3A394B5FC041F14F84BB77E030716E0031F16FC037F16FF -02F9B912C002FBDA800F8091B526F0000114F893C86C7F03FC6F7F03F06F7F03C06F804B -6F804AC96C804A854A70804A85854A856D5A90CC6C7FA21D80A21DC0A21DE086A21DF0A5 -1DF8A3EB7FC03801FFF000077F4813FE5A487F815A81B6FCA31DF0A41DE0625D6C1CC092 -CAFC5C1D806C01F894B6FC4A1A006C13C001F8CA485C6C6C626D5F0007636D4D5C6C6D61 -6C01E05E6C6D4C5C6E4C5CD97FFE93B548C7FC6D6C6C4A5C6D01E002075C010701FC023F -5C6D9026FFE003B612C06D91B8C8FC6D6C5F021F17F0020717C0020194C9FC6E6C15F003 -0792CAFCDB007F13C0>93 137 117 262 116 I[<95380FFFE00503B6FC053F15C04CB7 -12F8040782043F16FF93B97E4B8403079126FE003F7F031F02E001037F4B91C87F92B500 -FCED3FFC4A02F06F7E4A02C0150F4A4A92B5FC4A91C812034A01FC5D4A494B14804A495D -91B5FC494A4B14C0495C494A5DA24991C9FC5B5D5B5D5B90B57114805D48731400A2745B -484A705B745B48070013E098C8FCA2485CA35AA35AA34B903807FFE0053FEBFF80484BB6 -12F04C15FC040F15FF4C16C04C16F093267FF803809327FF80003F13FEB600C190C7000F -7FDBC3FC6E80DBC7F86E804C6E80DBCFE06E80DBDFC06F7F4C6F7F03FF8493C96C7F5D1D -804B7014C0A21DE05D1DF0A25D7414F8A34B19FCA47E1DFEA25DA67EA56C80A46C1CFCA3 -7EA21DF87E81626C1CF0A26C1CE0A26D6D19C0626D1B806D6D1900626D6D606D6D4C5B70 -5F6D95B55A6D6E4A5C6D6E4A5C6E01F84A5C6E6D021F91C7FC6E01FF027F5B0207DAF007 -B55A6E91B712F00200606F1780031F4CC8FC030316F8030016C0041F4AC9FC04001480> -95 137 118 262 116 I[<48B4FCA3487F14E014FE91B512F893BB12E0A45AA41EC01E80 -1E0048646565A2656565654899C7FCA26464646402E0CB5BD83FFCCB5A494E5B505B4997 -C8FC505A505A49183F505A007F4F5A63494D5B4F5B614F90C9FC4F5A4848604F5A4F5A19 -FFCB485B4E5B624E90CAFC604E5A61183F4E5AA24E5A5F615F4D5BA25F4D5BA25F96CBFC -5FA24D5AA25EA24C5BA25EA25EA24C5BA25EA35E60A293B5FCA35DA35DA35D60A35DA65D -A75DAE6F5CA36F5C6F91CCFC6F5B6F5B9238007FF0EE1FC0>99 142 -115 267 116 I[<F31FF0517E517EA2517EA3507FA25080A25080A35080A25080A35080 -A25080A397B67EA24F81A34F82A24F82A34F82A2DF1FFD811AFC62073F6D80A2DF7FF081 -871AE007FF6D80A24E01C081871A804E6E81A24E0100828761060F6E81A24E4883876106 -3F6F80A24E486E80A26106FF6F80A24D496E80A2614D7081A24D90C86C81A260050F7081 -A24D486F81A260053F7180A24D487080A26005FF7180A24C497080A2604C7281A24C90CA -6C81A25F040F728194BDFC4C88A34C88A24C88A3DCFFE0CB001F80A24B497280A25F4B74 -81A24B90CC6C81A25E030F7481A24B487381A25E033F7580A24B487480A25E03FF7580A2 -4A497480A25E4A7681A24A90CE6C81A25D91261FFF8074810103B512FEB900C0040FBA12 -FEA9>159 145 120 272 176 65 D[<BFFC1EFEF6FFE01FFCF7FF8020E020FC8C7A7EC7 -00034ACA001F15E00B0381E3007F800C1F80788078800C01818E788179808B8E8B8E8B8E -A27980A4791580AB551500A4555CA26A676A676A555C9CB65AA2545D5492C7FC545C5414 -F80C3F5C9BB65A5315800B0F4AC8FC0B7F14F80A1FB612E094BCC9FC1FF81F801FF8F7FF -8020F020FE4DCA00016E7EE3003F14F00C07807814FE0C006E7E79807980798079807980 -8E7980791580A27915C023E08C23F0A223F88CA223FCA38C23FEAB5614FCA55614F8A29D -B612F0A35515E06723C055158067551500555C555C9CB6FC0C035D5415E00C1F5D9BB75A -0B0F93C7FCC212FC6921E021800EFCC8FC20F09DC9FC1FF00CFCCAFC>143 -142 120 269 165 I[<0803B500C0EE01F00703B600FEEE03F8077FDBFFE015070607B8 -00FC150F063F05FF151F4DBA00E0143F050F07F8147F053F07FE14FF94BC5B04039326F8 -000FECC003040F4BC86CEBF007043F03C0030F6D5A93B648C900036D5A4B03F09339007F -FF3F030703C0051F90B5FC4B92CB7E033F02FC18034B02F08492B648844A0380193F4A92 -CD7E4A4A864A4A864A02F0864A4A864A8991B65A494B874992CF7E4C885B494A885E498B -494A88A2495C8D90B65A8D5A5E48217FA24892D1FC223FA25A5DA248211FA3485CFA0FF0 -9FC7FCA25AA45DA3B6FCB27EA381A47EA46C80FA07F0FA0FF87EA2817EA36C6F1D1F23F0 -7E827E223F6D6E1EE0A26D6E1D7F23C06D6E1DFF7F705213806D806D55130070646D6F64 -6D6F515A6E6E1B1F6E6E515A6E6E515A6E6E1BFF6E6E505B6E6E505B6E6F4F5B6E03E04F -90C7FC6F6EF13FFE6F02FC4F5A030F02FF4E485A6F03C005075B030103F0051F5B6F03FE -057F1380043FDAFFE00303B5C8FC040F03FE033F13FC0403DBFFF80107B55A040093B812 -E0053F1A80050F4FC9FC050119F8DD003F18C0060795CAFCDE007F16F0070393CBFCDF00 -0314C0>141 146 115 271 168 I[<BE12FEF5FFFCF6FFC01FFCF7FF8020E020FC20FF21 -C0C7000392C9000116F0E2000F810B0015FE0C1F800C0315C00C00810D3F8079800D0714 -FE79807981796C808C7A807A808F7A807A808C8F7A818DA17E8DA17E8DA17EA27B80A2A1 -7E8DA17EA28DA17EA3A113808DA3A113C0A57B15E0A6A113F0B3A2A113E0A569A113C0A5 -A11380A269A2A11300A3575CA2A15AA269A15A69A15AA2575CA15A69A15A9EB6FC5692C7 -FC6B565C68565C565C565C565C9DB65A5592C8FC0D075C555C0D3F5C9CB65A0C0315C00C -0F5D0C7F92C9FC0B07B612FC52B712F0C212C09ECAFC20FC20F020800DFCCBFC1FE00CFC -CCFC53CDFC>156 142 120 269 178 I[<C21280A421C0A5C700030380C81201F40007F5 -007F0C1F14E01E071E018A1F3F8B8B8B7913F0A28B8BA2207FA3203F21F8201FA4200FA3 -21FC2007A4F47FC0A3F803FEA49DC7FCA31CFFA463A263A26363631B7F50B5FC1A1F95B8 -FCA9953880001F1A01747E1B1F878787A287A287A41C7FAA99CBFCB3AFBC12F0A9>127 -141 120 268 146 70 D[<BC1280A9C7000103C0C8FCB3B3B3B3B3B3B0BC1280A9>73 -142 121 269 87 73 D[<BC12F0A9C700030380CEFCB3B3B3B3A5F8FF80A4672100A667 -A368A21F07A41F0FA3555AA21F3FA21F7FA21FFFA2666668666666666653B5FC651D0F53 -5C1D7F0A03B6FC1C1F0903B7FCC1FCA468A5>121 142 120 269 -140 76 D[<B96C0C3FB812E07266729BB9FC7265A37265A27265C70003A101F8C8FC72F5 -0FF7A2706DF51FE7A3706EF43FC7A2706EF47F87A2706EF4FF07A2706EF301FEA3706EF3 -03FCA2706EF307F8A2706EF30FF0A2716DF31FE0A3716EF23FC0A2716EF27F80A2716EF2 -FF00A2716E4F5AA3716E4F5AA2716E4F5AA2716E4F5AA2726D4F5AA3726E4E5AA2726E4E -5AA2726E4EC7FCA2726E4D5AA3726E4D5AA2726E4D5AA2726E4D5AA2736D4D5AA3736E4C -5AA2736E4C5AA2736E4CC8FCA3736E4B5AA2736E4B5AA2736E4B5AA2736E4B5AA3746D4B -5AA2746E4A5AA2746E4A5AA2746E4AC9FCA3746E495AA2746E495AA2746E495AA2746E49 -5AA3756D495AA2756E485AA2756E485AA2756E48CAFCA375ECF1FEA275ECFBFCA275ECFF -F8A2755DA3765CA2765CA2765CA27691CBFCA3765B4A7F49B500FE715BB900FC51BB12E0 -765BA2765BA3775A775A775A>203 142 120 269 220 I[<B900C04EB912F8848484A284 -848485C7000399C7000302FCC7FC73DF000F90C8FC73745A858585A28570807081708182 -867081708170818286718071817181718183877181718171818487728172817281728184 -8872817281738085897381738173817381A27381738174807481868A7481748174817481 -A27481758075817581878B758175817581878B7680768176817681888C76817681768189 -8C7715807715C07715E07715F08921F87715FC7715FE7814FF8A22877815C77815E77815 -F77815FFA28A8A8B8B8BA28B8B8B8BA28B8C8C8C8CA28C8C8C8CA28D8D8D8D8DA24A6D88 -49B500FE88B900FC86227FA2223F221F220F2207A27C5A>165 142 -120 269 182 I[<97B512F0077FECFFE00607B712FE067FEEFFE00503B912FC051FF0FF -80057F19E00403BB12FC040F9226E0007F14FF043F02FCC7000315C04C02E0DA007F804B -B60080031F14F8030702FCC9000314FE4B4A70804B02E0706C80037F0280051F14E092B6 -CB6C804A4A72804A4A72804A02F00600804A4A737F4A4A73804A8B4A4A738091B6CD6C80 -494A7480A2494A7480494A7480498C4C86498D4C87498D494A7580A290B68B4C87488EA2 -4892CF6C80A3488E4B88A2488EA3484A761580A34823C0A5484A7615E0A7B621F0B36C23 -E0A26F64A56C23C0A46F646C2380A36C23006F64A26C6AA270636C6AA26C6A70636C6A70 -636D69A26D6E98B65AA26D6E505DA26D6E5092C7FC6D6870626D6E505C6D686D6F4F5C6E -6E4F5C6E6E4F5CA26E6E96B65A6E6E4E92C8FC6E6E4E5C020102FF060F14F86E6F4D5C6F -6E4D5C6F02F094B65A030F6E4C92C9FC6F02FE04075C03016E6C031F14F86F03F092B65A -043F02FE020715C0040FDAFFF090B7CAFC040392B812FC04001AF0051F198005074ECBFC -DD007F17E0060F94CCFCDE007F15E0070002F0CDFC>148 146 115 -271 175 I[<BE12F8F5FFF01EFF1FE01FFCF7FF8020E020F820FEC7000392C9000781E2 -003F15C00B03810B00810C3F8078800C07807880788178818E8B8E8B8E8B8EA28EA28B8E -A42380AC2300A46A67A26AA26A676A676A9CB65A6A665492C7FC545C0C1F5C545C9BB612 -E00B075D0B3F5D0A07B648C8FC95BB12F820E0208055C9FC1FF09CCAFC1EF00BF8CBFC06 -80D0FCB3B3B2BB12FEA9>137 142 120 269 159 I[<BD12FCF4FFFCF5FFE01EFCF6FFC0 -1FF01FFE797E20E0C7000392C96C15F80A0181E2003F14FF0B07810B0115E0776C807880 -7880788078808A78818E7881A28E8B8EA37980A48EAA6AA3676AA26AA29CB65AA26A545D -9FCAFC66545C545C545C545C9BB612C0535D0B074ACBFC0B3F5C52B612F00A7F15C095BB -CCFC1FF81FC054CDFC1EF81EFE787E95C8000315E0E1003F14F80A0F14FE0A0380768176 -6C807780778077808C77807780A27781A27781A28DA28A8DA88DA98DA87BED1FC0A1EB3F -E0A28AA28D8AA1137F7C15C08A7818FF7C1580786F5B781900BB00FC6F6F5B796E495A79 -02FEEB1FFC799139FFC07FF80D0792B55A0D015F796C5E0E1F5E0E034BC7FCD4001F14F8 -E7003F13C0>163 144 120 269 173 82 D[<93260FFFF8163E4BB600E0153F031F03FE -5D037FDBFFC05C0203B800F05B020F05FC5B4A05FF5B027FF0C00F91B526FC000FECF01F -010302C0D9007F6D5A4949C800076D5A4901F8030090B6FC4901E0163F4949160F494982 -90B5CA12014A834849844849181F87484984A2484984874886A248498588A24887A388A2 -B58680A36E85A3806E85A28080816C6E725A03F096C7FC8115FE6F7E6C15F0EEFF8017F8 -6CEEFFC018FC6CEFFFE019FE6CF0FFF01AFE6CF1FFC06C1AF01BFC6C1AFF6D1AC06D866D -1AF86D866D866D866D876D87023F866E860207860201866E7E031F85030385ED007F0407 -1980EE003F050318C0EF001F060117E0F0000F1900080F15F01A031A007514F81B1F8787 -7514FC87A2007F86486C86A288A288A46D86A31EF87FA37F1EF0A26D626D1CE0A27F6D50 -13C0A26E1B806E616E1B0002F896B5FC6E4E5B6E4E5B6E6C5F03E04D5B03F84D5B03FE4D -5BDBFFC093B55A04F803035C496CD9FF80021F91C7FCD9FC1F02FF49B55AD9F80792B75A -496C19F049C66149011F18804901074DC8FC90C817F848031F16C04803004BC9FC007C04 -011480>102 146 115 271 129 I[<000FC312F8A6488EA304C0C7001F02FCC7120103F8 -C8F0000F03C01C0192C9737E02FC1E1F4A8A02E01E034A8A4A8A4890CA757EA249203F49 -201FA349200FA2492007A4492003007F8EA4498CA848487A1380A6CC99C7FCB3B3B3B3AA -030FBD12F8A9>145 140 120 267 162 I[<BB00C00507B812F8A9C7001F4ACE000192C7 -FC71E1000713E06E791380A2846E5590C8FC846E555A846E555AA26E6F64223F846F545A -846F545AA26F6E6469846F535B856F5390C9FC856F66210F856F535A856F535A8570525A -A28570525A8570515B8570515BA2706F96CAFC688670515A8670515A867064203F867150 -5A8671505A8671636786714F5B87714F90CBFC87714F5AA287714F5A87714F5A87724E5A -A2726E5E1FFF87724D5B87724D5B887296CCFC6688724D5A88724D5A8872601E3F88734C -5A88734C5A88734B5BA21CFF734B5B1D8373038790CDFC1DC773EDCFFEA273EDEFFC1DFF -A2735EA2745DA2745DA3745DA2745DA27492CEFCA3745CA2745CA2745CA3755BA2755BA2 -755BA2755BA27590CFFC755A>165 144 123 269 176 86 D<93B512FC037FECFFF00207 -B8FC023F17E091B912F84918FE0107727E499126C0007F14E04901E0C7000F80496D0203 -80496D020014FE6F6F7F90B570806F6F8085486E6F807380A27380A28885886C5CA26D49 -82886D5B6D5B010713C0010190CAFC90CCFCA90603B7FC050FB8FC0403B9FC167F0307BA -FC153F4AB7EA807F020FEDE000023F02FCC7FC91B612E0010392C8FC4914FC011F14F049 -14C0495C90B548C9FC485C485C485C485C5A5D485CA24891CAFCA3B6FC5CA397B6FCA461 -806C60F107EF6C6E150F6F16CF6C183F6FDB7F8F806C6EDBFF0F14E06C02FCDA03FE15FE -6C6E91260FFC0791B5FC6C6E6CD93FF817806C923AF803FFF003013F91B6487E010FEF80 -00010394C77E010004FC141F021F03F0140702010380DA007F1400DA000701F8CDFC695F -79DD71>97 D[<ED1FF0017FB5FCB7FCA9EA003F1307A27FB3B296383FFFC00607B512FE -063FECFFE04DB712F8050716FF051F17C0057F17F094B5D8C00F8004F301FCC714FE04F7 -01E0023F7F93B50080020F804DC86C14E005F80301804D6F804D707F05808294CA804C71 -7F4C7180A24C71808BA27680A28B88A28BA28BA3888BA52080B02000A56764A267A36764 -67A2525CA267647062704D91C7FC704D5BA2714C5B7193B55A05F04B5CDCBFF84B5CDC1F -FC030F5C4B6CB44B91C8FC7001C0027F5B4B6C01F00103B55A4BC601FF013F14F04B6D90 -B712C04B011F94C9FC4B6D16FC4B010316F092C86C15804A030F02F8CAFC90CB49CBFC> -113 144 121 270 129 I<94387FFFF0041FB612E093B712FE0307707E031F17F092B97E -4A18FE020784021F9126F8000F14804A0280010014C04A49C74814E049B500F85C494A17 -F0494A5C495C494A4A14F84991C8FC5D495B90B5FC5D5A485C7314F05A4B6F14E05A7314 -C0487214804B93383FFE00F20FF84896C8FCA4485CA5B6FCB07EA281A37EA36C80A37E6F -18FE6CF201FFA26C6E5F1CFE6C801B076C6EEF0FFC6D7F70EE1FF86DF13FF06D6E167F6D -6EEEFFE06D02F84B13C06D6E5D6D02FF030F13806D03C0023F1300023F02F0903801FFFC -6E9126FF801F5B020792B65A6E18C0020060033F4CC7FC030716F8030016C0041F4AC8FC -DC007F13C0585F78DD67>I[<F53FE098B6FC4FB7FCA996C77E1B0FA287B3B294383FFF80 -040FB512FC93B71280030716E0031F16F8037F16FE4AB9128702074AC66C13C7021F02E0 -010713F74A91C890B6FC4A01FC153F49B548150F4902E081494A81494A814991CA7E495B -8749498390B548835A5D5AA2485CA25A5D5AA35AA25D5AA5B6FCB07EA57E81A37EA27EA2 -817EA26C80A26C626C6E5F636D7F6D6D94B6FC6D606D6D1607705D6D6E4B81010102F015 -7F6D6E92B712FE6E01FE020301EF91B512806E6D6C011F13CF020FDAF801B5120F020391 -B612FE6E17F86E6C16E0030F16800301EDFC00DB003F14E0040049C74AC8FC>113 -144 120 270 129 I<94387FFFC0040FB6FC93B712E0030716FC031F16FF037F17C04AB9 -12F00207DAF80380021F912680003F13FE4A49C7000F7F4A01F802038049B5486E804902 -C06E6C7F494A6F7F4991C9FC49727F4949707F4B84498490B548707F5A4B198048855D48 -1CC086481CE05D5A871DF05AA25D5AA21DF887A2B6FCA392BBFCA51DF00380CDFCA77EA4 -817EA37EA2817EA26CF307F06FF00FF87E816C1B1F6F19F06C1B3F6D6DF07FE06D7FF4FF -C06D6E4C13806D6E5E6D02F04C13006D6EEE1FFE6D6E4C5A6D6C01FFEEFFF86E02E00203 -5B6E02FC021F5B02079126FFC003B55A6E92B7C7FC020060033F17F8030F17E003011780 -DB003F03FCC8FC040315C0DC000F01F8C9FC5D5F7ADD6A>I[<95383FFF80050FB512F094 -B612FE040781041F16C0047F824BB87E0307DAF8077F031FDAC00F7F4B49C6487F4B495B -92B500F0814A4A5B4A5C4A93B612805F4A91C7FC5C5E5C5E5C731400A24C6E5B91B56F5B -A2735B070313E00700138097C8FCB3A4BA12F8A9C702FCCBFCB3B3B3B3A2003FB9FCA9> -81 144 121 271 71 I<F5FFC093260FFFFC030F13F04BB600E0027F7F031F03FE49B512 -FE037F9226FF8007800203B8EAF01F020FDDFC3F15804A7148133F027FDA003F90B500F0 -14C091B500F80107ED807F4902E00101ECFC00010702806D6C5B93C87E49496F7F49496F -7F49496F6D6D1380491A8077130090B5486F6E6C5AF503F84875C8FCA2484A6F80A44887 -AB6C63A46C6E4B5CA26C63A26D6D4B5CA26D97C9FC6D6D4B5B6D6D4B5B6D6D4B5B705C01 -0102E049B512E06D02F801075C4902FF013F5C4992B648CAFC496002F317F090260FE07F -1680031F4BCBFC90261FC00115E0DB000F01FCCCFC013F91CFFCA3137FA280A380A28080 -806E7E15F092B812F06DF0FFE01BFEF3FFC06D1AF81CFE767E6D1BE06D87896D1BFE6D87 -7F6E878A0103BD7E130F013F8890BEFC4802E0C9003F814891CBFC4801FC180F48490601 -804849727E484985884849737F88A2B55A88A66E616C65A26E616C6D4F5B6C656E616C6D -4F5B6C6D96B55A6C6D6C05035C6F5FC602F0051F49C7FC6D01FC057F5B6DD9FF800303B5 -5A010F02F8033F14E06DDAFFE0010FB65A010192B9C8FCD9003F19F8020F19E0020196C9 -FCDA001F17F0030194CAFCDB000192CBFC6A887ADD74>I[<ED1FF0017FB5FCB7FCA9EA00 -3F1307A27FB3B2963803FFFC073FEBFFE096B612F8060715FE061F6F7E4E16E095B87E4D -D9FC03804DD9C000804D48C76C7FDD0FF880DD1FE0824D486E804D5A05FEC881DCF1FC81 -5F04F385EEF7F04D81EEFFC0A24D84A294C9FCA25EA35EA45EB3B3AFB9D8E001B912C0A9 ->114 143 119 270 129 I[<EC3FC0ECFFF0010313FC497F497F498049804980A290B67E -A24881A86C5DA26D5CA26D5C6D5C6D91C8FC6D5B6D5B010013F0EC3FC091CAFCB3A3ED1F -F0017FB5FCB7FCA9EA003F1307A27FB3B3B3B0B91280A9>49 144 -119 271 65 I[<ED1FF0017FB5FCB7FCA9EA003F1307A27FB3B3B3B3B3B3ACB912C0A9> -50 143 119 270 65 108 D<DB3FE0912601FFFC943801FFFC017FB5031FD9FFE0041FEB -FFE0B792B600FC93B612FC060303FF030315FF060F04C0020F16C0063F04F0023F16F095 -B86C91B87E4DD9FC036E49D9FC03804DD9C0006E49D9C000804D48C7003F6D4948C7003F -7FDD0FF86EDB0FF880D8003F4B48714848830107DB3FC06E9126C03FC06E804D484E5A6D -4BC86F48C881DCE1FE6FDAE1FE814D61DCE3F8DEF3F884DCE7F0F0F7F04D6F4B81DCEFC0 -F0FFC0A2DCFF804F84A294C993C9FCA24C61A34C61A44C61B3B3AFB900E090B900E090B9 -12E0A9B35D77DCC2>I<DB3FE0913803FFFC017FB5033FEBFFE0B792B612F8060715FE06 -1F6F7E4E16E095B87E4DD9FC03804DD9C000804D48C76C7FDD0FF880D8003FDB1FE08201 -074B486E804D5A6D03FEC881DCE1FC815F04E385EEE7F04D81EEEFC0A2DCFF8084A294C9 -FCA25EA35EA45EB3B3AFB9D8E001B912C0A9725D77DC81>I<94381FFFF00407B612C004 -7F15FC0303B87E030F17E0037F17FC4ABAFC4A9126FC007F80020F02C0010714E04A49C8 -80027F01F8033F13FC91B5486F7F4902C003077F494A6F804991C96C8049497080494971 -7F49874949717FA290B548717F48884B83481D80A2481DC04B83481DE0A2481DF0A3484A -7114F8A4481DFCA5B61BFEAF6C1DFCA56C6E4D14F8A36C1DF0A36C1DE06F5F6C1DC0A26C -6E4D1480A26C1D006F5F6C646D6D4D5B6F94B5FC6D636D6D4C5C6D6E4B5C6D6E4B5C6D02 -F0031F5C6D6E4B91C7FC6D6C01FE92B512FC6ED9FFC001075C6E02FC017F5C020791B812 -C0020196C8FC6E6C17FC031F17F003031780DB007F03FCC9FC040715C0DC001F01F0CAFC -675F7ADD74>I<DB1FF091381FFFC0017FB50203B6FCB7021F15E095B712FC050316FF05 -0F17C0053F17F094B912FC04F1DAC01F8004F79026FC00018093B500E06D6C14C0D8003F -93C86C8001074B030F8005F86F806D03E06F804D6F804D8194CA6C7F4C864C71805E7680 -A27680A27680A28B88A28BA288A28BA4882080B0200064A467A26467A3525CA267646764 -67647062704D91C7FC7094B55AA2714B5C714B5C714B5C05F84B5C71033F5C05FF4B91C8 -FC06C049B55A04FB01F001075C04F801FF017F14F07190B712C0051F94C9FC7116FC0503 -16F0DD007F1580060F02F8CAFC060049CBFC96CDFCB3ACB912E0A9718579DC81>I<DB7F -C049B47E90B6021F13F8B7027F13FE4DB67E4D15E04D814D814D01077F94263FF00F7F94 -387FC01F4D48487FD8003F16000107DAC1FE491480EEC3FC6D5DEEC7F05F16CF5F16DF4D -6D1400A204FFC76C5BA2735B4C6E5B735B070013C04C92C8FCA45EA65EB3B3AAB912FCA9 -515D79DC5F>114 D<92261FFFF814F80203B638C001FC023FEDFC0791B8121F010317FF -130F013F9038F8001F4990C8FCD9FFF8153F4801E0150F484915034849814890CAFC197F -4848173F191F485AA2007F180FA31907487EA27FA28002E0705A6E93C8FC14FC14FF15F0 -6CECFF8016FCEEFFF06CEEFF8018F06C17FE727E6C18E0856C18FC6C846C727E6C856D84 -011F846D841303010084023F83140F020183EC001FDB007F16801603DC000F15C0170018 -3F060F14E0007F1703486C82727E857F85857FA2857F1BC07FA27F1B806D5F7F1B006E5E -6E5F6E163F6E4C5A02FC4C5A6E03035B6E6C4A5B03F0023F5B03FF0107B55A01F991B7C7 -FCD9F07F16FCD9E01F16F0D9800716C0D9000193C8FC48D9003F14F8007C020349C9FC4B -5F78DD5C>I[<ED03FEA81507A5150FA4151FA3153FA2157FA215FFA25CA25C5CA25C5C5C -5C91B5FC13035B131F017F91B712F00007BAFCBBFCA7C74AC9FCB3B3AAF101FFB1616E17 -FE82A219076E17FC836EEE0FF871131F6E6EEB3FF071137F6E6EEBFFE06EDAFF0313C06E -92B512806E1700033F5D6F5D03075D030015E0041F1480040001FCC7FC>72 -132 124 258 90 I<DB0FF8F01FF0017FB594B6FCB74BB7FCA9D8003F94C77E0107190F -A26D85B3B3B063A463A263A27F6398B6FCA26DF001FB7015036EEF07F3E00FE3806E6D15 -1FE07FC314FF6E6D6CDAFF83EDFFC06E6E010313036E02FCEB3FFE6E91B612FC020017F8 -6F16E0031F16800303EDFE00DB007F14F8040102C093C8FC725E77DC81>I<B90303B7FC -A9D8000702F8CA000FEBFE006D6E050013E0666D6E6164826D5090C7FC836E4F5AA26E6E -4C5AA26E6E4C5AA26E6E5F1C3F836E4F5A836E4F5AA26E6E4B5BA26E6E4B90C8FCA26F6E -5D1B07846F4D5A846F4D5AA26F6E4A5AA26F6E4A5AA26F6E5D1BFF846F4C5B846F4C90C9 -FCA2706E485AA27002C05B1A0F7002E05B1A1F19F0704B5A19F8704B5AA2706E485AA270 -6E5B96B5FC7093CAFCA3715CA2715CA2715CA2715CA3715CA2715CA2715CA27191CBFCA2 -725AA3725A725A725A705D7BDB7B>I<B800FE017FB700F8023FB612F8A9D8000F02F0C8 -000702C0C9003FEBF800100313806D6E6F7390C7FC775E6D69706F6E1607A26D6E6F6277 -160F6D6970706D161FA26E6E6F61516D163F6E687192B6167FA26E68714A6F15FF6E6871 -4A608A6E9DC8FC714A6F5C6E6771DA0FFD17078A6E06F86071021F6F140F6E67714A486C -161F8A6F4D6C5F72017F6F143F6F667249486C167F8A6F4D6C5F72487113FFA26F02F04A -6C4B5B4F17C06F4C6D94C9FCDEF807715AA26F02FC496D4B5A070F17F06F4C6D5EDEFE1F -EFF80FA26F02FF496E4A5A073F17FC704B6E5D07FFEFFE3FA2704B6E4A5A1FFF704B6E5D -20FFA27092C86C5DA2704A6F92CAFCA3704A6F5CA2704A6F5CA3704A705BA27149705BA3 -7149705BA27149705BA37190CA6C5BA271487190CBFC7148715A9D5D7BDBA8>I<007FB8 -6C49B712FEA9C792C9000F02C0C7FC6E6E030101F0C8FC715F6E6E4B5B6E6E4B5B6E4E90 -C9FC6E6E5E71151F6E6E4B5A6E6E4B5A6E4E5A6F6E495B72495B6F6E495B6F806F6E4990 -CAFC6F4C5A72495A6F6E495A6F6E495A6F03815B705E7014C307E75B7091B5CBFC705D70 -5D705D6282705D715C8386718071807180837180864D814D815F4D81874D814D81DDFFF3 -804C13E14C01C1804C0180814E6C804C6E804C487F4C48824C486D804C486D804B496D80 -4B497F73804B49834B90C86C804B486F804B48814B486F804B48844C6F804A71804A496F -804A49814A90CA814A487180023F7280010FB500E07080B8031FB812E0A9735C7CDB7B> -I<007FB800C04AB71280A9D800034ACA000791C7FC6D080013F0775A6D6E4E5AA26E6E60 -64836E4F90C8FC836E4F5A836E4F5AA26E6E4C5AA26E6E5F1C3F6E6E5F1C7F836E4F5A84 -6F4D5B846F4D90C9FCA26F6E4A5AA26F6E5D1B0F846F4D5A846F4D5A846F4D5AA26F6E4A -5AA2706E5C627002C091CAFC6219E0704B5A19F0704B5AA2706E485AA2706E485AA27002 -FE5B1A7F19FF704B5AA2715DA27192CBFCA2715CA2715CA3715CA2715CA2715CA2715CA2 -725BA27290CCFCA3725AA2725AA24E5AA24E5AA261187FA24E5AA24D5B13FE2603FF804A -90CDFC000F13E0486D4A5A487F486D4A5AA260B56C141F4D5AA24D5A17FF604C5B4A4990 -CEFC6C5D4C5A6C49EB3FFC4A495A6C4948485A9026FE80075B270FFFC03F5B6C90B6CFFC -6C5D6C15F86C6C5C011F14C0010749D0FC9038007FE071857CDB7B>I -E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fw cmbx12 12 61 -/Fw 61 123 df<DB3FFEEB07FE0207B539C07FFF80023F02F1B512E0913CFFF003FFFE07 -F00103D980019038F81FF849494801F013FCD91FFC49EBE03F49485B18C0495A18804948 -EE1FF8A270EC07E07091C7FCABBA12F0A4C69026E000030180C7FCB3B2007FD9FFC1B67E -A446457EC441>11 D<ED1FFE0203B512C0021F14F09139FFF803F8010390388000FC4990 -C77ED91FFCEB03FF013F5C5C495A4C13804948150082A3705AEE00F894C7FCA74BB51280 -B9FCA4C69038E00003B3B2007FD9FFC1B6FCA438457EC43E>I<EC01C01403EC0F80EC1F -00143E5C14FC495A495A495AA2495A131F495AA249C7FC5B5B12015B1203A2485AA3485A -A3121F5BA2123FA35B127FA612FFA25BAE7FA2127FA6123F7FA3121FA27F120FA36C7EA3 -6C7EA212017F12007F7F6D7EA26D7E130F6D7EA26D7E6D7E6D7E147C8080EC0F80EC03C0 -14011A6475CA2C>40 D<12E07E127C7E7E6C7E7F6C7E6C7E6C7EA26C7E7F137FA26D7E80 -131F80130F80A26D7EA36D7EA3801301A280A37F1580A615C0A2147FAE14FFA21580A615 -005BA35CA213035CA3495AA3495AA25C131F5C133F5C49C7FCA213FE5B485AA2485A485A -485A5B48C8FC123E5A12F05A1A647ACA2C>I<B612F8A91D097F9A25>45 -D<EA0780EA1FE0EA3FF0EA7FF8EAFFFCA6EA7FF8EA3FF0EA1FE0EA07800E0E788D1F>I< -EC3FF849B5FC010F14E090393FF01FF890397FC007FC49486C7E48496C7E48486D138048 -48EC7FC0A24848EC3FE0A2001F16F0A2003F16F849141FA2007F16FCA600FF16FEB3A300 -7F16FCA5003F16F86D143FA2001F16F0A2000F16E06D147F000716C0A26C6CECFF806C6C -4913006C6D485A6D6C485A90393FF01FF8010FB512E0010314809026003FF8C7FC2F427C -C038>48 D<EC03C01407141F147FEB03FF133FB6FCA313C3EA0003B3B3AFB712FCA42641 -77C038>I<ECFFE0010F13FE013FEBFFC090B612F02603FE017F3A07F0007FFED80FC0EB -1FFF48486D138048C76C13C04816E001C07F01F06D13F012FF7F6F13F8A56C5A6C5A6C5A -C9FC4B13F0A34B13E017C05D17804B13005E4B5A4B5A5E4B5AEDFF804A90C7FC4A5AEC07 -F84A5A4A5AEC3F804AC71278147E5CD901F014F8494814F0495A495A49C8FC013C140149 -140390B7FC4816E05A5A5A5A5A5AB812C0A42D417BC038>I<ECFFF0010713FF011F14C0 -D97F8013F09039FC003FFCD803F06D7E48486D7EA2D80FF86D138013FE001F16C07FA66C -5A6C4815806C485BC81400A24B5A5E4B5A4B5A4B5A4A1380DA0FFEC7FC903807FFF85D15 -FF90C713C0ED3FF0ED1FFC6FB4FC6F138017C08117E017F081A217F8A2EA0FC0EA3FF048 -7EA2487EA317F05DA26C4815E04915C0495BD83F804913806C6C1500D80FF0EB3FFE6CB4 -EBFFF8000190B55A6C6C14C0011F49C7FC010113E02D427BC038>I<161F5EA25E5E5DA2 -5D5D5D5DA25D5D92B5FCEC01F715E7EC03C7EC0787140FEC1F07141E143C147814F8EB01 -F014E0EB03C0EB0780130FEB1F00131E5B5B13F85B485A485A485A120F90C7FC121E5A12 -7C5AB91280A4C8000F90C7FCAC027FB61280A431417DC038>I<0007150301E0143F01FF -EB07FF91B55A5EA25E16E05E5E4BC7FC15F815E04AC8FC01C0C9FCAAEC3FF001C3B5FC01 -CF14C09039DFE03FF09039FE000FFC01F86D7E496D7E491580496D13C06C5AC814E08117 -F0A317F8A31206EA1FC0EA7FE07F12FF7FA317F05B5D6C4815E01380007CC714C06C5C6C -16806D4913006C6C495AD807F0EB3FFCD803FEEBFFF0C6B65A013F1480010F01FCC7FC01 -0113C02D427BC038>I<4AB47E021F13F0027F13FC903901FF807F903A07FC001F804948 -130FD93FE0EB1FC04948137F01FFECFFE048495A481300A2485A120FA248486D13C0EE7F -80EE1E00003F92C7FCA25B127FA3EC1FFE00FF90387FFFC091B512F09039F9E00FF89039 -FBC007FC9039FF8003FF4A7E17804915C06F13E05B17F0A317F85BA4127FA5123FA317F0 -6C7EA2000F16E05D6C6C15C017806C6C4913006C6D5A6C9038C00FFC90397FF03FF8011F -B55A010714C0010191C7FC9038003FF82D427BC038>I<121E121F13FC90B712FEA44816 -FC17F817F017E0A217C01780481600007EC8127E007C157C16FC00784A5A4B5A4B5A00F8 -5D48140F4B5A4BC7FCC8127E157C15FC4A5A14035D14075D140F141F5D143FA2147F5D14 -FFA35BA34990C8FCA35BA65BAA6D5A6D5A6D5A2F447AC238>I<EC7FF00103B5FC010F14 -C090393F801FF090397C0007FC4848EB01FE48486D7E49800007168049143F000F16C016 -1F121FA27FA27F7F01FE143F6D158002C0137F02F014006C01FC13FEECFE016C9038FF83 -FCEDE7F06CECFFE06C15806C92C7FC6D14C06D80010F14F86D80011F80017F802601FE3F -14802603FC0F14C02607F80314E04848C6FC48486D13F04848131F150748486D13F81500 -00FF157F90C8123F161F160FA21607A36D15F0A2007F150F6D15E0123F6DEC1FC06C6CEC -3F806C6CEC7F00D807FEEB01FE3A03FFC00FFCC690B512F0013F14C0010F91C7FC010013 -F02D427BC038>I<EC7FF0903807FFFE011F6D7E90397FE03FE09039FF801FF048496C7E -48486D7E00076E7E484880001F80003F16805B007F16C08117E012FFA217F0A617F8A400 -7F5CA4123F5D6C7E000F5C6C7E00035C6C6C131E6C6D5A90387FFFF8011F5B010301C013 -F090C8FCA317E05DA2EA03C0D80FF015C0487E486C15805D17004B5AA24B5A49495A6C48 -5C01C0EB7FE0000F4A5A2607F8035B6CB548C7FC6C14F86C6C13E0D907FEC8FC2D427BC0 -38>I<EA0780EA1FE0EA3FF0EA7FF8EAFFFCA6EA7FF8EA3FF0EA1FE0EA0780C7FCB0EA07 -80EA1FE0EA3FF0EA7FF8EAFFFCA6EA7FF8EA3FF0EA1FE0EA07800E2C78AB1F>I<EE1F80 -A24C7EA24C7EA34C7EA24B7FA34B7FA24B7FA34B7F169F031F80161F82033F80ED3E0703 -7E80157C8203FC804B7E02018115F0820203814B137F0207815D173F020F814B7F021F82 -92C77EA24A82023E80027E82027FB7FCA291B87EA2D901F8C700017F4A80A20103834A15 -7F0107834A153FA249488284011F8491C97E4984133E842601FFC083B6020FB612F0A44C -457CC455>65 D<B9FC18F018FE727E26003FFCC7000713E005017F717FF03FFC85727E84 -1A80A27213C0A84E1380A21A00604E5A614E5A4D485A4D13C0051F90C7FC91B712FC18F0 -18FF02FCC7000313C0050013F0F03FFC727E727E7213801AC07213E0A27213F0A31AF8A8 -1AF0601AE0601AC0604E13804E1300F0FFFE050713F8BA5A19C04EC7FC18E045447CC350 ->I<DCFFF81470031F01FF14F04AB6EAE0010207EDF803023F9039E003FE07DAFFFEC7EA -7F0F4901F0EC1FDF010701C0EC07FF4949804948C87E4948814948167F4948163F484916 -1F5A4849160FA248491607A24890CA1203A25A5B1901127FA296C7FC5B12FFAE127F7FA2 -1AF0123FA27F7E19016C6D17E0A26C6D16031AC06C6D16076C19806C6D160F6D6CEE1F00 -6D6C163E6D6C5E6D6C6C5D6D6DEC03F0010101F04A5A6D01FEEC3FC091283FFFE001FFC7 -FC020790B512FC020115F0DA001F1480030001F8C8FC44467AC451>I<B9FC18F018FE72 -7E26003FFEC7001F13E0050113F8716C7EF01FFF06077F727F727F727F197F86737EA273 -7EA2737EA21B80A2851BC0A51BE0AD1BC0A51B8061A21B00A24F5AA24F5A62197F4F5A4E -5B4E5B4E5B061F90C7FC4E5A943801FFF8051F5BBA12C04EC8FC18F095C9FC4B447CC356 ->I<BA12F8A4D8001F90C700037FEF003F180F180318011800A2197C197E193EA2191EA4 -0578131F85A396C7FCA217F8A316011603161F92B5FCA4ED001F160316011600A30578EB -01E0A3F103C0A394C7FCA21907A21A80190FA3191FA2193FF17F0061601807181F4DB5FC -BBFC61A343447DC34A>I<BA1280A426003FFEC7001F13C01701EF007F183F181F180F18 -07A2F003E0A31801A4F000F0EE01E0A31900A31603A31607160F167F91B6FCA49138FE00 -7F160F16071603A31601A693C9FCB0B712F0A43C447CC346>I<B712E0A4D8001F90C7FC -B3B3B3A6B712E0A423447DC32A>73 D<B712F0A426003FFECAFCB3B3F00780A4180F1900 -A460A360A2187EA218FE170117031707171F177FEE03FFB95AA439447CC343>76 -D<B500FE067FB512806E95B6FCA26F5ED8003F50C7FCA2013D6DEE03DFA2013C6DEE079F -A26E6CEE0F1FA26E6C161EA26E6C163CA36E6C1678A26E6C16F0A26E6DEC01E0A26E6DEC -03C0A36E6DEC0780A26F6CEC0F00A26F6C141EA26F6C5CA36F6C5CA26F6C5CA26F6D485A -A26F6D485AA26F6D485AA3706C48C7FCA293383FF81EA2706C5AA2706C5AA3706C5AA270 -5BA2705BA2705BA213FFB66EC7007FB61280A2173E171C61447CC36A>I<B64BB512FE81 -81A2D8003F6D91390001FE006FED007881013D7F81133C6E7E6E7F6E7F6E7F6E7F82806E -7F6E7F6F7E6F7F83816F7F6F7F6F7F6F7F6F7F8382707F707F707F707F8482707F707F71 -7E7113807113C019E0837113F07113F87113FC7113FE19FF847213F884848484A2848419 -7F193F191FA2190F190701FF1703B6160119001A78A24F447CC358>I<923807FFC092B5 -12FE0207ECFFC091261FFE0013F0DA7FF0EB1FFC902601FFC0EB07FF010790C7000113C0 -49486E7F49486F7E49486F7E49486F7E49486F7E48496F7E4819804A814819C091C97E48 -19E0A248487013F0A2003F19F8A3007F19FC49177FA400FF19FEAD007F19FC6D17FFA300 -3F19F8A36C6C4C13F0A36C6D4B13E0A26C6D4B13C06C19806E5D6C19006C6D4B5A6D6C4B -5A6D6C4B5A6D6C4B5A6D6C4A5B6D01C001075B010101F0011F90C7FC6D01FEEBFFFE023F -B612F8020715C002004AC8FC030713C047467AC454>I<B9FC18F018FE727ED8001F90C7 -001F13E005017F716C7E727E727E85721380A27213C0A31AE0A81AC0A34E1380A24E1300 -614E5AF0FFF84D5B051F13C092B7C7FC18FC18C092CBFCB3A9B712E0A443447DC34D>I< -B812F8EFFFC018F818FED8001F90C7383FFF80050713E005017F716C7E727E85727EA272 -7FA286A762A26097C7FC61183F614E5A943801FFE005075B057F90C8FC92B612F818C084 -DB000113F89338003FFEEF0FFF717F717F858385A2717FA785A61B0F85A2187F1B1F726C -131E72143EB700E06DEB807C72EBE0F80601EBFFF0726C13E0CC0007138050457DC354> -82 D<DAFFE0131C010701FE133C013F9038FF807C90B6EAE0FC489038801FF93A03FC00 -03FF4848EB007F4848143F4848141F4848140F1607007F1503491401A2160012FF177CA2 -7F173C7F7F7F6D92C7FC6CB4FC14E014FE6CEBFFF015FF6C15E016FC6C816C6F7E6C826C -826C6C81011F810107811300020F80140003077FED007F82040F138082A200F08182A382 -7EA218007EA26C5D5F7E6D4A5A13E06D4A5A01FC4A5AD9FF80EB3FE026FE7FF8EBFFC0D8 -FC1FB6C7FCD8F80714FC48C614F0480107138031467AC43E>I<003FBA12E0A49026FE00 -0FEB800301F0EE007FD87FC0EF1FF049170F90C71607007E1803007C1801A300781800A4 -00F819F8481978A5C81700B3B3A40107B8FCA445437CC24E>I<B76C010FB512F8A42600 -3FFEC9380FF800F103E0B3B3A9011F17076280190F6D60A26D6D4BC7FC6D5F6F153E6D6D -5D6DEE01FCDA7FF84A5A6E6CEC0FF0DA0FFFEC3FE06E9039F003FF80020190B6C8FC6E6C -14FC030F14E09226007FFEC9FC4D457CC356>I<B792B6FCA4C66C48C900031300013FEF -007C6E17FC6D606F15016D608119036D606F15076D606F150F6D6081191F6D6D93C7FC61 -027F163E6F157E023F167C8119FC6E6D5C18016E5E7013036E5E8218076E6D5C180F6E5E -70131F6E93C8FC705B037F143E82187E033F147C7013FC6F5C17816F5C17C117C36F5C17 -E76F5C17FF6F5CA36F91C9FCA2705AA2705AA3705AA2705AA2705AA250457EC355>I<B6 -00FE017FB691B512FEA426007FFCC8D83FFEC800011300F5003C6E70167C013F70177880 -7415F86D705F6F7014016D705FA26F7014036D64814E6D14076D646F70140F6D041E94C7 -FCA26F023E6D5C6DDC3C7F151E81027F037C6D5CF0783F6F70147C023F4B6C1578A26F01 -016F13F86E4B6C5D16806E02036F485A4E7E04C0EEE0036E4A486C5DA2DCE00FEDF0076E -4B6C5D16F06E4A6F48C8FC051E7F04F8705A6E4A027F131EA2DCFC7CEDFE3E037F017802 -3F133C04FE16FF033F01F85E4D8004FF17F86F496E5BA36F496E5BA26F604D80A26F90C8 -6C5BA36F486F90C9FCA26F48167EA30478163C6F457EC374>I<001FB812FEA402F8C713 -FC02804913F849C75A01F816F0494A13E0495C4916C048485C4C138090C814005E003E4B -5A5F5D4B5B003C5E5D5F4B5BC85A5F4B90C7FC5D5E4B5A5C5E4A5B5C5E4A5B5C5E4A90C8 -FC5C5D4A5A49160F5D495B5B5D4949141F5B4B141E5B4990C8FC4A153E13FF485B4A157E -5A484915FE4A14014816034A14074849140F48EE3FFC91C812FF4848140FB9FCA438447A -C344>90 D<903807FFF0017F13FF48B612C03A03FC007FF0486CEB1FF8486CEB0FFE6F7E -A26F7FA26F7F6C5A6C5AEA00F090C7FCA44AB5FC147F0107B6FC013F13C19038FFF80100 -0313E0481380381FFE00485A5B127F5B12FF5BA35DA26D5B6C6C5B003F141ED81FFE4913 -F83C0FFF80F87FFFC00003EBFFF0C6ECC01F90390FFE0007322C7DAB36>97 -D<EB7FC0B5FCA412037EB3ED1FF802C1B5FC02C714E09139DFC03FF89139FF000FFC02FC -EB03FE4A6D7E4A15804A6D13C04A15E0177F18F0A2EF3FF8A318FCAB18F8A3177F18F0A2 -18E017FF6E15C06E4913806E491300027C495A496C495A903AFC1FC07FF0D9F807B512C0 -D9F00191C7FC9039E0003FF036457DC43E>I<EC3FFF0103B512F0010F14FC90393FF001 -FE9039FFC003FF4849481380481300485A485A121F5B003F6E13006F5A007FEC00784991 -C7FCA312FFAA127FA27FA2123FEE03C06C7E16076C6C15806C6C140F6C6DEB1F006C6D13 -3E6C6D13FC90393FF807F8010FB512E0010314809026003FF8C7FC2A2C7CAB32>I<EE03 -FEED07FFA4ED001F160FB3EC3FF0903803FFFE010FEBFF8F90393FF807EF9039FFC001FF -48903880007F4890C7123F4848141F4848140F121F5B123FA2127F5BA312FFAB127FA36C -7EA2121F7F000F151F6C6C143F0003157F6C6C14FF6CD9C0037F90277FF01FCF13FC011F -B5120F010313FC9038007FE036457CC43E>I<EC3FFC0103B57E011F14E090393FF81FF8 -9039FFC007FC48496C7E48496C7E48486D13804848147F17C0485A003FED3FE0A2127F49 -15F0A2161F12FFA290B7FCA301F0C9FCA5127FA36C7EA217F06C7E000F15016C6C15E016 -036C6CEC07C0C66DEB1F80D97FE0EB7F0090393FFC03FE010FB512F8010114E09026001F -FEC7FC2C2C7DAB33>I<4AB4FC021F13E091B512F00103EB83F8903907FE0FFCD90FFC13 -FE90381FF81F133FEB7FF0A2EBFFE0ED0FFCA2ED03F092C7FCABB612F8A4C601E0C7FCB3 -B2007FEBFFE0A427457DC422>I<177E9139FFE003FF010FD9FE071380013F9039FF9F9F -C0903AFFC07FFE3F489038001FF84848130F4848EB07FC000F9238FE1F80001F9238FF0F -00496D90C7FCA2003F82A7001F93C7FCA26D5B000F5D00075D6C6C495A6C6C495A489038 -C07FE091B51280D8078F49C8FC018013E0000F90CAFCA47F7F7F90B612C016FE6C6F7E17 -E06C826C16FC7E000382000F82D81FF0C7123FD83FC014074848020113808248C9FC177F -A46D15FF007F17006C6C4A5A6D1403D81FF8EC0FFCD807FEEC3FF03B01FFC001FFC06C6C -B6C7FC010F14F80100148032417DAC38>I<EB7FC0B5FCA412037EB3ED07FE92383FFFC0 -92B512F09139C3F03FF89139C7C01FFC9138CF000F02DE8014FC4A6D7EA25C5CA35CB3A8 -B60083B512FEA437457CC43E>I<13FC487E487E4813804813C0A66C13806C13006C5A6C -5A90C7FCACEB7FC0EA7FFFA412037EB3B0B6FCA418467CC520>I<EB7FC0B5FCA412037E -B393387FFFE0A493380FF800EE07E0EE1FC04CC7FC167E5EED03F8ED07E04B5A4B5A037F -C8FC15FEECC1FCECC3FE14C7ECDFFF91B57E82A202F97F02E17F02C07FEC807F6F7E826F -7E816F7F836F7F816F7F83707E163F17FFB60003B512F8A435457DC43B>107 -D<EB7FC0B5FCA412037EB3B3B3A5B61280A419457CC420>I<90277F8007FFEC0FFEB501 -3F01C090387FFF8092B5D8F001B512E0913D81F81FFC03F03FF8913D87C00FFE0F801FFC -000390268F000790381E000F6C019E6E488002BC5D02B86D496D7E14F84A5DA24A5DA24A -5DB3A8B60081B60003B512FEA4572C7CAB5E>I<90397F8007FEB590383FFFC092B512F0 -913983F03FF8913987C01FFC000390388F000F6C019E8014BC02B86D7E14F85C5CA35CB3 -A8B60083B512FEA4372C7CAB3E>I<EC1FFC49B512C0010F14F890393FF80FFE90397FC0 -01FF4848C7EA7FC048486E7E48486E7E000F8249140F001F82A2003F82491407007F82A3 -00FF1780AA007F1700A46C6C4A5AA2001F5E6C6C4A5AA26C6C4A5A6C6C4A5A6C6D495A6C -6D485B90273FF80FFEC7FC010FB512F8010114C09026001FFCC8FC312C7DAB38>I<9039 -7FC01FF8B500C1B5FC02C714E09139DFC03FF89139FF001FFC000301FCEB07FE6C496D7E -4A15804A6D13C04A15E08218F0177F18F8A3EF3FFCAB18F8177FA318F017FF18E05E6E15 -C06E4913806E4913006E495A6E495A9139DFC07FF002C7B512C002C191C7FC9138C03FF0 -92C9FCAFB67EA4363F7DAB3E>I<DA3FF0131E902603FFFC133E010F01FF137E903A3FF8 -0FC0FE9039FFE003E0489038C001F14890388000FB4890C7127F4848143F001F151F5B00 -3F150F5B127FA35B12FFAB6C7EA3123F7F121F6D141F000F153F6C6C147F6C15FF6C6D5A -6C9038E003EF90393FF01FCF6DB5120F010313FC9038007FE091C7FCAF0307B512FCA436 -3F7CAB3B>I<90387F807FB53881FFE0028313F091388F87F891389F0FFC000390389E1F -FE6C13BC14B814F814F0A29138E00FFCED07F8ED01E092C7FCA25CB3A6B612E0A4272C7D -AB2E>I<90391FFE038090B512CF000314FF380FF003391FC0007F48C7123F48141F007E -140FA200FE1407A27E7F6D90C7FC13F0EBFF806C13FCECFF806C14E015F86C14FE6C8012 -03C61580013F14C01301D9000F13E0140000F0147F153F6C141FA2150F7E16C07E6C141F -168001C0133F6DEB7F009038F801FC00FCB55AD8F03F13E026E007FEC7FC232C7CAB2C> -I<EB01E0A51303A41307A2130FA2131FA2133F137F13FF1203000F90B51280B7FCA3C601 -E0C7FCB3A4ED01E0A91503D97FF013C0A2013FEB0780ECF80F90391FFC1F00903807FFFE -010113F89038003FE0233F7EBE2C>I<D97FC049B4FCB50103B5FCA40003EC000F6C81B3 -A85EA25EA26C5DA26E5B017FD901F7138090273FF807E713FE010FB512870103EBFE0790 -38007FF8372C7CAB3E>I<B6903803FFFCA4000101C09038007F806EEC3E006C163C8001 -7F5D8017F8013F5D6E1301011F5D6E1303010F5D6E13076D5DED800F6D92C7FC15C05E6D -EBE01E163E6D143CEDF07C027F1378EDF8F8023F5B15FD021F5B15FF6E5BA36E5BA26E90 -C8FCA26E5AA26E5AA21578362C7EAB3B>I<B5D8FE1FB539801FFFF0A400039027C0007F -E0C7EAFE006C033F157C7114786E17F86C6F6C5C6E1601017F6E6C5CA26E011F1403013F -6F5C6E013F1407011F6F5CA26E0179140F010F048090C7FC6E01F95C6D02F0EBC01E1580 -6D902681E07F5B18E003C3157C6D9139C03FF07815E76DDA801F5B18F803FF14F96E9039 -000FFDE018FF6E486D5BA36E486D5BA26E486D90C8FCA24B7F02075DA26E48147C4B143C -4C2C7EAB51>I<B500FE90383FFFF0A4000101E0903807F8006C6DEB03E06D6C495A013F -4A5A6D6C49C7FC6E5B6D6C137E6DEB807C6D6D5A6DEBC1F0EDE3E06DEBF7C06EB45A806E -90C8FC5D6E7E6E7F6E7FA24A7F4A7F8291381F3FFCEC3E1F027C7F4A6C7E49486C7F0103 -6D7F49487E02C08049486C7F49C76C7E013E6E7E49141F48B46E7EB500E090B512FCA436 -2C7EAB3B>I<B6903803FFFCA4000101C09038007F806EEC3E006C163C80017F5D8017F8 -013F5D6E1301011F5D6E1303010F5D6E13076D5DED800F6D92C7FC15C05E6DEBE01E163E -6D143CEDF07C027F1378EDF8F8023F5B15FD021F5B15FF6E5BA36E5BA26E90C8FCA26E5A -A26E5AA21578A215F85D14015D001F1303D83F805B387FC007D8FFE05B140F92C9FC5C14 -3E6C485A5C383F07F0381FFFC06C5BD801FCCAFC363F7EAB3B>I<001FB71280A39026FC -000F130001E05B49495A49495A90C75B15FF003E495B5E4A5B003C5B4A5B93C7FC5C4A5A -C7485A5D14FF495B5D495B5B495B92380007805B495A495A4A130F01FF1500485B5C4849 -5B5A485B91C75A485D48485C4848EB03FE49131FB7FCA3292C7DAB32>I -E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fx cmti10 10.95 6 -/Fx 6 117 df<147E49B47E903907C1C38090391F80EFC090383F00FF017E137F491480 -4848133F485AA248481400120F5B001F5C157E485AA215FE007F5C90C7FCA21401485C5A -A21403EDF0385AA21407EDE078020F1370127C021F13F0007E013F13E0003E137FECF3E1 -261F01E313C03A0F8781E3803A03FF00FF00D800FC133E252977A72E>97 -D<EE3F80ED1FFF1700A2ED007FA2167EA216FEA25EA21501A25EA21503A25EA21507A25E -147E903801FF8F903807C1CF90391F80EFC090383F00FF017E137F5B48486D5A485AA248 -5A000F92C7FC5B001F5CA24848137EA215FE127F90C75AA214015A485CA2140316384814 -F0A21407167891380FE070127C021F13F0007E013F5B003E137FECF3E1261F01E35B3A0F -8781E3802703FF00FFC7FCD800FC133E294077BE2E>100 D<EC3F80903801FFE0903807 -E0F890381F803CEB3E0001FC131E485A485A12074848133E49133C121F4848137C15F8EC -03F0397F000FE0ECFF80B5EAFC0014C048C8FCA45AA61506150E151E007C143C15786C14 -F0EC01E06CEB07C0390F801F003807C0FC3801FFF038007F801F2976A72A>I<1478EB01 -FCA21303A314F8EB00E01400AD137C48B4FC38038F80EA0707000E13C0121E121CEA3C0F -1238A2EA781F00701380A2EAF03F140012005B137E13FE5BA212015BA212035B14381207 -13E0000F1378EBC070A214F0EB80E0A2EB81C01383148038078700EA03FEEA00F8163E79 -BC1C>105 D<D801F0D93F80137F3D07FC01FFE003FFC03D0F3E07C1F80F83F03D0E1F0F -00FC1E01F8001E011C90387C3800001C49D97E707F003C01F05C0038157F4A5C26783FC0 -5C12704A91C7FC91C7127E00F003FE1301494A5CEA007EA20301140301FE5F495CA20303 -1407000160495C180F03075D0003051F13E0494A1480A2030FEC3F810007F001C0495CA2 -031F91383E0380120F494AEC0700A2033F150E001FEF1E1C4991C7EA0FF80007C7000EEC -03E0432979A74A>109 D<EB01C0EB03F01307A25CA2130FA25CA2131FA25CA2133FA291 -C7FCA2007FB51280B6FC1500D8007EC7FC13FEA25BA21201A25BA21203A25BA21207A25B -A2120FA25BA2121F141C1380A2003F133C1438EB0078147014F05C495AEA1F03495A6C48 -C7FCEA07FCEA01F0193A78B81E>116 D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fy cmtt10 10.95 15 -/Fy 15 120 df<120FEA3FC0EA7FE0A2EAFFF0A4EA7FE0A2EA3FC0EA0F000C0C6E8B30> -46 D<16E0ED01F0ED03F8A2150716F0150F16E0151F16C0153F1680A2157F16005D5D14 -015D14035D14075D140F5D141F5DA2143F5D147F92C7FC5C5C13015C13035C13075C130F -5C131F5CA2133F5C137F91C8FC5B5B12015B12035B12075B120F5BA2121F5B123F5B127F -90C9FC5A5AA2127C123825477BBE30>I<120FEA3FC0EA7FE0A2EAFFF0A4EA7FE0A2EA3F -C0EA0F00C7FCAF120FEA3FC0EA7FE0A2EAFFF0A4EA7FE0A2EA3FC0EA0F000C276EA630> -58 D<EB7FFC0003B57E000F14E015F84880819038E007FF02017F390FC0007F6C48133F -C87F151FA391B5FC130F137F48B6FC12075A003FEB801FEBF800EA7FE0138048C7FC5AA4 -6C143F6C6C137F6D13FF383FF80F90B712C06C16E07E000314E7C6140390263FF80013C0 -2B277CA630>97 D<913801FFE04A7F5CA28080EC0007ABEB03FE90381FFF87017F13E790 -B6FC5A5A481303390FFC007FD81FF0133F49131F4848130F5B007F140790C7FCA25A5AA7 -7E7E150F7F003F141F7F6D133F6C6C137F390FF801FFEBFE076CB712C06C16E06C02F713 -F06C6C13C7011F010713E0902607FC0313C02C387DB730>100 D<EA3FFC487E12FFA212 -7F123F1200ABEC03FE91380FFFC0023F7F91B57E90B67E82ECFE07ECF00102E07FECC000 -5C91C7FCA35BB33B3FFFF81FFFF8486D4813FCB500FE14FEA26C01FC14FC6C496C13F82F -3880B730>104 D<14E0EB03F8A2497EA36D5AA2EB00E091C8FCA9381FFFF8487F5AA27E -7EEA0001B3A9003FB612C04815E0B7FCA27E6C15C023397AB830>I<EA7FF8487EA4127F -1200AB0203B512804A14C017E0A217C06E14809139001FE0004B5A4B5A4BC7FC4A5A4A5A -EC0FF84A5A4A5A4A5A4A5A01FD7F90B57E8114F7ECE3F8ECC1FCEC81FEEC00FF497F496D -7E6F7E826F7E15076F7E6F7E3B7FFFF81FFFE0B56C4813F017F8A217F06C496C13E02D38 -7FB730>107 D<267FC0FC137E3BFFE7FF03FF8001EF01877F90B500CF7F92B57E7E0007 -010F1387496CEB03F89039FC03FE0101F813FC01F013F8A301E013F0B3A23C7FFE0FFF07 -FF80B548018F13C0A46C486C01071380322781A630>109 D<393FFC03FE3A7FFE0FFFC0 -00FF013F7F91B57E6CB67E6C81C6EBFE07ECF00102E07FECC0005C91C7FCA35BB33B3FFF -F81FFFF8486D4813FCB500FE14FEA26C01FC14FC6C496C13F82F2780A630>I<393FFC03 -FE3A7FFE1FFF8000FF017F13E090B612F86C816C81C69038FE07FFECF001DAC00013804A -EB7FC091C7123FEE1FE05B160FA217F01607A7160F17E07F161F17C06E133F6EEB7F806E -13FFDAF00313009138FC0FFE91B55A5E495C6E5B021F1380DA03FCC7FC91C9FCAE383FFF -F8487FB57EA26C5B6C5B2C3B80A630>112 D<3A3FFF800FF8489038C07FFFB500C1B512 -8014C36C01CF14C06C13DF3A001FFFFC3F15E09238801F809238000F0002FC90C7FCA25C -5CA25CA35CAF003FB512FC4880B7FCA26C5C6C5C2A277EA630>114 -D<EB0780497E131FA9003FB612E04815F0B7FCA36C15E026001FC0C7FCB216F8ED01FCA4 -150302E013F890380FF0079138F81FF06DB5FC16E06D14C06D14006D6C5AEC1FF026327E -B130>116 D<D83FFCEB3FFC486C497E00FF14FFA2007F147F003F143F00001400B3A415 -01A215036D130F90387FC03F91B612F86D15FC17FE6D5B010701F813FC01019038C07FF8 -2F2780A630>I<3B3FFFC01FFFE0486D4813F0B515F8A26C16F06C496C13E0D807E0C7EA -3F00A26D5C0003157EA56D14FE00015DEC0F80EC1FC0EC3FE0A33A00FC7FF1F8A2147DA2 -ECFDF9017C5C14F8A3017E13FBA290393FF07FE0A3ECE03FA2011F5C90390F800F802D27 -7FA630>119 D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: Fz cmsy10 10.95 2 -/Fz 2 25 df<EE3FFC0307B512E0033F14FC92B7FC0203D9E00713C0DA0FFCC7EA3FF0DA -1FE0EC07F8DA3F80EC01FC02FEC9127FD901F8EE1F804948707E4948707ED90F80EE01F0 -49CB7E013E187C49840178181E01F8181F4848F00F804848F007C049180300071AE04918 -01000F1AF090CDFC481AF8001E1A78A2003E1A7C003C1A3CA2007C1A3E00781A1EA300F8 -1A1F481A0FAD6C1A1F00781A1EA3007C1A3E003C1A3CA2003E1A7C001E1A78A2001F1AF8 -6C1AF06D180100071AE06D180300031AC06D18076C6CF00F806C6CF01F000178181E017C -183E6D606D606D6C4C5AD907E0EE07E06D6C4C5A6D6C4C5AD900FE047FC7FCDA3F80EC01 -FCDA1FE0EC07F8DA0FFCEC3FF0913B03FFE007FFC0020090B6C8FC033F14FC030714E092 -26003FFCC9FC50557BC05B>13 D<D91FE01620D97FF816703801FFFE486D7E48804814F0 -9038E01FF8271F8007FC15E0393E0001FE003CD9007F1401007CDA3FC013030078DA0FE0 -14C00070DA07F81307DB03FEEB1F8048913A01FF807F006F90B5FC043F5B705B04075B04 -0113E000409238007F803C157BA047>24 D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: FA cmr10 10.95 38 -/FA 38 122 df<EC0FC0EC3FE0ECF878903801F018903803E01C903807C00C130FEC800E -011F1306A2EB3F00A4150EEC800CA2151C5D153015705D6D6C5A14C1ECC38002C7CAFC02 -EE91383FFFFCEB0FEC14FC4A020313C06D48913800FE006E15F818706D6C1560010716E0 -496C5D011D1501D939FF4A5A017093C7FC496D5B0001017F1406496C6C130E00036E5B26 -07801F1418000F6E1338001F6D6C5B383F0007486E5B6E6C485AEC01FF486D495A0487C8 -FCED7FCEED3FEEDB1FFC14186D6D5AA2007F6E6C14386D6D6C1430003F4A6C14706D496C -6C13E0001F91391E3FC0016C6C903AFC1FF003C03D07FC07F007FC0F800001B5D8C001B5 -12006C6C90C7EA7FFCD90FF8EC0FF03E437CC047>38 D<1430147014E0EB01C0EB038013 -07EB0F00131E133E133C5B13F85B12015B12035B1207A2485AA348C7FCA35AA2123EA212 -7EA4127CA312FCB2127CA3127EA4123EA2123FA27EA36C7EA36C7EA212037F12017F1200 -7F13787F133E131E7FEB07801303EB01C0EB00E014701430145A77C323>40 -D<12C07E12707E7E121E7E6C7E7F12036C7E7F12007F1378137C133C133EA27FA3EB0F80 -A314C0A21307A214E0A41303A314F0B214E0A31307A414C0A2130FA21480A3EB1F00A313 -3EA2133C137C137813F85B12015B485A12075B48C7FC121E121C5A5A5A5A145A7BC323> -I<B512FEA617067F951E>45 D<121EEA7F80A2EAFFC0A4EA7F80A2EA1E000A0A798919> -I<14C013031307131F137FEA07FFB5FC139FEAF81F1200B3B3ACEB7FF0B612F8A31D3D78 -BC2D>49 D<EB07FC90383FFF8090B512E03903F01FF839078007FC390F0001FE001E6D7E -001C158048EC7FC05AED3FE01260B4FC6DEB1FF07FA56C5A6CC7FC120CC813E0153FA216 -C0157F168015FF16004A5A5D4A5A4A5A5D4A5A4A5A4AC7FC147E147C5C495AEB03C0495A -49C8FC011E14305B13385B491460485A485A48C8FC000E15E0001FB6FCA25A4815C0B7FC -A3243D7CBC2D>I<EB03FCEB1FFF90387E07C09038FC03F048486C7E48486C7E4848137C -000F147E4848137F81003F15805B007F15C0A2151F12FF16E0A516F0A5127F153FA36C7E -A2001F147F120F6C6C13FF6D13DF000313013900F8039F90387E0F1FD91FFE13E0EB07F0 -90C7FCA2ED3FC0A41680157FD80F801400487E486C13FEA24A5A5D49485AEB8007391E00 -0FE04A5A260FC07FC7FC3803FFFE6C13F838003FC0243F7CBC2D>57 -D<121EEA7F80A2EAFFC0A4EA7F80A2EA1E00C7FCB3121E127FEAFF80A213C0A4127F121E -1200A412011380A3120313005A1206120E120C121C5A1230A20A3979A619>59 -D<1507A34B7EA34B7EA24B7EA34B7E156FA2EDEFF815C7A291380187FC1583A291380303 -FE1501A291380600FFA34A6D7EA34A6D7EA34A6D7EA20270800260130FA202E0804A1307 -A201018191B6FCA2498191C71201A201068182A2496F7EA3496F7EA3496F7EA21370717E -13F800014C7ED80FFE4B7EB500E0010FB512F8A33D417DC044>65 -D<011FB512FCA3D9000713006E5A1401B3B3A6123FEA7F80EAFFC0A44A5A1380D87F005B -006C130700705C6C495A6C495A000F495A2603C07EC7FC3800FFF8EB3FC026407CBD2F> -74 D<D907FC130C90391FFF801C017F13F03A01FC03F83C3A03F0003E7CD807C0EB1FFC -48481307001F140348C71201003E1400127E167C007C153C12FCA2161CA36C150CA27EA2 -6C6C14007F7FEA3FF8EBFF806C13F86CEBFF806C14F06C14FC6C14FF6C15C0013F14E001 -0714F0EB007F020713F89138007FFC150FED07FE15031501ED00FFA200C0157FA3163FA2 -7EA36C153EA26C157E167C6C15FC6C15F86C14016DEB03F001E0EB07E0D8F9F8EB0FC03A -F07F803F803AE01FFFFE00010713F839C0007FC028427BBF33>83 -D<003FB91280A3903AE0007FE00090C76C48131F007EEF0FC0007C170700781703007017 -01A300601700A5481860A5C81600B3B14B7E4B7E0107B612FEA33B3D7DBC42>I<B500FE -017FB5D88003B5FCA3000301C0010101E0C7EA7FF86C90C849EC0FE07148EC07807E716C -150080017F1906717E6E180E013F190C4D7E80011F614D7E17676D6C60EFE7FC17C36D6C -6084EE01816D6C60A24CC67E6D6C4D5AA20406EB7F806E17036D96C7FC4CEB3FC003805E -027F17064CEB1FE003C0160E023F170C4CEB0FF015E0021F5F047014F804601307DA0FF0 -5E04E014FC4C1303DA07F85E19FEDBF9801301DA03FD5EA203FFC812FF6E5FA24B157F02 -0094C8FCA24B81A2037C153E0378151EA20338151C0330150C58407EBD5D>87 -D<EB0FF8EBFFFE3903F01F8039070007E0486C6C7E9038E001F8D81FF07F6E7EA3157F6C -5AEA0380C8FCA4EC1FFF0103B5FC90381FF87FEB7F803801FC00EA07F8EA0FE0485A485A -A248C7FCEE018012FEA315FFA3007F5BEC03BF3B3F80071F8300261FC00E13C73A07F03C -0FFE3A01FFF807FC3A003FC001F0292A7DA82D>97 D<EA01FC12FFA3120712031201B1EC -03FC91381FFF8091387C07E09138E001F09039FDC000FCD9FF80137E91C77E4915804914 -1F17C0EE0FE0A217F0A2160717F8AA17F0A2160FA217E0161F17C06D1580EE3F006D5CD9 -FB8013FE9039F1C001F89039E0E003F09039C0780FC09026801FFFC7FCC7EA07F82D407E -BE33>I<49B4FC010F13E090383F00F8017C131E4848131F4848137F0007ECFF80485A5B -121FA24848EB7F00151C007F91C7FCA290C9FC5AAB6C7EA3003F15C07F001F140116806C -6C13036C6CEB0700000314066C6C131E6C6C133890383F01F090380FFFC0D901FEC7FC22 -2A7DA828>I<ED01FC15FFA3150715031501B114FF010713C190381F80F190387E003949 -131FD803F81307485A49130348481301121F123F5B127FA290C7FCA25AAA7E7FA2123FA2 -6C7E000F14037F000714076C6C497E6C6CEB1DFFD8007C017913F890383F01E190380FFF -C1903A01FE01FC002D407DBE33>I<EB01FE90380FFFC090383F03F09038FC01F848486C -7E4848137E48487F000F158049131F001F15C04848130FA2127F16E090C7FCA25AA290B6 -FCA290C9FCA67EA27F123F16606C7E16E0000F15C06C6C13016DEB03806C6CEB0700C66C -130E017E5B90381F80F8903807FFE0010090C7FC232A7EA828>I<EC1FC0EC7FF8903801 -F83C903807E07E90380FC0FFEB1FC1EB3F811401137FEC00FE01FE137C1500AEB6FCA3C6 -48C7FCB3AE487E007F13FFA320407EBF1C>I<167C903903F801FF903A1FFF078F809039 -7E0FCE0F9039F803FC1F3A03F001F80F170048486C6CC7FC000F8049137E001F147FA800 -0F147E6D13FE00075C6C6C485AA23901F803E03903FE0FC026071FFFC8FCEB03F80006CA -FC120EA3120FA27F7F6CB512E015FE6C6E7E6C15E06C810003813A0FC0001FFC48C7EA01 -FE003E140048157E825A82A46C5D007C153E007E157E6C5D6C6C495A6C6C495AD803F0EB -0FC0D800FE017FC7FC90383FFFFC010313C0293D7EA82D>I<EA01FC12FFA31207120312 -01B1EC01FE913807FFC091381E07E091387803F09138E001F8D9FDC07F148001FF6D7E91 -C7FCA25BA25BB3A6486C497EB5D8F87F13FCA32E3F7DBE33>I<EA01E0EA07F8A2487EA4 -6C5AA2EA01E0C8FCACEA01FC127FA3120712031201B3AC487EB512F0A3143E7DBD1A>I< -1478EB01FEA2EB03FFA4EB01FEA2EB00781400AC147FEB7FFFA313017F147FB3B3A5123E -127F38FF807E14FEA214FCEB81F8EA7F01387C03F0381E07C0380FFF803801FC00185185 -BD1C>I<EA01FC12FFA3120712031201B292387FFF80A392381FFC00ED0FE0168093C7FC -151C5D5D5D4A5AEC0780020EC8FC141E143F4A7E14FF9038FDDFC09038FF9FE0140F9038 -FC07F001F87F6E7E1401816E7E81826F7E151F826F7EA282486C14FEB539F07FFFE0A32B -3F7EBE30>I<EA01FC12FFA3120712031201B3B3B1487EB512F8A3153F7DBE1A>I<2701F8 -01FE14FF00FF902707FFC00313E0913B1E07E00F03F0913B7803F03C01F80007903BE001 -F87000FC2603F9C06D487F000101805C01FBD900FF147F91C75B13FF4992C7FCA2495CB3 -A6486C496CECFF80B5D8F87FD9FC3F13FEA347287DA74C>I<3901F801FE00FF903807FF -C091381E07E091387803F000079038E001F82603F9C07F0001138001FB6D7E91C7FC13FF -5BA25BB3A6486C497EB5D8F87F13FCA32E287DA733>I<14FF010713E090381F81F89038 -7E007E01F8131F4848EB0F804848EB07C04848EB03E0000F15F04848EB01F8A2003F15FC -A248C812FEA44815FFA96C15FEA36C6CEB01FCA3001F15F86C6CEB03F0A26C6CEB07E06C -6CEB0FC06C6CEB1F80D8007EEB7E0090383F81FC90380FFFF0010090C7FC282A7EA82D> -I<3901FC03FC00FF90381FFF8091387C0FE09138E003F03A03FDC001FC6CB4486C7E91C7 -127F49EC3F805BEE1FC017E0A2EE0FF0A3EE07F8AAEE0FF0A4EE1FE0A2EE3FC06D1580EE -7F007F6E13FE9039FDC001F89039FCE007F09138780FC0DA1FFFC7FCEC07F891C9FCAD48 -7EB512F8A32D3A7EA733>I<3901F807E000FFEB1FF8EC787CECE1FE3807F9C100031381 -EA01FB1401EC00FC01FF1330491300A35BB3A5487EB512FEA31F287EA724>114 -D<90383FC0603901FFF8E03807C03D381F000F003E1303003C1301127C0078130012F815 -60A27E7E7E6D1300EA7FF8EBFFC06C13F86C13FE6C7F6C1480000114C0D8003F13E00103 -13F0EB001FEC0FF800C01303A214017E1400A27E15F07E6C130115E06CEB03C039FF8007 -8039F1E01F0038E0FFFC38C01FE01D2A7DA824>I<130CA5131CA4133CA2137CA213FC12 -0112031207001FB512C0B6FCA2D801FCC7FCB3A21560A9000014E06D13C0A2EB7F01013F -1380EB1F83903807FF00EB01FC1B397EB723>I<D801FC14FE00FF147FA3000714030003 -140100011400B3A51501A31503120015076DEB06FF017E010E13806D4913FC90381FC078 -903807FFE00100903880FE002E297DA733>I<B539E007FFE0A32707FE000113006C48EB -007C1678000115707F00001560A2017F5CA2EC8001013F5CA26D6C48C7FCA26E5A010F13 -06A26D6C5AA2ECF81C01031318A26D6C5AA2ECFE7001001360A2EC7FC0A36E5AA26EC8FC -A3140EA22B287EA630>I<B53BC3FFFE01FFF8A33D0FFE003FF0007FC06C48D91FC0EB1F -800003020F15000001170E70130C15076C6C6E5BA27F6D6E5B150D02801570013F6E1360 -151802C015E0011FD938FE5BED307ED90FE090387F0180ED603FA2D907F00283C7FCEDC0 -1F02F81487010315C69138F9800F02FD14CED901FF14ECED00076D15F84A1303A2027E5C -027C1301A2023C5C0238130002185C3D287EA642>I<B539F01FFFE0A300039039C007FE -00C690388003F8D97F0013E002805BD93FC05B011F49C7FC90380FE00EECF00C6D6C5A01 -0313386D6C5A6E5A6D6C5A6E5A143F81141F6E7E4A7E4A7E1473EC61FCECC1FE903801C0 -FF49487E49486C7E010680010E6D7E49130F013C6D7E017C80D801FC80D80FFE497EB590 -383FFFF8A32D277FA630>I<B539E007FFE0A32707FE000113006C48EB00FC0001157816 -706C7E16607F6D5CA26D6C485AA2ECC003011F91C7FCA290380FE006A2ECF00E0107130C -14F801035BA2ECFC380101133014FE01005BA2EC7FC0A36E5AA26EC8FCA3140EA2140CA2 -141C1418A25CA200181370007E1360B413E05C13015C4848C9FCEA7E07EA700EEA383CEA -1FF8EA07E02B3A7EA630>I E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: FB cmsl12 14.4 13 -/FB 13 116 df<0103BA12F05BA21BE0D9000301E0C7120F6E4914001A3F1A1F4C150F1A -071A03A21A015C93C9FCA55C5D1BC0A4020F150E5D97C7FCA3181E021F151C5D183CA218 -7C18FC023F4A5A4B130F92B6FCA4913A7FF0001FF04B13071701A21700A202FF5D5DA549 -4B5A5D94CAFCA45B92CCFCA55B5CA5130F5CA2497E496C7E007FB612E0B7FCA34C527BD1 -4C>70 D<0107B600FC013FB612E0A24D17C0A2D9000301F0C8001FEB80006E01C06F48C7 -FCA34C5EA41A1F5C93C95BA41A3F5C4B5FA41A7F140F4B5FA41AFF141F4B5FA4614AB9FC -63A303F0C8120161147F4B94C8FCA46114FF4B5EA4190F5B4B5EA4191F5B92C95BA4193F -5B4A5FA4197F130F4A5FA2496C4C7E496C4B7FB7D88007B612FCA204005EA25B527BD158 ->72 D<0107B500E0037FB512E0821DC082D900010503EBF8006E9438007FC07070C7FC4A -183EDBCFFE161E1B1CEDC7FFA203C36D153C140303816D1538A203807FA2706C15781407 -4B6C6C1570A2707EA2706C15F05C020E6D6C5DA2707FA2706D1301141E021C6F5C82A271 -7E1A03023C6E7E023860717EA2717E1A0702786E7E027095C8FC711380A27113C06202F0 -6E13E04A170EF07FF0A2F03FF81A1E0101EE1FFC4A171CF00FFEA2F007FF1A3C010318BC -4A6F13B81AF884A284130791CA6C5AA2193FA249171FA249715A497E496C16073803FFF8 -B600C01503A24B6F5AA25B527BD158>78 D<0107B8FC19F019FE737ED900039026E00007 -13E06E499038007FF8F11FFCF107FE4C6E7E737F737FA2747E5C93C97FA55C5DA4505A14 -0F4B5F61634F90C7FC62021F16074BED0FF84F5A4F5AF1FF80060390C8FC023FED0FFC4B -ECFFF092B7128006FCC9FC84923AF00003FF80027F9138007FE04B6E7EF00FF8727E8572 -7E14FF4B8086A45B5DA5495E92C8FCA5494C90C8FC5CA2F301C0A21B03010F1A804A811B -07496C05801300496C6F5CB76C6D141E736C5A93C86C6C5A73B45ACC00075B9638007F80 -52547BD156>82 D<EC03FF023F13E091B512FC903903FC01FE903A07C0007F8049C76C7E -496E7EEB3FC06E6D7E137F707EA35C6D5A6DC7FC90C8FCA3160FA25FED07FF0203B5FC02 -1F138F9138FFE01F903807FE00D91FF05CEB7FC049C7FCEA03FE4848143F485A48485D5B -485A007F173849147FEF807012FF90C812FFA25DA24BEB00E04B7E6D130E007F91391E3F -81C06C6C013C1383D81FF001F0EBC7803C0FFC07E01FFF006CB500805BC649486C5AD91F -F0EB03E0353679B43B>97 D<EDFFC0020713F8023F13FE91387F80FF903A01FC003FC0D9 -07F8EB1FE0D90FE0130F4948EB07F0494814F849C712035B4848EC01FC485AA2485A120F -5B121F5B123FA348B7FCA301C0C9FC12FF5BAA127F17E0A216016C6C15C016036C6CEC07 -80000F16006D5C6C6C141E6C6C147C6C6C14F06C6CEB03E090393FE01F80010FB5C7FC01 -0313F89038007FC02E3679B434>101 D<F003F0DB07F8EB1FFCDB7FFFEB7FFE4AB538C1 -F87E913A07F80FF3C0913B0FE003FF00FE91393FC001FE91267F8000147C4AC714104A02 -7F1300495A0103825C1307A2495AA417FF95C7FC5CA24C5AA26E495A01075D4C5A6D6C49 -5A6D6C495A496C495A91267F81FEC8FC9039071FFFFCD90E0713E0D91E0190C9FC011CCB -FCA2133CA5133EA2EB3F8091B512FCEEFFC06D15F817FE6D8118C0133F01FEC700077FD8 -03F89138007FF04848151FD80FC0150F48481507003F707E90C9FC5A007E1601170300FE -5F5AA26C1607007E4C5A60007F161F6C6C4B5A6C6C03FFC7FC6C6CEC01FC6C6CEC07F8D8 -03FEEC3FE03B00FFC003FF80013FB548C8FC010714E09026007FFEC9FC3F4E7FB43B> -103 D<EC03C0EC0FF0EC1FF8143FA2147FA4EC3FF0EC1FE0EC0F8091C7FCB0EC7FC0EB7F -FF1580A290B5FC13031300A21500A55B5CA513035CA513075CA5130F5CA5131F5CA5133F -5CA2137F497E007FEBFFC0B6FC1580A21D507CCF21>105 D<EC03FEEB03FF5B15FCA2EB -001F1407A315F8A5140F15F0A5141F15E0A5143F15C0A5147F1580A514FF1500A55B5CA5 -13035CA513075CA5130F5CA5131F5CA5133F5CA2137FEBFFF0007FEBFFE0B612C0A31F53 -7CD221>108 D<91277F8003FE4AB4FC90B590261FFFC0010F13E0DB007F01F0013F13F8 -922701F80FFC9038FC07FE923D03C003FE01E001FF010390260F00019038078000010001 -1E6D6C48C7EA7F804B151E4A485D037015384B6E48143F6E485D4B4A48147F5B92C85BA2 -4A93C8FCA301034B16FF4A4B1600A5010703035D4A4B5DA5010F030715034A4B5DA5011F -030F15074A4B5DA5013F031F150F4A4B5DA2017F033F151FD9FFF0DA7FF8EC3FFC007F90 -26FFE03FB5D8F01FB512F8B648484A4814F0A35D347CB363>I<91397F8007FE90B59038 -1FFFC0DB007F7F923901F80FF8923907C007FC010390380F00030100011E6D7E5DECFE70 -A24B13006E5A4B13015B92C7FCA25CA2170313034A5DA4170713074A5DA4170F130F4A5D -A4171F131F4A5DA4173F133F4A5DA2017F157FD9FFF0ECFFF0007F9026FFE07FEBFFE0B6 -48B612C0A33B347CB341>I<ED7FC0913803FFFC021F13FF91397F807F80903A01FE000F -E0D903F86D7ED907E06D7ED91FC06D7E4948130049C8127E017E157F5B0001EE3F80485A -12074916C0120FA2485AA2003F17E05BA2127FA34848ED7FC0A5EFFF80A390C913005E5F -A26C6C4A5AA24C5A003F5E4C5A6C6C141F5F6C6C4A5A6C6C4AC7FCED01FCD803FC495AC6 -6CEB0FF090397FC07FC0011FB5C8FC010713F8010013C0333678B43B>I<DA07FE13E091 -383FFFC149B512F3903A03FC01FFC090390FC0007F4948133F49C7121F017E140F5BEE07 -80485AA4120317007F7F6D91C7FC6C13C014F8ECFFC06C14FC6D13FF6D14C06D806D8001 -0380D9007F7F14039138003FFE15076F7E001C8081A282A2003E157EA45E123F485D6D13 -014B5A6D495A6D495AD87CF0495AD8F87E01FFC7FC39F03FFFFCD8E00F13F0D8C00390C8 -FC2B367CB42E>115 D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: FC cmsy10 14.4 4 -/FC 4 84 df<943807FFF094B67E040715F0043F15FE93B87E03039026FC001F13E0030F -0180010013F8DB3FFCC8EA1FFEDBFFE0923803FF804A018003007F4A48CAEA3FE0DA0FF8 -EF0FF8DA1FE0EF03FC4A48717E4A48717E02FECCEA3F804948737E4948737E4948737E49 -48737E4A19014948737E49CE127E491B7F017E8749757E491B0F000189491B0700038949 -1B03000789491B01000F89491B00001F8990D0127CA2481D7E003E1D3EA3007E1D3F007C -89A400FC1E80481D0FAE6C1D1F007C1E00A4007E65003E1D3EA3003F1D7E6C1D7CA26D1C -FC000F656D1B010007656D1B030003656D1B070001656D1B0F0000656D1B1F017E51C7FC -017F636D1B7E6D6C626D6C4F5A6E19036D6C4F5A6D6C4F5A6D6C4F5A6D6C4F5ADA7F8006 -FFC8FC6E6C4D5A6E6C4D5ADA0FF8EF0FF8DA03FEEF3FE06E6C6CEEFFC06E01E003035BDB -3FFCDB1FFEC9FC92260FFF80ECFFF8030301FC011F13E0030090B71280043F4BCAFC0407 -15F004001580050701F0CBFC696E79D478>13 D<DD07801A03050F63DD3FC062057F6369 -05FF1B3E217E21FE72190120034C642007200F201F72193F207F4C6420FF05DF61726067 -040762179F058F4F5B72F03FBF040FF27F3F050F19FFF601FE716C18FC041F963803F87F -041EDF07F05BF60FE00503181F043E6DEF3FC0043CF17F801F000CFE13FF4C6C6D4B485C -1D03535A04F04E5A716D4B5A6603014F485A4CF07F00726C5D52485D4B484D5A525A0307 -6E6C4A5A4C60525A4BC76D023F5C061F4B5A52C7FC031E4D5A726C495A033E4D4893C7FC -033C4D5A73495A4B0207143F73495A515A4B6E4990C85AF283FE02016FEB87FC4BEECFF8 -0203EFDFF04B6EEBFFE0634A486F5B98C9FC020F705A4AC95B0008725A001E013E5F003F -017E704884D9E0FC5FD87FFF7148F083C04A70CAECCF804A93CB14FF2200B5487613FC4A -6621E06C49761380001F90D1007CC7FC6C489BC8FCEA01F882597DD390>77 -D<93B612FC031FEDFFE092B812FC0207EFFF80023F18E091BA7E010319FC490181D98007 -8090261FF003DA003F7FD93F8004071480D9FE00040014C0484892C87E4848061F13E048 -4884000F8548487213F086003F5C494A81127F90C7FC00FE1A7F12F800401BE0C8485AA2 -1CC0A21C804C16FF031F1800A2505AA24C4B5A033F5F1A07505A4C5E505A037F4C5A50C7 -FC4C15FE4F5A03FFED07F04F5A4CEC3F8007FFC8FC4AED07FCF0FFF84CB512E004071480 -4A4949C9FCDBFE3F13F04C138005FCCAFC913907FCFF8093CCFCA24A5AA34A5AA34A5AA3 -4A5AA34A5AA34990CDFCA25C1303A25C13075C130F5C5CEB1F8091CEFC131854587DD153 ->80 D<F07FF80507B57E053F14E04CB612F8040715FE041F814C16809338FFC00FDB01FC -C714C0DB07F0143F4B48140F4B48804B4880157F4BC86C1380A24A5A0203180062020717 -F84F5A1A80020F93C8FCA281A282A282826E7F826E13FE826E14C06E14F06F13FC6F13FF -030F14C06F14F0030114FC6F6C13FF041F80040714E0040180706C7F051F7F05077F717F -1700727F84D903C06F7F011F82D97F808149C9FCD803FE82EA07F8484882121F4960123F -A2007F96C7FCA26100FF17036D5F616D16074E5A6D5F6D4C5A6C6C4C5A6E4BC8FC6C01E0 -EC01FC6EEC07F86C01FEEC1FF06C903AFFE003FFC06C91B6C9FC6C16FCC616F06D15C001 -1F4ACAFC010314F09026003FFECBFC4A567ED348>83 D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: FD cmr12 14.4 1 -/FD 1 100 df<EC0FFE91387FFFE049B512F8903907F801FE90391FE0001FD93F80EB07 -8049C7EA0FC001FE143F484815E00003157F485A485AA2485AEE3FC0003FED0F004991C7 -FCA2127FA35B12FFAB127F7FA3123F6D1570121F6D15F0000F16E06D140112076C6CEC03 -C06D15806C6C14076C6DEB0F00D93FC0131E6D6C137C903907FC03F06DB55AD9007F1380 -DA0FF8C7FC2C367CB434>99 D E -%EndDVIPSBitmapFont -%DVIPSBitmapFont: FE cmr17 24.88 25 -/FE 25 118 df[<1AF04F7E4F7EA34F7EA34F7EA34F7FA34F7FA34F7FA296B57EA219FB -06018019F319F106038019E119E0060780F1C07FA2060F804F7EA2061F814F7EA2063E81 -86067E81187C8606FC8160860501824E7FA20503824E7FA20507824E147FA24D48818705 -1F8395C8FC874D83173E87057E83177C8705FC834D81A20401844D81A20403844D81A24C -48831C7F040F845F88041F8594CAFC884C85043E83A2047E85047C83A204FC854C8393BB -FC4B86A24B86A3DB07E0CB7F5E1D7F030F865E89031F8793CC7EA24B87033E85A2037E87 -037C85A24B87890201885D890203885D890207884B1A7FA2020F884B86A2021F8992CE7E -5C8C4A878C5C8A498A497F010F6D507F496D88017F6D083F7F0007B500FE4FB612C0B700 -C095B812F0A6>132 145 123 272 143 65 D[<96261FFF8016380607B512FC063FDAFF -8015784DB712E0050F04FC15F8053F04FF14014CB526FE000F7F4C02C0010001E0130304 -0F01FCC8EA1FF0043F01E0DB07FC130793B50080ED01FE4B49CA007F130F030701F8EF3F -804B01E094381FC01F4B49EF07E04B90CB3803F03FDBFFFEF001F84A49953800FC7F4A49 -197E4A01E0F13FFF4A5B4A49858A4A90CD7E4A5A4A48864949865D4988495B49491B7FA2 -49491B3FA24990CF121F5B5C01FF1D0F5C5A4A1C075AA24A1C035AA25C481E01A3485BA2 -1F005AA25CA2481F00A691D2FCB5FCB37E80A67EA28020787EA36C7FA37E6E1DF820F07E -80A26C6D1C0120E07E80017F1D036E1DC06D1D076D7F20806D6D1B0F6F1C006D656D6D1B -1E6D6D1B3E676D7F6E6C636E6C1A016E6D62704F5A6E6D19076E6D4F5A6E6D4F5A6E6D4F -C7FC6E6D197EDB3FFF616F01C04D5A6F6D4D5A6F01F8EF0FE0030101FE4D5A6F6D6CEE7F -80043F01E0DB01FEC8FC040F01FCED0FFC0403D9FFC0EC7FF07002FE903807FFE0DC003F -90B71280050F4CC9FC050116F0DD003F15C0060702FCCAFCDE001F13C0>117 -147 118 271 138 67 D[<BF12FEA58AD8001F0280C9120F010349CB123F6D4918071C00 -6D871D1F891D03777FA2891E7F1E3FA21E1FA3787EA31E07A31E03A38BA21E01A7E003C0 -811E00A49CC7FCA61A07A41A0FA21A1FA21A3F1A7FF101FF1907197F92B9FCA603FCC87E -19071901F1007F1A3F1A1FA21A0FA21A07A41A03A4F703C0A4F70780A397CAFCA4F70F00 -A567A31F1E1F3EA41F7EA21F7C1FFCA31E01A21E031E07671E0F1E1F1E3F1E7F1EFF651D -07535B491B7F52B5FC496D181F011F6D6C0407B6FCC0FCA267A4>114 -141 117 268 130 69 D[<BF12F0A58AD8001F0280C97E010349CA12016D49EF001F1C07 -6D1A01881D3F1D1F777E1D07A21D031D01A21D00A21E7C1E7EA21E3EA41E1EA31E1FA28A -A71F801E07F20780A39BC7FCA81A0FA41A1FA21A3FA21A7F1AFF1903190F96B5FC92B9FC -A603FCC8FC190F190319001A7F1A3FA21A1FA21A0FA41A07AB97CBFCB3B0497FA2496D7E -011F14F8B912C0A6>105 141 117 268 124 I[<B800FC033FB8FCA6D8001F02E0CA0007 -ECF800010391CC14C06D49735BA26D497390C7FCB3B3B392BDFCA603FCCC123FB3B3B3A6 -496D4F7FA2496D96B57E011F02E0050714F8B800FC033FB8FCA6>120 -141 117 268 143 72 D[<B9FCA6D8000FECF000010114806D91C7FCA26E5AB3B3B3B3B3 -B3AD91B5FCA24980010F14F0B9FCA6>48 141 118 268 68 I[<B912C0A6D8001F02F8CD -FC010314806D49CEFCA26D5BB3B3B3B3A61EF0A5F501E0A81D03A31EC0A31D07A41D0FA3 -1D1F1E801D3FA21D7FA21DFFA264646452130064646451B5FC1B0749191F1B7F496D0403 -B6FC011F6D6C157FBFFC65A5>100 141 117 268 119 76 D[<B600FE9AB612FE6F64A3 -7063A2D8001FF9F000D903F76DE107BF138001019EC7FCA2D900F36D98380F3FFEA202F1 -6D1B1EA302F06D1B3CA36F6C1B78A36F6C1BF0A270F201E081A26F6DF103C0A36F6DF107 -80A36F6DF10F00A36F6D191EA26F6D61A3706C61A3706C61A3706C4E5AA2706D4D5AA370 -6D4D5AA3706D4DC7FCA3706D171EA2706D5FA3716C5FA3716C5FA3716C4C5AA2535A717F -A2716D4B5AA3716D4BC8FCA3716D151EA3716D5DA2726C5DA3726C5DA3726C4A5AA3726D -495AA2726D495AA3726D49C9FCA3726D131EA3726D5BA2736C5BA3736C5BA3736C485AA3 -73EB83C0A2F387807313C7A27301EFCAFCA37313FEA3496C705BA3496C715A497E496C71 -484D7E497F017F01E09AB57E0003B500FC7048040714F0B700F0083FB712FEA2745AA374 -5A>151 141 116 268 176 I[<B600FC060FB7FC8181A282A2D800076EDD003F14C00100 -6E0607EBFE000B0113F870725B02F7755A02F36D735A70735A14F102F07F7073C7FC8183 -816F7F838183816F7F83816F7FA2707E8482707FA2707F8482707F84828482717E858385 -83717F8583717FA2717F8583727EA2727F8684727F86848684727F86848685737F878573 -7FA2737F8785737FA2737F8786747F88868886747F88868886747F8887751380A27513C0 -1DE0877513F0A27513F81DFC877513FE1DFF881E8F887613CF1EEF881EFF8888A28888A2 -89A28989A2496C86A289496C86497E496C86497F017F01E0850003B500FC86B712F08AA2 -8A8AA2>120 141 117 268 143 I[<F17FFE061FB512F895B7FC050716E0053FD9C00313 -FCDDFFF8C7EA1FFF040301C0020313C0040F90C913F0DC3FFCEE3FFCDC7FF0EE0FFE4B48 -48706C7E4B018004017F030F90CB13F0DB1FFCF03FF84B48727E4B48727E4B48727E4A49 -727F4A49727F4A90CD7F4A48747E021F884A48747E4A48747E4A48747EA24949747F4949 -747F498A4B86498A92CFFC498A4948767EA24948767EA201FF8A4A884820804A884820C0 -A348497613E0A348497613F0A34820F8A24A884820FCA54820FEA291D1FCA5B51FFFB26C -6D5213FEA76C20FC6E64A36C20F8A26E64A26C20F0A26E646C20E0A36C6D5213C0A26C20 -806E646C20006E64017F66A26D6C525AA26D6D505BA26D6D505B6D666F626D666D6D505B -6F626D9BC7FC6E6C505A6E6C505A6E6C505A6E646E6D4E5B70606E6D4E5B02006D4E90C8 -FC6F6C4E5A6F6C4E5A6F6C4E5A6F6C4E5A030301C0040313C06F6D4C5B9226007FF8DC1F -FEC9FCDC3FFEEE7FFC93260FFF80913801FFF0040301E0020713C0040001FC023F90CAFC -943B3FFFC003FFFC050790B612E005011680DD001F02F8CBFC9526007FFECCFC>128 -147 118 271 149 I[<BB12FCF2FFF01BFEF3FFC01CF01CFCD8001F0280C8003F13FF01 -0349C9000114C06D49DC003F7F090713F86D07017F757FF43FFF767F767F767F767F767F -767FA2777E8A891F80A2891FC0A21FE0A289A21FF0AB1FE0A3651FC0A31F80651F006566 -A2535A525B6664525B525B525B5290C7FCF4FFFC515B09075B093F13C050B55A083F49C8 -FC92BA12F81CC051C9FC1BF008FCCAFC03FCCFFCB3B3B3A2497FA2497F011F14E0B812FC -A6>108 141 117 268 130 I[<922601FFF01507031FEBFF8092B600F05C020315FC020F -03FF5C023F16C091B5D8000F01F05B4901F09038007FF84901C0DA0FFE5B010F90C8EA03 -FFD91FFC03006D5A4948EE3FC04948EE1FE14AEE0FF14948EE07FB484916014890CBB5FC -5B48488486484884A248488486123F4984A2007F85A24984A212FF87A387A37F87A37FA2 -007F867FA27F7F003F97C7FC7F806C7F806C7F806C13FE806C14C06C14F8EDFF806C15F0 -6D14FF6D15F06D15FF6D16F06D16FE6DEEFFE06D17F86D6C16FE021F707E020717E00201 -17F86E6C82030F82030082040F82040082051F81050181DD001F801801DE003F7F070F7F -8507017F85741380867413C0867413E0A2867413F0A286A200F01A7F1CF8A21B3FA41B1F -7EA57EA21CF0A27E1B3F7E1CE07F1B7F6D1AC0A26D19FF1C806D606D1A006D606D616D18 -076E4D5AD9DFC04D5A6E60D98FF0173FD987FC4D5AD903FF4C485A010001C04B5B48D97F -F04B90C7FCDA3FFEED1FFE4890260FFFC0ECFFF8020301FF01075B486D91B612C06E6C5E -48020F4BC8FC030115F048DA003F14C0040001FCC9FC>85 147 118 -271 106 83 D[<001FC112C0A603C0C700070280C7121F02FCC8000149C9FC4801E06F49 -041F13E091CA1807498901F81D00491E7F491E3F491E1FA2491E0FA290CB1907A2003E1F -03A3007E20F0007C1F01A600781F00A800F820F8482078A7CC1A00B3B3B3B3AC4E7F4E7F -4E80067F14F8047FB912F8A6>125 140 122 267 138 I[<B800C0030FB700FC0403B7FC -A6C66C02E0CA00074ACB001F14E0010F91CB000102F0060714006D497202C0060113FC6D -497349725B4B73755A6DA16D5AA15E6F73755A6D89A193C7FC6F85027FA1121E8B6F856E -A15A8B7084A1157C6E506D1978A27022F86E7661657021016E76616570DE1E7F19036EA1 -5A0B3E7F70F03C3F6E595A0B7C8070F0781FA1140F6E08F86E95C8FC537E7069037F7617 -1E52487E70213E6F76173C1C03714D6C197C6F22780A0781714D7E6F6A0A0F817194C7FC -A113016F4E6F5F0A1E147F711F036F765F5280711F076F775E1C7C7104786E170F6F9FC9 -FC0AF882714C80047F201E090183714C80A1133E70040371153C5280721E7C7076157851 -4880721EF870765D1B0F7292C916017068518372021E167F70555A093E8372023C82A112 -0770047C725C097882721D0F707791CAFC51827265057F76131E1A01724A70153E711E3C -08038507804982716608078507C04982A112F871020F735B98CBFC07E01B01710AFE5B08 -1E187F07F01B03710AFF5B1A3EDFF83C7213077166087C1A87DFFC7884710B8FCBFC08F8 -1ACF73488423DFDE7FFF1BFE5084A272645084A27264A250847264A297CDFC7264A24F1A -7FA20603644F1A3FA20601644F1A1FA2060099CCFC4F86>192 144 -126 268 197 87 D<ED0FFF92B512F0020714FE021F6E7E91267FF00313E04AC7EA7FF8 -D903FCEC1FFCD907F0EC07FFD90FC06E7F49486E7F49C97F013E707E49707E49161F8549 -707E48B4FC02C06F7E80486D836E81A3727FA46C5BA238007FC06D5A90CAFCA8053FB5FC -041FB6FC4BB7FC031FEBFE0192B512800203EBF800021F1380DA7FFEC7FC903801FFF049 -13C0010F5B4948C8FC495A495A48485A5C485B485B4890C9FCA2485AA248481A3CA2485A -A312FF5B60A460A2606D160E007F171E181C6D163C003F4D6C6C13786D16F06C6C15016C -6D4A486C6C13F06C6DEC07C06C6D913B1F801FF801E06C01F8DA3E00EBFC0326007FFED9 -01FC90390FFF9FC090283FFFC00FF86DEBFF80010F90B500E06D1400010103806D5BD900 -3F01FCC813F8020301C0ED1FC0565C78DA5F>97 D<EE3FFC0303B512C0031F14F8037F14 -FF912701FFE00313C0020790C7EA3FE0DA0FFCEC07F8DA3FF0EC01FC4A48EC007E4A4881 -4949ED0F804990C9EA07C04948EE03E0495A4948EE01F0013F17004948EE0FF84A163F01 -FF177F4849EEFFFC60485BA25A91C9FC5AA248487013F8A2F13FE0003FF01FC04994C7FC -A2127FA45BA212FFAF127F7FA4123FA27FA2121FA27F6C190F806C191F1A1E6C7F1A3E6C -6D173C6C197C6E17786D6C17F8013F18F06D6C16016EEE03E06D6CEE07C06D6DED0F806D -6D151F6D6DED3F006D6C6C157EDA3FFC15F86EB4EC03F0020701C0EB1FE0020101F8EBFF -806E6CB548C7FC031F14F8030314C09226003FFCC8FC485C79DA54>99 -D[<1BFCF11FFF0607B5FCA6F0000719001A7F1A3FA21A1FB3B3A4EE1FFC0303B512C003 -1F14F8037F14FE913B01FFF801FF8002079039C0001FC04A48C7EA07F0DA3FF8EC01F84A -48EC007CDAFFC0153E4949151F4990C9EA0F9F4948EE07DF4948EE03FF494882013F8349 -5A4948177F1A3F485B1A1F485B5A91CBFC5AA25B121FA2123F5BA3127FA35BA212FFAF12 -7FA37FA3123FA36C7EA3120F7F7EA26C6D173FA26C6D177FA26C6D17FF017F5F806D6C5E -011FEF07DF6D6CEE0F9F6D6C93381F1FFE6D6C163E6D6D037C7F6D01E0DA01F8806E6CDA -03F014F0DA1FFCDA0FC0ECFFF06EB4EC7F8002039039E007FE00020090B512F8033F14E0 -030791C7FC9226007FF04BC7FC>92 144 121 270 106 I[<EB07F0497E497E497E497E -90B57EA76D90C7FC6D5A6D5A6D5A6D5A90C9FCB3ACEC1F8048B5FC127FA6C67E131F7F7F -A27FB3B3B3AE497F497F013F13F8B712F8A6>37 137 121 264 52 -105 D[<EC1F800003B5FCB6FCA6C6FC131F7F7FA27FB3B3B3B3B3B3AD497F497F013F13 -F8B712FEA6>39 143 121 270 52 108 D<023F912601FFE0933807FF800003B5021F01 -FE047F13F8B6027FD9FFC04AB6FC4CB600F0020715C0932607FC0101FC91261FF00713F0 -93280FC0001FFE4AC76C7E043FC76C6C02FC6E7E047C020390268001F0EC0FFEC64B6E6D -48486E7E011F49486E6D48486E7F6D4948704848826D4A037F91C87E4B48DCF81E836D49 -C9003F4981030E1838031E93261FFC78707E4B60A24BEFFDE009FF8403707049163F15F0 -4B60A34B95CAFCA44B5FB3B3B0496D4C6C4D7E496D4C6D4C7E013F01F893B500E003036D -7EB700FE0103B700F8010FB712E0A6935A79D9A0>I<023F913801FFE00003B5021F13FE -B6027FEBFFC04CB612F0932607FC0113FC933A0FC0001FFE043FC76C7E047C02037FC64B -6E7F011F49486E7F6D4948826D4A157F4B48826D49C9123F150E031E707E5DA25D870370 -160F15F05DA35DA45DB3B3B0496D4C7E496D4C7F013F01F893B512E0B700FE0103B712F8 -A65D5A79D96A>I<EE1FFE4BB512E0030F14FC037FECFF809226FFF0037F020390398000 -7FF0DA0FFCC7EA0FFCDA1FF0EC03FEDA7FE06E6C7EDAFF806E6C7E4990C96C7E4948707E -4948707E4948707E4948707EA24948707E4948707F01FF854A177F48864890CB6C7EA248 -8649181F000F86A34848727EA3003F86A34848721380A500FF1BC0AF007F1B80A26D60A3 -003F1B00A3001F626D181FA2000F62A26C6C4E5AA26C626E177F6C626E17FF6C626D6C4C -5BA26D6C4C90C7FC6D6C4C5A6D6C4C5A0107606D6C4C5A6D6C4C5A6D01C0EDFFC06E6C4A -5BDA3FF8020790C8FCDA0FFCEC0FFC6EB46CEB7FF802019039F003FFE06E6CB61280030F -02FCC9FC030114E09226001FFECAFC525C7ADA5F>I<023FEC0FF00003B5EC7FFEB649B5 -1280040714E093391FF00FF093383F803F93397E007FF85EC6DA01F0EBFFFC011F495A6D -5C6D13075E6D49C7FC4BEC7FF8151E031CEC1FE0033CEC0780033891C7FC1578A2157015 -F0A25DA45DA55DB3B3AB815B497F013F13FCB812C0A63E5A7AD949>114 -D<15F0A91401A61403A41407A4140FA2141FA2143FA2147FA214FF5B5B5B5B5B137F90B9 -FC120FBAFCA4C7D87FF0C9FCB3B3AAF001E0B218036E6C15C0A318076E6C1580A2180F6E -6C1500606E6C141E6E6D133E606E6D5B6E9038F001F092393FFC07E06FB55A03075C0301 -49C7FC9238001FF03B807DFE49>116 D<DA1F80177E0003B593380FFFFEB60303B5FCA6 -C6EF0003011FEF007F6D183F6D181FA26D180FB3B3AE1A1FA41A3FA31A7FA26D18FFA2F1 -01EF816DEF03CFF1078FA26E6C92380F0FFF191E6E6C033C806E6C0378806E6CDA01F014 -F86E6CDA03E0ECFFF86E6C6CEB0FC06E01F8EB7F806E6CB5EAFE00031F14F8030314E092 -26003FFEC791C7FC5D5B79D96A>I E -%EndDVIPSBitmapFont -end -%%EndProlog -%%BeginSetup -%%Feature: *Resolution 600dpi -TeXDict begin -%%PaperSize: A4 - -%%EndSetup -%%Page: 0 1 -0 0 bop 383 1805 a FE(SEMANTICS)60 b(WITH)j(APPLICA)-16 -b(TIONS)1078 2107 y(A)62 b(F)-16 b(ormal)61 b(In)-5 b(tro)5 -b(duction)904 2545 y FD(c)870 2549 y FC(\015)p FB(Hanne)38 -b(Riis)g(Nielson)2158 2545 y FD(c)2124 2549 y FC(\015)p -FB(Flemming)d(Nielson)864 3281 y FA(c)839 3284 y Fz(\015)o -FA(The)47 b(w)m(ebpage)h Fy(http://www.daimi.au.dk/)p -Fz(\030)-7 b Fy(hrn)47 b FA(con)m(tains)839 3397 y(information)19 -b(ab)s(out)i(ho)m(w)g(to)g(do)m(wnload)g(a)g(cop)m(y)h(of)f(this)f(b)s -(o)s(ok)g(\(sub-)839 3510 y(ject)31 b(to)g(the)g(conditions)d(listed)h -(b)s(elo)m(w\).)839 3670 y(The)41 b(b)s(o)s(ok)h(ma)m(y)h(b)s(e)e(do)m -(wnloaded)g(and)h(prin)m(ted)f(free)h(of)g(c)m(harge)839 -3783 y(for)34 b(p)s(ersonal)f(study;)j(it)e(ma)m(y)h(b)s(e)f(do)m -(wnloaded)g(and)g(prin)m(ted)f(free)839 3896 y(of)28 -b(c)m(harge)h(b)m(y)f(instructors)f(for)h Fx(imme)-5 -b(diate)36 b FA(photo)s(cop)m(ying)28 b(to)h(stu-)839 -4008 y(den)m(ts)35 b(pro)m(vided)g(that)h(no)g(fee)g(is)f(c)m(harged)h -(for)g(the)f(course;)k(these)839 4121 y(p)s(ermissions)29 -b(explicitly)h(exclude)i(the)h(righ)m(t)f(to)i(an)m(y)f(other)g -(distri-)839 4234 y(bution)19 b(of)j(the)f(b)s(o)s(ok)g(\(b)s(e)g(it)g -(electronically)f(or)h(b)m(y)g(making)g(ph)m(ysical)839 -4347 y(copies\).)839 4507 y(All)29 b(other)h(distribution)d(should)h(b) -s(e)i(agreed)h(with)e(the)i(authors.)839 4667 y(This)22 -b(is)i(a)h(revised)f(edition)f(completed)i(in)e(July)g(1999;)29 -b(the)c(original)839 4780 y(edition)e(from)i(1992)i(w)m(as)f(published) -21 b(b)m(y)k(John)f(Wiley)h(&)f(Sons;)j(this)839 4893 -y(should)h(b)s(e)i(ac)m(kno)m(wledged)h(in)e(all)g(references)i(to)g -(the)g(b)s(o)s(ok.)p eop -%%Page: 1 2 -1 1 bop 3441 130 a Fw(i)p 0 193 3473 4 v eop -%%Page: 5 3 -5 2 bop 0 1181 a Fv(Con)-6 b(ten)g(ts)0 1733 y Fw(List)37 -b(of)g(T)-9 b(ables)2688 b(vii)0 1954 y(Preface)3019 -b(ix)0 2174 y(1)90 b(In)m(tro)s(duction)2652 b(1)146 -2296 y Fu(1.1)100 b(Seman)m(tic)32 b(description)g(metho)s(ds)66 -b(.)50 b(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.) -h(.)g(.)g(.)g(.)142 b(1)146 2418 y(1.2)100 b(The)33 b(example)f -(language)g Fw(While)64 b Fu(.)50 b(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g -(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)142 b(7)146 -2540 y(1.3)100 b(Seman)m(tics)32 b(of)g(expressions)72 -b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.) -g(.)g(.)f(.)h(.)g(.)g(.)g(.)142 b(9)146 2662 y(1.4)100 -b(Prop)s(erties)32 b(of)g(the)h(seman)m(tics)g(.)50 b(.)g(.)g(.)g(.)g -(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.) -93 b(15)0 2882 y Fw(2)d(Op)s(erational)37 b(Seman)m(tics)2107 -b(19)146 3004 y Fu(2.1)100 b(Natural)31 b(seman)m(tics)38 -b(.)49 b(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.) -g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(20)146 -3126 y(2.2)100 b(Structural)32 b(op)s(erational)e(seman)m(tics)35 -b(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.) -g(.)g(.)g(.)93 b(32)146 3248 y(2.3)100 b(An)33 b(equiv)-5 -b(alence)32 b(result)48 b(.)i(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h -(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 -b(40)146 3370 y(2.4)100 b(Extensions)34 b(of)e Fw(While)64 -b Fu(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g -(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(44)146 3492 -y(2.5)100 b(Blo)s(c)m(ks)32 b(and)h(pro)s(cedures)81 -b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.) -g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(50)0 3713 y Fw(3)d(Pro)m(v)-6 -b(ably)37 b(Correct)f(Implemen)m(tation)1554 b(63)146 -3834 y Fu(3.1)100 b(The)33 b(abstract)g(mac)m(hine)e(.)50 -b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g -(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(63)146 3956 y(3.2)100 -b(Sp)s(eci\014cation)31 b(of)i(the)g(translation)f(.)50 -b(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g -(.)g(.)g(.)93 b(69)146 4078 y(3.3)100 b(Correctness)85 -b(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.) -g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 -b(73)146 4200 y(3.4)100 b(An)33 b(alternativ)m(e)e(pro)s(of)h(tec)m -(hnique)39 b(.)50 b(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g -(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(81)0 4421 y Fw(4)d(Denotational)37 -b(Seman)m(tics)2054 b(85)146 4543 y Fu(4.1)100 b(Direct)31 -b(st)m(yle)j(seman)m(tics:)43 b(sp)s(eci\014cation)48 -b(.)i(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g -(.)93 b(85)146 4664 y(4.2)100 b(Fixed)32 b(p)s(oin)m(t)g(theory)84 -b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.) -g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(93)146 4786 -y(4.3)100 b(Direct)31 b(st)m(yle)j(seman)m(tics:)43 b(existence)37 -b(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.) -g(.)g(.)g(.)44 b(107)146 4908 y(4.4)100 b(An)33 b(equiv)-5 -b(alence)32 b(result)48 b(.)i(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h -(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44 -b(112)146 5030 y(4.5)100 b(Extensions)34 b(of)e Fw(While)64 -b Fu(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g -(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44 b(117)0 5251 -y Fw(5)90 b(Static)37 b(Program)f(Analysis)1958 b(133)146 -5373 y Fu(5.1)100 b(Prop)s(erties)32 b(and)h(prop)s(ert)m(y)g(states)44 -b(.)50 b(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.) -h(.)g(.)g(.)g(.)44 b(135)146 5494 y(5.2)100 b(The)33 -b(analysis)42 b(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g -(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.) -44 b(142)1710 5849 y(v)p eop -%%Page: 6 4 -6 3 bop 251 130 a Fw(vi)2944 b(Con)m(ten)m(ts)p 251 193 -3473 4 v 430 515 a Fu(5.3)99 b(Safet)m(y)34 b(of)e(the)h(analysis)52 -b(.)e(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g -(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(153)430 636 y(5.4)99 -b(Bounded)34 b(iteration)e(.)50 b(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g -(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.) -44 b(160)283 854 y Fw(6)91 b(Axiomatic)35 b(Program)h(V)-9 -b(eri\014cation)1587 b(169)430 974 y Fu(6.1)99 b(Direct)32 -b(pro)s(ofs)g(of)g(program)f(correctness)98 b(.)50 b(.)g(.)g(.)g(.)g(.) -f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(169)430 -1094 y(6.2)99 b(P)m(artial)31 b(correctness)k(assertions)d(.)50 -b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g -(.)g(.)g(.)g(.)44 b(175)430 1215 y(6.3)99 b(Soundness)35 -b(and)d(completeness)54 b(.)c(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f -(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(183)430 -1335 y(6.4)99 b(Extensions)34 b(of)e(the)h(axiomatic)d(system)68 -b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.) -g(.)44 b(191)430 1456 y(6.5)99 b(Assertions)34 b(for)e(execution)h -(time)99 b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g -(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(200)283 1674 y Fw(7)91 -b(F)-9 b(urther)37 b(Reading)2348 b(209)283 1891 y(A)62 -b(Review)36 b(of)i(Notation)2200 b(213)283 2109 y(App)s(endices)2741 -b(212)283 2327 y(B)67 b(In)m(tro)s(duction)36 b(to)h(Miranda)h -(Implemen)m(tations)1092 b(217)430 2448 y Fu(B.1)79 b(Abstract)33 -b(syn)m(tax)49 b(.)h(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.) -g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 -b(217)430 2568 y(B.2)79 b(Ev)-5 b(aluation)31 b(of)h(expressions)39 -b(.)50 b(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.) -g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(218)283 2786 y Fw(C)66 -b(Op)s(erational)37 b(Seman)m(tics)f(in)h(Miranda)1468 -b(221)430 2906 y Fu(C.1)78 b(Natural)32 b(seman)m(tics)37 -b(.)50 b(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.) -f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(221)430 -3027 y(C.2)78 b(Structural)32 b(op)s(erational)e(seman)m(tics)35 -b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.) -g(.)g(.)g(.)44 b(223)430 3147 y(C.3)78 b(Extensions)34 -b(of)e Fw(While)65 b Fu(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g -(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 -b(225)430 3268 y(C.4)78 b(Pro)m(v)-5 b(ably)33 b(correct)g(implemen)m -(tation)97 b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g -(.)g(.)g(.)g(.)g(.)44 b(227)283 3485 y Fw(D)61 b(Denotational)36 -b(Seman)m(tics)h(in)g(Miranda)1415 b(229)430 3606 y Fu(D.1)73 -b(Direct)32 b(st)m(yle)h(seman)m(tics)27 b(.)50 b(.)g(.)g(.)f(.)h(.)g -(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.) -g(.)g(.)44 b(229)430 3726 y(D.2)73 b(Extensions)34 b(of)e -Fw(While)65 b Fu(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g -(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 -b(230)430 3847 y(D.3)73 b(Static)32 b(program)f(analysis)h(.)50 -b(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g -(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(230)283 4065 y Fw(Bibliograph)m(y)2675 -b(233)283 4282 y(Index)38 b(of)g(Sym)m(b)s(ols)2454 b(235)283 -4500 y(Index)3029 b(237)p eop -%%Page: 7 5 -7 4 bop 0 1180 a Fv(List)77 b(of)g(T)-19 b(ables)146 -1632 y Fu(1.1)100 b(The)33 b(seman)m(tics)g(of)f(arithmetic)f -(expressions)f(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g -(.)g(.)g(.)93 b(13)146 1752 y(1.2)100 b(The)33 b(seman)m(tics)g(of)f(b) -s(o)s(olean)f(expressions)63 b(.)49 b(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g -(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(14)146 1956 y(2.1)100 -b(Natural)31 b(seman)m(tics)i(for)f Fw(While)24 b Fu(.)50 -b(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h -(.)g(.)g(.)g(.)93 b(20)146 2076 y(2.2)100 b(Structural)32 -b(op)s(erational)e(seman)m(tics)j(for)f Fw(While)98 b -Fu(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 -b(33)146 2197 y(2.3)100 b(Natural)31 b(seman)m(tics)i(for)f(statemen)m -(ts)h(of)f Fw(Blo)s(c)m(k)53 b Fu(.)d(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f -(.)h(.)g(.)g(.)g(.)93 b(52)146 2317 y(2.4)100 b(Natural)31 -b(seman)m(tics)i(for)f(v)-5 b(ariable)31 b(declarations)55 -b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 -b(52)146 2437 y(2.5)100 b(Natural)31 b(seman)m(tics)i(for)f -Fw(Pro)s(c)g Fu(with)g(dynamic)g(scop)s(e)h(rules)51 -b(.)f(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(54)146 2558 y(2.6)100 -b(Pro)s(cedure)33 b(calls)f(in)g(case)h(of)f(mixed)g(scop)s(e)h(rules)g -(\(c)m(ho)s(ose)g(one\))69 b(.)49 b(.)h(.)g(.)g(.)g(.)93 -b(56)146 2678 y(2.7)100 b(Natural)31 b(seman)m(tics)i(for)f(v)-5 -b(ariable)31 b(declarations)g(using)h(lo)s(cations)82 -b(.)50 b(.)g(.)g(.)g(.)93 b(58)146 2798 y(2.8)100 b(Natural)31 -b(seman)m(tics)i(for)f Fw(Pro)s(c)g Fu(with)g(static)g(scop)s(e)h -(rules)101 b(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 -b(59)146 3002 y(3.1)100 b(Op)s(erational)30 b(seman)m(tics)j(for)f -Fw(AM)101 b Fu(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g -(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(65)146 3122 y(3.2)100 -b(T)-8 b(ranslation)31 b(of)h(expressions)89 b(.)50 b(.)g(.)g(.)g(.)g -(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.) -93 b(70)146 3243 y(3.3)100 b(T)-8 b(ranslation)31 b(of)h(statemen)m(ts) -h(in)f Fw(While)50 b Fu(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g -(.)f(.)h(.)g(.)g(.)g(.)93 b(71)146 3446 y(4.1)100 b(Denotational)30 -b(seman)m(tics)i(for)g Fw(While)g Fu(.)50 b(.)g(.)f(.)h(.)g(.)g(.)g(.)g -(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(86)146 -3566 y(4.2)100 b(Denotational)30 b(seman)m(tics)i(for)g -Fw(While)f Fu(using)i(lo)s(cations)58 b(.)50 b(.)g(.)g(.)g(.)f(.)h(.)g -(.)g(.)g(.)44 b(119)146 3687 y(4.3)100 b(Denotational)30 -b(seman)m(tics)i(for)g(v)-5 b(ariable)31 b(declarations)63 -b(.)50 b(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44 b(121)146 -3807 y(4.4)100 b(Denotational)30 b(seman)m(tics)i(for)g(non-recursiv)m -(e)i(pro)s(cedure)g(declarations)71 b(.)50 b(.)44 b(122)146 -3928 y(4.5)100 b(Denotational)30 b(seman)m(tics)i(for)g -Fw(Pro)s(c)93 b Fu(.)50 b(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g -(.)g(.)f(.)h(.)g(.)g(.)g(.)44 b(123)146 4048 y(4.6)100 -b(Denotational)30 b(seman)m(tics)i(for)g(recursiv)m(e)i(pro)s(cedure)g -(declarations)c(.)50 b(.)g(.)g(.)g(.)44 b(125)146 4168 -y(4.7)100 b(Con)m(tin)m(uation)31 b(st)m(yle)j(seman)m(tics)e(for)g -Fw(While)27 b Fu(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g -(.)g(.)g(.)44 b(128)146 4289 y(4.8)100 b(Con)m(tin)m(uation)31 -b(st)m(yle)j(seman)m(tics)e(for)g Fw(Exc)61 b Fu(.)49 -b(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44 -b(130)146 4492 y(5.1)100 b(Analysis)32 b(of)g(expressions)62 -b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.) -g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44 b(143)146 4613 y(5.2)100 -b(Analysis)32 b(of)g(statemen)m(ts)i(in)d Fw(While)100 -b Fu(.)50 b(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g -(.)g(.)g(.)44 b(144)146 4816 y(6.1)100 b(Axiomatic)30 -b(system)k(for)e(partial)e(correctness)84 b(.)50 b(.)g(.)g(.)g(.)g(.)g -(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44 b(178)146 4936 -y(6.2)100 b(Axiomatic)30 b(system)k(for)e(total)f(correctness)88 -b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44 -b(192)146 5057 y(6.3)100 b(Exact)33 b(execution)g(times)f(for)g -(expressions)54 b(.)49 b(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.) -h(.)g(.)g(.)g(.)44 b(202)146 5177 y(6.4)100 b(Natural)31 -b(seman)m(tics)i(for)f Fw(While)f Fu(with)h(exact)h(execution)h(times) -79 b(.)49 b(.)h(.)g(.)g(.)g(.)44 b(203)146 5297 y(6.5)100 -b(Axiomatic)30 b(system)k(for)e(order)g(of)h(magnitude)e(of)h -(execution)h(time)46 b(.)k(.)g(.)g(.)g(.)44 b(204)1683 -5849 y(vii)p eop -%%Page: 8 6 -8 5 bop 251 130 a Fw(viii)2654 b(List)37 b(of)h(T)-9 -b(ables)p 251 193 3473 4 v eop -%%Page: 9 7 -9 6 bop 0 1180 a Fv(Preface)0 1632 y Fu(Man)m(y)37 b(b)s(o)s(oks)f(on)h -(formal)c(seman)m(tics)k(b)s(egin)e(b)m(y)i(explaining)e(that)h(there)g -(are)h(three)f(ma)5 b(jor)0 1752 y(approac)m(hes)34 b(to)e(seman)m -(tics,)h(that)f(is)145 1923 y Ft(\017)49 b Fu(op)s(erational)30 -b(seman)m(tics,)145 2115 y Ft(\017)49 b Fu(denotational)30 -b(seman)m(tics,)j(and)145 2308 y Ft(\017)49 b Fu(axiomatic)30 -b(seman)m(tics;)0 2478 y(but)36 b(then)g(they)h(go)e(on)h(to)f(study)i -(just)f Fs(one)43 b Fu(of)35 b(these)i(in)e(greater)g(detail.)52 -b(The)36 b(purp)s(ose)h(of)0 2598 y(this)32 b(b)s(o)s(ok)g(is)g(to)145 -2769 y Ft(\017)49 b Fu(presen)m(t)34 b(the)f Fs(fundamental)h(ide)-5 -b(as)40 b Fu(b)s(ehind)32 b Fs(al)5 b(l)43 b Fu(of)32 -b(these)i(approac)m(hes,)145 2961 y Ft(\017)49 b Fu(to)25 -b(stress)i(their)d Fs(r)-5 b(elationship)30 b Fu(b)m(y)d(form)m -(ulating)22 b(and)j(pro)m(ving)g(the)h(relev)-5 b(an)m(t)25 -b(theorems,)244 3082 y(and)145 3274 y Ft(\017)49 b Fu(to)i(illustrate)f -(the)i Fs(applic)-5 b(ability)60 b Fu(of)51 b(formal)e(seman)m(tics)j -(as)g(a)f(to)s(ol)f(in)h(computer)244 3395 y(science)q(.)0 -3565 y(This)45 b(is)g(an)g(am)m(bitious)e(goal)h(and)h(to)f(ac)m(hiev)m -(e)j(it,)g(the)f(bulk)f(of)f(the)i(dev)m(elopmen)m(t)g(con-)0 -3685 y(cen)m(trates)37 b(on)f(a)g(rather)f(small)f(core)i(language)f -(of)g Fr(while)p Fu(-programs)h(for)f(whic)m(h)h(the)h(three)0 -3806 y(approac)m(hes)e(are)g(dev)m(elop)s(ed)g(to)f(roughly)f(the)i -(same)f(lev)m(el)g(of)f(sophistication.)47 b(T)-8 b(o)34 -b(demon-)0 3926 y(strate)f(the)g Fs(applic)-5 b(ability)40 -b Fu(of)32 b(formal)f(seman)m(tics)h(w)m(e)i(sho)m(w)145 -4097 y Ft(\017)49 b Fu(ho)m(w)34 b(to)g(use)g(seman)m(tics)g(for)f(v)-5 -b(alidating)31 b(protot)m(yp)s(e)j(implemen)m(tations)d(of)i(program-) -244 4217 y(ming)e(languages,)145 4409 y Ft(\017)49 b -Fu(ho)m(w)41 b(to)g(use)g(seman)m(tics)g(for)g(v)m(erifying)f(analyses) -h(used)h(in)e(more)g(adv)-5 b(anced)42 b(imple-)244 4530 -y(men)m(tations)32 b(of)g(programming)d(languages,)j(and)145 -4722 y Ft(\017)49 b Fu(ho)m(w)29 b(to)g(use)h(seman)m(tics)f(for)f(v)m -(erifying)h(useful)g(program)e(prop)s(erties)i(including)e(infor-)244 -4843 y(mation)j(ab)s(out)j(execution)g(time.)0 5013 y(The)k(dev)m -(elopmen)m(t)f(is)f Fs(intr)-5 b(o)g(ductory)45 b Fu(as)36 -b(is)f(already)g(re\015ected)i(in)e(the)h(title.)51 b(F)-8 -b(or)35 b(this)g(rea-)0 5133 y(son)c(v)m(ery)i(man)m(y)e(adv)-5 -b(anced)32 b(concepts)h(within)d(op)s(erational,)f(denotational)g(and)i -(axiomatic)0 5254 y(seman)m(tics)36 b(ha)m(v)m(e)h(had)f(to)f(b)s(e)h -(omitted.)52 b(Also)35 b(w)m(e)i(ha)m(v)m(e)g(had)f(to)f(omit)f -(treatmen)m(t)i(of)f(other)0 5374 y(approac)m(hes)26 -b(to)f(seman)m(tics,)h(for)f(example)f(P)m(etri-nets)h(and)g(temp)s -(oral)e(logic.)39 b(Some)24 b(p)s(oin)m(ters)0 5494 y(to)32 -b(further)h(reading)f(are)h(giv)m(en)f(in)g(Chapter)h(7.)1697 -5849 y(ix)p eop -%%Page: 10 8 -10 7 bop 251 130 a Fw(x)3050 b(Preface)p 251 193 3473 -4 v 283 419 V 283 3790 4 3371 v 1711 1523 a Fq(\010)1628 -1565 y(\010)1545 1606 y(\010)1462 1648 y(\010)1379 1689 -y(\010)1296 1731 y(\010)1279 1739 y(\010)1711 2270 y(\010)1628 -2312 y(\010)1545 2353 y(\010)1462 2395 y(\010)1379 2437 -y(\010)1296 2478 y(\010)1279 2486 y(\010)1711 3018 y(\010)1628 -3059 y(\010)1545 3101 y(\010)1462 3142 y(\010)1379 3184 -y(\010)1296 3225 y(\010)1279 3234 y(\010)2126 1523 y(H)2209 -1565 y(H)2292 1606 y(H)2375 1648 y(H)2458 1689 y(H)2541 -1731 y(H)2558 1739 y(H)2126 2270 y(H)2209 2312 y(H)2292 -2353 y(H)2375 2395 y(H)2458 2437 y(H)2541 2478 y(H)2558 -2486 y(H)2126 3018 y(H)2209 3059 y(H)2292 3101 y(H)2375 -3142 y(H)2458 3184 y(H)2541 3225 y(H)2558 3234 y(H)p -1959 1208 4 308 v 1959 1955 4 474 v 1959 2702 V 1959 -3408 4 432 v 1711 765 485 4 v 1711 903 4 139 v 1739 859 -a Fu(Chapter)34 b(1)p 2192 903 V 1711 906 485 4 v 1587 -1234 735 4 v 1587 1465 4 232 v 1740 1328 a(Chapter)f(2)1615 -1440 y(Sections)g(2.1{2.3)p 2318 1465 V 1587 1468 735 -4 v 798 1762 V 798 1880 4 118 v 826 1855 a(Sections)g(2.4{2.5)p -1529 1880 V 798 1883 735 4 v 2541 1761 485 4 v 2541 1900 -4 139 v 1065 w(Chapter)g(3)p 3023 1900 V 2541 1903 485 -4 v 1587 1981 735 4 v 1587 2212 4 232 v 1740 2075 a(Chapter)g(4)1615 -2187 y(Sections)g(4.1{4.4)p 2318 2212 V 1587 2215 735 -4 v 881 2510 523 4 v 881 2627 4 118 v 909 2603 a(Section)g(4.5)p -1400 2627 V 881 2630 523 4 v 2541 2508 485 4 v 2541 2647 -4 139 v 1194 w(Chapter)g(5)p 3023 2647 V 2541 2650 485 -4 v 1587 2728 735 4 v 1587 2960 4 232 v 1740 2822 a(Chapter)g(6)1615 -2935 y(Sections)g(6.1{6.3)p 2318 2960 V 1587 2963 735 -4 v 881 3257 523 4 v 881 3375 4 118 v 909 3350 a(Section)g(6.4)p -1400 3375 V 881 3378 523 4 v 2541 3257 V 2541 3375 4 -118 v 1194 w(Section)f(6.5)p 3061 3375 V 2541 3378 523 -4 v 1711 3422 485 4 v 1711 3560 4 139 v 1739 3516 a(Chapter)i(7)p -2192 3560 V 1711 3563 485 4 v 3753 3790 4 3371 v 283 -3793 3473 4 v 283 4078 a Fp(Ov)l(erview)283 4281 y Fu(As)26 -b(is)e(illustrated)e(in)i(the)h(dep)s(endency)i(diagram,)d(Chapters)h -(1,)h(2,)g(4,)g(6)e(and)h(7)f(form)g(the)g(core)283 4402 -y(of)34 b(the)g(b)s(o)s(ok.)47 b(Chapter)35 b(1)f(in)m(tro)s(duces)g -(the)h(example)e(language)g(of)g Fr(while)p Fu(-programs)h(that)283 -4522 y(is)28 b(used)h(throughout)f(the)h(b)s(o)s(ok.)41 -b(In)29 b(Chapter)g(2)e(w)m(e)j(co)m(v)m(er)f(t)m(w)m(o)g(approac)m -(hes)g(to)f Fs(op)-5 b(er)g(ational)283 4642 y(semantics)p -Fu(,)43 b(the)f(natural)e(seman)m(tics)h(of)g(G.)g(Kahn)g(and)g(the)h -(structural)f(op)s(erational)e(se-)283 4763 y(man)m(tics)30 -b(of)g(G.)h(Plotkin.)41 b(Chapter)32 b(4)e(dev)m(elops)i(the)f -Fs(denotational)h(semantics)38 b Fu(of)30 b(D.)i(Scott)283 -4883 y(and)40 b(C.)h(Strac)m(hey)g(including)d(simple)h(\014xed)i(p)s -(oin)m(t)e(theory)-8 b(.)66 b(Chapter)40 b(6)g(in)m(tro)s(duces)g -Fs(pr)-5 b(o-)283 5004 y(gr)g(am)33 b(veri\014c)-5 b(ation)36 -b Fu(based)31 b(on)f(op)s(erational)e(and)i(denotational)e(seman)m -(tics)j(and)f(go)s(es)g(on)g(to)283 5124 y(presen)m(t)e(the)e -(axiomatic)d(approac)m(h)j(due)h(to)e(C.)h(A.)g(R.)f(Hoare.)42 -b(Finally)-8 b(,)24 b(Chapter)i(7)g(con)m(tains)283 5244 -y(suggestions)34 b(for)e(further)g(reading.)430 5374 -y(The)i(\014rst)f(three)h(or)f(four)f(sections)i(of)f(eac)m(h)g(of)g -(the)g(Chapters)i(2,)e(4)f(and)i(6)e(are)h(dev)m(oted)283 -5494 y(to)i(the)h(language)d(of)i Fr(while)p Fu(-programs)g(and)g(co)m -(v)m(ers)i(sp)s(eci\014cation)d(as)i(w)m(ell)e(as)h(theoretical)p -eop -%%Page: 11 9 -11 8 bop 0 130 a Fw(Preface)3019 b(xi)p 0 193 3473 4 -v 0 515 a Fu(asp)s(ects.)44 b(In)32 b(eac)m(h)g(of)f(the)g(c)m(hapters) -i(w)m(e)f(extend)h(the)e Fr(while)p Fu(-language)g(with)g(v)-5 -b(arious)30 b(other)0 636 y(constructs)c(and)e(the)g(emphasis)g(is)f -(here)i(on)f(sp)s(eci\014cation)g(rather)g(than)g(theory)-8 -b(.)41 b(In)24 b(Sections)0 756 y(2.4)39 b(and)h(2.5)g(w)m(e)h -(consider)f(extensions)h(with)e(ab)s(ortion,)i(non-determinism,)e -(parallelism,)0 877 y(blo)s(c)m(k)33 b(constructs,)h(dynamic)f(and)g -(static)f(pro)s(cedures,)j(and)e(non-recursiv)m(e)h(and)f(recursiv)m(e) -0 997 y(pro)s(cedures.)86 b(In)47 b(Section)f(4.5)g(w)m(e)i(consider)e -(extensions)i(of)e(the)h Fr(while)p Fu(-language)f(with)0 -1117 y(static)37 b(pro)s(cedures)i(that)e(ma)m(y)h(or)f(ma)m(y)g(not)h -(b)s(e)f(recursiv)m(e)i(and)f(w)m(e)h(sho)m(w)f(ho)m(w)g(to)g(handle)0 -1238 y(exceptions,)e(that)d(is,)h(certain)g(kinds)g(of)g(jumps.)47 -b(Finally)-8 b(,)32 b(in)h(Section)h(6.4)f(w)m(e)i(consider)f(an)0 -1358 y(extension)c(with)e(non-recursiv)m(e)i(and)f(recursiv)m(e)i(pro)s -(cedures)f(and)f(w)m(e)h(also)e(sho)m(w)i(ho)m(w)g(total)0 -1478 y(correctness)46 b(prop)s(erties)e(are)f(handled.)77 -b(The)45 b(sections)g(on)e(extending)i(the)f(op)s(erational,)0 -1599 y(denotational)31 b(and)h(axiomatic)e(seman)m(tics)j(ma)m(y)g(b)s -(e)f(studied)h(in)f(an)m(y)h(order.)146 1728 y(The)d(applicabilit)m(y)c -(of)j(op)s(erational,)e(denotational)g(and)i(axiomatic)e(seman)m(tics)i -(is)g(illus-)0 1848 y(trated)h(in)f(Chapters)j(3,)e(5)g(and)g(6.)42 -b(In)31 b(Chapter)f(3)g(w)m(e)h(sho)m(w)g(ho)m(w)g(to)f(pro)m(v)m(e)h -(the)f(correctness)0 1969 y(of)37 b(a)g(simple)f(compiler)f(for)i(the)h -Fr(while)p Fu(-language)f(using)g(the)h(op)s(erational)d(seman)m(tics.) -58 b(In)0 2089 y(Chapter)35 b(5)f(w)m(e)i(pro)m(v)m(e)g(an)e(analysis)g -(for)g(the)g Fr(while)p Fu(-language)h(correct)g(using)f(the)h(denota-) -0 2209 y(tional)f(seman)m(tics.)54 b(Finally)-8 b(,)34 -b(in)h(Section)h(6.5)g(w)m(e)h(extend)g(the)g(axiomatic)c(approac)m(h)k -(so)f(as)0 2330 y(to)c(obtain)g(information)d(ab)s(out)j(execution)h -(time)f(of)g Fr(while)p Fu(-programs.)146 2459 y(App)s(endix)27 -b(A)g(reviews)h(the)f(mathematical)c(notation)i(on)h(whic)m(h)i(this)e -(b)s(o)s(ok)g(is)g(based.)42 b(It)0 2579 y(is)30 b(mostly)g(standard)g -(notation)g(but)g(some)h(ma)m(y)f(\014nd)h(our)f(use)i(of)e -Fo(,)-17 b Ft(!)30 b Fu(and)h Ft(\005)e Fu(non-standard.)0 -2700 y(W)-8 b(e)38 b(use)g Fs(D)47 b Fo(,)-17 b Ft(!)37 -b Fs(E)50 b Fu(for)37 b(the)g(set)h(of)f Fs(p)-5 b(artial)48 -b Fu(functions)37 b(from)f Fs(D)47 b Fu(to)37 b Fs(E)12 -b Fu(;)38 b(this)f(is)g(b)s(ecause)h(w)m(e)0 2820 y(\014nd)j(that)g -(the)g Fs(D)50 b Fo(*)40 b Fs(E)53 b Fu(notation)39 b(is)i(to)s(o)e -(easily)h(o)m(v)m(erlo)s(ok)m(ed.)69 b(Also)41 b(w)m(e)g(use)h -Fs(R)j Ft(\005)39 b Fs(S)53 b Fu(for)0 2940 y(the)32 -b(comp)s(osition)d(of)i(binary)h(relations)e Fs(R)36 -b Fu(and)31 b Fs(S)12 b Fu(;)32 b(this)f(is)g(b)s(ecause)i(of)e(the)h -(di\013eren)m(t)g(order)0 3061 y(of)44 b(comp)s(osition)e(used)k(for)e -(relations)f(and)h(functions.)79 b(When)46 b(dealing)d(with)h -(axiomatic)0 3181 y(seman)m(tics)c(w)m(e)h(use)f(form)m(ulae)e -Ft(f)i Fs(P)50 b Ft(g)39 b Fs(S)52 b Ft(f)39 b Fs(Q)49 -b Ft(g)40 b Fu(for)f(partial)e(correctness)42 b(assertions)e(but)0 -3302 y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 -b(+)h Fs(Q)41 b Ft(g)28 b Fu(for)g(total)e(correctness)31 -b(assertions)d(b)s(ecause)i(the)e(explicit)f(o)s(ccurrence)j(of)0 -3422 y Ft(+)i Fu(\(for)g(termination\))e(ma)m(y)j(prev)m(en)m(t)h(the)f -(studen)m(t)h(from)e(confusing)g(the)h(t)m(w)m(o)g(systems.)146 -3551 y(App)s(endices)27 b(B,)f(C)g(and)g(D)f(con)m(tain)g(implemen)m -(tations)e(of)i(some)h(of)f(the)h(seman)m(tic)g(sp)s(eci-)0 -3671 y(\014cations)e(using)g(the)g(functional)e(language)h -Fw(Miranda)p Fu(.)2073 3635 y Fn(1)2154 3671 y Fu(The)i(in)m(ten)m -(tion)f(is)f(that)h(the)g(abilit)m(y)0 3792 y(to)39 b(exp)s(erimen)m(t) -h(with)g(seman)m(tic)f(de\014nitions)g(enhances)j(the)e(understanding)g -(of)f(material)0 3912 y(that)32 b(is)f(often)h(regarded)h(as)f(b)s -(eing)f(terse)i(and)g(hea)m(vy)g(with)f(formalism.)40 -b(It)32 b(should)g(b)s(e)g(p)s(os-)0 4032 y(sible)j(to)g(rew)m(ork)i -(these)g(implemen)m(tations)c(in)i(an)m(y)h(functional)f(language)f -(but)i(if)f(an)g(eager)0 4153 y(language)42 b(\(lik)m(e)g -Fw(Standard)i(ML)p Fu(\))f(is)f(used,)47 b(great)42 b(care)h(m)m(ust)g -(b)s(e)g(tak)m(en)h(in)e(the)h(imple-)0 4273 y(men)m(tation)37 -b(of)h(the)h(\014xed)h(p)s(oin)m(t)d(com)m(binator.)60 -b(Ho)m(w)m(ev)m(er,)42 b(no)d(con)m(tin)m(uit)m(y)f(is)g(lost)g(if)f -(these)0 4394 y(app)s(endices)c(are)g(ignored.)0 4618 -y Fp(Notes)46 b(for)f(the)g(instructor)0 4820 y Fu(The)35 -b(reader)g(should)g(preferably)f(b)s(e)h(acquain)m(ted)g(with)f(the)h -(BNF-st)m(yle)g(of)f(sp)s(ecifying)g(the)0 4941 y(syn)m(tax)e(of)e -(programming)d(languages)i(and)i(should)f(b)s(e)g(familiar)c(with)k -(most)g(of)g(the)g(mathe-)0 5061 y(matical)c(concepts)k(surv)m(ey)m(ed) -h(in)d(App)s(endix)h(A.)g(T)-8 b(o)29 b(appreciate)f(the)h(protot)m(yp) -s(e)g(implemen-)0 5181 y(tations)j(of)g(the)h(app)s(endices)h(some)f -(exp)s(erience)h(in)e(functional)f(programming)f(is)i(required.)p -0 5304 1389 4 v 112 5365 a Fm(1)149 5395 y Fl(Miranda)24 -b Fk(is)f(a)g(trademark)f(of)h(Researc)n(h)e(Soft)n(w)n(are)h(Limited,) -j(23)d(St)i(Augustines)f(Road,)h(Can)n(terbury)-7 b(,)0 -5494 y(Ken)n(t)27 b(CT1)g(1XP)-7 b(,)27 b(UK.)p eop -%%Page: 12 10 -12 9 bop 251 130 a Fw(xii)2986 b(Preface)p 251 193 3473 -4 v 283 515 a Fu(W)-8 b(e)24 b(ha)m(v)m(e)g(ourselv)m(es)h(used)f(this) -f(b)s(o)s(ok)g(for)f(an)h(undergraduate)h(course)g(at)f(Aarh)m(us)h -(Univ)m(ersit)m(y)283 636 y(in)32 b(whic)m(h)h(the)g(required)g -(functional)e(programming)f(is)i(in)m(tro)s(duced)h(\\on-the-\015y".) -430 756 y(W)-8 b(e)48 b(pro)m(vide)g(t)m(w)m(o)g(kinds)g(of)f -(exercises.)90 b(One)48 b(kind)f(helps)h(the)g(studen)m(t)h(in)e -(his/her)283 877 y(understanding)31 b(of)e(the)h -(de\014nitions/results/tec)m(hniques)h(used)g(in)e(the)h(text.)44 -b(In)30 b(particular)283 997 y(there)38 b(are)e(exercises)j(that)d(ask) -h(the)g(studen)m(t)i(to)d(pro)m(v)m(e)i(auxiliary)c(results)j(needed)h -(for)e(the)283 1117 y(main)23 b(results)i(but)f(then)h(the)g(pro)s(of)f -(tec)m(hniques)i(will)c(b)s(e)i(minor)f(v)-5 b(ariations)22 -b(of)i(those)h(already)283 1238 y(explained)37 b(in)g(the)h(text.)58 -b(W)-8 b(e)38 b(ha)m(v)m(e)g(mark)m(ed)g(those)g(exercises)h(whose)f -(results)g(are)f(needed)283 1358 y(later)d(b)m(y)i(\\)p -Fw(\(Essen)m(tial\))p Fu(".)47 b(The)36 b(other)f(kind)g(of)f -(exercises)i(are)f(more)f(c)m(hallenging)f(in)h(that)283 -1478 y(they)g(extend)g(the)g(dev)m(elopmen)m(t,)f(for)g(example)f(b)m -(y)i(relating)d(it)h(to)g(other)h(approac)m(hes.)45 b(W)-8 -b(e)283 1599 y(use)36 b(a)e(star)h(to)f(mark)g(the)h(more)f(di\016cult) -f(of)h(these)i(exercises.)52 b(Exercises)36 b(mark)m(ed)f(b)m(y)g(t)m -(w)m(o)283 1719 y(stars)42 b(are)e(rather)h(length)m(y)g(and)f(ma)m(y)h -(require)g(insigh)m(t)e(not)i(otherwise)g(presen)m(ted)i(in)c(the)283 -1840 y(b)s(o)s(ok.)70 b(It)42 b(will)d(not)i(b)s(e)h(necessary)h(for)e -(studen)m(ts)j(to)d(attempt)g(all)e(the)j(exercises)h(but)f(w)m(e)283 -1960 y(do)33 b(recommend)f(that)g(they)i(read)f(them)f(and)h(try)f(to)h -(understand)h(what)e(the)h(exercises)i(are)283 2080 y(ab)s(out.)283 -2369 y Fp(Ac)l(kno)l(wledgemen)l(ts)283 2554 y Fu(In)47 -b(writing)d(this)h(b)s(o)s(ok)h(w)m(e)g(ha)m(v)m(e)h(b)s(een)g(greatly) -e(assisted)i(b)m(y)f(the)g(commen)m(ts)g(and)g(sug-)283 -2674 y(gestions)h(pro)m(vided)g(b)m(y)g(colleagues)f(and)g(review)m -(ers)i(and)e(b)m(y)i(studen)m(ts)g(and)f(instructors)283 -2795 y(at)c(Aarh)m(us)h(Univ)m(ersit)m(y)-8 b(.)75 b(This)43 -b(includes)g(Anders)h(Gammelgaard,)f(Chris)g(Hankin,)i(T)-8 -b(or-)283 2915 y(b)s(en)40 b(Am)m(toft)e(Hansen,)j(Jens)f(P)m(alsb)s -(erg)f(J\034rgensen,)j(Ernst-R)s(\177)-51 b(udiger)37 -b(Olderog,)j(Da)m(vid)e(A.)283 3035 y(Sc)m(hmidt,)29 -b(Kirsten)f(L.)g(Solb)s(erg)f(and)h(Bernhard)g(Ste\013en.)43 -b(Sp)s(ecial)27 b(thanks)i(are)f(due)g(to)g(Stef-)283 -3156 y(fen)g(Grarup,)g(Jacob)g(Seligmann,)f(and)g(Bettina)g(Blaab)s -(erg)f(S\034rensen)j(for)e(their)g(en)m(th)m(usiasm)283 -3276 y(and)33 b(great)f(care)h(in)f(reading)g(preliminary)e(v)m -(ersions.)283 3633 y(Aarh)m(us,)k(Octob)s(er)f(1991)1721 -b(Hanne)33 b(Riis)e(Nielson)2985 3800 y(Flemming)e(Nielson)283 -4089 y Fp(Revised)46 b(Edition)283 4274 y Fu(In)36 b(this)f(revised)i -(edition)d(w)m(e)i(ha)m(v)m(e)h(corrected)g(a)e(n)m(um)m(b)s(er)h(of)f -(t)m(yp)s(ographical)f(errors)i(and)f(a)283 4394 y(few)h(mistak)m(es;)h -(ho)m(w)m(ev)m(er,)i(no)c(ma)5 b(jor)34 b(c)m(hanges)j(ha)m(v)m(e)f(b)s -(een)h(made.)51 b(Since)35 b(the)h(publication)283 4515 -y(of)49 b(the)g(\014rst)g(edition)e(w)m(e)j(ha)m(v)m(e)g(obtained)e -(helpful)g(commen)m(ts)g(from)g(Jens)i(Kno)s(op)e(and)283 -4635 y(Anders)35 b(Sandholm.)45 b(The)34 b(w)m(ebpage)h(for)e(the)h(b)s -(o)s(ok)f(no)m(w)h(also)e(con)m(tains)i(implemen)m(tations)283 -4756 y(of)f(App)s(endices)g(B,)g(C)g(and)g(D)f(in)g(Gofer)f(as)i(w)m -(ell)f(as)h(in)f(Miranda.)283 5112 y(Aarh)m(us,)i(July)e(1999)1883 -b(Hanne)33 b(Riis)e(Nielson)2985 5280 y(Flemming)e(Nielson)p -eop -%%Page: 1 11 -1 10 bop 0 1183 a Fv(Chapter)78 b(1)0 1602 y(In)-6 b(tro)6 -b(duction)0 2058 y Fu(The)34 b(purp)s(ose)f(of)f(this)g(b)s(o)s(ok)g -(is)145 2279 y Ft(\017)49 b Fu(to)32 b(describ)s(e)h(some)g(of)f(the)h -(main)e(ideas)h(and)h(metho)s(ds)f(used)i(in)e(seman)m(tics,)145 -2501 y Ft(\017)49 b Fu(to)32 b(illustrate)f(these)i(on)g(in)m -(teresting)f(applications,)f(and)145 2722 y Ft(\017)49 -b Fu(to)32 b(in)m(v)m(estigate)h(the)g(relationship)d(b)s(et)m(w)m(een) -35 b(the)e(v)-5 b(arious)32 b(metho)s(ds.)0 2944 y(F)-8 -b(ormal)47 b(seman)m(tics)k(is)e(concerned)j(with)d(rigorously)g(sp)s -(ecifying)g(the)i(meaning,)i(or)d(b)s(e-)0 3064 y(ha)m(viour,)32 -b(of)g(programs,)g(pieces)i(of)e(hardw)m(are)h(etc.)44 -b(The)34 b(need)f(for)f(rigour)g(arises)g(b)s(ecause)145 -3286 y Ft(\017)49 b Fu(it)31 b(can)i(rev)m(eal)g(am)m(biguities)d(and)i -(subtle)h(complexities)e(in)h(apparen)m(tly)g(crystal)h(clear)244 -3406 y(de\014ning)f(do)s(cumen)m(ts)i(\(for)e(example)g(programming)d -(language)j(man)m(uals\),)f(and)145 3627 y Ft(\017)49 -b Fu(it)36 b(can)i(form)f(the)h(basis)f(for)g(implemen)m(tation,)f -(analysis)h(and)g(v)m(eri\014cation)g(\(in)g(par-)244 -3748 y(ticular)31 b(pro)s(ofs)h(of)g(correctness\).)0 -3969 y(W)-8 b(e)30 b(will)d(use)k(informal)26 b(set)31 -b(theoretic)e(notation)g(\(review)m(ed)i(in)d(App)s(endix)j(A\))e(to)g -(represen)m(t)0 4090 y(seman)m(tic)40 b(concepts.)67 -b(This)40 b(will)e(su\016ce)j(in)e(this)h(b)s(o)s(ok)f(but)i(for)e -(other)h(purp)s(oses)h(greater)0 4210 y(notational)25 -b(precision)i(\(that)g(is,)h(formalit)m(y\))d(ma)m(y)i(b)s(e)g(needed,) -j(for)d(example)g(when)i(pro)s(cess-)0 4330 y(ing)j(seman)m(tic)h -(descriptions)f(b)m(y)i(mac)m(hine)f(as)g(in)f(seman)m(tics)h(directed) -g(compiler-compilers)0 4451 y(or)f(mac)m(hine)g(assisted)i(pro)s(of)d -(c)m(hec)m(k)m(ers.)0 4806 y Fj(1.1)161 b(Seman)l(tic)52 -b(description)h(metho)t(ds)0 5032 y Fu(It)45 b(is)f(customary)h(to)f -(distinguish)f(b)s(et)m(w)m(een)k(the)e(syn)m(tax)i(and)d(the)i(seman)m -(tics)e(of)h(a)f(pro-)0 5153 y(gramming)34 b(language.)55 -b(The)37 b Fs(syntax)49 b Fu(is)36 b(concerned)j(with)d(the)h -(grammatical)c(structure)38 b(of)0 5273 y(programs.)43 -b(So)32 b(a)g(syn)m(tactic)i(analysis)e(of)g(the)h(program)244 -5494 y Fr(z)p Fu(:=)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(y)p -Fu(;)g Fr(y)p Fu(:=)p Fr(z)1712 5849 y Fu(1)p eop -%%Page: 2 12 -2 11 bop 251 130 a Fw(2)2631 b(1)113 b(In)m(tro)s(duction)p -251 193 3473 4 v 283 515 a Fu(will)32 b(realize)i(that)g(it)f(consists) -i(of)f(three)h(statemen)m(ts)g(separated)g(b)m(y)h(the)e(sym)m(b)s(ol)g -(`;'.)49 b(Eac)m(h)283 636 y(of)36 b(these)i(statemen)m(ts)f(has)g(the) -g(form)e(of)h(a)g(v)-5 b(ariable)35 b(follo)m(w)m(ed)g(b)m(y)i(the)g -(comp)s(osite)f(sym)m(b)s(ol)283 756 y(`:=')d(and)g(an)f(expression)i -(whic)m(h)f(is)f(just)h(a)g(v)-5 b(ariable.)430 878 y(The)42 -b Fs(semantics)48 b Fu(is)40 b(concerned)j(with)d(the)i(meaning)d(of)h -(grammatically)d(correct)k(pro-)283 998 y(grams.)57 b(So)37 -b(it)f(will)f(express)k(that)e(the)g(meaning)f(of)h(the)g(ab)s(o)m(v)m -(e)h(program)e(is)g(to)h(exc)m(hange)283 1118 y(the)i(v)-5 -b(alues)38 b(of)f(the)h(v)-5 b(ariables)37 b Fr(x)h Fu(and)g -Fr(y)g Fu(\(and)g(setting)g Fr(z)g Fu(to)f(the)i(\014nal)e(v)-5 -b(alue)37 b(of)g Fr(y)p Fu(\).)60 b(If)38 b(w)m(e)283 -1239 y(w)m(ere)33 b(to)e(explain)g(this)g(in)g(more)f(detail)g(w)m(e)j -(w)m(ould)e(lo)s(ok)f(at)h(the)h(grammatical)c(structure)k(of)283 -1359 y(the)h(program)f(and)g(use)i(explanations)e(of)g(the)h(meanings)f -(of)429 1568 y Ft(\017)48 b Fu(sequences)36 b(of)c(statemen)m(ts)i -(separated)f(b)m(y)h(`;',)f(and)429 1777 y Ft(\017)48 -b Fu(a)33 b(statemen)m(t)g(consisting)f(of)g(a)g(v)-5 -b(ariable)31 b(follo)m(w)m(ed)g(b)m(y)j(`:=')f(and)f(an)h(expression.) -283 1986 y(The)e(actual)d(explanations)h(can)h(b)s(e)f(formalized)e(in) -i(di\013eren)m(t)h(w)m(a)m(ys.)44 b(In)30 b(this)f(b)s(o)s(ok)g(w)m(e)h -(shall)283 2106 y(consider)j(three)h(approac)m(hes.)44 -b(V)-8 b(ery)34 b(roughly)-8 b(,)32 b(the)h(ideas)f(are)h(as)f(follo)m -(ws:)283 2315 y Fw(Op)s(erational)37 b(seman)m(tics:)48 -b Fu(The)32 b(meaning)d(of)i(a)f(construct)i(is)e(sp)s(eci\014ed)i(b)m -(y)f(the)h(compu-)527 2435 y(tation)40 b(it)f(induces)j(when)g(it)e(is) -g(executed)j(on)d(a)h(mac)m(hine.)67 b(In)41 b(particular,)g(it)f(is)g -(of)527 2555 y(in)m(terest)33 b Fs(how)43 b Fu(the)33 -b(e\013ect)g(of)g(a)f(computation)f(is)h(pro)s(duced.)283 -2764 y Fw(Denotational)37 b(seman)m(tics:)48 b Fu(Meanings)29 -b(are)g(mo)s(delled)e(b)m(y)i(mathematical)d(ob)5 b(jects)30 -b(that)527 2885 y(represen)m(t)42 b(the)d(e\013ect)i(of)e(executing)h -(the)f(constructs.)66 b(Th)m(us)41 b Fs(only)47 b Fu(the)40 -b(e\013ect)g(is)f(of)527 3005 y(in)m(terest,)34 b(not)e(ho)m(w)h(it)f -(is)g(obtained.)283 3214 y Fw(Axiomatic)j(seman)m(tics:)48 -b Fu(Sp)s(eci\014c)i(prop)s(erties)g(of)f(the)h(e\013ect)h(of)e -(executing)h(the)g(con-)527 3334 y(structs)31 b(are)f(expressed)j(as)c -Fs(assertions)p Fu(.)42 b(Th)m(us)31 b(there)g(ma)m(y)e(b)s(e)h(asp)s -(ects)h(of)e(the)i(execu-)527 3455 y(tions)h(that)h(are)f(ignored.)283 -3663 y(T)-8 b(o)32 b(get)g(a)g(feeling)f(for)g(their)h(di\013eren)m(t)g -(nature)g(let)f(us)i(see)g(ho)m(w)g(they)g(express)h(the)e(meaning)283 -3784 y(of)h(the)g(example)f(program)f(ab)s(o)m(v)m(e.)283 -4079 y Fp(Op)t(erational)47 b(seman)l(tics)f(\(Chapter)g(2\))283 -4266 y Fu(An)34 b(op)s(erational)c(explanation)i(of)g(the)h(meaning)f -(of)g(a)g(construct)i(will)d(tell)g(ho)m(w)j(to)e Fs(exe)-5 -b(cute)283 4387 y Fu(it:)429 4595 y Ft(\017)48 b Fu(T)-8 -b(o)30 b(execute)i(a)e(sequence)j(of)c(statemen)m(ts)i(separated)g(b)m -(y)g(`;')g(w)m(e)g(execute)h(the)e(individ-)527 4716 -y(ual)i(statemen)m(ts)h(one)g(after)g(the)g(other)f(and)h(from)e(left)h -(to)g(righ)m(t.)429 4925 y Ft(\017)48 b Fu(T)-8 b(o)31 -b(execute)h(a)f(statemen)m(t)g(consisting)e(of)h(a)h(v)-5 -b(ariable)28 b(follo)m(w)m(ed)i(b)m(y)h(`:=')g(and)g(another)527 -5045 y(v)-5 b(ariable)35 b(w)m(e)j(determine)e(the)i(v)-5 -b(alue)36 b(of)g(the)h(second)h(v)-5 b(ariable)35 b(and)i(assign)f(it)g -(to)g(the)527 5165 y(\014rst)d(v)-5 b(ariable.)283 5374 -y(W)d(e)34 b(shall)e(record)i(the)g(execution)g(of)f(the)h(example)f -(program)f(in)h(a)g(state)h(where)h Fr(x)f Fu(has)f(the)283 -5494 y(v)-5 b(alue)32 b Fw(5)p Fu(,)h Fr(y)g Fu(the)g(v)-5 -b(alue)32 b Fw(7)g Fu(and)h Fr(z)g Fu(the)g(v)-5 b(alue)32 -b Fw(0)g Fu(b)m(y)i(the)f(follo)m(wing)d(\\deriv)-5 b(ation)31 -b(sequence":)p eop -%%Page: 3 13 -3 12 bop 0 130 a Fw(1.1)112 b(Seman)m(tic)37 b(description)f(metho)s -(ds)1685 b(3)p 0 193 3473 4 v 493 500 a Ft(h)p Fr(z)p -Fu(:=)p Fr(x)p Fu(;)33 b Fr(x)p Fu(:=)p Fr(y)p Fu(;)g -Fr(y)p Fu(:=)p Fr(z)p Fu(,)100 b([)p Fr(x)p Ft(7!)p Fw(5)p -Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p Fu(,)f Fr(z)p Ft(7!)p -Fw(0)p Fu(])p Ft(i)294 668 y(\))364 b(h)p Fr(x)p Fu(:=)p -Fr(y)p Fu(;)33 b Fr(y)p Fu(:=)p Fr(z)p Fu(,)100 b([)p -Fr(x)p Ft(7!)p Fw(5)p Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p -Fu(,)f Fr(z)p Ft(7!)p Fw(5)p Fu(])p Ft(i)294 835 y(\))629 -b(h)p Fr(y)p Fu(:=)p Fr(z)p Fu(,)100 b([)p Fr(x)p Ft(7!)p -Fw(7)p Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p Fu(,)f Fr(z)p -Ft(7!)p Fw(5)p Fu(])p Ft(i)294 1003 y(\))1020 b Fu([)p -Fr(x)p Ft(7!)p Fw(7)p Fu(,)32 b Fr(y)p Ft(7!)p Fw(5)p -Fu(,)h Fr(z)p Ft(7!)p Fw(5)p Fu(])0 1193 y(In)45 b(the)f(\014rst)h -(step)g(w)m(e)h(execute)g(the)f(statemen)m(t)g Fr(z)p -Fu(:=)p Fr(x)f Fu(and)h(the)f(v)-5 b(alue)44 b(of)g Fr(z)g -Fu(is)g(c)m(hanged)0 1313 y(to)f Fw(5)g Fu(whereas)i(those)f(of)f -Fr(x)g Fu(and)h Fr(y)f Fu(are)h(unc)m(hanged.)77 b(The)44 -b(remaining)d(program)h(is)h(no)m(w)0 1434 y Fr(x)p Fu(:=)p -Fr(y)p Fu(;)33 b Fr(y)p Fu(:=)p Fr(z)q Fu(.)70 b(After)42 -b(the)g(second)g(step)h(the)f(v)-5 b(alue)41 b(of)g Fr(x)h -Fu(is)f Fw(7)g Fu(and)h(w)m(e)h(are)e(left)g(with)g(the)0 -1554 y(program)32 b Fr(y)p Fu(:=)p Fr(z)p Fu(.)45 b(The)34 -b(third)e(and)h(\014nal)g(step)g(of)g(the)g(computation)f(will)f(c)m -(hange)j(the)f(v)-5 b(alue)0 1675 y(of)32 b Fr(y)h Fu(to)f -Fw(5)p Fu(.)44 b(Therefore)34 b(the)f(initial)c(v)-5 -b(alues)32 b(of)g Fr(x)h Fu(and)g Fr(y)g Fu(ha)m(v)m(e)h(b)s(een)f(exc) -m(hanged,)i(using)d Fr(z)h Fu(as)0 1795 y(a)f(temp)s(orary)g(v)-5 -b(ariable.)146 1915 y(This)45 b(explanation)d(giv)m(es)j(an)f -Fs(abstr)-5 b(action)51 b Fu(of)43 b(ho)m(w)i(the)f(program)f(is)h -(executed)i(on)e(a)0 2036 y(mac)m(hine.)65 b(It)40 b(is)g(imp)s(ortan)m -(t)e(to)h(observ)m(e)j(that)e(it)f(is)g(indeed)i(an)f(abstraction:)57 -b(w)m(e)41 b(ignore)0 2156 y(details)21 b(lik)m(e)g(use)j(of)d -(registers)i(and)f(addresses)i(for)e(v)-5 b(ariables.)39 -b(So)22 b(the)g(op)s(erational)e(seman)m(tics)0 2277 -y(is)32 b(rather)h(indep)s(enden)m(t)h(of)e(mac)m(hine)g(arc)m -(hitectures)h(and)g(implemen)m(tation)c(strategies.)146 -2397 y(In)24 b(Chapter)h(2)e(w)m(e)i(shall)d(formalize)f(this)j(kind)f -(of)h(op)s(erational)d(seman)m(tics)j(whic)m(h)g(is)f(often)0 -2517 y(called)36 b Fs(structur)-5 b(al)40 b(op)-5 b(er)g(ational)38 -b(semantics)44 b Fu(\(or)37 b(small-step)e(seman)m(tics\).)57 -b(An)37 b(alternativ)m(e)0 2638 y(op)s(erational)20 b(seman)m(tics)i -(is)g(called)f Fs(natur)-5 b(al)25 b(semantics)k Fu(\(or)22 -b(big-step)g(seman)m(tics\))g(and)g(di\013ers)0 2758 -y(from)34 b(the)i(structural)f(op)s(erational)e(seman)m(tics)j(b)m(y)g -(hiding)e(ev)m(en)j(more)e(execution)h(details.)0 2878 -y(In)e(the)f(natural)g(seman)m(tics)g(the)h(execution)g(of)f(the)h -(example)e(program)g(in)h(the)h(same)f(state)0 2999 y(as)g(b)s(efore)f -(will)f(b)s(e)h(represen)m(ted)k(b)m(y)d(the)g(follo)m(wing)d(\\deriv) --5 b(ation)31 b(tree":)294 3187 y Ft(h)o Fr(z)p Fu(:=)p -Fr(x)p Fu(,)j Fs(s)646 3202 y Fn(0)685 3187 y Ft(i)e(!)g -Fs(s)936 3202 y Fn(1)1293 3187 y Ft(h)p Fr(x)p Fu(:=)p -Fr(y)p Fu(,)h Fs(s)1645 3202 y Fn(1)1685 3187 y Ft(i)f(!)g -Fs(s)1936 3202 y Fn(2)p 244 3274 1782 4 v 661 3475 a -Ft(h)p Fr(z)p Fu(:=)p Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(y)p -Fu(,)g Fs(s)1278 3490 y Fn(0)1317 3475 y Ft(i)g(!)f Fs(s)1569 -3490 y Fn(2)2293 3475 y Ft(h)p Fr(y)p Fu(:=)p Fr(z)p -Fu(,)h Fs(s)2645 3490 y Fn(2)2684 3475 y Ft(i)g(!)f Fs(s)2936 -3490 y Fn(3)p 244 3562 2782 4 v 1028 3763 a Ft(h)p Fr(z)p -Fu(:=)p Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(y)p Fu(;)g Fr(y)p -Fu(:=)p Fr(z)p Fu(,)g Fs(s)1910 3778 y Fn(0)1950 3763 -y Ft(i)f(!)g Fs(s)2201 3778 y Fn(3)0 3954 y Fu(where)i(w)m(e)f(ha)m(v)m -(e)h(used)g(the)f(abbreviations:)294 4123 y Fs(s)342 -4138 y Fn(0)481 4123 y Fu(=)99 b([)p Fr(x)p Ft(7!)p Fw(5)p -Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p Fu(,)g Fr(z)p Ft(7!)o -Fw(0)p Fu(])294 4290 y Fs(s)342 4305 y Fn(1)481 4290 -y Fu(=)99 b([)p Fr(x)p Ft(7!)p Fw(5)p Fu(,)33 b Fr(y)p -Ft(7!)p Fw(7)p Fu(,)g Fr(z)p Ft(7!)o Fw(5)p Fu(])294 -4458 y Fs(s)342 4473 y Fn(2)481 4458 y Fu(=)99 b([)p -Fr(x)p Ft(7!)p Fw(7)p Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p -Fu(,)g Fr(z)p Ft(7!)o Fw(5)p Fu(])294 4626 y Fs(s)342 -4641 y Fn(3)481 4626 y Fu(=)99 b([)p Fr(x)p Ft(7!)p Fw(7)p -Fu(,)33 b Fr(y)p Ft(7!)p Fw(5)p Fu(,)g Fr(z)p Ft(7!)o -Fw(5)p Fu(])0 4816 y(This)i(is)f(to)h(b)s(e)g(read)g(as)g(follo)m(ws:) -47 b(The)36 b(execution)f(of)g Fr(z)p Fu(:=)p Fr(x)g -Fu(in)f(the)h(state)h Fs(s)2857 4831 y Fn(0)2931 4816 -y Fu(will)c(result)j(in)0 4936 y(the)30 b(state)g Fs(s)449 -4951 y Fn(1)518 4936 y Fu(and)g(the)g(execution)g(of)f -Fr(x)p Fu(:=)p Fr(y)h Fu(in)f(state)h Fs(s)2041 4951 -y Fn(1)2110 4936 y Fu(will)d(result)j(in)e(state)i Fs(s)2954 -4951 y Fn(2)2994 4936 y Fu(.)42 b(Therefore)0 5057 y(the)33 -b(execution)h(of)e Fr(z)p Fu(:=)p Fr(x)p Fu(;)h Fr(x)p -Fu(:=)p Fr(y)h Fu(in)e(state)h Fs(s)1621 5072 y Fn(0)1693 -5057 y Fu(will)e(giv)m(e)h(state)i Fs(s)2366 5072 y Fn(2)2405 -5057 y Fu(.)44 b(F)-8 b(urthermore,)33 b(execution)0 -5177 y(of)k Fr(y)p Fu(:=)p Fr(z)h Fu(in)f(state)h Fs(s)770 -5192 y Fn(2)847 5177 y Fu(will)d(giv)m(e)j(state)g Fs(s)1534 -5192 y Fn(3)1611 5177 y Fu(so)g(in)e(total)h(the)h(execution)g(of)f -(the)h(program)e(in)0 5297 y(state)d Fs(s)287 5312 y -Fn(0)359 5297 y Fu(will)d(giv)m(e)j(the)g(resulting)e(state)i -Fs(s)1600 5312 y Fn(3)1640 5297 y Fu(.)43 b(This)33 b(is)f(expressed)k -(b)m(y)244 5494 y Ft(h)p Fr(z)p Fu(:=)p Fr(x)p Fu(;)d -Fr(x)p Fu(:=)p Fr(y)p Fu(;)g Fr(y)p Fu(:=)p Fr(z)p Fu(,)g -Fs(s)1126 5509 y Fn(0)1165 5494 y Ft(i)g(!)f Fs(s)1417 -5509 y Fn(3)p eop -%%Page: 4 14 -4 13 bop 251 130 a Fw(4)2631 b(1)113 b(In)m(tro)s(duction)p -251 193 3473 4 v 283 515 a Fu(but)33 b(no)m(w)h(w)m(e)f(ha)m(v)m(e)h -(hidden)f(the)g(ab)s(o)m(v)m(e)g(explanation)f(of)g(ho)m(w)h(it)e(w)m -(as)j(actually)d(obtained.)430 637 y(In)39 b(Chapter)g(3)g(w)m(e)h -(shall)d(use)j(the)f(natural)f(seman)m(tics)h(as)g(the)g(basis)g(for)f -(pro)m(ving)g(the)283 758 y(correctness)d(of)d(an)h(implemen)m(tation)c -(of)j(a)h(simple)e(programming)e(language.)283 1057 y -Fp(Denotational)48 b(seman)l(tics)e(\(Chapter)g(4\))283 -1246 y Fu(In)38 b(the)f(denotational)e(seman)m(tics)j(w)m(e)g(concen)m -(trate)g(on)f(the)h Fs(e\013e)-5 b(ct)46 b Fu(of)36 b(executing)i(the)f -(pro-)283 1366 y(grams)32 b(and)h(w)m(e)h(shall)d(mo)s(del)g(this)h(b)m -(y)h(mathematical)d(functions:)429 1578 y Ft(\017)48 -b Fu(The)h(e\013ect)g(of)e(a)h(sequence)i(of)e(statemen)m(ts)h -(separated)f(b)m(y)h(`;')56 b(is)47 b(the)h(functional)527 -1699 y(comp)s(osition)31 b(of)h(the)h(e\013ects)h(of)e(the)h -(individual)d(statemen)m(ts.)429 1911 y Ft(\017)48 b -Fu(The)26 b(e\013ect)g(of)e(a)h(statemen)m(t)g(consisting)f(of)h(a)f(v) --5 b(ariable)23 b(follo)m(w)m(ed)h(b)m(y)i(`:=')f(and)g(another)527 -2031 y(v)-5 b(ariable)33 b(is)h(the)h(function)f(that)g(giv)m(en)h(a)f -(state)h(will)d(pro)s(duce)k(a)e(new)h(state:)48 b(it)34 -b(is)g(as)527 2151 y(the)j(original)c(one)j(except)i(that)e(the)g(v)-5 -b(alue)36 b(of)g(the)g(\014rst)h(v)-5 b(ariable)34 b(of)i(the)g -(statemen)m(t)527 2272 y(is)c(equal)h(to)f(that)g(of)h(the)g(second)g -(v)-5 b(ariable.)283 2484 y(F)d(or)49 b(the)h(example)e(program)g(w)m -(e)i(obtain)f(functions)g(written)g Ft(S)8 b Fu([)-17 -b([)p Fr(z)p Fu(:=)p Fr(x)p Fu(])g(])q(,)54 b Ft(S)8 -b Fu([)-17 b([)p Fr(x)p Fu(:=)p Fr(y)p Fu(])g(])q(,)54 -b(and)283 2604 y Ft(S)8 b Fu([)-17 b([)q Fr(y)p Fu(:=)p -Fr(z)p Fu(])g(])44 b(for)f(eac)m(h)i(of)e(the)g(assignmen)m(t)h -(statemen)m(ts)g(and)g(for)e(the)i(o)m(v)m(erall)f(program)f(w)m(e)283 -2725 y(get)33 b(the)g(function)527 2937 y Ft(S)8 b Fu([)-17 -b([)q Fr(z)p Fu(:=)p Fr(x)p Fu(;)33 b Fr(x)p Fu(:=)p -Fr(y)p Fu(;)g Fr(y)p Fu(:=)p Fr(z)p Fu(])-17 b(])34 b(=)e -Ft(S)8 b Fu([)-17 b([)p Fr(y)p Fu(:=)p Fr(z)p Fu(])g(])34 -b Ft(\016)e(S)8 b Fu([)-17 b([)q Fr(x)p Fu(:=)p Fr(y)p -Fu(])g(])33 b Ft(\016)g(S)7 b Fu([)-17 b([)q Fr(z)p Fu(:=)p -Fr(x)p Fu(])g(])283 3149 y(Note)45 b(that)g(the)g Fs(or)-5 -b(der)55 b Fu(of)44 b(the)h(statemen)m(ts)g(ha)m(v)m(e)h(c)m(hanged)g -(b)s(ecause)g(w)m(e)g(use)f(the)g(usual)283 3269 y(notation)36 -b(for)h(function)g(comp)s(osition)e(where)k(\()p Fs(f)58 -b Ft(\016)37 b Fs(g)9 b Fu(\))37 b Fs(s)46 b Fu(means)37 -b Fs(f)58 b Fu(\()p Fs(g)46 b(s)8 b Fu(\).)58 b(If)37 -b(w)m(e)i(w)m(an)m(t)f(to)283 3390 y(determine)g(the)g(e\013ect)h(of)e -(executing)i(the)f(program)f(on)g(a)h(particular)e(state)i(then)h(w)m -(e)g(can)283 3510 y Fs(apply)i Fu(the)33 b(function)f(to)h(that)f -(state)h(and)g Fs(c)-5 b(alculate)39 b Fu(the)33 b(resulting)f(state)h -(as)g(follo)m(ws:)527 3722 y Ft(S)8 b Fu([)-17 b([)q -Fr(z)p Fu(:=)p Fr(x)p Fu(;)33 b Fr(x)p Fu(:=)p Fr(y)p -Fu(;)g Fr(y)p Fu(:=)p Fr(z)p Fu(])-17 b(])q(\([)p Fr(x)p -Ft(7!)p Fw(5)p Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p Fu(,)f -Fr(z)p Ft(7!)p Fw(0)p Fu(]\))796 3890 y(=)g(\()p Ft(S)8 -b Fu([)-17 b([)q Fr(y)p Fu(:=)p Fr(z)p Fu(])g(])33 b -Ft(\016)g(S)8 b Fu([)-17 b([)p Fr(x)p Fu(:=)p Fr(y)p -Fu(])g(])34 b Ft(\016)e(S)8 b Fu([)-17 b([)p Fr(z)p Fu(:=)p -Fr(x)p Fu(])g(])r(\)\([)p Fr(x)p Ft(7!)o Fw(5)p Fu(,)33 -b Fr(y)p Ft(7!)p Fw(7)p Fu(,)g Fr(z)p Ft(7!)o Fw(0)p -Fu(]\))796 4057 y(=)f Ft(S)8 b Fu([)-17 b([)q Fr(y)p -Fu(:=)p Fr(z)p Fu(])g(])q(\()p Ft(S)8 b Fu([)-17 b([)p -Fr(x)p Fu(:=)p Fr(y)p Fu(])g(])q(\()p Ft(S)8 b Fu([)-17 -b([)q Fr(z)p Fu(:=)p Fr(x)p Fu(])g(])q(\([)p Fr(x)p Ft(7!)p -Fw(5)p Fu(,)32 b Fr(y)p Ft(7!)p Fw(7)p Fu(,)h Fr(z)p -Ft(7!)p Fw(0)p Fu(]\)\)\))796 4225 y(=)f Ft(S)8 b Fu([)-17 -b([)q Fr(y)p Fu(:=)p Fr(z)p Fu(])g(])q(\()p Ft(S)8 b -Fu([)-17 b([)p Fr(x)p Fu(:=)p Fr(y)p Fu(])g(])q(\([)p -Fr(x)p Ft(7!)p Fw(5)p Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p -Fu(,)f Fr(z)p Ft(7!)p Fw(5)p Fu(]\)\))796 4392 y(=)g -Ft(S)8 b Fu([)-17 b([)q Fr(y)p Fu(:=)p Fr(z)p Fu(])g(])q(\([)p -Fr(x)p Ft(7!)p Fw(7)p Fu(,)33 b Fr(y)p Ft(7!)o Fw(7)p -Fu(,)g Fr(z)p Ft(7!)p Fw(5)p Fu(]\))796 4560 y(=)f([)p -Fr(x)p Ft(7!)p Fw(7)p Fu(,)h Fr(y)p Ft(7!)p Fw(5)p Fu(,)g -Fr(z)p Ft(7!)p Fw(5)p Fu(])283 4772 y(Note)j(that)f(w)m(e)i(are)e(only) -g(manipulating)d(mathematical)h(ob)5 b(jects;)38 b(w)m(e)e(are)g(not)f -(concerned)283 4893 y(with)c(executing)h(programs.)42 -b(The)31 b(di\013erence)h(ma)m(y)f(seem)g(small)d(for)j(a)f(program)g -(with)g(only)283 5013 y(assignmen)m(t)35 b(and)g(sequencing)i(statemen) -m(ts)f(but)f(for)f(programs)g(with)h(more)f(sophisticated)283 -5133 y(constructs)g(it)e(is)g(substan)m(tial.)43 b(The)33 -b(b)s(ene\014ts)h(of)e(the)g(denotational)f(approac)m(h)i(are)f(mainly) -283 5254 y(due)f(to)e(the)h(fact)f(that)g(it)g(abstracts)h(a)m(w)m(a)m -(y)h(from)d(ho)m(w)i(programs)f(are)g(executed.)45 b(Therefore)283 -5374 y(it)f(b)s(ecomes)g(easier)h(to)f(reason)g(ab)s(out)g(programs)g -(as)g(it)f(simply)g(amoun)m(ts)h(to)g(reasoning)283 5494 -y(ab)s(out)30 b(mathematical)e(ob)5 b(jects.)44 b(Ho)m(w)m(ev)m(er,)33 -b(a)d(prerequisite)h(for)f(doing)f(so)i(is)f(to)g(establish)g(a)p -eop -%%Page: 5 15 -5 14 bop 0 130 a Fw(1.1)112 b(Seman)m(tic)37 b(description)f(metho)s -(ds)1685 b(5)p 0 193 3473 4 v 0 515 a Fu(\014rm)30 b(mathematical)e -(basis)j(for)g(denotational)e(seman)m(tics)i(and)g(this)g(task)g(turns) -h(out)f(not)g(to)0 636 y(b)s(e)i(en)m(tirely)f(trivial.)146 -771 y(The)48 b(denotational)e(approac)m(h)h(can)h(easily)e(b)s(e)i -(adapted)f(to)g(express)j(other)d(sorts)h(of)0 891 y(prop)s(erties)32 -b(of)h(programs.)42 b(Some)32 b(examples)h(are:)145 1169 -y Ft(\017)49 b Fu(Determine)29 b(whether)i(all)d(v)-5 -b(ariables)29 b(are)h(initialized)c(b)s(efore)k(they)h(are)f(used)h(|)f -(if)f(not)244 1290 y(a)j(w)m(arning)g(ma)m(y)h(b)s(e)g(appropriate.)145 -1568 y Ft(\017)49 b Fu(Determine)33 b(whether)i(a)e(certain)g -(expression)i(in)e(the)h(program)f(alw)m(a)m(ys)h(ev)-5 -b(aluates)34 b(to)244 1688 y(a)e(constan)m(t)i(|)e(if)f(so)i(one)g(can) -g(replace)f(the)h(expression)h(b)m(y)f(the)g(constan)m(t.)145 -1966 y Ft(\017)49 b Fu(Determine)23 b(whether)j(all)c(parts)i(of)g(the) -g(program)f(are)h(reac)m(hable)h(|)f(if)f(not)h(they)h(could)244 -2087 y(as)33 b(w)m(ell)e(b)s(e)i(remo)m(v)m(ed)h(or)e(a)g(w)m(arning)g -(migh)m(t)g(b)s(e)g(appropriate.)0 2365 y(In)h(Chapter)g(5)g(w)m(e)g -(dev)m(elop)g(an)g(example)f(of)g(this.)146 2500 y(While)c(w)m(e)h -(prefer)g(the)g(denotational)e(approac)m(h)i(when)h(reasoning)e(ab)s -(out)g(programs)f(w)m(e)0 2620 y(ma)m(y)k(prefer)g(an)g(op)s(erational) -e(approac)m(h)j(when)g(implemen)m(ting)c(the)k(language.)41 -b(It)32 b(is)e(there-)0 2741 y(fore)39 b(of)g(in)m(terest)h(whether)g -(a)f(denotational)f(de\014nition)g(is)h Fs(e)-5 b(quivalent)48 -b Fu(to)39 b(an)g(op)s(erational)0 2861 y(de\014nition)32 -b(and)g(this)g(is)h(studied)g(in)e(Section)i(4.3.)0 3242 -y Fp(Axiomatic)46 b(seman)l(tics)g(\(Chapter)g(6\))0 -3457 y Fu(Often)29 b(one)h(is)e(in)m(terested)j(in)d -Fs(p)-5 b(artial)31 b(c)-5 b(orr)g(e)g(ctness)31 b(pr)-5 -b(op)g(erties)37 b Fu(of)29 b(programs:)41 b(A)29 b(program)f(is)0 -3578 y(partially)j(correct,)k(with)e(resp)s(ect)i(to)f(a)f -(precondition)g(and)h(a)f(p)s(ostcondition,)g(if)g(whenev)m(er)0 -3698 y(the)c(initial)c(state)30 b(ful\014ls)d(the)j(precondition)e(and) -h(the)g(program)e(terminates,)i(then)h(the)f(\014nal)0 -3818 y(state)34 b(is)g(guaran)m(teed)g(to)g(ful\014l)e(the)i(p)s -(ostcondition.)46 b(F)-8 b(or)33 b(our)g(example)h(program)e(w)m(e)j -(ha)m(v)m(e)0 3939 y(the)e(partial)d(correctness)35 b(prop)s(ert)m(y:) -244 4217 y Ft(f)d Fr(x)p Fu(=)p Fr(n)h Ft(^)g Fr(y)p -Fu(=)p Fr(m)g Ft(g)f Fr(z)p Fu(:=)p Fr(x)p Fu(;)h Fr(x)p -Fu(:=)p Fr(y)p Fu(;)h Fr(y)p Fu(:=)p Fr(z)f Ft(f)f Fr(y)p -Fu(=)p Fr(n)h Ft(^)g Fr(x)p Fu(=)p Fr(m)g Ft(g)0 4495 -y Fu(where)k Fr(x)p Fu(=)p Fr(n)f Ft(^)g Fr(y)p Fu(=)p -Fr(m)f Fu(is)g(the)h(precondition)f(and)h Fr(y)p Fu(=)p -Fr(n)g Ft(^)f Fr(x)p Fu(=)p Fr(m)h Fu(is)f(the)h(p)s(ostcondition.)51 -b(The)0 4615 y(names)33 b Fr(n)g Fu(and)g Fr(m)g Fu(are)g(used)h(to)f -(\\remem)m(b)s(er")f(the)h(initial)d(v)-5 b(alues)32 -b(of)h Fr(x)g Fu(and)g Fr(y)p Fu(,)g(resp)s(ectiv)m(ely)-8 -b(.)0 4736 y(The)26 b(state)f([)p Fr(x)p Ft(7!)p Fw(5)p -Fu(,)h Fr(y)p Ft(7!)p Fw(7)p Fu(,)g Fr(z)p Ft(7!)p Fw(0)p -Fu(])f(satis\014es)g(the)h(precondition)d(b)m(y)j(taking)e -Fr(n)p Fu(=)p Fw(5)h Fu(and)f Fr(m)p Fu(=)p Fw(7)h Fu(and)0 -4856 y(when)37 b(w)m(e)h(ha)m(v)m(e)f Fs(pr)-5 b(ove)g(d)46 -b Fu(the)37 b(partial)d(correctness)k(prop)s(ert)m(y)f(w)m(e)g(can)g -(deduce)h(that)e Fs(if)57 b Fu(the)0 4976 y(program)29 -b(terminates)h Fs(then)38 b Fu(it)30 b(will)f(do)h(so)h(in)f(a)h(state) -g(where)h Fr(y)f Fu(is)f Fw(5)h Fu(and)g Fr(x)g Fu(is)f -Fw(7)p Fu(.)43 b(Ho)m(w)m(ev)m(er,)0 5097 y(the)35 b(partial)d -(correctness)37 b(prop)s(ert)m(y)e(do)s(es)g(not)f(ensure)i(that)e(the) -h(program)e Fs(wil)5 b(l)45 b Fu(terminate)0 5217 y(although)31 -b(this)i(is)f(clearly)f(the)i(case)h(for)e(the)h(example)f(program.)146 -5352 y(The)j(axiomatic)c(seman)m(tics)j(pro)m(vides)g(a)g -Fs(lo)-5 b(gic)g(al)35 b(system)40 b Fu(for)34 b(pro)m(ving)f(partial)e -(correct-)0 5473 y(ness)40 b(prop)s(erties)e(of)g(individual)d -(programs.)60 b(A)38 b(pro)s(of)g(of)f(the)i(ab)s(o)m(v)m(e)g(partial)d -(correctness)0 5593 y(prop)s(ert)m(y)d(ma)m(y)g(b)s(e)f(expressed)k(b)m -(y)d(the)g(follo)m(wing)d(\\pro)s(of)i(tree":)p eop -%%Page: 6 16 -6 15 bop 251 130 a Fw(6)2631 b(1)113 b(In)m(tro)s(duction)p -251 193 3473 4 v 577 668 a Ft(f)32 b Fs(p)715 683 y Fn(0)787 -668 y Ft(g)h Fr(z)p Fu(:=)p Fr(x)g Ft(f)f Fs(p)1246 683 -y Fn(1)1318 668 y Ft(g)317 b(f)32 b Fs(p)1823 683 y Fn(1)1895 -668 y Ft(g)h Fr(x)p Fu(:=)p Fr(y)g Ft(f)f Fs(p)2354 683 -y Fn(2)2426 668 y Ft(g)p 527 754 1999 4 v 999 956 a(f)g -Fs(p)1137 971 y Fn(0)1209 956 y Ft(g)g Fr(z)p Fu(:=)p -Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(y)g Ft(f)g Fs(p)1933 -971 y Fn(2)2004 956 y Ft(g)739 b(f)32 b Fs(p)2931 971 -y Fn(2)3003 956 y Ft(g)h Fr(y)p Fu(:=)p Fr(z)g Ft(f)f -Fs(p)3462 971 y Fn(3)3534 956 y Ft(g)p 527 1042 3107 -4 v 1420 1244 a(f)g Fs(p)1558 1259 y Fn(0)1630 1244 y -Ft(g)g Fr(z)p Fu(:=)p Fr(x)p Fu(;)i Fr(x)p Fu(:=)p Fr(y)p -Fu(;)f Fr(y)p Fu(:=)p Fr(z)g Ft(f)f Fs(p)2619 1259 y -Fn(3)2691 1244 y Ft(g)283 1436 y Fu(where)i(w)m(e)g(ha)m(v)m(e)g(used)g -(the)f(abbreviations)577 1608 y Fs(p)633 1623 y Fn(0)772 -1608 y Fu(=)100 b Fr(x)p Fu(=)p Fr(n)33 b Ft(^)f Fr(y)p -Fu(=)p Fr(m)577 1775 y Fs(p)633 1790 y Fn(1)772 1775 -y Fu(=)100 b Fr(z)p Fu(=)p Fr(n)33 b Ft(^)f Fr(y)p Fu(=)p -Fr(m)577 1943 y Fs(p)633 1958 y Fn(2)772 1943 y Fu(=)100 -b Fr(z)p Fu(=)p Fr(n)33 b Ft(^)f Fr(x)p Fu(=)p Fr(m)577 -2111 y Fs(p)633 2126 y Fn(3)772 2111 y Fu(=)100 b Fr(y)p -Fu(=)p Fr(n)33 b Ft(^)f Fr(x)p Fu(=)p Fr(m)283 2303 y -Fu(W)-8 b(e)39 b(ma)m(y)f(view)h(the)f(logical)e(system)j(as)f(a)g(sp)s -(eci\014cation)g(of)g(only)f(certain)h(asp)s(ects)i(of)d(the)283 -2424 y(seman)m(tics.)42 b(It)27 b(usually)f(do)s(es)i(not)e(capture)i -(all)d(asp)s(ects)j(for)e(the)h(simple)f(reason)h(that)g(all)d(the)283 -2544 y(partial)32 b(correctness)k(prop)s(erties)e(listed)g(b)s(elo)m(w) -f(can)i(b)s(e)f(pro)m(v)m(ed)i(using)d(the)i(logical)c(system)283 -2664 y(but)i(certainly)f(w)m(e)i(w)m(ould)e(not)h(regard)f(the)h -(programs)f(as)h(b)s(eha)m(ving)f(in)g(the)h(same)f(w)m(a)m(y:)552 -2832 y Ft(f)h Fr(x)p Fu(=)p Fr(n)f Ft(^)h Fr(y)p Fu(=)p -Fr(m)g Ft(g)g Fr(z)p Fu(:=)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p -Fr(y)p Fu(;)g Fr(y)p Fu(:=)p Fr(z)g Ft(f)f Fr(y)p Fu(=)p -Fr(n)h Ft(^)g Fr(x)p Fu(=)p Fr(m)g Ft(g)550 3000 y(f)d -Fr(x)p Fu(=)p Fr(n)h Ft(^)g Fr(y)p Fu(=)p Fr(m)f Ft(g)h -Fr(if)g(x)p Fu(=)p Fr(y)f(then)i(skip)f(else)h Fu(\()p -Fr(z)p Fu(:=)p Fr(x)p Fu(;)f Fr(x)p Fu(:=)p Fr(y)p Fu(;)h -Fr(y)p Fu(:=)p Fr(z)p Fu(\))f Ft(f)f Fr(y)p Fu(=)p Fr(n)h -Ft(^)f Fr(x)p Fu(=)p Fr(m)h Ft(g)552 3167 y(f)i Fr(x)p -Fu(=)p Fr(n)f Ft(^)h Fr(y)p Fu(=)p Fr(m)g Ft(g)g Fr(while)g(true)h(do)f -(skip)h Ft(f)e Fr(y)p Fu(=)p Fr(n)h Ft(^)g Fr(x)p Fu(=)p -Fr(m)g Ft(g)283 3335 y Fu(The)26 b(b)s(ene\014ts)f(of)f(the)h -(axiomatic)d(approac)m(h)j(are)f(that)g(the)h(logical)c(systems)26 -b(pro)m(vide)f(an)f(easy)283 3455 y(w)m(a)m(y)29 b(of)e(pro)m(ving)g -(prop)s(erties)g(of)g(programs)f(|)h(and)g(to)g(a)g(large)f(exten)m(t)j -(it)d(has)i(b)s(een)g(p)s(ossible)283 3576 y(to)42 b(automate)e(it.)69 -b(Of)41 b(course)i(this)e(is)g(only)g(w)m(orth)m(while)g(if)g(the)h -(axiomatic)d(seman)m(tics)i(is)283 3696 y(faithful)31 -b(to)i(the)g(\\more)f(general")g(\(denotational)f(or)h(op)s -(erational\))f(seman)m(tics)i(w)m(e)g(ha)m(v)m(e)i(in)283 -3816 y(mind)d(and)g(w)m(e)i(shall)d(discuss)j(this)e(in)g(Section)g -(6.3.)283 4104 y Fp(The)45 b(complemen)l(tary)h(view)283 -4289 y Fu(It)30 b(is)g(imp)s(ortan)m(t)e(to)h(note)h(that)g(these)h -(kinds)f(of)g(seman)m(tics)g(are)g Fs(not)39 b Fu(riv)-5 -b(al)28 b(approac)m(hes,)k(but)283 4410 y(are)25 b(di\013eren)m(t)g -(tec)m(hniques)h(appropriate)e(for)g(di\013eren)m(t)h(purp)s(oses)h -(and)e(|)h(to)f(some)g(exten)m(t)i(|)283 4530 y(for)32 -b(di\013eren)m(t)g(programming)c(languages.)43 b(T)-8 -b(o)32 b(stress)h(this,)f(the)g(dev)m(elopmen)m(t)g(will)d(address)283 -4650 y(the)k(follo)m(wing)d(issues:)429 4850 y Ft(\017)48 -b Fu(It)53 b(will)e(dev)m(elop)j(eac)m(h)g(of)e(the)i(approac)m(hes)g -(for)e(a)h(simple)f(language)g(of)g Fr(while)p Fu(-)527 -4970 y(programs.)429 5172 y Ft(\017)c Fu(It)40 b(will)d(illustrate)h -(the)i(p)s(o)m(w)m(er)g(and)g(w)m(eakness)i(of)e(eac)m(h)g(of)f(the)h -(approac)m(hes)h(b)m(y)g(ex-)527 5292 y(tending)33 b(the)g -Fr(while)p Fu(-language)f(with)g(other)h(programming)c(constructs.)429 -5494 y Ft(\017)48 b Fu(It)25 b(will)e(pro)m(v)m(e)j(the)f(relationship) -e(b)s(et)m(w)m(een)k(the)e(approac)m(hes)h(for)f(the)g -Fr(while)p Fu(-language.)p eop -%%Page: 7 17 -7 16 bop 0 130 a Fw(1.2)112 b(The)38 b(example)f(language)h(While)1734 -b(7)p 0 193 3473 4 v 145 515 a Ft(\017)49 b Fu(It)32 -b(will)d(giv)m(e)i(examples)h(of)f(applications)e(of)i(the)h(seman)m -(tic)g(descriptions)f(in)g(order)h(to)244 636 y(illustrate)e(their)i -(merits.)0 967 y Fj(1.2)161 b(The)53 b(example)h(language)g(While)0 -1186 y Fu(This)37 b(b)s(o)s(ok)f(illustrates)e(the)j(v)-5 -b(arious)36 b(forms)f(of)h(seman)m(tics)h(on)f(a)g(v)m(ery)i(simple)d -(imp)s(erativ)m(e)0 1307 y(programming)30 b(language)h(called)g -Fw(While)p Fu(.)42 b(As)33 b(a)g(\014rst)g(step)g(w)m(e)h(m)m(ust)f(sp) -s(ecify)g(its)f(syn)m(tax.)146 1427 y(The)26 b(syn)m(tactic)g(notation) -d(w)m(e)j(use)f(is)g(based)g(on)g(BNF.)g(First)e(w)m(e)j(list)d(the)j -(v)-5 b(arious)24 b Fs(syntac-)0 1548 y(tic)29 b(c)-5 -b(ate)g(gories)33 b Fu(and)26 b(giv)m(e)f(a)h(meta-v)-5 -b(ariable)23 b(that)i(will)f(b)s(e)i(used)h(to)e(range)h(o)m(v)m(er)h -Fs(c)-5 b(onstructs)34 b Fu(of)0 1668 y(eac)m(h)f(category)-8 -b(.)44 b(F)-8 b(or)32 b(our)g(language)g(the)h(meta-v)-5 -b(ariables)30 b(and)j(categories)f(are)h(as)f(follo)m(ws:)244 -1865 y Fs(n)40 b Fu(will)30 b(range)i(o)m(v)m(er)i(n)m(umerals,)e -Fw(Num)p Fu(,)244 2032 y Fs(x)44 b Fu(will)30 b(range)j(o)m(v)m(er)h(v) --5 b(ariables,)31 b Fw(V)-9 b(ar)p Fu(,)244 2200 y Fs(a)40 -b Fu(will)30 b(range)i(o)m(v)m(er)i(arithmetic)d(expressions,)j -Fw(Aexp)p Fu(,)244 2367 y Fs(b)k Fu(will)31 b(range)h(o)m(v)m(er)i(b)s -(o)s(olean)d(expressions,)j Fw(Bexp)p Fu(,)f(and)244 -2535 y Fs(S)44 b Fu(will)30 b(range)j(o)m(v)m(er)h(statemen)m(ts,)f -Fw(Stm)p Fu(.)0 2732 y(The)k(meta-v)-5 b(ariables)34 -b(can)i(b)s(e)h(primed)e(or)g(subscripted.)56 b(So,)37 -b(for)f(example,)g Fs(n)7 b Fu(,)37 b Fs(n)3117 2696 -y Fi(0)3141 2732 y Fu(,)g Fs(n)3267 2747 y Fn(1)3307 -2732 y Fu(,)g Fs(n)3433 2747 y Fn(2)0 2852 y Fu(all)30 -b(stand)k(for)e(n)m(umerals.)146 2972 y(W)-8 b(e)31 b(assume)g(that)f -(the)h(structure)g(of)f(n)m(umerals)g(and)g(v)-5 b(ariables)29 -b(is)h(giv)m(en)g(elsewhere;)j(for)0 3093 y(example)38 -b(n)m(umerals)f(migh)m(t)g(b)s(e)h(strings)g(of)g(digits,)g(and)g(v)-5 -b(ariables)37 b(strings)h(of)f(letters)h(and)0 3213 y(digits)31 -b(starting)h(with)g(a)g(letter.)43 b(The)34 b(structure)g(of)e(the)h -(other)f(constructs)j(is:)294 3401 y Fs(a)116 b Fu(::=)100 -b Fs(n)40 b Ft(j)32 b Fs(x)44 b Ft(j)32 b Fs(a)1051 3416 -y Fn(1)1124 3401 y Fu(+)g Fs(a)1289 3416 y Fn(2)1361 -3401 y Ft(j)g Fs(a)1478 3416 y Fn(1)1551 3401 y Fo(?)g -Fs(a)1689 3416 y Fn(2)1761 3401 y Ft(j)g Fs(a)1878 3416 -y Fn(1)1950 3401 y Ft(\000)h Fs(a)2117 3416 y Fn(2)294 -3569 y Fs(b)121 b Fu(::=)100 b Fr(true)33 b Ft(j)g Fr(false)g -Ft(j)g Fs(a)1394 3584 y Fn(1)1466 3569 y Fu(=)f Fs(a)1631 -3584 y Fn(2)1703 3569 y Ft(j)h Fs(a)1821 3584 y Fn(1)1893 -3569 y Ft(\024)g Fs(a)2060 3584 y Fn(2)2132 3569 y Ft(j)f(:)q -Fs(b)38 b Ft(j)32 b Fs(b)2453 3584 y Fn(1)2525 3569 y -Ft(^)h Fs(b)2675 3584 y Fn(2)294 3737 y Fs(S)111 b Fu(::=)100 -b Fs(x)44 b Fu(:=)33 b Fs(a)39 b Ft(j)33 b Fr(skip)g -Ft(j)f Fs(S)1429 3752 y Fn(1)1501 3737 y Fu(;)h Fs(S)1628 -3752 y Fn(2)1700 3737 y Ft(j)f Fr(if)h Fs(b)38 b Fr(then)c -Fs(S)2283 3752 y Fn(1)2355 3737 y Fr(else)f Fs(S)2659 -3752 y Fn(2)511 3904 y Ft(j)151 b Fr(while)34 b Fs(b)k -Fr(do)33 b Fs(S)0 4094 y Fu(Th)m(us,)39 b(a)e(b)s(o)s(olean)e -(expression)j Fs(b)43 b Fu(can)37 b(only)f(ha)m(v)m(e)i(one)f(of)f(six) -h(forms.)55 b(It)37 b(is)f(called)g(a)g Fs(b)-5 b(asis)0 -4214 y(element)37 b Fu(if)27 b(it)h(is)g Fr(true)h Fu(or)f -Fr(false)i Fu(or)e(has)h(the)g(form)e Fs(a)2002 4229 -y Fn(1)2074 4214 y Fu(=)33 b Fs(a)2240 4229 y Fn(2)2308 -4214 y Fu(or)28 b Fs(a)2480 4229 y Fn(1)2552 4214 y Ft(\024)33 -b Fs(a)2719 4229 y Fn(2)2787 4214 y Fu(where)d Fs(a)3122 -4229 y Fn(1)3190 4214 y Fu(and)f Fs(a)3433 4229 y Fn(2)0 -4335 y Fu(are)35 b(arithmetic)f(expressions.)54 b(It)35 -b(is)g(called)g(a)g Fs(c)-5 b(omp)g(osite)36 b(element)44 -b Fu(if)35 b(it)f(has)i(the)g(form)e Ft(:)q Fs(b)0 4455 -y Fu(where)g Fs(b)k Fu(is)31 b(a)h(b)s(o)s(olean)f(expression,)j(or)e -(the)h(form)e Fs(b)1971 4470 y Fn(1)2042 4455 y Ft(^)i -Fs(b)2192 4470 y Fn(2)2263 4455 y Fu(where)h Fs(b)2596 -4470 y Fn(1)2668 4455 y Fu(and)e Fs(b)2908 4470 y Fn(2)2980 -4455 y Fu(are)g(b)s(o)s(olean)0 4576 y(expressions.)45 -b(Similar)29 b(remarks)k(apply)f(to)h(arithmetic)d(expressions)k(and)f -(statemen)m(ts.)146 4696 y(The)g(sp)s(eci\014cation)e(ab)s(o)m(v)m(e)i -(de\014nes)g(the)f Fs(abstr)-5 b(act)34 b(syntax)44 b -Fu(of)31 b Fw(While)f Fu(in)h(that)g(it)g(simply)0 4816 -y(sa)m(ys)39 b(ho)m(w)g(to)e(build)f(arithmetic)g(expressions,)41 -b(b)s(o)s(olean)36 b(expressions)k(and)d(statemen)m(ts)i(in)0 -4937 y(the)d(language.)51 b(One)36 b(w)m(a)m(y)h(to)e(think)g(of)g(the) -h(abstract)g(syn)m(tax)h(is)e(as)h(sp)s(ecifying)f(the)h(parse)0 -5057 y(trees)42 b(of)f(the)h(language)e(and)i(it)e(will)f(then)j(b)s(e) -g(the)f(purp)s(ose)h(of)f(the)h Fs(c)-5 b(oncr)g(ete)42 -b(syntax)54 b Fu(to)0 5177 y(pro)m(vide)33 b(su\016cien)m(t)h -(information)29 b(that)j(enable)h(unique)g(parse)g(trees)h(to)e(b)s(e)h -(constructed.)146 5298 y(So)g(giv)m(en)g(the)g(string)e(of)i(c)m -(haracters:)244 5494 y Fr(z)p Fu(:=)p Fr(x)p Fu(;)g Fr(x)p -Fu(:=)p Fr(y)p Fu(;)g Fr(y)p Fu(:=)p Fr(z)p eop -%%Page: 8 18 -8 17 bop 251 130 a Fw(8)2631 b(1)113 b(In)m(tro)s(duction)p -251 193 3473 4 v 283 515 a Fu(the)47 b(concrete)h(syn)m(tax)g(of)d(the) -i(language)e(m)m(ust)i(b)s(e)f(able)g(to)g(resolv)m(e)h(whic)m(h)g(of)e -(the)i(t)m(w)m(o)283 636 y(abstract)33 b(syn)m(tax)i(trees)e(b)s(elo)m -(w)f(it)g(is)g(in)m(tended)h(to)g(represen)m(t:)2799 -794 y Fs(S)2467 1209 y(S)285 b Fu(;)297 b Fs(S)2733 918 -y Fq(\000)2650 1001 y(\000)2567 1084 y(\000)2525 1126 -y(\000)p 2814 1126 4 291 v 2816 918 a(@)2899 1001 y(@)2982 -1084 y(@)3023 1126 y(@)2218 1624 y Fs(S)202 b Fu(;)214 -b Fs(S)2421 1333 y Fq(\023)2359 1416 y(\023)2297 1499 -y(\023)2276 1527 y(\023)p 2482 1541 V 2484 1333 a(S)2546 -1416 y(S)2608 1499 y(S)2629 1527 y(S)2027 2039 y Fr(z)115 -b Fu(:=)63 b Fs(a)2359 2288 y Fr(x)2193 1748 y Fq(\001)2151 -1831 y(\001)2110 1914 y(\001)2093 1948 y(\001)p 2233 -1956 V 2234 1748 a(A)2276 1831 y(A)2318 1914 y(A)2334 -1948 y(A)p 2382 2205 4 125 v 2525 2039 a Fr(x)115 b Fu(:=)63 -b Fs(a)2857 2288 y Fr(y)2691 1748 y Fq(\001)2650 1831 -y(\001)2608 1914 y(\001)2591 1948 y(\001)p 2731 1956 -4 291 v 2733 1748 a(A)2774 1831 y(A)2816 1914 y(A)2832 -1948 y(A)p 2880 2205 4 125 v 2940 1624 a Fr(y)115 b Fu(:=)63 -b Fs(a)3272 1873 y Fr(z)3106 1333 y Fq(\001)3065 1416 -y(\001)3023 1499 y(\001)3007 1533 y(\001)p 3146 1541 -4 291 v 3148 1333 a(A)3189 1416 y(A)3231 1499 y(A)3247 -1533 y(A)p 3296 1790 4 125 v 973 794 a Fs(S)906 918 y -Fq(\000)823 1001 y(\000)740 1084 y(\000)699 1126 y(\000)640 -1209 y Fs(S)616 1333 y Fq(\001)574 1416 y(\001)533 1499 -y(\001)516 1533 y(\001)474 1624 y Fr(z)p 655 1541 4 291 -v 91 w Fu(:=)657 1333 y Fq(A)699 1416 y(A)740 1499 y(A)757 -1533 y(A)782 1624 y Fs(a)p 805 1790 4 125 v 782 1873 -a Fr(x)p 987 1126 4 291 v 981 1209 a Fu(;)989 918 y Fq(@)1072 -1001 y(@)1155 1084 y(@)1197 1126 y(@)1305 1209 y Fs(S)1259 -1333 y Fq(\023)1197 1416 y(\023)1134 1499 y(\023)1114 -1527 y(\023)1554 1624 y Fs(S)890 2039 y Fr(x)90 b Fu(:=)63 -b Fs(a)1197 2288 y Fr(y)1031 1748 y Fq(\001)989 1831 -y(\001)948 1914 y(\001)931 1948 y(\001)p 1071 1956 V -1072 1748 a(A)1114 1831 y(A)1155 1914 y(A)1172 1948 y(A)p -1220 2205 4 125 v 1320 1541 4 291 v 1313 1624 a Fu(;)1321 -1333 y Fq(S)1384 1416 y(S)1446 1499 y(S)1467 1527 y(S)1056 -1624 y Fs(S)1388 2039 y Fr(y)90 b Fu(:=)63 b Fs(a)1695 -2288 y Fr(z)1529 1748 y Fq(\001)1487 1831 y(\001)1446 -1914 y(\001)1429 1948 y(\001)p 1569 1956 V 1570 1748 -a(A)1612 1831 y(A)1653 1914 y(A)1670 1948 y(A)p 1718 -2205 4 125 v 283 2622 a Fu(In)37 b(this)f(b)s(o)s(ok)g(w)m(e)h(shall)e -Fs(not)46 b Fu(b)s(e)37 b(concerned)h(with)e(concrete)h(syn)m(tax.)57 -b(Whenev)m(er)38 b(w)m(e)g(talk)283 2742 y(ab)s(out)47 -b(syn)m(tactic)i(en)m(tities)e(suc)m(h)h(as)g(arithmetic)d -(expressions,)53 b(b)s(o)s(olean)46 b(expressions)j(or)283 -2863 y(statemen)m(ts)e(w)m(e)g(will)c(alw)m(a)m(ys)k(b)s(e)f(talking)e -(ab)s(out)h(the)h(abstract)g(syn)m(tax)h(so)f(there)h(is)e(no)283 -2983 y(am)m(biguit)m(y)g(with)g(resp)s(ect)i(to)e(the)h(form)f(of)g -(the)h(en)m(tit)m(y)-8 b(.)84 b(In)46 b(particular,)h(the)f(t)m(w)m(o)h -(trees)283 3103 y(ab)s(o)m(v)m(e)34 b(are)e(b)s(oth)h(elemen)m(ts)g(of) -f(the)h(syn)m(tactic)g(category)g Fw(Stm)p Fu(.)430 3224 -y(It)e(is)g(rather)g(cum)m(b)s(ersome)g(to)g(use)h(the)g(graphical)d -(represen)m(tation)j(of)f(abstract)g(syn)m(tax)283 3344 -y(and)i(w)m(e)h(shall)d(therefore)i(use)h(a)e(linear)f(notation.)42 -b(So)33 b(w)m(e)g(shall)e(write)527 3528 y Fr(z)p Fu(:=)p -Fr(x)p Fu(;)i(\()p Fr(x)p Fu(:=)p Fr(y)p Fu(;)h Fr(y)p -Fu(:=)p Fr(z)p Fu(\))283 3712 y(for)e(the)i(leftmost)d(syn)m(tax)j -(tree)f(and)527 3897 y(\()p Fr(z)p Fu(:=)p Fr(x)p Fu(;)g -Fr(x)p Fu(:=)p Fr(y)p Fu(\);)g Fr(y)p Fu(:=)p Fr(z)283 -4081 y Fu(for)i(the)h(righ)m(tmost)e(one.)52 b(F)-8 b(or)35 -b(statemen)m(ts)h(one)g(often)f(writes)g(the)h(brac)m(k)m(ets)i(as)d -Fr(begin)i Ft(\001)17 b(\001)g(\001)283 4201 y Fr(end)41 -b Fu(but)e(w)m(e)h(shall)e(feel)h(free)h(to)f(use)h(\()33 -b Ft(\001)17 b(\001)g(\001)30 b Fu(\))39 b(in)g(this)g(b)s(o)s(ok.)63 -b(Similarly)-8 b(,)37 b(w)m(e)k(use)f(brac)m(k)m(ets)283 -4322 y(\()33 b Ft(\001)17 b(\001)g(\001)31 b Fu(\))e(to)f(resolv)m(e)i -(am)m(biguities)d(for)i(elemen)m(ts)g(in)f(the)i(other)f(syn)m(tactic)h -(categories.)42 b(T)-8 b(o)29 b(cut)283 4442 y(do)m(wn)k(on)e(the)h(n)m -(um)m(b)s(er)g(of)f(brac)m(k)m(ets)i(needed)g(w)m(e)f(shall)e(allo)m(w) -g(to)h(use)i(the)e(familiar)d(relativ)m(e)283 4562 y(binding)j(p)s(o)m -(w)m(ers)j(\(precedences\))h(of)c(+,)i Fo(?)e Fu(and)i -Ft(\000)f Fu(etc.)44 b(and)32 b(so)h(write)f Fr(1)p Fu(+)p -Fr(x)p Fo(?)p Fr(2)g Fu(for)g Fr(1)p Fu(+\()p Fr(x)p -Fo(?)p Fr(2)p Fu(\))283 4683 y(but)h(not)g(for)f(\()p -Fr(1)p Fu(+)p Fr(x)p Fu(\))p Fo(?)p Fr(2)p Fu(.)283 4885 -y Fw(Exercise)37 b(1.1)49 b Fu(The)33 b(follo)m(wing)d(statemen)m(t)j -(is)f(in)g Fw(While)p Fu(:)527 5070 y Fr(y)p Fu(:=)p -Fr(1)p Fu(;)h Fr(while)h Ft(:)q Fu(\()p Fr(x)p Fu(=)p -Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p -Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p -Fr(1)p Fu(\))283 5254 y(It)23 b(computes)h(the)f(factorial)d(of)j(the)g -(initial)c(v)-5 b(alue)22 b(b)s(ound)h(to)g Fr(x)g Fu(\(pro)m(vided)g -(that)f(it)g(is)h(p)s(ositiv)m(e\))283 5374 y(and)34 -b(the)f(result)g(will)e(b)s(e)i(the)g(\014nal)f(v)-5 -b(alue)33 b(of)f Fr(y)p Fu(.)45 b(Dra)m(w)33 b(a)g(graphical)e -(represen)m(tation)j(of)e(the)283 5494 y(abstract)h(syn)m(tax)i(tree.) -2516 b Fh(2)p eop -%%Page: 9 19 -9 18 bop 0 130 a Fw(1.3)112 b(Seman)m(tics)37 b(of)g(expressions)1956 -b(9)p 0 193 3473 4 v 0 515 a(Exercise)36 b(1.2)49 b Fu(Assume)42 -b(that)e(the)h(initial)c(v)-5 b(alue)40 b(of)g(the)h(v)-5 -b(ariable)39 b Fr(x)i Fu(is)f Fs(n)48 b Fu(and)41 b(that)f(the)0 -636 y(initial)31 b(v)-5 b(alue)34 b(of)g Fr(y)h Fu(is)f -Fs(m)7 b Fu(.)49 b(W)-8 b(rite)34 b(a)g(statemen)m(t)h(in)f -Fw(While)f Fu(that)h(assigns)h Fr(z)g Fu(the)g(v)-5 b(alue)34 -b(of)g Fs(n)0 756 y Fu(to)e(the)h(p)s(o)m(w)m(er)h(of)e -Fs(m)7 b Fu(,)33 b(that)f(is)244 984 y Fo(n)22 b(?)g -Ft(\001)17 b(\001)g(\001)k Fo(?)g(n)244 1019 y Fg(|)p -281 1019 135 10 v 135 w({z)p 490 1019 V 135 w(})279 1124 -y Fs(m)40 b Fu(times)0 1317 y(Giv)m(e)32 b(a)h(linear)e(as)h(w)m(ell)g -(as)h(a)f(graphical)f(represen)m(tation)i(of)f(the)h(abstract)g(syn)m -(tax.)275 b Fh(2)146 1579 y Fu(The)37 b(seman)m(tics)g(of)e -Fw(While)g Fu(is)g(giv)m(en)h(b)m(y)h(de\014ning)f(so-called)f -Fs(semantic)i(functions)44 b Fu(for)0 1700 y(eac)m(h)i(of)f(the)h(syn)m -(tactic)g(categories.)81 b(The)47 b(idea)d(is)h(that)g(a)g(seman)m(tic) -g(function)g(tak)m(es)i(a)0 1820 y(syn)m(tactic)40 b(en)m(tit)m(y)f(as) -g(argumen)m(t)f(and)h(returns)h(its)e(meaning.)60 b(The)40 -b(op)s(erational,)e(denota-)0 1940 y(tional)24 b(and)j(axiomatic)c -(approac)m(hes)28 b(men)m(tioned)e(earlier)f(will)f(b)s(e)i(used)i(to)e -(sp)s(ecify)h(seman)m(tic)0 2061 y(functions)34 b(for)f(the)i(statemen) -m(ts)f(of)g Fw(While)p Fu(.)46 b(F)-8 b(or)33 b(n)m(umerals,)h -(arithmetic)e(expressions)j(and)0 2181 y(b)s(o)s(olean)c(expressions)j -(the)f(seman)m(tic)g(functions)f(are)h(sp)s(eci\014ed)g(once)h(and)e -(for)g(all)f(b)s(elo)m(w.)0 2544 y Fj(1.3)161 b(Seman)l(tics)52 -b(of)i(expressions)0 2773 y Fu(Before)38 b(em)m(barking)g(on)g(sp)s -(ecifying)f(the)i(seman)m(tics)f(of)g(the)g(arithmetic)e(and)i(b)s(o)s -(olean)f(ex-)0 2893 y(pressions)f(of)e Fw(While)g Fu(let)g(us)h(ha)m(v) -m(e)i(a)d(brief)h(lo)s(ok)e(at)i(the)g(n)m(umerals;)h(this)f(will)d -(presen)m(t)37 b(the)0 3014 y(main)31 b(ingredien)m(ts)i(of)g(the)h -(approac)m(h)f(in)g(a)g(v)m(ery)h(simple)e(setting.)45 -b(So)33 b(assume)h(for)e(the)i(mo-)0 3134 y(men)m(t)42 -b(that)g(the)g(n)m(umerals)g(are)g(in)f(the)h Fs(binary)50 -b Fu(system.)73 b(Their)42 b(abstract)g(syn)m(tax)i(could)0 -3254 y(then)33 b(b)s(e)g(sp)s(eci\014ed)g(b)m(y:)244 -3482 y Fs(n)40 b Fu(::=)32 b Fr(0)h Ft(j)f Fr(1)h Ft(j)f -Fs(n)40 b Fr(0)33 b Ft(j)f Fs(n)40 b Fr(1)0 3710 y Fu(In)47 -b(order)g(to)f(determine)h(the)g(n)m(um)m(b)s(er)g(represen)m(ted)i(b)m -(y)f(a)f(n)m(umeral)f(w)m(e)h(shall)f(de\014ne)i(a)0 -3830 y(function)244 4058 y Ft(N)14 b Fu(:)44 b Fw(Num)32 -b Ft(!)g Fw(Z)0 4286 y Fu(This)f(is)g(called)e(a)i Fs(semantic)h -(function)38 b Fu(as)32 b(it)d(de\014nes)k(the)f(seman)m(tics)f(of)f -(the)h(n)m(umerals.)43 b(W)-8 b(e)0 4406 y(w)m(an)m(t)42 -b Ft(N)56 b Fu(to)41 b(b)s(e)g(a)g Fs(total)i(function)49 -b Fu(b)s(ecause)42 b(w)m(e)g(w)m(an)m(t)h(to)d(determine)h(a)g(unique)h -(n)m(um)m(b)s(er)0 4527 y(for)36 b(eac)m(h)h(n)m(umeral)f(of)g -Fw(Num)p Fu(.)54 b(If)36 b Fs(n)44 b Ft(2)37 b Fw(Num)e -Fu(then)i(w)m(e)h(write)e Ft(N)14 b Fu([)-17 b([)q Fs(n)7 -b Fu(])-17 b(])37 b(for)f(the)h(application)0 4647 y(of)i -Ft(N)53 b Fu(to)39 b Fs(n)7 b Fu(,)41 b(that)e(is)g(for)g(the)h -(corresp)s(onding)f(n)m(um)m(b)s(er.)64 b(In)39 b(general,)i(the)e -(application)e(of)0 4767 y(a)k(seman)m(tic)g(function)g(to)g(a)g(syn)m -(tactic)h(en)m(tit)m(y)g(will)d(b)s(e)j(written)f(within)f(the)i(\\syn) -m(tactic")0 4888 y(brac)m(k)m(ets)34 b(`[)-17 b([)q(')32 -b(and)g(`])-17 b(])q(')32 b(rather)h(than)f(the)g(more)g(usual)g(`\(')g -(and)g(`\)'.)44 b(These)34 b(brac)m(k)m(ets)g(ha)m(v)m(e)f(no)0 -5008 y(sp)s(ecial)c(meaning)f(but)i(throughout)f(this)h(b)s(o)s(ok)f(w) -m(e)i(shall)d(enclose)i(syn)m(tactic)h(argumen)m(ts)f(to)0 -5128 y(seman)m(tic)23 b(functions)g(using)g(the)h(\\syn)m(tactic")g -(brac)m(k)m(ets)h(whereas)g(w)m(e)f(use)h(ordinary)d(brac)m(k)m(ets)0 -5249 y(\(or)32 b(juxtap)s(ositioning\))e(in)i(all)e(other)j(cases.)146 -5374 y(The)28 b(seman)m(tic)f(function)g Ft(N)41 b Fu(is)27 -b(de\014ned)h(b)m(y)g(the)f(follo)m(wing)e Fs(semantic)k(clauses)34 -b Fu(\(or)27 b Fs(e)-5 b(qua-)0 5494 y(tions)p Fu(\):)p -eop -%%Page: 10 20 -10 19 bop 251 130 a Fw(10)2575 b(1)113 b(In)m(tro)s(duction)p -251 193 3473 4 v 577 500 a Ft(N)15 b Fu([)-17 b([)p Fr(0)p -Fu(])g(])195 b(=)100 b Fw(0)577 668 y Ft(N)15 b Fu([)-17 -b([)p Fr(1)p Fu(])g(])195 b(=)100 b Fw(1)577 835 y Ft(N)15 -b Fu([)-17 b([)p Fs(n)40 b Fr(0)p Fu(])-17 b(])100 b(=)g -Fw(2)32 b Ff(?)h Ft(N)15 b Fu([)-17 b([)p Fs(n)7 b Fu(])-17 -b(])577 1003 y Ft(N)15 b Fu([)-17 b([)p Fs(n)40 b Fr(1)p -Fu(])-17 b(])100 b(=)g Fw(2)32 b Ff(?)h Ft(N)15 b Fu([)-17 -b([)p Fs(n)7 b Fu(])-17 b(])34 b(+)e Fw(1)283 1205 y -Fu(Here)38 b Fw(0)e Fu(and)h Fw(1)g Fu(are)f(n)m(um)m(b)s(ers,)j(that)d -(is)g(elemen)m(ts)h(of)g Fw(Z)p Fu(.)g(F)-8 b(urthermore,)37 -b Ff(?)g Fu(and)f(+)h(are)f(the)283 1326 y(usual)e(arithmetic)e(op)s -(erations)h(on)h(n)m(um)m(b)s(ers.)48 b(The)35 b(ab)s(o)m(v)m(e)f -(de\014nition)f(is)h(an)f(example)h(of)f(a)283 1446 y -Fs(c)-5 b(omp)g(ositional)45 b Fu(de\014nition;)37 b(this)f(means)g -(that)g(for)g(eac)m(h)h(p)s(ossible)f(w)m(a)m(y)h(of)f(constructing)g -(a)283 1566 y(n)m(umeral)f(it)f(tells)h(ho)m(w)h(the)g(corresp)s -(onding)f(n)m(um)m(b)s(er)h(is)f(obtained)g(from)f(the)i(meanings)e(of) -283 1687 y(the)f Fs(sub)p Fu(constructs.)283 1924 y Fw(Example)k(1.3)49 -b Fu(W)-8 b(e)25 b(can)f(calculate)g(the)g(n)m(um)m(b)s(er)h -Ft(N)14 b Fu([)-17 b([)q Fr(101)p Fu(])g(])26 b(corresp)s(onding)e(to)g -(the)h(n)m(umeral)283 2044 y Fr(101)34 b Fu(as)f(follo)m(ws:)527 -2254 y Ft(N)15 b Fu([)-17 b([)p Fr(101)p Fu(])g(])34 -b(=)f Fw(2)f Ff(?)h Ft(N)14 b Fu([)-17 b([)q Fr(10)p -Fu(])g(])34 b(+)e Fw(1)885 2421 y Fu(=)h Fw(2)f Ff(?)h -Fu(\()p Fw(2)f Ff(?)h Ft(N)15 b Fu([)-17 b([)p Fr(1)p -Fu(])g(])q(\))33 b(+)f Fw(1)885 2589 y Fu(=)h Fw(2)f -Ff(?)h Fu(\()p Fw(2)f Ff(?)h Fw(1)p Fu(\))g(+)f Fw(1)885 -2756 y Fu(=)h Fw(5)283 2966 y Fu(Note)g(that)g(the)g(string)e -Fr(101)j Fu(is)e(decomp)s(osed)h(according)f(to)g(the)h(syn)m(tax)h -(for)e(n)m(umerals.)79 b Fh(2)430 3202 y Fu(So)27 b(far)g(w)m(e)i(ha)m -(v)m(e)g(only)e Fs(claime)-5 b(d)36 b Fu(that)28 b(the)f(de\014nition)g -(of)g Ft(N)42 b Fu(giv)m(es)28 b(rise)f(to)g(a)h(w)m(ell-de\014ned)283 -3322 y(total)37 b(function.)58 b(W)-8 b(e)38 b(shall)f(no)m(w)h(presen) -m(t)i(a)d Fs(formal)i(pr)-5 b(o)g(of)58 b Fu(sho)m(wing)38 -b(that)g(this)f(is)h(indeed)283 3443 y(the)33 b(case.)p -283 3564 3473 5 v 283 3745 a Fw(F)-9 b(act)38 b(1.4)49 -b Fu(The)33 b(ab)s(o)m(v)m(e)h(equations)f(for)f Ft(N)14 -b Fu(,)33 b(de\014ne)g(a)g(total)e(function)h Ft(N)14 -b Fu(:)44 b Fw(Num)31 b Ft(!)i Fw(Z)p Fu(.)p 283 3866 -V 283 4075 a Fw(Pro)s(of:)38 b Fu(W)-8 b(e)33 b(ha)m(v)m(e)h(a)e(total) -f(function)h Ft(N)14 b Fu(,)33 b(if)e(for)i(all)d(argumen)m(ts)j -Fs(n)39 b Ft(2)33 b Fw(Num)552 4242 y Fu(there)g(is)g(exactly)g(one)f -(n)m(um)m(b)s(er)h Fw(n)g Ft(2)g Fw(Z)g Fu(suc)m(h)h(that)f -Ft(N)14 b Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])33 b(=)f -Fw(n)699 b Fu(\(*\))283 4410 y(Giv)m(en)38 b(a)f(n)m(umeral)g -Fs(n)44 b Fu(it)37 b(can)h(ha)m(v)m(e)g(one)g(of)f(four)g(forms:)53 -b(it)36 b(can)i(b)s(e)g(a)f(basis)g(elemen)m(t)h(and)283 -4530 y(then)33 b(it)e(is)g(equal)g(to)h Fr(0)g Fu(or)f -Fr(1)p Fu(,)h(or)g(it)f(can)h(b)s(e)g(a)f(comp)s(osite)g(elemen)m(t)g -(and)h(then)h(it)d(is)i(equal)f(to)283 4651 y Fs(n)345 -4615 y Fi(0)369 4651 y Fr(0)d Fu(or)g Fs(n)625 4615 y -Fi(0)649 4651 y Fr(1)g Fu(for)g(some)g(other)g(n)m(umeral)f -Fs(n)1797 4615 y Fi(0)1821 4651 y Fu(.)42 b(So,)29 b(in)e(order)h(to)g -(pro)m(v)m(e)h(\(*\))f(w)m(e)h(ha)m(v)m(e)h(to)e(consider)283 -4771 y(all)j(four)h(p)s(ossibilities.)430 4893 y(The)37 -b(pro)s(of)f(will)e(b)s(e)i(conducted)i(b)m(y)f Fs(induction)44 -b Fu(on)36 b(the)h Fs(structur)-5 b(e)44 b Fu(of)36 b(the)h(n)m(umeral) -f Fs(n)7 b Fu(.)283 5013 y(In)33 b(the)f Fs(b)-5 b(ase)33 -b(c)-5 b(ase)39 b Fu(w)m(e)33 b(pro)m(v)m(e)g(\(*\))e(for)g(the)i -(basis)e(elemen)m(ts)h(of)g Fw(Num)p Fu(,)f(that)h(is)f(for)g(the)h -(cases)283 5133 y(where)41 b Fs(n)47 b Fu(is)39 b Fr(0)h -Fu(or)f Fr(1)p Fu(.)64 b(In)40 b(the)g Fs(induction)h(step)k -Fu(w)m(e)40 b(consider)g(the)g(comp)s(osite)f(elemen)m(ts)g(of)283 -5254 y Fw(Num)p Fu(,)32 b(that)f(is)g(the)i(cases)g(where)g -Fs(n)39 b Fu(is)31 b Fs(n)1839 5218 y Fi(0)1862 5254 -y Fr(0)h Fu(or)g Fs(n)2126 5218 y Fi(0)2149 5254 y Fr(1)p -Fu(.)44 b(The)32 b(induction)f(h)m(yp)s(othesis)i(will)c(then)283 -5374 y(allo)m(w)35 b(us)i(to)f(assume)h(that)g(\(*\))f(holds)g(for)g -(the)h(immediate)c(constituen)m(t)k(of)f Fs(n)7 b Fu(,)38 -b(that)e(is)g Fs(n)3705 5338 y Fi(0)3729 5374 y Fu(.)283 -5494 y(W)-8 b(e)42 b(shall)f(then)h(pro)m(v)m(e)h(that)e(\(*\))g(holds) -g(for)g Fs(n)7 b Fu(.)71 b(It)42 b(then)g(follo)m(ws)e(that)i(\(*\))f -(holds)g(for)g(all)p eop -%%Page: 11 21 -11 20 bop 0 130 a Fw(1.3)112 b(Seman)m(tics)37 b(of)g(expressions)1900 -b(11)p 0 193 3473 4 v 0 515 a Fu(n)m(umerals)32 b Fs(n)40 -b Fu(b)s(ecause)34 b(an)m(y)f(n)m(umeral)f Fs(n)39 b -Fu(can)33 b(b)s(e)g(constructed)h(in)e(that)h(w)m(a)m(y)-8 -b(.)0 683 y Fw(The)31 b(case)h Fs(n)38 b Fu(=)31 b Fr(0)p -Fu(:)43 b(Only)31 b(one)g(of)g(the)g(seman)m(tic)g(clauses)h -(de\014ning)f Ft(N)45 b Fu(can)32 b(b)s(e)f(used)h(and)f(it)0 -803 y(giv)m(es)37 b Ft(N)14 b Fu([)-17 b([)q Fs(n)7 b -Fu(])-17 b(])37 b(=)f Fw(0)p Fu(.)55 b(So)36 b(clearly)f(there)i(is)f -(exactly)h(one)g(n)m(um)m(b)s(er)f Fw(n)h Fu(in)f Fw(Z)g -Fu(\(namely)g Fw(0)p Fu(\))g(suc)m(h)0 924 y(that)c Ft(N)15 -b Fu([)-17 b([)p Fs(n)7 b Fu(])-17 b(])34 b(=)e Fw(n)p -Fu(.)0 1091 y Fw(The)h(case)g Fs(n)40 b Fu(=)32 b Fr(1)h -Fu(is)f(similar)d(and)k(w)m(e)h(omit)c(the)j(details.)0 -1259 y Fw(The)k(case)h Fs(n)44 b Fu(=)36 b Fs(n)738 1223 -y Fi(0)762 1259 y Fr(0)p Fu(:)52 b(Insp)s(ection)37 b(of)g(the)g -(clauses)g(de\014ning)g Ft(N)51 b Fu(sho)m(ws)39 b(that)d(only)h(one)g -(of)0 1379 y(the)44 b(clauses)h(is)f(applicable)e(and)i(w)m(e)h(ha)m(v) -m(e)g Ft(N)15 b Fu([)-17 b([)p Fs(n)7 b Fu(])-17 b(])45 -b(=)f Fw(2)g Ff(?)g Ft(N)15 b Fu([)-17 b([)p Fs(n)2486 -1343 y Fi(0)2510 1379 y Fu(])g(].)78 b(W)-8 b(e)45 b(can)f(no)m(w)h -(apply)0 1500 y(the)38 b(induction)e(h)m(yp)s(othesis)j(to)d -Fs(n)1282 1464 y Fi(0)1343 1500 y Fu(and)i(get)f(that)g(there)h(is)f -(exactly)h(one)f(n)m(um)m(b)s(er)h Fw(n)3224 1464 y Fi(0)3285 -1500 y Fu(suc)m(h)0 1620 y(that)32 b Ft(N)14 b Fu([)-17 -b([)q Fs(n)407 1584 y Fi(0)431 1620 y Fu(])g(])32 b(=)g -Fw(n)670 1584 y Fi(0)694 1620 y Fu(.)43 b(But)33 b(then)g(it)e(is)h -(clear)f(that)h(there)h(is)f(exactly)h(one)f(n)m(um)m(b)s(er)h -Fw(n)f Fu(\(namely)0 1741 y Fw(2)h Ff(?)f Fw(n)240 1704 -y Fi(0)264 1741 y Fu(\))g(suc)m(h)i(that)f Ft(N)14 b -Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])33 b(=)g Fw(n)p -Fu(.)0 1908 y Fw(The)g(case)g Fs(n)40 b Fu(=)32 b Fs(n)721 -1872 y Fi(0)745 1908 y Fr(1)h Fu(is)f(similar)d(and)k(w)m(e)g(omit)e -(the)i(details.)1117 b Fh(2)146 2121 y Fu(The)31 b(general)f(tec)m -(hnique)h(that)f(w)m(e)h(ha)m(v)m(e)g(applied)e(in)g(the)h -(de\014nition)f(of)g(the)i(syn)m(tax)g(and)0 2242 y(seman)m(tics)i(of)f -(n)m(umerals)g(can)h(b)s(e)g(summarized)e(as)i(follo)m(ws:)p -0 2324 3470 4 v 0 2341 V -2 2548 4 208 v 15 2548 V 1101 -2469 a Fw(Comp)s(ositional)d(De\014nitions)p 3452 2548 -V 3469 2548 V 0 2552 3470 4 v -2 3041 4 490 v 15 3041 -V 66 2717 a Fu(1:)143 b(The)34 b(syn)m(tactic)f(category)g(is)f(sp)s -(eci\014ed)i(b)m(y)f(an)g(abstract)g(syn)m(tax)h(giving)d(the)i -Fs(b)-5 b(asis)285 2837 y(elements)52 b Fu(and)44 b(the)g -Fs(c)-5 b(omp)g(osite)51 b(elements)8 b Fu(.)77 b(The)45 -b(comp)s(osite)e(elemen)m(ts)h(ha)m(v)m(e)i(a)285 2958 -y(unique)33 b(decomp)s(osition)e(in)m(to)h(their)g(immediate)e -(constituen)m(ts.)p 3452 3041 V 3469 3041 V -2 3690 4 -650 v 15 3690 V 66 3125 a(2:)143 b(The)29 b(seman)m(tics)f(is)f -(de\014ned)i(b)m(y)g Fs(c)-5 b(omp)g(ositional)36 b Fu(de\014nitions)27 -b(of)g(a)h(function:)40 b(There)285 3246 y(is)24 b(a)g -Fs(semantic)29 b(clause)i Fu(for)23 b(eac)m(h)i(of)f(the)g(basis)g -(elemen)m(ts)h(of)f(the)g(syn)m(tactic)h(category)285 -3366 y(and)i(one)g(for)f(eac)m(h)h(of)f(the)h(metho)s(ds)f(for)g -(constructing)h(comp)s(osite)f(elemen)m(ts.)41 b(The)285 -3487 y(clauses)28 b(for)e(comp)s(osite)g(elemen)m(ts)i(are)f(de\014ned) -h(in)e(terms)h(of)g(the)g(seman)m(tics)g(of)g(the)285 -3607 y(immediate)j(constituen)m(ts)k(of)e(the)h(elemen)m(ts.)p -3452 3690 V 3469 3690 V 0 3694 3470 4 v 0 3710 V 0 3859 -a(The)42 b(pro)s(of)f(tec)m(hnique)i(w)m(e)f(ha)m(v)m(e)h(applied)d(is) -h(closely)g(connected)i(with)e(the)h(approac)m(h)g(to)0 -3979 y(de\014ning)33 b(seman)m(tic)f(functions.)43 b(It)33 -b(can)g(b)s(e)g(summarized)e(as)i(follo)m(ws:)p 0 4081 -V 0 4097 V -2 4305 4 208 v 15 4305 V 1232 4226 a Fw(Structural)f -(Induction)p 3452 4305 V 3469 4305 V 0 4308 3470 4 v --2 4678 4 370 v 15 4678 V 66 4474 a Fu(1:)143 b(Pro)m(v)m(e)39 -b(that)f(the)g(prop)s(ert)m(y)g(holds)f(for)g(all)f(the)i -Fs(b)-5 b(asis)45 b Fu(elemen)m(ts)37 b(of)g(the)h(syn)m(tactic)285 -4594 y(category)-8 b(.)p 3452 4678 V 3469 4678 V -2 5206 -4 529 v 15 5206 V 66 4762 a(2:)143 b(Pro)m(v)m(e)39 b(that)d(the)i -(prop)s(ert)m(y)f(holds)g(for)f(all)f(the)i Fs(c)-5 b(omp)g(osite)44 -b Fu(elemen)m(ts)37 b(of)f(the)i(syn-)285 4882 y(tactic)44 -b(category:)66 b(Assume)45 b(that)f(the)g(prop)s(ert)m(y)h(holds)e(for) -h(all)e(the)i(immediate)285 5003 y(constituen)m(ts)d(of)f(the)g(elemen) -m(t)g(\(this)f(is)h(called)f(the)h Fs(induction)h(hyp)-5 -b(othesis)p Fu(\))39 b(and)285 5123 y(pro)m(v)m(e)34 -b(that)e(it)g(also)g(holds)g(for)g(the)h(elemen)m(t)f(itself.)p -3452 5206 V 3469 5206 V 0 5210 3470 4 v 0 5226 V 146 -5374 a(In)41 b(the)f(remainder)f(of)h(this)f(b)s(o)s(ok)h(w)m(e)h -(shall)d(assume)j(that)f(n)m(umerals)f(are)h(in)f(decimal)0 -5494 y(notation)30 b(and)h(ha)m(v)m(e)i(their)e(normal)e(meanings)h -(\(so)i(for)e(example)h Ft(N)14 b Fu([)-17 b([)q Fr(137)p -Fu(])g(])33 b(=)e Fw(137)g Ft(2)h Fw(Z)p Fu(\).)f(It)p -eop -%%Page: 12 22 -12 21 bop 251 130 a Fw(12)2575 b(1)113 b(In)m(tro)s(duction)p -251 193 3473 4 v 283 515 a Fu(is)30 b(imp)s(ortan)m(t)e(to)i -(understand,)i(ho)m(w)m(ev)m(er,)h(that)d(there)h(is)f(a)g(distinction) -e(b)s(et)m(w)m(een)k(n)m(umerals)283 636 y(\(whic)m(h)27 -b(are)f(syn)m(tactic\))i(and)e(n)m(um)m(b)s(ers)h(\(whic)m(h)g(are)f -(seman)m(tic\),)h(ev)m(en)h(in)e(decimal)e(notation.)283 -922 y Fp(Seman)l(tic)46 b(functions)283 1107 y Fu(The)36 -b(meaning)d(of)h(an)g(expression)h(dep)s(ends)h(on)f(the)f(v)-5 -b(alues)35 b(b)s(ound)f(to)g(the)h(v)-5 b(ariables)33 -b(that)283 1228 y(o)s(ccur)38 b(in)f(it.)58 b(F)-8 b(or)36 -b(example,)j(if)d Fr(x)i Fu(is)f(b)s(ound)h(to)f Fw(3)h -Fu(then)g(the)g(arithmetic)e(expression)j Fr(x)p Fu(+)p -Fr(1)283 1348 y Fu(ev)-5 b(aluates)33 b(to)f Fw(4)g Fu(but)h(if)e -Fr(x)h Fu(is)g(b)s(ound)g(to)g Fw(2)h Fu(then)g(the)f(expression)i(ev) --5 b(aluates)32 b(to)g Fw(3)p Fu(.)44 b(W)-8 b(e)32 b(shall)283 -1468 y(therefore)f(in)m(tro)s(duce)f(the)h(concept)g(of)e(a)h -Fs(state)p Fu(:)43 b(to)29 b(eac)m(h)i(v)-5 b(ariable)28 -b(the)j(state)f(will)e(asso)s(ciate)283 1589 y(its)h(curren)m(t)h(v)-5 -b(alue.)41 b(W)-8 b(e)29 b(shall)f(represen)m(t)i(a)f(state)g(as)g(a)f -(function)h(from)e(v)-5 b(ariables)27 b(to)i(v)-5 b(alues,)283 -1709 y(that)33 b(is)f(an)g(elemen)m(t)h(of)f(the)h(set)527 -1900 y Fw(State)g Fu(=)f Fw(V)-9 b(ar)32 b Ft(!)h Fw(Z)283 -2090 y Fu(Eac)m(h)42 b(state)f Fs(s)49 b Fu(sp)s(eci\014es)42 -b(a)e(v)-5 b(alue,)42 b(written)f Fs(s)48 b(x)12 b Fu(,)43 -b(for)d(eac)m(h)h(v)-5 b(ariable)39 b Fs(x)53 b Fu(of)40 -b Fw(V)-9 b(ar)p Fu(.)67 b(Th)m(us)42 b(if)283 2211 y -Fs(s)f Fr(x)33 b Fu(=)f Fw(3)h Fu(then)g(the)g(v)-5 b(alue)32 -b(of)g Fr(x)p Fu(+)p Fr(1)h Fu(in)f(state)h Fs(s)40 b -Fu(is)33 b Fw(4)p Fu(.)430 2331 y(Actually)-8 b(,)41 -b(this)e(is)h(just)g(one)g(of)g(sev)m(eral)h(represen)m(tations)g(of)e -(the)i(state.)66 b(Some)40 b(other)283 2451 y(p)s(ossibilities)30 -b(are)j(to)f(use)h(a)g(table:)p 527 2553 877 4 v 525 -2801 4 249 v 728 2718 a Fr(x)p 978 2801 V 368 w Fw(5)p -1402 2801 V 525 2969 4 168 v 728 2886 a Fr(y)p 978 2969 -V 385 w Fw(7)p 1402 2969 V 525 3137 V 728 3053 a Fr(z)p -978 3137 V 385 w Fw(0)p 1402 3137 V 527 3140 877 4 v -283 3288 a Fu(or)g(a)f(\\list")f(of)h(the)h(form)527 -3478 y([)p Fr(x)p Ft(7!)p Fw(5)p Fu(,)g Fr(y)p Ft(7!)p -Fw(7)p Fu(,)g Fr(z)p Ft(7!)o Fw(0)p Fu(])283 3669 y(\(as)28 -b(in)f(Section)g(1.1\).)41 b(In)28 b(all)d(cases)k(w)m(e)g(m)m(ust)e -(ensure)i(that)f(exactly)f(one)h(v)-5 b(alue)27 b(is)g(asso)s(ciated) -283 3789 y(with)36 b(eac)m(h)g(v)-5 b(ariable.)51 b(By)37 -b(requiring)d(a)i(state)g(to)f(b)s(e)h(a)g(function)f(this)g(is)g -(trivially)e(ful\014lled)283 3909 y(whereas)49 b(for)e(the)g -(alternativ)m(e)f(represen)m(tations)j(ab)s(o)m(v)m(e)e(extra)h -(restrictions)f(ha)m(v)m(e)h(to)f(b)s(e)283 4030 y(enforced.)430 -4150 y(Giv)m(en)33 b(an)g(arithmetic)e(expression)k Fs(a)41 -b Fu(and)33 b(a)g(state)h Fs(s)41 b Fu(w)m(e)34 b(can)g(determine)f -(the)h(v)-5 b(alue)32 b(of)283 4271 y(the)41 b(expression.)66 -b(Therefore)40 b(w)m(e)h(shall)d(de\014ne)j(the)f(meaning)e(of)i -(arithmetic)d(expressions)283 4391 y(as)f(a)g(total)e(function)h -Ft(A)g Fu(that)h(tak)m(es)h(t)m(w)m(o)f(argumen)m(ts:)50 -b(the)37 b(syn)m(tactic)f(construct)h Fs(and)45 b Fu(the)283 -4511 y(state.)f(The)34 b(functionalit)m(y)d(of)h Ft(A)g -Fu(is)527 4702 y Ft(A)p Fu(:)43 b Fw(Aexp)33 b Ft(!)f -Fu(\()p Fw(State)h Ft(!)f Fw(Z)p Fu(\))283 4893 y(This)h(means)e(that)h -Ft(A)f Fu(tak)m(es)j(its)d(parameters)h Fs(one)h(at)i(a)f(time)p -Fu(.)43 b(So)32 b(w)m(e)h(ma)m(y)e(supply)i Ft(A)e Fu(with)283 -5013 y(its)i(\014rst)g(parameter,)g(sa)m(y)h Fr(x)p Fu(+)p -Fr(1)p Fu(,)f(and)g(study)h(the)f(function)g Ft(A)o Fu([)-17 -b([)q Fr(x)p Fu(+)p Fr(1)p Fu(])g(])q(.)44 b(It)33 b(has)h -(functionalit)m(y)283 5133 y Fw(State)45 b Ft(!)g Fw(Z)g -Fu(and)g(only)g(when)h(w)m(e)f(supply)h(it)e(with)g(a)h(state)g(\(whic) -m(h)h(happ)s(ens)f(to)g(b)s(e)g(a)283 5254 y(function)32 -b(but)g(that)g(do)s(es)g(not)g(matter\))f(do)h(w)m(e)h(obtain)e(the)i -(v)-5 b(alue)31 b(of)h(the)g(expression)h Fr(x)p Fu(+)p -Fr(1)p Fu(.)430 5374 y(Assuming)25 b(the)g(existence)i(of)e(the)h -(function)e Ft(N)40 b Fu(de\014ning)25 b(the)h(meaning)e(of)g(n)m -(umerals,)j(w)m(e)283 5494 y(can)f(de\014ne)g(the)f(function)g -Ft(A)f Fu(b)m(y)i(de\014ning)f(its)f(v)-5 b(alue)25 b -Ft(A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(s)33 -b Fu(on)25 b(eac)m(h)h(arithmetic)d(expression)p eop -%%Page: 13 23 -13 22 bop 0 130 a Fw(1.3)112 b(Seman)m(tics)37 b(of)g(expressions)1900 -b(13)p 0 193 3473 4 v 0 419 V 0 1260 4 841 v 432 528 -a Ft(A)o Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])q Fs(s)381 -b Fu(=)100 b Ft(N)14 b Fu([)-17 b([)q Fs(n)7 b Fu(])-17 -b(])432 696 y Ft(A)o Fu([)g([)q Fs(x)12 b Fu(])-17 b(])p -Fs(s)387 b Fu(=)100 b Fs(s)40 b(x)432 863 y Ft(A)o Fu([)-17 -b([)q Fs(a)606 878 y Fn(1)678 863 y Fu(+)33 b Fs(a)844 -878 y Fn(2)883 863 y Fu(])-17 b(])q Fs(s)109 b Fu(=)100 -b Ft(A)o Fu([)-17 b([)q Fs(a)1420 878 y Fn(1)1460 863 -y Fu(])g(])p Fs(s)41 b Fu(+)32 b Ft(A)p Fu([)-17 b([)p -Fs(a)1860 878 y Fn(2)1900 863 y Fu(])g(])q Fs(s)432 1031 -y Ft(A)o Fu([)g([)q Fs(a)606 1046 y Fn(1)678 1031 y Fo(?)33 -b Fs(a)817 1046 y Fn(2)856 1031 y Fu(])-17 b(])q Fs(s)136 -b Fu(=)100 b Ft(A)o Fu([)-17 b([)q Fs(a)1420 1046 y Fn(1)1460 -1031 y Fu(])g(])p Fs(s)41 b Ff(?)33 b Ft(A)o Fu([)-17 -b([)q Fs(a)1842 1046 y Fn(2)1881 1031 y Fu(])g(])q Fs(s)432 -1199 y Ft(A)o Fu([)g([)q Fs(a)606 1214 y Fn(1)678 1199 -y Ft(\000)33 b Fs(a)845 1214 y Fn(2)885 1199 y Fu(])-17 -b(])q Fs(s)107 b Fu(=)100 b Ft(A)o Fu([)-17 b([)q Fs(a)1420 -1214 y Fn(1)1460 1199 y Fu(])g(])p Fs(s)41 b Fe(\000)32 -b Ft(A)p Fu([)-17 b([)q Fs(a)1874 1214 y Fn(2)1913 1199 -y Fu(])g(])q Fs(s)p 3469 1260 V 0 1263 3473 4 v 654 1424 -a Fu(T)-8 b(able)32 b(1.1:)43 b(The)34 b(seman)m(tics)e(of)g -(arithmetic)f(expressions)0 1708 y Fs(a)41 b Fu(and)33 -b(state)h Fs(s)8 b Fu(.)46 b(The)34 b(de\014nition)f(of)g -Ft(A)g Fu(is)g(giv)m(en)g(in)g(T)-8 b(able)33 b(1.1.)45 -b(The)35 b(clause)e(for)g Fs(n)41 b Fu(re\015ects)0 1828 -y(that)29 b(the)g(v)-5 b(alue)28 b(of)h Fs(n)36 b Fu(in)28 -b(an)m(y)h(state)h(is)e Ft(N)15 b Fu([)-17 b([)p Fs(n)7 -b Fu(])-17 b(])q(.)42 b(The)30 b(v)-5 b(alue)28 b(of)h(a)f(v)-5 -b(ariable)28 b Fs(x)40 b Fu(in)28 b(state)i Fs(s)37 b -Fu(is)28 b(the)0 1949 y(v)-5 b(alue)34 b(b)s(ound)i(to)e -Fs(x)47 b Fu(in)34 b Fs(s)8 b Fu(,)36 b(that)e(is)h Fs(s)43 -b(x)12 b Fu(.)50 b(The)36 b(v)-5 b(alue)34 b(of)h(the)g(comp)s(osite)f -(expression)i Fs(a)3260 1964 y Fn(1)3300 1949 y Fu(+)p -Fs(a)3433 1964 y Fn(2)0 2069 y Fu(in)31 b Fs(s)40 b Fu(is)31 -b(the)i(sum)e(of)h(the)g(v)-5 b(alues)32 b(of)f Fs(a)1398 -2084 y Fn(1)1470 2069 y Fu(and)h Fs(a)1716 2084 y Fn(2)1787 -2069 y Fu(in)f Fs(s)8 b Fu(.)44 b(Similarly)-8 b(,)28 -b(the)k(v)-5 b(alue)31 b(of)g Fs(a)3037 2084 y Fn(1)3110 -2069 y Fo(?)h Fs(a)3248 2084 y Fn(2)3319 2069 y Fu(in)g -Fs(s)0 2189 y Fu(is)f(the)h(pro)s(duct)f(of)g(the)h(v)-5 -b(alues)31 b(of)g Fs(a)1361 2204 y Fn(1)1432 2189 y Fu(and)g -Fs(a)1677 2204 y Fn(2)1748 2189 y Fu(in)g Fs(s)8 b Fu(,)32 -b(and)f(the)h(v)-5 b(alue)31 b(of)f Fs(a)2740 2204 y -Fn(1)2811 2189 y Ft(\000)i Fs(a)2977 2204 y Fn(2)3048 -2189 y Fu(in)f Fs(s)39 b Fu(is)31 b(the)0 2310 y(di\013erence)i(b)s(et) -m(w)m(een)h(the)f(v)-5 b(alues)32 b(of)g Fs(a)1438 2325 -y Fn(1)1510 2310 y Fu(and)g Fs(a)1756 2325 y Fn(2)1828 -2310 y Fu(in)g Fs(s)8 b Fu(.)43 b(Note)32 b(that)g(+)h(,)f -Ff(?)g Fu(and)h Fe(\000)f Fu(o)s(ccurring)0 2430 y(on)i(the)g(righ)m(t) -f(of)h(these)h(equations)f(are)g(the)g(usual)g(arithmetic)e(op)s -(erations,)h(whilst)g(on)h(the)0 2550 y(left)42 b(they)i(are)f(just)h -(pieces)f(of)g(syn)m(tax;)50 b(this)42 b(is)h(analogous)f(to)h(the)g -(distinction)e(b)s(et)m(w)m(een)0 2671 y(n)m(umerals)32 -b(and)h(n)m(um)m(b)s(ers)g(but)g(w)m(e)h(shall)d(not)h(b)s(other)h(to)f -(use)i(di\013eren)m(t)e(sym)m(b)s(ols.)0 2897 y Fw(Example)37 -b(1.5)48 b Fu(Supp)s(ose)34 b(that)e Fs(s)41 b Fr(x)33 -b Fu(=)f Fw(3)p Fu(.)44 b(Then:)294 3091 y Ft(A)o Fu([)-17 -b([)q Fr(x)p Fu(+)p Fr(1)p Fu(])g(])q Fs(s)108 b Fu(=)99 -b Ft(A)p Fu([)-17 b([)p Fr(x)p Fu(])g(])q Fs(s)41 b Fu(+)32 -b Ft(A)p Fu([)-17 b([)p Fr(1)p Fu(])g(])q Fs(s)775 3259 -y Fu(=)99 b(\()p Fs(s)41 b Fr(x)p Fu(\))32 b(+)h Ft(N)14 -b Fu([)-17 b([)q Fr(1)p Fu(])g(])775 3426 y(=)99 b Fw(3)33 -b Fu(+)f Fw(1)775 3594 y Fu(=)99 b Fw(4)0 3795 y Fu(Note)33 -b(that)g(here)g Fr(1)h Fu(is)e(a)h(n)m(umeral)f(\(enclosed)h(in)f(the)i -(brac)m(k)m(ets)h(`[)-17 b([')33 b(and)g(`])-17 b(])q('\))33 -b(whereas)h Fw(1)f Fu(is)g(a)0 3915 y(n)m(um)m(b)s(er.)3049 -b Fh(2)0 4142 y Fw(Example)37 b(1.6)48 b Fu(Supp)s(ose)28 -b(w)m(e)g(add)f(the)g(arithmetic)d(expression)k Ft(\000)16 -b Fs(a)35 b Fu(to)26 b(our)h(language.)40 b(An)0 4262 -y(acceptable)33 b(seman)m(tic)f(clause)h(for)f(this)g(construct)i(w)m -(ould)e(b)s(e)244 4464 y Ft(A)o Fu([)-17 b([)q Ft(\000)16 -b Fs(a)7 b Fu(])-17 b(])r Fs(s)40 b Fu(=)33 b Fw(0)f -Fe(\000)h Ft(A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q -Fs(s)0 4666 y Fu(whereas)39 b(the)f(alternativ)m(e)e(clause)i -Ft(A)o Fu([)-17 b([)q Ft(\000)16 b Fs(a)7 b Fu(])-17 -b(])q Fs(s)46 b Fu(=)37 b Ft(A)o Fu([)-17 b([)q Fr(0)37 -b Ft(\000)h Fs(a)7 b Fu(])-17 b(])q Fs(s)45 b Fu(w)m(ould)38 -b(con)m(tradict)f(the)h(com-)0 4786 y(p)s(ositionalit)m(y)29 -b(requiremen)m(t.)2301 b Fh(2)0 5013 y Fw(Exercise)36 -b(1.7)49 b Fu(Pro)m(v)m(e)f(that)e(the)h(equations)g(of)f(T)-8 -b(able)46 b(1.1)g(de\014ne)h(a)f(total)f(function)h Ft(A)0 -5133 y Fu(in)51 b Fw(Aexp)g Ft(!)g Fu(\()p Fw(State)h -Ft(!)f Fw(Z)p Fu(\):)h(First)e(argue)i(that)f(it)f(is)h(su\016cien)m(t) -i(to)e(pro)m(v)m(e)i(that)e(for)0 5254 y(eac)m(h)39 b -Fs(a)h Ft(2)33 b Fw(Aexp)39 b Fu(and)f(eac)m(h)h Fs(s)47 -b Ft(2)39 b Fw(State)f Fu(there)h(is)f(exactly)h(one)g(v)-5 -b(alue)38 b Fw(v)g Ft(2)h Fw(Z)g Fu(suc)m(h)h(that)0 -5374 y Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q -Fs(s)41 b Fu(=)32 b Fw(v)p Fu(.)48 b(Next)35 b(use)g(structural)f -(induction)f(on)h(the)h(arithmetic)d(expressions)j(to)f(pro)m(v)m(e)0 -5494 y(that)e(this)h(is)f(indeed)h(the)g(case.)2221 b -Fh(2)p eop -%%Page: 14 24 -14 23 bop 251 130 a Fw(14)2575 b(1)113 b(In)m(tro)s(duction)p -251 193 3473 4 v 283 419 V 283 2160 4 1741 v 715 528 -a Ft(B)t Fu([)-17 b([)p Fr(true)p Fu(])g(])r Fs(s)239 -b Fu(=)99 b Fw(tt)715 696 y Ft(B)t Fu([)-17 b([)p Fr(false)p -Fu(])g(])r Fs(s)188 b Fu(=)99 b Fw(\013)715 954 y Ft(B)t -Fu([)-17 b([)p Fs(a)878 969 y Fn(1)951 954 y Fu(=)32 -b Fs(a)1116 969 y Fn(2)1156 954 y Fu(])-17 b(])p Fs(s)110 -b Fu(=)1518 779 y Fg(8)1518 854 y(<)1518 1003 y(:)1633 -869 y Fw(tt)83 b Fu(if)31 b Ft(A)p Fu([)-17 b([)p Fs(a)2067 -884 y Fn(1)2107 869 y Fu(])g(])p Fs(s)41 b Fu(=)32 b -Ft(A)p Fu([)-17 b([)q Fs(a)2508 884 y Fn(2)2547 869 y -Fu(])g(])q Fs(s)1633 1037 y Fw(\013)106 b Fu(if)31 b -Ft(A)p Fu([)-17 b([)p Fs(a)2067 1052 y Fn(1)2107 1037 -y Fu(])g(])p Fs(s)41 b Ft(6)p Fu(=)32 b Ft(A)p Fu([)-17 -b([)q Fs(a)2508 1052 y Fn(2)2547 1037 y Fu(])g(])q Fs(s)715 -1306 y Ft(B)t Fu([)g([)p Fs(a)878 1321 y Fn(1)951 1306 -y Ft(\024)33 b Fs(a)1118 1321 y Fn(2)1157 1306 y Fu(])-17 -b(])q Fs(s)108 b Fu(=)1518 1131 y Fg(8)1518 1206 y(<)1518 -1356 y(:)1633 1221 y Fw(tt)83 b Fu(if)31 b Ft(A)p Fu([)-17 -b([)p Fs(a)2067 1236 y Fn(1)2107 1221 y Fu(])g(])p Fs(s)41 -b Fe(\024)33 b Ft(A)o Fu([)-17 b([)q Fs(a)2521 1236 y -Fn(2)2561 1221 y Fu(])g(])p Fs(s)1633 1389 y Fw(\013)106 -b Fu(if)31 b Ft(A)p Fu([)-17 b([)p Fs(a)2067 1404 y Fn(1)2107 -1389 y Fu(])g(])p Fs(s)41 b Ff(>)33 b Ft(A)o Fu([)-17 -b([)q Fs(a)2521 1404 y Fn(2)2561 1389 y Fu(])g(])p Fs(s)715 -1658 y Ft(B)t Fu([)g([)p Ft(:)33 b Fs(b)6 b Fu(])-17 -b(])q Fs(s)294 b Fu(=)1518 1484 y Fg(8)1518 1558 y(<)1518 -1708 y(:)1633 1573 y Fw(tt)83 b Fu(if)31 b Ft(B)t Fu([)-17 -b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 b Fw(\013)1633 -1741 y(\013)106 b Fu(if)31 b Ft(B)t Fu([)-17 b([)p Fs(b)6 -b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 b Fw(tt)715 2010 y -Ft(B)t Fu([)-17 b([)p Fs(b)872 2025 y Fn(1)944 2010 y -Ft(^)33 b Fs(b)1094 2025 y Fn(2)1134 2010 y Fu(])-17 -b(])p Fs(s)132 b Fu(=)1518 1836 y Fg(8)1518 1911 y(<)1518 -2060 y(:)1633 1926 y Fw(tt)83 b Fu(if)31 b Ft(B)t Fu([)-17 -b([)p Fs(b)2050 1941 y Fn(1)2089 1926 y Fu(])g(])q Fs(s)41 -b Fu(=)32 b Fw(tt)g Fu(and)g Ft(B)t Fu([)-17 b([)p Fs(b)2782 -1941 y Fn(2)2822 1926 y Fu(])g(])p Fs(s)41 b Fu(=)32 -b Fw(tt)1633 2093 y(\013)106 b Fu(if)31 b Ft(B)t Fu([)-17 -b([)p Fs(b)2050 2108 y Fn(1)2089 2093 y Fu(])g(])q Fs(s)41 -b Fu(=)32 b Fw(\013)h Fu(or)f Ft(B)t Fu([)-17 b([)p Fs(b)2690 -2108 y Fn(2)2730 2093 y Fu(])g(])p Fs(s)41 b Fu(=)32 -b Fw(\013)p 3753 2160 V 283 2163 3473 4 v 991 2323 a -Fu(T)-8 b(able)33 b(1.2:)43 b(The)33 b(seman)m(tics)g(of)f(b)s(o)s -(olean)f(expressions)430 2588 y(The)g(v)-5 b(alues)31 -b(of)f(b)s(o)s(olean)f(expressions)k(are)d(truth)h(v)-5 -b(alues)30 b(so)h(in)f(a)g(similar)e(w)m(a)m(y)k(w)m(e)f(shall)283 -2709 y(de\014ne)j(their)e(meanings)g(b)m(y)h(a)g(\(total\))e(function)h -(from)f Fw(State)i Fu(to)f Fw(T)p Fu(:)527 2882 y Ft(B)t -Fu(:)43 b Fw(Bexp)33 b Ft(!)f Fu(\()p Fw(State)h Ft(!)f -Fw(T)p Fu(\))283 3055 y(Here)i Fw(T)e Fu(consists)i(of)e(the)h(truth)f -(v)-5 b(alues)33 b Fw(tt)f Fu(\(for)f(true\))i(and)g -Fw(\013)g Fu(\(for)f(false\).)430 3176 y(Using)g Ft(A)h -Fu(w)m(e)h(can)f(de\014ne)h Ft(B)i Fu(b)m(y)e(the)f(seman)m(tic)g -(clauses)h(of)e(T)-8 b(able)33 b(1.2.)44 b(Again)32 b(w)m(e)i(ha)m(v)m -(e)283 3296 y(the)h(distinction)e(b)s(et)m(w)m(een)k(syn)m(tax)f -(\(e.g.)49 b Ft(\024)35 b Fu(on)f(the)h(left-hand)f(side\))g(and)h -(seman)m(tics)g(\(e.g.)283 3416 y Fe(\024)e Fu(on)g(the)g(righ)m -(t-hand)e(side\).)283 3604 y Fw(Exercise)37 b(1.8)49 -b Fu(Assume)33 b(that)g Fs(s)40 b Fr(x)33 b Fu(=)f Fw(3)h -Fu(and)g(determine)f Ft(B)s Fu([)-17 b([)q Ft(:)p Fu(\()p -Fr(x)33 b Fu(=)f Fr(1)p Fu(\)])-17 b(])q Fs(s)8 b Fu(.)579 -b Fh(2)283 3793 y Fw(Exercise)37 b(1.9)49 b Fu(Pro)m(v)m(e)38 -b(that)e(the)h(equations)g(of)f(T)-8 b(able)37 b(1.2)f(de\014ne)i(a)e -(total)f(function)i Ft(B)j Fu(in)283 3913 y Fw(Bexp)33 -b Ft(!)f Fu(\()p Fw(State)h Ft(!)f Fw(T)p Fu(\).)2380 -b Fh(2)283 4101 y Fw(Exercise)37 b(1.10)49 b Fu(The)26 -b(syn)m(tactic)g(category)g Fw(Bexp)2211 4065 y Fi(0)2260 -4101 y Fu(is)e(de\014ned)j(as)f(the)f(follo)m(wing)e(extension)283 -4221 y(of)33 b Fw(Bexp)p Fu(:)577 4386 y Fs(b)106 b Fu(::=)99 -b Fr(true)34 b Ft(j)e Fr(false)i Ft(j)e Fs(a)1661 4401 -y Fn(1)1733 4386 y Fu(=)h Fs(a)1899 4401 y Fn(2)1971 -4386 y Ft(j)f Fs(a)2088 4401 y Fn(1)2160 4386 y Ft(6)p -Fu(=)h Fs(a)2326 4401 y Fn(2)2398 4386 y Ft(j)f Fs(a)2515 -4401 y Fn(1)2587 4386 y Ft(\024)h Fs(a)2754 4401 y Fn(2)2827 -4386 y Ft(j)f Fs(a)2944 4401 y Fn(1)3016 4386 y Ft(\025)h -Fs(a)3183 4401 y Fn(2)830 4554 y Ft(j)99 b Fs(a)1014 -4569 y Fn(1)1087 4554 y Fo(<)32 b Fs(a)1252 4569 y Fn(2)1324 -4554 y Ft(j)g Fs(a)1441 4569 y Fn(1)1514 4554 y Fo(>)g -Fs(a)1679 4569 y Fn(2)1751 4554 y Ft(j)g(:)q Fs(b)38 -b Ft(j)32 b Fs(b)2072 4569 y Fn(1)2144 4554 y Ft(^)h -Fs(b)2294 4569 y Fn(2)2366 4554 y Ft(j)f Fs(b)2477 4569 -y Fn(1)2549 4554 y Ft(_)h Fs(b)2699 4569 y Fn(2)830 4721 -y Ft(j)99 b Fs(b)1008 4736 y Fn(1)1080 4721 y Ft(\))32 -b Fs(b)1263 4736 y Fn(2)1335 4721 y Ft(j)h Fs(b)1447 -4736 y Fn(1)1518 4721 y Ft(,)g Fs(b)1702 4736 y Fn(2)283 -4888 y Fu(Giv)m(e)g(a)f Fs(c)-5 b(omp)g(ositional)41 -b Fu(extension)34 b(of)e(the)h(seman)m(tic)f(function)g -Ft(B)k Fu(of)c(T)-8 b(able)32 b(1.2.)430 5008 y(Tw)m(o)h(b)s(o)s(olean) -e(expressions)k Fs(b)1572 5023 y Fn(1)1644 5008 y Fu(and)d -Fs(b)1884 5023 y Fn(2)1956 5008 y Fu(are)h Fs(e)-5 b(quivalent)41 -b Fu(if)32 b(for)g(all)e(states)k Fs(s)8 b Fu(,)527 5181 -y Ft(B)t Fu([)-17 b([)p Fs(b)684 5196 y Fn(1)724 5181 -y Fu(])g(])p Fs(s)41 b Fu(=)32 b Ft(B)t Fu([)-17 b([)p -Fs(b)1107 5196 y Fn(2)1147 5181 y Fu(])g(])p Fs(s)283 -5355 y Fu(Sho)m(w)35 b(that)e(for)f(eac)m(h)i Fs(b)1174 -5319 y Fi(0)1231 5355 y Fu(of)e Fw(Bexp)1594 5319 y Fi(0)1651 -5355 y Fu(there)i(exists)g(a)f(b)s(o)s(olean)f(expression)i -Fs(b)39 b Fu(of)33 b Fw(Bexp)g Fu(suc)m(h)283 5475 y(that)g -Fs(b)546 5439 y Fi(0)602 5475 y Fu(and)f Fs(b)39 b Fu(are)32 -b(equiv)-5 b(alen)m(t.)2186 b Fh(2)p eop -%%Page: 15 25 -15 24 bop 0 130 a Fw(1.4)112 b(Prop)s(erties)36 b(of)i(the)f(seman)m -(tics)1763 b(15)p 0 193 3473 4 v 0 515 a Fj(1.4)161 b(Prop)t(erties)53 -b(of)h(the)f(seman)l(tics)0 737 y Fu(Later)29 b(in)g(the)h(b)s(o)s(ok)g -(w)m(e)g(shall)e(b)s(e)i(in)m(terested)h(in)e(t)m(w)m(o)h(kinds)g(of)f -(prop)s(erties)g(for)h(expressions.)0 858 y(One)39 b(is)g(that)f(their) -g(v)-5 b(alues)39 b(do)g(not)g(dep)s(end)h(on)e(v)-5 -b(alues)39 b(of)g(v)-5 b(ariables)37 b(that)i(do)f(not)h(o)s(ccur)0 -978 y(in)h(them.)67 b(The)41 b(other)g(is)f(that)g(if)g(w)m(e)h -(replace)g(a)f(v)-5 b(ariable)39 b(with)h(an)g(expression)i(then)f(w)m -(e)0 1098 y(could)d(as)h(w)m(ell)e(ha)m(v)m(e)j(made)e(a)g(similar)d(c) -m(hange)40 b(in)d(the)i(state.)61 b(W)-8 b(e)39 b(shall)e(formalize)f -(these)0 1219 y(prop)s(erties)c(b)s(elo)m(w)h(and)g(pro)m(v)m(e)g(that) -g(they)g(do)g(hold.)0 1516 y Fp(F)-11 b(ree)45 b(v)-7 -b(ariables)0 1704 y Fu(The)27 b Fs(fr)-5 b(e)g(e)29 b(variables)34 -b Fu(of)26 b(an)g(arithmetic)f(expression)i Fs(a)34 b -Fu(is)26 b(de\014ned)i(to)e(b)s(e)h(the)g(set)g(of)f(v)-5 -b(ariables)0 1824 y(o)s(ccurring)41 b(in)f(it.)69 b(F)-8 -b(ormally)g(,)41 b(w)m(e)h(ma)m(y)f(giv)m(e)h(a)f(comp)s(ositional)d -(de\014nition)i(of)h(the)h(subset)0 1944 y(FV\()p Fs(a)7 -b Fu(\))32 b(of)h Fw(V)-9 b(ar)p Fu(:)294 2152 y(FV\()p -Fs(n)7 b Fu(\))373 b(=)99 b Ft(;)294 2319 y Fu(FV\()p -Fs(x)12 b Fu(\))378 b(=)99 b Ft(f)33 b Fs(x)44 b Ft(g)294 -2487 y Fu(FV\()p Fs(a)526 2502 y Fn(1)598 2487 y Fu(+)32 -b Fs(a)763 2502 y Fn(2)803 2487 y Fu(\))101 b(=)e(FV\()p -Fs(a)1349 2502 y Fn(1)1389 2487 y Fu(\))32 b Ft([)h Fu(FV\()p -Fs(a)1790 2502 y Fn(2)1830 2487 y Fu(\))294 2654 y(FV\()p -Fs(a)526 2669 y Fn(1)598 2654 y Fo(?)f Fs(a)736 2669 -y Fn(2)776 2654 y Fu(\))128 b(=)99 b(FV\()p Fs(a)1349 -2669 y Fn(1)1389 2654 y Fu(\))32 b Ft([)h Fu(FV\()p Fs(a)1790 -2669 y Fn(2)1830 2654 y Fu(\))294 2822 y(FV\()p Fs(a)526 -2837 y Fn(1)598 2822 y Ft(\000)g Fs(a)765 2837 y Fn(2)804 -2822 y Fu(\))100 b(=)f(FV\()p Fs(a)1349 2837 y Fn(1)1389 -2822 y Fu(\))32 b Ft([)h Fu(FV\()p Fs(a)1790 2837 y Fn(2)1830 -2822 y Fu(\))0 3031 y(As)d(an)f(example)g(FV\()p Fr(x)p -Fu(+)p Fr(1)p Fu(\))g(=)g Ft(f)g Fr(x)h Ft(g)f Fu(and)g(FV\()p -Fr(x)p Fu(+)p Fr(y)p Fo(?)p Fr(x)p Fu(\))g(=)g Ft(f)g -Fr(x)p Fu(,)i Fr(y)e Ft(g)p Fu(.)42 b(It)30 b(should)f(b)s(e)g(ob)m -(vious)0 3151 y(that)39 b(only)g(the)h(v)-5 b(ariables)38 -b(in)h(FV\()p Fs(a)7 b Fu(\))39 b(ma)m(y)g(in\015uence)h(the)g(v)-5 -b(alue)39 b(of)g Fs(a)7 b Fu(.)64 b(This)39 b(is)g(formally)0 -3272 y(expressed)c(b)m(y:)p 0 3394 3473 5 v 0 3576 a -Fw(Lemma)i(1.11)49 b Fu(Let)39 b Fs(s)48 b Fu(and)39 -b Fs(s)1158 3540 y Fi(0)1220 3576 y Fu(b)s(e)h(t)m(w)m(o)f(states)h -(satisfying)f(that)f Fs(s)48 b(x)i Fu(=)39 b Fs(s)2839 -3540 y Fi(0)2902 3576 y Fs(x)51 b Fu(for)38 b(all)f Fs(x)51 -b Fu(in)0 3697 y(FV\()p Fs(a)7 b Fu(\).)43 b(Then)34 -b Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)41 -b Fu(=)32 b Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q -Fs(s)1256 3660 y Fi(0)1279 3697 y Fu(.)p 0 3817 V 0 4027 -a Fw(Pro)s(of:)26 b Fu(W)-8 b(e)24 b(shall)e(giv)m(e)h(a)g(fairly)e -(detailed)h(pro)s(of)g(of)h(the)h(lemma)d(using)h(structural)h -(induction)0 4148 y(on)30 b(the)h(arithmetic)d(expressions.)44 -b(W)-8 b(e)31 b(shall)d(\014rst)j(consider)f(the)h(basis)f(elemen)m(ts) -g(of)g Fw(Aexp)p Fu(:)0 4315 y Fw(The)35 b(case)g Fs(n)7 -b Fu(:)48 b(F)-8 b(rom)33 b(T)-8 b(able)34 b(1.1)g(w)m(e)i(ha)m(v)m(e)g -Ft(A)o Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])q Fs(s)42 -b Fu(=)35 b Ft(N)14 b Fu([)-17 b([)q Fs(n)7 b Fu(])-17 -b(])35 b(as)g(w)m(ell)f(as)g Ft(A)p Fu([)-17 b([)p Fs(n)7 -b Fu(])-17 b(])q Fs(s)3043 4279 y Fi(0)3101 4315 y Fu(=)34 -b Ft(N)15 b Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(].)0 4436 -y(So)32 b Ft(A)p Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])p -Fs(s)41 b Fu(=)32 b Ft(A)p Fu([)-17 b([)q Fs(n)7 b Fu(])-17 -b(])p Fs(s)806 4399 y Fi(0)862 4436 y Fu(and)33 b(clearly)f(the)h -(lemma)d(holds)i(in)g(this)g(case.)0 4603 y Fw(The)e(case)h -Fs(x)12 b Fu(:)42 b(F)-8 b(rom)28 b(T)-8 b(able)30 b(1.1)f(w)m(e)i(ha)m -(v)m(e)g Ft(A)p Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])p -Fs(s)38 b Fu(=)30 b Fs(s)38 b(x)j Fu(as)30 b(w)m(ell)g(as)g -Ft(A)o Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])p Fs(s)2862 -4567 y Fi(0)2916 4603 y Fu(=)29 b Fs(s)3069 4567 y Fi(0)3123 -4603 y Fs(x)12 b Fu(.)42 b(F)-8 b(rom)0 4724 y(the)31 -b(assumptions)f(of)g(the)h(lemma)d(w)m(e)j(get)g Fs(s)38 -b(x)k Fu(=)31 b Fs(s)1927 4687 y Fi(0)1980 4724 y Fs(x)42 -b Fu(b)s(ecause)32 b Fs(x)42 b Ft(2)31 b Fu(FV\()p Fs(x)12 -b Fu(\))30 b(so)h(clearly)e(the)0 4844 y(lemma)h(holds)j(in)e(this)i -(case.)146 4966 y(Next)h(w)m(e)f(turn)g(to)f(the)h(comp)s(osite)f -(elemen)m(ts)h(of)f Fw(Aexp)p Fu(:)0 5133 y Fw(The)f(case)g -Fs(a)509 5148 y Fn(1)579 5133 y Fu(+)f Fs(a)742 5148 -y Fn(2)781 5133 y Fu(:)43 b(F)-8 b(rom)29 b(T)-8 b(able)30 -b(1.1)g(w)m(e)h(ha)m(v)m(e)h Ft(A)o Fu([)-17 b([)q Fs(a)2064 -5148 y Fn(1)2134 5133 y Fu(+)30 b Fs(a)2297 5148 y Fn(2)2337 -5133 y Fu(])-17 b(])p Fs(s)39 b Fu(=)30 b Ft(A)o Fu([)-17 -b([)q Fs(a)2733 5148 y Fn(1)2773 5133 y Fu(])g(])p Fs(s)38 -b Fu(+)31 b Ft(A)o Fu([)-17 b([)q Fs(s)3160 5148 y Fn(2)3199 -5133 y Fu(])g(])q Fs(s)38 b Fu(and)0 5254 y(similarly)24 -b Ft(A)p Fu([)-17 b([)p Fs(a)568 5269 y Fn(1)636 5254 -y Fu(+)28 b Fs(a)797 5269 y Fn(2)836 5254 y Fu(])-17 -b(])q Fs(s)922 5218 y Fi(0)973 5254 y Fu(=)28 b Ft(A)o -Fu([)-17 b([)q Fs(a)1251 5269 y Fn(1)1291 5254 y Fu(])g(])p -Fs(s)1376 5218 y Fi(0)1427 5254 y Fu(+)28 b Ft(A)p Fu([)-17 -b([)p Fs(s)1696 5269 y Fn(2)1736 5254 y Fu(])g(])p Fs(s)1821 -5218 y Fi(0)1845 5254 y Fu(.)42 b(Since)28 b Fs(a)2221 -5269 y Fn(i)2273 5254 y Fu(\(for)f(i)g(=)g(1,2\))h(is)f(an)h(immediate) -0 5374 y(sub)s(expression)35 b(of)e Fs(a)789 5389 y Fn(1)862 -5374 y Fu(+)g Fs(a)1028 5389 y Fn(2)1101 5374 y Fu(and)g(FV\()p -Fs(a)1523 5389 y Fn(i)1547 5374 y Fu(\))g Ft(\022)h Fu(FV\()p -Fs(a)1961 5389 y Fn(1)2033 5374 y Fu(+)f Fs(a)2199 5389 -y Fn(2)2239 5374 y Fu(\))g(w)m(e)h(can)g(apply)f(the)g(induction)0 -5494 y(h)m(yp)s(othesis)i(\(that)f(is)g(the)g(lemma\))e(to)i -Fs(a)1534 5509 y Fn(i)1592 5494 y Fu(and)g(get)h Ft(A)o -Fu([)-17 b([)q Fs(a)2122 5509 y Fn(i)2146 5494 y Fu(])g(])p -Fs(s)43 b Fu(=)34 b Ft(A)o Fu([)-17 b([)q Fs(a)2550 5509 -y Fn(i)2574 5494 y Fu(])g(])p Fs(s)2659 5458 y Fi(0)2683 -5494 y Fu(.)48 b(It)34 b(is)g(no)m(w)h(easy)g(to)p eop -%%Page: 16 26 -16 25 bop 251 130 a Fw(16)2575 b(1)113 b(In)m(tro)s(duction)p -251 193 3473 4 v 283 515 a Fu(see)34 b(that)f(the)g(lemma)d(holds)i -(for)g Fs(a)1596 530 y Fn(1)1668 515 y Fu(+)h Fs(a)1834 -530 y Fn(2)1906 515 y Fu(as)g(w)m(ell.)283 683 y Fw(The)38 -b(cases)h Fs(a)851 698 y Fn(1)928 683 y Ft(\000)f Fs(a)1100 -698 y Fn(2)1177 683 y Fu(and)g Fs(a)1429 698 y Fn(1)1506 -683 y Fo(?)f Fs(a)1649 698 y Fn(2)1726 683 y Fu(follo)m(w)f(the)i(same) -g(pattern)f(and)h(are)g(omitted.)57 b(This)283 803 y(completes)33 -b(the)g(pro)s(of.)2529 b Fh(2)430 1009 y Fu(In)41 b(a)f(similar)e(w)m -(a)m(y)k(w)m(e)g(ma)m(y)e(de\014ne)j(the)e(set)g(FV\()p -Fs(b)6 b Fu(\))41 b(of)f(free)h(v)-5 b(ariables)40 b(in)g(a)g(b)s(o)s -(olean)283 1130 y(expression)34 b Fs(b)39 b Fu(b)m(y)577 -1336 y(FV\()p Fr(true)p Fu(\))231 b(=)100 b Ft(;)577 -1504 y Fu(FV\()p Fr(false)p Fu(\))180 b(=)100 b Ft(;)577 -1672 y Fu(FV\()p Fs(a)809 1687 y Fn(1)881 1672 y Fu(=)32 -b Fs(a)1046 1687 y Fn(2)1086 1672 y Fu(\))101 b(=)f(FV\()p -Fs(a)1633 1687 y Fn(1)1672 1672 y Fu(\))33 b Ft([)g Fu(FV\()p -Fs(a)2074 1687 y Fn(2)2113 1672 y Fu(\))577 1839 y(FV\()p -Fs(a)809 1854 y Fn(1)881 1839 y Ft(\024)g Fs(a)1048 1854 -y Fn(2)1088 1839 y Fu(\))99 b(=)h(FV\()p Fs(a)1633 1854 -y Fn(1)1672 1839 y Fu(\))33 b Ft([)g Fu(FV\()p Fs(a)2074 -1854 y Fn(2)2113 1839 y Fu(\))577 2007 y(FV\()p Ft(:)p -Fs(b)6 b Fu(\))318 b(=)100 b(FV\()p Fs(b)6 b Fu(\))577 -2175 y(FV\()p Fs(b)803 2190 y Fn(1)875 2175 y Ft(^)33 -b Fs(b)1025 2190 y Fn(2)1064 2175 y Fu(\))123 b(=)100 -b(FV\()p Fs(b)1627 2190 y Fn(1)1666 2175 y Fu(\))32 b -Ft([)h Fu(FV\()p Fs(b)2061 2190 y Fn(2)2100 2175 y Fu(\))283 -2421 y Fw(Exercise)k(1.12)49 b(\(Essen)m(tial\))31 b -Fu(Let)j Fs(s)41 b Fu(and)34 b Fs(s)2024 2385 y Fi(0)2080 -2421 y Fu(b)s(e)g(t)m(w)m(o)g(states)h(satisfying)d(that)h -Fs(s)42 b(x)j Fu(=)33 b Fs(s)3654 2385 y Fi(0)3711 2421 -y Fs(x)283 2541 y Fu(for)f(all)f Fs(x)44 b Fu(in)32 b(FV\()p -Fs(b)6 b Fu(\).)43 b(Pro)m(v)m(e)34 b(that)f Ft(B)s Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Ft(B)t -Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)2218 2505 -y Fi(0)2241 2541 y Fu(.)1413 b Fh(2)283 2845 y Fp(Substitutions)283 -3034 y Fu(W)-8 b(e)46 b(shall)d(later)g(b)s(e)i(in)m(terested)h(in)e -(replacing)f(eac)m(h)j(o)s(ccurrence)g(of)e(a)h(v)-5 -b(ariable)42 b Fs(y)54 b Fu(in)44 b(an)283 3155 y(arithmetic)j -(expression)i Fs(a)56 b Fu(with)48 b(another)g(arithmetic)e(expression) -k Fs(a)3003 3170 y Fn(0)3042 3155 y Fu(.)91 b(This)48 -b(is)g(called)283 3275 y Fs(substitution)39 b Fu(and)30 -b(w)m(e)i(write)e Fs(a)7 b Fu([)p Fs(y)i Ft(7!)p Fs(a)1685 -3290 y Fn(0)1725 3275 y Fu(])30 b(for)g(the)h(arithmetic)d(expression)k -(so)f(obtained.)42 b(The)283 3395 y(formal)31 b(de\014nition)g(is)h(as) -h(follo)m(ws:)577 3583 y Fs(n)7 b Fu([)p Fs(y)i Ft(7!)p -Fs(a)879 3598 y Fn(0)919 3583 y Fu(])449 b(=)100 b Fs(n)577 -3840 y(x)12 b Fu([)p Fs(y)d Ft(7!)p Fs(a)874 3855 y Fn(0)913 -3840 y Fu(])455 b(=)1571 3666 y Fg(8)1571 3741 y(<)1571 -3890 y(:)1686 3756 y Fs(a)1743 3771 y Fn(0)1866 3756 -y Fu(if)31 b Fs(x)44 b Fu(=)33 b Fs(y)1686 3923 y(x)135 -b Fu(if)31 b Fs(x)44 b Ft(6)p Fu(=)33 b Fs(y)577 4103 -y Fu(\()p Fs(a)672 4118 y Fn(1)744 4103 y Fu(+)g Fs(a)910 -4118 y Fn(2)949 4103 y Fu(\)[)p Fs(y)9 b Ft(7!)p Fs(a)1227 -4118 y Fn(0)1267 4103 y Fu(])101 b(=)f(\()p Fs(a)1666 -4118 y Fn(1)1705 4103 y Fu([)p Fs(y)9 b Ft(7!)p Fs(a)1945 -4118 y Fn(0)1985 4103 y Fu(]\))32 b(+)h(\()p Fs(a)2286 -4118 y Fn(2)2325 4103 y Fu([)p Fs(y)9 b Ft(7!)p Fs(a)2565 -4118 y Fn(0)2605 4103 y Fu(]\))577 4270 y(\()p Fs(a)672 -4285 y Fn(1)744 4270 y Fo(?)33 b Fs(a)883 4285 y Fn(2)922 -4270 y Fu(\)[)p Fs(y)9 b Ft(7!)p Fs(a)1200 4285 y Fn(0)1240 -4270 y Fu(])128 b(=)100 b(\()p Fs(a)1666 4285 y Fn(1)1705 -4270 y Fu([)p Fs(y)9 b Ft(7!)p Fs(a)1945 4285 y Fn(0)1985 -4270 y Fu(]\))32 b Fo(?)h Fu(\()p Fs(a)2259 4285 y Fn(2)2298 -4270 y Fu([)p Fs(y)9 b Ft(7!)p Fs(a)2538 4285 y Fn(0)2578 -4270 y Fu(]\))577 4438 y(\()p Fs(a)672 4453 y Fn(1)744 -4438 y Ft(\000)33 b Fs(a)911 4453 y Fn(2)951 4438 y Fu(\)[)p -Fs(y)9 b Ft(7!)p Fs(a)1229 4453 y Fn(0)1268 4438 y Fu(])100 -b(=)g(\()p Fs(a)1666 4453 y Fn(1)1705 4438 y Fu([)p Fs(y)9 -b Ft(7!)p Fs(a)1945 4453 y Fn(0)1985 4438 y Fu(]\))32 -b Ft(\000)h Fu(\()p Fs(a)2287 4453 y Fn(2)2327 4438 y -Fu([)p Fs(y)9 b Ft(7!)p Fs(a)2567 4453 y Fn(0)2606 4438 -y Fu(]\))283 4652 y(As)34 b(an)e(example)g(\()p Fr(x)p -Fu(+)p Fr(1)p Fu(\)[)p Fr(x)p Ft(7!)p Fr(3)p Fu(])h(=)g -Fr(3)p Fu(+)p Fr(1)g Fu(and)f(\()p Fr(x)p Fu(+)p Fr(y)p -Fo(?)p Fr(x)p Fu(\)[)p Fr(x)p Ft(7!)q Fr(y)p Ft(\000)p -Fr(5)p Fu(])h(=)g(\()p Fr(y)p Ft(\000)p Fr(5)p Fu(\)+)p -Fr(y)p Fo(?)p Fu(\()p Fr(y)p Ft(\000)p Fr(5)p Fu(\).)430 -4775 y(W)-8 b(e)48 b(also)e(ha)m(v)m(e)j(a)e(notion)f(of)h -(substitution)g(\(or)g(up)s(dating\))f(for)h(states.)89 -b(W)-8 b(e)48 b(de\014ne)283 4895 y Fs(s)8 b Fu([)p Fs(y)h -Ft(7!)p Fs(v)i Fu(])33 b(to)f(b)s(e)h(the)g(state)g(that)f(is)g(as)h -Fs(s)40 b Fu(except)35 b(that)d(the)h(v)-5 b(alue)32 -b(b)s(ound)h(to)f Fs(y)41 b Fu(is)33 b Fs(v)11 b Fu(,)32 -b(that)g(is)527 5198 y(\()p Fs(s)8 b Fu([)p Fs(y)h Ft(7!)p -Fs(v)i Fu(]\))32 b Fs(x)45 b Fu(=)1147 5023 y Fg(8)1147 -5098 y(<)1147 5247 y(:)1262 5113 y Fs(v)176 b Fu(if)31 -b Fs(x)44 b Fu(=)33 b Fs(y)1262 5281 y(s)41 b(x)95 b -Fu(if)31 b Fs(x)44 b Ft(6)p Fu(=)33 b Fs(y)283 5494 y -Fu(The)h(relationship)d(b)s(et)m(w)m(een)j(the)f(t)m(w)m(o)h(concepts)g -(is)e(sho)m(wn)i(in)e(the)h(follo)m(wing)c(exercise:)p -eop -%%Page: 17 27 -17 26 bop 0 130 a Fw(1.4)112 b(Prop)s(erties)36 b(of)i(the)f(seman)m -(tics)1763 b(17)p 0 193 3473 4 v 0 515 a(Exercise)36 -b(1.13)49 b(\(Essen)m(tial\))37 b Fu(Pro)m(v)m(e)k(that)e -Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu([)p Fs(y)i Ft(7!)p -Fs(a)2164 530 y Fn(0)2204 515 y Fu(]])-17 b(])q Fs(s)47 -b Fu(=)39 b Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q(\()p -Fs(s)8 b Fu([)p Fs(y)h Ft(7!A)p Fu([)-17 b([)p Fs(a)3126 -530 y Fn(0)3166 515 y Fu(])g(])q Fs(s)8 b Fu(]\))39 b(for)0 -636 y(all)30 b(states)k Fs(s)8 b Fu(.)2910 b Fh(2)0 864 -y Fw(Exercise)36 b(1.14)49 b(\(Essen)m(tial\))25 b Fu(De\014ne)i -(substitution)f(for)g(b)s(o)s(olean)g(expressions:)42 -b Fs(b)6 b Fu([)p Fs(y)j Ft(7!)p Fs(a)3406 879 y Fn(0)3445 -864 y Fu(])0 984 y(is)44 b(to)h(b)s(e)g(the)h(b)s(o)s(olean)d -(expression)j(that)f(is)f(as)i Fs(b)k Fu(except)d(that)e(all)e(o)s -(ccurrences)j(of)f(the)0 1105 y(v)-5 b(ariable)26 b Fs(y)37 -b Fu(are)28 b(replaced)h(b)m(y)g(the)f(arithmetic)e(expression)k -Fs(a)2268 1120 y Fn(0)2307 1105 y Fu(.)42 b(Pro)m(v)m(e)30 -b(that)e(y)m(our)g(de\014nition)0 1225 y(satis\014es)244 -1429 y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu([)p Fs(y)j Ft(7!)p -Fs(a)641 1444 y Fn(0)680 1429 y Fu(]])-17 b(])q Fs(s)41 -b Fu(=)32 b Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])q(\()p -Fs(s)8 b Fu([)p Fs(y)h Ft(7!)o(A)p Fu([)-17 b([)q Fs(a)1572 -1444 y Fn(0)1611 1429 y Fu(])g(])q Fs(s)8 b Fu(]\))0 -1632 y(for)32 b(all)f(states)i Fs(s)8 b Fu(.)2761 b Fh(2)p -eop -%%Page: 18 28 -18 27 bop 251 130 a Fw(18)2575 b(1)113 b(In)m(tro)s(duction)p -251 193 3473 4 v eop -%%Page: 19 29 -19 28 bop 0 1180 a Fv(Chapter)78 b(2)0 1595 y(Op)6 b(erational)77 -b(Seman)-6 b(tics)0 2047 y Fu(The)27 b(role)e(of)g(a)h(statemen)m(t)g -(in)f Fw(While)f Fu(is)h(to)h(c)m(hange)h(the)f(state.)41 -b(F)-8 b(or)25 b(example,)i(if)e Fr(x)h Fu(is)f(b)s(ound)0 -2168 y(to)i Fw(3)g Fu(in)g Fs(s)35 b Fu(and)27 b(w)m(e)i(execute)g(the) -f(statemen)m(t)f Fr(x)h Fu(:=)f Fr(x)h Fu(+)f Fr(1)g -Fu(then)h(w)m(e)g(get)g(a)f(new)h(state)g(where)g Fr(x)0 -2288 y Fu(is)k(b)s(ound)h(to)f Fw(4)p Fu(.)44 b(So)33 -b(while)f(the)h(seman)m(tics)g(of)f(arithmetic)e(and)j(b)s(o)s(olean)e -(expressions)k(only)0 2408 y Fs(insp)-5 b(e)g(ct)43 b -Fu(the)34 b(state)h(in)e(order)h(to)g(determine)g(the)g(v)-5 -b(alue)34 b(of)f(the)i(expression,)h(the)e(seman)m(tics)0 -2529 y(of)e(statemen)m(ts)i(will)c Fs(mo)-5 b(dify)41 -b Fu(the)33 b(state)g(as)f(w)m(ell.)146 2649 y(In)38 -b(an)g(op)s(erational)e(seman)m(tics)i(w)m(e)g(are)g(concerned)i(with)d -Fs(how)48 b Fu(to)37 b(execute)j(programs)0 2769 y(and)27 -b(not)g(merely)f(what)h(the)h(results)f(of)g(execution)g(are.)42 -b(More)27 b(precisely)-8 b(,)28 b(w)m(e)g(are)f(in)m(terested)0 -2890 y(in)39 b(ho)m(w)h(the)f(states)i(are)e(mo)s(di\014ed)f(during)h -(the)h(execution)g(of)f(the)h(statemen)m(t.)64 b(W)-8 -b(e)40 b(shall)0 3010 y(consider)33 b(t)m(w)m(o)g(di\013eren)m(t)g -(approac)m(hes)h(to)e(op)s(erational)e(seman)m(tics:)145 -3211 y Ft(\017)49 b Fs(Natur)-5 b(al)36 b(semantics)p -Fu(:)43 b(its)33 b(purp)s(ose)h(is)e(to)h(describ)s(e)h(ho)m(w)g(the)f -Fs(over)-5 b(al)5 b(l)43 b Fu(results)33 b(of)g(exe-)244 -3332 y(cutions)f(are)h(obtained.)145 3535 y Ft(\017)49 -b Fs(Structur)-5 b(al)26 b(op)-5 b(er)g(ational)24 b(semantics)p -Fu(:)37 b(its)21 b(purp)s(ose)i(is)e(to)h(describ)s(e)h(ho)m(w)f(the)g -Fs(individual)244 3655 y(steps)40 b Fu(of)32 b(the)h(computations)f -(tak)m(e)h(place.)0 3856 y(W)-8 b(e)46 b(shall)e(see)i(that)f(for)g -(the)h(language)e Fw(While)g Fu(w)m(e)i(can)g(easily)e(sp)s(ecify)i(b)s -(oth)f(kinds)h(of)0 3977 y(seman)m(tics)41 b(and)g(that)g(they)h(will)d -(b)s(e)i(\\equiv)-5 b(alen)m(t")40 b(in)h(a)f(sense)j(to)e(b)s(e)g -(made)g(clear)f(later.)0 4097 y(Ho)m(w)m(ev)m(er,)33 -b(w)m(e)f(shall)d(also)h(giv)m(e)h(examples)f(of)g(programming)e -(constructs)k(where)g(one)f(of)f(the)0 4217 y(approac)m(hes)k(is)e(sup) -s(erior)g(to)g(the)h(other.)146 4338 y(F)-8 b(or)43 b(b)s(oth)h(kinds)g -(of)f(op)s(erational)e(seman)m(tics,)47 b(the)d(meaning)e(of)h -(statemen)m(ts)i(will)c(b)s(e)0 4458 y(sp)s(eci\014ed)33 -b(b)m(y)h(a)e Fs(tr)-5 b(ansition)35 b(system)p Fu(.)43 -b(It)33 b(will)d(ha)m(v)m(e)k(t)m(w)m(o)f(t)m(yp)s(es)h(of)e -(con\014gurations:)294 4651 y Ft(h)o Fs(S)12 b Fu(,)33 -b Fs(s)8 b Ft(i)99 b Fu(represen)m(ting)39 b(that)f(the)g(statemen)m(t) -g Fs(S)49 b Fu(is)38 b(to)f(b)s(e)h(executed)i(from)645 -4771 y(the)33 b(state)g Fs(s)8 b Fu(,)33 b(and)294 4939 -y Fs(s)311 b Fu(represen)m(ting)34 b(a)e(terminal)e(\(that)j(is)f -(\014nal\))g(state.)0 5133 y(The)24 b Fs(terminal)i(c)-5 -b(on\014gur)g(ations)31 b Fu(will)21 b(b)s(e)i(those)h(of)f(the)h -(latter)e(form.)39 b(The)25 b Fs(tr)-5 b(ansition)26 -b(r)-5 b(elation)0 5254 y Fu(will)31 b(then)j(describ)s(e)g(ho)m(w)g -(the)g(execution)g(tak)m(es)h(place.)45 b(The)34 b(di\013erence)g(b)s -(et)m(w)m(een)i(the)e(t)m(w)m(o)0 5374 y(approac)m(hes)40 -b(to)f(op)s(erational)d(seman)m(tics)j(amoun)m(ts)g(to)f(di\013eren)m -(t)i(w)m(a)m(ys)g(of)f(sp)s(ecifying)f(the)0 5494 y(transition)31 -b(relation.)1687 5849 y(19)p eop -%%Page: 20 30 -20 29 bop 251 130 a Fw(20)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 2467 -4 2049 v 609 528 a Fu([ass)761 543 y Fn(ns)833 528 y -Fu(])372 b Ft(h)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33 -b Fs(s)8 b Ft(i)32 b(!)g Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o -Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])609 -743 y([skip)807 758 y Fn(ns)879 743 y Fu(])326 b Ft(h)p -Fr(skip)p Fu(,)34 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)609 1035 -y Fu([comp)864 1050 y Fn(ns)935 1035 y Fu(])1242 948 -y Ft(h)p Fs(S)1348 963 y Fn(1)1387 948 y Fu(,)h Fs(s)8 -b Ft(i)32 b(!)g Fs(s)1746 912 y Fi(0)1770 948 y Fu(,)g -Ft(h)p Fs(S)1935 963 y Fn(2)1974 948 y Fu(,)h Fs(s)2082 -912 y Fi(0)2105 948 y Ft(i)f(!)h Fs(s)2357 912 y Fi(00)p -1242 1012 1158 4 v 1481 1116 a Ft(h)o Fs(S)1586 1131 -y Fn(1)1626 1116 y Fu(;)p Fs(S)1720 1131 y Fn(2)1759 -1116 y Fu(,)g Fs(s)8 b Ft(i)32 b(!)g Fs(s)2118 1080 y -Fi(00)609 1397 y Fu([if)706 1361 y Fn(tt)694 1422 y(ns)764 -1397 y Fu(])1658 1310 y Ft(h)p Fs(S)1764 1325 y Fn(1)1803 -1310 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)2162 1274 y -Fi(0)p 1242 1374 1360 4 v 1242 1478 a Ft(h)p Fr(if)h -Fs(b)38 b Fr(then)c Fs(S)1804 1493 y Fn(1)1876 1478 y -Fr(else)f Fs(S)2180 1493 y Fn(2)2220 1478 y Fu(,)f Fs(s)8 -b Ft(i)33 b(!)f Fs(s)2579 1442 y Fi(0)2677 1397 y Fu(if)f -Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 -b Fu(=)32 b Fw(tt)609 1759 y Fu([if)706 1723 y Fn(\013)694 -1784 y(ns)764 1759 y Fu(])1658 1673 y Ft(h)p Fs(S)1764 -1688 y Fn(2)1803 1673 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g -Fs(s)2162 1636 y Fi(0)p 1242 1736 V 1242 1841 a Ft(h)p -Fr(if)h Fs(b)38 b Fr(then)c Fs(S)1804 1856 y Fn(1)1876 -1841 y Fr(else)f Fs(S)2180 1856 y Fn(2)2220 1841 y Fu(,)f -Fs(s)8 b Ft(i)33 b(!)f Fs(s)2579 1804 y Fi(0)2677 1759 -y Fu(if)f Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p -Fs(s)41 b Fu(=)32 b Fw(\013)609 2121 y Fu([while)871 -2085 y Fn(tt)859 2146 y(ns)930 2121 y Fu(])1242 2035 -y Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1707 -1998 y Fi(0)1730 2035 y Fu(,)h Ft(h)p Fr(while)g Fs(b)39 -b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)2510 1998 y Fi(0)2534 -2035 y Ft(i)g(!)g Fs(s)2785 1998 y Fi(00)p 1242 2098 -1586 4 v 1528 2203 a Ft(h)o Fr(while)i Fs(b)39 b Fr(do)33 -b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)h Fs(s)2500 -2166 y Fi(00)2903 2121 y Fu(if)e Ft(B)t Fu([)-17 b([)p -Fs(b)6 b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 b Fw(tt)609 -2406 y Fu([while)871 2370 y Fn(\013)859 2431 y(ns)930 -2406 y Fu(])275 b Ft(h)p Fr(while)34 b Fs(b)k Fr(do)33 -b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)41 -b Fu(if)31 b Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 -b(])q Fs(s)40 b Fu(=)33 b Fw(\013)p 3753 2467 4 2049 -v 283 2470 3473 4 v 1166 2631 a Fu(T)-8 b(able)32 b(2.1:)44 -b(Natural)31 b(seman)m(tics)i(for)f Fw(While)283 2881 -y Fj(2.1)161 b(Natural)55 b(seman)l(tics)283 3100 y Fu(In)34 -b(a)f(natural)e(seman)m(tics)j(w)m(e)g(are)f(concerned)i(with)d(the)i -(relationship)d(b)s(et)m(w)m(een)k(the)e Fs(initial)283 -3220 y Fu(and)j(the)g Fs(\014nal)45 b Fu(state)36 b(of)f(an)g -(execution.)53 b(Therefore)37 b(the)f(transition)e(relation)f(will)g -(sp)s(ecify)283 3340 y(the)40 b(relationship)d(b)s(et)m(w)m(een)k(the)f -(initial)35 b(state)k(and)h(the)f(\014nal)f(state)i(for)e(eac)m(h)i -(statemen)m(t.)283 3461 y(W)-8 b(e)33 b(shall)f(write)g(a)g(transition) -f(as)527 3640 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 -b(!)g Fs(s)992 3604 y Fi(0)283 3819 y Fu(In)m(tuitiv)m(ely)38 -b(this)f(means)h(that)f(the)i(execution)f(of)f Fs(S)50 -b Fu(from)36 b Fs(s)46 b Fu(will)36 b(terminate)g(and)i(the)g(re-)283 -3940 y(sulting)32 b(state)h(will)d(b)s(e)j Fs(s)1208 -3904 y Fi(0)1231 3940 y Fu(.)430 4060 y(The)i(de\014nition)e(of)h -Ft(!)g Fu(is)g(giv)m(en)g(b)m(y)h(the)g(rules)f(of)g(T)-8 -b(able)34 b(2.1.)48 b(A)34 b Fs(rule)42 b Fu(has)35 b(the)f(general)283 -4181 y(form)537 4323 y Ft(h)p Fs(S)643 4338 y Fn(1)682 -4323 y Fu(,)f Fs(s)790 4338 y Fn(1)829 4323 y Ft(i)g(!)f -Fs(s)1081 4286 y Fi(0)1081 4347 y Fn(1)1120 4323 y Fu(,)h -Ft(\001)17 b(\001)g(\001)n Fu(,)33 b Ft(h)p Fs(S)1462 -4338 y Fn(n)1505 4323 y Fu(,)f Fs(s)1612 4338 y Fn(n)1656 -4323 y Ft(i)g(!)g Fs(s)1907 4286 y Fi(0)1907 4347 y Fn(n)p -537 4386 1414 4 v 1000 4491 a Ft(h)p Fs(S)12 b Fu(,)32 -b Fs(s)8 b Ft(i)32 b(!)h Fs(s)1465 4454 y Fi(0)2026 4409 -y Fu(if)e Ft(\001)17 b(\001)g(\001)283 4652 y Fu(where)40 -b Fs(S)638 4667 y Fn(1)677 4652 y Fu(,)g Ft(\001)17 b(\001)g(\001)n -Fu(,)39 b Fs(S)993 4667 y Fn(n)1074 4652 y Fu(are)g Fs(imme)-5 -b(diate)38 b(c)-5 b(onstituents)47 b Fu(of)37 b Fs(S)50 -b Fu(or)38 b(are)g(statemen)m(ts)h Fs(c)-5 b(onstructe)g(d)283 -4772 y(fr)g(om)43 b Fu(the)35 b(immediate)e(constituen)m(ts)j(of)f -Fs(S)12 b Fu(.)35 b(A)g(rule)g(has)h(a)e(n)m(um)m(b)s(er)i(of)f -Fs(pr)-5 b(emises)42 b Fu(\(written)283 4893 y(ab)s(o)m(v)m(e)29 -b(the)f(solid)f(line\))f(and)i(one)g Fs(c)-5 b(onclusion)34 -b Fu(\(written)28 b(b)s(elo)m(w)g(the)g(solid)e(line\).)41 -b(A)28 b(rule)f(ma)m(y)283 5013 y(also)32 b(ha)m(v)m(e)i(a)e(n)m(um)m -(b)s(er)h(of)e Fs(c)-5 b(onditions)40 b Fu(\(written)32 -b(to)g(the)h(righ)m(t)f(of)g(the)g(solid)f(line\))g(that)i(ha)m(v)m(e) -283 5133 y(to)j(b)s(e)g(ful\014lled)e(whenev)m(er)k(the)e(rule)g(is)f -(applied.)52 b(Rules)36 b(with)f(an)h(empt)m(y)g(set)g(of)g(premises) -283 5254 y(are)d(called)e Fs(axioms)40 b Fu(and)33 b(the)g(solid)e -(line)g(is)h(then)h(omitted.)430 5374 y(In)m(tuitiv)m(ely)-8 -b(,)32 b(the)g(axiom)e([ass)1531 5389 y Fn(ns)1604 5374 -y Fu(])i(sa)m(ys)h(that)f(in)f(a)h(state)h Fs(s)8 b Fu(,)32 -b Fs(x)44 b Fu(:=)32 b Fs(a)39 b Fu(is)32 b(executed)i(to)e(yield)283 -5494 y(a)38 b(\014nal)f(state)h Fs(s)8 b Fu([)p Fs(x)k -Ft(7!)o(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 -b Fu(])38 b(whic)m(h)g(is)f(as)h Fs(s)45 b Fu(except)40 -b(that)d Fs(x)49 b Fu(has)38 b(the)g(v)-5 b(alue)37 b -Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 -b Fu(.)59 b(This)p eop -%%Page: 21 31 -21 30 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216 -b(21)p 0 193 3473 4 v 0 515 a Fu(is)45 b(really)f(an)i -Fs(axiom)g(schema)52 b Fu(b)s(ecause)47 b Fs(x)12 b Fu(,)49 -b Fs(a)j Fu(and)46 b Fs(s)54 b Fu(are)45 b(meta-v)-5 -b(ariables)44 b(standing)h(for)0 636 y(arbitrary)33 b(v)-5 -b(ariables,)33 b(arithmetic)e(expressions)36 b(and)d(states)i(but)f(w)m -(e)h(shall)d(simply)g(use)j(the)0 756 y(term)h(axiom)f(for)h(this.)56 -b(W)-8 b(e)37 b(obtain)e(an)i Fs(instanc)-5 b(e)43 b -Fu(of)36 b(the)h(axiom)e(b)m(y)j(selecting)e(particular)0 -877 y(v)-5 b(ariables,)30 b(arithmetic)e(expressions)k(and)f(states.)43 -b(As)31 b(an)g(example,)f(if)f Fs(s)2725 892 y Fn(0)2795 -877 y Fu(is)h(the)h(state)g(that)0 997 y(assigns)i(the)g(v)-5 -b(alue)32 b Fw(0)g Fu(to)h(all)d(v)-5 b(ariables)31 b(then)244 -1188 y Ft(h)p Fr(x)h Fu(:=)h Fr(x)p Fu(+)p Fr(1)p Fu(,)g -Fs(s)788 1203 y Fn(0)827 1188 y Ft(i)g(!)f Fs(s)1079 -1203 y Fn(0)1118 1188 y Fu([)p Fr(x)p Ft(7!)p Fw(1)p -Fu(])0 1379 y(is)i(an)f(instance)i(of)e([ass)882 1394 -y Fn(ns)954 1379 y Fu(])h(b)s(ecause)i Fs(x)45 b Fu(is)34 -b(instan)m(tiated)f(to)h Fr(x)p Fu(,)h Fs(a)41 b Fu(to)33 -b Fr(x)p Fu(+)p Fr(1)p Fu(,)i Fs(s)42 b Fu(to)34 b Fs(s)3045 -1394 y Fn(0)3084 1379 y Fu(,)h(and)f(the)0 1499 y(v)-5 -b(alue)32 b Ft(A)p Fu([)-17 b([)p Fr(x)p Fu(+)p Fr(1)p -Fu(])g(])q Fs(s)633 1514 y Fn(0)705 1499 y Fu(is)32 b(determined)h(to)f -(b)s(e)h Fw(1)p Fu(.)146 1619 y(Similarly)23 b([skip)753 -1634 y Fn(ns)824 1619 y Fu(])j(is)g(an)g(axiom)f(and,)j(in)m(tuitiv)m -(ely)-8 b(,)26 b(it)f(sa)m(ys)i(that)f Fr(skip)i Fu(do)s(es)e(not)h(c)m -(hange)0 1740 y(the)33 b(state.)44 b(Letting)32 b Fs(s)836 -1755 y Fn(0)908 1740 y Fu(b)s(e)h(as)f(ab)s(o)m(v)m(e)i(w)m(e)f(obtain) -244 1931 y Ft(h)p Fr(skip)p Fu(,)g Fs(s)595 1946 y Fn(0)635 -1931 y Ft(i)f(!)g Fs(s)886 1946 y Fn(0)0 2122 y Fu(as)h(an)f(instance)h -(of)f(the)h(axiom)e([skip)1402 2137 y Fn(ns)1474 2122 -y Fu(].)146 2242 y(In)m(tuitiv)m(ely)-8 b(,)35 b(the)f(rule)g([comp) -1263 2257 y Fn(ns)1334 2242 y Fu(])g(sa)m(ys)i(that)e(to)g(execute)i -Fs(S)2356 2257 y Fn(1)2395 2242 y Fu(;)p Fs(S)2489 2257 -y Fn(2)2563 2242 y Fu(from)d(state)i Fs(s)42 b Fu(w)m(e)35 -b(m)m(ust)0 2362 y(\014rst)k(execute)i Fs(S)630 2377 -y Fn(1)708 2362 y Fu(from)d Fs(s)8 b Fu(.)63 b(Assuming)38 -b(that)h(this)f(yields)h(a)g(\014nal)f(state)h Fs(s)2836 -2326 y Fi(0)2898 2362 y Fu(w)m(e)h(shall)e(then)0 2483 -y(execute)26 b Fs(S)408 2498 y Fn(2)472 2483 y Fu(from)d -Fs(s)742 2447 y Fi(0)765 2483 y Fu(.)41 b(The)25 b(premises)f(of)g(the) -h(rule)f(are)g(concerned)i(with)e(the)g(t)m(w)m(o)h(statemen)m(ts)0 -2603 y Fs(S)67 2618 y Fn(1)134 2603 y Fu(and)i Fs(S)385 -2618 y Fn(2)451 2603 y Fu(whereas)i(the)f(conclusion)f(expresses)j(a)d -(prop)s(ert)m(y)h(of)f(the)h(comp)s(osite)e(statemen)m(t)0 -2723 y(itself.)42 b(The)34 b(follo)m(wing)c(is)i(an)g -Fs(instanc)-5 b(e)39 b Fu(of)32 b(the)h(rule:)254 2896 -y Ft(h)p Fr(skip)p Fu(,)g Fs(s)605 2911 y Fn(0)645 2896 -y Ft(i)f(!)g Fs(s)896 2911 y Fn(0)936 2896 y Fu(,)g Ft(h)p -Fr(x)h Fu(:=)f Fr(x)p Fu(+)p Fr(1)p Fu(,)h Fs(s)1539 -2911 y Fn(0)1579 2896 y Ft(i)f(!)g Fs(s)1830 2911 y Fn(0)1870 -2896 y Fu([)p Fr(x)p Ft(7!)p Fw(1)p Fu(])p 254 2960 1878 -4 v 492 3064 a Ft(h)p Fr(skip)p Fu(;)i Fr(x)e Fu(:=)h -Fr(x)p Fu(+)p Fr(1)p Fu(,)g Fs(s)1301 3079 y Fn(0)1340 -3064 y Ft(i)g(!)f Fs(s)1592 3079 y Fn(0)1631 3064 y Fu([)p -Fr(x)p Ft(7!)p Fw(1)p Fu(])0 3241 y(Here)j Fs(S)299 3256 -y Fn(1)372 3241 y Fu(is)f(instan)m(tiated)f(to)g Fr(skip)p -Fu(,)j Fs(S)1467 3256 y Fn(2)1540 3241 y Fu(to)e Fr(x)g -Fu(:=)g Fr(x)g Fu(+)g Fr(1)p Fu(,)h Fs(s)42 b Fu(and)34 -b Fs(s)2512 3205 y Fi(0)2569 3241 y Fu(are)g(b)s(oth)g(instan)m(tiated) -0 3361 y(to)e Fs(s)167 3376 y Fn(0)239 3361 y Fu(and)h -Fs(s)477 3325 y Fi(00)552 3361 y Fu(is)f(instan)m(tiated)g(to)g -Fs(s)1357 3376 y Fn(0)1397 3361 y Fu([)p Fr(x)p Ft(7!)p -Fw(1)p Fu(].)43 b(Similarly)254 3540 y Ft(h)p Fr(skip)p -Fu(,)33 b Fs(s)605 3555 y Fn(0)645 3540 y Ft(i)f(!)g -Fs(s)896 3555 y Fn(0)936 3540 y Fu([)p Fr(x)p Ft(7!)p -Fw(5)p Fu(],)g Ft(h)p Fr(x)h Fu(:=)f Fr(x)p Fu(+)p Fr(1)p -Fu(,)h Fs(s)1800 3555 y Fn(0)1840 3540 y Fu([)p Fr(x)p -Ft(7!)p Fw(5)p Fu(])p Ft(i)f(!)h Fs(s)2353 3555 y Fn(0)p -254 3603 2139 4 v 753 3708 a Ft(h)p Fr(skip)p Fu(;)h -Fr(x)f Fu(:=)f Fr(x)p Fu(+)p Fr(1)p Fu(,)h Fs(s)1562 -3723 y Fn(0)1602 3708 y Ft(i)f(!)g Fs(s)1853 3723 y Fn(0)0 -3886 y Fu(is)37 b(an)g(instance)g(of)g([comp)998 3901 -y Fn(ns)1069 3886 y Fu(])g(although)f(it)h(is)f(less)i(in)m(teresting)f -(b)s(ecause)h(its)f(premises)g(can)0 4007 y(nev)m(er)d(b)s(e)f(deriv)m -(ed)g(from)f(the)h(axioms)e(and)i(rules)f(of)g(T)-8 b(able)33 -b(2.1.)146 4127 y(F)-8 b(or)24 b(the)g Fr(if)p Fu(-construct)i(w)m(e)f -(ha)m(v)m(e)g(t)m(w)m(o)g(rules.)41 b(The)25 b(\014rst)g(one,)h([if) -2505 4091 y Fn(tt)2493 4152 y(ns)2563 4127 y Fu(],)g(sa)m(ys)g(that)e -(to)f(execute)0 4247 y Fr(if)41 b Fs(b)46 b Fr(then)41 -b Fs(S)546 4262 y Fn(1)625 4247 y Fr(else)g Fs(S)937 -4262 y Fn(2)1016 4247 y Fu(w)m(e)h(simply)c(execute)k -Fs(S)1911 4262 y Fn(1)1991 4247 y Fu(pro)m(vided)e(that)g -Fs(b)46 b Fu(ev)-5 b(aluates)40 b(to)g Fw(tt)f Fu(in)0 -4368 y(the)46 b(state.)81 b(The)47 b(other)e(rule,)j([if)1311 -4332 y Fn(\013)1299 4392 y(ns)1369 4368 y Fu(],)h(sa)m(ys)d(that)f(if)f -Fs(b)51 b Fu(ev)-5 b(aluates)45 b(to)g Fw(\013)h Fu(then)g(to)e -(execute)0 4488 y Fr(if)33 b Fs(b)38 b Fr(then)c Fs(S)523 -4503 y Fn(1)595 4488 y Fr(else)f Fs(S)899 4503 y Fn(2)980 -4488 y Fu(w)m(e)42 b(just)g(execute)h Fs(S)1759 4503 -y Fn(2)1799 4488 y Fu(.)69 b(T)-8 b(aking)41 b Fs(s)2277 -4503 y Fn(0)2358 4488 y Fr(x)h Fu(=)f Fw(0)g Fu(the)h(follo)m(wing)d -(is)h(an)0 4609 y(instance)33 b(of)f(the)h(rule)f([if)951 -4572 y Fn(tt)939 4633 y(ns)1009 4609 y Fu(]:)912 4787 -y Ft(h)p Fr(skip)p Fu(,)h Fs(s)1263 4802 y Fn(0)1303 -4787 y Ft(i)f(!)g Fs(s)1554 4802 y Fn(0)p 254 4850 1999 -4 v 254 4955 a Ft(h)p Fr(if)h(x)f Fu(=)h Fr(0)g(then)g(skip)h(else)f(x) -g Fu(:=)g Fr(x)p Fu(+)p Fr(1)p Fu(,)g Fs(s)1922 4970 -y Fn(0)1961 4955 y Ft(i)f(!)h Fs(s)2213 4970 y Fn(0)0 -5133 y Fu(b)s(ecause)40 b Ft(B)t Fu([)-17 b([)p Fr(x)39 -b Fu(=)g Fr(0)p Fu(])-17 b(])q Fs(s)815 5148 y Fn(0)893 -5133 y Fu(=)39 b Fw(tt)p Fu(.)61 b(Ho)m(w)m(ev)m(er,)43 -b(had)c(it)f(b)s(een)h(the)h(case)f(that)g Fs(s)2801 -5148 y Fn(0)2879 5133 y Fr(x)g Ft(6)p Fu(=)g Fw(0)g Fu(then)g(it)0 -5254 y(w)m(ould)31 b(not)g(b)s(e)h(an)f(instance)g(of)g(the)h(rule)f -([if)1667 5218 y Fn(tt)1655 5278 y(ns)1725 5254 y Fu(])g(b)s(ecause)i -(then)f Ft(B)s Fu([)-17 b([)q Fr(x)31 b Fu(=)g Fr(0)p -Fu(])-17 b(])q Fs(s)2796 5269 y Fn(0)2867 5254 y Fu(w)m(ould)31 -b(amoun)m(t)0 5374 y(to)26 b Fw(\013)p Fu(.)41 b(F)-8 -b(urthermore)26 b(it)f(w)m(ould)g(not)h(b)s(e)g(an)g(instance)h(of)e -(the)h(rule)g([if)2520 5338 y Fn(\013)2508 5399 y(ns)2578 -5374 y Fu(])g(b)s(ecause)h(the)g(premise)0 5494 y(has)33 -b(the)g(wrong)g(form.)p eop -%%Page: 22 32 -22 31 bop 251 130 a Fw(22)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 430 515 a Fu(Finally)-8 -b(,)28 b(w)m(e)k(ha)m(v)m(e)g(one)f(rule)f(and)h(one)g(axiom)e -(expressing)j(ho)m(w)f(to)f(execute)j(the)e Fr(while)p -Fu(-)283 636 y(construct.)60 b(In)m(tuitiv)m(ely)-8 b(,)38 -b(the)g(meaning)e(of)h(the)h(construct)g Fr(while)h Fs(b)k -Fr(do)38 b Fs(S)50 b Fu(in)36 b(the)i(state)g Fs(s)283 -756 y Fu(can)33 b(b)s(e)g(explained)f(as)h(follo)m(ws:)429 -955 y Ft(\017)48 b Fu(If)29 b(the)g(test)g Fs(b)35 b -Fu(ev)-5 b(aluates)28 b(to)h(true)g(in)e(the)i(state)g -Fs(s)37 b Fu(then)29 b(w)m(e)h(\014rst)f(execute)i(the)e(b)s(o)s(dy)f -(of)527 1076 y(the)33 b(lo)s(op)e(and)i(then)g(con)m(tin)m(ue)g(with)g -(the)g(lo)s(op)e(itself)g(from)g(the)i(state)g(so)g(obtained.)429 -1278 y Ft(\017)48 b Fu(If)35 b(the)h(test)g Fs(b)41 b -Fu(ev)-5 b(aluates)35 b(to)g(false)f(in)h(the)g(state)h -Fs(s)43 b Fu(then)36 b(the)f(execution)h(of)f(the)g(lo)s(op)527 -1398 y(terminates.)283 1597 y(The)47 b(rule)d([while)966 -1561 y Fn(tt)954 1622 y(ns)1025 1597 y Fu(])h(formalizes)e(the)j -(\014rst)f(case)h(where)h Fs(b)k Fu(ev)-5 b(aluates)45 -b(to)g Fw(tt)f Fu(and)h(it)f(sa)m(ys)283 1717 y(that)49 -b(then)h(w)m(e)f(ha)m(v)m(e)i(to)d(execute)j Fs(S)60 -b Fu(follo)m(w)m(ed)48 b(b)m(y)i Fr(while)34 b Fs(b)k -Fr(do)33 b Fs(S)61 b Fu(again.)91 b(The)49 b(axiom)283 -1838 y([while)545 1802 y Fn(\013)533 1862 y(ns)604 1838 -y Fu(])33 b(formalizes)e(the)j(second)g(p)s(ossibilit)m(y)d(and)j -(states)g(that)f(if)f Fs(b)39 b Fu(ev)-5 b(aluates)33 -b(to)g Fw(\013)g Fu(then)283 1958 y(w)m(e)41 b(terminate)d(the)h -(execution)h(of)f(the)h Fr(while)p Fu(-construct)h(lea)m(ving)d(the)i -(state)f(unc)m(hanged.)283 2079 y(Note)33 b(that)f(the)h(rule)f([while) -1355 2042 y Fn(tt)1343 2103 y(ns)1413 2079 y Fu(])g(sp)s(eci\014es)i -(the)f(meaning)e(of)g(the)i Fr(while)p Fu(-construct)h(in)e(terms)283 -2199 y(of)d(the)h(meaning)e(of)h(the)h(v)m(ery)h(same)e(construct)i(so) -f(that)f(w)m(e)h(do)g Fs(not)38 b Fu(ha)m(v)m(e)31 b(a)e(comp)s -(ositional)283 2319 y(de\014nition)j(of)g(the)h(seman)m(tics)g(of)f -(statemen)m(ts.)430 2440 y(When)e(w)m(e)g(use)g(the)f(axioms)f(and)h -(rules)g(to)f(deriv)m(e)i(a)f(transition)e Ft(h)p Fs(S)12 -b Fu(,)28 b Fs(s)8 b Ft(i)29 b(!)g Fs(s)3293 2404 y Fi(0)3345 -2440 y Fu(w)m(e)h(obtain)283 2560 y(a)41 b Fs(derivation)h(tr)-5 -b(e)g(e)p Fu(.)68 b(The)42 b Fs(r)-5 b(o)g(ot)50 b Fu(of)40 -b(the)h(deriv)-5 b(ation)40 b(tree)h(is)f Ft(h)p Fs(S)12 -b Fu(,)41 b Fs(s)8 b Ft(i)40 b(!)h Fs(s)3074 2524 y Fi(0)3138 -2560 y Fu(and)g(the)g Fs(le)-5 b(aves)283 2680 y Fu(are)37 -b(instances)g(of)e(axioms.)53 b(The)37 b Fs(internal)h(no)-5 -b(des)44 b Fu(are)36 b(conclusions)g(of)f(instan)m(tiated)h(rules)283 -2801 y(and)k(they)h(ha)m(v)m(e)g(the)f(corresp)s(onding)g(premises)f -(as)h(their)f(immediate)e(sons.)66 b(W)-8 b(e)40 b(request)283 -2921 y(that)c(all)e(the)j(instan)m(tiated)e(conditions)g(of)h(axioms)f -(and)h(rules)g(m)m(ust)g(b)s(e)g(satis\014ed.)55 b(When)283 -3042 y(displa)m(ying)37 b(a)h(deriv)-5 b(ation)37 b(tree)i(it)e(is)g -(common)g(to)h(ha)m(v)m(e)i(the)e(ro)s(ot)g(at)f(the)i(b)s(ottom)e -(rather)283 3162 y(than)28 b(at)e(the)i(top;)g(hence)h(the)e(son)h(is)e -Fs(ab)-5 b(ove)34 b Fu(its)26 b(father.)42 b(A)27 b(deriv)-5 -b(ation)25 b(tree)j(is)e(called)g Fs(simple)283 3282 -y Fu(if)32 b(it)f(is)i(an)f(instance)h(of)f(an)g(axiom,)g(otherwise)h -(it)e(is)h(called)g Fs(c)-5 b(omp)g(osite)7 b Fu(.)283 -3505 y Fw(Example)37 b(2.1)49 b Fu(Let)33 b(us)g(\014rst)g(consider)g -(the)g(statemen)m(t)g(of)f(Chapter)h(1:)527 3704 y(\()p -Fr(z)p Fu(:=)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(y)p Fu(\);)g -Fr(y)p Fu(:=)p Fr(z)283 3903 y Fu(Let)i Fs(s)508 3918 -y Fn(0)582 3903 y Fu(b)s(e)f(the)h(state)f(that)g(maps)g(all)e(v)-5 -b(ariables)33 b(except)j Fr(x)f Fu(and)f Fr(y)h Fu(to)e -Fw(0)i Fu(and)f(has)h Fs(s)3436 3918 y Fn(0)3508 3903 -y Fr(x)d Fu(=)h Fw(5)283 4023 y Fu(and)g Fs(s)521 4038 -y Fn(0)593 4023 y Fr(y)g Fu(=)f Fw(7)p Fu(.)44 b(Then)34 -b(the)f(follo)m(wing)c(is)k(an)f(example)g(of)g(a)g(deriv)-5 -b(ation)31 b(tree:)577 4217 y Ft(h)p Fr(z)p Fu(:=)p Fr(x)p -Fu(,)i Fs(s)929 4232 y Fn(0)969 4217 y Ft(i)f(!)g Fs(s)1220 -4232 y Fn(1)1577 4217 y Ft(h)p Fr(x)p Fu(:=)p Fr(y)p -Fu(,)h Fs(s)1929 4232 y Fn(1)1968 4217 y Ft(i)f(!)h Fs(s)2220 -4232 y Fn(2)p 527 4303 1782 4 v 944 4505 a Ft(h)p Fr(z)p -Fu(:=)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(y)p Fu(,)g Fs(s)1561 -4520 y Fn(0)1601 4505 y Ft(i)f(!)g Fs(s)1852 4520 y Fn(2)2576 -4505 y Ft(h)p Fr(y)p Fu(:=)p Fr(z)p Fu(,)h Fs(s)2928 -4520 y Fn(2)2968 4505 y Ft(i)f(!)g Fs(s)3219 4520 y Fn(3)p -527 4591 2782 4 v 1274 4793 a Ft(h)p Fu(\()p Fr(z)p Fu(:=)p -Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(y)p Fu(\);)g Fr(y)p Fu(:=)p -Fr(z)p Fu(,)g Fs(s)2232 4808 y Fn(0)2271 4793 y Ft(i)g(!)f -Fs(s)2523 4808 y Fn(3)283 4985 y Fu(where)i(w)m(e)g(ha)m(v)m(e)g(used)g -(the)f(abbreviations:)577 5156 y Fs(s)625 5171 y Fn(1)764 -5156 y Fu(=)100 b Fs(s)988 5171 y Fn(0)1027 5156 y Fu([)p -Fr(z)p Ft(7!)p Fw(5)p Fu(])577 5324 y Fs(s)625 5339 y -Fn(2)764 5324 y Fu(=)g Fs(s)988 5339 y Fn(1)1027 5324 -y Fu([)p Fr(x)p Ft(7!)p Fw(7)p Fu(])577 5492 y Fs(s)625 -5507 y Fn(3)764 5492 y Fu(=)g Fs(s)988 5507 y Fn(2)1027 -5492 y Fu([)p Fr(y)p Ft(7!)p Fw(5)p Fu(])p eop -%%Page: 23 33 -23 32 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216 -b(23)p 0 193 3473 4 v 0 515 a Fu(The)40 b(deriv)-5 b(ation)37 -b(tree)j(has)g(three)f(lea)m(v)m(es)i(denoted)f Ft(h)o -Fr(z)p Fu(:=)p Fr(x)p Fu(,)i Fs(s)2331 530 y Fn(0)2370 -515 y Ft(i)d(!)g Fs(s)2635 530 y Fn(1)2674 515 y Fu(,)i -Ft(h)p Fr(x)p Fu(:=)p Fr(y)p Fu(,)g Fs(s)3102 530 y Fn(1)3141 -515 y Ft(i)e(!)g Fs(s)3406 530 y Fn(2)3445 515 y Fu(,)0 -636 y(and)28 b Ft(h)p Fr(y)p Fu(:=)p Fr(z)p Fu(,)h Fs(s)533 -651 y Fn(2)573 636 y Ft(i)e(!)h Fs(s)815 651 y Fn(3)854 -636 y Fu(,)h(corresp)s(onding)f(to)g(three)g(applications)e(of)i(the)g -(axiom)e([ass)3136 651 y Fn(ns)3208 636 y Fu(].)42 b(The)0 -756 y(rule)32 b([comp)450 771 y Fn(ns)521 756 y Fu(])h(has)g(b)s(een)g -(applied)e(t)m(wice.)44 b(One)33 b(instance)g(is)254 -916 y Ft(h)p Fr(z)p Fu(:=)p Fr(x)p Fu(,)g Fs(s)606 931 -y Fn(0)645 916 y Ft(i)f(!)h Fs(s)897 931 y Fn(1)936 916 -y Fu(,)g Ft(h)o Fr(x)p Fu(:=)p Fr(y)p Fu(,)h Fs(s)1348 -931 y Fn(1)1387 916 y Ft(i)e(!)h Fs(s)1639 931 y Fn(2)p -254 980 1425 4 v 492 1084 a Ft(h)p Fr(z)p Fu(:=)p Fr(x)p -Fu(;)g Fr(x)p Fu(:=)p Fr(y)p Fu(,)g Fs(s)1109 1099 y -Fn(0)1149 1084 y Ft(i)f(!)g Fs(s)1400 1099 y Fn(2)0 1245 -y Fu(whic)m(h)j(has)g(b)s(een)g(used)h(to)e(com)m(bine)g(the)g(lea)m(v) -m(es)i Ft(h)p Fr(z)p Fu(:=)p Fr(x)p Fu(,)f Fs(s)2224 -1260 y Fn(0)2264 1245 y Ft(i)f(!)g Fs(s)2519 1260 y Fn(1)2593 -1245 y Fu(and)g Ft(h)p Fr(x)p Fu(:=)p Fr(y)p Fu(,)h Fs(s)3138 -1260 y Fn(1)3178 1245 y Ft(i)f(!)g Fs(s)3433 1260 y Fn(2)0 -1365 y Fu(with)e(the)h(in)m(ternal)f(no)s(de)g(lab)s(elled)f -Ft(h)o Fr(z)p Fu(:=)p Fr(x)p Fu(;)j Fr(x)p Fu(:=)p Fr(y)p -Fu(,)f Fs(s)1964 1380 y Fn(0)2003 1365 y Ft(i)f(!)h Fs(s)2255 -1380 y Fn(2)2294 1365 y Fu(.)44 b(The)33 b(other)g(instance)g(is)254 -1525 y Ft(h)p Fr(z)p Fu(:=)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p -Fr(y)p Fu(,)g Fs(s)871 1540 y Fn(0)910 1525 y Ft(i)g(!)f -Fs(s)1162 1540 y Fn(2)1201 1525 y Fu(,)h Ft(h)p Fr(y)p -Fu(:=)p Fr(z)p Fu(,)g Fs(s)1613 1540 y Fn(2)1652 1525 -y Ft(i)g(!)f Fs(s)1904 1540 y Fn(3)p 254 1589 1690 4 -v 454 1693 a Ft(h)p Fu(\()p Fr(z)p Fu(:=)p Fr(x)p Fu(;)h -Fr(x)p Fu(:=)p Fr(y)p Fu(\);)g Fr(y)p Fu(:=)p Fr(z)p -Fu(,)g Fs(s)1412 1708 y Fn(0)1452 1693 y Ft(i)f(!)g Fs(s)1703 -1708 y Fn(3)0 1854 y Fu(whic)m(h)h(has)f(b)s(een)i(used)f(to)f(com)m -(bine)g(the)g(in)m(ternal)f(no)s(de)i Ft(h)p Fr(z)p Fu(:=)p -Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(y)p Fu(,)f Fs(s)2785 -1869 y Fn(0)2825 1854 y Ft(i)g(!)g Fs(s)3076 1869 y Fn(2)3148 -1854 y Fu(and)g(the)0 1974 y(leaf)g Ft(h)o Fr(y)p Fu(:=)p -Fr(z)p Fu(,)h Fs(s)533 1989 y Fn(2)573 1974 y Ft(i)f(!)g -Fs(s)824 1989 y Fn(3)896 1974 y Fu(with)h(the)g(ro)s(ot)e -Ft(h)p Fu(\()p Fr(z)p Fu(:=)p Fr(x)p Fu(;)i Fr(x)p Fu(:=)p -Fr(y)p Fu(\);)g Fr(y)p Fu(:=)p Fr(z)p Fu(,)g Fs(s)2453 -1989 y Fn(0)2493 1974 y Ft(i)f(!)g Fs(s)2744 1989 y Fn(3)2784 -1974 y Fu(.)587 b Fh(2)146 2161 y Fu(Consider)37 b(no)m(w)f(the)h -(problem)d(of)i(constructing)g(a)g(deriv)-5 b(ation)34 -b(tree)i(for)g(a)f(giv)m(en)h(state-)0 2282 y(men)m(t)43 -b Fs(S)54 b Fu(and)43 b(state)g Fs(s)8 b Fu(.)74 b(The)43 -b(b)s(est)h(w)m(a)m(y)g(to)e(approac)m(h)h(this)f(is)h(to)f(try)h(to)f -(construct)i(the)0 2402 y(tree)37 b(from)f(the)i(ro)s(ot)e(up)m(w)m -(ards.)58 b(So)37 b(w)m(e)h(will)c(start)j(b)m(y)h(\014nding)f(an)g -(axiom)e(or)i(rule)f(with)h(a)0 2523 y(conclusion)g(where)j(the)e -(left-hand)f(side)h(matc)m(hes)h(the)f(con\014guration)f -Ft(h)p Fs(S)12 b Fu(,)38 b Fs(s)8 b Ft(i)p Fu(.)59 b(There)39 -b(are)0 2643 y(t)m(w)m(o)33 b(cases:)145 2816 y Ft(\017)49 -b Fu(If)43 b(it)e(is)h(an)h Fs(axiom)49 b Fu(and)43 b(if)f(the)h -(conditions)f(of)g(the)h(axiom)e(are)i(satis\014ed)g(then)g(w)m(e)244 -2936 y(can)37 b(determine)g(the)h(\014nal)f(state)g(and)h(the)f -(construction)h(of)f(the)g(deriv)-5 b(ation)36 b(tree)i(is)244 -3057 y(completed.)145 3250 y Ft(\017)49 b Fu(If)28 b(it)g(is)g(a)h -Fs(rule)36 b Fu(then)29 b(the)g(next)h(step)f(is)g(to)f(try)h(to)f -(construct)i(deriv)-5 b(ation)27 b(trees)j(for)e(the)244 -3370 y(premises)33 b(of)f(the)h(rule.)44 b(When)34 b(this)e(has)i(b)s -(een)f(done,)h(it)d(m)m(ust)i(b)s(e)g(c)m(hec)m(k)m(ed)j(that)d(the)244 -3490 y(conditions)e(of)g(the)i(rule)e(are)h(ful\014lled,)f(and)h(only)f -(then)i(can)f(w)m(e)h(determine)f(the)g(\014nal)244 3611 -y(state)h(corresp)s(onding)f(to)h Ft(h)o Fs(S)12 b Fu(,)33 -b Fs(s)8 b Ft(i)p Fu(.)0 3784 y(Often)25 b(there)h(will)d(b)s(e)i(more) -f(than)i(one)f(axiom)e(or)i(rule)g(that)g(matc)m(hes)g(a)g(giv)m(en)g -(con\014guration)0 3904 y(and)j(then)h(the)f(v)-5 b(arious)28 -b(p)s(ossibilities)d(ha)m(v)m(e)k(to)f(b)s(e)g(insp)s(ected)h(in)e -(order)h(to)g(\014nd)g(a)g(deriv)-5 b(ation)0 4024 y(tree.)53 -b(W)-8 b(e)36 b(shall)e(see)i(later)f(that)g(for)g Fw(While)f -Fu(there)i(will)d(b)s(e)j(at)f(most)g(one)h(deriv)-5 -b(ation)34 b(tree)0 4145 y(for)27 b(eac)m(h)i(transition)e -Ft(h)o Fs(S)12 b Fu(,)28 b Fs(s)8 b Ft(i)28 b(!)g Fs(s)1251 -4109 y Fi(0)1302 4145 y Fu(but)g(that)g(this)g(need)h(not)f(hold)f(in)g -(extensions)i(of)f Fw(While)p Fu(.)0 4332 y Fw(Example)37 -b(2.2)48 b Fu(Consider)33 b(the)g(factorial)e(statemen)m(t:)244 -4505 y Fr(y)p Fu(:=)p Fr(1)p Fu(;)i Fr(while)h Ft(:)p -Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p -Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p -Fr(x)p Ft(\000)p Fr(1)p Fu(\))0 4678 y(and)g(let)f Fs(s)40 -b Fu(b)s(e)33 b(a)f(state)h(with)f Fs(s)41 b Fr(x)33 -b Fu(=)f Fw(3)p Fu(.)44 b(In)33 b(this)f(example)g(w)m(e)i(shall)d(sho) -m(w)i(that)269 4845 y Ft(h)o Fr(y)p Fu(:=)p Fr(1)p Fu(;)h -Fr(while)f Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g -Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h -Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(\),)h Fs(s)8 -b Ft(i)32 b(!)g Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(6)p -Fu(][)p Fr(x)p Ft(7!)p Fw(1)p Fu(])277 b(\(*\))0 5013 -y(T)-8 b(o)42 b(do)f(so)h(w)m(e)g(shall)e(sho)m(w)j(that)e(\(*\))g(can) -h(b)s(e)g(obtained)e(from)h(the)h(transition)d(system)k(of)0 -5133 y(T)-8 b(able)37 b(2.1.)56 b(This)37 b(is)g(done)g(b)m(y)h -(constructing)g(a)e(deriv)-5 b(ation)36 b(tree)h(with)g(the)g -(transition)f(\(*\))0 5254 y(as)d(its)f(ro)s(ot.)146 -5374 y(Rather)26 b(than)g(presen)m(ting)h(the)f(complete)g(deriv)-5 -b(ation)24 b(tree)j Fs(T)39 b Fu(in)25 b(one)h(go,)h(w)m(e)g(shall)e -(build)0 5494 y(it)i(in)h(an)g(up)m(w)m(ards)j(manner.)41 -b(Initially)-8 b(,)27 b(w)m(e)i(only)f(kno)m(w)i(that)e(the)h(ro)s(ot)e -(of)h Fs(T)42 b Fu(is)28 b(of)g(the)h(form:)p eop -%%Page: 24 34 -24 33 bop 251 130 a Fw(24)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(h)p Fr(y)p -Fu(:=)p Fr(1)p Fu(;)c Fr(while)h Ft(:)p Fu(\()p Fr(x)p -Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p -Fr(y)g Fo(?)g Fr(x)p Fu(;)f Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p -Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)33 b(!)f Fs(s)2808 530 -y Fn(61)283 700 y Fu(Ho)m(w)m(ev)m(er,)j(the)e(statemen)m(t)527 -885 y Fr(y)p Fu(:=)p Fr(1)p Fu(;)g Fr(while)h Ft(:)q -Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p -Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p -Fr(x)p Ft(\000)p Fr(1)p Fu(\))283 1070 y(is)38 b(of)f(the)h(form)e -Fs(S)978 1085 y Fn(1)1017 1070 y Fu(;)k Fs(S)1151 1085 -y Fn(2)1228 1070 y Fu(so)e(the)g(only)f(rule)g(that)h(could)f(ha)m(v)m -(e)i(b)s(een)f(used)h(to)e(pro)s(duce)h(the)283 1190 -y(ro)s(ot)32 b(of)g Fs(T)46 b Fu(is)32 b([comp)1072 1205 -y Fn(ns)1143 1190 y Fu(].)43 b(Therefore)34 b Fs(T)46 -b Fu(m)m(ust)32 b(ha)m(v)m(e)i(the)f(form:)813 1372 y -Ft(h)p Fr(y)p Fu(:=)p Fr(1)p Fu(,)g Fs(s)8 b Ft(i!)p -Fs(s)1352 1387 y Fn(13)2411 1372 y Fs(T)2494 1387 y Fn(1)p -527 1459 2325 4 v 577 1664 a Ft(h)p Fr(y)p Fu(:=)p Fr(1)p -Fu(;)33 b Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p -Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p -Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p -Fu(\),)h Fs(s)8 b Ft(i!)o Fs(s)2727 1679 y Fn(61)283 -1842 y Fu(for)32 b(some)h(state)g Fs(s)964 1857 y Fn(13)1071 -1842 y Fu(and)g(some)f(deriv)-5 b(ation)31 b(tree)i Fs(T)2241 -1857 y Fn(1)2313 1842 y Fu(whic)m(h)h(has)f(ro)s(ot)552 -2009 y Ft(h)p Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p -Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p -Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p -Fr(1)p Fu(\),)h Fs(s)2251 2024 y Fn(13)2326 2009 y Ft(i)o(!)p -Fs(s)2512 2024 y Fn(61)3582 2009 y Fu(\(**\))283 2177 -y(Since)d Ft(h)p Fr(y)p Fu(:=)p Fr(1)p Fu(,)g Fs(s)8 -b Ft(i)31 b(!)f Fs(s)1134 2192 y Fn(13)1239 2177 y Fu(has)h(to)f(b)s(e) -h(an)g(instance)g(of)f(the)h(axiom)e([ass)2886 2192 y -Fn(ns)2958 2177 y Fu(])h(w)m(e)i(get)e(that)h Fs(s)3575 -2192 y Fn(13)3680 2177 y Fu(=)283 2297 y Fs(s)8 b Fu([)p -Fr(y)p Ft(7!)q Fw(1)p Fu(].)430 2418 y(The)34 b(missing)e(part)h -Fs(T)1275 2433 y Fn(1)1348 2418 y Fu(of)g Fs(T)47 b Fu(is)33 -b(a)g(deriv)-5 b(ation)32 b(tree)i(with)f(ro)s(ot)g(\(**\).)45 -b(Since)34 b(the)g(state-)283 2538 y(men)m(t)39 b(of)e(\(**\))h(has)g -(the)h(form)e Fr(while)i Fs(b)44 b Fr(do)39 b Fs(S)50 -b Fu(the)38 b(deriv)-5 b(ation)37 b(tree)i Fs(T)3003 -2553 y Fn(1)3080 2538 y Fu(m)m(ust)g(ha)m(v)m(e)g(b)s(een)283 -2658 y(constructed)48 b(b)m(y)f(applying)e(either)h(the)g(rule)g -([while)2326 2622 y Fn(tt)2314 2683 y(ns)2384 2658 y -Fu(])h(or)e(the)i(axiom)d([while)3337 2622 y Fn(\013)3325 -2683 y(ns)3396 2658 y Fu(].)84 b(Since)283 2779 y Ft(B)t -Fu([)-17 b([)q Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q -Fs(s)796 2794 y Fn(13)904 2779 y Fu(=)33 b Fw(tt)f Fu(w)m(e)j(see)f -(that)f(only)g(the)h(rule)f([while)2490 2743 y Fn(tt)2478 -2804 y(ns)2548 2779 y Fu(])h(could)f(ha)m(v)m(e)h(b)s(een)g(applied)f -(so)283 2899 y Fs(T)366 2914 y Fn(1)439 2899 y Fu(will)d(ha)m(v)m(e)k -(the)f(form:)813 3071 y Fs(T)896 3086 y Fn(2)2221 3071 -y Fs(T)2304 3086 y Fn(3)p 527 3158 2135 4 v 577 3363 -a Ft(h)p Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p -Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p -Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p -Fu(\),)h Fs(s)2276 3378 y Fn(13)2351 3363 y Ft(i)o(!)p -Fs(s)2537 3378 y Fn(61)283 3541 y Fu(where)g Fs(T)648 -3556 y Fn(2)720 3541 y Fu(is)e(a)h(deriv)-5 b(ation)31 -b(tree)i(with)f(ro)s(ot)527 3726 y Ft(h)p Fr(y)p Fu(:=)p -Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p -Fr(1)p Fu(,)h Fs(s)1373 3741 y Fn(13)1448 3726 y Ft(i!)o -Fs(s)1634 3741 y Fn(32)283 3910 y Fu(and)f Fs(T)556 3925 -y Fn(3)628 3910 y Fu(is)f(a)h(deriv)-5 b(ation)31 b(tree)i(with)f(ro)s -(ot)552 4078 y Ft(h)p Fr(while)i Ft(:)p Fu(\()p Fr(x)p -Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p -Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p -Fr(1)p Fu(\),)h Fs(s)2251 4093 y Fn(32)2326 4078 y Ft(i)o(!)p -Fs(s)2512 4093 y Fn(61)3534 4078 y Fu(\(***\))283 4246 -y(for)e(some)h(state)g Fs(s)964 4261 y Fn(32)1039 4246 -y Fu(.)430 4366 y(Using)h(that)g(the)h(form)e(of)h(the)h(statemen)m(t)g -Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)p Fu(:=)p -Fr(x)p Ft(\000)p Fr(1)f Fu(is)f Fs(S)2962 4381 y Fn(1)3002 -4366 y Fu(;)p Fs(S)3096 4381 y Fn(2)3169 4366 y Fu(it)g(is)g(no)m(w)h -(easy)283 4486 y(to)e(see)g(that)g(the)g(deriv)-5 b(ation)31 -b(tree)i Fs(T)1676 4501 y Fn(2)1748 4486 y Fu(is)577 -4658 y Ft(h)p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(,)g -Fs(s)1029 4673 y Fn(13)1104 4658 y Ft(i!)o Fs(s)1290 -4673 y Fn(33)1682 4658 y Ft(h)p Fr(x)p Fu(:=)p Fr(x)p -Ft(\000)p Fr(1)p Fu(,)h Fs(s)2163 4673 y Fn(33)2238 4658 -y Ft(i!)o Fs(s)2424 4673 y Fn(32)p 527 4745 2022 4 v -947 4950 a Ft(h)p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p -Fu(;)f Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(,)h -Fs(s)1793 4965 y Fn(13)1868 4950 y Ft(i!)o Fs(s)2054 -4965 y Fn(32)283 5133 y Fu(where)40 b Fs(s)619 5148 y -Fn(33)731 5133 y Fu(=)e Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p -Fw(3)p Fu(])38 b(and)g Fs(s)1435 5148 y Fn(32)1548 5133 -y Fu(=)f Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(3)p Fu(][)p -Fr(x)p Ft(7!)q Fw(2)p Fu(].)59 b(The)39 b(lea)m(v)m(es)g(of)e -Fs(T)3008 5148 y Fn(2)3086 5133 y Fu(are)h(instances)g(of)283 -5254 y([ass)435 5269 y Fn(ns)507 5254 y Fu(])33 b(and)g(they)g(are)g -(com)m(bined)f(using)g([comp)2085 5269 y Fn(ns)2156 5254 -y Fu(].)44 b(So)32 b(no)m(w)i Fs(T)2676 5269 y Fn(2)2748 -5254 y Fu(is)e(fully)f(constructed.)430 5374 y(In)k(a)g(similar)d(w)m -(a)m(y)k(w)m(e)g(can)f(construct)i(the)e(deriv)-5 b(ation)34 -b(tree)h Fs(T)2831 5389 y Fn(3)2906 5374 y Fu(with)f(ro)s(ot)h(\(***\)) -f(and)283 5494 y(w)m(e)g(get:)p eop -%%Page: 25 35 -25 34 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216 -b(25)p 0 193 3473 4 v 294 500 a Ft(h)o Fr(y)p Fu(:=)p -Fr(y)p Fo(?)q Fr(x)p Fu(,)33 b Fs(s)746 515 y Fn(32)820 -500 y Ft(i!)p Fs(s)1007 515 y Fn(62)1399 500 y Ft(h)p -Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(,)h Fs(s)1880 -515 y Fn(62)1954 500 y Ft(i!)p Fs(s)2141 515 y Fn(61)p -244 587 2022 4 v 664 788 a Ft(h)o Fr(y)p Fu(:=)p Fr(y)p -Fo(?)q Fr(x)p Fu(;)f Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p -Fr(1)p Fu(,)g Fs(s)1509 803 y Fn(32)1584 788 y Ft(i!)p -Fs(s)1771 803 y Fn(61)2533 788 y Fs(T)2616 803 y Fn(4)p -244 875 2462 4 v 457 1079 a Ft(h)p Fr(while)h Ft(:)p -Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p -Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p -Fr(x)p Ft(\000)p Fr(1)p Fu(\),)h Fs(s)2156 1094 y Fn(32)2231 -1079 y Ft(i)o(!)p Fs(s)2417 1094 y Fn(61)0 1294 y Fu(where)39 -b Fs(s)335 1309 y Fn(62)447 1294 y Fu(=)e Fs(s)8 b Fu([)p -Fr(y)p Ft(7!)p Fw(6)p Fu(][)p Fr(x)p Ft(7!)p Fw(2)p Fu(],)39 -b Fs(s)1244 1309 y Fn(61)1356 1294 y Fu(=)e Fs(s)8 b -Fu([)p Fr(y)p Ft(7!)p Fw(6)p Fu(][)p Fr(x)p Ft(7!)p Fw(1)p -Fu(])38 b(and)f Fs(T)2354 1309 y Fn(4)2431 1294 y Fu(is)g(a)g(deriv)-5 -b(ation)36 b(tree)i(with)0 1415 y(ro)s(ot)244 1631 y -Ft(h)p Fr(while)33 b Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p -Fu(\))g Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p -Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p -Fu(\),)h Fs(s)1943 1646 y Fn(61)2017 1631 y Ft(i!)p Fs(s)2204 -1646 y Fn(61)146 1847 y Fu(Finally)-8 b(,)28 b(w)m(e)i(see)h(that)e -(the)h(deriv)-5 b(ation)27 b(tree)j Fs(T)1892 1862 y -Fn(4)1961 1847 y Fu(is)f(an)h(instance)f(of)g(the)h(axiom)e([while)3387 -1810 y Fn(\013)3375 1871 y(ns)3445 1847 y Fu(])0 1967 -y(b)s(ecause)h Ft(B)s Fu([)-17 b([)q Ft(:)p Fu(\()p Fr(x)p -Fu(=)p Fr(1)p Fu(\)])g(])q Fs(s)868 1982 y Fn(61)971 -1967 y Fu(=)27 b Fw(\013)p Fu(.)42 b(This)28 b(completes)f(the)h -(construction)g(of)f(the)h(deriv)-5 b(ation)26 b(tree)0 -2087 y Fs(T)46 b Fu(for)32 b(\(*\).)2981 b Fh(2)0 2333 -y Fw(Exercise)36 b(2.3)49 b Fu(Consider)33 b(the)g(statemen)m(t)244 -2549 y Fr(z)p Fu(:=)p Fr(0)p Fu(;)g Fr(while)h(y)p Ft(\024)q -Fr(x)e(do)h Fu(\()p Fr(z)p Fu(:=)p Fr(z)p Fu(+)p Fr(1)p -Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(y)p Fu(\))0 -2765 y(Construct)39 b(a)e(deriv)-5 b(ation)36 b(tree)i(for)f(this)g -(statemen)m(t)h(when)h(executed)g(in)e(a)g(state)h(where)h -Fr(x)0 2886 y Fu(has)33 b(the)g(v)-5 b(alue)32 b Fw(17)h -Fu(and)f Fr(y)h Fu(has)g(the)g(v)-5 b(alue)32 b Fw(5)p -Fu(.)1709 b Fh(2)146 3132 y Fu(W)-8 b(e)33 b(shall)f(in)m(tro)s(duce)h -(the)g(follo)m(wing)d(terminology:)41 b(The)34 b(execution)g(of)e(a)g -(statemen)m(t)i Fs(S)0 3252 y Fu(on)e(a)h(state)g Fs(s)145 -3468 y Ft(\017)49 b Fs(terminates)40 b Fu(if)32 b(and)g(only)g(if)g -(there)h(is)f(a)g(state)h Fs(s)2032 3432 y Fi(0)2088 -3468 y Fu(suc)m(h)h(that)f Ft(h)o Fs(S)12 b Fu(,)33 b -Fs(s)8 b Ft(i)32 b(!)g Fs(s)2984 3432 y Fi(0)3008 3468 -y Fu(,)g(and)145 3684 y Ft(\017)49 b Fs(lo)-5 b(ops)40 -b Fu(if)31 b(and)i(only)f(if)f(there)j(is)e Fs(no)38 -b Fu(state)33 b Fs(s)1854 3648 y Fi(0)1910 3684 y Fu(suc)m(h)h(that)e -Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)2806 -3648 y Fi(0)2829 3684 y Fu(.)0 3900 y(W)-8 b(e)40 b(shall)e(sa)m(y)j -(that)e(a)g(statemen)m(t)h Fs(S)51 b(always)41 b(terminates)47 -b Fu(if)39 b(its)g(execution)h(on)f(a)h(state)g Fs(s)0 -4021 y Fu(terminates)31 b(for)g(all)f(c)m(hoices)j(of)e -Fs(s)8 b Fu(,)32 b(and)g Fs(always)i(lo)-5 b(ops)39 b -Fu(if)31 b(its)g(execution)i(on)f(a)f(state)i Fs(s)39 -b Fu(lo)s(ops)0 4141 y(for)32 b(all)f(c)m(hoices)i(of)f -Fs(s)8 b Fu(.)0 4390 y Fw(Exercise)36 b(2.4)49 b Fu(Consider)33 -b(the)g(follo)m(wing)d(statemen)m(ts)145 4606 y Ft(\017)49 -b Fr(while)34 b Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f -Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(;)g -Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(\))145 4822 -y Ft(\017)49 b Fr(while)34 b(1)p Ft(\024)p Fr(x)f(do)g -Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)q Fr(x)p Fu(;)f Fr(x)p -Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(\))145 5038 y Ft(\017)49 -b Fr(while)34 b(true)f(do)g(skip)0 5254 y Fu(F)-8 b(or)28 -b(eac)m(h)j(statemen)m(t)e(determine)g(whether)i(or)e(not)g(it)f(alw)m -(a)m(ys)i(terminates)f(and)g(whether)i(or)0 5374 y(not)k(it)f(alw)m(a)m -(ys)i(lo)s(ops.)50 b(T)-8 b(ry)36 b(to)f(argue)g(for)f(y)m(our)i(answ)m -(ers)h(using)e(the)g(axioms)f(and)i(rules)f(of)0 5494 -y(T)-8 b(able)32 b(2.1.)2978 b Fh(2)p eop -%%Page: 26 36 -26 35 bop 251 130 a Fw(26)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fp(Prop)t(erties)46 -b(of)f(the)h(seman)l(tics)283 700 y Fu(The)32 b(transition)d(system)j -(giv)m(es)f(us)g(a)g(w)m(a)m(y)h(of)e(arguing)f(ab)s(out)i(statemen)m -(ts)g(and)g(their)f(prop-)283 820 y(erties.)44 b(As)31 -b(an)g(example)f(w)m(e)i(ma)m(y)f(b)s(e)g(in)m(terested)h(in)e(whether) -j(t)m(w)m(o)e(statemen)m(ts)h Fs(S)3391 835 y Fn(1)3462 -820 y Fu(and)f Fs(S)3717 835 y Fn(2)283 941 y Fu(are)i -Fs(semantic)-5 b(al)5 b(ly)34 b(e)-5 b(quivalent)p Fu(;)32 -b(b)m(y)h(this)g(w)m(e)g(mean)f(that)h(for)f(all)e(states)k -Fs(s)40 b Fu(and)33 b Fs(s)3303 905 y Fi(0)527 1140 y -Ft(h)p Fs(S)633 1155 y Fn(1)672 1140 y Fu(,)g Fs(s)8 -b Ft(i)32 b(!)g Fs(s)1031 1104 y Fi(0)1087 1140 y Fu(if)g(and)g(only)h -(if)e Ft(h)p Fs(S)1776 1155 y Fn(2)1815 1140 y Fu(,)i -Fs(s)8 b Ft(i)32 b(!)g Fs(s)2174 1104 y Fi(0)p 283 1339 -3473 5 v 283 1509 a Fw(Lemma)38 b(2.5)49 b Fu(The)33 -b(statemen)m(t)527 1708 y Fr(while)h Fs(b)39 b Fr(do)33 -b Fs(S)283 1907 y Fu(is)g(seman)m(tically)d(equiv)-5 -b(alen)m(t)33 b(to)520 2098 y Fr(if)g Fs(b)38 b Fr(then)c -Fu(\()p Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)k Fr(do)33 -b Fs(S)12 b Fu(\))33 b Fr(else)g(skip)p Fu(.)p 283 2219 -V 283 2418 a Fw(Pro)s(of:)38 b Fu(The)33 b(pro)s(of)f(is)g(in)g(t)m(w)m -(o)h(stages.)44 b(W)-8 b(e)33 b(shall)f(\014rst)h(pro)m(v)m(e)g(that)g -(if)552 2585 y Ft(h)p Fr(while)h Fs(b)k Fr(do)33 b Fs(S)12 -b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1524 2549 y Fi(00)3631 -2585 y Fu(\(*\))283 2753 y(then)552 2920 y Ft(h)p Fr(if)h -Fs(b)38 b Fr(then)c Fu(\()p Fs(S)12 b Fu(;)32 b Fr(while)i -Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(\))32 b Fr(else)i(skip)p -Fu(,)f Fs(s)8 b Ft(i)33 b(!)f Fs(s)2658 2884 y Fi(00)3582 -2920 y Fu(\(**\))283 3088 y(Th)m(us,)j(if)d(the)h(execution)h(of)e(the) -h(lo)s(op)f(terminates)g(then)h(so)g(do)s(es)h(its)e(one-lev)m(el)g -(unfolding.)283 3208 y(Later)26 b(w)m(e)g(shall)f(sho)m(w)h(that)g(if)e -(the)i(unfolded)f(lo)s(op)f(terminates)h(then)h(so)g(will)d(the)j(lo)s -(op)e(itself;)283 3329 y(the)33 b(conjunction)g(of)f(these)i(results)f -(then)g(pro)m(v)m(e)h(the)f(lemma.)430 3449 y(Because)44 -b(\(*\))f(holds)f(w)m(e)i(kno)m(w)g(that)f(w)m(e)h(ha)m(v)m(e)g(a)f -(deriv)-5 b(ation)41 b(tree)j Fs(T)56 b Fu(for)42 b(it.)74 -b(It)43 b(can)283 3570 y(ha)m(v)m(e)g(one)e(of)f(t)m(w)m(o)i(forms)e -(dep)s(ending)h(on)g(whether)h(it)e(has)h(b)s(een)g(constructed)i -(using)d(the)283 3690 y(rule)30 b([while)738 3654 y Fn(tt)726 -3715 y(ns)796 3690 y Fu(])g(or)f(the)h(axiom)e([while)1683 -3654 y Fn(\013)1671 3715 y(ns)1742 3690 y Fu(].)42 b(In)30 -b(the)h(\014rst)f(case)g(the)g(deriv)-5 b(ation)28 b(tree)j -Fs(T)42 b Fu(has)30 b(the)283 3810 y(form:)813 3982 y -Fs(T)896 3997 y Fn(1)1253 3982 y Fs(T)1336 3997 y Fn(2)p -527 4068 1168 4 v 604 4273 a Ft(h)o Fr(while)k Fs(b)39 -b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)h -Fs(s)1576 4237 y Fi(00)283 4471 y Fu(where)e Fs(T)645 -4486 y Fn(1)714 4471 y Fu(is)e(a)g(deriv)-5 b(ation)28 -b(tree)i(with)f(ro)s(ot)g Ft(h)o Fs(S)12 b Fu(,)30 b -Fs(s)8 b Ft(i)o(!)p Fs(s)2355 4435 y Fi(0)2408 4471 y -Fu(and)29 b Fs(T)2677 4486 y Fn(2)2746 4471 y Fu(is)g(a)g(deriv)-5 -b(ation)28 b(tree)i(with)283 4591 y(ro)s(ot)h Ft(h)p -Fr(while)h Fs(b)38 b Fr(do)31 b Fs(S)12 b Fu(,)32 b Fs(s)1207 -4555 y Fi(0)1230 4591 y Ft(i!)o Fs(s)1416 4555 y Fi(00)1459 -4591 y Fu(.)43 b(F)-8 b(urthermore,)31 b Ft(B)s Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(])q Fs(s)39 b Fu(=)31 b Fw(tt)p -Fu(.)42 b(Using)31 b(the)h(deriv)-5 b(ation)30 b(trees)283 -4711 y Fs(T)366 4726 y Fn(1)439 4711 y Fu(and)j Fs(T)712 -4726 y Fn(2)785 4711 y Fu(as)g(the)h(premises)f(for)g(the)g(rules)g -([comp)2278 4726 y Fn(ns)2349 4711 y Fu(])g(w)m(e)h(can)g(construct)g -(the)f(deriv)-5 b(ation)283 4832 y(tree:)813 5003 y Fs(T)896 -5018 y Fn(1)1327 5003 y Fs(T)1410 5018 y Fn(2)p 527 5090 -1241 4 v 577 5294 a Ft(h)p Fs(S)12 b Fu(;)32 b Fr(while)i -Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 -b(!)h Fs(s)1676 5258 y Fi(00)283 5494 y Fu(Using)g(that)f -Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])q Fs(s)40 -b Fu(=)33 b Fw(tt)e Fu(w)m(e)j(can)f(use)g(the)g(rule)f([if)2223 -5458 y Fn(tt)2211 5519 y(ns)2282 5494 y Fu(])g(to)g(construct)i(the)f -(deriv)-5 b(ation)31 b(tree)p eop -%%Page: 27 37 -27 36 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216 -b(27)p 0 193 3473 4 v 530 500 a Fs(T)613 515 y Fn(1)2051 -500 y Fs(T)2134 515 y Fn(2)p 244 587 2248 4 v 797 791 -a Ft(h)p Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)39 b Fr(do)33 -b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1896 -755 y Fi(00)p 244 878 V 294 1083 a Ft(h)o Fr(if)h Fs(b)39 -b Fr(then)34 b Fu(\()p Fs(S)12 b Fu(;)32 b Fr(while)i -Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\))33 b Fr(else)g(skip)p -Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)2399 1047 y Fi(00)0 -1267 y Fu(thereb)m(y)i(sho)m(wing)f(that)f(\(**\))g(holds.)146 -1388 y(Alternativ)m(ely)-8 b(,)27 b(the)f(deriv)-5 b(ation)25 -b(tree)h Fs(T)39 b Fu(is)26 b(an)g(instance)g(of)f([while)2621 -1352 y Fn(\013)2609 1412 y(ns)2680 1388 y Fu(].)41 b(Then)27 -b Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 -b Fu(=)32 b Fw(\013)0 1508 y Fu(and)h(w)m(e)g(m)m(ust)g(ha)m(v)m(e)h -(that)e Fs(s)1059 1472 y Fi(00)1102 1508 y Fu(=)p Fs(s)8 -b Fu(.)43 b(So)33 b Fs(T)45 b Fu(simply)31 b(is)244 1694 -y Ft(h)p Fr(while)i Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 -b Fs(s)8 b Ft(i)33 b(!)f Fs(s)0 1880 y Fu(Using)g(the)h(axiom)e([skip) -930 1895 y Fn(ns)1002 1880 y Fu(])h(w)m(e)i(get)e(a)h(deriv)-5 -b(ation)31 b(tree)244 2066 y Ft(h)p Fr(skip)p Fu(,)i -Fs(s)8 b Ft(i!)p Fs(s)782 2030 y Fi(00)0 2252 y Fu(and)33 -b(w)m(e)g(can)g(no)m(w)g(apply)g(the)g(rule)f([if)1444 -2216 y Fn(\013)1432 2276 y(ns)1502 2252 y Fu(])h(to)f(construct)h(a)g -(deriv)-5 b(ation)31 b(tree)i(for)f(\(**\):)1045 2435 -y Ft(h)p Fr(skip)p Fu(,)h Fs(s)8 b Ft(i)33 b(!)f Fs(s)1648 -2399 y Fi(00)p 244 2521 V 294 2726 a Ft(h)o Fr(if)h Fs(b)39 -b Fr(then)34 b Fu(\()p Fs(S)12 b Fu(;)32 b Fr(while)i -Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\))33 b Fr(else)g(skip)p -Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)2399 2690 y Fi(00)0 -2905 y Fu(This)h(completes)f(the)h(\014rst)g(part)g(of)f(the)h(pro)s -(of.)146 3026 y(F)-8 b(or)38 b(the)h(second)h(stage)f(of)f(the)h(pro)s -(of)e(w)m(e)j(assume)f(that)f(\(**\))g(holds)g(and)h(shall)e(pro)m(v)m -(e)0 3146 y(that)29 b(\(*\))g(holds.)42 b(So)29 b(w)m(e)h(ha)m(v)m(e)g -(a)f(deriv)-5 b(ation)27 b(tree)j Fs(T)42 b Fu(for)29 -b(\(**\))f(and)h(m)m(ust)g(construct)i(one)e(for)0 3266 -y(\(*\).)46 b(Only)34 b(t)m(w)m(o)g(rules)g(could)f(giv)m(e)h(rise)f -(to)h(the)g(deriv)-5 b(ation)32 b(tree)i Fs(T)47 b Fu(for)33 -b(\(**\),)g(namely)g([if)3387 3230 y Fn(tt)3375 3291 -y(ns)3445 3266 y Fu(])0 3387 y(or)f([if)216 3351 y Fn(\013)204 -3411 y(ns)274 3387 y Fu(].)44 b(In)33 b(the)g(\014rst)g(case,)h -Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 -b Fu(=)32 b Fw(tt)g Fu(and)g(w)m(e)i(ha)m(v)m(e)g(a)e(deriv)-5 -b(ation)31 b(tree)i Fs(T)2975 3402 y Fn(1)3047 3387 y -Fu(with)g(ro)s(ot)244 3573 y Ft(h)p Fs(S)12 b Fu(;)32 -b Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 -b Ft(i!)o Fs(s)1277 3536 y Fi(00)0 3759 y Fu(The)34 b(statemen)m(t)g -(has)f(the)h(general)f(form)e Fs(S)1632 3774 y Fn(1)1672 -3759 y Fu(;)i Fs(S)1799 3774 y Fn(2)1872 3759 y Fu(and)g(the)h(only)e -(rule)h(that)g(could)g(giv)m(e)g(this)0 3879 y(is)f([comp)353 -3894 y Fn(ns)424 3879 y Fu(].)44 b(Therefore)33 b(there)h(are)e(deriv) --5 b(ation)31 b(trees)j Fs(T)2150 3894 y Fn(2)2222 3879 -y Fu(and)e Fs(T)2494 3894 y Fn(3)2566 3879 y Fu(for)244 -4065 y Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i!)p Fs(s)644 -4029 y Fi(0)667 4065 y Fu(,)33 b(and)244 4232 y Ft(h)p -Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)964 -4196 y Fi(0)988 4232 y Ft(i!)o Fs(s)1174 4196 y Fi(00)0 -4418 y Fu(for)d(some)g(state)g Fs(s)670 4382 y Fi(0)693 -4418 y Fu(.)43 b(It)29 b(is)g(no)m(w)g(straigh)m(tforw)m(ard)g(to)g -(use)h(the)f(rule)g([while)2741 4382 y Fn(tt)2729 4443 -y(ns)2799 4418 y Fu(])h(to)e(com)m(bine)h Fs(T)3433 4433 -y Fn(2)0 4539 y Fu(and)k Fs(T)273 4554 y Fn(3)345 4539 -y Fu(to)f(a)g(deriv)-5 b(ation)31 b(tree)i(for)f(\(*\).)146 -4659 y(In)i(the)g(second)h(case,)f Ft(B)t Fu([)-17 b([)q -Fs(b)6 b Fu(])-17 b(])p Fs(s)42 b Fu(=)33 b Fw(\013)h -Fu(and)f Fs(T)47 b Fu(is)33 b(constructed)i(using)e(the)h(rule)f([if) -3124 4623 y Fn(\013)3112 4684 y(ns)3182 4659 y Fu(].)46 -b(This)0 4780 y(means)33 b(that)f(w)m(e)i(ha)m(v)m(e)f(a)g(deriv)-5 -b(ation)31 b(tree)i(for)244 4965 y Ft(h)p Fr(skip)p Fu(,)g -Fs(s)8 b Ft(i!)p Fs(s)782 4929 y Fi(00)0 5151 y Fu(and)36 -b(according)f(to)h(axiom)e([skip)1249 5166 y Fn(ns)1321 -5151 y Fu(])i(it)f(m)m(ust)h(b)s(e)g(the)g(case)h(that)f -Fs(s)8 b Fu(=)p Fs(s)2634 5115 y Fi(00)2676 5151 y Fu(.)54 -b(But)36 b(then)g(w)m(e)h(can)0 5272 y(use)f(the)f(axiom)e([while)895 -5236 y Fn(\013)883 5296 y(ns)953 5272 y Fu(])i(to)f(construct)i(a)e -(deriv)-5 b(ation)33 b(tree)i(for)f(\(*\).)50 b(This)35 -b(completes)f(the)0 5392 y(pro)s(of.)3148 b Fh(2)p eop -%%Page: 28 38 -28 37 bop 251 130 a Fw(28)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 283 515 a(Exercise)g(2.6)49 -b Fu(Pro)m(v)m(e)42 b(that)f(the)h(t)m(w)m(o)g(statemen)m(ts)g -Fs(S)2359 530 y Fn(1)2398 515 y Fu(;\()p Fs(S)2530 530 -y Fn(2)2570 515 y Fu(;)p Fs(S)2664 530 y Fn(3)2703 515 -y Fu(\))f(and)g(\()p Fs(S)3085 530 y Fn(1)3125 515 y -Fu(;)p Fs(S)3219 530 y Fn(2)3258 515 y Fu(\);)p Fs(S)3390 -530 y Fn(3)3470 515 y Fu(are)h(se-)283 636 y(man)m(tically)21 -b(equiv)-5 b(alen)m(t.)40 b(Construct)25 b(a)e(statemen)m(t)h(sho)m -(wing)f(that)g Fs(S)2843 651 y Fn(1)2882 636 y Fu(;)p -Fs(S)2976 651 y Fn(2)3039 636 y Fu(is)g(not,)i(in)d(general,)283 -756 y(seman)m(tically)31 b(equiv)-5 b(alen)m(t)33 b(to)f -Fs(S)1492 771 y Fn(2)1531 756 y Fu(;)p Fs(S)1625 771 -y Fn(1)1664 756 y Fu(.)1990 b Fh(2)283 970 y Fw(Exercise)37 -b(2.7)49 b Fu(Extend)34 b(the)f(language)e Fw(While)g -Fu(with)h(the)h(statemen)m(t)527 1163 y Fr(repeat)h Fs(S)45 -b Fr(until)34 b Fs(b)283 1355 y Fu(and)39 b(de\014ne)h(the)f(relation)e -Ft(!)h Fu(for)g(it.)61 b(\(The)39 b(seman)m(tics)g(of)f(the)h -Fr(repeat)p Fu(-construct)i(is)d(not)283 1476 y(allo)m(w)m(ed)45 -b(to)g(rely)g(on)g(the)h(existence)h(of)e(a)g Fr(while)p -Fu(-construct)i(in)e(the)h(language.\))80 b(Pro)m(v)m(e)283 -1596 y(that)44 b Fr(repeat)i Fs(S)56 b Fr(until)45 b -Fs(b)50 b Fu(and)44 b Fs(S)12 b Fu(;)44 b Fr(if)h Fs(b)50 -b Fr(then)45 b(skip)g(else)g Fu(\()p Fr(repeat)h Fs(S)56 -b Fr(until)45 b Fs(b)6 b Fu(\))44 b(are)283 1717 y(seman)m(tically)31 -b(equiv)-5 b(alen)m(t.)2381 b Fh(2)283 1931 y Fw(Exercise)37 -b(2.8)49 b Fu(Another)33 b(iterativ)m(e)f(construct)h(is)527 -2123 y Fr(for)h Fs(x)44 b Fu(:=)32 b Fs(a)995 2138 y -Fn(1)1068 2123 y Fr(to)h Fs(a)1260 2138 y Fn(2)1332 2123 -y Fr(do)g Fs(S)283 2316 y Fu(Extend)h(the)f(language)f -Fw(While)e Fu(with)i(this)g(statemen)m(t)h(and)g(de\014ne)h(the)e -(relation)f Ft(!)h Fu(for)g(it.)283 2436 y(Ev)-5 b(aluate)33 -b(the)g(statemen)m(t)527 2629 y Fr(y)p Fu(:=)p Fr(1)p -Fu(;)g Fr(for)h(z)p Fu(:=)p Fr(1)f(to)g(x)g(do)g Fu(\()p -Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p -Fr(x)p Ft(\000)p Fr(1)p Fu(\))283 2822 y(from)38 b(a)h(state)h(where)g -Fr(x)f Fu(has)h(the)f(v)-5 b(alue)39 b(5.)63 b(Hin)m(t:)56 -b(Y)-8 b(ou)39 b(ma)m(y)g(need)h(to)f(assume)g(that)g(y)m(ou)283 -2942 y(ha)m(v)m(e)30 b(an)f(\\in)m(v)m(erse")h(to)e Ft(N)14 -b Fu(,)30 b(so)f(that)f(there)h(is)g(a)f(n)m(umeral)g(for)g(eac)m(h)h -(n)m(um)m(b)s(er)g(that)g(ma)m(y)f(arise)283 3062 y(during)41 -b(the)g(computation.)67 b(\(The)42 b(seman)m(tics)f(of)f(the)i -Fr(for)p Fu(-construct)g(is)e(not)h(allo)m(w)m(ed)f(to)283 -3183 y(rely)33 b(on)f(the)h(existence)h(of)f(a)f Fr(while)p -Fu(-construct)i(in)e(the)h(language.\))855 b Fh(2)430 -3397 y Fu(In)31 b(the)f(ab)s(o)m(v)m(e)i(pro)s(of)d(w)m(e)j(used)f(T)-8 -b(able)30 b(2.1)g(to)g(insp)s(ect)h(the)g(structure)h(of)e(the)g(deriv) --5 b(ation)283 3517 y(tree)30 b(for)e(a)g(certain)g(transition)f(kno)m -(wn)j(to)f(hold.)41 b(In)29 b(the)g(pro)s(of)f(of)g(the)h(next)h -(result)f(w)m(e)g(shall)283 3638 y(com)m(bine)34 b(this)g(with)h(an)f -Fs(induction)i(on)g(the)h(shap)-5 b(e)36 b(of)g(the)g(derivation)g(tr) --5 b(e)g(e)p Fu(.)49 b(The)36 b(idea)e(can)283 3758 y(b)s(e)f -(summarized)f(as)g(follo)m(ws:)p 283 3888 3470 4 v 283 -3904 V 281 4112 4 208 v 298 4112 V 967 4033 a Fw(Induction)g(on)h(the)f -(Shap)s(e)i(of)f(Deriv)-6 b(ation)31 b(T)-9 b(rees)p -3735 4112 V 3752 4112 V 283 4115 3470 4 v 281 4484 4 -370 v 298 4484 V 350 4281 a Fu(1:)143 b(Pro)m(v)m(e)24 -b(that)f(the)h(prop)s(ert)m(y)g(holds)f(for)f(all)f(the)j(simple)e -(deriv)-5 b(ation)21 b(trees)j(b)m(y)h(sho)m(wing)569 -4401 y(that)32 b(it)g(holds)g(for)g(the)h Fs(axioms)40 -b Fu(of)32 b(the)h(transition)e(system.)p 3735 4484 V -3752 4484 V 281 5013 4 529 v 298 5013 V 350 4569 a(2:)143 -b(Pro)m(v)m(e)31 b(that)g(the)f(prop)s(ert)m(y)h(holds)f(for)g(all)e -(comp)s(osite)h(deriv)-5 b(ation)29 b(trees:)43 b(F)-8 -b(or)30 b(eac)m(h)569 4689 y Fs(rule)50 b Fu(assume)44 -b(that)f(the)g(prop)s(ert)m(y)h(holds)e(for)h(its)f(premises)h(\(this)g -(is)g(called)e(the)569 4809 y Fs(induction)29 b(hyp)-5 -b(othesis)p Fu(\))27 b(and)g(pro)m(v)m(e)i(that)e(it)g(also)f(holds)h -(for)g(the)h(conclusion)e(of)h(the)569 4930 y(rule)32 -b(pro)m(vided)h(that)f(the)h(conditions)f(of)g(the)h(rule)f(are)h -(satis\014ed.)p 3735 5013 V 3752 5013 V 283 5016 3470 -4 v 283 5033 V 283 5181 a(T)-8 b(o)28 b(form)m(ulate)f(the)h(theorem)f -(w)m(e)i(shall)e(sa)m(y)h(that)g(the)g(seman)m(tics)g(of)f(T)-8 -b(able)28 b(2.1)f(is)h Fs(determin-)283 5302 y(istic)39 -b Fu(if)31 b(for)h(all)f(c)m(hoices)i(of)f Fs(S)12 b -Fu(,)32 b Fs(s)8 b Fu(,)33 b Fs(s)1594 5266 y Fi(0)1650 -5302 y Fu(and)g Fs(s)1888 5266 y Fi(00)1963 5302 y Fu(w)m(e)g(ha)m(v)m -(e)h(that)527 5494 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 -b Ft(i)32 b(!)g Fs(s)992 5458 y Fi(0)1048 5494 y Fu(and)h -Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1702 -5458 y Fi(00)1777 5494 y Fu(imply)f Fs(s)2099 5458 y -Fi(0)2155 5494 y Fu(=)h Fs(s)2311 5458 y Fi(00)p eop -%%Page: 29 39 -29 38 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216 -b(29)p 0 193 3473 4 v 0 515 a Fu(This)22 b(means)g(that)f(for)h(ev)m -(ery)h(statemen)m(t)g Fs(S)33 b Fu(and)22 b(initial)c(state)k -Fs(s)30 b Fu(w)m(e)23 b(can)f(uniquely)g(determine)0 -636 y(a)32 b(\014nal)g(state)h Fs(s)585 600 y Fi(0)641 -636 y Fu(if)e(\(and)i(only)f(if)7 b(\))31 b(the)i(execution)h(of)e -Fs(S)44 b Fu(terminates.)p 0 759 3473 5 v 0 949 a Fw(Theorem)37 -b(2.9)49 b Fu(The)34 b(natural)d(seman)m(tics)i(of)f(T)-8 -b(able)32 b(2.1)g(is)g(deterministic.)p 0 1069 V 0 1286 -a Fw(Pro)s(of:)37 b Fu(W)-8 b(e)33 b(assume)g(that)g -Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i!)o Fs(s)1456 -1250 y Fi(0)1512 1286 y Fu(and)33 b(shall)e(pro)m(v)m(e)j(that)244 -1503 y(if)d Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i!)p -Fs(s)733 1466 y Fi(00)808 1503 y Fu(then)33 b Fs(s)1078 -1466 y Fi(0)1134 1503 y Fu(=)f Fs(s)1290 1466 y Fi(00)1333 -1503 y Fu(.)0 1719 y(W)-8 b(e)33 b(shall)e(pro)s(ceed)j(b)m(y)f -(induction)f(on)g(the)h(shap)s(e)g(of)f(the)h(deriv)-5 -b(ation)31 b(tree)i(for)f Ft(h)p Fs(S)12 b Fu(,)33 b -Fs(s)8 b Ft(i)o(!)p Fs(s)3384 1683 y Fi(0)3407 1719 y -Fu(.)0 1887 y Fw(The)34 b(case)h Fu([ass)611 1902 y Fn(ns)683 -1887 y Fu(]:)46 b(Then)36 b Fs(S)45 b Fu(is)34 b Fs(x)12 -b Fu(:=)p Fs(a)41 b Fu(and)34 b Fs(s)1730 1851 y Fi(0)1787 -1887 y Fu(is)g Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17 -b([)q Fs(a)7 b Fu(])-17 b(])p Fs(s)8 b Fu(].)48 b(The)35 -b(only)f(axiom)e(or)i(rule)0 2007 y(that)39 b(could)f(b)s(e)i(used)g -(to)f(giv)m(e)g Ft(h)o Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(,)41 -b Fs(s)8 b Ft(i!)o Fs(s)1743 1971 y Fi(00)1825 2007 y -Fu(is)39 b([ass)2082 2022 y Fn(ns)2154 2007 y Fu(])g(so)g(it)f(follo)m -(ws)g(that)h Fs(s)3043 1971 y Fi(00)3124 2007 y Fu(m)m(ust)g(b)s(e)0 -2128 y Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 b([)q -Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])32 b(and)h(thereb)m(y)h -Fs(s)1141 2091 y Fi(0)1197 2128 y Fu(=)f Fs(s)1354 2091 -y Fi(00)1396 2128 y Fu(.)0 2295 y Fw(The)g(case)g Fu([skip)654 -2310 y Fn(ns)726 2295 y Fu(]:)43 b(Analogous.)0 2463 -y Fw(The)33 b(case)g Fu([comp)711 2478 y Fn(ns)782 2463 -y Fu(]:)43 b(Assume)34 b(that)244 2679 y Ft(h)p Fs(S)350 -2694 y Fn(1)389 2679 y Fu(;)p Fs(S)483 2694 y Fn(2)522 -2679 y Fu(,)f Fs(s)8 b Ft(i!)o Fs(s)816 2643 y Fi(0)0 -2896 y Fu(holds)32 b(b)s(ecause)244 3113 y Ft(h)p Fs(S)350 -3128 y Fn(1)389 3113 y Fu(,)h Fs(s)8 b Ft(i)o(!)p Fs(s)683 -3128 y Fn(0)755 3113 y Fu(and)33 b Ft(h)o Fs(S)1050 3128 -y Fn(2)1090 3113 y Fu(,)f Fs(s)1197 3128 y Fn(0)1237 -3113 y Ft(i!)o Fs(s)1423 3076 y Fi(0)0 3329 y Fu(for)c(some)h -Fs(s)434 3344 y Fn(0)474 3329 y Fu(.)42 b(The)30 b(only)e(rule)g(that)h -(could)f(b)s(e)h(applied)f(to)h(giv)m(e)f Ft(h)p Fs(S)2490 -3344 y Fn(1)2529 3329 y Fu(;)p Fs(S)2623 3344 y Fn(2)2663 -3329 y Fu(,)h Fs(s)8 b Ft(i!)p Fs(s)2954 3293 y Fi(00)3025 -3329 y Fu(is)28 b([comp)3374 3344 y Fn(ns)3445 3329 y -Fu(])0 3450 y(so)33 b(there)g(is)f(a)g(state)h Fs(s)835 -3465 y Fn(1)907 3450 y Fu(suc)m(h)i(that)244 3666 y Ft(h)p -Fs(S)350 3681 y Fn(1)389 3666 y Fu(,)e Fs(s)8 b Ft(i)o(!)p -Fs(s)683 3681 y Fn(1)755 3666 y Fu(and)33 b Ft(h)o Fs(S)1050 -3681 y Fn(2)1090 3666 y Fu(,)f Fs(s)1197 3681 y Fn(1)1237 -3666 y Ft(i!)o Fs(s)1423 3630 y Fi(00)0 3883 y Fu(The)47 -b(induction)d(h)m(yp)s(othesis)j(can)f(b)s(e)g(applied)e(to)i(the)g -(premise)f Ft(h)p Fs(S)2637 3898 y Fn(1)2676 3883 y Fu(,)k -Fs(s)8 b Ft(i!)p Fs(s)2987 3898 y Fn(0)3072 3883 y Fu(and)46 -b(from)0 4003 y Ft(h)p Fs(S)106 4018 y Fn(1)145 4003 -y Fu(,)33 b Fs(s)8 b Ft(i)o(!)p Fs(s)439 4018 y Fn(1)512 -4003 y Fu(w)m(e)34 b(get)g Fs(s)868 4018 y Fn(0)941 4003 -y Fu(=)f Fs(s)1098 4018 y Fn(1)1138 4003 y Fu(.)46 b(Similarly)-8 -b(,)29 b(the)34 b(induction)f(h)m(yp)s(othesis)h(can)g(b)s(e)f(applied) -g(to)0 4123 y(the)g(premise)f Ft(h)p Fs(S)632 4138 y -Fn(2)671 4123 y Fu(,)h Fs(s)779 4138 y Fn(0)818 4123 -y Ft(i!)p Fs(s)1005 4087 y Fi(0)1061 4123 y Fu(and)f(from)g -Ft(h)o Fs(S)1586 4138 y Fn(2)1626 4123 y Fu(,)g Fs(s)1733 -4138 y Fn(0)1773 4123 y Ft(i!)o Fs(s)1959 4087 y Fi(00)2034 -4123 y Fu(w)m(e)i(get)e Fs(s)2388 4087 y Fi(0)2444 4123 -y Fu(=)h Fs(s)2601 4087 y Fi(00)2676 4123 y Fu(as)f(required.)0 -4291 y Fw(The)h(case)g Fu([if)553 4255 y Fn(tt)541 4316 -y(ns)611 4291 y Fu(]:)44 b(Assume)33 b(that)244 4508 -y Ft(h)p Fr(if)g Fs(b)38 b Fr(then)c Fs(S)806 4523 y -Fn(1)877 4508 y Fr(else)g Fs(S)1182 4523 y Fn(2)1221 -4508 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)g Fs(s)1580 4472 y -Fi(0)0 4724 y Fu(holds)g(b)s(ecause)244 4941 y Ft(B)s -Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 -b Fw(tt)g Fu(and)h Ft(h)p Fs(S)1043 4956 y Fn(1)1082 -4941 y Fu(,)f Fs(s)8 b Ft(i!)p Fs(s)1376 4905 y Fi(0)0 -5158 y Fu(F)-8 b(rom)45 b Ft(B)s Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(])p Fs(s)54 b Fu(=)46 b Fw(tt)g Fu(w)m(e)h(get)f(that)g -(the)h(only)e(rule)h(that)g(could)g(b)s(e)g(applied)f(to)h(giv)m(e)g -(the)0 5278 y(alternativ)m(e)32 b Ft(h)o Fr(if)i Fs(b)k -Fr(then)c Fs(S)1050 5293 y Fn(1)1121 5278 y Fr(else)g -Fs(S)1426 5293 y Fn(2)1465 5278 y Fu(,)f Fs(s)8 b Ft(i)32 -b(!)g Fs(s)1824 5242 y Fi(00)1899 5278 y Fu(is)g([if)2094 -5242 y Fn(tt)2082 5303 y(ns)2153 5278 y Fu(].)43 b(So)33 -b(it)e(m)m(ust)i(b)s(e)g(the)g(case)g(that)244 5494 y -Ft(h)p Fs(S)350 5509 y Fn(1)389 5494 y Fu(,)g Fs(s)8 -b Ft(i)32 b(!)g Fs(s)748 5458 y Fi(00)p eop -%%Page: 30 40 -30 39 bop 251 130 a Fw(30)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(But)30 -b(then)h(the)f(induction)f(h)m(yp)s(othesis)i(can)f(b)s(e)g(applied)e -(to)i(the)g(premise)f Ft(h)p Fs(S)3155 530 y Fn(1)3194 -515 y Fu(,)i Fs(s)8 b Ft(i)29 b(!)h Fs(s)3546 479 y Fi(0)3599 -515 y Fu(and)283 636 y(from)i Ft(h)p Fs(S)620 651 y Fn(1)659 -636 y Fu(,)g Fs(s)8 b Ft(i)33 b(!)f Fs(s)1018 600 y Fi(00)1093 -636 y Fu(w)m(e)i(get)e Fs(s)1447 600 y Fi(0)1503 636 -y Fu(=)g Fs(s)1659 600 y Fi(00)1702 636 y Fu(.)283 803 -y Fw(The)h(case)g Fu([if)836 767 y Fn(\013)824 828 y(ns)895 -803 y Fu(]:)43 b(Analogous.)283 971 y Fw(The)33 b(case)g -Fu([while)1001 935 y Fn(tt)989 996 y(ns)1060 971 y Fu(]:)44 -b(Assume)33 b(that)527 1198 y Ft(h)p Fr(while)h Fs(b)k -Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g -Fs(s)1499 1162 y Fi(0)283 1425 y Fu(b)s(ecause)527 1652 -y Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)41 -b Fu(=)32 b Fw(tt)p Fu(,)g Ft(h)o Fs(S)12 b Fu(,)33 b -Fs(s)8 b Ft(i!)o Fs(s)1457 1667 y Fn(0)1529 1652 y Fu(and)33 -b Ft(h)p Fr(while)h Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 -b Fs(s)2440 1667 y Fn(0)2479 1652 y Ft(i!)o Fs(s)2665 -1615 y Fi(0)283 1879 y Fu(The)40 b(only)e(rule)h(that)f(could)g(b)s(e)h -(applied)f(to)g(giv)m(e)h Ft(h)p Fr(while)h Fs(b)k Fr(do)c -Fs(S)12 b Fu(,)38 b Fs(s)8 b Ft(i)39 b(!)f Fs(s)3223 -1842 y Fi(00)3304 1879 y Fu(is)g([while)3670 1842 y Fn(tt)3658 -1903 y(ns)3729 1879 y Fu(])283 1999 y(b)s(ecause)c Ft(B)t -Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)41 b Fu(=)32 -b Fw(tt)g Fu(and)g(this)h(means)f(that)527 2226 y Ft(h)p -Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)o(!)p Fs(s)927 2241 -y Fn(1)999 2226 y Fu(and)33 b Ft(h)o Fr(while)h Fs(b)39 -b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)1909 2241 y Fn(1)1949 -2226 y Ft(i)g(!)g Fs(s)2200 2190 y Fi(00)283 2453 y Fu(m)m(ust)46 -b(hold)e(for)h(some)g Fs(s)1234 2468 y Fn(1)1273 2453 -y Fu(.)81 b(Again)44 b(the)i(induction)e(h)m(yp)s(othesis)i(can)f(b)s -(e)h(applied)e(to)g(the)283 2573 y(premise)33 b Ft(h)o -Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i!)o Fs(s)1041 2588 y -Fn(0)1113 2573 y Fu(and)33 b(from)e Ft(h)p Fs(S)12 b -Fu(,)33 b Fs(s)8 b Ft(i)o(!)p Fs(s)1933 2588 y Fn(1)2005 -2573 y Fu(w)m(e)34 b(get)e Fs(s)2359 2588 y Fn(0)2431 -2573 y Fu(=)h Fs(s)2588 2588 y Fn(1)2627 2573 y Fu(.)44 -b(Th)m(us)34 b(w)m(e)f(ha)m(v)m(e)527 2800 y Ft(h)p Fr(while)h -Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)1248 2815 -y Fn(0)1287 2800 y Ft(i!)p Fs(s)1474 2764 y Fi(0)1530 -2800 y Fu(and)f Ft(h)p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 -b Fu(,)33 b Fs(s)2440 2815 y Fn(0)2479 2800 y Ft(i!)p -Fs(s)2666 2764 y Fi(00)283 3027 y Fu(Since)44 b Ft(h)o -Fr(while)g Fs(b)49 b Fr(do)44 b Fs(S)12 b Fu(,)42 b Fs(s)1310 -3042 y Fn(0)1350 3027 y Ft(i!)o Fs(s)1536 2991 y Fi(0)1602 -3027 y Fu(is)h(a)f(premise)h(of)f(\(the)i(instance)f(of)7 -b(\))42 b([while)3327 2991 y Fn(tt)3315 3051 y(ns)3386 -3027 y Fu(])h(w)m(e)h(can)283 3147 y(apply)37 b(the)h(induction)e(h)m -(yp)s(othesis)j(to)d(it.)57 b(F)-8 b(rom)35 b Ft(h)p -Fr(while)k Fs(b)k Fr(do)37 b Fs(S)12 b Fu(,)37 b Fs(s)2925 -3162 y Fn(0)2965 3147 y Ft(i!)o Fs(s)3151 3111 y Fi(00)3231 -3147 y Fu(w)m(e)h(therefore)283 3268 y(get)33 b Fs(s)494 -3231 y Fi(0)550 3268 y Fu(=)f Fs(s)706 3231 y Fi(00)781 -3268 y Fu(as)h(required.)283 3435 y Fw(The)g(case)g Fu([while)1001 -3399 y Fn(\013)989 3460 y(ns)1060 3435 y Fu(]:)44 b(Straigh)m(tforw)m -(ard.)1826 b Fh(2)283 3784 y Fw(Exercise)37 b(2.10)49 -b Fu(*)83 b(Pro)m(v)m(e)43 b(that)e Fr(repeat)i Fs(S)53 -b Fr(until)43 b Fs(b)48 b Fu(\(as)41 b(de\014ned)i(in)e(Exercise)i -(2.7\))e(is)283 3904 y(seman)m(tically)k(equiv)-5 b(alen)m(t)47 -b(to)g Fs(S)12 b Fu(;)32 b Fr(while)i Ft(:)p Fs(b)39 -b Fr(do)33 b Fs(S)12 b Fu(.)86 b(Argue)47 b(that)f(this)h(means)g(that) -f(the)283 4025 y(extended)35 b(seman)m(tics)e(is)f(deterministic.)1860 -b Fh(2)430 4286 y Fu(It)42 b(is)f(w)m(orth)i(observing)f(that)g(w)m(e)h -(could)e(not)h(pro)m(v)m(e)i(Theorem)e(2.9)f(using)h(structural)283 -4406 y(induction)h(on)g(the)h(statemen)m(t)h Fs(S)12 -b Fu(.)43 b(The)h(reason)h(is)e(that)g(the)h(rule)f([while)3160 -4370 y Fn(tt)3148 4431 y(ns)3219 4406 y Fu(])g(de\014nes)i(the)283 -4527 y(seman)m(tics)30 b(of)f Fr(while)i Fs(b)k Fr(do)30 -b Fs(S)41 b Fu(in)29 b(terms)g(of)g(itself.)41 b(Structural)29 -b(induction)g(w)m(orks)i(\014ne)f(when)283 4647 y(the)k(seman)m(tics)f -(is)f(de\014ned)i Fs(c)-5 b(omp)g(ositional)5 b(ly)40 -b Fu(\(as)33 b(e.g.)45 b Ft(A)32 b Fu(and)h Ft(B)j Fu(in)c(Chapter)i -(1\).)43 b(But)33 b(the)283 4768 y(natural)i(seman)m(tics)h(of)f(T)-8 -b(able)35 b(2.1)g(is)g Fs(not)45 b Fu(de\014ned)38 b(comp)s -(ositionally)31 b(b)s(ecause)37 b(of)e(the)h(rule)283 -4888 y([while)545 4852 y Fn(tt)533 4913 y(ns)604 4888 -y Fu(].)430 5013 y(Basically)-8 b(,)46 b(induction)e(on)h(the)g(shap)s -(e)h(of)e(deriv)-5 b(ation)44 b(trees)i(is)e(a)h(kind)g(of)f -(structural)283 5133 y(induction)g(on)g(the)g(deriv)-5 -b(ation)43 b(trees:)68 b(In)44 b(the)h Fs(b)-5 b(ase)45 -b(c)-5 b(ase)51 b Fu(w)m(e)45 b(sho)m(w)g(that)f(the)h(prop)s(ert)m(y) -283 5254 y(holds)40 b(for)g(the)g(simple)e(deriv)-5 b(ation)39 -b(trees.)66 b(In)41 b(the)f Fs(induction)h(step)46 b -Fu(w)m(e)41 b(assume)g(that)e(the)283 5374 y(prop)s(ert)m(y)d(holds)e -(for)g(the)h(immediate)d(constituen)m(ts)j(of)g(a)f(deriv)-5 -b(ation)33 b(tree)i(and)f(sho)m(w)i(that)283 5494 y(it)c(also)g(holds)g -(for)g(the)h(comp)s(osite)e(deriv)-5 b(ation)31 b(tree.)p -eop -%%Page: 31 41 -31 40 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216 -b(31)p 0 193 3473 4 v 0 515 a Fp(The)44 b(seman)l(tic)j(function)d -FC(S)1440 533 y Fk(ns)0 700 y Fu(The)37 b Fs(me)-5 b(aning)44 -b Fu(of)36 b(statemen)m(ts)h(can)g(no)m(w)g(b)s(e)g(summarized)e(as)i -(a)f(\(partial\))e(function)i(from)0 820 y Fw(State)d -Fu(to)f Fw(State)p Fu(.)43 b(W)-8 b(e)33 b(de\014ne)244 -1017 y Ft(S)312 1032 y Fn(ns)383 1017 y Fu(:)43 b Fw(Stm)32 -b Ft(!)g Fu(\()p Fw(State)h Fo(,)-17 b Ft(!)32 b Fw(State)p -Fu(\))0 1214 y(and)h(this)f(means)h(that)f(for)g(ev)m(ery)i(statemen)m -(t)f Fs(S)45 b Fu(w)m(e)33 b(ha)m(v)m(e)h(a)f(partial)d(function)244 -1411 y Ft(S)312 1426 y Fn(ns)383 1411 y Fu([)-17 b([)p -Fs(S)12 b Fu(])-17 b(])33 b Ft(2)g Fw(State)g Fo(,)-17 -b Ft(!)33 b Fw(State)p Fu(.)0 1607 y(It)g(is)f(giv)m(en)g(b)m(y)244 -1861 y Ft(S)312 1876 y Fn(ns)383 1861 y Fu([)-17 b([)p -Fs(S)12 b Fu(])-17 b(])q Fs(s)40 b Fu(=)714 1715 y Fg(\()822 -1800 y Fs(s)870 1763 y Fi(0)1148 1800 y Fu(if)31 b Ft(h)p -Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1702 -1763 y Fi(0)822 1920 y Fu(undef)p 822 1933 243 4 v 91 -w(otherwise)0 2114 y(Note)e(that)g Ft(S)510 2129 y Fn(ns)611 -2114 y Fu(is)g(a)g(w)m(ell-de\014ned)g(partial)e(function)h(b)s(ecause) -j(of)e(Theorem)g(2.9.)42 b(The)31 b(need)0 2234 y(for)36 -b(partialit)m(y)f(is)h(demonstrated)h(b)m(y)h(the)f(statemen)m(t)g -Fr(while)d(true)f(do)g(skip)38 b Fu(that)f(alw)m(a)m(ys)0 -2355 y(lo)s(ops)32 b(\(see)h(Exercise)h(2.4\);)e(w)m(e)i(then)f(ha)m(v) -m(e)244 2552 y Ft(S)312 2567 y Fn(ns)383 2552 y Fu([)-17 -b([)p Fr(while)34 b(true)g(do)f(skip)p Fu(])-17 b(])34 -b Fs(s)41 b Fu(=)32 b(undef)p 1546 2565 236 4 v 0 2748 -a(for)g(all)f(states)i Fs(s)8 b Fu(.)0 2968 y Fw(Exercise)36 -b(2.11)49 b Fu(The)38 b(seman)m(tics)g(of)e(arithmetic)f(expressions)k -(is)e(giv)m(en)g(b)m(y)h(the)g(function)0 3088 y Ft(A)p -Fu(.)61 b(W)-8 b(e)39 b(can)g(also)f(use)h(an)g(op)s(erational)d -(approac)m(h)j(and)g(de\014ne)g(a)g(natural)e(seman)m(tics)i(for)0 -3208 y(the)33 b(arithmetic)d(expressions.)46 b(It)32 -b(will)f(ha)m(v)m(e)j(t)m(w)m(o)f(kinds)g(of)f(con\014gurations:)294 -3397 y Ft(h)o Fs(a)7 b Fu(,)33 b Fs(s)8 b Ft(i)100 b -Fu(denoting)32 b(that)g Fs(a)40 b Fu(has)33 b(to)f(b)s(e)h(ev)-5 -b(aluated)32 b(in)g(state)h Fs(s)8 b Fu(,)33 b(and)294 -3564 y Fs(z)302 b Fu(denoting)32 b(the)h(\014nal)f(v)-5 -b(alue)32 b(\(an)g(elemen)m(t)g(of)g Fw(Z)p Fu(\).)0 -3754 y(The)i(transition)c(relation)h Ft(!)1103 3769 y -Fn(Aexp)1300 3754 y Fu(has)i(the)g(form)244 3951 y Ft(h)p -Fs(a)7 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)618 3966 y Fn(Aexp)816 -3951 y Fs(z)0 4147 y Fu(where)e(the)g(idea)e(is)h(that)f -Fs(a)38 b Fu(ev)-5 b(aluates)29 b(to)h Fs(z)42 b Fu(in)29 -b(state)i Fs(s)8 b Fu(.)42 b(Some)30 b(example)f(axioms)g(and)h(rules)0 -4268 y(are)244 4465 y Ft(h)p Fs(n)7 b Fu(,)32 b Fs(s)8 -b Ft(i)33 b(!)623 4480 y Fn(Aexp)821 4465 y Ft(N)14 b -Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])244 4679 y Ft(h)p -Fs(x)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)618 4694 y Fn(Aexp)815 -4679 y Fs(s)41 b(x)254 4885 y Ft(h)p Fs(a)350 4900 y -Fn(1)389 4885 y Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)668 4900 -y Fn(Aexp)865 4885 y Fs(z)917 4900 y Fn(1)957 4885 y -Fu(,)g Ft(h)p Fs(a)1112 4900 y Fn(2)1152 4885 y Fu(,)g -Fs(s)8 b Ft(i)33 b(!)1430 4900 y Fn(Aexp)1628 4885 y -Fs(z)1680 4900 y Fn(2)p 254 4948 1466 4 v 536 5053 a -Ft(h)p Fs(a)632 5068 y Fn(1)704 5053 y Fu(+)f Fs(a)869 -5068 y Fn(2)909 5053 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)1188 -5068 y Fn(Aexp)1385 5053 y Fs(z)1826 4971 y Fu(where)i -Fs(z)45 b Fu(=)32 b Fs(z)2353 4986 y Fn(1)2425 4971 y -Fu(+)g Fs(z)2585 4986 y Fn(2)0 5234 y Fu(Complete)k(the)h(sp)s -(eci\014cation)f(of)h(the)g(transition)e(system.)57 b(Use)37 -b(structural)g(induction)e(on)0 5355 y Fw(Aexp)e Fu(to)f(pro)m(v)m(e)i -(that)f(the)g(meaning)e(of)h Fs(a)40 b Fu(de\014ned)34 -b(b)m(y)g(this)e(relation)f(is)h(the)h(same)g(as)g(that)0 -5475 y(de\014ned)h(b)m(y)f Ft(A)p Fu(.)2820 b Fh(2)p -eop -%%Page: 32 42 -32 41 bop 251 130 a Fw(32)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 283 515 a(Exercise)g(2.12)49 -b Fu(In)24 b(a)h(similar)c(w)m(a)m(y)k(w)m(e)h(can)e(sp)s(ecify)h(a)f -(natural)f(seman)m(tics)i(for)f(the)g(b)s(o)s(olean)283 -636 y(expressions.)46 b(The)33 b(transitions)f(will)e(ha)m(v)m(e)k(the) -f(form)527 865 y Ft(h)p Fs(b)6 b Fu(,)33 b Fs(s)8 b Ft(i)32 -b(!)896 880 y Fn(Bexp)1090 865 y Fs(t)283 1094 y Fu(where)27 -b Fs(t)34 b Ft(2)25 b Fw(T)p Fu(.)g(Sp)s(ecify)g(the)h(transition)d -(system)j(and)f(pro)m(v)m(e)h(that)e(the)i(meaning)d(of)i -Fs(b)30 b Fu(de\014ned)283 1215 y(in)i(this)g(w)m(a)m(y)i(is)e(the)h -(same)g(as)g(that)f(de\014ned)i(b)m(y)f Ft(B)t Fu(.)1487 -b Fh(2)283 1479 y Fw(Exercise)37 b(2.13)49 b Fu(Determine)i(whether)i -(or)e(not)h(seman)m(tic)g(equiv)-5 b(alence)52 b(of)f -Fs(S)3349 1494 y Fn(1)3441 1479 y Fu(and)h Fs(S)3717 -1494 y Fn(2)283 1600 y Fu(amoun)m(ts)33 b(to)f Ft(S)864 -1615 y Fn(ns)935 1600 y Fu([)-17 b([)q Fs(S)1040 1615 -y Fn(1)1079 1600 y Fu(])g(])33 b(=)f Ft(S)1325 1615 y -Fn(ns)1396 1600 y Fu([)-17 b([)q Fs(S)1501 1615 y Fn(2)1540 -1600 y Fu(])g(])q(.)2076 b Fh(2)283 1964 y Fj(2.2)161 -b(Structural)53 b(op)t(erational)i(seman)l(tics)283 2194 -y Fu(In)34 b(structural)g(op)s(erational)d(seman)m(tics)j(the)g -(emphasis)f(is)g(on)h(the)g Fs(individual)h(steps)41 -b Fu(of)33 b(the)283 2314 y(execution,)i(that)f(is)f(the)i(execution)f -(of)f(assignmen)m(ts)i(and)e(tests.)49 b(The)35 b(transition)d -(relation)283 2435 y(has)h(the)g(form)527 2664 y Ft(h)p -Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))g Fo(\015)283 -2893 y Fu(where)39 b Fo(\015)j Fu(either)37 b(is)f(of)h(the)g(form)f -Ft(h)p Fs(S)1675 2857 y Fi(0)1698 2893 y Fu(,)i Fs(s)1811 -2857 y Fi(0)1835 2893 y Ft(i)e Fu(or)h(of)g(the)g(form)f -Fs(s)2605 2857 y Fi(0)2628 2893 y Fu(.)57 b(The)38 b(transition)e -(expresses)283 3014 y(the)30 b Fs(\014rst)39 b Fu(step)31 -b(of)e(the)h(execution)g(of)f Fs(S)41 b Fu(from)28 b(state)i -Fs(s)8 b Fu(.)43 b(There)30 b(are)g(t)m(w)m(o)g(p)s(ossible)f -(outcomes:)429 3243 y Ft(\017)48 b Fu(If)25 b Fo(\015)k -Fu(is)24 b(of)g(the)h(form)e Ft(h)p Fs(S)1378 3207 y -Fi(0)1401 3243 y Fu(,)j Fs(s)1502 3207 y Fi(0)1526 3243 -y Ft(i)e Fu(then)h(the)g(execution)g(of)f Fs(S)36 b Fu(from)23 -b Fs(s)33 b Fu(is)24 b Fs(not)34 b Fu(completed)24 b(and)527 -3363 y(the)42 b(remaining)e(computation)g(is)h(expressed)k(b)m(y)d(the) -g(in)m(termediate)f(con\014guration)527 3484 y Ft(h)p -Fs(S)633 3447 y Fi(0)656 3484 y Fu(,)33 b Fs(s)764 3447 -y Fi(0)787 3484 y Ft(i)p Fu(.)429 3713 y Ft(\017)48 b -Fu(If)32 b Fo(\015)k Fu(is)31 b(of)g(the)g(form)g Fs(s)1362 -3677 y Fi(0)1416 3713 y Fu(then)h(the)g(execution)g(of)f -Fs(S)43 b Fu(from)30 b Fs(s)40 b(has)f Fu(terminated)30 -b(and)h(the)527 3833 y(\014nal)h(state)h(is)f Fs(s)1129 -3797 y Fi(0)1153 3833 y Fu(.)283 4063 y(W)-8 b(e)33 b(shall)f(sa)m(y)h -(that)f Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b -Fu(is)g Fs(stuck)44 b Fu(if)31 b(there)i(is)f(no)h Fo(\015)k -Fu(suc)m(h)d(that)f Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 -b Ft(i)32 b(\))g Fo(\015)5 b Fu(.)430 4188 y(The)45 b(de\014nition)f -(of)g Ft(\))g Fu(is)g(giv)m(en)h(b)m(y)g(the)g(axioms)e(and)i(rules)f -(of)g(T)-8 b(able)45 b(2.2)f(and)g(the)283 4308 y(general)36 -b(form)g(of)g(these)h(are)g(as)g(in)e(the)i(previous)g(section.)56 -b(Axioms)35 b([ass)3082 4323 y Fn(sos)3178 4308 y Fu(])i(and)f([skip) -3633 4323 y Fn(sos)3729 4308 y Fu(])283 4429 y(ha)m(v)m(e)46 -b(not)e(c)m(hanged)i(at)d(all)g(b)s(ecause)i(the)g(assignmen)m(t)f(and) -g Fr(skip)i Fu(statemen)m(ts)f(are)f(fully)283 4549 y(executed)35 -b(in)d(one)h(step.)430 4675 y(The)k(rules)f([comp)1138 -4639 y Fn(1)1126 4699 y(sos)1221 4675 y Fu(])g(and)g([comp)1744 -4639 y Fn(2)1732 4699 y(sos)1827 4675 y Fu(])g(express)j(that)d(to)g -(execute)i Fs(S)2992 4690 y Fn(1)3031 4675 y Fu(;)p Fs(S)3125 -4690 y Fn(2)3201 4675 y Fu(in)d(state)i Fs(s)44 b Fu(w)m(e)283 -4795 y(\014rst)34 b(execute)g Fs(S)901 4810 y Fn(1)973 -4795 y Fu(one)f(step)g(from)f Fs(s)8 b Fu(.)43 b(Then)34 -b(there)f(are)g(t)m(w)m(o)g(p)s(ossible)f(outcomes:)429 -5024 y Ft(\017)48 b Fu(If)31 b(the)g(execution)h(of)e -Fs(S)1400 5039 y Fn(1)1470 5024 y Fu(has)i(not)e(b)s(een)i(completed)e -(w)m(e)i(ha)m(v)m(e)g(to)f(complete)f(it)g(b)s(efore)527 -5145 y(em)m(barking)i(on)h(the)g(execution)g(of)f Fs(S)1922 -5160 y Fn(2)1961 5145 y Fu(.)429 5374 y Ft(\017)48 b -Fu(If)35 b(the)g(execution)h(of)e Fs(S)1416 5389 y Fn(1)1490 -5374 y Fu(has)i(b)s(een)f(completed)g(w)m(e)h(can)f(start)g(on)f(the)i -(execution)f(of)527 5494 y Fs(S)594 5509 y Fn(2)634 5494 -y Fu(.)p eop -%%Page: 33 43 -33 42 bop 0 130 a Fw(2.2)112 b(Structural)37 b(op)s(erational)f(seman)m -(tics)1506 b(33)p 0 193 3473 4 v 0 419 V 0 2340 4 1922 -v 331 528 a Fu([ass)483 543 y Fn(sos)579 528 y Fu(])348 -b Ft(h)o Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(,)33 b Fs(s)8 -b Ft(i)33 b(\))f Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17 -b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])331 743 y([skip)529 -758 y Fn(sos)624 743 y Fu(])303 b Ft(h)o Fr(skip)p Fu(,)34 -b Fs(s)8 b Ft(i)33 b(\))f Fs(s)331 1035 y Fu([comp)598 -999 y Fn(1)586 1059 y(sos)681 1035 y Fu(])1097 948 y -Ft(h)p Fs(S)1203 963 y Fn(1)1242 948 y Fu(,)h Fs(s)8 -b Ft(i)32 b(\))g(h)p Fs(S)1659 912 y Fi(0)1659 973 y -Fn(1)1698 948 y Fu(,)h Fs(s)1806 912 y Fi(0)1829 948 -y Ft(i)p 964 1012 1038 4 v 964 1116 a(h)o Fs(S)1069 1131 -y Fn(1)1109 1116 y Fu(;)p Fs(S)1203 1131 y Fn(2)1242 -1116 y Fu(,)g Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)1659 1080 -y Fi(0)1659 1141 y Fn(1)1698 1116 y Fu(;)p Fs(S)1792 -1131 y Fn(2)1832 1116 y Fu(,)g Fs(s)1939 1080 y Fi(0)1963 -1116 y Ft(i)331 1397 y Fu([comp)598 1361 y Fn(2)586 1422 -y(sos)681 1397 y Fu(])1152 1310 y Ft(h)p Fs(S)1258 1325 -y Fn(1)1297 1310 y Fu(,)h Fs(s)8 b Ft(i)32 b(\))g Fs(s)1656 -1274 y Fi(0)p 964 1374 905 4 v 964 1478 a Ft(h)o Fs(S)1069 -1493 y Fn(1)1109 1478 y Fu(;)p Fs(S)1203 1493 y Fn(2)1242 -1478 y Fu(,)h Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)1659 1493 -y Fn(2)1698 1478 y Fu(,)h Fs(s)1806 1442 y Fi(0)1829 -1478 y Ft(i)331 1682 y Fu([if)428 1646 y Fn(tt)416 1707 -y(sos)510 1682 y Fu(])417 b Ft(h)o Fr(if)34 b Fs(b)k -Fr(then)c Fs(S)1516 1697 y Fn(1)1587 1682 y Fr(else)g -Fs(S)1892 1697 y Fn(2)1931 1682 y Fu(,)f Fs(s)8 b Ft(i)32 -b(\))g(h)p Fs(S)2348 1697 y Fn(1)2387 1682 y Fu(,)h Fs(s)8 -b Ft(i)32 b Fu(if)g Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(])p Fs(s)41 b Fu(=)32 b Fw(tt)331 1897 y Fu([if)428 -1861 y Fn(\013)416 1922 y(sos)510 1897 y Fu(])417 b Ft(h)o -Fr(if)34 b Fs(b)k Fr(then)c Fs(S)1516 1912 y Fn(1)1587 -1897 y Fr(else)g Fs(S)1892 1912 y Fn(2)1931 1897 y Fu(,)f -Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)2348 1912 y Fn(2)2387 -1897 y Fu(,)h Fs(s)8 b Ft(i)32 b Fu(if)g Ft(B)s Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(\013)331 -2112 y Fu([while)581 2127 y Fn(sos)675 2112 y Fu(])252 -b Ft(h)o Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 b -Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))1281 2279 y(h)p Fr(if)g -Fs(b)39 b Fr(then)33 b Fu(\()p Fs(S)12 b Fu(;)33 b Fr(while)g -Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(\))32 b Fr(else)i(skip)p -Fu(,)f Fs(s)8 b Ft(i)p 3469 2340 4 1922 v 0 2343 3473 -4 v 574 2504 a Fu(T)-8 b(able)32 b(2.2:)43 b(Structural)32 -b(op)s(erational)e(seman)m(tics)j(for)f Fw(While)0 2798 -y Fu(The)h(\014rst)g(case)g(is)e(captured)i(b)m(y)g(the)g(rule)e([comp) -1874 2762 y Fn(1)1862 2822 y(sos)1957 2798 y Fu(]:)43 -b(If)32 b(the)h(result)f(of)g(executing)g(the)h(\014rst)0 -2918 y(step)e(of)e Ft(h)p Fs(S)12 b Fu(,)29 b Fs(s)8 -b Ft(i)30 b Fu(is)f(an)h(in)m(termediate)f(con\014guration)g -Ft(h)o Fs(S)2076 2882 y Fi(0)2076 2943 y Fn(1)2116 2918 -y Fu(,)h Fs(s)2221 2882 y Fi(0)2244 2918 y Ft(i)g Fu(then)g(the)h(next) -f(con\014guration)0 3039 y(is)g Ft(h)p Fs(S)202 3002 -y Fi(0)202 3063 y Fn(1)241 3039 y Fu(;)p Fs(S)335 3054 -y Fn(2)375 3039 y Fu(,)h Fs(s)481 3002 y Fi(0)504 3039 -y Ft(i)g Fu(sho)m(wing)g(that)f(w)m(e)i(ha)m(v)m(e)h(to)d(complete)g -(the)h(execution)h(of)e Fs(S)2823 3054 y Fn(1)2893 3039 -y Fu(b)s(efore)h(w)m(e)h(can)0 3159 y(start)f(on)f Fs(S)432 -3174 y Fn(2)471 3159 y Fu(.)43 b(The)32 b(second)g(case)f(ab)s(o)m(v)m -(e)h(is)e(captured)i(b)m(y)f(the)g(rule)f([comp)2792 -3123 y Fn(2)2780 3184 y(sos)2875 3159 y Fu(]:)43 b(If)30 -b(the)h(result)0 3279 y(of)g(executing)g Fs(S)611 3294 -y Fn(1)682 3279 y Fu(from)e Fs(s)40 b Fu(is)30 b(a)h(\014nal)f(state)i -Fs(s)1667 3243 y Fi(0)1721 3279 y Fu(then)g(the)f(next)h -(con\014guration)e(is)h Ft(h)p Fs(S)3118 3294 y Fn(2)3157 -3279 y Fu(,)i Fs(s)3265 3243 y Fi(0)3288 3279 y Ft(i)p -Fu(,)e(so)0 3400 y(that)h(w)m(e)i(can)f(no)m(w)g(start)g(on)f -Fs(S)1173 3415 y Fn(2)1212 3400 y Fu(.)146 3524 y(F)-8 -b(rom)47 b(the)i(axioms)e([if)1043 3488 y Fn(tt)1031 -3549 y(sos)1125 3524 y Fu(])h(and)h([if)1503 3488 y Fn(\013)1491 -3549 y(sos)1585 3524 y Fu(])f(w)m(e)h(see)h(that)e(the)g(\014rst)h -(step)g(in)f(executing)h(a)0 3645 y(conditional)22 b(is)j(to)g(p)s -(erform)f(the)h(test)h(and)f(to)g(select)h(the)f(appropriate)f(branc)m -(h.)42 b(Finally)-8 b(,)24 b(the)0 3765 y(axiom)i([while)535 -3780 y Fn(sos)629 3765 y Fu(])h(sho)m(ws)i(that)e(the)h(\014rst)g(step) -g(in)e(the)i(execution)g(of)f(the)h Fr(while)p Fu(-construct)h(is)0 -3886 y(to)i(unfold)f(it)g(one)h(lev)m(el,)g(that)g(is)f(to)h(rewrite)g -(it)e(as)j(a)e(conditional.)41 b(The)32 b(test)f(will)e(therefore)0 -4006 y(b)s(e)h(p)s(erformed)g(in)g(the)g(second)i(step)f(of)f(the)g -(execution)h(\(where)g(one)g(of)f(the)g(axioms)f(for)h(the)0 -4126 y Fr(if)p Fu(-construct)k(is)e(applied\).)42 b(W)-8 -b(e)33 b(shall)e(see)j(an)e(example)h(of)f(this)g(shortly)-8 -b(.)146 4251 y(A)33 b Fs(derivation)h(se)-5 b(quenc)g(e)39 -b Fu(of)32 b(a)g(statemen)m(t)i Fs(S)44 b Fu(starting)32 -b(in)f(state)i Fs(s)41 b Fu(is)32 b(either)145 4476 y -Ft(\017)49 b Fu(a)32 b Fs(\014nite)40 b Fu(sequence)458 -4700 y Fo(\015)515 4715 y Fn(0)554 4700 y Fu(,)33 b Fo(\015)670 -4715 y Fn(1)709 4700 y Fu(,)g Fo(\015)825 4715 y Fn(2)864 -4700 y Fu(,)g Ft(\001)17 b(\001)g(\001)n Fu(,)33 b Fo(\015)1156 -4715 y Fn(k)244 4925 y Fu(of)24 b(con\014gurations)g(satisfying)g -Fo(\015)1451 4940 y Fn(0)1515 4925 y Fu(=)g Ft(h)p Fs(S)12 -b Fu(,)24 b Fs(s)8 b Ft(i)p Fu(,)27 b Fo(\015)1969 4940 -y Fn(i)2017 4925 y Ft(\))d Fo(\015)2197 4940 y Fn(i+1)2335 -4925 y Fu(for)h(0)p Ft(\024)p Fu(i)p Fo(<)p Fu(k,)g(k)p -Ft(\025)q Fu(0,)h(and)f(where)244 5045 y Fo(\015)300 -5060 y Fn(k)374 5045 y Fu(is)32 b(either)g(a)h(terminal)d -(con\014guration)h(or)i(a)f(stuc)m(k)i(con\014guration,)e(or)g(it)g(is) -145 5270 y Ft(\017)49 b Fu(an)32 b Fs(in\014nite)40 b -Fu(sequence)458 5494 y Fo(\015)515 5509 y Fn(0)554 5494 -y Fu(,)33 b Fo(\015)670 5509 y Fn(1)709 5494 y Fu(,)g -Fo(\015)825 5509 y Fn(2)864 5494 y Fu(,)g Ft(\001)17 -b(\001)g(\001)p eop -%%Page: 34 44 -34 43 bop 251 130 a Fw(34)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Fu(of)32 -b(con\014gurations)h(satisfying)e Fo(\015)1758 530 y -Fn(0)1830 515 y Fu(=)i Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8 -b Ft(i)32 b Fu(and)h Fo(\015)2469 530 y Fn(i)2525 515 -y Ft(\))f Fo(\015)2713 530 y Fn(i+1)2860 515 y Fu(for)g(0)p -Ft(\024)p Fu(i)283 715 y(W)-8 b(e)40 b(shall)d(write)i -Fo(\015)1004 730 y Fn(0)1082 715 y Ft(\))1181 678 y Fn(i)1244 -715 y Fo(\015)1300 730 y Fn(i)1362 715 y Fu(to)g(indicate)f(that)g -(there)i(are)e(i)g(steps)i(in)e(the)i(execution)f(from)283 -835 y Fo(\015)339 850 y Fn(0)413 835 y Fu(to)c Fo(\015)591 -850 y Fn(i)649 835 y Fu(and)g(w)m(e)g(write)f Fo(\015)1294 -850 y Fn(0)1367 835 y Ft(\))1467 799 y Fi(\003)1541 835 -y Fo(\015)1597 850 y Fn(i)1655 835 y Fu(to)h(indicate)e(that)h(there)i -(is)e(a)g(\014nite)g(n)m(um)m(b)s(er)h(of)f(steps.)283 -955 y(Note)i(that)f Fo(\015)792 970 y Fn(0)867 955 y -Ft(\))966 919 y Fn(i)1025 955 y Fo(\015)1081 970 y Fn(i)1140 -955 y Fu(and)g Fo(\015)1389 970 y Fn(0)1463 955 y Ft(\))1563 -919 y Fi(\003)1637 955 y Fo(\015)1693 970 y Fn(i)1752 -955 y Fu(need)i Fs(not)44 b Fu(b)s(e)36 b(deriv)-5 b(ation)33 -b(sequences:)53 b(they)36 b(will)d(b)s(e)283 1076 y(so)g(if)f(and)g -(only)g(if)g Fo(\015)1042 1091 y Fn(i)1098 1076 y Fu(is)g(either)h(a)f -(terminal)e(con\014guration)i(or)g(a)g(stuc)m(k)j(con\014guration.)283 -1298 y Fw(Example)i(2.14)49 b Fu(Consider)33 b(the)g(statemen)m(t)527 -1497 y(\()p Fr(z)g Fu(:=)g Fr(x)p Fu(;)f Fr(x)h Fu(:=)g -Fr(y)p Fu(\);)g Fr(y)f Fu(:=)h Fr(z)283 1697 y Fu(of)j(Chapter)h(1)f -(and)g(let)g Fs(s)1252 1712 y Fn(0)1328 1697 y Fu(b)s(e)g(the)h(state)f -(that)g(maps)g(all)e(v)-5 b(ariables)35 b(except)j Fr(x)e -Fu(and)h Fr(y)f Fu(to)g Fw(0)283 1817 y Fu(and)d(that)g(has)f -Fs(s)906 1832 y Fn(0)979 1817 y Fr(x)g Fu(=)h Fw(5)f -Fu(and)h Fs(s)1497 1832 y Fn(0)1569 1817 y Fr(y)g Fu(=)f -Fw(7)p Fu(.)44 b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)h(the)f(deriv)-5 -b(ation)31 b(sequence:)527 2016 y Ft(h)p Fu(\()p Fr(z)i -Fu(:=)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(y)p Fu(\);)h -Fr(y)g Fu(:=)g Fr(z)p Fu(,)f Fs(s)1680 2031 y Fn(0)1720 -2016 y Ft(i)934 2184 y(\))g(h)p Fr(x)h Fu(:=)f Fr(y)p -Fu(;)h Fr(y)g Fu(:=)f Fr(z)p Fu(,)h Fs(s)1813 2199 y -Fn(0)1853 2184 y Fu([)p Fr(z)p Ft(7!)p Fw(5)p Fu(])p -Ft(i)934 2351 y(\))f(h)p Fr(y)h Fu(:=)f Fr(z)p Fu(,)h(\()p -Fs(s)1521 2366 y Fn(0)1561 2351 y Fu([)p Fr(z)p Ft(7!)p -Fw(5)p Fu(]\)[)p Fr(x)p Ft(7!)p Fw(7)p Fu(])p Ft(i)934 -2519 y(\))f Fu(\(\()p Fs(s)1190 2534 y Fn(0)1230 2519 -y Fu([)p Fr(z)p Ft(7!)p Fw(5)p Fu(]\)[)p Fr(x)p Ft(7!)p -Fw(7)p Fu(]\)[)p Fr(y)p Ft(7!)p Fw(5)p Fu(])283 2718 -y(Corresp)s(onding)c(to)g Fs(e)-5 b(ach)34 b Fu(of)28 -b(these)h(steps)g(w)m(e)g(ha)m(v)m(e)g Fs(derivation)h(tr)-5 -b(e)g(es)36 b Fu(explaining)26 b(wh)m(y)j(they)283 2839 -y(tak)m(e)34 b(place.)43 b(F)-8 b(or)32 b(the)h(\014rst)g(step)527 -3038 y Ft(h)p Fu(\()p Fr(z)g Fu(:=)f Fr(x)p Fu(;)h Fr(x)g -Fu(:=)f Fr(y)p Fu(\);)h Fr(y)g Fu(:=)g Fr(z)p Fu(,)f -Fs(s)1680 3053 y Fn(0)1720 3038 y Ft(i)g(\))g(h)p Fr(x)h -Fu(:=)f Fr(y)p Fu(;)h Fr(y)g Fu(:=)f Fr(z)p Fu(,)h Fs(s)2670 -3053 y Fn(0)2710 3038 y Fu([)p Fr(z)p Ft(7!)p Fw(5)p -Fu(])p Ft(i)283 3237 y Fu(the)g(deriv)-5 b(ation)31 b(tree)j(is)1314 -3408 y Ft(h)p Fr(z)f Fu(:=)f Fr(x)p Fu(,)h Fs(s)1731 -3423 y Fn(0)1771 3408 y Ft(i)f(\))g Fs(s)2022 3423 y -Fn(0)2061 3408 y Fu([)p Fr(z)p Ft(7!)p Fw(5)p Fu(])p -527 3495 2583 4 v 945 3699 a Ft(h)p Fr(z)h Fu(:=)f Fr(x)p -Fu(;)h Fr(x)g Fu(:=)f Fr(y)p Fu(,)h Fs(s)1692 3714 y -Fn(0)1732 3699 y Ft(i)f(\))g(h)p Fr(x)h Fu(:=)f Fr(y)p -Fu(,)h Fs(s)2352 3714 y Fn(0)2392 3699 y Fu([)p Fr(z)p -Ft(7!)p Fw(5)p Fu(])p Ft(i)p 527 3786 V 577 3991 a(h)p -Fu(\()p Fr(z)g Fu(:=)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(y)p -Fu(\);)h Fr(y)g Fu(:=)f Fr(z)p Fu(,)h Fs(s)1730 4006 -y Fn(0)1770 3991 y Ft(i)f(\))g(h)p Fr(x)h Fu(:=)f Fr(y)p -Fu(;)h Fr(y)g Fu(:=)f Fr(z)p Fu(,)h Fs(s)2720 4006 y -Fn(0)2760 3991 y Fu([)p Fr(z)p Ft(7!)p Fw(5)p Fu(])p -Ft(i)283 4193 y Fu(and)41 b(it)e(has)i(b)s(een)g(constructed)h(from)d -(the)i(axiom)e([ass)2404 4208 y Fn(sos)2500 4193 y Fu(])h(and)g(the)h -(rules)g([comp)3449 4157 y Fn(1)3437 4218 y(sos)3531 -4193 y Fu(])g(and)283 4313 y([comp)550 4277 y Fn(2)538 -4338 y(sos)633 4313 y Fu(].)49 b(The)36 b(deriv)-5 b(ation)33 -b(tree)i(for)f(the)g(second)i(step)g(is)d(constructed)k(in)c(a)h -(similar)e(w)m(a)m(y)283 4434 y(using)j(only)g([ass)910 -4449 y Fn(sos)1006 4434 y Fu(])g(and)g([comp)1527 4398 -y Fn(2)1515 4458 y(sos)1610 4434 y Fu(])g(and)g(for)g(the)g(third)g -(step)h(it)e(simply)f(is)i(an)g(instance)g(of)283 4554 -y([ass)435 4569 y Fn(sos)531 4554 y Fu(].)3096 b Fh(2)283 -4777 y Fw(Example)37 b(2.15)49 b Fu(Assume)37 b(that)f -Fs(s)45 b Fr(x)36 b Fu(=)h Fw(3)p Fu(.)55 b(The)37 b(\014rst)g(step)g -(of)f(execution)h(from)e(the)i(con-)283 4897 y(\014guration)527 -5096 y Ft(h)p Fr(y)p Fu(:=)p Fr(1)p Fu(;)c Fr(while)h -Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p -Fr(y)p Fu(:=)p Fr(y)g Fo(?)g Fr(x)p Fu(;)f Fr(x)p Fu(:=)p -Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)283 5295 -y Fu(will)31 b(giv)m(e)h(the)h(con\014guration)527 5494 -y Ft(h)p Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p -Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)g Fo(?)f -Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p -Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(])p -Ft(i)p eop -%%Page: 35 45 -35 44 bop 0 130 a Fw(2.2)112 b(Structural)37 b(op)s(erational)f(seman)m -(tics)1506 b(35)p 0 193 3473 4 v 0 515 a Fu(This)39 b(is)g(ac)m(hiev)m -(ed)h(using)e(the)i(axiom)d([ass)1617 530 y Fn(sos)1713 -515 y Fu(])i(and)g(the)g(rule)g([comp)2618 479 y Fn(2)2606 -540 y(sos)2701 515 y Fu(])g(as)g(sho)m(wn)h(b)m(y)g(the)0 -636 y(deriv)-5 b(ation)31 b(tree:)929 798 y Ft(h)p Fr(y)p -Fu(:=)p Fr(1)p Fu(,)i Fs(s)8 b Ft(i)32 b(\))g Fs(s)8 -b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(])p 244 885 2235 4 -v 294 1089 a Ft(h)o Fr(y)p Fu(:=)p Fr(1)p Fu(;)34 b Fr(while)f -Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p -Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p -Fr(x)p Ft(\000)p Fr(1)p Fu(\),)h Fs(s)8 b Ft(i)32 b(\))362 -1257 y(h)o Fr(while)i Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p -Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p -Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p -Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(])p -Ft(i)0 1440 y Fu(The)43 b(next)h(step)f(of)f(the)h(execution)g(will)d -(rewrite)i(the)h(lo)s(op)e(as)i(a)f(conditional)e(using)i(the)0 -1561 y(axiom)31 b([while)540 1576 y Fn(sos)634 1561 y -Fu(])i(so)g(w)m(e)g(get)g(the)g(con\014guration)244 1751 -y Ft(h)p Fr(if)g Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p -Fu(\))g Fr(then)g Fu(\(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)q -Fr(x)p Fu(;)f Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p -Fu(\);)1046 1919 y Fr(while)i Ft(:)q Fu(\()p Fr(x)p Fu(=)p -Fr(1)p Fu(\))e Fr(do)i Fu(\()p Fr(y)p Fu(:=)p Fr(y)p -Fo(?)p Fr(x)p Fu(;)f Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p -Fr(1)p Fu(\)\))771 2086 y Fr(else)g(skip)p Fu(,)h Fs(s)8 -b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(])p Ft(i)0 2276 y Fu(The)38 -b(follo)m(wing)c(step)k(will)d(p)s(erform)h(the)i(test)g(and)f(yields)g -(\(according)f(to)h([if)2937 2240 y Fn(tt)2925 2301 y(sos)3019 -2276 y Fu(]\))g(the)h(con-)0 2397 y(\014guration)244 -2587 y Ft(h)p Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p -Fu(;)33 b Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(\);)h -Fr(while)f Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g -Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h -Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(\),)h Fs(s)8 -b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(])p Ft(i)0 2777 y Fu(W)-8 -b(e)33 b(can)g(then)g(use)h([ass)890 2792 y Fn(sos)985 -2777 y Fu(],)f([comp)1339 2741 y Fn(2)1327 2802 y(sos)1422 -2777 y Fu(])g(and)f([comp)1938 2741 y Fn(1)1926 2802 -y(sos)2021 2777 y Fu(])h(to)f(obtain)f(the)i(con\014guration)244 -2967 y Ft(h)p Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p -Fu(;)g Fr(while)h Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p -Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)g Fo(?)f -Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p -Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(3)p Fu(])p -Ft(i)0 3157 y Fu(as)33 b(is)f(v)m(eri\014ed)h(b)m(y)h(the)f(deriv)-5 -b(ation)31 b(tree:)1156 3339 y Ft(h)p Fr(y)p Fu(:=)p -Fr(y)p Fo(?)p Fr(x)p Fu(,)i Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p -Fw(1)p Fu(])p Ft(i\))o Fs(s)g Fu([)p Fr(y)p Ft(7!)p Fw(3)p -Fu(])p 204 3426 3066 4 v 723 3630 a Ft(h)p Fr(y)p Fu(:=)p -Fr(y)p Fo(?)p Fr(x)p Fu(;)33 b Fr(x)p Fu(:=)p Fr(x)p -Ft(\000)p Fr(1)p Fu(,)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p -Fw(1)p Fu(])p Ft(i\)h)o Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p -Fr(1)p Fu(,)34 b Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(3)p -Fu(])p Ft(i)p 204 3717 V 253 3922 a(h)p Fu(\()p Fr(y)p -Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(;)33 b Fr(x)p Fu(:=)p -Fr(x)p Ft(\000)p Fr(1)p Fu(\);)h Fr(while)g Ft(:)p Fu(\()p -Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p -Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p -Fr(1)p Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(1)p -Fu(])p Ft(i)32 b(\))507 4089 y(h)p Fr(x)p Fu(:=)p Fr(x)p -Ft(\000)p Fr(1)p Fu(;)i Fr(while)g Ft(:)p Fu(\()p Fr(x)p -Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p -Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p -Fr(1)p Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(3)p -Fu(])p Ft(i)0 4282 y Fu(Using)32 b([ass)426 4297 y Fn(sos)522 -4282 y Fu(])h(and)f([comp)1038 4246 y Fn(2)1026 4307 -y(sos)1121 4282 y Fu(])h(the)g(next)g(con\014guration)f(will)e(then)k -(b)s(e)244 4473 y Ft(h)p Fr(while)f Ft(:)q Fu(\()p Fr(x)p -Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p Fr(y)p Fu(:=)p -Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p -Fr(1)p Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(3)p -Fu(][)p Fr(x)p Ft(7!)p Fw(2)p Fu(])p Ft(i)0 4663 y Fu(Con)m(tin)m(uing) -32 b(in)g(this)g(w)m(a)m(y)i(w)m(e)f(ev)m(en)m(tually)h(reac)m(h)f(the) -g(\014nal)f(state)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(6)p -Fu(][)p Fr(x)p Ft(7!)p Fw(1)p Fu(].)304 b Fh(2)0 4873 -y Fw(Exercise)36 b(2.16)49 b Fu(Construct)34 b(a)e(deriv)-5 -b(ation)31 b(sequence)36 b(for)c(the)h(statemen)m(t)244 -5064 y Fr(z)p Fu(:=)p Fr(0)p Fu(;)g Fr(while)h(y)p Ft(\024)q -Fr(x)e(do)h Fu(\()p Fr(z)p Fu(:=)p Fr(z)p Fu(+)p Fr(1)p -Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(y)p Fu(\))0 -5254 y(when)24 b(executed)h(in)d(a)g(state)h(where)h -Fr(x)f Fu(has)g(the)g(v)-5 b(alue)22 b Fw(17)h Fu(and)g -Fr(y)g Fu(has)g(the)g(v)-5 b(alue)22 b Fw(5)p Fu(.)40 -b(Determine)0 5374 y(a)33 b(state)g Fs(s)41 b Fu(suc)m(h)35 -b(that)d(the)i(deriv)-5 b(ation)31 b(sequence)36 b(obtained)c(for)h -(the)g(ab)s(o)m(v)m(e)h(statemen)m(t)f(and)0 5494 y Fs(s)41 -b Fu(is)32 b(in\014nite.)2893 b Fh(2)p eop -%%Page: 36 46 -36 45 bop 251 130 a Fw(36)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 430 515 a Fu(Giv)m(en)30 -b(a)g(statemen)m(t)h Fs(S)42 b Fu(in)29 b(the)i(language)e -Fw(While)g Fu(and)h(a)g(state)g Fs(s)39 b Fu(it)29 b(is)h(alw)m(a)m(ys) -h(p)s(ossible)283 636 y(to)43 b(\014nd)g Fs(at)i(le)-5 -b(ast)44 b(one)50 b Fu(deriv)-5 b(ation)41 b(sequence)46 -b(that)d(starts)g(in)f(the)h(con\014guration)f Ft(h)p -Fs(S)12 b Fu(,)43 b Fs(s)8 b Ft(i)p Fu(:)283 756 y(simply)29 -b(apply)h(axioms)e(and)j(rules)f(forev)m(er)g(or)g(un)m(til)f(a)g -(terminal)f(or)i(stuc)m(k)h(con\014guration)e(is)283 -877 y(reac)m(hed.)60 b(Insp)s(ection)37 b(of)g(T)-8 b(able)37 -b(2.2)g(sho)m(ws)i(that)e(there)h(are)f(no)h(stuc)m(k)h -(con\014gurations)e(in)283 997 y Fw(While)30 b Fu(and)i(Exercise)g -(2.22)f(b)s(elo)m(w)g(will)e(sho)m(w)k(that)e(there)h(is)f(in)g(fact)g -(only)g(one)g(deriv)-5 b(ation)283 1117 y(sequence)41 -b(that)c(starts)h(with)f Ft(h)p Fs(S)12 b Fu(,)37 b Fs(s)8 -b Ft(i)p Fu(.)59 b(Ho)m(w)m(ev)m(er,)41 b(some)c(of)g(the)h(constructs) -h(considered)g(in)283 1238 y(Section)k(2.4)g(that)f(extend)j -Fw(While)c Fu(will)f(ha)m(v)m(e)45 b(con\014gurations)d(that)h(are)g -(stuc)m(k)h(or)f(more)283 1358 y(than)33 b(one)g(deriv)-5 -b(ation)31 b(sequence)k(that)e(starts)g(in)e(a)i(giv)m(en)f -(con\014guration.)430 1496 y(In)j(analogy)f(with)h(the)h(terminology)d -(of)h(the)i(previous)g(section)f(w)m(e)h(shall)e(sa)m(y)i(that)f(the) -283 1616 y(execution)f(of)e(a)g(statemen)m(t)h Fs(S)45 -b Fu(on)32 b(a)g(state)h Fs(s)429 1905 y Ft(\017)48 b -Fs(terminates)e Fu(if)36 b(and)i(only)g(if)e(there)j(is)e(a)g(\014nite) -h(deriv)-5 b(ation)36 b(sequence)k(starting)d(with)527 -2025 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)o Fu(,)33 -b(and)429 2314 y Ft(\017)48 b Fs(lo)-5 b(ops)54 b Fu(if)46 -b(and)g(only)g(if)f(there)j(is)e(an)g(in\014nite)g(deriv)-5 -b(ation)44 b(sequence)50 b(starting)45 b(with)527 2434 -y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)o Fu(.)283 -2723 y(W)-8 b(e)37 b(shall)d(sa)m(y)j(that)f(the)g(execution)g(of)g -Fs(S)47 b Fu(on)36 b Fs(s)44 b(terminates)37 b(suc)-5 -b(c)g(essful)5 b(ly)45 b Fu(if)34 b Ft(h)p Fs(S)12 b -Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))3613 2687 y Fi(\003)3685 -2723 y Fs(s)3733 2687 y Fi(0)283 2844 y Fu(for)k(some)f(state)i -Fs(s)974 2807 y Fi(0)997 2844 y Fu(;)h(in)d Fw(While)f -Fu(an)i(execution)g(terminates)f(successfully)i(if)e(and)h(only)f(if)g -(it)283 2964 y(terminates)e(b)s(ecause)h(there)g(are)f(no)g(stuc)m(k)i -(con\014gurations.)45 b(Finally)-8 b(,)30 b(w)m(e)k(shall)e(sa)m(y)i -(that)f(a)283 3084 y(statemen)m(t)e Fs(S)42 b(always)32 -b(terminates)38 b Fu(if)29 b(it)g(terminates)h(on)g(all)e(states,)k -(and)e Fs(always)i(lo)-5 b(ops)38 b Fu(if)29 b(it)283 -3205 y(lo)s(ops)j(on)g(all)f(states.)283 3570 y Fw(Exercise)37 -b(2.17)49 b Fu(Extend)42 b Fw(While)d Fu(with)i(the)g(construct)h -Fr(repeat)g Fs(S)53 b Fr(until)42 b Fs(b)k Fu(and)41 -b(sp)s(ec-)283 3690 y(ify)i(the)g(structural)g(op)s(erational)e(seman)m -(tics)i(for)f(it.)74 b(\(The)44 b(seman)m(tics)f(for)f(the)i -Fr(repeat)p Fu(-)283 3811 y(construct)34 b(is)e(not)h(allo)m(w)m(ed)e -(to)i(rely)f(on)h(the)g(existence)h(of)e(a)g Fr(while)p -Fu(-construct.\))380 b Fh(2)283 4158 y Fw(Exercise)37 -b(2.18)49 b Fu(Extend)42 b Fw(While)c Fu(with)j(the)f(construct)i -Fr(for)f Fs(x)52 b Fu(:=)41 b Fs(a)2989 4173 y Fn(1)3069 -4158 y Fr(to)g Fs(a)3269 4173 y Fn(2)3349 4158 y Fr(do)g -Fs(S)52 b Fu(and)283 4279 y(sp)s(ecify)31 b(the)f(structural)f(op)s -(erational)e(seman)m(tics)j(for)f(it.)42 b(Hin)m(t:)f(Y)-8 -b(ou)30 b(ma)m(y)f(need)i(to)e(assume)283 4399 y(that)j(y)m(ou)g(ha)m -(v)m(e)h(an)e(\\in)m(v)m(erse")h(to)f Ft(N)15 b Fu(,)31 -b(so)h(that)f(there)h(is)f(a)h(n)m(umeral)e(for)h(eac)m(h)h(n)m(um)m(b) -s(er)g(that)283 4520 y(ma)m(y)40 b(arise)g(during)f(the)i(computation.) -64 b(\(The)41 b(seman)m(tics)f(for)g(the)g Fr(for)p Fu(-construct)h(is) -f(not)283 4640 y(allo)m(w)m(ed)32 b(to)h(rely)f(on)g(the)h(existence)i -(of)d(a)g Fr(while)p Fu(-construct.\))1080 b Fh(2)283 -5034 y Fp(Prop)t(erties)46 b(of)f(the)h(seman)l(tics)283 -5254 y Fu(F)-8 b(or)44 b(structural)g(op)s(erational)e(seman)m(tics)i -(it)f(is)h(often)h(useful)f(to)g(conduct)h(pro)s(ofs)f(b)m(y)h(in-)283 -5374 y(duction)40 b(on)g(the)g Fs(length)47 b Fu(of)39 -b(the)h(deriv)-5 b(ation)39 b(sequences.)68 b(The)41 -b(pro)s(of)e(tec)m(hnique)i(ma)m(y)f(b)s(e)283 5494 y(summarized)32 -b(as)h(follo)m(ws:)p eop -%%Page: 37 47 -37 46 bop 0 130 a Fw(2.2)112 b(Structural)37 b(op)s(erational)f(seman)m -(tics)1506 b(37)p 0 193 3473 4 v 0 419 3470 4 v 0 436 -V -2 643 4 208 v 15 643 V 544 564 a(Induction)32 b(on)g(the)h(Length)g -(of)g(Deriv)-6 b(ation)31 b(Sequences)p 3452 643 V 3469 -643 V 0 647 3470 4 v -2 895 4 249 v 15 895 V 66 812 a -Fu(1:)143 b(Pro)m(v)m(e)34 b(that)f(the)g(prop)s(ert)m(y)g(holds)f(for) -g(all)f(deriv)-5 b(ation)31 b(sequences)k(of)e(length)f(0.)p -3452 895 V 3469 895 V -2 1424 4 529 v 15 1424 V 66 980 -a(2:)143 b(Pro)m(v)m(e)35 b(that)d(the)i(prop)s(ert)m(y)f(holds)g(for)f -(all)f(other)i(deriv)-5 b(ation)31 b(sequences:)47 b(Assume)285 -1100 y(that)39 b(the)h(prop)s(ert)m(y)g(holds)f(for)g(all)e(deriv)-5 -b(ation)38 b(sequences)k(of)d(length)g(at)g(most)g(k)285 -1220 y(\(this)31 b(is)f(called)g(the)h Fs(induction)i(hyp)-5 -b(othesis)p Fu(\))31 b(and)g(sho)m(w)h(that)e(it)g(holds)h(for)f(deriv) --5 b(a-)285 1341 y(tion)32 b(sequences)k(of)c(length)g(k+1.)p -3452 1424 V 3469 1424 V 0 1427 3470 4 v 0 1444 V 0 1640 -a(The)27 b(induction)f(step)h(of)g(a)f(pro)s(of)g(follo)m(wing)d(this)k -(principle)e(will)f(often)i(b)s(e)h(done)g(b)m(y)h(insp)s(ect-)0 -1760 y(ing)k(either)145 1960 y Ft(\017)49 b Fu(the)33 -b(structure)h(of)e(the)h(syn)m(tactic)g(elemen)m(t,)g(or)145 -2162 y Ft(\017)49 b Fu(the)33 b(deriv)-5 b(ation)31 b(tree)i(v)-5 -b(alidating)29 b(the)k(\014rst)h(transition)c(of)j(the)g(deriv)-5 -b(ation)30 b(sequence.)0 2361 y(Note)j(that)f(the)h(pro)s(of)f(tec)m -(hnique)i(is)e(a)g(simple)f(application)f(of)i(mathematical)e -(induction.)146 2482 y(T)-8 b(o)30 b(illustrate)e(the)i(use)h(of)e(the) -i(pro)s(of)e(tec)m(hnique)i(w)m(e)g(shall)d(pro)m(v)m(e)j(the)f(follo)m -(wing)e(lemma)0 2602 y(\(to)22 b(b)s(e)h(used)g(in)f(the)h(next)g -(section\).)40 b(In)m(tuitiv)m(ely)-8 b(,)24 b(the)f(lemma)d(expresses) -26 b(that)c(the)h(execution)0 2723 y(of)35 b(a)h(comp)s(osite)e -(construct)j Fs(S)1159 2738 y Fn(1)1198 2723 y Fu(;)p -Fs(S)1292 2738 y Fn(2)1367 2723 y Fu(can)f(b)s(e)g(split)e(in)m(to)h(t) -m(w)m(o)h(parts,)h(one)f(corresp)s(onding)g(to)0 2843 -y Fs(S)67 2858 y Fn(1)139 2843 y Fu(and)c(the)h(other)g(corresp)s -(onding)g(to)f Fs(S)1564 2858 y Fn(2)1603 2843 y Fu(.)p -0 2963 3473 5 v 0 3134 a Fw(Lemma)37 b(2.19)49 b Fu(If)26 -b Ft(h)p Fs(S)842 3149 y Fn(1)881 3134 y Fu(;)p Fs(S)975 -3149 y Fn(2)1015 3134 y Fu(,)h Fs(s)8 b Ft(i)26 b(\))1282 -3098 y Fn(k)1349 3134 y Fs(s)1397 3098 y Fi(00)1466 3134 -y Fu(then)h(there)g(exists)g(a)f(state)h Fs(s)2544 3098 -y Fi(0)2593 3134 y Fu(and)f(natural)g(n)m(um)m(b)s(ers)0 -3254 y(k)51 3269 y Fn(1)123 3254 y Fu(and)33 b(k)364 -3269 y Fn(2)437 3254 y Fu(suc)m(h)h(that)e Ft(h)p Fs(S)974 -3269 y Fn(1)1013 3254 y Fu(,)h Fs(s)8 b Ft(i)32 b(\))1292 -3218 y Fn(k)1329 3227 y Fd(1)1400 3254 y Fs(s)1448 3218 -y Fi(0)1504 3254 y Fu(and)h Ft(h)o Fs(S)1799 3269 y Fn(2)1839 -3254 y Fu(,)f Fs(s)1946 3218 y Fi(0)1970 3254 y Ft(i)g(\))2141 -3218 y Fn(k)2178 3227 y Fd(2)2249 3254 y Fs(s)2297 3218 -y Fi(00)2372 3254 y Fu(where)i(k)f(=)f(k)2897 3269 y -Fn(1)2937 3254 y Fu(+k)3064 3269 y Fn(2)3104 3254 y Fu(.)p -0 3375 V 0 3574 a Fw(Pro)s(of:)44 b Fu(The)39 b(pro)s(of)f(is)g(b)m(y)h -(induction)f(on)g(the)h(n)m(um)m(b)s(er)g(k,)i(that)d(is)g(b)m(y)h -(induction)f(on)g(the)0 3695 y(length)32 b(of)g(the)h(deriv)-5 -b(ation)31 b(sequence)k Ft(h)p Fs(S)1545 3710 y Fn(1)1584 -3695 y Fu(;)p Fs(S)1678 3710 y Fn(2)1718 3695 y Fu(,)d -Fs(s)8 b Ft(i)33 b(\))1996 3659 y Fn(k)2070 3695 y Fs(s)2118 -3659 y Fi(00)2161 3695 y Fu(.)146 3815 y(If)g(k)g(=)f(0)h(then)g(the)g -(result)f(holds)g(v)-5 b(acuously)d(.)146 3936 y(F)g(or)26 -b(the)h(induction)f(step)i(w)m(e)g(assume)f(that)f(the)h(lemma)e(holds) -h(for)h(k)33 b Ft(\024)g Fu(k)2889 3951 y Fn(0)2955 3936 -y Fu(and)27 b(w)m(e)h(shall)0 4056 y(pro)m(v)m(e)34 b(it)d(for)h(k)560 -4071 y Fn(0)600 4056 y Fu(+1.)43 b(So)33 b(assume)g(that)244 -4256 y Ft(h)p Fs(S)350 4271 y Fn(1)389 4256 y Fu(;)p -Fs(S)483 4271 y Fn(2)522 4256 y Fu(,)g Fs(s)8 b Ft(i)32 -b(\))801 4219 y Fn(k)838 4228 y Fd(0)873 4219 y Fn(+1)1000 -4256 y Fs(s)1048 4219 y Fi(00)0 4455 y Fu(This)h(means)f(that)h(the)g -(deriv)-5 b(ation)31 b(sequence)k(can)e(b)s(e)g(written)f(as)244 -4655 y Ft(h)p Fs(S)350 4670 y Fn(1)389 4655 y Fu(;)p -Fs(S)483 4670 y Fn(2)522 4655 y Fu(,)h Fs(s)8 b Ft(i)32 -b(\))g Fo(\015)38 b Ft(\))1022 4619 y Fn(k)1059 4628 -y Fd(0)1130 4655 y Fs(s)1178 4619 y Fi(00)0 4854 y Fu(for)29 -b(some)h(con\014guration)f Fo(\015)5 b Fu(.)43 b(No)m(w)30 -b(one)h(of)e(t)m(w)m(o)i(cases)g(applies)e(dep)s(ending)h(on)g(whic)m -(h)g(of)g(the)0 4975 y(t)m(w)m(o)j(rules)g([comp)685 -4939 y Fn(1)673 4999 y(sos)768 4975 y Fu(])f(and)h([comp)1284 -4939 y Fn(2)1272 4999 y(sos)1367 4975 y Fu(])f(w)m(as)i(used)g(to)e -(obtain)f Ft(h)p Fs(S)2365 4990 y Fn(1)2404 4975 y Fu(;)p -Fs(S)2498 4990 y Fn(2)2538 4975 y Fu(,)h Fs(s)8 b Ft(i)33 -b(\))f Fo(\015)5 b Fu(.)146 5095 y(In)33 b(the)g(\014rst)g(case)h -(where)g([comp)1393 5059 y Fn(1)1381 5120 y(sos)1475 -5095 y Fu(])f(is)f(used)i(w)m(e)f(ha)m(v)m(e)244 5295 -y Ft(h)p Fs(S)350 5310 y Fn(1)389 5295 y Fu(;)p Fs(S)483 -5310 y Fn(2)522 5295 y Fu(,)g Fs(s)8 b Ft(i)32 b(\))g(h)p -Fs(S)939 5259 y Fi(0)939 5319 y Fn(1)978 5295 y Fu(;)p -Fs(S)1072 5310 y Fn(2)1112 5295 y Fu(,)g Fs(s)1219 5259 -y Fi(0)1243 5295 y Ft(i)0 5494 y Fu(b)s(ecause)p eop -%%Page: 38 48 -38 47 bop 251 130 a Fw(38)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(h)p Fs(S)633 -530 y Fn(1)672 515 y Fu(,)c Fs(s)8 b Ft(i)32 b(\))g(h)p -Fs(S)1089 479 y Fi(0)1089 540 y Fn(1)1128 515 y Fu(,)h -Fs(s)1236 479 y Fi(0)1259 515 y Ft(i)283 732 y Fu(W)-8 -b(e)33 b(therefore)h(ha)m(v)m(e)527 950 y Ft(h)p Fs(S)633 -913 y Fi(0)633 974 y Fn(1)672 950 y Fu(;)p Fs(S)766 965 -y Fn(2)806 950 y Fu(,)e Fs(s)913 913 y Fi(0)937 950 y -Ft(i)g(\))1108 913 y Fn(k)1145 922 y Fd(0)1216 950 y -Fs(s)1264 913 y Fi(00)283 1167 y Fu(and)37 b(the)h(induction)e(h)m(yp)s -(othesis)i(can)f(b)s(e)g(applied)f(to)g(this)h(deriv)-5 -b(ation)35 b(sequence)k(b)s(ecause)283 1287 y(it)29 b(is)h(shorter)h -(than)f(the)g(one)h(w)m(e)g(started)f(with.)43 b(This)30 -b(means)g(that)g(there)g(is)g(a)g(state)g Fs(s)3529 1302 -y Fn(0)3599 1287 y Fu(and)283 1408 y(natural)i(n)m(um)m(b)s(ers)h(k) -1069 1423 y Fn(1)1142 1408 y Fu(and)f(k)1382 1423 y Fn(2)1455 -1408 y Fu(suc)m(h)i(that)527 1625 y Ft(h)p Fs(S)633 1588 -y Fi(0)633 1649 y Fn(1)672 1625 y Fu(,)f Fs(s)780 1588 -y Fi(0)803 1625 y Ft(i)g(\))974 1588 y Fn(k)1011 1597 -y Fd(1)1083 1625 y Fs(s)1131 1640 y Fn(0)1203 1625 y -Fu(and)f Ft(h)p Fs(S)1498 1640 y Fn(2)1537 1625 y Fu(,)h -Fs(s)1645 1640 y Fn(0)1685 1625 y Ft(i)f(\))1855 1588 -y Fn(k)1892 1597 y Fd(2)1964 1625 y Fs(s)2012 1588 y -Fi(00)283 1842 y Fu(where)i(k)616 1857 y Fn(1)656 1842 -y Fu(+k)783 1857 y Fn(2)823 1842 y Fu(=k)950 1857 y Fn(0)990 -1842 y Fu(.)43 b(Using)32 b(that)h Ft(h)p Fs(S)1652 1857 -y Fn(1)1691 1842 y Fu(,)f Fs(s)8 b Ft(i)33 b(\))f(h)p -Fs(S)2108 1806 y Fi(0)2107 1866 y Fn(1)2147 1842 y Fu(,)h -Fs(s)2255 1806 y Fi(0)2278 1842 y Ft(i)f Fu(and)h Ft(h)p -Fs(S)2645 1806 y Fi(0)2644 1866 y Fn(1)2684 1842 y Fu(,)f -Fs(s)2791 1806 y Fi(0)2815 1842 y Ft(i)g(\))2986 1806 -y Fn(k)3023 1815 y Fd(1)3094 1842 y Fs(s)3142 1857 y -Fn(0)3214 1842 y Fu(w)m(e)i(get)527 2059 y Ft(h)p Fs(S)633 -2074 y Fn(1)672 2059 y Fu(,)f Fs(s)8 b Ft(i)32 b(\))951 -2023 y Fn(k)988 2032 y Fd(1)1023 2023 y Fn(+1)1150 2059 -y Fs(s)1198 2074 y Fn(0)283 2276 y Fu(W)-8 b(e)34 b(ha)m(v)m(e)g -(already)f(seen)h(that)f Ft(h)o Fs(S)1551 2291 y Fn(2)1591 -2276 y Fu(,)g Fs(s)1699 2291 y Fn(0)1738 2276 y Ft(i)g(\))1909 -2240 y Fn(k)1946 2249 y Fd(2)2018 2276 y Fs(s)2066 2240 -y Fi(00)2142 2276 y Fu(and)g(since)g(\(k)2660 2291 y -Fn(1)2700 2276 y Fu(+1\)+k)2990 2291 y Fn(2)3062 2276 -y Fu(=)g(k)3222 2291 y Fn(0)3262 2276 y Fu(+1)g(w)m(e)h(ha)m(v)m(e)283 -2396 y(pro)m(v)m(ed)h(the)e(required)g(result.)430 2520 -y(The)f(second)h(p)s(ossibilit)m(y)c(is)h(that)i([comp)1980 -2483 y Fn(2)1968 2544 y(sos)2062 2520 y Fu(])g(has)f(b)s(een)h(used)h -(to)e(obtain)f(the)h(deriv)-5 b(ation)283 2640 y Ft(h)p -Fs(S)389 2655 y Fn(1)428 2640 y Fu(;)p Fs(S)522 2655 -y Fn(2)562 2640 y Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))f Fo(\015)5 -b Fu(.)43 b(Then)34 b(w)m(e)g(ha)m(v)m(e)527 2857 y Ft(h)p -Fs(S)633 2872 y Fn(1)672 2857 y Fu(,)f Fs(s)8 b Ft(i)32 -b(\))g Fs(s)1031 2821 y Fi(0)283 3074 y Fu(and)h Fo(\015)38 -b Fu(is)32 b Ft(h)p Fs(S)766 3089 y Fn(2)805 3074 y Fu(,)g -Fs(s)912 3038 y Fi(0)936 3074 y Ft(i)g Fu(so)h(that)527 -3291 y Ft(h)p Fs(S)633 3306 y Fn(2)672 3291 y Fu(,)g -Fs(s)780 3255 y Fi(0)803 3291 y Ft(i)g(\))974 3255 y -Fn(k)1011 3264 y Fd(0)1083 3291 y Fs(s)1131 3255 y Fi(00)283 -3508 y Fu(The)h(result)e(no)m(w)i(follo)m(ws)d(b)m(y)j(c)m(ho)s(osing)e -(k)1862 3523 y Fn(1)1902 3508 y Fu(=1)g(and)g(k)2299 -3523 y Fn(2)2339 3508 y Fu(=k)2466 3523 y Fn(0)2506 3508 -y Fu(.)1148 b Fh(2)283 3842 y Fw(Exercise)37 b(2.20)49 -b Fu(Supp)s(ose)27 b(that)f Ft(h)o Fs(S)1661 3857 y Fn(1)1701 -3842 y Fu(;)p Fs(S)1795 3857 y Fn(2)1834 3842 y Fu(,)h -Fs(s)8 b Ft(i\))2075 3806 y Fi(\003)2114 3842 y Ft(h)p -Fs(S)2220 3857 y Fn(2)2259 3842 y Fu(,)28 b Fs(s)2362 -3806 y Fi(0)2385 3842 y Ft(i)p Fu(.)41 b(Sho)m(w)27 b(that)e(it)g(is)h -Fs(not)35 b Fu(necessarily)283 3962 y(the)e(case)h(that)e -Ft(h)p Fs(S)975 3977 y Fn(1)1014 3962 y Fu(,)h Fs(s)8 -b Ft(i\))1260 3926 y Fi(\003)1300 3962 y Fs(s)1348 3926 -y Fi(0)1371 3962 y Fu(.)2283 b Fh(2)283 4210 y Fw(Exercise)37 -b(2.21)49 b(\(Essen)m(tial\))30 b Fu(Pro)m(v)m(e)k(that)527 -4427 y(if)e Ft(h)p Fs(S)723 4442 y Fn(1)762 4427 y Fu(,)g -Fs(s)8 b Ft(i)33 b(\))1040 4391 y Fn(k)1114 4427 y Fs(s)1162 -4391 y Fi(0)1218 4427 y Fu(then)g Ft(h)p Fs(S)1546 4442 -y Fn(1)1585 4427 y Fu(;)p Fs(S)1679 4442 y Fn(2)1719 -4427 y Fu(,)f Fs(s)8 b Ft(i)33 b(\))1997 4391 y Fn(k)2071 -4427 y Ft(h)p Fs(S)2177 4442 y Fn(2)2216 4427 y Fu(,)g -Fs(s)2324 4391 y Fi(0)2347 4427 y Ft(i)283 4644 y Fu(that)g(is)f(the)h -(execution)g(of)f Fs(S)1375 4659 y Fn(1)1447 4644 y Fu(is)g(not)h -(in\015uenced)g(b)m(y)h(the)f(statemen)m(t)g(follo)m(wing)d(it.)240 -b Fh(2)430 4891 y Fu(In)25 b(the)h(previous)g(section)f(w)m(e)h -(de\014ned)h(a)e(notion)f(of)h(determinism)e(based)j(on)f(the)h -(natural)283 5012 y(seman)m(tics.)59 b(F)-8 b(or)37 b(the)h(structural) -f(op)s(erational)e(seman)m(tics)j(w)m(e)g(de\014ne)h(the)f(similar)c -(notion)283 5132 y(as)g(follo)m(ws.)46 b(The)35 b(seman)m(tics)e(of)h -(T)-8 b(able)33 b(2.2)g(is)h Fs(deterministic)k Fu(if)33 -b(for)g(all)e(c)m(hoices)k(of)e Fs(S)12 b Fu(,)34 b Fs(s)8 -b Fu(,)34 b Fo(\015)283 5252 y Fu(and)f Fo(\015)529 5216 -y Fi(0)585 5252 y Fu(w)m(e)h(ha)m(v)m(e)f(that)527 5470 -y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))g -Fo(\015)38 b Fu(and)32 b Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 -b Ft(i)33 b(\))f Fo(\015)1695 5433 y Fi(0)1751 5470 y -Fu(imply)e Fo(\015)38 b Fu(=)32 b Fo(\015)2277 5433 y -Fi(0)p eop -%%Page: 39 49 -39 48 bop 0 130 a Fw(2.2)112 b(Structural)37 b(op)s(erational)f(seman)m -(tics)1506 b(39)p 0 193 3473 4 v 0 515 a(Exercise)36 -b(2.22)49 b(\(Essen)m(tial\))d Fu(Sho)m(w)j(that)f(the)g(structural)g -(op)s(erational)e(seman)m(tics)i(of)0 636 y(T)-8 b(able)38 -b(2.2)g(is)g(deterministic.)60 b(Deduce)39 b(that)f(there)h(is)f -(exactly)h(one)g(deriv)-5 b(ation)37 b(sequence)0 756 -y(starting)25 b(in)g(a)h(con\014guration)f Ft(h)p Fs(S)12 -b Fu(,)26 b Fs(s)8 b Ft(i)p Fu(.)41 b(Argue)26 b(that)g(a)g(statemen)m -(t)h Fs(S)37 b Fu(of)26 b Fw(While)e Fu(cannot)j(b)s(oth)0 -877 y(terminate)34 b(and)h(lo)s(op)f(on)h(a)g(state)g -Fs(s)44 b Fu(and)35 b(hence)h(it)f(cannot)g(b)s(oth)g(b)s(e)g(alw)m(a)m -(ys)h(terminating)0 997 y(and)d(alw)m(a)m(ys)g(lo)s(oping.)2555 -b Fh(2)146 1166 y Fu(In)31 b(the)g(previous)h(section)e(w)m(e)i -(de\014ned)g(a)f(notion)e(of)h(t)m(w)m(o)i(statemen)m(ts)g -Fs(S)2848 1181 y Fn(1)2917 1166 y Fu(and)f Fs(S)3172 -1181 y Fn(2)3242 1166 y Fu(b)s(eing)0 1287 y(seman)m(tically)26 -b(equiv)-5 b(alen)m(t.)41 b(The)29 b(similar)24 b(notion)i(can)i(b)s(e) -g(de\014ned)h(based)f(on)g(the)g(structural)0 1407 y(op)s(erational)i -(seman)m(tics:)44 b Fs(S)1060 1422 y Fn(1)1132 1407 y -Fu(and)32 b Fs(S)1388 1422 y Fn(2)1460 1407 y Fu(are)h -Fs(semantic)-5 b(al)5 b(ly)34 b(e)-5 b(quivalent)41 b -Fu(if)31 b(for)h(all)f(states)i Fs(s)145 1567 y Ft(\017)49 -b(h)p Fs(S)350 1582 y Fn(1)389 1567 y Fu(,)32 b Fs(s)8 -b Ft(i)31 b(\))666 1530 y Fi(\003)737 1567 y Fo(\015)37 -b Fu(if)30 b(and)i(only)f(if)f Ft(h)p Fs(S)1509 1582 -y Fn(2)1548 1567 y Fu(,)i Fs(s)8 b Ft(i)32 b(\))1825 -1530 y Fi(\003)1896 1567 y Fo(\015)5 b Fu(,)32 b(whenev)m(er)j -Fo(\015)h Fu(is)31 b(a)h(con\014guration)f(that)244 1687 -y(is)h(either)g(stuc)m(k)j(or)d(terminal,)e(and)145 1876 -y Ft(\017)49 b Fu(there)30 b(is)e(an)h(in\014nite)f(deriv)-5 -b(ation)28 b(sequence)k(starting)c(in)g Ft(h)p Fs(S)2475 -1891 y Fn(1)2514 1876 y Fu(,)i Fs(s)8 b Ft(i)29 b Fu(if)f(and)h(only)g -(if)f(there)244 1996 y(is)k(one)h(starting)e(in)h Ft(h)p -Fs(S)1104 2011 y Fn(2)1143 1996 y Fu(,)h Fs(s)8 b Ft(i)p -Fu(.)0 2155 y(Note)47 b(that)f(in)g(the)g(\014rst)h(case)h(the)f -(length)e(of)h(the)h(t)m(w)m(o)g(deriv)-5 b(ation)45 -b(sequences)50 b(ma)m(y)c(b)s(e)0 2276 y(di\013eren)m(t.)0 -2445 y Fw(Exercise)36 b(2.23)49 b Fu(Sho)m(w)f(that)f(the)h(follo)m -(wing)d(statemen)m(ts)j(of)e Fw(While)g Fu(are)h(seman)m(tically)0 -2566 y(equiv)-5 b(alen)m(t)32 b(in)g(the)h(ab)s(o)m(v)m(e)h(sense:)145 -2725 y Ft(\017)49 b Fs(S)12 b Fu(;)p Fr(skip)33 b Fu(and)g -Fs(S)145 2914 y Ft(\017)49 b Fr(while)34 b Fs(b)k Fr(do)33 -b Fs(S)45 b Fu(and)32 b Fr(if)h Fs(b)39 b Fr(then)33 -b Fu(\()p Fs(S)12 b Fu(;)33 b Fr(while)h Fs(b)k Fr(do)33 -b Fs(S)12 b Fu(\))32 b Fr(else)i(skip)145 3103 y Ft(\017)49 -b Fs(S)311 3118 y Fn(1)350 3103 y Fu(;\()p Fs(S)482 3118 -y Fn(2)521 3103 y Fu(;)p Fs(S)615 3118 y Fn(3)655 3103 -y Fu(\))32 b(and)h(\()p Fs(S)1020 3118 y Fn(1)1059 3103 -y Fu(;)p Fs(S)1153 3118 y Fn(2)1193 3103 y Fu(\);)p Fs(S)1325 -3118 y Fn(3)0 3262 y Fu(Y)-8 b(ou)42 b(ma)m(y)g(use)i(the)e(result)g -(of)g(Exercise)i(2.22.)72 b(Discuss)43 b(to)f(what)g(exten)m(t)i(the)f -(notion)e(of)0 3382 y(seman)m(tic)24 b(equiv)-5 b(alence)25 -b(in)m(tro)s(duced)g(ab)s(o)m(v)m(e)g(is)f(the)i(same)e(as)h(that)f -(de\014ned)i(from)e(the)h(natural)0 3503 y(seman)m(tics.)2961 -b Fh(2)0 3672 y Fw(Exercise)36 b(2.24)49 b Fu(Pro)m(v)m(e)37 -b(that)f Fr(repeat)h Fs(S)47 b Fr(until)37 b Fs(b)k Fu(\(as)36 -b(de\014ned)h(in)d(Exercise)j(2.17\))e(is)g(se-)0 3793 -y(man)m(tically)30 b(equiv)-5 b(alen)m(t)32 b(to)g Fs(S)12 -b Fu(;)33 b Fr(while)h Ft(:)f Fs(b)38 b Fr(do)33 b Fs(S)12 -b Fu(.)1512 b Fh(2)0 4074 y Fp(The)44 b(seman)l(tic)j(function)d -FC(S)1440 4092 y Fk(sos)0 4259 y Fu(As)f(in)f(the)h(previous)g(section) -f(the)h Fs(me)-5 b(aning)50 b Fu(of)42 b(statemen)m(ts)h(can)g(b)s(e)g -(summarized)e(b)m(y)j(a)0 4379 y(\(partial\))30 b(function)i(from)g -Fw(State)g Fu(to)g Fw(State)p Fu(:)244 4538 y Ft(S)312 -4553 y Fn(sos)407 4538 y Fu(:)43 b Fw(Stm)32 b Ft(!)g -Fu(\()p Fw(State)h Fo(,)-17 b Ft(!)32 b Fw(State)p Fu(\))0 -4698 y(It)h(is)f(giv)m(en)g(b)m(y)244 4939 y Ft(S)312 -4954 y Fn(sos)407 4939 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 -b(])q Fs(s)40 b Fu(=)738 4764 y Fg(8)738 4839 y(<)738 -4988 y(:)853 4854 y Fs(s)901 4818 y Fi(0)1179 4854 y -Fu(if)31 b Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 -b(\))1652 4818 y Fi(\003)1724 4854 y Fs(s)1772 4818 y -Fi(0)853 5022 y Fu(undef)p 853 5035 243 4 v 91 w(otherwise)0 -5180 y(The)h(w)m(ell-de\014nedness)g(of)e(the)h(de\014nition)e(follo)m -(ws)h(from)f(Exercise)j(2.22.)0 5349 y Fw(Exercise)i(2.25)49 -b Fu(Determine)i(whether)i(or)f(not)g(seman)m(tic)f(equiv)-5 -b(alence)53 b(of)e Fs(S)3066 5364 y Fn(1)3157 5349 y -Fu(and)h Fs(S)3433 5364 y Fn(2)0 5470 y Fu(amoun)m(ts)32 -b(to)h Ft(S)580 5485 y Fn(sos)676 5470 y Fu([)-17 b([)p -Fs(S)780 5485 y Fn(1)819 5470 y Fu(])g(])34 b(=)e Ft(S)1066 -5485 y Fn(sos)1161 5470 y Fu([)-17 b([)p Fs(S)1265 5485 -y Fn(2)1305 5470 y Fu(])g(].)2029 b Fh(2)p eop -%%Page: 40 50 -40 49 bop 251 130 a Fw(40)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fj(2.3)161 -b(An)53 b(equiv)-9 b(alence)55 b(result)283 734 y Fu(W)-8 -b(e)29 b(ha)m(v)m(e)g(giv)m(en)e(t)m(w)m(o)i(de\014nitions)e(of)g(the)h -(seman)m(tics)g(of)f Fw(While)f Fu(and)i(w)m(e)h(shall)d(no)m(w)i -(address)283 855 y(the)33 b(question)g(of)g(their)f(equiv)-5 -b(alence.)p 283 975 3473 5 v 283 1142 a Fw(Theorem)38 -b(2.26)49 b Fu(F)-8 b(or)31 b(ev)m(ery)k(statemen)m(t)e -Fs(S)44 b Fu(of)32 b Fw(While)f Fu(w)m(e)j(ha)m(v)m(e)g -Ft(S)2863 1157 y Fn(ns)2934 1142 y Fu([)-17 b([)p Fs(S)12 -b Fu(])-17 b(])33 b(=)g Ft(S)3284 1157 y Fn(sos)3380 -1142 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(.)p 283 -1263 V 283 1459 a(This)33 b(result)g(expresses)i(t)m(w)m(o)f(prop)s -(erties:)429 1655 y Ft(\017)48 b Fu(If)27 b(the)g(execution)g(of)f -Fs(S)38 b Fu(from)26 b(some)g(state)h(terminates)f(in)g(one)g(of)h(the) -f(seman)m(tics)h(then)527 1776 y(it)32 b(also)g(terminates)f(in)h(the)h -(other)g(and)g(the)g(resulting)e(states)j(will)c(b)s(e)j(equal.)429 -1977 y Ft(\017)48 b Fu(If)36 b(the)g(execution)h(of)e -Fs(S)48 b Fu(from)34 b(some)i(state)g(lo)s(ops)f(in)g(one)h(of)f(the)h -(seman)m(tics)g(then)h(it)527 2097 y(will)31 b(also)g(lo)s(op)g(in)h -(the)h(other.)283 2294 y(It)26 b(should)g(b)s(e)g(fairly)e(ob)m(vious)i -(that)g(the)g(\014rst)g(prop)s(ert)m(y)h(follo)m(ws)d(from)h(the)h -(theorem)f(b)s(ecause)283 2414 y(there)i(are)f(no)f(stuc)m(k)i -(con\014gurations)f(in)f(the)h(structural)f(op)s(erational)e(seman)m -(tics)j(of)f Fw(While)p Fu(.)283 2534 y(F)-8 b(or)40 -b(the)h(other)f(prop)s(ert)m(y)h(supp)s(ose)h(that)e(the)h(execution)g -(of)e Fs(S)53 b Fu(on)40 b(state)g Fs(s)49 b Fu(lo)s(ops)39 -b(in)h(one)283 2655 y(of)c(the)g(seman)m(tics.)52 b(If)36 -b(it)e(terminates)h(in)g(the)h(other)f(seman)m(tics)h(w)m(e)h(ha)m(v)m -(e)g(a)e(con)m(tradiction)283 2775 y(with)27 b(the)g(\014rst)g(prop)s -(ert)m(y)h(b)s(ecause)g(b)s(oth)f(seman)m(tics)g(are)f(deterministic)f -(\(Theorem)i(2.9)g(and)283 2895 y(Exercise)34 b(2.22\).)43 -b(Hence)34 b Fs(S)44 b Fu(will)31 b(ha)m(v)m(e)j(to)e(lo)s(op)f(on)h -(state)h Fs(s)41 b Fu(also)32 b(in)f(the)i(other)g(seman)m(tics.)430 -3016 y(The)g(theorem)f(is)f(pro)m(v)m(ed)j(in)d(t)m(w)m(o)h(stages)h -(as)f(expressed)j(b)m(y)e(Lemma)e(2.27)g(and)h(Lemma)283 -3136 y(2.28)g(b)s(elo)m(w.)44 b(W)-8 b(e)33 b(shall)e(\014rst)i(pro)m -(v)m(e:)p 283 3257 V 283 3424 a Fw(Lemma)38 b(2.27)49 -b Fu(F)-8 b(or)31 b(ev)m(ery)k(statemen)m(t)e Fs(S)44 -b Fu(of)32 b Fw(While)f Fu(and)i(states)g Fs(s)41 b Fu(and)33 -b Fs(s)3134 3388 y Fi(0)3190 3424 y Fu(w)m(e)g(ha)m(v)m(e)527 -3620 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g -Fs(s)992 3584 y Fi(0)1048 3620 y Fu(implies)e Ft(h)p -Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))1763 3584 y -Fi(\003)1835 3620 y Fs(s)1883 3584 y Fi(0)1907 3620 y -Fu(.)283 3817 y(So)40 b(if)e(the)i(execution)g(of)f Fs(S)51 -b Fu(from)38 b Fs(s)47 b Fu(terminates)39 b(in)f(the)i(natural)e(seman) -m(tics)i(then)g(it)e(will)283 3937 y(terminate)32 b(in)g(the)h(same)f -(state)h(in)f(the)h(structural)f(op)s(erational)e(seman)m(tics.)p -283 4057 V 283 4254 a Fw(Pro)s(of:)45 b Fu(The)40 b(pro)s(of)e(pro)s -(ceeds)i(b)m(y)g(induction)e(on)g(the)i(shap)s(e)f(of)f(the)i(deriv)-5 -b(ation)37 b(tree)i(for)283 4374 y Ft(h)p Fs(S)12 b Fu(,)33 -b Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 4338 y Fi(0)772 4374 -y Fu(.)283 4542 y Fw(The)h(case)g Fu([ass)891 4557 y -Fn(ns)964 4542 y Fu(]:)43 b(W)-8 b(e)33 b(assume)g(that)527 -4738 y Ft(h)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33 b -Fs(s)8 b Ft(i)32 b(!)g Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o -Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])283 -4934 y(F)-8 b(rom)32 b([ass)692 4949 y Fn(sos)787 4934 -y Fu(])h(w)m(e)h(get)e(the)h(required)527 5131 y Ft(h)p -Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33 b Fs(s)8 b Ft(i)32 -b(\))g Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 b([)q -Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])283 5327 y Fw(The)33 -b(case)g Fu([skip)937 5342 y Fn(ns)1009 5327 y Fu(]:)44 -b(Analogous.)283 5494 y Fw(The)33 b(case)g Fu([comp)994 -5509 y Fn(ns)1065 5494 y Fu(]:)44 b(Assume)33 b(that)p -eop -%%Page: 41 51 -41 50 bop 0 130 a Fw(2.3)112 b(An)38 b(equiv)-6 b(alence)37 -b(result)2047 b(41)p 0 193 3473 4 v 244 515 a Ft(h)p -Fs(S)350 530 y Fn(1)389 515 y Fu(;)p Fs(S)483 530 y Fn(2)522 -515 y Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)881 479 y -Fi(00)0 711 y Fu(b)s(ecause)244 907 y Ft(h)p Fs(S)350 -922 y Fn(1)389 907 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 -871 y Fi(0)804 907 y Fu(and)h Ft(h)o Fs(S)1099 922 y -Fn(2)1139 907 y Fu(,)f Fs(s)1246 871 y Fi(0)1270 907 -y Ft(i)g(!)g Fs(s)1521 871 y Fi(00)0 1103 y Fu(The)f(induction)e(h)m -(yp)s(othesis)i(can)f(b)s(e)h(applied)d(to)i(b)s(oth)g(of)f(the)i -(premises)f Ft(h)p Fs(S)2871 1118 y Fn(1)2910 1103 y -Fu(,)h Fs(s)8 b Ft(i)29 b(!)h Fs(s)3262 1067 y Fi(0)3315 -1103 y Fu(and)0 1224 y Ft(h)p Fs(S)106 1239 y Fn(2)145 -1224 y Fu(,)j Fs(s)253 1187 y Fi(0)276 1224 y Ft(i)f(!)g -Fs(s)527 1187 y Fi(00)602 1224 y Fu(and)h(giv)m(es)244 -1420 y Ft(h)p Fs(S)350 1435 y Fn(1)389 1420 y Fu(,)g -Fs(s)8 b Ft(i)32 b(\))667 1383 y Fi(\003)739 1420 y Fs(s)787 -1383 y Fi(0)843 1420 y Fu(and)h Ft(h)p Fs(S)1139 1435 -y Fn(2)1178 1420 y Fu(,)g Fs(s)1286 1383 y Fi(0)1309 -1420 y Ft(i)f(\))1480 1383 y Fi(\003)1552 1420 y Fs(s)1600 -1383 y Fi(00)0 1616 y Fu(F)-8 b(rom)31 b(Exercise)j(2.21)e(w)m(e)i(get) -244 1811 y Ft(h)p Fs(S)350 1826 y Fn(1)389 1811 y Fu(;)p -Fs(S)483 1826 y Fn(2)522 1811 y Fu(,)f Fs(s)8 b Ft(i)32 -b(\))801 1775 y Fi(\003)873 1811 y Ft(h)p Fs(S)979 1826 -y Fn(2)1018 1811 y Fu(,)g Fs(s)1125 1775 y Fi(0)1149 -1811 y Ft(i)0 2007 y Fu(and)h(thereb)m(y)h Ft(h)p Fs(S)648 -2022 y Fn(1)687 2007 y Fu(;)p Fs(S)781 2022 y Fn(2)820 -2007 y Fu(,)f Fs(s)8 b Ft(i)32 b(\))1099 1971 y Fi(\003)1171 -2007 y Fs(s)1219 1971 y Fi(00)1261 2007 y Fu(.)0 2175 -y Fw(The)h(case)g Fu([if)553 2139 y Fn(tt)541 2200 y(ns)611 -2175 y Fu(]:)44 b(Assume)33 b(that)244 2371 y Ft(h)p -Fr(if)g Fs(b)38 b Fr(then)c Fs(S)806 2386 y Fn(1)877 -2371 y Fr(else)g Fs(S)1182 2386 y Fn(2)1221 2371 y Fu(,)f -Fs(s)8 b Ft(i)32 b(!)g Fs(s)1580 2335 y Fi(0)0 2567 y -Fu(b)s(ecause)244 2763 y Ft(B)s Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)h -Ft(h)p Fs(S)1043 2778 y Fn(1)1082 2763 y Fu(,)f Fs(s)8 -b Ft(i)33 b(!)f Fs(s)1441 2727 y Fi(0)0 2959 y Fu(Since)h -Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 -b Fu(=)32 b Fw(tt)g Fu(w)m(e)i(get)244 3155 y Ft(h)p -Fr(if)f Fs(b)38 b Fr(then)c Fs(S)806 3170 y Fn(1)877 -3155 y Fr(else)g Fs(S)1182 3170 y Fn(2)1221 3155 y Fu(,)f -Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)1638 3170 y Fn(1)1677 -3155 y Fu(,)h Fs(s)8 b Ft(i)32 b(\))1956 3119 y Fi(\003)2028 -3155 y Fs(s)2076 3119 y Fi(0)0 3351 y Fu(where)39 b(the)f(\014rst)g -(relationship)e(comes)i(from)e([if)1828 3315 y Fn(tt)1816 -3375 y(sos)1910 3351 y Fu(])i(and)g(the)g(second)h(from)d(the)i -(induction)0 3471 y(h)m(yp)s(othesis)c(applied)d(to)h(the)h(premise)g -Ft(h)o Fs(S)1573 3486 y Fn(1)1613 3471 y Fu(,)f Fs(s)8 -b Ft(i)33 b(!)f Fs(s)1972 3435 y Fi(0)1995 3471 y Fu(.)0 -3639 y Fw(The)h(case)g Fu([if)553 3603 y Fn(\013)541 -3663 y(ns)611 3639 y Fu(]:)44 b(Analogous.)0 3806 y Fw(The)33 -b(case)g Fu([while)718 3770 y Fn(tt)706 3831 y(ns)777 -3806 y Fu(]:)43 b(Assume)34 b(that)244 4002 y Ft(h)p -Fr(while)f Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 -b Ft(i)33 b(!)f Fs(s)1216 3966 y Fi(00)0 4198 y Fu(b)s(ecause)244 -4394 y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p -Fs(s)41 b Fu(=)32 b Fw(tt)p Fu(,)g Ft(h)p Fs(S)12 b Fu(,)32 -b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1239 4358 y Fi(0)1295 4394 -y Fu(and)g Ft(h)p Fr(while)i Fs(b)39 b Fr(do)33 b Fs(S)12 -b Fu(,)32 b Fs(s)2205 4358 y Fi(0)2228 4394 y Ft(i)h(!)f -Fs(s)2480 4358 y Fi(00)0 4590 y Fu(The)i(induction)d(h)m(yp)s(othesis)j -(can)f(b)s(e)g(applied)e(to)i(b)s(oth)f(of)g(the)h(premises)g -Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)3259 -4554 y Fi(0)3315 4590 y Fu(and)0 4711 y Ft(h)p Fr(while)i -Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)721 4675 y -Fi(0)744 4711 y Ft(i)f(!)g Fs(s)995 4675 y Fi(00)1070 -4711 y Fu(and)h(giv)m(es)244 4907 y Ft(h)p Fs(S)12 b -Fu(,)32 b Fs(s)8 b Ft(i)32 b(\))628 4870 y Fi(\003)700 -4907 y Fs(s)748 4870 y Fi(0)804 4907 y Fu(and)h Ft(h)o -Fr(while)h Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)1714 -4870 y Fi(0)1737 4907 y Ft(i)h(\))1908 4870 y Fi(\003)1980 -4907 y Fs(s)2028 4870 y Fi(00)0 5103 y Fu(Using)f(Exercise)i(2.21)e(w)m -(e)i(get)244 5299 y Ft(h)p Fs(S)12 b Fu(;)32 b Fr(while)i -Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 -b(\))1262 5262 y Fi(\003)1334 5299 y Fs(s)1382 5262 y -Fi(00)0 5494 y Fu(Using)g([while)524 5509 y Fn(sos)619 -5494 y Fu(])g(and)h([if)965 5458 y Fn(tt)953 5519 y(sos)1047 -5494 y Fu(])g(\(with)f Ft(B)s Fu([)-17 b([)q Fs(b)6 b -Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(tt)p Fu(\))g(w)m(e)i(get)e(the)h -(\014rst)g(t)m(w)m(o)g(steps)h(of)p eop -%%Page: 42 52 -42 51 bop 251 130 a Fw(42)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(h)p Fr(while)d -Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)855 -683 y(\))32 b(h)p Fr(if)h Fs(b)38 b Fr(then)c Fu(\()p -Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)39 b Fr(do)33 b Fs(S)12 -b Fu(\))32 b Fr(else)h(skip)p Fu(,)h Fs(s)8 b Ft(i)855 -851 y(\))32 b(h)p Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)39 -b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)855 1018 -y(\))955 982 y Fi(\003)1027 1018 y Fs(s)1075 982 y Fi(00)283 -1225 y Fu(and)33 b(w)m(e)h(ha)m(v)m(e)g(already)e(argued)h(for)f(the)h -(last)e(part.)283 1392 y Fw(The)i(case)g Fu([while)1001 -1356 y Fn(\013)989 1417 y(ns)1060 1392 y Fu(]:)44 b(Straigh)m(tforw)m -(ard.)1826 b Fh(2)430 1596 y Fu(This)45 b(completes)g(the)g(pro)s(of)f -(of)h(Lemma)f(2.27.)80 b(The)46 b(second)g(part)f(of)g(the)g(theorem) -283 1717 y(follo)m(ws)32 b(from:)p 283 1838 3473 5 v -283 2015 a Fw(Lemma)38 b(2.28)49 b Fu(F)-8 b(or)21 b(ev)m(ery)j -(statemen)m(t)e Fs(S)34 b Fu(of)21 b Fw(While)p Fu(,)i(states)g -Fs(s)30 b Fu(and)22 b Fs(s)2878 1979 y Fi(0)2923 2015 -y Fu(and)h(natural)d(n)m(um)m(b)s(er)283 2136 y(k)33 -b(w)m(e)h(ha)m(v)m(e)g(that)527 2342 y Ft(h)p Fs(S)12 -b Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))912 2306 y Fn(k)985 -2342 y Fs(s)1033 2306 y Fi(0)1089 2342 y Fu(implies)e -Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1885 -2306 y Fi(0)1908 2342 y Fu(.)283 2549 y(So)g(if)e(the)i(execution)g(of) -f Fs(S)43 b Fu(from)30 b Fs(s)39 b Fu(terminates)31 b(in)g(the)h -(structural)f(op)s(erational)e(seman)m(tics)283 2669 -y(then)34 b(it)d(will)f(terminate)i(in)g(the)h(same)f(state)h(in)f(the) -h(natural)e(seman)m(tics.)p 283 2789 V 283 2996 a Fw(Pro)s(of:)38 -b Fu(The)33 b(pro)s(of)f(pro)s(ceeds)h(b)m(y)h(induction)d(on)i(the)f -(length)g(of)g(the)h(deriv)-5 b(ation)31 b(sequence)283 -3116 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))668 -3080 y Fn(k)742 3116 y Fs(s)790 3080 y Fi(0)813 3116 -y Fu(,)h(that)f(is)g(b)m(y)h(induction)f(on)h(k.)430 -3237 y(If)f(k=0)h(then)g(the)g(result)g(holds)f(v)-5 -b(acuously)d(.)430 3358 y(T)g(o)37 b(pro)m(v)m(e)h(the)g(induction)e -(step)i(w)m(e)g(assume)f(that)g(the)h(lemma)d(holds)h(for)h(k)c -Ft(\024)g Fu(k)3522 3373 y Fn(0)3599 3358 y Fu(and)283 -3478 y(w)m(e)j(shall)d(then)i(pro)m(v)m(e)g(that)g(it)e(holds)h(for)g -(k)1919 3493 y Fn(0)1959 3478 y Fu(+1.)48 b(W)-8 b(e)35 -b(pro)s(ceed)g(b)m(y)g(cases)h(on)f(ho)m(w)g(the)f(\014rst)283 -3599 y(step)40 b(of)f Ft(h)o Fs(S)12 b Fu(,)39 b Fs(s)8 -b Ft(i)39 b(\))1010 3563 y Fn(k)1047 3572 y Fd(0)1082 -3563 y Fn(+1)1215 3599 y Fs(s)1263 3563 y Fi(0)1325 3599 -y Fu(is)g(obtained,)h(that)e(is)h(b)m(y)g(insp)s(ecting)g(the)g(deriv) --5 b(ation)37 b(tree)i(for)283 3719 y(the)33 b(\014rst)h(step)f(of)f -(computation)f(in)h(the)h(structural)f(op)s(erational)e(seman)m(tics.) -283 3887 y Fw(The)j(case)g Fu([ass)891 3902 y Fn(sos)987 -3887 y Fu(]:)44 b(Straigh)m(tforw)m(ard)32 b(\(and)g(k)2065 -3902 y Fn(0)2138 3887 y Fu(=)g(0\).)283 4054 y Fw(The)h(case)g -Fu([skip)937 4069 y Fn(sos)1033 4054 y Fu(]:)44 b(Straigh)m(tforw)m -(ard)31 b(\(and)i(k)2111 4069 y Fn(0)2183 4054 y Fu(=)g(0\).)283 -4222 y Fw(The)g(cases)h Fu([comp)1051 4186 y Fn(1)1039 -4247 y(sos)1134 4222 y Fu(])e(and)h([comp)1650 4186 y -Fn(2)1638 4247 y(sos)1733 4222 y Fu(]:)43 b(In)33 b(b)s(oth)f(cases)i -(w)m(e)g(assume)f(that)527 4428 y Ft(h)p Fs(S)633 4443 -y Fn(1)672 4428 y Fu(;)p Fs(S)766 4443 y Fn(2)806 4428 -y Fu(,)f Fs(s)8 b Ft(i)33 b(\))1084 4392 y Fn(k)1121 -4401 y Fd(0)1156 4392 y Fn(+1)1283 4428 y Fs(s)1331 4392 -y Fi(00)283 4635 y Fu(W)-8 b(e)40 b(can)f(no)m(w)h(apply)e(Lemma)g -(2.19)g(and)h(get)g(that)g(there)g(exists)h(a)e(state)i -Fs(s)3189 4599 y Fi(0)3251 4635 y Fu(and)f(natural)283 -4755 y(n)m(um)m(b)s(ers)34 b(k)728 4770 y Fn(1)800 4755 -y Fu(and)f(k)1041 4770 y Fn(2)1113 4755 y Fu(suc)m(h)h(that)527 -4961 y Ft(h)p Fs(S)633 4976 y Fn(1)672 4961 y Fu(,)f -Fs(s)8 b Ft(i)32 b(\))951 4925 y Fn(k)988 4934 y Fd(1)1059 -4961 y Fs(s)1107 4925 y Fi(0)1163 4961 y Fu(and)h Ft(h)p -Fs(S)1459 4976 y Fn(2)1498 4961 y Fu(,)g Fs(s)1606 4925 -y Fi(0)1629 4961 y Ft(i)f(\))1800 4925 y Fn(k)1837 4934 -y Fd(2)1908 4961 y Fs(s)1956 4925 y Fi(00)283 5168 y -Fu(where)c(k)610 5183 y Fn(1)650 5168 y Fu(+k)777 5183 -y Fn(2)817 5168 y Fu(=k)944 5183 y Fn(0)984 5168 y Fu(+1.)41 -b(The)28 b(induction)d(h)m(yp)s(othesis)j(can)f(no)m(w)g(b)s(e)g -(applied)f(to)g(eac)m(h)h(of)g(these)283 5288 y(deriv)-5 -b(ation)31 b(sequences)36 b(b)s(ecause)e(k)1596 5303 -y Fn(1)1669 5288 y Ft(\024)f Fu(k)1830 5303 y Fn(0)1902 -5288 y Fu(and)g(k)2143 5303 y Fn(2)2215 5288 y Ft(\024)g -Fu(k)2376 5303 y Fn(0)2416 5288 y Fu(.)43 b(So)33 b(w)m(e)h(get)527 -5494 y Ft(h)p Fs(S)633 5509 y Fn(1)672 5494 y Fu(,)f -Fs(s)8 b Ft(i)32 b(!)g Fs(s)1031 5458 y Fi(0)1087 5494 -y Fu(and)h Ft(h)p Fs(S)1383 5509 y Fn(2)1422 5494 y Fu(,)g -Fs(s)1530 5458 y Fi(0)1553 5494 y Ft(i)f(!)g Fs(s)1804 -5458 y Fi(00)p eop -%%Page: 43 53 -43 52 bop 0 130 a Fw(2.3)112 b(An)38 b(equiv)-6 b(alence)37 -b(result)2047 b(43)p 0 193 3473 4 v 0 515 a Fu(Using)32 -b([comp)529 530 y Fn(ns)600 515 y Fu(])h(w)m(e)g(no)m(w)h(get)e(the)h -(required)g Ft(h)p Fs(S)1825 530 y Fn(1)1864 515 y Fu(;)p -Fs(S)1958 530 y Fn(2)1998 515 y Fu(,)f Fs(s)8 b Ft(i)33 -b(!)f Fs(s)2357 479 y Fi(00)2399 515 y Fu(.)0 683 y Fw(The)h(case)g -Fu([if)553 647 y Fn(tt)541 708 y(sos)635 683 y Fu(]:)44 -b(Assume)33 b(that)f Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(])p Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)g(that)244 902 -y Ft(h)p Fr(if)h Fs(b)38 b Fr(then)c Fs(S)806 917 y Fn(1)877 -902 y Fr(else)g Fs(S)1182 917 y Fn(2)1221 902 y Fu(,)f -Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)1638 917 y Fn(1)1677 -902 y Fu(,)h Fs(s)8 b Ft(i)32 b(\))1956 865 y Fn(k)1993 -874 y Fd(0)2065 902 y Fs(s)2113 865 y Fi(0)0 1120 y Fu(The)d(induction) -d(h)m(yp)s(othesis)j(can)f(b)s(e)g(applied)f(to)g(the)h(deriv)-5 -b(ation)27 b(sequence)j Ft(h)p Fs(S)2975 1135 y Fn(1)3014 -1120 y Fu(,)j Fs(s)8 b Ft(i)32 b(\))3293 1084 y Fn(k)3330 -1093 y Fd(0)3401 1120 y Fs(s)3449 1084 y Fi(0)0 1240 -y Fu(and)h(giv)m(es)244 1459 y Ft(h)p Fs(S)350 1474 y -Fn(1)389 1459 y Fu(,)g Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 -1423 y Fi(0)0 1678 y Fu(The)i(result)e(no)m(w)h(follo)m(ws)f(using)g -([if)1348 1641 y Fn(tt)1336 1702 y(ns)1406 1678 y Fu(].)0 -1845 y Fw(The)h(case)g Fu([if)553 1809 y Fn(\013)541 -1870 y(sos)635 1845 y Fu(]:)44 b(Analogous.)0 2013 y -Fw(The)33 b(case)g Fu([while)706 2028 y Fn(sos)800 2013 -y Fu(]:)44 b(W)-8 b(e)33 b(ha)m(v)m(e)244 2231 y Ft(h)p -Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 -b Ft(i)571 2399 y(\))33 b(h)o Fr(if)g Fs(b)39 b Fr(then)33 -b Fu(\()p Fs(S)12 b Fu(;)33 b Fr(while)h Fs(b)k Fr(do)33 -b Fs(S)12 b Fu(\))32 b Fr(else)i(skip)p Fu(,)g Fs(s)8 -b Ft(i)571 2567 y(\))671 2530 y Fn(k)708 2539 y Fd(0)780 -2567 y Fs(s)828 2530 y Fi(00)0 2785 y Fu(The)46 b(induction)e(h)m(yp)s -(othesis)i(can)f(b)s(e)g(applied)f(to)g(the)h(k)2204 -2800 y Fn(0)2289 2785 y Fu(last)f(steps)i(of)f(the)g(deriv)-5 -b(ation)0 2905 y(sequence)35 b(and)e(giv)m(es)244 3124 -y Ft(h)p Fr(if)g Fs(b)38 b Fr(then)c Fu(\()p Fs(S)12 -b Fu(;)32 b Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\))33 -b Fr(else)g(skip)p Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)2349 -3088 y Fi(00)0 3343 y Fu(and)h(from)e(Lemma)g(2.5)h(w)m(e)i(get)f(the)g -(required)269 3510 y Ft(h)o Fr(while)h Fs(b)39 b Fr(do)33 -b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1241 -3474 y Fi(00)3398 3510 y Fh(2)0 3789 y Fw(Pro)s(of)43 -b(of)g(Theorem)g(2.26:)98 b Fu(F)-8 b(or)36 b(an)i(arbitrary)e -(statemen)m(t)i Fs(S)49 b Fu(and)38 b(state)g Fs(s)45 -b Fu(it)37 b(follo)m(ws)0 3909 y(from)27 b(Lemmas)g(2.27)g(and)h(2.28)g -(that)g(if)f Ft(S)1555 3924 y Fn(ns)1627 3909 y Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q Fs(s)36 b Fu(=)27 b Fs(s)1996 -3873 y Fi(0)2048 3909 y Fu(then)h Ft(S)2333 3924 y Fn(sos)2428 -3909 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])p Fs(s)36 -b Fu(=)28 b Fs(s)2798 3873 y Fi(0)2850 3909 y Fu(and)g(vice)g(v)m -(ersa.)0 4029 y(This)35 b(su\016ces)i(for)d(sho)m(wing)h(that)f(the)h -(functions)g Ft(S)1958 4044 y Fn(ns)2029 4029 y Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(])35 b(and)g Ft(S)2465 4044 -y Fn(sos)2560 4029 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])35 b(m)m(ust)g(b)s(e)g(equal:)48 b(if)0 4150 y(one)31 -b(is)f(de\014ned)i(on)e(a)h(state)f Fs(s)39 b Fu(then)31 -b(so)g(is)f(the)h(other,)g(and)g(therefore,)g(if)f(one)h(is)f(not)g -(de\014ned)0 4270 y(on)i(a)h(state)g Fs(s)40 b Fu(then)34 -b(neither)e(is)g(the)h(other.)1794 b Fh(2)0 4523 y Fw(Exercise)36 -b(2.29)49 b Fu(Consider)28 b(the)g(extension)h(of)e(the)h(language)e -Fw(While)g Fu(with)h(the)h(statemen)m(t)0 4643 y Fr(repeat)47 -b Fs(S)58 b Fr(until)47 b Fs(b)6 b Fu(.)83 b(The)46 b(natural)f(seman)m -(tics)h(of)f(the)h(construct)h(w)m(as)g(considered)f(in)0 -4763 y(Exercise)30 b(2.7)d(and)i(the)f(structural)h(op)s(erational)c -(seman)m(tics)k(in)e(Exercise)j(2.17.)41 b(Mo)s(dify)28 -b(the)0 4884 y(pro)s(of)k(of)g(Theorem)h(2.26)f(so)g(that)h(the)g -(theorem)f(applies)g(to)g(the)h(extended)i(language.)106 -b Fh(2)0 5133 y Fw(Exercise)36 b(2.30)49 b Fu(Consider)28 -b(the)g(extension)h(of)e(the)h(language)e Fw(While)g -Fu(with)h(the)h(statemen)m(t)0 5254 y Fr(for)j Fs(x)43 -b Fu(:=)30 b Fs(a)462 5269 y Fn(1)532 5254 y Fr(to)h -Fs(a)722 5269 y Fn(2)792 5254 y Fr(do)g Fs(S)12 b Fu(.)31 -b(The)g(natural)f(seman)m(tics)h(of)f(the)h(construct)g(w)m(as)h -(considered)f(in)0 5374 y(Exercise)f(2.8)d(and)i(the)f(structural)h(op) -s(erational)c(seman)m(tics)k(in)e(Exercise)j(2.18.)41 -b(Mo)s(dify)28 b(the)0 5494 y(pro)s(of)k(of)g(Theorem)h(2.26)f(so)g -(that)h(the)g(theorem)f(applies)g(to)g(the)h(extended)i(language.)106 -b Fh(2)p eop -%%Page: 44 54 -44 53 bop 251 130 a Fw(44)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 430 515 a Fu(The)h(pro)s(of)e(tec)m -(hnique)j(emplo)m(y)m(ed)e(in)g(the)g(pro)s(of)f(of)h(Theorem)h(2.26)e -(ma)m(y)h(b)s(e)g(summa-)283 636 y(rized)c(as)g(follo)m(ws:)p -283 765 3470 4 v 283 782 V 281 990 4 208 v 298 990 V -1371 911 a Fw(Pro)s(of)f(Summary)h(for)f(While)p Fu(:)p -3735 990 V 3752 990 V 281 1197 V 298 1197 V 997 1118 -a Fw(Equiv)-6 b(alence)32 b(of)g(t)m(w)m(o)g(Op)s(erational)g(Seman)m -(tics)p 3735 1197 V 3752 1197 V 283 1201 3470 4 v 281 -1690 4 490 v 298 1690 V 350 1366 a Fu(1:)143 b(Pro)m(v)m(e)24 -b(b)m(y)h Fs(induction)h(on)f(the)i(shap)-5 b(e)25 b(of)h(derivation)g -(tr)-5 b(e)g(es)31 b Fu(that)23 b(for)g(eac)m(h)h(deriv)-5 -b(ation)569 1487 y(tree)46 b(in)e(the)i(natural)e(seman)m(tics)h(there) -h(is)f(a)g(corresp)s(onding)g(\014nite)g(deriv)-5 b(ation)569 -1607 y(sequence)35 b(in)d(the)h(structural)f(op)s(erational)e(seman)m -(tics.)p 3735 1690 V 3752 1690 V 281 2099 4 409 v 298 -2099 V 350 1775 a(2:)143 b(Pro)m(v)m(e)45 b(b)m(y)g Fs(induction)g(on)g -(the)h(length)f(of)g(derivation)f(se)-5 b(quenc)g(es)52 -b Fu(that)43 b(for)h(eac)m(h)569 1895 y(\014nite)33 b(deriv)-5 -b(ation)31 b(sequence)36 b(in)c(the)i(structural)f(op)s(erational)d -(seman)m(tics)j(there)h(is)569 2015 y(a)e(corresp)s(onding)h(deriv)-5 -b(ation)30 b(tree)k(in)d(the)i(natural)f(seman)m(tics.)p -3735 2099 V 3752 2099 V 283 2102 3470 4 v 283 2119 V -283 2314 a(When)41 b(pro)m(ving)e(the)h(equiv)-5 b(alence)40 -b(of)f(t)m(w)m(o)h(op)s(erational)d(seman)m(tics)j(for)f(a)g(language)f -(with)283 2435 y(additional)29 b(programming)f(constructs)k(one)g(ma)m -(y)f(need)h(to)f(amend)g(the)g(ab)s(o)m(v)m(e)h(pro)s(of)e(tec)m(h-)283 -2555 y(nique.)70 b(One)41 b(reason)h(is)f(that)g(the)g(equiv)-5 -b(alence)42 b(result)f(ma)m(y)g(ha)m(v)m(e)h(to)f(b)s(e)g(expressed)j -(dif-)283 2675 y(feren)m(tly)37 b(from)e(that)h(of)g(Theorem)h(2.26)e -(\(as)i(will)d(b)s(e)i(the)h(case)g(if)e(the)i(extended)h(language)283 -2796 y(is)43 b(non-deterministic\).)75 b(Also)43 b(one)g(migh)m(t)f(w)m -(an)m(t)j(to)e(consider)h(only)f(some)g(of)g(the)h(\014nite)283 -2916 y(deriv)-5 b(ation)31 b(sequences,)36 b(for)c(example)g(those)i -(ending)e(in)g(a)g(terminal)e(con\014guration.)283 3242 -y Fj(2.4)161 b(Extensions)53 b(of)g(While)283 3461 y -Fu(In)29 b(order)f(to)f(illustrate)f(the)i(p)s(o)m(w)m(er)h(and)f(w)m -(eakness)j(of)d(the)g(t)m(w)m(o)h(approac)m(hes)g(to)e(op)s(erational) -283 3582 y(seman)m(tics)38 b(w)m(e)h(shall)d(consider)i(v)-5 -b(arious)37 b(extensions)i(of)e(the)h(language)e Fw(While)p -Fu(.)57 b(F)-8 b(or)37 b(eac)m(h)283 3702 y(extension)d(w)m(e)f(shall)f -(sho)m(w)h(ho)m(w)h(to)e(mo)s(dify)f(the)i(op)s(erational)d(seman)m -(tics.)283 3984 y Fp(Ab)t(ortion)283 4169 y Fu(W)-8 b(e)35 -b(\014rst)f(extend)h Fw(While)d Fu(with)h(the)h(simple)e(statemen)m(t)i -Fr(abort)p Fu(.)48 b(The)35 b(idea)e(is)g(that)h Fr(abort)283 -4289 y Fs(stops)52 b Fu(the)44 b(execution)g(of)g(the)g(complete)f -(program.)75 b(This)44 b(means)f(that)h Fr(abort)h Fu(b)s(eha)m(v)m(es) -283 4410 y(di\013eren)m(tly)30 b(from)f Fr(while)i(true)g(do)f(skip)h -Fu(in)e(that)h(it)f(causes)i(the)f(execution)h(to)f(stop)g(rather)283 -4530 y(than)25 b(lo)s(op.)39 b(Also)24 b Fr(abort)h Fu(b)s(eha)m(v)m -(es)i(di\013eren)m(tly)d(from)f Fr(skip)i Fu(b)s(ecause)h(a)e(statemen) -m(t)h(follo)m(wing)283 4651 y Fr(abort)34 b Fu(will)d(nev)m(er)j(b)s(e) -e(executed)j(whereas)f(one)f(follo)m(wing)d Fr(skip)k -Fu(certainly)d(will.)430 4771 y(F)-8 b(ormally)g(,)29 -b(the)k(new)h(syn)m(tax)g(of)e(statemen)m(ts)i(is)e(giv)m(en)g(b)m(y:) -577 4928 y Fs(S)112 b Fu(::=)99 b Fs(x)45 b Fu(:=)32 -b Fs(a)40 b Ft(j)32 b Fr(skip)i Ft(j)e Fs(S)1713 4943 -y Fn(1)1785 4928 y Fu(;)g Fs(S)1911 4943 y Fn(2)1983 -4928 y Ft(j)g Fr(if)h Fs(b)39 b Fr(then)33 b Fs(S)2566 -4943 y Fn(1)2638 4928 y Fr(else)h Fs(S)2943 4943 y Fn(2)795 -5095 y Ft(j)150 b Fr(while)34 b Fs(b)39 b Fr(do)33 b -Fs(S)44 b Ft(j)32 b Fr(abort)283 5254 y Fu(W)-8 b(e)31 -b(shall)d(not)h(rep)s(eat)h(the)g(de\014nitions)f(of)h(the)g(sets)h(of) -e(con\014gurations)g(but)h(tacitly)e(assume)283 5374 -y(that)k(they)g(are)g(mo)s(di\014ed)e(so)h(as)h(to)f(corresp)s(ond)h -(to)g(the)f(extended)j(syn)m(tax.)45 b(The)32 b(task)g(that)283 -5494 y(remains,)g(therefore,)h(is)g(to)f(de\014ne)i(the)f(new)g -(transition)e(relations)g Ft(!)h Fu(and)h Ft(\))p Fu(.)p -eop -%%Page: 45 55 -45 54 bop 0 130 a Fw(2.4)112 b(Extensions)37 b(of)h(While)2119 -b(45)p 0 193 3473 4 v 146 515 a Fu(The)26 b(fact)f(that)g -Fr(abort)h Fu(stops)g(the)g(execution)g(of)e(the)i(program)e(is)g(mo)s -(delled)f(b)m(y)j(ensuring)0 636 y(that)40 b(the)h(con\014gurations)f -(of)g(the)h(form)e Ft(h)p Fr(abort)p Fu(,)44 b Fs(s)8 -b Ft(i)40 b Fu(are)h Fs(stuck)11 b Fu(.)67 b(Therefore)41 -b(the)g Fs(natur)-5 b(al)0 756 y(semantics)47 b Fu(of)39 -b(the)h(extended)i(language)c(is)i(still)d(de\014ned)k(b)m(y)g(the)f -(transition)e(relation)g Ft(!)0 877 y Fu(of)31 b(T)-8 -b(able)31 b(2.1.)43 b(So)31 b(although)g(the)h(language)e(and)i(thereb) -m(y)h(the)f(set)g(of)f(con\014gurations)g(ha)m(v)m(e)0 -997 y(b)s(een)c(extended)h(w)m(e)f(do)f(not)f(mo)s(dify)g(the)h -(de\014nition)f(of)g(the)i(transition)d(relation.)39 -b(Similarly)-8 b(,)0 1117 y(the)40 b Fs(structur)-5 b(al)43 -b(op)-5 b(er)g(ational)40 b(semantics)47 b Fu(of)39 b(the)h(extended)i -(language)d(is)g(still)e(de\014ned)k(b)m(y)0 1238 y(T)-8 -b(able)32 b(2.2.)146 1358 y(F)-8 b(rom)39 b(the)i(structural)g(op)s -(erational)d(seman)m(tics)i(p)s(oin)m(t)g(of)g(view)h(it)e(is)h(clear)g -(no)m(w)i(that)0 1478 y Fr(abort)34 b Fu(and)f Fr(skip)g -Fu(cannot)g(b)s(e)g(seman)m(tically)d(equiv)-5 b(alen)m(t.)44 -b(This)32 b(is)h(b)s(ecause)244 1648 y Ft(h)p Fr(skip)p -Fu(,)g Fs(s)8 b Ft(i)33 b(\))f Fs(s)0 1818 y Fu(is)g(the)h(only)f -(deriv)-5 b(ation)31 b(sequence)k(for)d Fr(skip)i Fu(starting)e(in)f -Fs(s)41 b Fu(and)244 1989 y Ft(h)p Fr(abort)p Fu(,)34 -b Fs(s)8 b Ft(i)0 2159 y Fu(is)28 b(the)h(only)g(deriv)-5 -b(ation)27 b(sequence)k(for)e Fr(abort)h Fu(starting)d(in)h -Fs(s)8 b Fu(.)43 b(Similarly)-8 b(,)25 b Fr(abort)30 -b Fu(cannot)f(b)s(e)0 2279 y(seman)m(tically)i(equiv)-5 -b(alen)m(t)32 b(to)g Fr(while)i(true)g(do)f(skip)g Fu(b)s(ecause)244 -2449 y Ft(h)p Fr(while)g(true)h(do)f(skip)p Fu(,)h Fs(s)8 -b Ft(i)571 2617 y(\))33 b(h)o Fr(if)g(true)h(then)g Fu(\()p -Fr(skip)p Fu(;)f Fr(while)h(true)g(do)f(skip)p Fu(\))g -Fr(else)h(skip)p Fu(,)f Fs(s)8 b Ft(i)571 2784 y(\))33 -b(h)o Fr(skip)p Fu(;)h Fr(while)g(true)f(do)h(skip)p -Fu(,)f Fs(s)8 b Ft(i)571 2952 y(\))33 b(h)o Fr(while)h(true)g(do)f -(skip)p Fu(,)h Fs(s)8 b Ft(i)571 3119 y(\))33 b(\001)17 -b(\001)g(\001)0 3289 y Fu(is)27 b(an)h(in\014nite)f(deriv)-5 -b(ation)26 b(sequence)31 b(for)c Fr(while)i(true)g(do)f(skip)h -Fu(whereas)g Fr(abort)h Fu(has)e(none.)0 3410 y(Th)m(us)d(w)m(e)f -(shall)d(claim)g(that)i(the)g(structural)g(op)s(erational)e(seman)m -(tics)i(captures)h(the)f(informal)0 3530 y(explanation)31 -b(giv)m(en)i(earlier.)146 3651 y(F)-8 b(rom)32 b(the)i(natural)d(seman) -m(tics)j(p)s(oin)m(t)e(of)h(view)g(it)f(is)h(also)f(clear)h(that)g -Fr(skip)h Fu(and)f Fr(abort)0 3771 y Fu(cannot)25 b(b)s(e)g(seman)m -(tically)e(equiv)-5 b(alen)m(t.)40 b(Ho)m(w)m(ev)m(er,)29 -b(it)24 b(turns)h(out)f(that)h Fr(while)34 b(true)f(do)g(skip)0 -3891 y Fu(and)25 b Fr(abort)i Fs(ar)-5 b(e)32 b Fu(seman)m(tically)23 -b(equiv)-5 b(alen)m(t!)41 b(The)26 b(reason)g(is)e(that)h(in)g(the)g -(natural)f(seman)m(tics)0 4012 y(w)m(e)39 b(are)f(only)f(concerned)j -(with)d(executions)i(that)f(terminate)f(prop)s(erly)-8 -b(.)58 b(So)38 b(if)f(w)m(e)i(do)f(not)0 4132 y(ha)m(v)m(e)31 -b(a)e(deriv)-5 b(ation)28 b(tree)i(for)f Ft(h)p Fs(S)12 -b Fu(,)29 b Fs(s)8 b Ft(i)30 b(!)f Fs(s)1549 4096 y Fi(0)1602 -4132 y Fu(then)h(w)m(e)g(cannot)g(tell)e(whether)j(it)d(is)h(b)s -(ecause)i(w)m(e)0 4253 y(en)m(tered)39 b(a)e(stuc)m(k)j -(con\014guration)c(or)h(a)h(lo)s(oping)d(execution.)59 -b(W)-8 b(e)38 b(can)g(summarize)e(this)h(as)0 4373 y(follo)m(ws:)p -0 4503 3472 4 v 0 4519 V -2 4727 4 208 v 15 4727 V 283 -4648 a Fw(Natural)32 b(Seman)m(tics)g(v)m(ersus)h(Structural)f(Op)s -(erational)g(Seman)m(tics)p 3453 4727 V 3470 4727 V 0 -4730 3472 4 v -2 5099 4 370 v 15 5099 V 66 4896 a Ft(\017)100 -b Fu(In)27 b(a)g(natural)e(seman)m(tics)i(w)m(e)h(cannot)f(distinguish) -f(b)s(et)m(w)m(een)j Fs(lo)-5 b(oping)34 b Fu(and)27 -b Fs(abnormal)216 5016 y(termination)p Fu(.)p 3453 5099 -V 3470 5099 V -2 5508 4 409 v 15 5508 V 66 5184 a Ft(\017)100 -b Fu(In)32 b(a)g(structural)g(op)s(erational)e(seman)m(tics)i -Fs(lo)-5 b(oping)40 b Fu(is)32 b(re\015ected)i(b)m(y)f(in\014nite)e -(deriv)-5 b(a-)216 5304 y(tion)22 b(sequences)27 b(and)c -Fs(abnormal)i(termination)30 b Fu(b)m(y)24 b(\014nite)f(deriv)-5 -b(ation)22 b(sequences)27 b(end-)216 5424 y(ing)k(in)h(a)h(stuc)m(k)h -(con\014guration.)p 3453 5508 V 3470 5508 V 0 5511 3472 -4 v 0 5528 V eop -%%Page: 46 56 -46 55 bop 251 130 a Fw(46)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(W)-8 b(e)41 -b(should)f(note,)j(ho)m(w)m(ev)m(er,)i(that)40 b(if)f(abnormal)g -(termination)f(is)h(mo)s(delled)g(b)m(y)i(\\normal)283 -636 y(termination")22 b(in)i(a)h(sp)s(ecial)e(error)i(con\014guration)f -(\(included)g(in)g(the)h(set)h(of)e(terminal)e(con\014g-)283 -756 y(urations\))34 b(then)g(w)m(e)h(can)f(distinguish)f(b)s(et)m(w)m -(een)j(the)e(three)h(statemen)m(ts)f(in)g(b)s(oth)f(seman)m(tic)283 -877 y(st)m(yles.)283 1092 y Fw(Exercise)k(2.31)49 b Fu(Theorem)30 -b(2.26)f(expresses)k(that)d(the)g(natural)f(seman)m(tics)h(and)g(the)g -(struc-)283 1213 y(tural)41 b(op)s(erational)e(seman)m(tics)j(of)f -Fw(While)f Fu(are)i(equiv)-5 b(alen)m(t.)70 b(Discuss)42 -b(whether)h(or)f(not)f(a)283 1333 y(similar)30 b(result)i(holds)h(for)f -Fw(While)f Fu(extended)j(with)e Fr(abort)p Fu(.)1159 -b Fh(2)283 1549 y Fw(Exercise)37 b(2.32)49 b Fu(Extend)34 -b Fw(While)d Fu(with)h(the)h(statemen)m(t)527 1743 y -Fr(assert)h Fs(b)39 b Fr(before)34 b Fs(S)283 1937 y -Fu(The)23 b(idea)e(is)h(that)f(if)g Fs(b)28 b Fu(ev)-5 -b(aluates)21 b(to)h(true)g(then)g(w)m(e)h(execute)h Fs(S)34 -b Fu(and)22 b(otherwise)g(the)g(execution)283 2057 y(of)48 -b(the)h(complete)e(program)g(ab)s(orts.)90 b(Extend)49 -b(the)g(structural)f(op)s(erational)e(seman)m(tics)283 -2178 y(of)40 b(T)-8 b(able)39 b(2.2)h(to)f(express)j(this)e(\(without)f -(assuming)g(that)h Fw(While)e Fu(con)m(tains)i(the)g -Fr(abort)p Fu(-)283 2298 y(statemen)m(t\).)k(Sho)m(w)31 -b(that)f Fr(assert)h(true)g(before)h Fs(S)42 b Fu(is)30 -b(seman)m(tically)e(equiv)-5 b(alen)m(t)30 b(to)g Fs(S)42 -b Fu(but)283 2419 y(that)i Fr(assert)h(false)f(before)h -Fs(S)56 b Fu(neither)43 b(is)g(equiv)-5 b(alen)m(t)43 -b(to)g Fr(while)i(true)g(do)f(skip)g Fu(nor)283 2539 -y Fr(skip)p Fu(.)3167 b Fh(2)283 2826 y Fp(Non-determinism)283 -3011 y Fu(The)34 b(second)g(extension)f(of)f Fw(While)f -Fu(has)i(statemen)m(ts)h(giv)m(en)f(b)m(y)577 3197 y -Fs(S)112 b Fu(::=)99 b Fs(x)45 b Fu(:=)32 b Fs(a)40 b -Ft(j)32 b Fr(skip)i Ft(j)e Fs(S)1713 3212 y Fn(1)1785 -3197 y Fu(;)g Fs(S)1911 3212 y Fn(2)1983 3197 y Ft(j)g -Fr(if)h Fs(b)39 b Fr(then)33 b Fs(S)2566 3212 y Fn(1)2638 -3197 y Fr(else)h Fs(S)2943 3212 y Fn(2)795 3364 y Ft(j)150 -b Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)44 b Ft(j)32 -b Fs(S)1707 3379 y Fn(1)1779 3364 y Fr(or)h Fs(S)1981 -3379 y Fn(2)283 3551 y Fu(The)i(idea)f(is)f(here)i(that)f(in)f -Fs(S)1400 3566 y Fn(1)1474 3551 y Fr(or)h Fs(S)1677 3566 -y Fn(2)1750 3551 y Fu(w)m(e)h(can)g(non-deterministically)30 -b(c)m(ho)s(ose)35 b(to)f(execute)283 3672 y(either)f -Fs(S)627 3687 y Fn(1)699 3672 y Fu(or)f Fs(S)885 3687 -y Fn(2)924 3672 y Fu(.)44 b(So)32 b(w)m(e)i(shall)d(exp)s(ect)j(that)e -(execution)h(of)f(the)h(statemen)m(t)527 3866 y Fr(x)g -Fu(:=)g Fr(1)f(or)h Fu(\()p Fr(x)g Fu(:=)g Fr(2)p Fu(;)g -Fr(x)f Fu(:=)h Fr(x)g Fu(+)f Fr(2)p Fu(\))283 4060 y(could)c(result)f -(in)g(a)g(state)h(where)g Fr(x)g Fu(has)g(the)g(v)-5 -b(alue)27 b Fw(1)p Fu(,)h(but)g(it)f(could)g(as)g(w)m(ell)g(result)h -(in)e(a)h(state)283 4180 y(where)34 b Fr(x)f Fu(has)g(the)g(v)-5 -b(alue)32 b Fw(4)p Fu(.)430 4301 y(When)c(sp)s(ecifying)f(the)h -Fs(natur)-5 b(al)31 b(semantics)j Fu(w)m(e)29 b(extend)g(T)-8 -b(able)27 b(2.1)g(with)h(the)g(t)m(w)m(o)g(rules:)527 -4555 y([or)653 4519 y Fn(1)641 4579 y(ns)712 4555 y Fu(])1297 -4468 y Ft(h)p Fs(S)1403 4483 y Fn(1)1442 4468 y Fu(,)33 -b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1801 4432 y Fi(0)p 1160 -4532 802 4 v 1160 4636 a Ft(h)p Fs(S)1266 4651 y Fn(1)1338 -4636 y Fr(or)h Fs(S)1540 4651 y Fn(2)1579 4636 y Fu(,)g -Fs(s)8 b Ft(i)32 b(!)g Fs(s)1938 4600 y Fi(0)527 4917 -y Fu([or)653 4881 y Fn(2)641 4942 y(ns)712 4917 y Fu(])1297 -4831 y Ft(h)p Fs(S)1403 4846 y Fn(2)1442 4831 y Fu(,)h -Fs(s)8 b Ft(i)32 b(!)g Fs(s)1801 4794 y Fi(0)p 1160 4894 -V 1160 4998 a Ft(h)p Fs(S)1266 5013 y Fn(1)1338 4998 -y Fr(or)h Fs(S)1540 5013 y Fn(2)1579 4998 y Fu(,)g Fs(s)8 -b Ft(i)32 b(!)g Fs(s)1938 4962 y Fi(0)283 5180 y Fu(Corresp)s(onding)42 -b(to)f(the)g(con\014guration)g Ft(h)o Fr(x)h Fu(:=)f -Fr(1)h(or)f Fu(\()p Fr(x)h Fu(:=)f Fr(2)p Fu(;)46 b Fr(x)41 -b Fu(:=)g Fr(x)p Fu(+)p Fr(2)p Fu(\),)j Fs(s)8 b Ft(i)41 -b Fu(w)m(e)i(ha)m(v)m(e)283 5300 y(deriv)-5 b(ation)31 -b(trees)j(for)527 5494 y Ft(h)p Fr(x)f Fu(:=)f Fr(1)h(or)g -Fu(\()p Fr(x)g Fu(:=)f Fr(2)p Fu(;)h Fr(x)g Fu(:=)g Fr(x)p -Fu(+)p Fr(2)p Fu(\),)f Fs(s)8 b Ft(i)33 b(!)f Fs(s)8 -b Fu([)p Fr(x)p Ft(7!)p Fw(1)p Fu(])p eop -%%Page: 47 57 -47 56 bop 0 130 a Fw(2.4)112 b(Extensions)37 b(of)h(While)2119 -b(47)p 0 193 3473 4 v 0 515 a Fu(as)33 b(w)m(ell)f(as)244 -712 y Ft(h)p Fr(x)g Fu(:=)h Fr(1)g(or)g Fu(\()p Fr(x)f -Fu(:=)h Fr(2)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Fu(+)p Fr(2)p -Fu(\),)h Fs(s)8 b Ft(i)32 b(!)h Fs(s)8 b Fu([)p Fr(x)p -Ft(7!)p Fw(4)p Fu(])0 910 y(It)39 b(is)f(imp)s(ortan)m(t)f(to)h(note)h -(that)f(if)g(w)m(e)i(replace)e Fr(x)h Fu(:=)g Fr(1)g -Fu(b)m(y)g Fr(while)h(true)g(do)f(skip)h Fu(in)e(the)0 -1030 y(ab)s(o)m(v)m(e)33 b(statemen)m(t)g(then)h(w)m(e)f(will)e(only)h -(ha)m(v)m(e)i(one)e(deriv)-5 b(ation)31 b(tree,)i(namely)f(that)h(for) -244 1227 y Ft(h)p Fu(\()p Fr(while)g(true)h(do)f(skip)p -Fu(\))h Fr(or)f Fu(\()p Fr(x)f Fu(:=)h Fr(2)p Fu(;)g -Fr(x)f Fu(:=)h Fr(x)p Fu(+)p Fr(2)p Fu(\),)g Fs(s)8 b -Ft(i)32 b(!)g Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p Fw(4)p Fu(])146 -1424 y(T)-8 b(urning)29 b(to)g(the)h Fs(structur)-5 b(al)33 -b(op)-5 b(er)g(ational)31 b(semantics)36 b Fu(w)m(e)30 -b(shall)e(extend)j(T)-8 b(able)29 b(2.2)g(with)0 1545 -y(the)k(t)m(w)m(o)g(axioms:)244 1742 y([or)370 1705 y -Fn(1)358 1766 y(sos)453 1742 y Fu(])387 b Ft(h)p Fs(S)973 -1757 y Fn(1)1044 1742 y Fr(or)34 b Fs(S)1247 1757 y Fn(2)1286 -1742 y Fu(,)e Fs(s)8 b Ft(i)33 b(\))f(h)p Fs(S)1703 1757 -y Fn(1)1742 1742 y Fu(,)h Fs(s)8 b Ft(i)244 1956 y Fu([or)370 -1920 y Fn(2)358 1981 y(sos)453 1956 y Fu(])387 b Ft(h)p -Fs(S)973 1971 y Fn(1)1044 1956 y Fr(or)34 b Fs(S)1247 -1971 y Fn(2)1286 1956 y Fu(,)e Fs(s)8 b Ft(i)33 b(\))f(h)p -Fs(S)1703 1971 y Fn(2)1742 1956 y Fu(,)h Fs(s)8 b Ft(i)0 -2154 y Fu(F)-8 b(or)29 b(the)h(statemen)m(t)h Fr(x)f -Fu(:=)f Fr(1)h(or)h Fu(\()p Fr(x)f Fu(:=)f Fr(2)p Fu(;)i -Fr(x)g Fu(:=)e Fr(x)p Fu(+)p Fr(2)p Fu(\))h(w)m(e)h(ha)m(v)m(e)g(t)m(w) -m(o)g(deriv)-5 b(ation)28 b(sequences:)244 2351 y Ft(h)p -Fr(x)k Fu(:=)h Fr(1)g(or)g Fu(\()p Fr(x)f Fu(:=)h Fr(2)p -Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(\),)h Fs(s)8 -b Ft(i)32 b(\))1803 2315 y Fi(\003)1875 2351 y Fs(s)8 -b Fu([)p Fr(x)p Ft(7!)p Fw(1)p Fu(])0 2548 y(and)244 -2745 y Ft(h)p Fr(x)32 b Fu(:=)h Fr(1)g(or)g Fu(\()p Fr(x)f -Fu(:=)h Fr(2)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Fu(+)p Fr(2)p -Fu(\),)h Fs(s)8 b Ft(i)32 b(\))1803 2709 y Fi(\003)1875 -2745 y Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p Fw(4)p Fu(])0 2942 -y(If)34 b(w)m(e)h(replace)g Fr(x)f Fu(:=)g Fr(1)h Fu(b)m(y)g -Fr(while)g(true)h(do)e(skip)i Fu(in)d(the)i(ab)s(o)m(v)m(e)g(statemen)m -(t)g(then)f(w)m(e)i(still)0 3062 y(ha)m(v)m(e)e(t)m(w)m(o)f(deriv)-5 -b(ation)31 b(sequences.)47 b(One)33 b(is)f(in\014nite)244 -3259 y Ft(h)p Fu(\()p Fr(while)h(true)h(do)f(skip)p Fu(\))h -Fr(or)f Fu(\()p Fr(x)f Fu(:=)h Fr(2)p Fu(;)g Fr(x)f Fu(:=)h -Fr(x)p Fu(+)p Fr(2)p Fu(\),)g Fs(s)8 b Ft(i)609 3427 -y(\))65 b(h)p Fr(while)34 b(true)f(do)g(skip)p Fu(,)h -Fs(s)8 b Ft(i)609 3595 y(\))709 3559 y Fn(3)774 3595 -y Ft(h)p Fr(while)34 b(true)f(do)g(skip)p Fu(,)h Fs(s)8 -b Ft(i)609 3762 y(\))65 b(\001)17 b(\001)g(\001)0 3959 -y Fu(and)33 b(the)g(other)f(is)g(\014nite)244 4156 y -Ft(h)p Fu(\()p Fr(while)h(true)h(do)f(skip)p Fu(\))h -Fr(or)f Fu(\()p Fr(x)f Fu(:=)h Fr(2)p Fu(;)g Fr(x)f Fu(:=)h -Fr(x)p Fu(+)p Fr(2)p Fu(\),)g Fs(s)8 b Ft(i)32 b(\))2475 -4120 y Fi(\003)2547 4156 y Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p -Fw(4)p Fu(])146 4354 y(Comparing)31 b(the)h(natural)f(seman)m(tics)i -(and)f(the)g(structural)g(op)s(erational)e(seman)m(tics)i(w)m(e)0 -4474 y(see)42 b(that)e(the)h(latter)f(can)h(c)m(ho)s(ose)g(the)h -(\\wrong")e(branc)m(h)h(of)g(the)g Fr(or)p Fu(-statemen)m(t)g(whereas)0 -4594 y(the)33 b(\014rst)g(alw)m(a)m(ys)g(c)m(ho)s(oses)h(the)f(\\righ)m -(t")e(branc)m(h.)45 b(This)33 b(is)f(summarized)f(as)i(follo)m(ws:)p -0 4743 3472 4 v 0 4760 V -2 4968 4 208 v 15 4968 V 283 -4889 a Fw(Natural)f(Seman)m(tics)g(v)m(ersus)h(Structural)f(Op)s -(erational)g(Seman)m(tics)p 3453 4968 V 3470 4968 V 0 -4971 3472 4 v -2 5220 4 249 v 15 5220 V 66 5136 a Ft(\017)100 -b Fu(In)33 b(a)f(natural)f(seman)m(tics)i Fs(non-determinism)g(wil)5 -b(l)34 b(suppr)-5 b(ess)35 b(lo)-5 b(oping)p Fu(,)31 -b(if)h(p)s(ossible.)p 3453 5220 V 3470 5220 V -2 5508 -4 289 v 15 5508 V 66 5304 a Ft(\017)100 b Fu(In)44 b(a)f(structural)h -(op)s(erational)d(seman)m(tics)j Fs(non-determinism)f(do)-5 -b(es)44 b(not)h(suppr)-5 b(ess)216 5424 y(lo)g(oping)p -Fu(.)p 3453 5508 V 3470 5508 V 0 5511 3472 4 v 0 5528 -V eop -%%Page: 48 58 -48 57 bop 251 130 a Fw(48)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 283 515 a(Exercise)g(2.33)49 -b Fu(Consider)33 b(the)g(statemen)m(t)527 718 y Fr(x)g -Fu(:=)g Ft(\000)p Fr(1)p Fu(;)g Fr(while)h(x)p Ft(\024)q -Fr(0)e(do)h Fu(\()p Fr(x)g Fu(:=)g Fr(x)p Ft(\000)p Fr(1)g(or)g(x)g -Fu(:=)f(\()p Ft(\000)p Fr(1)p Fu(\))p Fo(?)q Fr(x)p Fu(\))283 -921 y(Giv)m(en)39 b(a)g(state)h Fs(s)47 b Fu(describ)s(e)40 -b(the)f(set)h(of)f(\014nal)f(states)i(that)f(ma)m(y)g(result)g -(according)g(to)f(the)283 1041 y(natural)32 b(seman)m(tics.)43 -b(F)-8 b(urther)33 b(describ)s(e)g(the)g(set)g(of)f(deriv)-5 -b(ation)31 b(sequences)36 b(that)c(are)g(sp)s(ec-)283 -1162 y(i\014ed)42 b(b)m(y)g(the)g(structural)f(op)s(erational)e(seman)m -(tics.)70 b(Based)42 b(on)g(this)f(discuss)h(whether)h(or)283 -1282 y(not)35 b(y)m(ou)g(w)m(ould)g(regard)f(the)h(natural)e(seman)m -(tics)i(as)g(b)s(eing)f(equiv)-5 b(alen)m(t)34 b(to)g(the)h(structural) -283 1402 y(op)s(erational)c(seman)m(tics)h(for)g(this)h(particular)d -(statemen)m(t.)1207 b Fh(2)283 1630 y Fw(Exercise)37 -b(2.34)49 b Fu(W)-8 b(e)33 b(shall)e(no)m(w)i(extend)h -Fw(While)d Fu(with)h(the)h(statemen)m(t)527 1833 y Fr(random)p -Fu(\()p Fs(x)12 b Fu(\))283 2035 y(and)42 b(the)f(idea)f(is)h(that)g -(its)f(execution)i(will)d(c)m(hange)j(the)f(v)-5 b(alue)41 -b(of)f Fs(x)53 b Fu(to)41 b(b)s(e)g(an)m(y)g(p)s(ositiv)m(e)283 -2156 y(natural)23 b(n)m(um)m(b)s(er.)41 b(Extend)26 b(the)e(natural)f -(seman)m(tics)h(as)g(w)m(ell)f(as)h(the)h(structural)e(op)s(erational) -283 2276 y(seman)m(tics)38 b(to)f(express)j(this.)58 -b(Discuss)38 b(whether)h Fr(random)p Fu(\()p Fs(x)12 -b Fu(\))39 b(is)e(a)h(sup)s(er\015uous)h(construct)283 -2396 y(in)32 b(the)h(case)h(where)g Fw(While)d Fu(is)h(also)f(extended) -k(with)d(the)h Fr(or)g Fu(construct.)648 b Fh(2)283 2685 -y Fp(P)l(arallelism)283 2870 y Fu(W)-8 b(e)38 b(shall)e(no)m(w)h -(consider)h(an)f(extension)h(of)e Fw(While)g Fu(with)h(a)g(parallel)d -(construct.)58 b(So)37 b(no)m(w)283 2990 y(the)c(syn)m(tax)i(of)d -(expressions)i(is)e(giv)m(en)h(b)m(y)577 3185 y Fs(S)112 -b Fu(::=)99 b Fs(x)45 b Fu(:=)32 b Fs(a)40 b Ft(j)32 -b Fr(skip)i Ft(j)e Fs(S)1713 3200 y Fn(1)1785 3185 y -Fu(;)g Fs(S)1911 3200 y Fn(2)1983 3185 y Ft(j)g Fr(if)h -Fs(b)39 b Fr(then)33 b Fs(S)2566 3200 y Fn(1)2638 3185 -y Fr(else)h Fs(S)2943 3200 y Fn(2)795 3352 y Ft(j)150 -b Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)44 b Ft(j)32 -b Fs(S)1707 3367 y Fn(1)1779 3352 y Fr(par)h Fs(S)2032 -3367 y Fn(2)283 3548 y Fu(The)k(idea)f(is)f(that)h(b)s(oth)f(statemen)m -(ts)i(of)f Fs(S)1923 3563 y Fn(1)1998 3548 y Fr(par)g -Fs(S)2254 3563 y Fn(2)2330 3548 y Fu(ha)m(v)m(e)h(to)e(b)s(e)h -(executed)j(but)d(that)f(the)283 3669 y(execution)f(can)f(b)s(e)f -Fs(interle)-5 b(ave)g(d)p Fu(.)43 b(This)33 b(means)f(that)h(a)f -(statemen)m(t)h(lik)m(e)527 3871 y Fr(x)g Fu(:=)g Fr(1)f(par)i -Fu(\()p Fr(x)e Fu(:=)h Fr(2)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p -Fu(+)p Fr(2)p Fu(\))283 4074 y(can)f(giv)m(e)g(three)g(di\013eren)m(t)f -(results)h(for)f Fr(x)p Fu(,)h(namely)f Fw(4)p Fu(,)h -Fw(1)f Fu(and)h Fw(3)p Fu(:)42 b(If)31 b(w)m(e)g(\014rst)g(execute)h -Fr(x)h Fu(:=)g Fr(1)283 4194 y Fu(and)44 b(then)h Fr(x)e -Fu(:=)h Fr(2)p Fu(;)50 b Fr(x)44 b Fu(:=)f Fr(x)p Fu(+)p -Fr(2)h Fu(w)m(e)h(get)f(the)g(\014nal)f(v)-5 b(alue)43 -b Fw(4)p Fu(.)77 b(Alternativ)m(ely)-8 b(,)45 b(if)e(w)m(e)h(\014rst) -283 4315 y(execute)c Fr(x)e Fu(:=)g Fr(2)p Fu(;)j Fr(x)d -Fu(:=)g Fr(x)p Fu(+)p Fr(2)g Fu(and)g(then)h Fr(x)f Fu(:=)g -Fr(1)g Fu(w)m(e)h(get)f(the)g(\014nal)f(v)-5 b(alue)38 -b Fw(1)p Fu(.)59 b(Finally)-8 b(,)37 b(w)m(e)283 4435 -y(ha)m(v)m(e)c(the)e(p)s(ossibilit)m(y)d(of)j(\014rst)g(executing)g -Fr(x)g Fu(:=)g Fr(2)p Fu(,)g(then)h Fr(x)e Fu(:=)h Fr(1)g -Fu(and)g(lastly)e Fr(x)k Fu(:=)g Fr(x)p Fu(+)p Fr(2)e -Fu(and)283 4556 y(w)m(e)j(then)f(get)g(the)g(\014nal)f(v)-5 -b(alue)32 b Fw(3)p Fu(.)430 4676 y(T)-8 b(o)43 b(express)j(this)d(in)g -(the)h Fs(structur)-5 b(al)45 b(op)-5 b(er)g(ational)44 -b(semantics)51 b Fu(w)m(e)44 b(extend)h(T)-8 b(able)43 -b(2.2)283 4796 y(with)33 b(the)g(follo)m(wing)d(rules:)527 -5059 y([par)707 5023 y Fn(1)695 5084 y(sos)790 5059 y -Fu(])1485 4973 y Ft(h)p Fs(S)1591 4988 y Fn(1)1630 4973 -y Fu(,)j Fs(s)8 b Ft(i)32 b(\))h(h)o Fs(S)2047 4937 y -Fi(0)2047 4997 y Fn(1)2087 4973 y Fu(,)f Fs(s)2194 4937 -y Fi(0)2218 4973 y Ft(i)p 1160 5036 1422 4 v 1160 5141 -a(h)p Fs(S)1266 5156 y Fn(1)1338 5141 y Fr(par)h Fs(S)1591 -5156 y Fn(2)1630 5141 y Fu(,)g Fs(s)8 b Ft(i)32 b(\))h(h)o -Fs(S)2047 5105 y Fi(0)2047 5165 y Fn(1)2119 5141 y Fr(par)g -Fs(S)2372 5156 y Fn(2)2412 5141 y Fu(,)f Fs(s)2519 5105 -y Fi(0)2543 5141 y Ft(i)527 5421 y Fu([par)707 5385 y -Fn(2)695 5446 y(sos)790 5421 y Fu(])1445 5335 y Ft(h)o -Fs(S)1550 5350 y Fn(1)1590 5335 y Fu(,)g Fs(s)8 b Ft(i)33 -b(\))f Fs(s)1949 5299 y Fi(0)p 1160 5398 1096 4 v 1160 -5503 a Ft(h)p Fs(S)1266 5518 y Fn(1)1338 5503 y Fr(par)h -Fs(S)1591 5518 y Fn(2)1630 5503 y Fu(,)g Fs(s)8 b Ft(i)32 -b(\))h(h)o Fs(S)2047 5518 y Fn(2)2087 5503 y Fu(,)f Fs(s)2194 -5467 y Fi(0)2218 5503 y Ft(i)p eop -%%Page: 49 59 -49 58 bop 0 130 a Fw(2.4)112 b(Extensions)37 b(of)h(While)2119 -b(49)p 0 193 3473 4 v 244 577 a Fu([par)424 541 y Fn(3)412 -602 y(sos)507 577 y Fu(])1202 490 y Ft(h)p Fs(S)1308 -505 y Fn(2)1347 490 y Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))g(h)p -Fs(S)1764 454 y Fi(0)1764 515 y Fn(2)1803 490 y Fu(,)h -Fs(s)1911 454 y Fi(0)1934 490 y Ft(i)p 877 554 1422 4 -v 877 658 a(h)p Fs(S)983 673 y Fn(1)1054 658 y Fr(par)h -Fs(S)1308 673 y Fn(2)1347 658 y Fu(,)f Fs(s)8 b Ft(i)32 -b(\))g(h)p Fs(S)1764 673 y Fn(1)1836 658 y Fr(par)h Fs(S)2089 -622 y Fi(0)2089 683 y Fn(2)2128 658 y Fu(,)g Fs(s)2236 -622 y Fi(0)2259 658 y Ft(i)244 939 y Fu([par)424 903 -y Fn(4)412 964 y(sos)507 939 y Fu(])1161 853 y Ft(h)p -Fs(S)1267 868 y Fn(2)1306 853 y Fu(,)g Fs(s)8 b Ft(i)32 -b(\))g Fs(s)1665 816 y Fi(0)p 877 916 1096 4 v 877 1020 -a Ft(h)p Fs(S)983 1035 y Fn(1)1054 1020 y Fr(par)i Fs(S)1308 -1035 y Fn(2)1347 1020 y Fu(,)f Fs(s)8 b Ft(i)32 b(\))g(h)p -Fs(S)1764 1035 y Fn(1)1803 1020 y Fu(,)h Fs(s)1911 984 -y Fi(0)1934 1020 y Ft(i)0 1212 y Fu(The)g(\014rst)g(t)m(w)m(o)h(rules)e -(tak)m(e)h(accoun)m(t)h(of)e(the)h(case)g(where)h(w)m(e)g(b)s(egin)d(b) -m(y)j(executing)f(the)g(\014rst)0 1332 y(step)h(of)e(statemen)m(t)i -Fs(S)839 1347 y Fn(1)878 1332 y Fu(.)45 b(If)33 b(the)g(execution)h(of) -e Fs(S)1831 1347 y Fn(1)1903 1332 y Fu(is)h(not)g(fully)e(completed)i -(w)m(e)h(mo)s(dify)d(the)0 1452 y(con\014guration)h(so)g(as)h(to)f -(remem)m(b)s(er)g(ho)m(w)h(far)f(w)m(e)i(ha)m(v)m(e)f(reac)m(hed.)45 -b(Otherwise)33 b(only)f Fs(S)3259 1467 y Fn(2)3331 1452 -y Fu(has)0 1573 y(to)38 b(b)s(e)g(executed)j(and)d(w)m(e)h(up)s(date)g -(the)f(con\014guration)g(accordingly)-8 b(.)59 b(The)39 -b(last)e(t)m(w)m(o)i(rules)0 1693 y(are)33 b(similar)c(but)k(for)f(the) -h(case)g(where)h(w)m(e)g(b)s(egin)d(b)m(y)j(executing)f(the)g(\014rst)g -(step)h(of)e Fs(S)3199 1708 y Fn(2)3238 1693 y Fu(.)146 -1815 y(Using)43 b(these)h(rules)f(w)m(e)h(get)f(the)h(follo)m(wing)c -(deriv)-5 b(ation)42 b(sequences)k(for)c(the)i(example)0 -1935 y(statemen)m(t:)244 2144 y Ft(h)p Fr(x)32 b Fu(:=)h -Fr(1)g(par)g Fu(\()p Fr(x)g Fu(:=)f Fr(2)p Fu(;)h Fr(x)g -Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(\),)h Fs(s)8 b Ft(i)33 -b(\))f(h)p Fr(x)g Fu(:=)h Fr(2)p Fu(;)g Fr(x)f Fu(:=)h -Fr(x)p Fu(+)p Fr(2)p Fu(,)g Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p -Fw(1)p Fu(])p Ft(i)1755 2312 y(\))32 b(h)p Fr(x)g Fu(:=)h -Fr(x)p Fu(+)p Fr(2)p Fu(,)g Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p -Fw(2)p Fu(])p Ft(i)1755 2479 y(\))32 b Fs(s)8 b Fu([)p -Fr(x)p Ft(7!)p Fw(4)p Fu(])244 2694 y Ft(h)p Fr(x)32 -b Fu(:=)h Fr(1)g(par)g Fu(\()p Fr(x)g Fu(:=)f Fr(2)p -Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(\),)h Fs(s)8 -b Ft(i)33 b(\))f(h)p Fr(x)g Fu(:=)h Fr(1)g(par)g(x)g -Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(,)h Fs(s)8 b Fu([)p Fr(x)p -Ft(7!)p Fw(2)p Fu(])p Ft(i)1755 2862 y(\))32 b(h)p Fr(x)g -Fu(:=)h Fr(1)p Fu(,)g Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p -Fw(4)p Fu(])p Ft(i)1755 3029 y(\))32 b Fs(s)8 b Fu([)p -Fr(x)p Ft(7!)p Fw(1)p Fu(])0 3238 y(and)244 3447 y Ft(h)p -Fr(x)32 b Fu(:=)h Fr(1)g(par)g Fu(\()p Fr(x)g Fu(:=)f -Fr(2)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(\),)h -Fs(s)8 b Ft(i)33 b(\))f(h)p Fr(x)g Fu(:=)h Fr(1)g(par)g(x)g -Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(,)h Fs(s)8 b Fu([)p Fr(x)p -Ft(7!)p Fw(2)p Fu(])p Ft(i)1755 3615 y(\))32 b(h)p Fr(x)g -Fu(:=)h Fr(x)p Fu(+)p Fr(2)p Fu(,)g Fs(s)8 b Fu([)p Fr(x)p -Ft(7!)p Fw(1)p Fu(])p Ft(i)1755 3783 y(\))32 b Fs(s)8 -b Fu([)p Fr(x)p Ft(7!)p Fw(3)p Fu(])146 3992 y(T)-8 b(urning)34 -b(to)g(the)h Fs(natur)-5 b(al)37 b(semantics)42 b Fu(w)m(e)35 -b(migh)m(t)e(start)h(b)m(y)i(extending)f(T)-8 b(able)34 -b(2.1)g(with)0 4112 y(the)f(t)m(w)m(o)g(rules:)254 4284 -y Ft(h)p Fs(S)360 4299 y Fn(1)399 4284 y Fu(,)f Fs(s)8 -b Ft(i)33 b(!)f Fs(s)758 4247 y Fi(0)781 4284 y Fu(,)h -Ft(h)p Fs(S)947 4299 y Fn(2)986 4284 y Fu(,)g Fs(s)1094 -4247 y Fi(0)1117 4284 y Ft(i)f(!)g Fs(s)1368 4247 y Fi(00)p -254 4347 1158 4 v 396 4452 a Ft(h)p Fs(S)502 4467 y Fn(1)574 -4452 y Fr(par)h Fs(S)827 4467 y Fn(2)867 4452 y Fu(,)f -Fs(s)8 b Ft(i)33 b(!)f Fs(s)1226 4415 y Fi(00)254 4654 -y Ft(h)p Fs(S)360 4669 y Fn(2)399 4654 y Fu(,)g Fs(s)8 -b Ft(i)33 b(!)f Fs(s)758 4618 y Fi(0)781 4654 y Fu(,)h -Ft(h)p Fs(S)947 4669 y Fn(1)986 4654 y Fu(,)g Fs(s)1094 -4618 y Fi(0)1117 4654 y Ft(i)f(!)g Fs(s)1368 4618 y Fi(00)p -254 4717 V 396 4822 a Ft(h)p Fs(S)502 4837 y Fn(1)574 -4822 y Fr(par)h Fs(S)827 4837 y Fn(2)867 4822 y Fu(,)f -Fs(s)8 b Ft(i)33 b(!)f Fs(s)1226 4786 y Fi(00)0 5013 -y Fu(Ho)m(w)m(ev)m(er,)50 b(it)44 b(is)g(easy)i(to)f(see)h(that)e(this) -h(will)d(not)j(do)g(b)s(ecause)h(the)f(rules)g(only)f(express)0 -5133 y(that)36 b(either)f Fs(S)561 5148 y Fn(1)636 5133 -y Fu(is)g(executed)j(b)s(efore)e Fs(S)1507 5148 y Fn(2)1582 -5133 y Fu(or)g(vice)g(v)m(ersa.)54 b(This)36 b(means)g(that)f(w)m(e)i -(ha)m(v)m(e)g(lost)0 5254 y(the)h(abilit)m(y)e(to)i Fs(interle)-5 -b(ave)44 b Fu(the)39 b(execution)f(of)g(t)m(w)m(o)g(statemen)m(ts.)61 -b(F)-8 b(urthermore,)39 b(it)d(seems)0 5374 y(imp)s(ossible)28 -b(to)i(b)s(e)h(able)f(to)g(express)i(this)e(in)g(the)h(natural)e(seman) -m(tics)i(b)s(ecause)h(w)m(e)f(consider)0 5494 y(the)h(execution)g(of)f -(a)h(statemen)m(t)g(as)f(an)h(atomic)d(en)m(tit)m(y)k(that)e(cannot)h -(b)s(e)f(split)g(in)m(to)f(smaller)p eop -%%Page: 50 60 -50 59 bop 251 130 a Fw(50)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(pieces.)45 -b(This)32 b(ma)m(y)h(b)s(e)g(summarized)e(as)i(follo)m(ws:)p -283 664 3472 4 v 283 681 V 281 889 4 208 v 298 889 V -567 810 a Fw(Natural)f(Seman)m(tics)f(v)m(ersus)j(Structural)d(Op)s -(erational)h(Seman)m(tics)p 3736 889 V 3753 889 V 283 -892 3472 4 v 281 1261 4 370 v 298 1261 V 350 1057 a Ft(\017)99 -b Fu(In)42 b(a)f(natural)f(seman)m(tics)h(the)h(execution)g(of)e(the)i -(immediate)c(constituen)m(ts)43 b(is)d(an)499 1178 y -Fs(atomic)35 b(entity)41 b Fu(so)33 b(w)m(e)h(cannot)f(express)h(in)m -(terlea)m(ving)e(of)g(computations.)p 3736 1261 V 3753 -1261 V 281 1549 4 289 v 298 1549 V 350 1345 a Ft(\017)99 -b Fu(In)36 b(a)e(structural)h(op)s(erational)d(seman)m(tics)j(w)m(e)h -(concen)m(trate)h(on)d(the)i Fs(smal)5 b(l)36 b(steps)43 -b Fu(of)499 1466 y(the)33 b(computation)e(so)i(w)m(e)h(can)f(easily)e -(express)k(in)m(terlea)m(ving.)p 3736 1549 V 3753 1549 -V 283 1553 3472 4 v 283 1569 V 283 1833 a Fw(Exercise)i(2.35)49 -b Fu(Consider)j(an)f(extension)h(of)f Fw(While)f Fu(that)h(in)g -(addition)f(to)h(the)h Fr(par)p Fu(-)283 1954 y(construct)34 -b(also)e(con)m(tains)g(the)h(construct)527 2206 y Fr(protect)i -Fs(S)44 b Fr(end)283 2459 y Fu(The)37 b(idea)f(is)f(that)h(the)g -(statemen)m(t)h Fs(S)47 b Fu(has)37 b(to)e(b)s(e)h(executed)i(as)f(an)e -(atomic)f(en)m(tit)m(y)j(so)f(that)283 2579 y(for)c(example)527 -2832 y Fr(x)h Fu(:=)g Fr(1)f(par)i(protect)g Fu(\()p -Fr(x)f Fu(:=)f Fr(2)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Fu(+)p -Fr(2)p Fu(\))h Fr(end)283 3085 y Fu(only)26 b(has)g(t)m(w)m(o)g(p)s -(ossible)g(outcomes)f(namely)g Fw(1)h Fu(and)g Fw(4)p -Fu(.)41 b(Extend)27 b(the)g(structural)e(op)s(erational)283 -3205 y(seman)m(tics)38 b(to)f(express)i(this.)57 b(Can)38 -b(y)m(ou)g(sp)s(ecify)f(a)g(natural)f(seman)m(tics)i(for)e(the)i -(extended)283 3325 y(language?)2977 b Fh(2)283 3623 y -Fw(Exercise)37 b(2.36)49 b Fu(Sp)s(ecify)37 b(a)h(structural)f(op)s -(erational)e(seman)m(tics)i(for)g(arithmetic)f(expres-)283 -3743 y(sions)42 b(where)h(the)f(individual)d(parts)j(of)g(an)f -(expression)i(ma)m(y)f(b)s(e)g(computed)g(in)e(parallel.)283 -3863 y(T)-8 b(ry)34 b(to)e(pro)m(v)m(e)i(that)e(y)m(ou)h(still)e -(obtain)g(the)i(result)g(that)f(w)m(as)i(sp)s(eci\014ed)f(b)m(y)g -Ft(A)p Fu(.)468 b Fh(2)283 4257 y Fj(2.5)161 b(Blo)t(c)l(ks)54 -b(and)f(pro)t(cedures)283 4496 y Fu(W)-8 b(e)38 b(no)m(w)f(extend)i -(the)e(language)f Fw(While)f Fu(with)i(blo)s(c)m(ks)g(con)m(taining)e -(declarations)h(of)h(v)-5 b(ari-)283 4616 y(ables)33 -b(and)g(pro)s(cedures.)44 b(In)33 b(doing)f(so)h(w)m(e)g(in)m(tro)s -(duce)g(a)f(couple)h(of)f(imp)s(ortan)m(t)e(concepts:)429 -4869 y Ft(\017)48 b Fu(v)-5 b(ariable)31 b(and)i(pro)s(cedure)g(en)m -(vironmen)m(ts,)h(and)429 5121 y Ft(\017)48 b Fu(lo)s(cations)31 -b(and)i(stores.)283 5374 y(W)-8 b(e)36 b(shall)e(concen)m(trate)j(on)e -(the)h(natural)e(seman)m(tics)i(and)f(will)f(consider)h(dynamic)g(as)h -(w)m(ell)283 5494 y(as)d(static)f(scop)s(e)i(and)e(non-recursiv)m(e)i -(as)f(w)m(ell)f(as)g(recursiv)m(e)i(pro)s(cedures.)p -eop -%%Page: 51 61 -51 60 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures) -1998 b(51)p 0 193 3473 4 v 0 515 a Fp(Blo)t(c)l(ks)45 -b(and)g(simple)g(declarations)0 700 y Fu(W)-8 b(e)37 -b(\014rst)g(extend)h(the)f(language)f Fw(While)f Fu(with)h(blo)s(c)m -(ks)h(con)m(taining)e(declarations)h(of)g(lo)s(cal)0 -820 y(v)-5 b(ariables.)42 b(The)34 b(new)f(language)f(is)g(called)f -Fw(Blo)s(c)m(k)h Fu(and)g(its)g(syn)m(tax)i(is)294 1001 -y Fs(S)111 b Fu(::=)100 b Fs(x)44 b Fu(:=)33 b Fs(a)39 -b Ft(j)33 b Fr(skip)g Ft(j)f Fs(S)1429 1016 y Fn(1)1501 -1001 y Fu(;)h Fs(S)1628 1016 y Fn(2)1700 1001 y Ft(j)f -Fr(if)h Fs(b)38 b Fr(then)c Fs(S)2283 1016 y Fn(1)2355 -1001 y Fr(else)f Fs(S)2659 1016 y Fn(2)511 1168 y Ft(j)151 -b Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)45 b Ft(j)32 b -Fr(begin)i Fs(D)1729 1183 y Fc(V)1822 1168 y Fs(S)44 -b Fr(end)0 1350 y Fu(where)32 b Fs(D)363 1365 y Fc(V)454 -1350 y Fu(is)d(a)h(meta-v)-5 b(ariable)28 b(ranging)h(o)m(v)m(er)i(the) -g(syn)m(tactic)g(category)g Fw(Dec)2946 1365 y Fn(V)3034 -1350 y Fu(of)e Fs(variable)0 1471 y(de)-5 b(clar)g(ations)p -Fu(.)42 b(The)34 b(syn)m(tax)g(of)e(v)-5 b(ariable)31 -b(declarations)g(is)h(giv)m(en)h(b)m(y:)294 1658 y Fs(D)377 -1673 y Fc(V)537 1658 y Fu(::=)100 b Fr(var)33 b Fs(x)45 -b Fu(:=)32 b Fs(a)7 b Fu(;)33 b Fs(D)1378 1673 y Fc(V)1471 -1658 y Ft(j)g Fo(")0 1848 y Fu(where)h Fo(")f Fu(is)g(the)g(empt)m(y)h -(declaration.)43 b(The)34 b(idea)e(is)h(that)g(the)g(v)-5 -b(ariables)32 b(declared)h(inside)g(a)0 1969 y(blo)s(c)m(k)f -Fr(begin)i Fs(D)629 1984 y Fc(V)723 1969 y Fs(S)44 b -Fr(end)33 b Fu(are)g Fs(lo)-5 b(c)g(al)42 b Fu(to)32 -b(it.)43 b(So)32 b(in)g(a)g(statemen)m(t)h(lik)m(e)244 -2157 y Fr(begin)h(var)f(y)g Fu(:=)f Fr(1)p Fu(;)533 2325 -y(\()p Fr(x)g Fu(:=)h Fr(1)p Fu(;)533 2493 y Fr(begin)h(var)f(x)g -Fu(:=)f Fr(2)p Fu(;)h Fr(y)g Fu(:=)f Fr(x)p Fu(+)p Fr(1)h(end)p -Fu(;)533 2660 y Fr(x)g Fu(:=)f Fr(y)p Fu(+)p Fr(x)p Fu(\))244 -2828 y Fr(end)0 3017 y Fu(the)d Fr(x)f Fu(in)g Fr(y)g -Fu(:=)g Fr(x)p Fu(+)p Fr(1)h Fu(relates)f(to)g(the)h(lo)s(cal)d(v)-5 -b(ariable)27 b Fr(x)h Fu(in)m(tro)s(duced)g(b)m(y)i Fr(var)f(x)f -Fu(:=)g Fr(2)p Fu(,)i(whereas)0 3137 y(the)e Fr(x)g Fu(in)f -Fr(x)h Fu(:=)g Fr(y)p Fu(+)p Fr(x)g Fu(relates)f(to)h(the)g(global)d(v) --5 b(ariable)26 b Fr(x)i Fu(that)g(is)f(also)g(used)i(in)e(the)h -(statemen)m(t)0 3257 y Fr(x)k Fu(:=)h Fr(1)p Fu(.)43 -b(In)33 b(b)s(oth)f(cases)i(the)e Fr(y)h Fu(refers)g(to)f(the)g -Fr(y)h Fu(declared)f(in)g(the)h(outer)f(blo)s(c)m(k.)43 -b(Therefore,)0 3378 y(the)37 b(statemen)m(t)g Fr(y)g -Fu(:=)f Fr(x)p Fu(+)p Fr(1)h Fu(assigns)g Fr(y)f Fu(the)h(v)-5 -b(alue)36 b Fw(3)p Fu(,)i(rather)e(than)h Fw(2)p Fu(,)g(and)g(the)g -(statemen)m(t)0 3498 y Fr(x)c Fu(:=)f Fr(y)p Fu(+)p Fr(x)h -Fu(assigns)g Fr(x)g Fu(the)g(v)-5 b(alue)32 b Fw(4)p -Fu(,)g(rather)h(than)g Fw(5)p Fu(.)146 3619 y(Before)28 -b(going)e(in)m(to)h(the)h(details)e(of)h(ho)m(w)i(to)e(sp)s(ecify)h -(the)g(seman)m(tics)f(w)m(e)i(shall)d(de\014ne)j(the)0 -3739 y(set)k(D)m(V\()p Fs(D)418 3754 y Fc(V)479 3739 -y Fu(\))g(of)f(v)-5 b(ariables)31 b(declared)i(in)e Fs(D)1646 -3754 y Fc(V)1707 3739 y Fu(:)294 3925 y(D)m(V\()p Fr(var)i -Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(;)33 b Fs(D)1088 3940 -y Fc(V)1148 3925 y Fu(\))100 b(=)g Ft(f)p Fs(x)12 b Ft(g)31 -b([)i Fu(D)m(V\()p Fs(D)2015 3940 y Fc(V)2076 3925 y -Fu(\))294 4092 y(D)m(V\()p Fo(")o Fu(\))726 b(=)100 b -Ft(;)146 4274 y Fu(W)-8 b(e)43 b(next)g(de\014ne)h(the)e -Fs(natur)-5 b(al)44 b(semantics)p Fu(.)71 b(The)44 b(idea)d(will)f(b)s -(e)j(to)e(ha)m(v)m(e)j(one)f(transi-)0 4395 y(tion)36 -b(system)i(for)f Fs(e)-5 b(ach)43 b Fu(of)37 b(the)g(syn)m(tactic)h -(categories)f Fw(Stm)f Fu(and)h Fw(Dec)2692 4410 y Fn(V)2750 -4395 y Fu(.)57 b(F)-8 b(or)36 b(statemen)m(ts)0 4515 -y(the)i(transition)d(system)j(is)f(as)g(in)g(T)-8 b(able)37 -b(2.1)f(but)i(extended)h(with)e(the)g(rule)g(of)g(T)-8 -b(able)37 b(2.3.)0 4635 y(The)28 b(transition)e(system)j(for)d(v)-5 -b(ariable)26 b(declarations)g(has)i(con\014gurations)f(of)g(the)h(t)m -(w)m(o)g(forms)0 4756 y Ft(h)p Fs(D)122 4771 y Fc(V)183 -4756 y Fu(,)k Fs(s)8 b Ft(i)37 b Fu(and)h Fs(s)45 b Fu(and)37 -b(the)h(idea)f(is)f(that)h(the)h(transition)e(relation)f -Ft(!)2627 4771 y Fc(D)2728 4756 y Fu(sp)s(eci\014es)j(the)g(rela-)0 -4876 y(tionship)31 b(b)s(et)m(w)m(een)k(initial)29 b(and)k(\014nal)e -(states)j(as)f(b)s(efore:)244 5065 y Ft(h)p Fs(D)366 -5080 y Fc(V)427 5065 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)705 -5080 y Fc(D)802 5065 y Fs(s)850 5029 y Fi(0)0 5254 y -Fu(The)g(relation)d Ft(!)654 5269 y Fc(D)749 5254 y Fu(for)h(v)-5 -b(ariable)29 b(declarations)h(is)g(giv)m(en)h(in)f(T)-8 -b(able)30 b(2.4.)43 b(W)-8 b(e)31 b(generalize)f(the)0 -5374 y(substitution)42 b(op)s(eration)f(on)i(states)g(and)g(write)f -Fs(s)1939 5338 y Fi(0)1962 5374 y Fu([)p Fs(X)16 b Ft(7\000)-15 -b(!)o Fs(s)8 b Fu(])43 b(for)f(the)h(state)g(that)f(is)g(as)h -Fs(s)3449 5338 y Fi(0)0 5494 y Fu(except)34 b(for)e(v)-5 -b(ariables)32 b(in)f(the)i(set)h Fs(X)48 b Fu(where)34 -b(it)e(is)g(as)h(sp)s(eci\014ed)g(b)m(y)g Fs(s)8 b Fu(.)44 -b(F)-8 b(ormally)g(,)p eop -%%Page: 52 62 -52 61 bop 251 130 a Fw(52)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 736 4 -318 v 773 605 a Fu([blo)s(c)m(k)1025 620 y Fn(ns)1096 -605 y Fu(])1689 519 y Ft(h)p Fs(D)1811 534 y Fc(V)1872 -519 y Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)2150 534 y Fc(D)2247 -519 y Fs(s)2295 483 y Fi(0)2318 519 y Fu(,)g Ft(h)p Fs(S)12 -b Fu(,)32 b Fs(s)2591 483 y Fi(0)2614 519 y Ft(i)h(!)f -Fs(s)2866 483 y Fi(00)p 1406 582 1787 4 v 1406 687 a -Ft(h)o Fr(begin)i Fs(D)1816 702 y Fc(V)1910 687 y Fs(S)44 -b Fr(end)p Fu(,)33 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)2522 -650 y Fi(00)2564 687 y Fu([D)m(V\()p Fs(D)2857 702 y -Fc(V)2918 687 y Fu(\))p Ft(7\000)-16 b(!)p Fs(s)8 b Fu(])p -3753 736 4 318 v 283 739 3473 4 v 873 900 a(T)-8 b(able)32 -b(2.3:)43 b(Natural)31 b(seman)m(tics)i(for)f(statemen)m(ts)i(of)e -Fw(Blo)s(c)m(k)p 283 976 V 283 1508 4 533 v 720 1162 -a Fu([v)-5 b(ar)880 1177 y Fn(ns)951 1162 y Fu(])1382 -1076 y Ft(h)p Fs(D)1504 1091 y Fc(V)1565 1076 y Fu(,)32 -b Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 b([)q Fs(a)7 -b Fu(])-17 b(])q Fs(s)8 b Fu(])p Ft(i)32 b(!)2314 1091 -y Fc(D)2410 1076 y Fs(s)2458 1040 y Fi(0)p 1353 1139 -1158 4 v 1353 1244 a Ft(h)p Fr(var)h Fs(x)45 b Fu(:=)32 -b Fs(a)7 b Fu(;)33 b Fs(D)2003 1259 y Fc(V)2064 1244 -y Fu(,)g Fs(s)8 b Ft(i)32 b(!)2343 1259 y Fc(D)2439 1244 -y Fs(s)2487 1208 y Fi(0)720 1447 y Fu([none)947 1462 -y Fn(ns)1019 1447 y Fu(])297 b Ft(h)p Fo(")p Fu(,)32 -b Fs(s)8 b Ft(i)33 b(!)1706 1462 y Fc(D)1803 1447 y Fs(s)p -3753 1508 4 533 v 283 1511 3473 4 v 874 1672 a Fu(T)-8 -b(able)32 b(2.4:)43 b(Natural)32 b(seman)m(tics)h(for)f(v)-5 -b(ariable)30 b(declarations)527 1961 y(\()p Fs(s)613 -1925 y Fi(0)637 1961 y Fu([)p Fs(X)16 b Ft(7\000)-16 -b(!)o Fs(s)8 b Fu(]\))33 b Fs(x)44 b Fu(=)1256 1815 y -Fg(\()1364 1900 y Fs(s)d(x)118 b Fu(if)31 b Fs(x)45 b -Ft(2)33 b Fs(X)1364 2020 y(s)1412 1984 y Fi(0)1468 2020 -y Fs(x)95 b Fu(if)31 b Fs(x)45 b Ft(62)33 b Fs(X)283 -2180 y Fu(This)c(op)s(eration)d(will)g(ensure)j(that)f(lo)s(cal)d(v)-5 -b(ariables)27 b(are)h(restored)h(to)e(their)h(previous)g(v)-5 -b(alues)283 2301 y(when)34 b(the)f(blo)s(c)m(k)g(is)f(left.)283 -2475 y Fw(Exercise)37 b(2.37)49 b Fu(Use)35 b(the)f(natural)g(seman)m -(tics)g(of)g(T)-8 b(able)34 b(2.3)f(to)h(sho)m(w)h(that)f(execution)h -(of)283 2595 y(the)e(statemen)m(t)527 2758 y Fr(begin)h(var)g(y)e -Fu(:=)h Fr(1)p Fu(;)816 2926 y(\()p Fr(x)g Fu(:=)f Fr(1)p -Fu(;)816 3093 y Fr(begin)i(var)f(x)g Fu(:=)g Fr(2)p Fu(;)f -Fr(y)h Fu(:=)g Fr(x)p Fu(+)p Fr(1)g(end)p Fu(;)816 3261 -y Fr(x)g Fu(:=)f Fr(y)p Fu(+)p Fr(x)p Fu(\))527 3429 -y Fr(end)283 3592 y Fu(will)f(lead)h(to)g(a)g(state)h(where)h -Fr(x)f Fu(has)g(the)g(v)-5 b(alue)32 b Fw(4)p Fu(.)1525 -b Fh(2)430 3766 y Fu(It)32 b(is)f(somewhat)h(harder)g(to)f(sp)s(ecify)i -(a)e Fs(structur)-5 b(al)35 b(op)-5 b(er)g(ational)33 -b(semantics)39 b Fu(for)31 b(the)i(ex-)283 3886 y(tended)c(language.)41 -b(One)28 b(approac)m(h)g(is)f(to)g(replace)h(states)g(with)g(a)f -(structure)i(that)e(is)g(similar)283 4007 y(to)34 b(the)g(run-time)f -(stac)m(ks)i(used)h(in)d(the)h(implemen)m(tation)d(of)i(blo)s(c)m(k)h -(structured)h(languages.)283 4127 y(Another)43 b(is)f(to)g(extend)h -(the)g(statemen)m(ts)g(with)f(fragmen)m(ts)g(of)f(the)i(state.)73 -b(Ho)m(w)m(ev)m(er,)47 b(w)m(e)283 4247 y(shall)32 b(not)g(go)g -(further)h(in)m(to)f(this.)283 4529 y Fp(Pro)t(cedures)283 -4714 y Fu(W)-8 b(e)27 b(shall)f(no)m(w)h(extend)h(the)f(language)e -Fw(Blo)s(c)m(k)h Fu(with)g(pro)s(cedure)h(declarations.)41 -b(The)27 b(syn)m(tax)283 4834 y(of)33 b(the)g(language)e -Fw(Pro)s(c)h Fu(is:)577 4989 y Fs(S)189 b Fu(::=)99 b -Fs(x)45 b Fu(:=)32 b Fs(a)40 b Ft(j)32 b Fr(skip)i Ft(j)e -Fs(S)1790 5004 y Fn(1)1862 4989 y Fu(;)g Fs(S)1988 5004 -y Fn(2)2060 4989 y Ft(j)g Fr(if)h Fs(b)39 b Fr(then)33 -b Fs(S)2643 5004 y Fn(1)2715 4989 y Fr(else)h Fs(S)3020 -5004 y Fn(2)872 5156 y Ft(j)150 b Fr(while)34 b Fs(b)39 -b Fr(do)33 b Fs(S)44 b Ft(j)32 b Fr(begin)i Fs(D)2089 -5171 y Fc(V)2183 5156 y Fs(D)2266 5171 y Fc(P)2357 5156 -y Fs(S)44 b Fr(end)33 b Ft(j)g Fr(call)g Fs(p)577 5324 -y(D)660 5339 y Fc(V)821 5324 y Fu(::=)99 b Fr(var)34 -b Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(;)32 b Fs(D)1661 5339 -y Fc(V)1755 5324 y Ft(j)g Fo(")577 5492 y Fs(D)660 5507 -y Fc(P)821 5492 y Fu(::=)99 b Fr(proc)34 b Fs(p)k Fr(is)33 -b Fs(S)12 b Fu(;)33 b Fs(D)1721 5507 y Fc(P)1812 5492 -y Ft(j)f Fo(")p eop -%%Page: 53 63 -53 62 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures) -1998 b(53)p 0 193 3473 4 v 0 515 a Fu(Here)27 b Fs(p)33 -b Fu(is)26 b(a)g(meta-v)-5 b(ariable)24 b(ranging)i(o)m(v)m(er)h(the)g -(syn)m(tactic)h(category)f Fw(Pname)f Fu(of)g(pro)s(cedure)0 -636 y(names;)31 b(in)e(the)h(concrete)h(syn)m(tax)h(there)e(need)h(not) -f(b)s(e)g(an)m(y)g(di\013erence)h(b)s(et)m(w)m(een)g(pro)s(cedure)0 -756 y(names)37 b(and)g(v)-5 b(ariable)36 b(names)h(but)g(in)g(the)g -(abstract)h(syn)m(tax)g(it)e(is)h(con)m(v)m(enien)m(t)i(to)e(b)s(e)g -(able)0 877 y(to)c(distinguish)f(b)s(et)m(w)m(een)j(the)f(t)m(w)m(o.)46 -b(F)-8 b(urthermore,)33 b Fs(D)2061 892 y Fc(P)2152 877 -y Fu(is)g(a)g(meta-v)-5 b(ariable)30 b(ranging)i(o)m(v)m(er)0 -997 y(the)h(syn)m(tactic)g(category)g Fw(Dec)1160 1012 -y Fn(P)1245 997 y Fu(of)f Fs(pr)-5 b(o)g(c)g(e)g(dur)g(e)34 -b(de)-5 b(clar)g(ations)p Fu(.)146 1117 y(W)d(e)40 b(shall)d(giv)m(e)i -(three)h(di\013eren)m(t)f(seman)m(tics)g(of)f(this)h(language.)61 -b(They)40 b(di\013er)f(in)f(their)0 1238 y(c)m(hoice)33 -b(of)f(scop)s(e)h(rules)g(for)f(v)-5 b(ariables)31 b(and)i(pro)s -(cedures:)145 1436 y Ft(\017)49 b Fu(dynamic)32 b(scop)s(e)h(for)f(v)-5 -b(ariables)31 b(as)i(w)m(ell)f(as)h(pro)s(cedures,)145 -1637 y Ft(\017)49 b Fu(dynamic)32 b(scop)s(e)h(for)f(v)-5 -b(ariables)31 b(but)i(static)f(scop)s(e)i(for)e(pro)s(cedures,)i(and) -145 1839 y Ft(\017)49 b Fu(static)32 b(scop)s(e)h(for)f(v)-5 -b(ariables)32 b(as)g(w)m(ell)g(as)h(pro)s(cedures.)0 -2037 y(T)-8 b(o)33 b(illustrate)d(the)j(di\013erence)g(consider)g(the)g -(statemen)m(t)244 2235 y Fr(begin)h(var)f(x)g Fu(:=)f -Fr(0)p Fu(;)533 2403 y Fr(proc)h(p)g(is)g(x)g Fu(:=)f -Fr(x)h Fo(?)f Fr(2)p Fu(;)533 2570 y Fr(proc)h(q)g(is)g(call)h(p)p -Fu(;)533 2738 y Fr(begin)g(var)f(x)g Fu(:=)f Fr(5)p Fu(;)822 -2905 y Fr(proc)h(p)g(is)g(x)g Fu(:=)f Fr(x)h Fu(+)f(1;)822 -3073 y Fr(call)h(q)p Fu(;)g Fr(y)g Fu(:=)f Fr(x)533 3241 -y(end)244 3408 y(end)0 3606 y Fu(If)39 b Fs(dynamic)i(sc)-5 -b(op)g(e)46 b Fu(is)39 b(used)h(for)f(v)-5 b(ariables)38 -b(as)i(w)m(ell)f(as)g(pro)s(cedures)i(then)f(the)g(\014nal)f(v)-5 -b(alue)0 3727 y(of)42 b Fr(y)h Fu(is)f Fw(6)p Fu(.)74 -b(The)44 b(reason)f(is)f(that)h Fr(call)g(q)g Fu(will)e(call)g(the)i -Fs(lo)-5 b(c)g(al)52 b Fu(pro)s(cedure)44 b Fr(p)e Fu(whic)m(h)i(will)0 -3847 y(up)s(date)31 b(the)g Fs(lo)-5 b(c)g(al)40 b Fu(v)-5 -b(ariable)29 b Fr(x)p Fu(.)43 b(If)30 b(w)m(e)i(use)f(dynamic)f(scop)s -(e)i(for)e(v)-5 b(ariables)29 b(but)i Fs(static)i(sc)-5 -b(op)g(e)0 3967 y Fu(for)35 b(pro)s(cedures)i(then)f -Fr(y)g Fu(gets)g(the)g(v)-5 b(alue)35 b Fw(10)p Fu(.)52 -b(The)37 b(reason)f(is)f(that)g(no)m(w)i Fr(call)f(q)g -Fu(will)d(call)0 4088 y(the)38 b Fs(glob)-5 b(al)47 b -Fu(pro)s(cedure)39 b Fr(p)f Fu(and)g(it)f(will)e(up)s(date)j(the)g -Fs(lo)-5 b(c)g(al)47 b Fu(v)-5 b(ariable)36 b Fr(x)p -Fu(.)60 b(Finally)-8 b(,)36 b(if)h(w)m(e)h(use)0 4208 -y(static)28 b(scop)s(e)h(for)e(v)-5 b(ariables)27 b(as)h(w)m(ell)f(as)i -(pro)s(cedures)g(then)g Fr(y)f Fu(gets)h(the)f(v)-5 b(alue)28 -b Fw(5)p Fu(.)42 b(The)29 b(reason)0 4329 y(is)39 b(that)g -Fr(call)h(q)g Fu(no)m(w)g(will)d(call)g(the)j Fs(glob)-5 -b(al)49 b Fu(pro)s(cedure)40 b Fr(p)f Fu(whic)m(h)h(will)d(up)s(date)j -(the)f Fs(glob)-5 b(al)0 4449 y Fu(v)g(ariable)31 b Fr(x)i -Fu(so)f(the)h(lo)s(cal)e(v)-5 b(ariable)31 b Fr(x)h Fu(is)g(unc)m -(hanged.)0 4708 y Fw(Dynamic)37 b(scop)s(e)g(rules)g(for)h(v)-6 -b(ariables)37 b(and)h(pro)s(cedures)0 4893 y Fu(The)44 -b(general)f(idea)f(is)h(that)g(to)g(execute)i(the)e(statemen)m(t)h -Fr(call)g Fs(p)49 b Fu(w)m(e)44 b(shall)e(execute)j(the)0 -5013 y(b)s(o)s(dy)34 b(of)f(the)i(pro)s(cedure.)48 b(This)34 -b(means)g(that)g(w)m(e)g(ha)m(v)m(e)i(to)d(k)m(eep)j(trac)m(k)e(of)g -(the)g(asso)s(ciation)0 5133 y(of)k(pro)s(cedure)i(names)f(with)g(pro)s -(cedure)h(b)s(o)s(dies.)62 b(T)-8 b(o)39 b(facilitate)d(this)j(w)m(e)h -(shall)d(in)m(tro)s(duce)0 5254 y(the)42 b(notion)f(of)g(a)h -Fs(pr)-5 b(o)g(c)g(e)g(dur)g(e)42 b(envir)-5 b(onment)p -Fu(.)70 b(Giv)m(en)42 b(a)f(pro)s(cedure)i(name)e(the)h(pro)s(cedure)0 -5374 y(en)m(vironmen)m(t)25 b Fs(env)709 5389 y Fc(P)792 -5374 y Fu(will)d(return)k(the)f(statemen)m(t)g(that)g(is)f(its)g(b)s(o) -s(dy)-8 b(.)41 b(So)25 b Fs(env)2844 5389 y Fc(P)2927 -5374 y Fu(is)f(an)h(elemen)m(t)0 5494 y(of)p eop -%%Page: 54 64 -54 63 bop 251 130 a Fw(54)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 3862 -4 3443 v 654 528 a Fu([ass)806 543 y Fn(ns)878 528 y -Fu(])372 b Fs(env)1433 543 y Fc(P)1523 528 y Ft(`)33 -b(h)o Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(,)33 b Fs(s)8 -b Ft(i)32 b(!)g Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)p Fu([)-17 -b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])654 743 y([skip)852 -758 y Fn(ns)923 743 y Fu(])327 b Fs(env)1433 758 y Fc(P)1523 -743 y Ft(`)33 b(h)o Fr(skip)p Fu(,)h Fs(s)8 b Ft(i)32 -b(!)g Fs(s)654 1035 y Fu([comp)909 1050 y Fn(ns)980 1035 -y Fu(])1287 948 y Fs(env)1443 963 y Fc(P)1533 948 y Ft(`)h(h)o -Fs(S)1732 963 y Fn(1)1772 948 y Fu(,)f Fs(s)8 b Ft(i)33 -b(!)f Fs(s)2131 912 y Fi(0)2154 948 y Fu(,)h Fs(env)2370 -963 y Fc(P)2460 948 y Ft(`)f(h)p Fs(S)2659 963 y Fn(2)2698 -948 y Fu(,)h Fs(s)2806 912 y Fi(0)2829 948 y Ft(i)g(!)f -Fs(s)3081 912 y Fi(00)p 1287 1012 1837 4 v 1695 1116 -a Fs(env)1851 1131 y Fc(P)1942 1116 y Ft(`)g(h)p Fs(S)2141 -1131 y Fn(1)2180 1116 y Fu(;)p Fs(S)2274 1131 y Fn(2)2313 -1116 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)2672 1080 y -Fi(00)654 1397 y Fu([if)739 1361 y Fn(tt)739 1422 y(ns)809 -1397 y Fu(])1703 1310 y Fs(env)1859 1325 y Fc(P)1949 -1310 y Ft(`)h(h)p Fs(S)2149 1325 y Fn(1)2188 1310 y Fu(,)f -Fs(s)8 b Ft(i)33 b(!)f Fs(s)2547 1274 y Fi(0)p 1287 1374 -1700 4 v 1287 1478 a Fs(env)1443 1493 y Fc(P)1533 1478 -y Ft(`)h(h)o Fr(if)g Fs(b)39 b Fr(then)33 b Fs(S)2188 -1493 y Fn(1)2260 1478 y Fr(else)h Fs(S)2565 1493 y Fn(2)2604 -1478 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)g Fs(s)2963 1442 y -Fi(0)1513 1635 y Fu(if)f Ft(B)t Fu([)-17 b([)p Fs(b)6 -b Fu(])-17 b(])q Fs(s)41 b Fu(=)32 b Fw(tt)654 1927 y -Fu([if)739 1890 y Fn(\013)739 1951 y(ns)809 1927 y Fu(])1703 -1840 y Fs(env)1859 1855 y Fc(P)1949 1840 y Ft(`)h(h)p -Fs(S)2149 1855 y Fn(2)2188 1840 y Fu(,)f Fs(s)8 b Ft(i)33 -b(!)f Fs(s)2547 1804 y Fi(0)p 1287 1903 V 1287 2008 a -Fs(env)1443 2023 y Fc(P)1533 2008 y Ft(`)h(h)o Fr(if)g -Fs(b)39 b Fr(then)33 b Fs(S)2188 2023 y Fn(1)2260 2008 -y Fr(else)h Fs(S)2565 2023 y Fn(2)2604 2008 y Fu(,)f -Fs(s)8 b Ft(i)32 b(!)g Fs(s)2963 1972 y Fi(0)1513 2165 -y Fu(if)f Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q -Fs(s)41 b Fu(=)32 b Fw(\013)654 2456 y Fu([while)904 -2420 y Fn(tt)904 2481 y(ns)974 2456 y Fu(])1287 2370 -y Fs(env)1443 2385 y Fc(P)1533 2370 y Ft(`)h(h)o Fs(S)12 -b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)2091 2334 y Fi(0)2115 -2370 y Fu(,)g Fs(env)2330 2385 y Fc(P)2421 2370 y Ft(`)g(h)p -Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)3235 -2334 y Fi(0)3258 2370 y Ft(i)f(!)g Fs(s)3509 2334 y Fi(00)p -1287 2433 2266 4 v 1742 2538 a Fs(env)1898 2553 y Fc(P)1989 -2538 y Ft(`)g(h)p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 -b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)3054 2502 y Fi(00)1513 -2694 y Fu(if)f Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 -b(])q Fs(s)41 b Fu(=)32 b Fw(tt)654 2909 y Fu([while)904 -2873 y Fn(\013)904 2934 y(ns)974 2909 y Fu(])276 b Fs(env)1433 -2924 y Fc(P)1523 2909 y Ft(`)33 b(h)o Fr(while)h Fs(b)39 -b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)h -Fs(s)1513 3077 y Fu(if)e Ft(B)t Fu([)-17 b([)p Fs(b)6 -b Fu(])-17 b(])q Fs(s)41 b Fu(=)32 b Fw(\013)654 3368 -y Fu([blo)s(c)m(k)906 3383 y Fn(ns)977 3368 y Fu(])1410 -3282 y Ft(h)p Fs(D)1532 3297 y Fc(V)1593 3282 y Fu(,)g -Fs(s)8 b Ft(i)33 b(!)1871 3297 y Fc(D)1968 3282 y Fs(s)2016 -3246 y Fi(0)2039 3282 y Fu(,)g(up)s(d)2264 3297 y Fn(P)2316 -3282 y Fu(\()p Fs(D)2437 3297 y Fc(P)2496 3282 y Fu(,)g -Fs(env)2712 3297 y Fc(P)2769 3282 y Fu(\))g Ft(`)f(h)p -Fs(S)12 b Fu(,)32 b Fs(s)3146 3246 y Fi(0)3170 3282 y -Ft(i)g(!)g Fs(s)3421 3246 y Fi(00)p 1287 3345 2301 4 -v 1287 3450 a Fs(env)1443 3465 y Fc(P)1533 3450 y Ft(`)h(h)o -Fr(begin)h Fs(D)2037 3465 y Fc(V)2131 3450 y Fs(D)2214 -3465 y Fc(P)2305 3450 y Fs(S)44 b Fr(end)p Fu(,)34 b -Fs(s)8 b Ft(i)32 b(!)g Fs(s)2917 3414 y Fi(00)2960 3450 -y Fu([D)m(V\()p Fs(D)3253 3465 y Fc(V)3313 3450 y Fu(\))p -Ft(7\000)-16 b(!)p Fs(s)8 b Fu(])654 3731 y([call)829 -3694 y Fn(rec)829 3755 y(ns)922 3731 y Fu(])1400 3644 -y Fs(env)1556 3659 y Fc(P)1646 3644 y Ft(`)33 b(h)p Fs(S)12 -b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)h Fs(s)2205 3608 y Fi(0)p -1287 3707 1055 4 v 1287 3812 a Fs(env)1443 3827 y Fc(P)1533 -3812 y Ft(`)g(h)o Fr(call)h Fs(p)6 b Fu(,)32 b Fs(s)8 -b Ft(i)33 b(!)f Fs(s)2318 3776 y Fi(0)2449 3731 y Fu(where)i -Fs(env)2887 3746 y Fc(P)2977 3731 y Fs(p)k Fu(=)33 b -Fs(S)p 3753 3862 4 3443 v 283 3865 3473 4 v 640 4026 -a Fu(T)-8 b(able)32 b(2.5:)44 b(Natural)31 b(seman)m(tics)i(for)f -Fw(Pro)s(c)g Fu(with)g(dynamic)g(scop)s(e)h(rules)527 -4322 y Fw(En)m(v)719 4337 y Fn(P)804 4322 y Fu(=)f Fw(Pname)h -Fo(,)-17 b Ft(!)32 b Fw(Stm)430 4552 y Fu(The)45 b(next)g(step)g(will)c -(b)s(e)k(to)e(extend)j(the)e(natural)f(seman)m(tics)h(to)g(tak)m(e)h -(the)f(en)m(viron-)283 4672 y(men)m(t)35 b(in)m(to)f(accoun)m(t.)50 -b(W)-8 b(e)35 b(shall)e(extend)j(the)f(transition)e(system)j(for)e -(statemen)m(ts)h(to)g(ha)m(v)m(e)283 4793 y(transitions)d(of)g(the)h -(form)527 5023 y Fs(env)683 5038 y Fc(P)774 5023 y Ft(`)f(h)p -Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1332 -4987 y Fi(0)283 5254 y Fu(The)e(presence)g(of)e(the)h(en)m(vironmen)m -(t)f(means)h(that)f(w)m(e)h(can)g(alw)m(a)m(ys)g(access)h(it)d(and)h -(therefore)283 5374 y(get)36 b(hold)g(of)f(the)i(b)s(o)s(dies)e(of)h -(declared)g(pro)s(cedures.)55 b(The)37 b(result)f(of)f(mo)s(difying)f -(T)-8 b(able)35 b(2.1)283 5494 y(to)e(incorp)s(orate)e(this)h(extra)h -(information)d(is)i(sho)m(wn)i(in)e(T)-8 b(able)32 b(2.5.)p -eop -%%Page: 55 65 -55 64 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures) -1998 b(55)p 0 193 3473 4 v 146 515 a Fu(Concerning)39 -b(the)f(rule)g(for)g Fr(begin)h Fs(D)1573 530 y Fc(V)1672 -515 y Fs(D)1755 530 y Fc(P)1852 515 y Fs(S)50 b Fr(end)39 -b Fu(the)f(idea)g(is)f(that)h(w)m(e)i(up)s(date)e(the)0 -636 y(pro)s(cedure)44 b(en)m(vironmen)m(t)f(so)f(that)h(the)g(pro)s -(cedures)h(declared)f(in)f Fs(D)2666 651 y Fc(P)2767 -636 y Fu(will)e(b)s(e)j(a)m(v)-5 b(ailable)0 756 y(when)41 -b(executing)f Fs(S)12 b Fu(.)39 b(Giv)m(en)h(a)f(global)e(en)m -(vironmen)m(t)j Fs(env)2234 771 y Fc(P)2331 756 y Fu(and)g(a)f -(declaration)f Fs(D)3210 771 y Fc(P)3269 756 y Fu(,)j(the)0 -877 y(up)s(dated)33 b(pro)s(cedure)h(en)m(vironmen)m(t,)f(up)s(d)1588 -892 y Fn(P)1640 877 y Fu(\()p Fs(D)1761 892 y Fc(P)1820 -877 y Fu(,)f Fs(env)2035 892 y Fc(P)2093 877 y Fu(\),)h(is)f(sp)s -(eci\014ed)h(b)m(y:)244 1072 y(up)s(d)409 1087 y Fn(P)461 -1072 y Fu(\()p Fr(proc)h Fs(p)k Fr(is)33 b Fs(S)12 b -Fu(;)33 b Fs(D)1170 1087 y Fc(P)1228 1072 y Fu(,)g Fs(env)1444 -1087 y Fc(P)1502 1072 y Fu(\))f(=)h(up)s(d)1846 1087 -y Fn(P)1898 1072 y Fu(\()p Fs(D)2019 1087 y Fc(P)2078 -1072 y Fu(,)f Fs(env)2293 1087 y Fc(P)2351 1072 y Fu([)p -Fs(p)6 b Ft(7!)p Fs(S)12 b Fu(]\))244 1240 y(up)s(d)409 -1255 y Fn(P)461 1240 y Fu(\()p Fo(")p Fu(,)33 b Fs(env)761 -1255 y Fc(P)818 1240 y Fu(\))g(=)f Fs(env)1153 1255 y -Fc(P)146 1436 y Fu(As)j(the)f(v)-5 b(ariable)32 b(declarations)g(do)i -(not)g(need)g(to)g(access)h(the)f(pro)s(cedure)h(en)m(vironmen)m(t)0 -1556 y(it)c(is)h(not)g(necessary)j(to)d(extend)i(the)f(transition)e -(system)i(for)f(declarations)f(with)h(the)h(extra)0 1677 -y(comp)s(onen)m(t.)44 b(So)32 b(for)g(v)-5 b(ariable)31 -b(declarations)g(w)m(e)j(still)c(ha)m(v)m(e)k(transitions)d(of)i(the)g -(form)244 1873 y Ft(h)p Fs(D)9 b Fu(,)32 b Fs(s)8 b Ft(i)33 -b(!)644 1888 y Fc(D)741 1873 y Fs(s)789 1837 y Fi(0)0 -2069 y Fu(The)h(relation)c(is)i(de\014ned)i(as)f(for)f(the)h(language)f -Fw(Blo)s(c)m(k)p Fu(,)f(that)h(is)g(b)m(y)i(T)-8 b(able)32 -b(2.4.)146 2189 y(W)-8 b(e)25 b(can)g(no)m(w)g(complete)e(the)i(sp)s -(eci\014cation)f(of)g(the)h(seman)m(tics)f(of)g(blo)s(c)m(ks)h(and)f -(pro)s(cedure)0 2309 y(calls.)42 b(Note)31 b(that)g(in)g(the)h(rule)f -([blo)s(c)m(k)1425 2324 y Fn(ns)1496 2309 y Fu(])g(of)g(T)-8 -b(able)31 b(2.5)g(w)m(e)h(use)g(the)g(up)s(dated)g(en)m(vironmen)m(t)0 -2430 y(when)47 b(executing)f(the)g(b)s(o)s(dy)f(of)g(the)h(blo)s(c)m -(k.)82 b(In)46 b(the)g(rule)f([call)2495 2394 y Fn(rec)2495 -2454 y(ns)2588 2430 y Fu(])g(for)g(pro)s(cedure)i(calls)0 -2550 y(w)m(e)g(mak)m(e)f(use)i(of)d(the)i(information)c(pro)m(vided)j -(b)m(y)h(the)g(en)m(vironmen)m(t.)85 b(It)46 b(follo)m(ws)f(that)0 -2671 y(pro)s(cedures)34 b(will)c Fs(always)40 b Fu(b)s(e)33 -b(recursiv)m(e.)0 2889 y Fw(Exercise)j(2.38)49 b Fu(Consider)33 -b(the)g(follo)m(wing)d(statemen)m(t)j(of)f Fw(Pro)s(c)p -Fu(:)244 3085 y Fr(begin)i(proc)f(fac)h(is)f(begin)h(var)f(z)g -Fu(:=)f Fr(x)p Fu(;)1381 3252 y Fr(if)h(x)f Fu(=)h Fr(1)g(then)g(skip) -1381 3420 y(else)g Fu(\()p Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p -Fr(1)p Fu(;)i Fr(call)g(fac)p Fu(;)f Fr(y)g Fu(:=)f Fr(z)p -Fo(?)p Fr(y)p Fu(\))1092 3588 y Fr(end)p Fu(;)533 3755 -y(\()p Fr(y)g Fu(:=)h Fr(1)p Fu(;)g Fr(call)g(fac)p Fu(\))244 -3923 y Fr(end)0 4119 y Fu(Construct)26 b(a)f(deriv)-5 -b(ation)23 b(tree)j(for)e(the)i(execution)f(of)g(this)g(statemen)m(t)g -(from)f(a)h(state)g Fs(s)33 b Fu(where)0 4239 y Fs(s)41 -b Fr(x)32 b Fu(=)h Fw(3)p Fu(.)3042 b Fh(2)0 4458 y Fw(Exercise)36 -b(2.39)49 b Fu(Use)34 b(the)f(seman)m(tics)g(to)f(v)m(erify)h(that)f -(the)h(statemen)m(t)244 4653 y Fr(begin)h(var)f(x)g Fu(:=)f -Fr(0)p Fu(;)533 4821 y Fr(proc)h(p)g(is)g(x)g Fu(:=)f -Fr(x)h Fo(?)f Fr(2)p Fu(;)533 4989 y Fr(proc)h(q)g(is)g(call)h(p)p -Fu(;)533 5156 y Fr(begin)g(var)f(x)g Fu(:=)f Fr(5)p Fu(;)822 -5324 y Fr(proc)h(p)g(is)g(x)g Fu(:=)f Fr(x)h Fu(+)f(1;)822 -5492 y Fr(call)h(q)p Fu(;)g Fr(y)g Fu(:=)f Fr(x)p eop -%%Page: 56 66 -56 65 bop 251 130 a Fw(56)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 1434 -4 1015 v 955 605 a Fu([call)1130 620 y Fn(ns)1200 605 -y Fu(])1701 519 y Fs(env)1857 483 y Fi(0)1857 543 y Fc(P)1948 -519 y Ft(`)32 b(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 -b(!)f Fs(s)2506 483 y Fi(0)p 1588 582 1055 4 v 1588 687 -a Fs(env)1744 702 y Fc(P)1834 687 y Ft(`)h(h)p Fr(call)g -Fs(p)6 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)2619 650 -y Fi(0)1814 843 y Fu(where)i Fs(env)2252 858 y Fc(P)2343 -843 y Fs(p)k Fu(=)32 b(\()p Fs(S)12 b Fu(,)33 b Fs(env)2860 -807 y Fi(0)2860 868 y Fc(P)2918 843 y Fu(\))955 1135 -y([call)1130 1099 y Fn(rec)1130 1159 y(ns)1223 1135 y -Fu(])1588 1048 y Fs(env)1744 1012 y Fi(0)1744 1073 y -Fc(P)1802 1048 y Fu([)p Fs(p)6 b Ft(7!)p Fu(\()p Fs(S)12 -b Fu(,)32 b Fs(env)2305 1012 y Fi(0)2305 1073 y Fc(P)2363 -1048 y Fu(\)])g Ft(`)h(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 -b Ft(i)32 b(!)g Fs(s)3018 1012 y Fi(0)p 1588 1112 1454 -4 v 1788 1216 a Fs(env)1944 1231 y Fc(P)2034 1216 y Ft(`)g(h)p -Fr(call)i Fs(p)6 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)2819 -1180 y Fi(0)1814 1373 y Fu(where)i Fs(env)2252 1388 y -Fc(P)2343 1373 y Fs(p)k Fu(=)32 b(\()p Fs(S)12 b Fu(,)33 -b Fs(env)2860 1337 y Fi(0)2860 1397 y Fc(P)2918 1373 -y Fu(\))p 3753 1434 4 1015 v 283 1437 3473 4 v 572 1603 -a(T)-8 b(able)32 b(2.6:)43 b(Pro)s(cedure)34 b(calls)d(in)h(case)i(of)e -(mixed)g(scop)s(e)h(rules)g(\(c)m(ho)s(ose)g(one\))816 -1894 y Fr(end)527 2061 y(end)283 2264 y Fu(considered)h(earlier)d(do)s -(es)i(indeed)g(assign)f(the)h(exp)s(ected)i(v)-5 b(alue)32 -b(to)g Fr(y)p Fu(.)781 b Fh(2)283 2524 y Fw(Static)37 -b(scop)s(e)h(rules)f(for)g(pro)s(cedures)283 2709 y Fu(W)-8 -b(e)36 b(shall)d(no)m(w)j(mo)s(dify)d(the)i(seman)m(tics)g(of)f -Fw(Pro)s(c)h Fu(to)f(sp)s(ecify)h(static)g(scop)s(e)g(rules)g(for)f -(pro-)283 2829 y(cedures.)46 b(The)33 b(\014rst)g(step)h(will)c(b)s(e)j -(to)f(extend)i(the)f(pro)s(cedure)g(en)m(vironmen)m(t)g -Fs(env)3367 2844 y Fc(P)3457 2829 y Fu(so)g(that)283 -2949 y(pro)s(cedure)g(names)f(are)f(asso)s(ciated)h(with)f(their)g(b)s -(o)s(dy)g(as)h(w)m(ell)f(as)h(the)g(pro)s(cedure)g(en)m(viron-)283 -3070 y(men)m(t)h(at)f(the)h(p)s(oin)m(t)f(of)g(declaration.)42 -b(T)-8 b(o)33 b(this)f(end)h(w)m(e)h(de\014ne)527 3273 -y Fw(En)m(v)719 3288 y Fn(P)804 3273 y Fu(=)e Fw(Pname)h -Fo(,)-17 b Ft(!)32 b Fw(Stm)g Ft(\002)h Fw(En)m(v)1959 -3288 y Fn(P)283 3476 y Fu(This)j(de\014nition)e(ma)m(y)h(seem)g -(problematic)e(b)s(ecause)k Fw(En)m(v)2495 3491 y Fn(P)2582 -3476 y Fu(is)d(de\014ned)j(in)d(terms)h(of)g(itself.)283 -3596 y(Ho)m(w)m(ev)m(er,)41 b(this)c(is)g(not)h(really)e(a)h(problem)f -(b)s(ecause)j(a)e(concrete)h(pro)s(cedure)h(en)m(vironmen)m(t)283 -3717 y(alw)m(a)m(ys)31 b(will)d(b)s(e)i(built)f(from)f(smaller)g(en)m -(vironmen)m(ts)j(starting)e(with)h(the)g(empt)m(y)h(pro)s(cedure)283 -3837 y(en)m(vironmen)m(t.)65 b(The)41 b(function)e(up)s(d)1665 -3852 y Fn(P)1757 3837 y Fu(up)s(dating)f(the)i(pro)s(cedure)h(en)m -(vironmen)m(t)e(can)h(then)283 3958 y(b)s(e)33 b(rede\014ned)i(as:)527 -4161 y(up)s(d)692 4176 y Fn(P)745 4161 y Fu(\()p Fr(proc)e -Fs(p)39 b Fr(is)33 b Fs(S)12 b Fu(;)32 b Fs(D)1453 4176 -y Fc(P)1512 4161 y Fu(,)h Fs(env)1728 4176 y Fc(P)1785 -4161 y Fu(\))g(=)f(up)s(d)2129 4176 y Fn(P)2182 4161 -y Fu(\()p Fs(D)2303 4176 y Fc(P)2361 4161 y Fu(,)h Fs(env)2577 -4176 y Fc(P)2635 4161 y Fu([)p Fs(p)6 b Ft(7!)o Fu(\()p -Fs(S)12 b Fu(,)33 b Fs(env)3138 4176 y Fc(P)3196 4161 -y Fu(\)]\))527 4328 y(up)s(d)692 4343 y Fn(P)745 4328 -y Fu(\()p Fo(")o Fu(,)g Fs(env)1044 4343 y Fc(P)1102 -4328 y Fu(\))f(=)h Fs(env)1437 4343 y Fc(P)430 4531 y -Fu(The)28 b(seman)m(tics)f(of)g(v)-5 b(ariable)25 b(declarations)h(are) -i(una\013ected)g(and)f(so)h(is)e(the)i(seman)m(tics)f(of)283 -4652 y(most)f(of)f(the)h(statemen)m(ts.)42 b(Compared)26 -b(with)g(T)-8 b(able)25 b(2.5)g(w)m(e)i(shall)e(only)g(need)i(to)e(mo)s -(dify)f(the)283 4772 y(rules)36 b(for)g(pro)s(cedure)g(calls.)52 -b(In)36 b(the)h(case)f(where)h(the)g(pro)s(cedures)g(of)e -Fw(Pro)s(c)g Fu(are)h(assumed)283 4893 y(to)42 b(b)s(e)h -Fs(non-r)-5 b(e)g(cursive)48 b Fu(w)m(e)c(simply)d(consult)h(the)g(pro) -s(cedure)i(en)m(vironmen)m(t)e(to)g(determine)283 5013 -y(the)35 b(b)s(o)s(dy)f(of)g(the)g(pro)s(cedure)h(and)f(the)h(en)m -(vironmen)m(t)f(at)g(the)g(p)s(oin)m(t)g(of)f(declaration.)47 -b(This)283 5133 y(is)35 b(expressed)j(b)m(y)e(the)g(rule)e([call)1505 -5148 y Fn(ns)1575 5133 y Fu(])h(of)g(T)-8 b(able)35 b(2.6.)51 -b(In)35 b(the)h(case)g(where)g(the)g(pro)s(cedures)g(of)283 -5254 y Fw(Pro)s(c)25 b Fu(are)h(assumed)g(to)f(b)s(e)h -Fs(r)-5 b(e)g(cursive)32 b Fu(w)m(e)27 b(ha)m(v)m(e)g(to)e(mak)m(e)g -(sure)i(that)e(o)s(ccurrences)i(of)e Fr(call)34 b Fs(p)283 -5374 y Fu(inside)j(the)h(b)s(o)s(dy)f(of)g Fs(p)43 b -Fu(refer)37 b(to)g(the)h(pro)s(cedure)g(itself.)56 b(W)-8 -b(e)37 b(shall)f(therefore)i(up)s(date)f(the)283 5494 -y(pro)s(cedure)c(en)m(vironmen)m(t)g(to)e(con)m(tain)h(that)g -(information.)40 b(This)32 b(is)f(expressed)k(b)m(y)e(the)f(rule)p -eop -%%Page: 57 67 -57 66 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures) -1998 b(57)p 0 193 3473 4 v 0 515 a Fu([call)175 479 y -Fn(rec)175 540 y(ns)268 515 y Fu(])28 b(of)f(T)-8 b(able)27 -b(2.6.)42 b(The)28 b(remaining)d(axioms)i(and)h(rules)f(are)h(as)g(in)f -(T)-8 b(ables)28 b(2.5)f(\(without)0 636 y([call)175 -600 y Fn(rec)175 660 y(ns)268 636 y Fu(]\))32 b(and)h(2.4.)43 -b(\(Clearly)32 b(a)g(c)m(hoice)h(should)f(b)s(e)h(made)f(b)s(et)m(w)m -(een)j([call)2752 651 y Fn(ns)2822 636 y Fu(])d(or)g([call)3175 -600 y Fn(rec)3175 660 y(ns)3268 636 y Fu(].\))0 880 y -Fw(Exercise)k(2.40)49 b Fu(Construct)36 b(a)d(statemen)m(t)i(that)f -(illustrates)e(the)j(di\013erence)g(b)s(et)m(w)m(een)h(the)0 -1000 y(t)m(w)m(o)26 b(rules)g(for)f(pro)s(cedure)h(call)e(giv)m(en)i -(in)f(T)-8 b(able)25 b(2.6.)41 b(V)-8 b(alidate)23 b(y)m(our)k(claim)c -(b)m(y)j(constructing)0 1121 y(deriv)-5 b(ation)31 b(trees)j(for)e(the) -h(executions)g(of)f(the)h(statemen)m(t)g(from)f(a)g(suitable)g(state.) -274 b Fh(2)0 1363 y Fw(Exercise)36 b(2.41)49 b Fu(Use)43 -b(the)f(seman)m(tics)g(to)g(v)m(erify)g(that)f(the)h(statemen)m(t)h(of) -e(Exercise)i(2.39)0 1483 y(assigns)33 b(the)g(exp)s(ected)h(v)-5 -b(alue)32 b(to)g Fr(y)p Fu(.)2048 b Fh(2)0 1755 y Fw(Static)36 -b(scop)s(e)i(rules)f(for)g(v)-6 b(ariables)0 1943 y Fu(W)e(e)34 -b(shall)e(no)m(w)i(mo)s(dify)e(the)i(seman)m(tics)f(of)h -Fw(Pro)s(c)e Fu(to)h(sp)s(ecify)h(static)f(scop)s(e)i(rules)e(for)g(v) --5 b(ari-)0 2064 y(ables)37 b(as)g(w)m(ell)f(as)h(pro)s(cedures.)57 -b(T)-8 b(o)37 b(ac)m(hiev)m(e)h(this)e(w)m(e)i(shall)e(replace)g(the)i -(states)f(with)g(t)m(w)m(o)0 2184 y(mappings:)h(a)23 -b Fs(variable)j(envir)-5 b(onment)32 b Fu(that)24 b(asso)s(ciates)g(a)f -Fs(lo)-5 b(c)g(ation)30 b Fu(with)24 b(eac)m(h)g(v)-5 -b(ariable)22 b(and)0 2305 y(a)35 b Fs(stor)-5 b(e)42 -b Fu(that)34 b(asso)s(ciates)h(a)g(v)-5 b(alue)34 b(with)h(eac)m(h)g -(lo)s(cation.)48 b(F)-8 b(ormally)g(,)33 b(w)m(e)j(de\014ne)g(a)e(v)-5 -b(ariable)0 2425 y(en)m(vironmen)m(t)33 b Fs(env)717 -2440 y Fc(V)810 2425 y Fu(as)f(an)h(elemen)m(t)f(of)244 -2638 y Fw(En)m(v)436 2653 y Fn(V)526 2638 y Fu(=)h Fw(V)-9 -b(ar)32 b Ft(!)g Fw(Lo)s(c)0 2851 y Fu(where)h Fw(Lo)s(c)f -Fu(is)f(a)g(set)i(of)e(lo)s(cations.)41 b(F)-8 b(or)31 -b(the)h(sak)m(e)h(of)e(simplicit)m(y)e(w)m(e)k(shall)d(tak)m(e)j -Fw(Lo)s(c)e Fu(=)h Fw(Z)p Fu(.)0 2972 y(A)h(store)g Fs(sto)38 -b Fu(is)32 b(an)h(elemen)m(t)f(of)244 3185 y Fw(Store)g -Fu(=)h Fw(Lo)s(c)f Ft([)h(f)g Fu(next)g Ft(g)f(!)h Fw(Z)0 -3398 y Fu(where)i(`next')g(is)e(a)h(sp)s(ecial)f(tok)m(en)h(used)h(to)f -(hold)f(the)h(next)h(free)f(lo)s(cation.)45 b(W)-8 b(e)34 -b(shall)e(need)0 3519 y(a)g(function)244 3732 y(new:)44 -b Fw(Lo)s(c)33 b Ft(!)f Fw(Lo)s(c)0 3945 y Fu(that)37 -b(giv)m(en)h(a)g(lo)s(cation)d(will)g(pro)s(duce)k(the)f(next)g(one.)59 -b(In)38 b(our)g(case)g(where)h Fw(Lo)s(c)f Fu(is)f Fw(Z)h -Fu(w)m(e)0 4065 y(tak)m(e)33 b(`new')h(to)e(b)s(e)h(the)g(successor)i -(function)d(on)h(the)g(in)m(tegers.)146 4188 y(So)44 -b(rather)f(than)h(ha)m(ving)f(a)g(single)f(mapping)g -Fs(s)52 b Fu(from)42 b(v)-5 b(ariables)42 b(to)h(v)-5 -b(alues)44 b(w)m(e)g(ha)m(v)m(e)0 4308 y(split)33 b(it)g(in)m(to)h(t)m -(w)m(o)h(mappings)e Fs(env)1301 4323 y Fc(V)1395 4308 -y Fu(and)i Fs(sto)40 b Fu(and)35 b(the)f(idea)g(is)g(that)g -Fs(s)42 b Fu(=)34 b Fs(sto)41 b Ft(\016)34 b Fs(env)3226 -4323 y Fc(V)3286 4308 y Fu(.)48 b(T)-8 b(o)0 4428 y(determine)32 -b(the)h(v)-5 b(alue)32 b(of)g(a)h(v)-5 b(ariable)30 b -Fs(x)45 b Fu(w)m(e)33 b(shall)f(\014rst)145 4642 y Ft(\017)49 -b Fu(determine)32 b(the)h(lo)s(cation)d Fs(l)43 b Fu(=)32 -b Fs(env)1570 4657 y Fc(V)1663 4642 y Fs(x)44 b Fu(asso)s(ciated)33 -b(with)f Fs(x)44 b Fu(and)33 b(then)145 4855 y Ft(\017)49 -b Fu(determine)32 b(the)h(v)-5 b(alue)32 b Fs(sto)39 -b(l)k Fu(asso)s(ciated)32 b(with)g(the)h(lo)s(cation)d -Fs(l)10 b Fu(.)0 5068 y(Similarly)-8 b(,)29 b(to)j(assign)g(a)g(v)-5 -b(alue)32 b Fs(v)43 b Fu(to)33 b(a)f(v)-5 b(ariable)31 -b Fs(x)44 b Fu(w)m(e)34 b(shall)d(\014rst)145 5281 y -Ft(\017)49 b Fu(determine)32 b(the)h(lo)s(cation)d Fs(l)43 -b Fu(=)32 b Fs(env)1570 5296 y Fc(V)1663 5281 y Fs(x)44 -b Fu(asso)s(ciated)33 b(with)f Fs(x)44 b Fu(and)33 b(then)145 -5494 y Ft(\017)49 b Fu(up)s(date)33 b(the)g(store)g(to)f(ha)m(v)m(e)i -Fs(sto)39 b(l)j Fu(=)33 b Fs(v)11 b Fu(.)p eop -%%Page: 58 68 -58 67 bop 251 130 a Fw(58)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 1119 -4 700 v 562 605 a Fu([v)-5 b(ar)722 620 y Fn(ns)793 605 -y Fu(])1195 519 y Ft(h)p Fs(D)1317 534 y Fc(V)1378 519 -y Fu(,)32 b Fs(env)1593 534 y Fc(V)1653 519 y Fu([)p -Fs(x)12 b Ft(7!)p Fs(l)e Fu(],)33 b Fs(sto)6 b Fu([)p -Fs(l)k Ft(7!)p Fs(v)h Fu(][next)p Ft(7!)p Fu(new)34 b -Fs(l)10 b Fu(])p Ft(i)33 b(!)3079 534 y Fc(D)3176 519 -y Fu(\()p Fs(env)3370 483 y Fi(0)3370 543 y Fc(V)3430 -519 y Fu(,)f Fs(sto)3617 483 y Fi(0)3641 519 y Fu(\))p -1195 582 2484 4 v 1465 687 a Ft(h)o Fr(var)i Fs(x)44 -b Fu(:=)32 b Fs(a)7 b Fu(;)33 b Fs(D)2114 702 y Fc(V)2175 -687 y Fu(,)g Fs(env)2391 702 y Fc(V)2451 687 y Fu(,)g -Fs(sto)6 b Ft(i)32 b(!)2810 702 y Fc(D)2906 687 y Fu(\()p -Fs(env)3100 650 y Fi(0)3100 711 y Fc(V)3160 687 y Fu(,)h -Fs(sto)3348 650 y Fi(0)3371 687 y Fu(\))1454 843 y(where)h -Fs(v)43 b Fu(=)32 b Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 -b(])q(\()p Fs(sto)6 b Ft(\016)p Fs(env)2516 858 y Fc(V)2576 -843 y Fu(\))33 b(and)f Fs(l)43 b Fu(=)32 b Fs(sto)39 -b Fu(next)562 1058 y([none)789 1073 y Fn(ns)861 1058 -y Fu(])297 b Ft(h)p Fo(")p Fu(,)32 b Fs(env)1485 1073 -y Fc(V)1545 1058 y Fu(,)h Fs(sto)6 b Ft(i)32 b(!)1904 -1073 y Fc(D)2000 1058 y Fu(\()p Fs(env)2194 1073 y Fc(V)2254 -1058 y Fu(,)h Fs(sto)6 b Fu(\))p 3753 1119 4 700 v 283 -1122 3473 4 v 542 1283 a(T)-8 b(able)32 b(2.7:)43 b(Natural)31 -b(seman)m(tics)i(for)f(v)-5 b(ariable)31 b(declarations)g(using)i(lo)s -(cations)430 1570 y(The)44 b(initial)39 b(v)-5 b(ariable)41 -b(en)m(vironmen)m(t)j(could)e(for)g(example)h(map)f(all)f(v)-5 -b(ariables)42 b(to)g(the)283 1690 y(lo)s(cation)35 b -Fw(0)i Fu(and)h(the)f(initial)d(store)j(could)g(for)f(example)h(map)f -(`next')j(to)d Fw(1)p Fu(.)58 b(The)38 b(v)-5 b(ariable)283 -1810 y(en)m(vironmen)m(t)23 b(\(and)g(the)g(store\))g(is)f(up)s(dated)h -(b)m(y)g(the)g(v)-5 b(ariable)21 b(declarations.)39 b(The)23 -b(transition)283 1931 y(system)34 b(for)e(v)-5 b(ariable)31 -b(declarations)g(is)h(therefore)i(mo)s(di\014ed)d(to)h(ha)m(v)m(e)i -(the)f(form)527 2139 y Ft(h)p Fs(D)649 2154 y Fc(V)710 -2139 y Fu(,)g Fs(env)926 2154 y Fc(V)986 2139 y Fu(,)f -Fs(sto)6 b Ft(i)33 b(!)1344 2154 y Fc(D)1441 2139 y Fu(\()p -Fs(env)1635 2102 y Fi(0)1635 2163 y Fc(V)1695 2139 y -Fu(,)g Fs(sto)1883 2102 y Fi(0)1906 2139 y Fu(\))283 -2346 y(b)s(ecause)g(a)d(v)-5 b(ariable)30 b(declaration)f(will)g(mo)s -(dify)g(the)i(v)-5 b(ariable)30 b(en)m(vironmen)m(t)h(as)g(w)m(ell)f -(as)h(the)283 2467 y(store.)42 b(The)25 b(relation)e(is)h(de\014ned)i -(in)e(T)-8 b(able)24 b(2.7.)40 b(Note)25 b(that)g(w)m(e)g(use)h(`)p -Fs(sto)k Fu(next')c(to)e(determine)283 2587 y(the)33 -b(lo)s(cation)d Fs(l)43 b Fu(to)32 b(b)s(e)g(asso)s(ciated)g(with)g -Fs(x)44 b Fu(in)32 b(the)h(v)-5 b(ariable)30 b(en)m(vironmen)m(t.)44 -b(Also)32 b(the)g(store)283 2708 y(is)j(up)s(dated)h(to)f(hold)g(the)g -(correct)h(v)-5 b(alue)35 b(for)g Fs(l)45 b Fu(as)36 -b(w)m(ell)f(as)g(`next'.)53 b(Finally)33 b(note)i(that)g(the)283 -2828 y(declared)e(v)-5 b(ariables)32 b(will)e(get)i(p)s(ositiv)m(e)g -(lo)s(cations.)430 2949 y(T)-8 b(o)37 b(obtain)g(static)g(scoping)h -(for)f(v)-5 b(ariables)36 b(w)m(e)j(shall)d(extend)j(the)f(pro)s -(cedure)h(en)m(viron-)283 3070 y(men)m(t)28 b(to)f(hold)g(the)h(v)-5 -b(ariable)26 b(en)m(vironmen)m(t)i(at)g(the)g(p)s(oin)m(t)f(of)g -(declaration.)40 b(Therefore)29 b Fs(env)3698 3085 y -Fc(P)283 3190 y Fu(will)i(no)m(w)i(b)s(e)g(an)f(elemen)m(t)h(of)527 -3398 y Fw(En)m(v)719 3413 y Fn(P)804 3398 y Fu(=)f Fw(Pname)h -Fo(,)-17 b Ft(!)32 b Fw(Stm)g Ft(\002)h Fw(En)m(v)1959 -3413 y Fn(V)2049 3398 y Ft(\002)g Fw(En)m(v)2351 3413 -y Fn(P)283 3606 y Fu(The)41 b(pro)s(cedure)g(en)m(vironmen)m(t)f(is)g -(up)s(dated)g(b)m(y)h(the)f(pro)s(cedure)h(declarations)e(as)h(b)s -(efore,)283 3726 y(the)d(only)e(di\013erence)i(b)s(eing)e(that)h(the)g -(curren)m(t)h(v)-5 b(ariable)34 b(en)m(vironmen)m(t)j(is)e(supplied)h -(as)g(an)283 3846 y(additional)30 b(parameter.)43 b(The)34 -b(function)e(up)s(d)1996 3861 y Fn(P)2081 3846 y Fu(is)g(no)m(w)h -(de\014ned)h(b)m(y:)527 4054 y(up)s(d)692 4069 y Fn(P)745 -4054 y Fu(\()p Fr(proc)f Fs(p)39 b Fr(is)33 b Fs(S)12 -b Fu(;)32 b Fs(D)1453 4069 y Fc(P)1512 4054 y Fu(,)h -Fs(env)1728 4069 y Fc(V)1788 4054 y Fu(,)f Fs(env)2003 -4069 y Fc(P)2061 4054 y Fu(\))h(=)764 4222 y(up)s(d)929 -4237 y Fn(P)981 4222 y Fu(\()p Fs(D)1102 4237 y Fc(P)1161 -4222 y Fu(,)f Fs(env)1376 4237 y Fc(V)1436 4222 y Fu(,)h -Fs(env)1652 4237 y Fc(P)1710 4222 y Fu([)p Fs(p)6 b Ft(7!)o -Fu(\()p Fs(S)12 b Fu(,)33 b Fs(env)2213 4237 y Fc(V)2273 -4222 y Fu(,)g Fs(env)2489 4237 y Fc(P)2546 4222 y Fu(\)]\))527 -4389 y(up)s(d)692 4404 y Fn(P)745 4389 y Fu(\()p Fo(")o -Fu(,)g Fs(env)1044 4404 y Fc(V)1104 4389 y Fu(,)g Fs(env)1320 -4404 y Fc(P)1378 4389 y Fu(\))f(=)g Fs(env)1712 4404 -y Fc(P)430 4597 y Fu(Finally)-8 b(,)30 b(the)j(transition)e(system)i -(for)f(statemen)m(ts)i(will)c(ha)m(v)m(e)k(the)f(form:)527 -4805 y Fs(env)683 4820 y Fc(V)743 4805 y Fu(,)g Fs(env)959 -4820 y Fc(P)1049 4805 y Ft(`)g(h)p Fs(S)12 b Fu(,)32 -b Fs(sto)6 b Ft(i)32 b(!)h Fs(sto)1768 4769 y Fi(0)283 -5013 y Fu(so)26 b(giv)m(en)g(a)g(v)-5 b(ariable)24 b(en)m(vironmen)m(t) -i(and)g(a)g(pro)s(cedure)g(en)m(vironmen)m(t)h(w)m(e)f(get)g(a)g -(relationship)283 5133 y(b)s(et)m(w)m(een)37 b(an)d(initial)c(store)k -(and)h(a)e(\014nal)h(store.)48 b(The)35 b(mo)s(di\014cation)d(of)h(T)-8 -b(ables)34 b(2.5)g(and)g(2.6)283 5254 y(is)h(rather)f(straigh)m(tforw)m -(ard)g(and)h(is)f(giv)m(en)h(in)f(T)-8 b(able)34 b(2.8.)50 -b(Note)34 b(that)h(in)f(the)h(new)g(rule)f(for)283 5374 -y(blo)s(c)m(ks)d(there)g(is)f(no)g(analogue)g(of)g Fs(s)1615 -5338 y Fi(00)1657 5374 y Fu([D)m(V\()p Fs(D)1950 5389 -y Fc(V)2011 5374 y Fu(\))p Ft(7\000)-16 b(!)o Fs(s)8 -b Fu(])31 b(as)g(the)f(v)-5 b(alues)31 b(of)f(v)-5 b(ariables)29 -b(only)h(can)283 5494 y(b)s(e)j(obtained)f(b)m(y)i(accessing)f(the)g -(en)m(vironmen)m(t.)p eop -%%Page: 59 69 -59 68 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures) -1998 b(59)p 0 193 3473 4 v 0 510 V 0 5220 4 4710 v 193 -620 a Fu([ass)345 635 y Fn(ns)417 620 y Fu(])254 b Fs(env)854 -635 y Fc(V)914 620 y Fu(,)32 b Fs(env)1129 635 y Fc(P)1220 -620 y Ft(`)g(h)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33 -b Fs(sto)6 b Ft(i)32 b(!)g Fs(sto)6 b Fu([)p Fs(l)k Ft(7!)p -Fs(v)h Fu(])934 787 y(where)34 b Fs(l)43 b Fu(=)32 b -Fs(env)1548 802 y Fc(V)1641 787 y Fs(x)44 b Fu(and)33 -b Fs(v)43 b Fu(=)32 b Ft(A)p Fu([)-17 b([)p Fs(a)7 b -Fu(])-17 b(])q(\()p Fs(sto)6 b Ft(\016)p Fs(env)2700 -802 y Fc(V)2760 787 y Fu(\))193 1002 y([skip)391 1017 -y Fn(ns)462 1002 y Fu(])209 b Fs(env)854 1017 y Fc(V)914 -1002 y Fu(,)32 b Fs(env)1129 1017 y Fc(P)1220 1002 y -Ft(`)g(h)p Fr(skip)p Fu(,)i Fs(sto)6 b Ft(i)32 b(!)g -Fs(sto)193 1294 y Fu([comp)448 1309 y Fn(ns)519 1294 -y Fu(])708 1207 y Fs(env)864 1222 y Fc(V)924 1207 y Fu(,)g -Fs(env)1139 1222 y Fc(P)1230 1207 y Ft(`)g(h)p Fs(S)1429 -1222 y Fn(1)1468 1207 y Fu(,)h Fs(sto)6 b Ft(i)32 b(!)g -Fs(sto)1987 1171 y Fi(0)2011 1207 y Fu(,)65 b Fs(env)2259 -1222 y Fc(V)2319 1207 y Fu(,)33 b Fs(env)2535 1222 y -Fc(P)2625 1207 y Ft(`)f(h)p Fs(S)2824 1222 y Fn(2)2864 -1207 y Fu(,)g Fs(sto)3051 1171 y Fi(0)3075 1207 y Ft(i)g(!)g -Fs(sto)3406 1171 y Fi(00)p 708 1270 2741 4 v 1350 1375 -a Fs(env)1506 1390 y Fc(V)1566 1375 y Fu(,)h Fs(env)1782 -1390 y Fc(P)1872 1375 y Ft(`)g(h)p Fs(S)2072 1390 y Fn(1)2111 -1375 y Fu(;)p Fs(S)2205 1390 y Fn(2)2244 1375 y Fu(,)g -Fs(sto)6 b Ft(i)32 b(!)g Fs(sto)2763 1339 y Fi(00)193 -1656 y Fu([if)278 1620 y Fn(tt)278 1680 y(ns)348 1656 -y Fu(])1124 1569 y Fs(env)1280 1584 y Fc(V)1340 1569 -y Fu(,)h Fs(env)1556 1584 y Fc(P)1646 1569 y Ft(`)f(h)p -Fs(S)1845 1584 y Fn(1)1884 1569 y Fu(,)h Fs(sto)6 b Ft(i)32 -b(!)h Fs(sto)2404 1533 y Fi(0)p 708 1633 2136 4 v 708 -1737 a Fs(env)864 1752 y Fc(V)924 1737 y Fu(,)f Fs(env)1139 -1752 y Fc(P)1230 1737 y Ft(`)g(h)p Fr(if)h Fs(b)38 b -Fr(then)c Fs(S)1885 1752 y Fn(1)1957 1737 y Fr(else)f -Fs(S)2261 1752 y Fn(2)2301 1737 y Fu(,)f Fs(sto)6 b Ft(i)33 -b(!)f Fs(sto)2820 1701 y Fi(0)934 1894 y Fu(if)f Ft(B)t -Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(\()p Fs(sto)6 -b Ft(\016)p Fs(env)1590 1909 y Fc(V)1650 1894 y Fu(\))32 -b(=)h Fw(tt)193 2185 y Fu([if)278 2149 y Fn(\013)278 -2210 y(ns)348 2185 y Fu(])1124 2099 y Fs(env)1280 2114 -y Fc(V)1340 2099 y Fu(,)g Fs(env)1556 2114 y Fc(P)1646 -2099 y Ft(`)f(h)p Fs(S)1845 2114 y Fn(2)1884 2099 y Fu(,)h -Fs(sto)6 b Ft(i)32 b(!)h Fs(sto)2404 2063 y Fi(0)p 708 -2162 V 708 2267 a Fs(env)864 2282 y Fc(V)924 2267 y Fu(,)f -Fs(env)1139 2282 y Fc(P)1230 2267 y Ft(`)g(h)p Fr(if)h -Fs(b)38 b Fr(then)c Fs(S)1885 2282 y Fn(1)1957 2267 y -Fr(else)f Fs(S)2261 2282 y Fn(2)2301 2267 y Fu(,)f Fs(sto)6 -b Ft(i)33 b(!)f Fs(sto)2820 2231 y Fi(0)934 2423 y Fu(if)f -Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(\()p Fs(sto)6 -b Ft(\016)p Fs(env)1590 2438 y Fc(V)1650 2423 y Fu(\))32 -b(=)h Fw(\013)193 2832 y Fu([while)443 2796 y Fn(tt)443 -2857 y(ns)513 2832 y Fu(])969 2637 y Fs(env)1125 2652 -y Fc(V)1185 2637 y Fu(,)g Fs(env)1401 2652 y Fc(P)1491 -2637 y Ft(`)g(h)o Fs(S)12 b Fu(,)33 b Fs(sto)6 b Ft(i)32 -b(!)g Fs(sto)2209 2601 y Fi(0)2233 2637 y Fu(,)708 2746 -y Fs(env)864 2761 y Fc(V)924 2746 y Fu(,)g Fs(env)1139 -2761 y Fc(P)1230 2746 y Ft(`)g(h)p Fr(while)i Fs(b)k -Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(sto)2124 2710 y Fi(0)2147 -2746 y Ft(i)f(!)h Fs(sto)2479 2710 y Fi(00)p 708 2809 -1814 4 v 719 2914 a Fs(env)875 2929 y Fc(V)935 2914 y -Fu(,)g Fs(env)1151 2929 y Fc(P)1241 2914 y Ft(`)g(h)p -Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(sto)6 -b Ft(i)33 b(!)f Fs(sto)2467 2878 y Fi(00)934 3070 y Fu(if)f -Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(\()p Fs(sto)6 -b Ft(\016)p Fs(env)1590 3085 y Fc(V)1650 3070 y Fu(\))32 -b(=)h Fw(tt)193 3285 y Fu([while)443 3249 y Fn(\013)443 -3310 y(ns)513 3285 y Fu(])158 b Fs(env)854 3300 y Fc(V)914 -3285 y Fu(,)32 b Fs(env)1129 3300 y Fc(P)1220 3285 y -Ft(`)g(h)p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 -b Fs(sto)6 b Ft(i)32 b(!)g Fs(sto)934 3453 y Fu(if)f -Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(\()p Fs(sto)6 -b Ft(\016)p Fs(env)1590 3468 y Fc(V)1650 3453 y Fu(\))32 -b(=)h Fw(\013)193 3862 y Fu([blo)s(c)m(k)445 3877 y Fn(ns)516 -3862 y Fu(])1040 3666 y Ft(h)p Fs(D)1162 3681 y Fc(V)1223 -3666 y Fu(,)f Fs(env)1438 3681 y Fc(V)1499 3666 y Fu(,)g -Fs(sto)6 b Ft(i)33 b(!)1857 3681 y Fc(D)1954 3666 y Fu(\()p -Fs(env)2148 3630 y Fi(0)2148 3691 y Fc(V)2208 3666 y -Fu(,)f Fs(sto)2395 3630 y Fi(0)2419 3666 y Fu(\),)1109 -3775 y Fs(env)1265 3739 y Fi(0)1265 3800 y Fc(V)1325 -3775 y Fu(,)h Fs(env)1541 3739 y Fi(0)1541 3800 y Fc(P)1631 -3775 y Ft(`)f(h)p Fs(S)12 b Fu(,)33 b Fs(sto)2018 3739 -y Fi(0)2041 3775 y Ft(i)f(!)h Fs(sto)2373 3739 y Fi(00)p -708 3838 2109 4 v 708 3943 a Fs(env)864 3958 y Fc(V)924 -3943 y Fu(,)f Fs(env)1139 3958 y Fc(P)1230 3943 y Ft(`)g(h)p -Fr(begin)i Fs(D)1734 3958 y Fc(V)1827 3943 y Fs(D)1910 -3958 y Fc(P)2001 3943 y Fs(S)45 b Fr(end)p Fu(,)33 b -Fs(sto)6 b Ft(i)33 b(!)f Fs(sto)2774 3907 y Fi(00)934 -4100 y Fu(where)i Fs(env)1372 4063 y Fi(0)1372 4124 y -Fc(P)1462 4100 y Fu(=)f(up)s(d)1736 4115 y Fn(P)1788 -4100 y Fu(\()p Fs(D)1909 4115 y Fc(P)1968 4100 y Fu(,)f -Fs(env)2183 4063 y Fi(0)2183 4124 y Fc(V)2243 4100 y -Fu(,)h Fs(env)2459 4115 y Fc(P)2517 4100 y Fu(\))193 -4391 y([call)368 4406 y Fn(ns)437 4391 y Fu(])821 4305 -y Fs(env)977 4269 y Fi(0)977 4330 y Fc(V)1037 4305 y -Fu(,)g Fs(env)1253 4269 y Fi(0)1253 4330 y Fc(P)1343 -4305 y Ft(`)g(h)o Fs(S)12 b Fu(,)33 b Fs(sto)6 b Ft(i)32 -b(!)g Fs(sto)2061 4269 y Fi(0)p 708 4368 1491 4 v 708 -4473 a Fs(env)864 4488 y Fc(V)924 4473 y Fu(,)g Fs(env)1139 -4488 y Fc(P)1230 4473 y Ft(`)g(h)p Fr(call)i Fs(p)6 b -Fu(,)32 b Fs(sto)6 b Ft(i)32 b(!)h Fs(sto)2175 4437 y -Fi(0)934 4629 y Fu(where)h Fs(env)1372 4644 y Fc(P)1462 -4629 y Fs(p)39 b Fu(=)32 b(\()p Fs(S)12 b Fu(,)32 b Fs(env)1979 -4593 y Fi(0)1979 4654 y Fc(V)2039 4629 y Fu(,)h Fs(env)2255 -4593 y Fi(0)2255 4654 y Fc(P)2313 4629 y Fu(\))193 4921 -y([call)368 4885 y Fn(rec)368 4946 y(ns)461 4921 y Fu(])708 -4835 y Fs(env)864 4798 y Fi(0)864 4859 y Fc(V)924 4835 -y Fu(,)f Fs(env)1139 4798 y Fi(0)1139 4859 y Fc(P)1197 -4835 y Fu([)p Fs(p)6 b Ft(7!)p Fu(\()p Fs(S)12 b Fu(,)32 -b Fs(env)1700 4798 y Fi(0)1700 4859 y Fc(V)1760 4835 -y Fu(,)h Fs(env)1976 4798 y Fi(0)1976 4859 y Fc(P)2034 -4835 y Fu(\)])f Ft(`)h(h)p Fs(S)12 b Fu(,)32 b Fs(sto)6 -b Ft(i)32 b(!)h Fs(sto)2850 4798 y Fi(0)p 708 4898 2166 -4 v 1045 5003 a Fs(env)1201 5018 y Fc(V)1261 5003 y Fu(,)g -Fs(env)1477 5018 y Fc(P)1567 5003 y Ft(`)g(h)o Fr(call)h -Fs(p)6 b Fu(,)33 b Fs(sto)6 b Ft(i)32 b(!)g Fs(sto)2512 -4966 y Fi(0)934 5159 y Fu(where)i Fs(env)1372 5174 y -Fc(P)1462 5159 y Fs(p)39 b Fu(=)32 b(\()p Fs(S)12 b Fu(,)32 -b Fs(env)1979 5123 y Fi(0)1979 5184 y Fc(V)2039 5159 -y Fu(,)h Fs(env)2255 5123 y Fi(0)2255 5184 y Fc(P)2313 -5159 y Fu(\))p 3469 5220 4 4710 v 0 5223 3473 4 v 420 -5384 a(T)-8 b(able)32 b(2.8:)44 b(Natural)31 b(seman)m(tics)i(for)f -Fw(Pro)s(c)g Fu(with)g(static)g(scop)s(e)h(rules)p eop -%%Page: 60 70 -60 69 bop 251 130 a Fw(60)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v 283 515 a(Exercise)g(2.42)49 -b Fu(Apply)23 b(the)h(natural)f(seman)m(tics)h(of)f(T)-8 -b(able)23 b(2.8)g(to)g(the)h(factorial)d(statemen)m(t)283 -636 y(of)33 b(Exercise)h(2.38)d(and)i(a)f(store)h(where)h(the)f(lo)s -(cation)d(for)i Fr(x)h Fu(has)g(the)g(v)-5 b(alue)32 -b Fw(3)p Fu(.)456 b Fh(2)283 830 y Fw(Exercise)37 b(2.43)49 -b Fu(V)-8 b(erify)24 b(that)h(the)g(seman)m(tics)g(applied)e(to)i(the)g -(statemen)m(t)g(of)f(Exercise)i(2.39)283 950 y(giv)m(es)33 -b(the)g(exp)s(ected)i(result.)2318 b Fh(2)283 1144 y -Fw(Exercise)37 b(2.44)49 b Fu(*)38 b(An)h(alternativ)m(e)g(seman)m -(tics)g(of)f(the)h(language)f Fw(While)f Fu(is)i(de\014ned)h(b)m(y)283 -1264 y(the)30 b(axioms)e(and)h(rules)g([ass)1341 1279 -y Fn(ns)1413 1264 y Fu(],)h([skip)1695 1279 y Fn(ns)1766 -1264 y Fu(],)g([comp)2105 1279 y Fn(ns)2176 1264 y Fu(],)g([if)2345 -1228 y Fn(tt)2345 1289 y(ns)2415 1264 y Fu(],)g([if)2584 -1228 y Fn(\013)2584 1289 y(ns)2654 1264 y Fu(],)g([while)2988 -1228 y Fn(tt)2988 1289 y(ns)3059 1264 y Fu(])f(and)g([while)3551 -1228 y Fn(\013)3551 1289 y(ns)3621 1264 y Fu(])g(of)283 -1384 y(T)-8 b(able)35 b(2.8.)50 b(F)-8 b(orm)m(ulate)33 -b(and)i(pro)m(v)m(e)i(the)e(equiv)-5 b(alence)35 b(b)s(et)m(w)m(een)i -(this)e(seman)m(tics)g(and)g(that)283 1505 y(of)e(T)-8 -b(able)32 b(2.1.)2866 b Fh(2)283 1699 y Fw(Exercise)37 -b(2.45)49 b Fu(Mo)s(dify)40 b(the)i(syn)m(tax)h(of)e(pro)s(cedure)h -(declarations)e(so)h(that)g(pro)s(cedures)283 1819 y(tak)m(e)34 -b(t)m(w)m(o)f Fs(c)-5 b(al)5 b(l-by-value)39 b Fu(parameters:)527 -1996 y Fs(D)610 2011 y Fc(P)702 1996 y Fu(::=)32 b Fr(proc)i -Fs(p)6 b Fu(\()p Fs(x)1253 2011 y Fn(1)1292 1996 y Fu(,)p -Fs(x)1376 2011 y Fn(2)1415 1996 y Fu(\))33 b Fr(is)g -Fs(S)12 b Fu(;)32 b Fs(D)1830 2011 y Fc(P)1921 1996 y -Ft(j)g Fo(")527 2164 y Fs(S)45 b Fu(::=)32 b Ft(\001)17 -b(\001)g(\001)31 b(j)h Fr(call)i Fs(p)6 b Fu(\()p Fs(a)1387 -2179 y Fn(1)1426 2164 y Fu(,)p Fs(a)1510 2179 y Fn(2)1550 -2164 y Fu(\))283 2342 y(Pro)s(cedure)34 b(en)m(vironmen)m(ts)g(will)c -(no)m(w)j(b)s(e)g(elemen)m(ts)g(of)527 2519 y Fw(En)m(v)719 -2534 y Fn(P)804 2519 y Fu(=)f Fw(Pname)h Fo(,)-17 b Ft(!)32 -b Fw(V)-9 b(ar)32 b Ft(\002)h Fw(V)-9 b(ar)32 b Ft(\002)h -Fw(Stm)f Ft(\002)h Fw(En)m(v)2595 2534 y Fn(V)2686 2519 -y Ft(\002)g Fw(En)m(v)2988 2534 y Fn(P)283 2697 y Fu(Mo)s(dify)g(the)h -(seman)m(tics)g(giv)m(en)g(ab)s(o)m(v)m(e)g(to)g(handle)f(this)g -(language.)46 b(In)33 b(particular,)g(pro)m(vide)283 -2817 y(new)42 b(rules)g(for)e(pro)s(cedure)i(calls:)59 -b(one)42 b(for)e(non-recursiv)m(e)j(pro)s(cedures)f(and)f(another)g -(for)283 2937 y(recursiv)m(e)c(pro)s(cedures.)52 b(Construct)37 -b(statemen)m(ts)f(that)f(illustrate)e(ho)m(w)i(the)h(new)g(rules)f(are) -283 3058 y(used.)3182 b Fh(2)283 3252 y Fw(Exercise)37 -b(2.46)49 b Fu(No)m(w)27 b(consider)g(the)h(language)e -Fw(Pro)s(c)g Fu(and)h(the)g(task)h(of)e(ac)m(hieving)g -Fs(mutual)283 3372 y(r)-5 b(e)g(cursion)p Fu(.)43 b(The)34 -b(pro)s(cedure)g(en)m(vironmen)m(t)e(is)h(no)m(w)g(de\014ned)h(to)e(b)s -(e)h(an)f(elemen)m(t)h(of)527 3549 y Fw(En)m(v)719 3564 -y Fn(P)804 3549 y Fu(=)f Fw(Pname)h Fo(,)-17 b Ft(!)32 -b Fw(Stm)g Ft(\002)h Fw(En)m(v)1959 3564 y Fn(V)2049 -3549 y Ft(\002)g Fw(En)m(v)2351 3564 y Fn(P)2436 3549 -y Ft(\002)g Fw(Dec)2733 3564 y Fn(P)283 3727 y Fu(The)49 -b(idea)e(is)h(that)g(if)e Fs(env)1321 3742 y Fc(P)1427 -3727 y Fs(p)54 b Fu(=)47 b(\()p Fs(S)12 b Fu(,)48 b Fs(env)1990 -3691 y Fi(0)1990 3752 y Fc(V)2050 3727 y Fu(,)k Fs(env)2285 -3691 y Fi(0)2285 3752 y Fc(P)2343 3727 y Fu(,)f Fo(D)2505 -3691 y Fc(?)2502 3752 y(P)2561 3727 y Fu(\))d(then)g -Fo(D)2968 3691 y Fc(?)2965 3752 y(P)3072 3727 y Fu(con)m(tains)g(all)d -(the)283 3847 y(pro)s(cedure)34 b(declarations)d(that)i(are)f(made)h -(in)e(the)i(same)g(blo)s(c)m(k)f(as)h Fs(p)6 b Fu(.)43 -b(De\014ne)33 b(up)s(d)3409 3811 y Fi(0)3409 3872 y Fc(P)3501 -3847 y Fu(b)m(y)527 4025 y(up)s(d)692 3989 y Fi(0)692 -4049 y Fc(P)751 4025 y Fu(\()p Fr(proc)h Fs(p)k Fr(is)33 -b Fs(S)12 b Fu(;)33 b Fs(D)1460 4040 y Fc(P)1518 4025 -y Fu(,)g Fs(env)1734 4040 y Fc(V)1794 4025 y Fu(,)g Fs(env)2010 -4040 y Fc(P)2068 4025 y Fu(,)f Fo(D)2211 3989 y Fc(?)2208 -4049 y(P)2267 4025 y Fu(\))g(=)796 4192 y(up)s(d)961 -4156 y Fi(0)961 4217 y Fc(P)1020 4192 y Fu(\()p Fs(D)1141 -4207 y Fc(P)1200 4192 y Fu(,)g Fs(env)1415 4207 y Fc(V)1475 -4192 y Fu(,)h Fs(env)1691 4207 y Fc(P)1749 4192 y Fu([)p -Fs(p)6 b Ft(7!)p Fu(\()p Fs(S)12 b Fu(,)32 b Fs(env)2252 -4207 y Fc(V)2312 4192 y Fu(,)h Fs(env)2528 4207 y Fc(P)2586 -4192 y Fu(,)p Fo(D)2697 4156 y Fc(?)2694 4217 y(P)2752 -4192 y Fu(\)],)g Fo(D)2961 4156 y Fc(?)2958 4217 y(P)3017 -4192 y Fu(\))527 4360 y(up)s(d)692 4324 y Fi(0)692 4385 -y Fc(P)751 4360 y Fu(\()p Fo(")p Fu(,)g Fs(env)1051 4375 -y Fc(V)1111 4360 y Fu(,)f Fs(env)1326 4375 y Fc(P)1384 -4360 y Fu(,)p Fo(D)1495 4324 y Fc(?)1492 4385 y(P)1551 -4360 y Fu(\))g(=)h Fs(env)1886 4375 y Fc(P)283 4538 y -Fu(Next)h(rede\014ne)g(up)s(d)1050 4553 y Fc(P)1141 4538 -y Fu(b)m(y)527 4715 y(up)s(d)692 4730 y Fc(P)751 4715 -y Fu(\()p Fs(D)872 4730 y Fc(P)931 4715 y Fu(,)f Fs(env)1147 -4730 y Fc(V)1207 4715 y Fu(,)f Fs(env)1422 4730 y Fc(P)1480 -4715 y Fu(\))h(=)f(up)s(d)1824 4679 y Fi(0)1824 4740 -y Fc(P)1883 4715 y Fu(\()p Fs(D)2004 4730 y Fc(P)2063 -4715 y Fu(,)g Fs(env)2278 4730 y Fc(V)2338 4715 y Fu(,)h -Fs(env)2554 4730 y Fc(P)2612 4715 y Fu(,)f Fs(D)2754 -4730 y Fc(P)2813 4715 y Fu(\))283 4893 y(Mo)s(dify)d(the)i(seman)m -(tics)e(of)g Fw(Pro)s(c)g Fu(so)h(as)g(to)f(obtain)g(m)m(utual)f -(recursion)i(among)e(pro)s(cedures)283 5013 y(de\014ned)33 -b(in)e(the)h(same)f(blo)s(c)m(k.)43 b(Illustrate)31 b(ho)m(w)h(the)g -(new)g(rules)f(are)h(used)h(on)e(an)g(in)m(teresting)283 -5133 y(statemen)m(t)j(of)e(y)m(our)h(c)m(hoice.)430 5254 -y(\(Hin)m(t:)39 b(Con)m(vince)26 b(y)m(ourself,)g(that)f([call)1899 -5218 y Fn(rec)1899 5278 y(ns)1992 5254 y Fu(])f(is)g(the)i(only)e(rule) -g(that)g(needs)j(to)d(b)s(e)h(c)m(hanged;)283 5374 y(then)36 -b(consider)g(whether)h(or)e(not)g(the)h(function)f(up)s(d)2287 -5389 y Fc(P)2381 5374 y Fu(migh)m(t)f(b)s(e)i(useful)f(in)g(the)g(new)i -(de\014-)283 5494 y(nition)31 b(of)h([call)851 5458 y -Fn(rec)851 5519 y(ns)944 5494 y Fu(].\))2645 b Fh(2)p -eop -%%Page: 61 71 -61 70 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures) -1998 b(61)p 0 193 3473 4 v 0 515 a(Exercise)36 b(2.47)49 -b Fu(W)-8 b(e)46 b(shall)e(consider)i(a)f(v)-5 b(arian)m(t)45 -b(of)g(the)h(seman)m(tics)f(where)i(w)m(e)g(use)f(the)0 -636 y(v)-5 b(ariable)45 b(en)m(vironmen)m(t)i(rather)f(than)h(the)g -(store)g(to)f(hold)g(the)h(next)g(free)g(lo)s(cation.)83 -b(So)0 756 y(assume)33 b(that)244 960 y Fw(En)m(v)436 -975 y Fn(V)526 960 y Fu(=)g Fw(V)-9 b(ar)32 b Ft([)h(f)f -Fu(next)h Ft(g)g(!)f Fw(Lo)s(c)0 1163 y Fu(and)244 1366 -y Fw(Store)g Fu(=)h Fw(Lo)s(c)f Ft(!)h Fw(Z)0 1570 y -Fu(As)j(b)s(efore)f(w)m(e)h(shall)d(write)i Fs(sto)41 -b Ft(\016)35 b Fs(env)1474 1585 y Fc(V)1569 1570 y Fu(for)f(the)i -(state)f(obtained)g(b)m(y)h(\014rst)f(using)g Fs(env)3291 -1585 y Fc(V)3386 1570 y Fu(to)0 1690 y(\014nd)29 b(the)f(lo)s(cation)e -(of)h(the)i(v)-5 b(ariable)26 b(and)i(then)h Fs(sto)34 -b Fu(to)27 b(\014nd)i(the)f(v)-5 b(alue)28 b(of)f(the)i(lo)s(cation.)39 -b(The)0 1811 y(clauses)33 b(of)f(T)-8 b(able)33 b(2.7)f(are)g(no)m(w)i -(replaced)e(b)m(y)254 1996 y Ft(h)p Fs(D)376 2011 y Fc(V)437 -1996 y Fu(,)g Fs(env)652 2011 y Fc(V)712 1996 y Fu([)p -Fs(x)12 b Ft(7!)p Fs(l)e Fu(][next)p Ft(7!)q Fu(new)33 -b Fs(l)10 b Fu(],)33 b Fs(sto)6 b Fu([)p Fs(l)k Ft(7!)p -Fs(v)h Fu(])p Ft(i)32 b(!)2138 2011 y Fc(D)2234 1996 -y Fu(\()p Fs(env)2428 1960 y Fi(0)2428 2021 y Fc(V)2488 -1996 y Fu(,)h Fs(sto)2676 1960 y Fi(0)2700 1996 y Fu(\))p -254 2059 2484 4 v 523 2164 a Ft(h)p Fr(var)g Fs(x)45 -b Fu(:=)32 b Fs(a)7 b Fu(;)33 b Fs(D)1173 2179 y Fc(V)1234 -2164 y Fu(,)g Fs(env)1450 2179 y Fc(V)1510 2164 y Fu(,)f -Fs(sto)6 b Ft(i)33 b(!)1868 2179 y Fc(D)1965 2164 y Fu(\()p -Fs(env)2159 2128 y Fi(0)2159 2189 y Fc(V)2219 2164 y -Fu(,)g Fs(sto)2407 2128 y Fi(0)2430 2164 y Fu(\))513 -2319 y(where)g Fs(v)43 b Fu(=)33 b Ft(A)o Fu([)-17 b([)q -Fs(a)7 b Fu(])-17 b(])q(\()p Fs(sto)6 b Ft(\016)p Fs(env)1575 -2334 y Fc(V)1635 2319 y Fu(\))32 b(and)h Fs(l)43 b Fu(=)32 -b Fs(env)2227 2334 y Fc(V)2320 2319 y Fu(next)244 2534 -y Ft(h)p Fo(")o Fu(,)h Fs(env)544 2549 y Fc(V)604 2534 -y Fu(,)g Fs(sto)6 b Ft(i)32 b(!)963 2549 y Fc(D)1059 -2534 y Fu(\()p Fs(env)1253 2549 y Fc(V)1313 2534 y Fu(,)h -Fs(sto)6 b Fu(\))0 2737 y(Construct)25 b(a)f(statemen)m(t)h(that)e -(computes)i(di\013eren)m(t)f(results)h(under)g(the)f(t)m(w)m(o)h(v)-5 -b(arian)m(ts)23 b(of)h(the)0 2858 y(seman)m(tics.)43 -b(V)-8 b(alidate)29 b(y)m(our)i(claim)d(b)m(y)j(constructing)f(deriv)-5 -b(ation)29 b(trees)j(for)d(the)i(executions)0 2978 y(of)h(the)h -(statemen)m(t)g(from)e(a)i(suitable)e(state.)1758 b Fh(2)p -eop -%%Page: 62 72 -62 71 bop 251 130 a Fw(62)2086 b(2)112 b(Op)s(erational)37 -b(Seman)m(tics)p 251 193 3473 4 v eop -%%Page: 63 73 -63 72 bop 0 1180 a Fv(Chapter)78 b(3)0 1596 y(Pro)-6 -b(v)-13 b(ably)76 b(Correct)i(Implemen)-6 b(tation)0 -2049 y Fu(A)31 b(formal)e(sp)s(eci\014cation)h(of)h(the)h(seman)m(tics) -f(of)g(a)f(programming)e(language)i(is)h(useful)g(when)0 -2169 y(implemen)m(ting)c(it.)42 b(In)31 b(particular,)e(it)g(b)s -(ecomes)i(p)s(ossible)f(to)f(argue)i(ab)s(out)f(the)g(correctness)0 -2290 y(of)38 b(the)i(implemen)m(tation.)59 b(W)-8 b(e)39 -b(shall)f(illustrate)e(this)j(b)m(y)h(sho)m(wing)f(ho)m(w)g(to)g -(translate)f(the)0 2410 y(language)29 b Fw(While)f Fu(in)m(to)h(a)h -(structured)h(form)e(of)g(assem)m(bler)h(co)s(de)h(for)e(an)h(abstract) -g(mac)m(hine)0 2530 y(and)c(w)m(e)h(shall)e(then)i(pro)m(v)m(e)g(that)f -(the)h(translation)d(is)i(correct.)42 b(The)27 b(idea)e(is)h(that)g(w)m -(e)h(\014rst)f(de-)0 2651 y(\014ne)h(the)g Fs(me)-5 b(aning)34 -b Fu(of)25 b(the)i(abstract)g(mac)m(hine)f(instructions)g(b)m(y)h(an)f -(op)s(erational)e(seman)m(tics.)0 2771 y(Then)33 b(w)m(e)g(de\014ne)f -Fs(tr)-5 b(anslation)34 b(functions)39 b Fu(that)32 b(will)d(map)i -(expressions)j(and)d(statemen)m(ts)i(in)0 2892 y(the)41 -b Fw(While)d Fu(language)i(in)m(to)f(sequences)44 b(of)c(suc)m(h)h -(instructions.)67 b(The)41 b(correctness)h(result)0 3012 -y(will)30 b(then)j(state)g(that)g(if)e(w)m(e)145 3218 -y Ft(\017)49 b Fu(translate)32 b(a)g(program)f(in)m(to)h(co)s(de,)h -(and)145 3424 y Ft(\017)49 b Fu(execute)34 b(the)f(co)s(de)g(on)g(the)g -(abstract)g(mac)m(hine,)0 3631 y(then)41 b(w)m(e)f(get)g(the)h(same)e -(result)h(as)g(w)m(as)h(sp)s(eci\014ed)g(b)m(y)g(the)f(seman)m(tic)g -(functions)f Ft(S)3204 3646 y Fn(ns)3315 3631 y Fu(and)0 -3751 y Ft(S)68 3766 y Fn(sos)195 3751 y Fu(of)33 b(the)g(previous)g(c)m -(hapter.)0 4087 y Fj(3.1)161 b(The)53 b(abstract)g(mac)l(hine)0 -4308 y Fu(When)33 b(sp)s(ecifying)f(the)g(abstract)h(mac)m(hine)f(it)f -(is)g(con)m(v)m(enien)m(t)j(\014rst)f(to)f(presen)m(t)i(its)d -(con\014gu-)0 4428 y(rations)h(and)g(next)i(its)e(instructions)g(and)h -(their)f(meanings.)146 4549 y(The)i(abstract)f(mac)m(hine)f -Fw(AM)g Fu(has)h(con\014gurations)f(of)h(the)g(form)e -Ft(h)p Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 b Fs(s)8 b -Ft(i)32 b Fu(where)145 4755 y Ft(\017)49 b Fs(c)38 b -Fu(is)32 b(the)h(sequence)i(of)d(instructions)h(\(or)f(co)s(de\))h(to)f -(b)s(e)h(executed,)145 4962 y Ft(\017)49 b Fs(e)40 b -Fu(is)32 b(the)h(ev)-5 b(aluation)31 b(stac)m(k,)i(and)145 -5168 y Ft(\017)49 b Fs(s)40 b Fu(is)33 b(the)g(storage.)0 -5374 y(W)-8 b(e)33 b(use)g(the)g Fs(evaluation)h(stack)43 -b Fu(to)32 b(ev)-5 b(aluate)32 b(arithmetic)e(and)j(b)s(o)s(olean)d -(expressions.)46 b(F)-8 b(or-)0 5494 y(mally)g(,)30 b(it)i(is)g(a)g -(list)f(of)h(v)-5 b(alues,)33 b(so)g(writing)1687 5849 -y(63)p eop -%%Page: 64 74 -64 73 bop 251 130 a Fw(64)1535 b(3)112 b(Pro)m(v)-6 b(ably)36 -b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 527 -515 a(Stac)m(k)c Fu(=)f(\()p Fw(Z)h Ft([)g Fw(T)p Fu(\))1288 -479 y Fc(?)283 703 y Fu(w)m(e)39 b(ha)m(v)m(e)g Fs(e)45 -b Ft(2)38 b Fw(Stac)m(k)p Fu(.)59 b(F)-8 b(or)37 b(the)h(sak)m(e)h(of)e -(simplicit)m(y)e(w)m(e)k(shall)d(assume)j(that)e(the)h -Fs(stor)-5 b(age)283 824 y Fu(is)44 b(similar)d(to)j(the)h(state,)i -(that)d(is)g Fs(s)53 b Ft(2)44 b Fw(State)p Fu(,)j(and)e(it)e(is)h -(used)h(to)f(hold)f(the)i(v)-5 b(alues)44 b(of)283 944 -y(v)-5 b(ariables.)430 1064 y(The)33 b Fs(instructions)41 -b Fu(of)32 b Fw(AM)g Fu(are)h(giv)m(en)g(b)m(y)g(the)g(abstract)g(syn)m -(tax)577 1244 y Fs(inst)109 b Fu(::=)100 b Fb(push)p -Fu(-)p Fs(n)39 b Ft(j)32 b Fb(add)h Ft(j)f Fb(mul)-7 -b(t)33 b Ft(j)g Fb(sub)894 1411 y Ft(j)151 b Fb(tr)n(ue)32 -b Ft(j)g Fb(f)-9 b(alse)32 b Ft(j)h Fb(eq)f Ft(j)g Fb(le)g -Ft(j)h Fb(and)f Ft(j)h Fb(neg)894 1579 y Ft(j)151 b Fb(fetch)p -Fu(-)p Fs(x)44 b Ft(j)32 b Fb(store)p Fu(-)p Fs(x)894 -1746 y Ft(j)151 b Fb(noop)33 b Ft(j)f Fb(branch)p Fu(\()p -Fs(c)6 b Fu(,)32 b Fs(c)6 b Fu(\))32 b Ft(j)g Fb(loop)p -Fu(\()p Fs(c)6 b Fu(,)33 b Fs(c)6 b Fu(\))577 1914 y -Fs(c)221 b Fu(::=)100 b Fo(")32 b Ft(j)g Fs(inst)9 b -Fu(:)p Fs(c)283 2095 y Fu(where)32 b Fo(")e Fu(is)h(the)g(empt)m(y)g -(sequence.)45 b(W)-8 b(e)31 b(shall)e(write)i Fw(Co)s(de)g -Fu(for)f(the)h(syn)m(tactic)g(category)g(of)283 2215 -y Fs(se)-5 b(quenc)g(es)40 b(of)f(instructions)p Fu(,)h(so)e -Fs(c)44 b Fu(is)38 b(a)g(meta-v)-5 b(ariable)35 b(ranging)i(o)m(v)m(er) -j Fw(Co)s(de)p Fu(.)61 b(Therefore)283 2336 y(w)m(e)34 -b(ha)m(v)m(e)527 2524 y Ft(h)p Fs(c)6 b Fu(,)32 b Fs(e)7 -b Fu(,)33 b Fs(s)8 b Ft(i)33 b(2)f Fw(Co)s(de)h Ft(\002)g -Fw(Stac)m(k)g Ft(\002)g Fw(State)283 2711 y Fu(A)h(con\014guration)f -(is)g(a)g Fs(terminal)43 b Fu(\(or)33 b(\014nal\))f(con\014guration)h -(if)f(its)h(co)s(de)h(comp)s(onen)m(t)f(is)g(the)283 -2832 y(empt)m(y)h(sequence,)h(that)d(is)g(if)g(it)f(has)i(the)g(form)f -Ft(h)o Fo(")p Fu(,)h Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)o -Fu(.)430 2952 y(The)33 b(seman)m(tics)f(of)f(the)h(instructions)g(of)f -(the)i(abstract)f(mac)m(hine)f(is)h(giv)m(en)g(b)m(y)h(an)e -Fs(op)-5 b(er-)283 3072 y(ational)38 b(semantics)p Fu(.)55 -b(As)37 b(in)e(the)i(previous)g(c)m(hapter)h(it)d(will)g(b)s(e)h(sp)s -(eci\014ed)i(b)m(y)f(a)f(transition)283 3193 y(system.)69 -b(The)42 b(con\014gurations)e(ha)m(v)m(e)i(the)f(form)e -Ft(h)p Fs(c)6 b Fu(,)42 b Fs(e)7 b Fu(,)43 b Fs(s)8 b -Ft(i)41 b Fu(as)g(describ)s(ed)g(ab)s(o)m(v)m(e)h(and)e(the)283 -3313 y(transition)31 b(relation)g Fh(\003)i Fu(sp)s(eci\014es)h(ho)m(w) -f(to)f(execute)j(the)e(instructions:)527 3501 y Ft(h)p -Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)33 -b Fh(\003)g Ft(h)o Fs(c)1107 3465 y Fi(0)1130 3501 y -Fu(,)g Fs(e)1242 3465 y Fi(0)1265 3501 y Fu(,)g Fs(s)1373 -3465 y Fi(0)1396 3501 y Ft(i)283 3689 y Fu(The)40 b(idea)e(is)g(that)g -Fs(one)i(step)g(of)g(exe)-5 b(cution)45 b Fu(will)36 -b(transform)i(the)h(con\014guration)e Ft(h)p Fs(c)6 b -Fu(,)40 b Fs(e)7 b Fu(,)40 b Fs(s)8 b Ft(i)283 3809 y -Fu(in)m(to)46 b Ft(h)o Fs(c)584 3773 y Fi(0)607 3809 -y Fu(,)j Fs(e)735 3773 y Fi(0)759 3809 y Fu(,)g Fs(s)883 -3773 y Fi(0)907 3809 y Ft(i)o Fu(.)84 b(The)47 b(relation)d(is)h -(de\014ned)i(b)m(y)g(the)f(axioms)f(of)h(T)-8 b(able)45 -b(3.1)h(where)h(w)m(e)283 3930 y(\(am)m(biguously\))35 -b(use)i(the)g(notation)e(`:')50 b(b)s(oth)36 b(for)g(app)s(ending)g(t)m -(w)m(o)g(instruction)g(sequences)283 4050 y(and)c(for)f(prep)s(ending)g -(an)g(elemen)m(t)g(to)g(a)g(sequence.)46 b(The)32 b(ev)-5 -b(aluation)30 b(stac)m(k)j(is)d(represen)m(ted)283 4170 -y(as)f(a)g(sequence)i(of)d(elemen)m(ts.)43 b(It)29 b(has)g(the)g(top)g -(of)f(the)h(stac)m(k)h(to)e(the)h(left)f(and)h(w)m(e)h(shall)d(write) -283 4291 y Fo(")33 b Fu(for)f(the)h(empt)m(y)g(sequence.)430 -4411 y(In)27 b(addition)e(to)i(the)h(usual)f(arithmetic)e(and)i(b)s(o)s -(olean)e(op)s(erations)i(w)m(e)h(ha)m(v)m(e)g(six)f(instruc-)283 -4531 y(tions)35 b(that)f(mo)s(dify)f(the)i(ev)-5 b(aluation)33 -b(stac)m(k:)49 b(The)35 b(op)s(eration)e Fb(push)p Fu(-)p -Fs(n)41 b Fu(pushes)c(a)d(constan)m(t)283 4652 y(v)-5 -b(alue)32 b Fs(n)39 b Fu(on)m(to)31 b(the)i(stac)m(k)g(and)f -Fb(tr)n(ue)f Fu(and)h Fb(f)-9 b(alse)31 b Fu(push)i(the)g(constan)m(ts) -g Fw(tt)e Fu(and)h Fw(\013)p Fu(,)g(resp)s(ec-)283 4772 -y(tiv)m(ely)-8 b(,)35 b(on)m(to)g(the)g(stac)m(k.)51 -b(The)36 b(op)s(eration)d Fb(fetch)p Fu(-)p Fs(x)46 b -Fu(pushes)36 b(the)f(v)-5 b(alue)34 b(b)s(ound)h(to)g -Fs(x)46 b Fu(on)m(to)283 4893 y(the)25 b(stac)m(k)h(whereas)g -Fb(store)p Fu(-)p Fs(x)35 b Fu(p)s(ops)25 b(the)f(topmost)g(elemen)m(t) -g(o\013)g(the)h(stac)m(k)h(and)e(up)s(dates)h(the)283 -5013 y(storage)35 b(so)f(that)g(the)h(p)s(opp)s(ed)f(v)-5 -b(alue)34 b(is)g(b)s(ound)g(to)g Fs(x)12 b Fu(.)48 b(The)35 -b(instruction)e Fb(branch)p Fu(\()p Fs(c)3529 5028 y -Fn(1)3568 5013 y Fu(,)g Fs(c)3679 5028 y Fn(2)3718 5013 -y Fu(\))283 5133 y(will)e(also)h(c)m(hange)h(the)g(\015o)m(w)g(of)g -(con)m(trol:)43 b(If)32 b(the)h(top)g(of)f(the)h(stac)m(k)h(is)e(the)h -(v)-5 b(alue)32 b Fw(tt)g Fu(\(that)g(is)283 5254 y(some)d(b)s(o)s -(olean)e(expression)j(has)f(b)s(een)h(ev)-5 b(aluated)28 -b(to)g(true\))h(then)h(the)f(stac)m(k)h(is)e(p)s(opp)s(ed)h(and)283 -5374 y Fs(c)334 5389 y Fn(1)408 5374 y Fu(is)35 b(to)g(b)s(e)g -(executed)i(next.)52 b(Otherwise,)36 b(if)e(the)h(top)g(elemen)m(t)g -(of)g(the)g(stac)m(k)h(is)f Fw(\013)g Fu(then)h(it)283 -5494 y(will)31 b(b)s(e)i(p)s(opp)s(ed)f(and)h Fs(c)1188 -5509 y Fn(2)1260 5494 y Fu(will)d(b)s(e)j(executed)h(next.)p -eop -%%Page: 65 75 -65 74 bop 0 130 a Fw(3.1)112 b(The)38 b(abstract)g(mac)m(hine)2038 -b(65)p 0 193 3473 4 v 0 419 V 0 3830 4 3411 v 416 528 -a Ft(h)o Fb(push)p Fu(-)p Fs(n)7 b Fu(:)p Fs(c)f Fu(,)32 -b Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)525 b Fh(\003)101 -b Ft(h)o Fs(c)6 b Fu(,)32 b Ft(N)15 b Fu([)-17 b([)q -Fs(n)7 b Fu(])-17 b(]:)p Fs(e)7 b Fu(,)33 b Fs(s)8 b -Ft(i)416 697 y(h)o Fb(add)p Fu(:)p Fs(c)e Fu(,)33 b Fs(z)829 -712 y Fn(1)869 697 y Fu(:)p Fs(z)948 712 y Fn(2)987 697 -y Fu(:)p Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)421 b Fh(\003)101 -b Ft(h)o Fs(c)6 b Fu(,)32 b(\()p Fs(z)2050 712 y Fn(1)2090 -697 y Fu(+)p Fs(z)2218 712 y Fn(2)2257 697 y Fu(\):)p -Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)2664 696 y Fu(if)31 -b Fs(z)2805 711 y Fn(1)2844 696 y Fu(,)i Fs(z)2956 711 -y Fn(2)2995 696 y Ft(2)q Fw(Z)416 865 y Ft(h)o Fb(mul)-7 -b(t)p Fu(:)p Fs(c)6 b Fu(,)34 b Fs(z)883 880 y Fn(1)922 -865 y Fu(:)p Fs(z)1001 880 y Fn(2)1040 865 y Fu(:)p Fs(e)7 -b Fu(,)33 b Fs(s)8 b Ft(i)368 b Fh(\003)101 b Ft(h)o -Fs(c)6 b Fu(,)32 b(\()p Fs(z)2050 880 y Fn(1)2090 865 -y Fo(?)p Fs(z)2191 880 y Fn(2)2230 865 y Fu(\):)p Fs(e)7 -b Fu(,)33 b Fs(s)8 b Ft(i)2664 864 y Fu(if)31 b Fs(z)2805 -879 y Fn(1)2844 864 y Fu(,)i Fs(z)2956 879 y Fn(2)2995 -864 y Ft(2)q Fw(Z)416 1034 y Ft(h)o Fb(sub)p Fu(:)p Fs(c)6 -b Fu(,)32 b Fs(z)808 1049 y Fn(1)848 1034 y Fu(:)p Fs(z)927 -1049 y Fn(2)966 1034 y Fu(:)p Fs(e)7 b Fu(,)33 b Fs(s)8 -b Ft(i)442 b Fh(\003)101 b Ft(h)o Fs(c)6 b Fu(,)32 b(\()p -Fs(z)2050 1049 y Fn(1)2090 1034 y Ft(\000)p Fs(z)2219 -1049 y Fn(2)2259 1034 y Fu(\):)p Fs(e)7 b Fu(,)33 b Fs(s)8 -b Ft(i)2664 1033 y Fu(if)31 b Fs(z)2805 1048 y Fn(1)2844 -1033 y Fu(,)i Fs(z)2956 1048 y Fn(2)2995 1033 y Ft(2)q -Fw(Z)416 1201 y Ft(h)o Fb(tr)n(ue)p Fu(:)p Fs(c)6 b Fu(,)32 -b Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)610 b Fh(\003)101 -b Ft(h)o Fs(c)6 b Fu(,)32 b Fw(tt)p Fu(:)p Fs(e)7 b Fu(,)33 -b Fs(s)8 b Ft(i)416 1369 y(h)o Fb(f)-9 b(alse)p Fu(:)p -Fs(c)6 b Fu(,)33 b Fs(e)7 b Fu(,)32 b Fs(s)8 b Ft(i)586 -b Fh(\003)101 b Ft(h)o Fs(c)6 b Fu(,)32 b Fw(\013)p Fu(:)p -Fs(e)7 b Fu(,)34 b Fs(s)8 b Ft(i)416 1537 y(h)o Fb(eq)p -Fu(:)p Fs(c)e Fu(,)33 b Fs(z)763 1552 y Fn(1)802 1537 -y Fu(:)p Fs(z)881 1552 y Fn(2)920 1537 y Fu(:)p Fs(e)7 -b Fu(,)33 b Fs(s)8 b Ft(i)488 b Fh(\003)101 b Ft(h)o -Fs(c)6 b Fu(,)32 b(\()p Fs(z)2050 1552 y Fn(1)2090 1537 -y Fu(=)p Fs(z)2218 1552 y Fn(2)2257 1537 y Fu(\):)p Fs(e)7 -b Fu(,)33 b Fs(s)8 b Ft(i)2664 1536 y Fu(if)31 b Fs(z)2805 -1551 y Fn(1)2844 1536 y Fu(,)i Fs(z)2956 1551 y Fn(2)2995 -1536 y Ft(2)q Fw(Z)416 1706 y Ft(h)o Fb(le)p Fu(:)p Fs(c)6 -b Fu(,)32 b Fs(z)750 1721 y Fn(1)790 1706 y Fu(:)p Fs(z)869 -1721 y Fn(2)908 1706 y Fu(:)p Fs(e)7 b Fu(,)33 b Fs(s)8 -b Ft(i)500 b Fh(\003)101 b Ft(h)o Fs(c)6 b Fu(,)32 b(\()p -Fs(z)2050 1721 y Fn(1)2090 1706 y Ft(\024)p Fs(z)2219 -1721 y Fn(2)2259 1706 y Fu(\):)p Fs(e)7 b Fu(,)33 b Fs(s)8 -b Ft(i)2664 1705 y Fu(if)31 b Fs(z)2805 1720 y Fn(1)2844 -1705 y Fu(,)i Fs(z)2956 1720 y Fn(2)2995 1705 y Ft(2)q -Fw(Z)416 1873 y Ft(h)o Fb(and)p Fu(:)p Fs(c)6 b Fu(,)33 -b Fs(t)817 1888 y Fn(1)857 1873 y Fu(:)p Fs(t)925 1888 -y Fn(2)966 1873 y Fu(:)p Fs(e)7 b Fu(,)33 b Fs(s)8 b -Ft(i)442 b Fh(\003)921 1957 y Fg(8)921 2031 y(<)921 2181 -y(:)1036 2046 y Ft(h)p Fs(c)5 b Fo(;)17 b Fw(tt)27 b -Fu(:)h Fs(e)7 b Fo(;)17 b Fs(s)8 b Ft(i)1036 2214 y(h)p -Fs(c)d Fo(;)17 b Fw(\013)38 b Fu(:)28 b Fs(e)7 b Fo(;)17 -b Fs(s)8 b Ft(i)1647 2046 y Fu(if)31 b Fs(t)1777 2061 -y Fn(1)1818 2046 y Fu(=)p Fw(tt)g Fu(and)i Fs(t)2244 -2061 y Fn(2)2284 2046 y Fu(=)p Fw(tt)1647 2214 y Fu(if)e -Fs(t)1777 2229 y Fn(1)1818 2214 y Fu(=)p Fw(\013)h Fu(or)h -Fs(t)2152 2229 y Fn(2)2192 2214 y Fu(=)p Fw(\013)p Fu(,)g -Fs(t)2434 2229 y Fn(1)2474 2214 y Fu(,)g Fs(t)2575 2229 -y Fn(2)2615 2214 y Ft(2)p Fw(T)416 2483 y Ft(h)o Fb(neg)p -Fu(:)p Fs(c)6 b Fu(,)32 b Fs(t)9 b Fu(:)p Fs(e)e Fu(,)34 -b Fs(s)8 b Ft(i)594 b Fh(\003)1812 2309 y Fg(8)1812 2384 -y(<)1812 2533 y(:)1927 2399 y Ft(h)p Fs(c)5 b Fo(;)17 -b Fw(\013)38 b Fu(:)28 b Fs(e)7 b Fo(;)17 b Fs(s)8 b -Ft(i)1927 2566 y(h)p Fs(c)d Fo(;)17 b Fw(tt)27 b Fu(:)h -Fs(e)7 b Fo(;)17 b Fs(s)8 b Ft(i)2664 2399 y Fu(if)31 -b Fs(t)9 b Fu(=)p Fw(tt)2664 2566 y Fu(if)31 b Fs(t)9 -b Fu(=)p Fw(\013)416 2745 y Ft(h)o Fb(fetch)p Fu(-)p -Fs(x)j Fu(:)p Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 b Fs(s)8 -b Ft(i)466 b Fh(\003)101 b Ft(h)o Fs(c)6 b Fu(,)32 b(\()p -Fs(s)41 b(x)12 b Fu(\):)p Fs(e)7 b Fu(,)33 b Fs(s)8 b -Ft(i)416 2914 y(h)o Fb(store)p Fu(-)p Fs(x)k Fu(:)p Fs(c)6 -b Fu(,)31 b Fs(z)12 b Fu(:)p Fs(e)7 b Fu(,)33 b Fs(s)8 -b Ft(i)392 b Fh(\003)101 b Ft(h)o Fs(c)6 b Fu(,)32 b -Fs(e)7 b Fu(,)33 b Fs(s)8 b Fu([)p Fs(x)k Ft(7!)p Fs(z)g -Fu(])p Ft(i)2664 2913 y Fu(if)31 b Fs(z)12 b Ft(2)p Fw(Z)416 -3081 y Ft(h)o Fb(noop)p Fu(:)p Fs(c)6 b Fu(,)33 b Fs(e)7 -b Fu(,)33 b Fs(s)8 b Ft(i)600 b Fh(\003)101 b Ft(h)o -Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)416 -3339 y(h)o Fb(branch)p Fu(\()p Fs(c)903 3354 y Fn(1)942 -3339 y Fu(,)33 b Fs(c)1053 3354 y Fn(2)1092 3339 y Fu(\):)p -Fs(c)6 b Fu(,)32 b Fs(t)9 b Fu(:)p Fs(e)e Fu(,)34 b Fs(s)8 -b Ft(i)99 b Fh(\003)1812 3165 y Fg(8)1812 3240 y(<)1812 -3389 y(:)1927 3255 y Ft(h)p Fs(c)2016 3270 y Fn(1)2083 -3255 y Fu(:)28 b Fs(c)6 b Fo(;)17 b Fs(e)7 b Fo(;)17 -b Fs(s)7 b Ft(i)1927 3422 y(h)p Fs(c)2016 3437 y Fn(2)2083 -3422 y Fu(:)28 b Fs(c)6 b Fo(;)17 b Fs(e)7 b Fo(;)17 -b Fs(s)7 b Ft(i)2664 3255 y Fu(if)31 b Fs(t)9 b Fu(=)p -Fw(tt)2664 3422 y Fu(if)31 b Fs(t)9 b Fu(=)p Fw(\013)416 -3601 y Ft(h)o Fb(loop)p Fu(\()p Fs(c)776 3616 y Fn(1)816 -3601 y Fu(,)32 b Fs(c)926 3616 y Fn(2)965 3601 y Fu(\):)p -Fs(c)6 b Fu(,)33 b Fs(e)7 b Fu(,)32 b Fs(s)8 b Ft(i)295 -b Fh(\003)921 3769 y Ft(h)o Fs(c)1010 3784 y Fn(1)1049 -3769 y Fu(:)p Fb(branch)p Fu(\()p Fs(c)1525 3784 y Fn(2)1564 -3769 y Fu(:)p Fb(loop)p Fu(\()p Fs(c)1913 3784 y Fn(1)1953 -3769 y Fu(,)32 b Fs(c)2063 3784 y Fn(2)2102 3769 y Fu(\),)h -Fb(noop)p Fu(\):)p Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 -b Fs(s)8 b Ft(i)p 3469 3830 V 0 3833 3473 4 v 844 3994 -a Fu(T)-8 b(able)32 b(3.1:)43 b(Op)s(erational)30 b(seman)m(tics)j(for) -f Fw(AM)146 4287 y Fu(There)43 b(are)f(t)m(w)m(o)h(instructions)f(that) -f(c)m(hange)i(the)f(\015o)m(w)h(of)e(con)m(trol.)71 b(The)43 -b(instruction)0 4407 y Fb(branch)p Fu(\()p Fs(c)449 4422 -y Fn(1)488 4407 y Fu(,)i Fs(c)611 4422 y Fn(2)650 4407 -y Fu(\))d(will)e(b)s(e)j(used)h(to)e(implemen)m(t)e(the)j(conditional:) -61 b(as)42 b(describ)s(ed)i(ab)s(o)m(v)m(e)0 4527 y(it)f(will)f(c)m(ho) -s(ose)i(the)h(co)s(de)f(comp)s(onen)m(t)g Fs(c)1602 4542 -y Fn(1)1685 4527 y Fu(or)g Fs(c)1867 4542 y Fn(2)1950 -4527 y Fu(dep)s(ending)g(on)g(the)g(curren)m(t)h(v)-5 -b(alue)43 b(on)0 4648 y(top)g(of)g(the)h(stac)m(k.)76 -b(If)44 b(the)f(top)g(of)g(the)h(stac)m(k)g(is)f(not)g(a)g(truth)h(v)-5 -b(alue)42 b(the)i(mac)m(hine)f(will)0 4768 y(halt)e(as)i(there)g(is)f -(no)h(next)g(con\014guration)f(\(since)h(the)g(meaning)e(of)h -Fb(branch)p Fu(\()p Ft(\001)17 b(\001)g(\001)n Fu(,)p -Ft(\001)g(\001)g(\001)n Fu(\))43 b(is)0 4889 y(not)i(de\014ned)h(in)e -(that)h(case\).)82 b(A)45 b(lo)s(oping)d(construct)k(suc)m(h)g(as)g -(the)f Fr(while)p Fu(-construct)i(of)0 5009 y Fw(While)40 -b Fu(can)i(b)s(e)g(implemen)m(ted)f(using)g(the)h(instruction)f -Fb(loop)p Fu(\()p Fs(c)2516 5024 y Fn(1)2555 5009 y Fu(,)j -Fs(c)2677 5024 y Fn(2)2716 5009 y Fu(\).)71 b(The)43 -b(seman)m(tics)0 5129 y(of)35 b(this)g(instruction)f(is)h(de\014ned)i -(b)m(y)f(rewriting)f(it)f(to)h(a)g(com)m(bination)e(of)i(other)h -(constructs)0 5250 y(including)29 b(the)i Fb(branch)p -Fu(-instruction)e(and)h(itself.)42 b(W)-8 b(e)31 b(shall)e(see)j -(shortly)e(ho)m(w)h(this)f(can)h(b)s(e)0 5370 y(used.)146 -5494 y(The)40 b(op)s(erational)d(seman)m(tics)i(of)f(T)-8 -b(able)38 b(3.1)h(is)f(indeed)h(a)g(structural)g(op)s(erational)d(se-)p -eop -%%Page: 66 76 -66 75 bop 251 130 a Fw(66)1535 b(3)112 b(Pro)m(v)-6 b(ably)36 -b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283 -515 a Fu(man)m(tics)29 b(for)g Fw(AM)p Fu(.)g(Corresp)s(onding)g(to)g -(the)g(deriv)-5 b(ation)28 b(sequences)k(of)d(Chapter)h(2)f(w)m(e)h -(shall)283 636 y(de\014ne)36 b(a)e Fs(c)-5 b(omputation)36 -b(se)-5 b(quenc)g(e)40 b Fu(for)34 b Fw(AM)p Fu(.)g(Giv)m(en)g(a)g -(sequence)j Fs(c)i Fu(of)34 b(instructions)g(and)g(a)283 -756 y(storage)f Fs(s)8 b Fu(,)33 b(a)f(computation)f(sequence)k(for)d -Fs(c)38 b Fu(and)33 b Fs(s)41 b Fu(is)32 b(either)429 -956 y Ft(\017)48 b Fu(a)33 b Fs(\014nite)39 b Fu(sequence)742 -1159 y Fo(\015)798 1174 y Fn(0)837 1159 y Fu(,)33 b Fo(\015)953 -1174 y Fn(1)992 1159 y Fu(,)g Fo(\015)1108 1174 y Fn(2)1148 -1159 y Fu(,)f Ft(\001)17 b(\001)g(\001)31 b Fu(,)i Fo(\015)1472 -1174 y Fn(k)527 1361 y Fu(of)c(con\014gurations)f(satisfying)g -Fo(\015)1747 1376 y Fn(0)1815 1361 y Fu(=)g Ft(h)p Fs(c)6 -b Fu(,)29 b Fo(")p Fu(,)g Fs(s)8 b Ft(i)29 b Fu(and)g -Fo(\015)2525 1376 y Fn(i)2577 1361 y Fh(\003)g Fo(\015)2739 -1376 y Fn(i+1)2882 1361 y Fu(for)f(0)p Ft(\024)p Fu(i)p -Fo(<)p Fu(k,)h(k)p Ft(\025)q Fu(0,)h(and)527 1482 y(where)k(there)f(is) -g(no)f Fo(\015)38 b Fu(suc)m(h)c(that)e Fo(\015)1868 -1497 y Fn(k)1942 1482 y Fh(\003)h Fo(\015)5 b Fu(,)33 -b(or)f(it)f(is)429 1684 y Ft(\017)48 b Fu(an)33 b Fs(in\014nite)39 -b Fu(sequence)742 1886 y Fo(\015)798 1901 y Fn(0)837 -1886 y Fu(,)33 b Fo(\015)953 1901 y Fn(1)992 1886 y Fu(,)g -Fo(\015)1108 1901 y Fn(2)1148 1886 y Fu(,)f Ft(\001)17 -b(\001)g(\001)527 2089 y Fu(of)32 b(con\014gurations)h(satisfying)e -Fo(\015)1758 2104 y Fn(0)1830 2089 y Fu(=)i Ft(h)o Fs(c)6 -b Fu(,)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fu(and)h -Fo(\015)2558 2104 y Fn(i)2614 2089 y Fh(\003)g Fo(\015)2780 -2104 y Fn(i+1)2927 2089 y Fu(for)f(0)p Ft(\024)p Fu(i.)283 -2289 y(Note)e(that)g(initial)c(con\014gurations)j(alw)m(a)m(ys)h(ha)m -(v)m(e)h(an)f Fs(empty)38 b Fu(ev)-5 b(aluation)28 b(stac)m(k.)44 -b(A)30 b(compu-)283 2410 y(tation)i(sequence)j(is)429 -2610 y Ft(\017)48 b Fs(terminating)41 b Fu(if)31 b(and)i(only)f(if)g -(it)f(is)h(\014nite,)h(and)429 2812 y Ft(\017)48 b Fs(lo)-5 -b(oping)40 b Fu(if)32 b(and)h(only)f(if)f(it)h(is)g(in\014nite.)283 -3013 y(A)f(terminating)d(computation)h(sequence)k(ma)m(y)d(end)h(in)f -(a)g(terminal)e(con\014guration)h(\(that)h(is)283 3133 -y(a)38 b(con\014guration)g(with)g(an)g(empt)m(y)h(co)s(de)f(comp)s -(onen)m(t\))h(or)f(in)f(a)h(stuc)m(k)i(con\014guration)d(\(for)283 -3253 y(example)c Ft(h)o Fb(add)p Fu(,)g Fo(")p Fu(,)g -Fs(s)8 b Ft(i)p Fu(\).)283 3478 y Fw(Example)37 b(3.1)49 -b Fu(Consider)33 b(the)g(instruction)f(sequence)527 3678 -y Fb(push)p Fu(-)p Fr(1)p Fu(:)p Fb(fetch)p Fu(-)p Fr(x)p -Fu(:)p Fb(add)p Fu(:)p Fb(store)p Fu(-)p Fr(x)283 3878 -y Fu(Assuming)h(that)f(the)h(initial)c(storage)j Fs(s)41 -b Fu(has)33 b Fs(s)41 b Fr(x)32 b Fu(=)h Fw(3)f Fu(w)m(e)i(get)527 -4079 y Ft(h)p Fb(push)p Fu(-)p Fr(1)p Fu(:)p Fb(fetch)p -Fu(-)p Fr(x)p Fu(:)p Fb(add)p Fu(:)p Fb(store)p Fu(-)p -Fr(x)p Fu(,)d Fo(")p Fu(,)i Fs(s)8 b Ft(i)873 4246 y -Fh(\003)33 b Ft(h)p Fb(fetch)p Fu(-)p Fr(x)p Fu(:)p Fb(add)p -Fu(:)p Fb(store)p Fu(-)p Fr(x)p Fu(,)f Fw(1)p Fu(,)h -Fs(s)8 b Ft(i)873 4414 y Fh(\003)33 b Ft(h)p Fb(add)p -Fu(:)p Fb(store)p Fu(-)p Fr(x)p Fu(,)f Fw(3)p Fu(:)p -Fw(1)p Fu(,)h Fs(s)8 b Ft(i)873 4582 y Fh(\003)33 b Ft(h)p -Fb(store)p Fu(-)p Fr(x)p Fu(,)f Fw(4)p Fu(,)g Fs(s)8 -b Ft(i)873 4749 y Fh(\003)33 b Ft(h)p Fo(")p Fu(,)f Fo(")p -Fu(,)h Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p Fw(4)p Fu(])p Ft(i)283 -4950 y Fu(The)36 b(computation)c(no)m(w)j(stops)g(b)s(ecause)g(there)g -(is)f(no)g(next)h(step.)49 b(This)34 b(is)g(an)g(example)f(of)283 -5070 y(a)g(terminating)d(computation)h(sequence.)1820 -b Fh(2)283 5294 y Fw(Example)37 b(3.2)49 b Fu(Consider)33 -b(the)g(co)s(de)527 5494 y Fb(loop)p Fu(\()p Fb(tr)n(ue)p -Fu(,)g Fb(noop)p Fu(\))p eop -%%Page: 67 77 -67 76 bop 0 130 a Fw(3.1)112 b(The)38 b(abstract)g(mac)m(hine)2038 -b(67)p 0 193 3473 4 v 0 515 a Fu(W)-8 b(e)33 b(ha)m(v)m(e)244 -681 y Ft(h)p Fb(loop)p Fu(\()p Fb(tr)n(ue)p Fu(,)f Fb(noop)p -Fu(\),)h Fo(")o Fu(,)g Fs(s)8 b Ft(i)554 848 y Fh(\003)33 -b Ft(h)p Fb(tr)n(ue)p Fu(:)p Fb(branch)p Fu(\()p Fb(noop)p -Fu(:)p Fb(loop)p Fu(\()p Fb(tr)n(ue)p Fu(,)f Fb(noop)p -Fu(\),)h Fb(noop)p Fu(\),)f Fo(")p Fu(,)h Fs(s)8 b Ft(i)554 -1016 y Fh(\003)33 b Ft(h)p Fb(branch)p Fu(\()p Fb(noop)p -Fu(:)p Fb(loop)p Fu(\()p Fb(tr)n(ue)p Fu(,)f Fb(noop)p -Fu(\),)h Fb(noop)p Fu(\),)g Fw(tt)p Fu(,)f Fs(s)8 b Ft(i)554 -1183 y Fh(\003)33 b Ft(h)p Fb(noop)p Fu(:)p Fb(loop)p -Fu(\()p Fb(tr)n(ue)p Fu(,)f Fb(noop)p Fu(\),)h Fo(")p -Fu(,)f Fs(s)8 b Ft(i)554 1351 y Fh(\003)33 b Ft(h)p Fb(loop)p -Fu(\()p Fb(tr)n(ue)p Fu(,)f Fb(noop)p Fu(\),)h Fo(")o -Fu(,)g Fs(s)8 b Ft(i)554 1519 y Fh(\003)33 b Ft(\001)17 -b(\001)g(\001)0 1684 y Fu(and)40 b(the)h(unfolding)d(of)i(the)g -Fb(loop)p Fu(-instruction)f(is)h(rep)s(eated.)67 b(This)40 -b(is)f(an)h(example)g(of)g(a)0 1804 y(lo)s(oping)30 b(computation)h -(sequence.)2089 b Fh(2)0 1982 y Fw(Exercise)36 b(3.3)49 -b Fu(Consider)33 b(the)g(co)s(de)244 2147 y Fb(push)p -Fu(-)p Fr(0)p Fu(:)p Fb(store)p Fu(-)p Fr(z)p Fu(:)p -Fb(fetch)p Fu(-)p Fr(x)p Fu(:)p Fb(store)p Fu(-)p Fr(r)p -Fu(:)244 2315 y Fb(loop)p Fu(\()p Fb(fetch)p Fu(-)p Fr(r)p -Fu(:)p Fb(fetch)p Fu(-)p Fr(y)p Fu(:)p Fb(le)p Fu(,)515 -2482 y Fb(fetch)p Fu(-)p Fr(y)p Fu(:)p Fb(fetch)p Fu(-)p -Fr(r)p Fu(:)p Fb(sub)p Fu(:)p Fb(store)p Fu(-)p Fr(r)p -Fu(:)515 2650 y Fb(push)p Fu(-)p Fr(1)p Fu(:)p Fb(fetch)p -Fu(-)p Fr(z)p Fu(:)p Fb(add)p Fu(:)p Fb(store)p Fu(-)p -Fr(z)p Fu(\))0 2815 y(Determine)f(the)h(function)f(computed)g(b)m(y)i -(this)e(co)s(de.)1378 b Fh(2)0 3097 y Fp(Prop)t(erties)46 -b(of)f(AM)0 3282 y Fu(The)40 b(seman)m(tics)f(w)m(e)h(ha)m(v)m(e)h(sp)s -(eci\014ed)e(for)g(the)g(abstract)h(mac)m(hine)e(is)h(concerned)h(with) -f(the)0 3402 y(execution)27 b(of)g(individual)d(instructions)i(and)h -(is)f(therefore)i(close)f(in)f(spirit)f(to)h(the)i(structural)0 -3523 y(op)s(erational)j(seman)m(tics)j(studied)g(in)e(Chapter)j(2.)46 -b(When)34 b(pro)m(ving)f(the)h(correctness)i(of)d(the)0 -3643 y(co)s(de)44 b(generation)g(w)m(e)g(shall)f(need)i(a)f(few)g -(results)g(analogous)f(to)h(those)g(holding)f(for)g(the)0 -3764 y(structural)d(op)s(erational)e(seman)m(tics.)66 -b(As)41 b(their)f(pro)s(ofs)g(follo)m(w)e(the)j(same)f(lines)f(as)i -(those)0 3884 y(for)32 b(the)h(structural)f(op)s(erational)e(seman)m -(tics)i(w)m(e)i(shall)d(lea)m(v)m(e)i(them)f(as)g(exercises)i(and)f -(only)0 4004 y Fs(r)-5 b(eformulate)40 b Fu(the)33 b(pro)s(of)e(tec)m -(hnique)j(from)e(Section)g(2.2:)p 0 4153 3470 4 v 0 4170 -V -2 4378 4 208 v 15 4378 V 478 4299 a Fw(Induction)g(on)h(the)f -(Length)h(of)g(Computation)f(Sequences)p 3452 4378 V -3469 4378 V 0 4381 3470 4 v -2 4630 4 249 v 15 4630 V -66 4546 a Fu(1:)143 b(Pro)m(v)m(e)34 b(that)f(the)g(prop)s(ert)m(y)g -(holds)f(for)g(all)f(computation)g(sequences)36 b(of)c(length)g(0.)p -3452 4630 V 3469 4630 V -2 5159 4 529 v 15 5159 V 66 -4714 a(2:)143 b(Pro)m(v)m(e)41 b(that)f(the)g(prop)s(ert)m(y)g(holds)f -(for)g(all)f(other)i(computation)e(sequences:)60 b(As-)285 -4834 y(sume)37 b(that)f(the)h(prop)s(ert)m(y)g(holds)g(for)f(all)e -(computation)h(sequences)40 b(of)c(length)g(at)285 4955 -y(most)31 b(k)g(\(this)g(is)f(called)g(the)i Fs(induction)h(hyp)-5 -b(othesis)p Fu(\))30 b(and)h(sho)m(w)h(that)f(it)f(holds)h(for)285 -5075 y(computation)g(sequences)36 b(of)c(length)g(k+1.)p -3452 5159 V 3469 5159 V 0 5162 3470 4 v 0 5179 V 0 5374 -a(The)f(induction)d(step)j(of)e(a)g(pro)s(of)g(follo)m(wing)e(this)i -(tec)m(hnique)j(will)27 b(often)j(b)s(e)f(done)i(b)m(y)f(a)f(case)0 -5494 y(analysis)j(on)g(the)h(\014rst)g(instruction)f(of)g(the)h(co)s -(de)g(comp)s(onen)m(t)g(of)f(the)h(con\014guration.)p -eop -%%Page: 68 78 -68 77 bop 251 130 a Fw(68)1535 b(3)112 b(Pro)m(v)-6 b(ably)36 -b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283 -515 a(Exercise)g(3.4)49 b(\(Essen)m(tial\))30 b Fu(By)j(analogy)f(with) -g(Exercise)i(2.21)e(pro)m(v)m(e)h(that)527 717 y(if)f -Ft(h)p Fs(c)707 732 y Fn(1)746 717 y Fu(,)g Fs(e)857 -732 y Fn(1)897 717 y Fu(,)g Fs(s)8 b Ft(i)33 b Fh(\003)1153 -681 y Fn(k)1227 717 y Ft(h)p Fs(c)1317 681 y Fi(0)1340 -717 y Fu(,)f Fs(e)1451 681 y Fi(0)1475 717 y Fu(,)h Fs(s)1583 -681 y Fi(0)1606 717 y Ft(i)f Fu(then)h Ft(h)p Fs(c)1989 -732 y Fn(1)2028 717 y Fu(:)p Fs(c)2106 732 y Fn(2)2145 -717 y Fu(,)g Fs(e)2257 732 y Fn(1)2297 717 y Fu(:)p Fs(e)2376 -732 y Fn(2)2415 717 y Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)2672 -681 y Fn(k)2746 717 y Ft(h)p Fs(c)2836 681 y Fi(0)2858 -717 y Fu(:)p Fs(c)2936 732 y Fn(2)2976 717 y Fu(,)g Fs(e)3087 -681 y Fi(0)3111 717 y Fu(:)p Fs(e)3190 732 y Fn(2)3230 -717 y Fu(,)g Fs(s)3337 681 y Fi(0)3361 717 y Ft(i)283 -919 y Fu(This)25 b(means)g(that)f(w)m(e)i(can)e(extend)i(the)f(co)s(de) -g(comp)s(onen)m(t)g(as)g(w)m(ell)e(as)i(the)g(stac)m(k)h(comp)s(onen)m -(t)283 1039 y(without)33 b(c)m(hanging)f(the)h(b)s(eha)m(viour)f(of)g -(the)h(mac)m(hine.)1349 b Fh(2)283 1265 y Fw(Exercise)37 -b(3.5)49 b(\(Essen)m(tial\))30 b Fu(By)j(analogy)f(with)g(Lemma)f(2.19) -h(pro)m(v)m(e)i(that)e(if)527 1467 y Ft(h)p Fs(c)617 -1482 y Fn(1)656 1467 y Fu(:)p Fs(c)734 1482 y Fn(2)773 -1467 y Fu(,)h Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)32 b Fh(\003)1142 -1431 y Fn(k)1215 1467 y Ft(h)p Fo(")p Fu(,)g Fs(e)1411 -1431 y Fi(00)1454 1467 y Fu(,)h Fs(s)1562 1431 y Fi(00)1604 -1467 y Ft(i)283 1669 y Fu(then)40 b(there)f(exists)g(a)g -(con\014guration)e Ft(h)p Fo(")p Fu(,)j Fs(e)1930 1633 -y Fi(0)1953 1669 y Fu(,)g Fs(s)2068 1633 y Fi(0)2092 -1669 y Ft(i)e Fu(and)h(natural)e(n)m(um)m(b)s(ers)j(k)3163 -1684 y Fn(1)3241 1669 y Fu(and)f(k)3488 1684 y Fn(2)3566 -1669 y Fu(with)283 1789 y(k)334 1804 y Fn(1)374 1789 -y Fu(+k)501 1804 y Fn(2)541 1789 y Fu(=k)33 b(suc)m(h)h(that)527 -1991 y Ft(h)p Fs(c)617 2006 y Fn(1)656 1991 y Fu(,)f -Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)32 b Fh(\003)1024 1955 -y Fn(k)1061 1964 y Fd(1)1133 1991 y Ft(h)p Fo(")o Fu(,)h -Fs(e)1329 1955 y Fi(0)1353 1991 y Fu(,)f Fs(s)1460 1955 -y Fi(0)1484 1991 y Ft(i)g Fu(and)g Ft(h)p Fs(c)1834 2006 -y Fn(2)1873 1991 y Fu(,)h Fs(e)1985 1955 y Fi(0)2008 -1991 y Fu(,)g Fs(s)2116 1955 y Fi(0)2139 1991 y Ft(i)g -Fh(\003)2288 1955 y Fn(k)2325 1964 y Fd(2)2397 1991 y -Ft(h)o Fo(")p Fu(,)g Fs(e)2593 1955 y Fi(00)2635 1991 -y Fu(,)g Fs(s)2743 1955 y Fi(00)2785 1991 y Ft(i)283 -2193 y Fu(This)c(means)f(that)f(the)i(execution)g(of)e(a)h(comp)s -(osite)f(sequence)j(of)e(instructions)g(can)g(b)s(e)g(split)283 -2313 y(in)m(to)k(t)m(w)m(o)i(pieces.)2739 b Fh(2)430 -2539 y Fu(The)23 b(notion)d(of)i(determinism)e(is)h(de\014ned)i(as)f -(for)f(the)i(structural)e(op)s(erational)f(seman)m(tics.)283 -2660 y(So)34 b(the)g(seman)m(tics)g(of)g(an)f(abstract)i(mac)m(hine)e -(is)g Fs(deterministic)39 b Fu(if)32 b(for)i(all)d(c)m(hoices)k(of)e -Fo(\015)5 b Fu(,)35 b Fo(\015)3733 2624 y Fi(0)283 2780 -y Fu(and)e Fo(\015)529 2744 y Fi(00)572 2780 y Fu(:)527 -2982 y Fo(\015)38 b Fh(\003)33 b Fo(\015)782 2946 y Fi(0)838 -2982 y Fu(and)f Fo(\015)38 b Fh(\003)33 b Fo(\015)1282 -2946 y Fi(00)1357 2982 y Fu(imply)e Fo(\015)1687 2946 -y Fi(0)1742 2982 y Fu(=)i Fo(\015)1907 2946 y Fi(00)283 -3208 y Fw(Exercise)k(3.6)49 b(\(Essen)m(tial\))36 b Fu(Sho)m(w)j(that)f -(the)h(mac)m(hine)f(seman)m(tics)h(of)f(T)-8 b(able)38 -b(3.1)g(is)g(de-)283 3329 y(terministic.)48 b(Deduce)36 -b(that)e(there)i(is)e(exactly)h(one)g(computation)e(sequence)k -(starting)d(in)g(a)283 3449 y(con\014guration)e Ft(h)p -Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)p -Fu(.)2432 b Fh(2)283 3737 y Fp(The)45 b(execution)h(function)e -FC(M)283 3922 y Fu(W)-8 b(e)37 b(shall)e(de\014ne)j(the)f -Fs(me)-5 b(aning)44 b Fu(of)36 b(a)g(sequence)j(of)d(instructions)g(as) -h(a)f(\(partial\))e(function)283 4043 y(from)e Fw(State)g -Fu(to)h Fw(State)p Fu(:)527 4244 y Ft(M)p Fu(:)43 b Fw(Co)s(de)33 -b Ft(!)g Fu(\()p Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)p -Fu(\))283 4446 y(It)g(is)f(giv)m(en)h(b)m(y)527 4730 -y Ft(M)p Fu([)-17 b([)q Fs(c)6 b Fu(])-17 b(])32 b Fs(s)41 -b Fu(=)994 4555 y Fg(8)994 4630 y(<)994 4779 y(:)1110 -4645 y Fs(s)1158 4609 y Fi(0)1428 4645 y Fu(if)32 b Ft(h)o -Fs(c)6 b Fu(,)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)1969 -4609 y Fi(\003)2041 4645 y Ft(h)o Fo(")p Fu(,)h Fs(e)7 -b Fu(,)33 b Fs(s)2345 4609 y Fi(0)2368 4645 y Ft(i)1110 -4813 y Fu(undef)p 1110 4826 236 4 v 83 w(otherwise)283 -5013 y(The)e(function)f(is)f(w)m(ell-de\014ned)i(b)s(ecause)g(of)e -(Exercise)j(3.6.)42 b(Note)30 b(that)g(the)g(de\014nition)f(do)s(es)283 -5133 y(not)k(require)g(the)g(stac)m(k)h(comp)s(onen)m(t)e(of)h(the)g -(terminal)d(con\014guration)i(to)g(b)s(e)h(empt)m(y)g(but)g(it)283 -5254 y(do)s(es)g(require)g(the)g(co)s(de)g(comp)s(onen)m(t)g(to)f(b)s -(e)h(so.)430 5374 y(The)j(abstract)g(mac)m(hine)g Fw(AM)f -Fu(ma)m(y)h(seem)g(far)f(remo)m(v)m(ed)h(from)f(more)g(traditional)d -(ma-)283 5494 y(c)m(hine)h(arc)m(hitectures.)45 b(In)33 -b(the)g(next)h(few)f(exercises)h(w)m(e)g(shall)d(gradually)g(bridge)h -(this)g(gap.)p eop -%%Page: 69 79 -69 78 bop 0 130 a Fw(3.2)112 b(Sp)s(eci\014cation)37 -b(of)h(the)f(translation)1596 b(69)p 0 193 3473 4 v 0 -515 a(Exercise)36 b(3.7)49 b(AM)29 b Fu(refers)h(to)f(v)-5 -b(ariables)28 b(b)m(y)i(their)f Fs(name)36 b Fu(rather)29 -b(than)g(b)m(y)i(their)d Fs(addr)-5 b(ess)p Fu(.)0 636 -y(The)34 b(abstract)e(mac)m(hine)g Fw(AM)1153 651 y Fn(1)1225 -636 y Fu(di\013ers)h(from)e Fw(AM)i Fu(in)e(that)145 -805 y Ft(\017)49 b Fu(the)31 b(con\014gurations)g(ha)m(v)m(e)h(the)f -(form)f Ft(h)o Fs(c)6 b Fu(,)31 b Fs(e)7 b Fu(,)32 b -Fs(m)7 b Ft(i)30 b Fu(where)i Fs(c)37 b Fu(and)31 b Fs(e)38 -b Fu(are)30 b(as)i(in)e Fw(AM)g Fu(and)244 925 y Fs(m)7 -b Fu(,)33 b(the)g Fs(memory)9 b Fu(,)31 b(is)i(a)f(\(\014nite\))g(list) -f(of)h(v)-5 b(alues,)33 b(that)f(is)g Fs(m)40 b Ft(2)33 -b Fw(Z)2662 889 y Fc(?)2702 925 y Fu(,)f(and)145 1117 -y Ft(\017)49 b Fu(the)38 b(instructions)f Fb(fetch)p -Fu(-)p Fs(x)48 b Fu(and)38 b Fb(store)p Fu(-)p Fs(x)48 -b Fu(are)37 b(replaced)h(b)m(y)g(instructions)f Fb(get)p -Fu(-)p Fs(n)244 1237 y Fu(and)c Fb(put)p Fu(-)p Fs(n)38 -b Fu(where)c Fs(n)40 b Fu(is)32 b(a)g(natural)g(n)m(um)m(b)s(er)h(\(an) -f(address\).)0 1406 y(Sp)s(ecify)37 b(the)h(op)s(erational)c(seman)m -(tics)j(of)g(the)g(mac)m(hine.)56 b(Y)-8 b(ou)37 b(ma)m(y)g(write)g -Fs(m)7 b Fu([)p Fs(n)g Fu(])37 b(to)g(select)0 1527 y(the)30 -b Fo(n)p Fu(th)g(v)-5 b(alue)28 b(in)h(the)h(list)e Fs(m)36 -b Fu(\(when)31 b Fs(n)36 b Fu(is)29 b(p)s(ositiv)m(e)g(but)h(less)f -(than)h(or)f(equal)g(to)g(the)h(length)0 1647 y(of)i -Fs(m)7 b Fu(\).)44 b(What)32 b(happ)s(ens)i(if)d(w)m(e)j(reference)g -(an)f(address)h(that)e(is)g(outside)h(the)g(memory?)104 -b Fh(2)0 1829 y Fw(Exercise)36 b(3.8)49 b Fu(The)37 b(next)h(step)f(is) -e(to)h(get)h(rid)e(of)h(the)g(op)s(erations)g Fb(branch)p -Fu(\()p Ft(\001)17 b(\001)g(\001)n Fu(,)p Ft(\001)g(\001)g(\001)n -Fu(\))36 b(and)0 1950 y Fb(loop)p Fu(\()p Ft(\001)17 -b(\001)g(\001)o Fu(,)p Ft(\001)g(\001)g(\001)n Fu(\).)79 -b(The)46 b(idea)e(is)g(to)g(in)m(tro)s(duce)g(instructions)h(for)f -Fs(de\014ning)g(lab)-5 b(els)52 b Fu(and)45 b(for)0 2070 -y Fs(jumping)32 b(to)i(lab)-5 b(els)p Fu(.)42 b(The)32 -b(abstract)f(mac)m(hine)f Fw(AM)1932 2085 y Fn(2)2002 -2070 y Fu(di\013ers)h(from)e Fw(AM)2710 2085 y Fn(1)2780 -2070 y Fu(\(of)i(Exercise)h(3.7\))0 2190 y(in)g(that)145 -2359 y Ft(\017)49 b Fu(the)27 b(con\014gurations)f(ha)m(v)m(e)h(the)g -(form)e Ft(h)p Fs(p)-5 b(c)6 b Fu(,)27 b Fs(c)6 b Fu(,)27 -b Fs(e)7 b Fu(,)28 b Fs(m)7 b Ft(i)26 b Fu(where)i Fs(c)6 -b Fu(,)27 b Fs(e)34 b Fu(and)26 b Fs(m)33 b Fu(are)27 -b(as)f(b)s(efore)244 2480 y(and)i Fs(p)-5 b(c)34 b Fu(is)28 -b(the)h(program)e(coun)m(ter)j(\(a)e(natural)f(n)m(um)m(b)s(er\))i(p)s -(oin)m(ting)e(to)h(an)g(instruction)244 2600 y(in)k Fs(c)6 -b Fu(,)32 b(and)145 2792 y Ft(\017)49 b Fu(the)38 b(instructions)f -Fb(branch)p Fu(\()p Ft(\001)17 b(\001)g(\001)n Fu(,)p -Ft(\001)g(\001)g(\001)o Fu(\))37 b(and)h Fb(loop)p Fu(\()p -Ft(\001)17 b(\001)g(\001)n Fu(,)p Ft(\001)g(\001)g(\001)n -Fu(\))38 b(are)f(replaced)h(b)m(y)h(the)f(in-)244 2912 -y(structions)h Fb(label)p Fu(-)p Fs(l)10 b Fu(,)39 b -Fb(jump)p Fu(-)p Fs(l)49 b Fu(and)38 b Fb(jumpf)-9 b(alse)p -Fu(-)p Fs(l)48 b Fu(where)40 b Fs(l)49 b Fu(is)38 b(a)g(lab)s(el)e(\(a) -j(natural)244 3033 y(n)m(um)m(b)s(er\).)0 3201 y(The)31 -b(idea)f(is)f(that)h(w)m(e)h(will)d(execute)k(the)f(instruction)e(in)h -Fs(c)35 b Fu(that)30 b Fs(p)-5 b(c)36 b Fu(p)s(oin)m(ts)30 -b(to)f(and)i(in)e(most)0 3322 y(cases)41 b(this)e(will)e(cause)j(the)g -(program)e(coun)m(ter)i(to)f(b)s(e)h(incremen)m(ted)g(b)m(y)g(1.)63 -b(The)41 b(instruc-)0 3442 y(tion)32 b Fb(label)p Fu(-)p -Fs(l)42 b Fu(has)32 b(no)h(e\013ect)g(except)i(up)s(dating)c(the)i -(program)e(coun)m(ter.)45 b(The)33 b(instruction)0 3563 -y Fb(jump)p Fu(-)p Fs(l)53 b Fu(will)41 b(mo)m(v)m(e)j(the)f(program)f -(coun)m(ter)i(to)f(the)h(unique)f(instruction)g Fb(label)p -Fu(-)p Fs(l)52 b Fu(\(if)42 b(it)0 3683 y(exists\).)51 -b(The)36 b(instruction)d Fb(jumpf)-9 b(alse)p Fu(-)p -Fs(l)45 b Fu(will)33 b(only)h(mo)m(v)m(e)h(the)g(program)f(coun)m(ter)i -(to)e(the)0 3803 y(instruction)j Fb(label)p Fu(-)p Fs(l)48 -b Fu(if)37 b(the)i(v)-5 b(alue)38 b(on)g(top)g(of)g(the)h(stac)m(k)h -(is)e Fw(\013)p Fu(;)j(if)c(it)h(is)g Fw(tt)f Fu(the)i(program)0 -3924 y(coun)m(ter)34 b(will)c(b)s(e)j(incremen)m(ted)g(b)m(y)g(1.)146 -4044 y(Sp)s(ecify)42 b(an)f(op)s(erational)e(seman)m(tics)i(for)g -Fw(AM)1959 4059 y Fn(2)1999 4044 y Fu(.)69 b(Y)-8 b(ou)42 -b(ma)m(y)f(write)g Fs(c)6 b Fu([)p Fs(p)-5 b(c)6 b Fu(])40 -b(for)h(the)h(in-)0 4164 y(struction)h(in)g Fs(c)49 b -Fu(p)s(oin)m(ted)43 b(to)g(b)m(y)i Fs(p)-5 b(c)49 b Fu(\(if)42 -b Fs(p)-5 b(c)49 b Fu(is)43 b(p)s(ositiv)m(e)f(and)i(less)g(than)f(or)h -(equal)f(to)g(the)0 4285 y(length)32 b(of)g Fs(c)6 b -Fu(\).)43 b(What)33 b(happ)s(ens)g(if)f(the)h(same)f(lab)s(el)f(is)h -(de\014ned)i(more)e(than)h(once?)295 b Fh(2)0 4467 y -Fw(Exercise)36 b(3.9)49 b Fu(Finally)-8 b(,)32 b(w)m(e)j(shall)e -(consider)h(an)h(abstract)f(mac)m(hine)g Fw(AM)2838 4482 -y Fn(3)2911 4467 y Fu(where)h(the)g(la-)0 4587 y(b)s(els)f(of)h(the)g -(instructions)f Fb(jump)p Fu(-)p Fs(l)45 b Fu(and)35 -b Fb(jumpf)-9 b(alse)p Fu(-)p Fs(l)44 b Fu(of)34 b(Exercise)i(3.8)f -(are)f Fs(absolute)j(ad-)0 4708 y(dr)-5 b(esses)p Fu(;)32 -b(so)g Fb(jump)p Fu(-7)g(means)g(jump)g(to)g(the)h(7th)f(instruction)g -(of)g(the)g(co)s(de)h(\(rather)f(than)h(to)0 4828 y(the)26 -b(instruction)f Fb(label)p Fu(-7\).)41 b(Sp)s(ecify)26 -b(the)g(op)s(erational)e(seman)m(tics)i(of)f(the)i(mac)m(hine.)40 -b(What)0 4949 y(happ)s(ens)34 b(if)d(w)m(e)j(jump)e(to)g(an)g -(instruction)g(that)g(is)h(not)f(in)g(the)h(co)s(de?)779 -b Fh(2)0 5275 y Fj(3.2)161 b(Sp)t(eci\014cation)53 b(of)h(the)f -(translation)0 5494 y Fu(W)-8 b(e)33 b(shall)e(no)m(w)i(study)h(ho)m(w) -f(to)g(generate)g(co)s(de)g(for)f(the)h(abstract)g(mac)m(hine.)p -eop -%%Page: 70 80 -70 79 bop 251 130 a Fw(70)1535 b(3)112 b(Pro)m(v)-6 b(ably)36 -b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283 -515 a Fp(Expressions)283 700 y Fu(Arithmetic)g(and)h(b)s(o)s(olean)f -(expressions)j(will)c(b)s(e)i(ev)-5 b(aluated)38 b(on)g(the)h(ev)-5 -b(aluation)36 b(stac)m(k)j(of)283 820 y(the)d(mac)m(hine)e(and)g(the)i -(co)s(de)e(to)h(b)s(e)g(generated)g(m)m(ust)g(e\013ect)g(this.)50 -b(This)35 b(is)f(accomplished)283 941 y(b)m(y)g(the)f(\(total\))e -(functions)527 1124 y Ft(C)6 b(A)p Fu(:)44 b Fw(Aexp)32 -b Ft(!)g Fw(Co)s(de)283 1308 y Fu(and)527 1491 y Ft(C)6 -b(B)t Fu(:)44 b Fw(Bexp)32 b Ft(!)g Fw(Co)s(de)283 1674 -y Fu(sp)s(eci\014ed)27 b(in)f(T)-8 b(able)26 b(3.2.)41 -b(Note)26 b(that)g(the)g(co)s(de)h(generated)g(for)e(binary)h -(expressions)i(consists)p 283 1800 V 283 3694 4 1894 -v 715 1909 a Ft(C)6 b(A)p Fu([)-17 b([)q Fs(n)7 b Fu(])-17 -b(])361 b(=)100 b Fb(push)p Fu(-)p Fs(n)715 2077 y Ft(C)6 -b(A)p Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])366 b(=)100 -b Fb(fetch)p Fu(-)p Fs(x)715 2245 y Ft(C)6 b(A)p Fu([)-17 -b([)q Fs(a)948 2260 y Fn(1)987 2245 y Fu(+)p Fs(a)1120 -2260 y Fn(2)1160 2245 y Fu(])g(])154 b(=)100 b Ft(C)6 -b(A)p Fu([)-17 b([)p Fs(a)1759 2260 y Fn(2)1799 2245 -y Fu(])g(]:)p Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)2096 2260 -y Fn(1)2136 2245 y Fu(])g(]:)p Fb(add)715 2412 y Ft(C)6 -b(A)p Fu([)-17 b([)q Fs(a)948 2427 y Fn(1)1020 2412 y -Fo(?)32 b Fs(a)1158 2427 y Fn(2)1198 2412 y Fu(])-17 -b(])116 b(=)100 b Ft(C)6 b(A)p Fu([)-17 b([)p Fs(a)1759 -2427 y Fn(2)1799 2412 y Fu(])g(]:)p Ft(C)6 b(A)p Fu([)-17 -b([)q Fs(a)2096 2427 y Fn(1)2136 2412 y Fu(])g(]:)p Fb(mul)-7 -b(t)715 2580 y Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)948 2595 -y Fn(1)987 2580 y Ft(\000)p Fs(a)1121 2595 y Fn(2)1162 -2580 y Fu(])g(])152 b(=)100 b Ft(C)6 b(A)p Fu([)-17 b([)p -Fs(a)1759 2595 y Fn(2)1799 2580 y Fu(])g(]:)p Ft(C)6 -b(A)p Fu([)-17 b([)q Fs(a)2096 2595 y Fn(1)2136 2580 -y Fu(])g(]:)p Fb(sub)715 2795 y Ft(C)6 b(B)t Fu([)-17 -b([)q Fr(true)p Fu(])g(])230 b(=)100 b Fb(tr)n(ue)715 -2962 y Ft(C)6 b(B)t Fu([)-17 b([)q Fr(false)p Fu(])g(])179 -b(=)100 b Fb(f)-9 b(alse)715 3130 y Ft(C)6 b(B)t Fu([)-17 -b([)q Fs(a)937 3145 y Fn(1)1009 3130 y Fu(=)32 b Fs(a)1174 -3145 y Fn(2)1214 3130 y Fu(])-17 b(])100 b(=)g Ft(C)6 -b(A)p Fu([)-17 b([)p Fs(a)1759 3145 y Fn(2)1799 3130 -y Fu(])g(]:)p Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)2096 3145 -y Fn(1)2136 3130 y Fu(])g(]:)p Fb(eq)715 3298 y Ft(C)6 -b(B)t Fu([)-17 b([)q Fs(a)937 3313 y Fn(1)976 3298 y -Ft(\024)q Fs(a)1111 3313 y Fn(2)1151 3298 y Fu(])g(])163 -b(=)100 b Ft(C)6 b(A)p Fu([)-17 b([)p Fs(a)1759 3313 -y Fn(2)1799 3298 y Fu(])g(]:)p Ft(C)6 b(A)p Fu([)-17 -b([)q Fs(a)2096 3313 y Fn(1)2136 3298 y Fu(])g(]:)p Fb(le)715 -3465 y Ft(C)6 b(B)t Fu([)-17 b([)q Ft(:)p Fs(b)6 b Fu(])-17 -b(])317 b(=)100 b Ft(C)6 b(B)s Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(])q(:)p Fb(neg)715 3633 y Ft(C)6 b(B)t Fu([)-17 -b([)q Fs(b)931 3648 y Fn(1)970 3633 y Ft(^)p Fs(b)1087 -3648 y Fn(2)1127 3633 y Fu(])g(])187 b(=)100 b Ft(C)6 -b(B)s Fu([)-17 b([)q Fs(b)1742 3648 y Fn(2)1781 3633 -y Fu(])g(])q(:)p Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)2061 -3648 y Fn(1)2101 3633 y Fu(])g(]:)p Fb(and)p 3753 3694 -V 283 3697 3473 4 v 1235 3858 a Fu(T)-8 b(able)33 b(3.2:)43 -b(T)-8 b(ranslation)31 b(of)h(expressions)283 4081 y(of)45 -b(the)f(co)s(de)h(for)f(the)h Fs(right)54 b Fu(argumen)m(t)44 -b(follo)m(w)m(ed)g(b)m(y)h(that)g(for)f(the)h Fs(left)54 -b Fu(argumen)m(t)44 b(and)283 4201 y(\014nally)j(the)h(appropriate)f -(instruction)f(for)h(the)h(op)s(erator.)88 b(In)48 b(this)g(w)m(a)m(y)g -(it)f(is)g(ensured)283 4322 y(that)39 b(the)h(argumen)m(ts)f(app)s(ear) -g(on)g(the)g(ev)-5 b(aluation)38 b(stac)m(k)i(in)e(the)i(order)f -(required)g(b)m(y)h(the)283 4442 y(instructions)33 b(\(in)e(T)-8 -b(able)33 b(3.1\).)43 b(Note)32 b(that)h Ft(C)6 b(A)32 -b Fu(and)h Ft(C)6 b(B)36 b Fu(are)d(de\014ned)h(comp)s(ositionally)-8 -b(.)283 4644 y Fw(Example)37 b(3.10)49 b Fu(F)-8 b(or)38 -b(the)i(arithmetic)d(expression)j Fr(x)p Fu(+)p Fr(1)g -Fu(w)m(e)g(calculate)e(the)i(co)s(de)f(as)h(fol-)283 -4764 y(lo)m(ws:)552 4932 y Ft(C)6 b(A)p Fu([)-17 b([)q -Fr(x)p Fu(+)p Fr(1)p Fu(])g(])33 b(=)g Ft(C)6 b(A)o Fu([)-17 -b([)q Fr(1)p Fu(])g(])q(:)p Ft(C)6 b(A)p Fu([)-17 b([)p -Fr(x)p Fu(])g(])q(:)p Fb(add)33 b Fu(=)g Fb(push)p Fu(-)p -Fr(1)p Fu(:)p Fb(fetch)p Fu(-)p Fs(x)12 b Fu(:)p Fb(add)762 -b Fh(2)283 5133 y Fw(Exercise)37 b(3.11)49 b Fu(It)26 -b(is)g(clear)f(that)h Ft(A)p Fu([)-17 b([\()p Fs(a)1809 -5148 y Fn(1)1849 5133 y Fu(+)p Fs(a)1982 5148 y Fn(2)2022 -5133 y Fu(\)+)p Fs(a)2193 5148 y Fn(3)2232 5133 y Fu(])g(])27 -b(equals)f Ft(A)p Fu([)-17 b([)p Fs(a)2759 5148 y Fn(1)2799 -5133 y Fu(+\()p Fs(a)2970 5148 y Fn(2)3010 5133 y Fu(+)p -Fs(a)3143 5148 y Fn(3)3182 5133 y Fu(\)])g(])q(.)41 b(Sho)m(w)27 -b(that)283 5254 y(it)43 b(is)g Fs(not)53 b Fu(the)45 -b(case)f(that)g Ft(C)6 b(A)o Fu([)-17 b([)q(\()p Fs(a)1581 -5269 y Fn(1)1621 5254 y Fu(+)p Fs(a)1754 5269 y Fn(2)1793 -5254 y Fu(\)+)p Fs(a)1964 5269 y Fn(3)2004 5254 y Fu(])g(])44 -b(equals)g Ft(C)6 b(A)p Fu([)-17 b([)p Fs(a)2624 5269 -y Fn(1)2664 5254 y Fu(+\()p Fs(a)2835 5269 y Fn(2)2875 -5254 y Fu(+)p Fs(a)3008 5269 y Fn(3)3047 5254 y Fu(\)])g(])q(.)76 -b(Nonetheless,)283 5374 y(sho)m(w)31 b(that)e Ft(C)6 -b(A)o Fu([)-17 b([)q(\()p Fs(a)1000 5389 y Fn(1)1040 -5374 y Fu(+)p Fs(a)1173 5389 y Fn(2)1212 5374 y Fu(\)+)p -Fs(a)1383 5389 y Fn(3)1423 5374 y Fu(])g(])29 b(and)h -Ft(C)6 b(A)o Fu([)-17 b([)q Fs(a)1908 5389 y Fn(1)1948 -5374 y Fu(+\()p Fs(a)2119 5389 y Fn(2)2158 5374 y Fu(+)p -Fs(a)2291 5389 y Fn(3)2331 5374 y Fu(\)])g(])29 b(do)g(in)g(fact)g -Fs(b)-5 b(ehave)35 b Fu(similar)26 b(to)j(one)283 5494 -y(another.)3046 b Fh(2)p eop -%%Page: 71 81 -71 80 bop 0 130 a Fw(3.2)112 b(Sp)s(eci\014cation)37 -b(of)h(the)f(translation)1596 b(71)p 0 193 3473 4 v 0 -515 a Fp(Statemen)l(ts)0 700 y Fu(The)38 b(translation)e(of)h(statemen) -m(ts)h(in)m(to)f(abstract)h(mac)m(hine)f(co)s(de)g(is)g(giv)m(en)h(b)m -(y)g(the)g(\(total\))0 820 y(function)244 1012 y Ft(C)6 -b(S)i Fu(:)43 b Fw(Stm)32 b Ft(!)g Fw(Co)s(de)0 1204 -y Fu(sp)s(eci\014ed)i(in)e(T)-8 b(able)33 b(3.3.)44 b(The)34 -b(co)s(de)g(generated)g(for)e(an)h(arithmetic)e(expression)j -Fs(a)40 b Fu(ensures)p 0 1336 V 0 2176 4 841 v 432 1445 -a Ft(C)6 b(S)i Fu([)-17 b([)q Fs(x)44 b Fu(:=)32 b Fs(a)7 -b Fu(])-17 b(])757 b(=)100 b Ft(C)6 b(A)p Fu([)-17 b([)p -Fs(a)7 b Fu(])-17 b(])q(:)p Fb(store)p Fu(-)p Fs(x)432 -1612 y Ft(C)6 b(S)i Fu([)-17 b([)q Fr(skip)p Fu(])g(])834 -b(=)100 b Fb(noop)432 1780 y Ft(C)6 b(S)i Fu([)-17 b([)q -Fs(S)663 1795 y Fn(1)702 1780 y Fu(;)p Fs(S)796 1795 -y Fn(2)835 1780 y Fu(])g(])799 b(=)100 b Ft(C)6 b(S)i -Fu([)-17 b([)q Fs(S)2078 1795 y Fn(1)2117 1780 y Fu(])g(]:)p -Ft(C)6 b(S)j Fu([)-17 b([)p Fs(S)2412 1795 y Fn(2)2452 -1780 y Fu(])g(])432 1948 y Ft(C)6 b(S)i Fu([)-17 b([)q -Fr(if)33 b Fs(b)38 b Fr(then)c Fs(S)1119 1963 y Fn(1)1190 -1948 y Fr(else)g Fs(S)1495 1963 y Fn(2)1534 1948 y Fu(])-17 -b(])100 b(=)g Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 -b(])q(:)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17 b([)p -Fs(S)2755 1963 y Fn(1)2795 1948 y Fu(])g(],)p Ft(C)6 -b(S)j Fu([)-17 b([)p Fs(S)3090 1963 y Fn(2)3129 1948 -y Fu(])g(])q(\))432 2115 y Ft(C)6 b(S)i Fu([)-17 b([)q -Fr(while)33 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17 -b(])464 b(=)100 b Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(],)p Ft(C)6 b(S)i Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(]\))p 3469 2176 V 0 2179 3473 -4 v 742 2340 a(T)-8 b(able)32 b(3.3:)43 b(T)-8 b(ranslation)31 -b(of)h(statemen)m(ts)i(in)d Fw(While)0 2550 y Fu(that)45 -b(the)h(v)-5 b(alue)45 b(of)g(the)h(expression)h(is)e(on)g(top)h(of)f -(the)g(ev)-5 b(aluation)44 b(stac)m(k)j(when)g(it)d(has)0 -2670 y(b)s(een)e(computed.)70 b(So)41 b(in)f(the)i(co)s(de)f(for)g -Fs(x)53 b Fu(:=)41 b Fs(a)49 b Fu(it)40 b(su\016ces)j(to)e(app)s(end)h -(the)f(co)s(de)h(for)f Fs(a)0 2790 y Fu(with)g(the)g(instruction)f -Fb(store)p Fu(-)p Fs(x)12 b Fu(.)67 b(This)41 b(instruction)f(assigns)h -Fs(x)53 b Fu(the)41 b(appropriate)f(v)-5 b(alue)0 2911 -y(and)36 b(additionally)d(p)s(ops)j(the)h(stac)m(k.)55 -b(F)-8 b(or)36 b(the)g Fr(skip)p Fu(-statemen)m(t)h(w)m(e)g(generate)g -(the)g Fb(noop)p Fu(-)0 3031 y(instruction.)42 b(F)-8 -b(or)30 b(sequencing)j(of)d(statemen)m(ts)i(w)m(e)h(just)e(concatenate) -h(the)g(t)m(w)m(o)f(instruction)0 3152 y(sequences.)73 -b(When)42 b(generating)f(co)s(de)h(for)f(the)h(conditional,)f(the)g(co) -s(de)h(for)f(the)h(b)s(o)s(olean)0 3272 y(expression)d(will)c(ensure)k -(that)f(a)f(truth)h(v)-5 b(alue)37 b(will)e(b)s(e)j(placed)f(on)h(top)f -(of)g(the)h(ev)-5 b(aluation)0 3392 y(stac)m(k)48 b(and)g(the)f -Fb(branch)p Fu(-instruction)f(will)f(then)i(insp)s(ect)h(\(and)f(p)s -(op\))g(that)g(v)-5 b(alue)46 b(and)0 3513 y(select)28 -b(the)g(appropriate)e(piece)i(of)f(co)s(de.)42 b(Finally)-8 -b(,)26 b(the)h(co)s(de)h(for)f(the)h Fr(while)p Fu(-construct)h(uses)0 -3633 y(the)38 b Fb(loop)p Fu(-instruction.)56 b(Again)35 -b(w)m(e)k(ma)m(y)d(note)i(that)f Ft(C)6 b(S)45 b Fu(is)36 -b(de\014ned)j(in)d(a)h(comp)s(ositional)0 3754 y(manner.)0 -3966 y Fw(Example)g(3.12)49 b Fu(The)33 b(co)s(de)f(generated)h(for)f -(the)g(factorial)e(statemen)m(t)j(considered)g(earlier)0 -4087 y(is)f(as)h(follo)m(ws:)244 4279 y Ft(C)6 b(S)i -Fu([)-17 b([)q Fr(y)p Fu(:=)p Fr(1)p Fu(;)33 b Fr(while)g -Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p -Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p -Fr(x)p Ft(\000)p Fr(1)p Fu(\)])-17 b(])370 4446 y(=)32 -b Ft(C)6 b(S)i Fu([)-17 b([)q Fr(y)p Fu(:=)p Fr(1)p Fu(])g(])q(:)p -Ft(C)6 b(S)i Fu([)-17 b([)q Fr(while)34 b Ft(:)p Fu(\()p -Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p -Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p -Fr(1)p Fu(\)])-17 b(])370 4614 y(=)32 b Ft(C)6 b(A)p -Fu([)-17 b([)q(1])g(]:)p Fb(store)p Fu(-)p Fr(y)p Fu(:)p -Fb(loop)p Fu(\()p Ft(C)6 b(B)s Fu([)-17 b([)q Ft(:)p -Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q(,)p Ft(C)6 -b(S)j Fu([)-17 b([)p Fr(y)p Fu(:=)p Fr(y)33 b Fo(?)f -Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p -Fu(])-17 b(])r(\))370 4782 y(=)32 b Fb(push)p Fu(-)p -Fr(1)p Fu(:)p Fb(store)p Fu(-)p Fr(y)p Fu(:)p Fb(loop)p -Fu(\()p Ft(C)6 b(B)s Fu([)-17 b([)p Fr(x)p Fu(=)p Fr(1)p -Fu(])g(])q(:)p Fb(neg)p Fu(,)p Ft(C)6 b(S)i Fu([)-17 -b([)q Fr(y)p Fu(:=)p Fr(y)33 b Fo(?)f Fr(x)p Fu(])-17 -b(])q(:)p Ft(C)6 b(S)i Fu([)-17 b([)q Fr(x)p Fu(:=)p -Fr(x)p Ft(\000)p Fr(1)p Fu(])g(])r(\))370 4925 y(.)370 -4958 y(.)370 4991 y(.)370 5159 y(=)32 b Fb(push)p Fu(-)p -Fr(1)p Fu(:)p Fb(store)p Fu(-)p Fr(y)p Fu(:)p Fb(loop)p -Fu(\()p Fb(push)p Fu(-)p Fr(1)p Fu(:)p Fb(fetch)p Fu(-)p -Fr(x)p Fu(:)p Fb(eq)p Fu(:)p Fb(neg)p Fu(,)1478 5326 -y Fb(fetch)p Fu(-)p Fr(x)p Fu(:)p Fb(fetch)p Fu(-)p Fr(y)p -Fu(:)p Fb(mul)-7 b(t)p Fu(:)p Fb(store)p Fu(-)p Fr(y)p -Fu(:)1654 5494 y Fb(push)p Fu(-)p Fr(1)p Fu(:)p Fb(fetch)p -Fu(-)p Fr(x)p Fu(:)p Fb(sub)p Fu(:)p Fb(store)p Fu(-)p -Fr(x)p Fu(\))412 b Fh(2)p eop -%%Page: 72 82 -72 81 bop 251 130 a Fw(72)1535 b(3)112 b(Pro)m(v)-6 b(ably)36 -b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283 -515 a(Exercise)g(3.13)49 b Fu(Use)33 b Ft(C)6 b(S)41 -b Fu(to)32 b(generate)h(co)s(de)g(for)f(the)h(statemen)m(t)527 -727 y Fr(z)p Fu(:=)p Fr(0)p Fu(;)g Fr(while)h(y)p Ft(\024)q -Fr(x)f(do)g Fu(\()p Fr(z)p Fu(:=)p Fr(z)p Fu(+)p Fr(1)p -Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(y)p Fu(\))283 -939 y(T)-8 b(race)41 b(the)e(computation)f(of)h(the)h(co)s(de)g -(starting)e(from)g(a)h(storage)h(where)g Fr(x)g Fu(is)f -Fw(17)g Fu(and)h Fr(y)283 1059 y Fu(is)33 b Fw(5)p Fu(.)3216 -b Fh(2)283 1300 y Fw(Exercise)37 b(3.14)49 b Fu(Extend)34 -b Fw(While)e Fu(with)h(the)h(construct)g Fr(repeat)h -Fs(S)45 b Fr(until)34 b Fs(b)39 b Fu(and)33 b(sp)s(ecify)283 -1420 y(ho)m(w)h(to)e(generate)h(co)s(de)f(for)g(it.)43 -b(Note)32 b(that)g(the)h(de\014nition)e(has)i(to)f(b)s(e)h(comp)s -(ositional)c(and)283 1540 y(that)k(it)e(is)h Fs(not)42 -b Fu(necessary)35 b(to)e(extend)h(the)f(instruction)e(set)j(of)e(the)h -(abstract)g(mac)m(hine.)93 b Fh(2)283 1780 y Fw(Exercise)37 -b(3.15)49 b Fu(Extend)42 b Fw(While)c Fu(with)j(the)f(construct)i -Fr(for)f Fs(x)52 b Fu(:=)41 b Fs(a)2989 1795 y Fn(1)3069 -1780 y Fr(to)g Fs(a)3269 1795 y Fn(2)3349 1780 y Fr(do)g -Fs(S)52 b Fu(and)283 1901 y(sp)s(ecify)38 b(ho)m(w)h(to)e(generate)h -(co)s(de)g(for)f(it.)57 b(As)38 b(in)f(Exercise)i(3.14)e(the)h -(de\014nition)f(has)g(to)h(b)s(e)283 2021 y(comp)s(ositional)26 -b(but)j(y)m(ou)g(ma)m(y)g(ha)m(v)m(e)h(to)f(in)m(tro)s(duce)f(an)h -(instruction)f Fb(copy)h Fu(that)f(duplicates)283 2142 -y(the)33 b(elemen)m(t)g(on)f(top)h(of)f(the)h(ev)-5 b(aluation)31 -b(stac)m(k.)1569 b Fh(2)283 2441 y Fp(The)45 b(seman)l(tic)h(function)f -FC(S)1723 2459 y Fk(am)283 2629 y Fu(The)e(meaning)d(of)i(a)f(statemen) -m(t)h Fs(S)54 b Fu(can)42 b(no)m(w)g(b)s(e)g(obtained)f(b)m(y)i -(\014rst)f(translating)e(it)h(in)m(to)283 2749 y(co)s(de)33 -b(for)f Fw(AM)g Fu(and)h(next)g(executing)g(the)g(co)s(de)f(on)h(the)f -(abstract)h(mac)m(hine.)43 b(The)33 b(e\013ect)g(of)283 -2870 y(this)g(is)f(expressed)j(b)m(y)f(the)f(function)527 -3082 y Ft(S)595 3097 y Fn(am)693 3082 y Fu(:)44 b Fw(Stm)32 -b Ft(!)g Fu(\()p Fw(State)g Fo(,)-17 b Ft(!)33 b Fw(State)p -Fu(\))283 3294 y(de\014ned)h(b)m(y)527 3505 y Ft(S)595 -3520 y Fn(am)693 3505 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])33 b(=)f(\()p Ft(M)g(\016)h(C)6 b(S)i Fu(\)[)-17 -b([)p Fs(S)12 b Fu(])-17 b(])283 3747 y Fw(Exercise)37 -b(3.16)49 b Fu(Mo)s(dify)27 b(the)h(co)s(de)g(generation)f(so)h(as)g -(to)f(translate)g Fw(While)f Fu(in)m(to)h(co)s(de)h(for)283 -3868 y(the)40 b(abstract)f(mac)m(hine)g Fw(AM)1424 3883 -y Fn(1)1502 3868 y Fu(of)g(Exercise)h(3.7.)63 b(Y)-8 -b(ou)39 b(ma)m(y)g(assume)g(the)h(existence)h(of)d(a)283 -3988 y(function)527 4200 y Fs(env)11 b Fu(:)43 b Fw(V)-9 -b(ar)32 b Ft(!)g Fw(N)283 4412 y Fu(that)f(maps)g(v)-5 -b(ariables)30 b(to)g(their)h(addresses.)45 b(Apply)31 -b(the)h(co)s(de)f(generation)f(function)h(to)f(the)283 -4532 y(factorial)e(statemen)m(t)j(of)e(Exercise)j(1.1)e(and)g(execute)i -(the)f(co)s(de)f(so)g(obtained)g(starting)f(from)283 -4652 y(a)k(memory)e(where)j Fr(x)f Fu(is)f Fw(3)p Fu(.)2393 -b Fh(2)283 4893 y Fw(Exercise)37 b(3.17)49 b Fu(Mo)s(dify)27 -b(the)h(co)s(de)g(generation)f(so)h(as)g(to)f(translate)g -Fw(While)f Fu(in)m(to)h(co)s(de)h(for)283 5013 y(the)36 -b(abstract)f(mac)m(hine)f Fw(AM)1411 5028 y Fn(2)1486 -5013 y Fu(of)g(Exercise)i(3.8.)50 b(Be)35 b(careful)g(to)f(generate)i -(unique)f(lab)s(els,)283 5133 y(for)e(example)f(b)m(y)i(ha)m(ving)f -(\\the)g(next)h(un)m(used)h(lab)s(el")c(as)i(an)g(additional)d -(parameter)j(to)f(the)283 5254 y(co)s(de)44 b(generation)f(functions.) -76 b(Apply)44 b(the)g(co)s(de)g(generation)e(function)h(to)g(the)h -(factorial)283 5374 y(statemen)m(t)34 b(and)f(execute)i(the)f(co)s(de)g -(so)f(obtained)g(starting)f(from)g(a)g(memory)h(where)h -Fr(x)f Fu(has)283 5494 y(the)g(v)-5 b(alue)32 b Fw(3)p -Fu(.)2895 b Fh(2)p eop -%%Page: 73 83 -73 82 bop 0 130 a Fw(3.3)112 b(Correctness)2530 b(73)p -0 193 3473 4 v 0 515 a Fj(3.3)161 b(Correctness)0 734 -y Fu(The)33 b(correctness)g(of)f(the)g(implemen)m(tation)c(amoun)m(ts)k -(to)f(sho)m(wing)h(that,)g(if)f(w)m(e)h(\014rst)h(trans-)0 -855 y(late)42 b(a)i(statemen)m(t)f(in)m(to)g(co)s(de)h(for)e -Fw(AM)i Fu(and)f(then)h(execute)h(that)e(co)s(de,)k(then)d(w)m(e)g(m)m -(ust)0 975 y(obtain)31 b(the)i(same)g(result)f(as)h(sp)s(eci\014ed)h(b) -m(y)f(the)g(op)s(erational)d(seman)m(tics)j(of)f Fw(While)p -Fu(.)0 1263 y Fp(Expressions)0 1447 y Fu(The)40 b(correctness)i(of)d -(the)g(implemen)m(tation)d(of)j(arithmetic)e(expressions)42 -b(is)c(expressed)k(b)m(y)0 1568 y(the)33 b(follo)m(wing)d(lemma:)p -0 1688 3473 5 v 0 1854 a Fw(Lemma)37 b(3.18)49 b Fu(F)-8 -b(or)32 b(all)e(arithmetic)h(expressions)j Fs(a)40 b -Fu(w)m(e)34 b(ha)m(v)m(e)244 2049 y Ft(hC)6 b(A)o Fu([)-17 -b([)q Fs(a)7 b Fu(])-17 b(])q(,)32 b Fo(")p Fu(,)h Fs(s)8 -b Ft(i)32 b Fh(\003)915 2013 y Fi(\003)987 2049 y Ft(h)o -Fo(")p Fu(,)h Ft(A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 -b(])q Fs(s)8 b Fu(,)32 b Fs(s)8 b Ft(i)0 2244 y Fu(F)-8 -b(urthermore,)51 b(all)45 b(in)m(termediate)h(con\014gurations)h(of)g -(this)h(computation)e(sequence)k(will)0 2365 y(ha)m(v)m(e)34 -b(a)e(non-empt)m(y)h(ev)-5 b(aluation)31 b(stac)m(k.)p -0 2485 V 0 2680 a Fw(Pro)s(of:)40 b Fu(The)d(pro)s(of)d(is)h(b)m(y)h -(structural)g(induction)e(on)h Fs(a)7 b Fu(.)52 b(Belo)m(w)36 -b(w)m(e)g(shall)e(giv)m(e)h(the)h(pro)s(of)0 2800 y(for)c(three)h -(illustrativ)m(e)e(cases,)j(lea)m(ving)d(the)i(remaining)d(ones)k(as)f -(an)f(exercise.)0 2968 y Fw(The)h(case)g Fs(n)7 b Fu(:)44 -b(W)-8 b(e)33 b(ha)m(v)m(e)h Ft(C)6 b(A)o Fu([)-17 b([)q -Fs(n)7 b Fu(])-17 b(])33 b(=)g Fb(push)p Fu(-)p Fs(n)38 -b Fu(and)33 b(from)e(T)-8 b(able)33 b(3.1)f(w)m(e)h(get)244 -3163 y Ft(h)p Fb(push)p Fu(-)p Fs(n)7 b Fu(,)31 b Fo(")p -Fu(,)i Fs(s)8 b Ft(i)32 b Fh(\003)h Ft(h)p Fo(")o Fu(,)g -Ft(N)14 b Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])q(,)32 -b Fs(s)8 b Ft(i)0 3358 y Fu(Since)33 b Ft(A)o Fu([)-17 -b([)q Fs(n)7 b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 b Ft(N)14 -b Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])33 b(\(see)h(T)-8 -b(able)32 b(1.1\))g(w)m(e)i(ha)m(v)m(e)g(completed)e(the)h(pro)s(of)e -(in)h(this)g(case.)0 3526 y Fw(The)h(case)g Fs(x)12 b -Fu(:)43 b(W)-8 b(e)33 b(ha)m(v)m(e)h Ft(C)6 b(A)p Fu([)-17 -b([)q Fs(x)12 b Fu(])-17 b(])32 b(=)h Fb(fetch)p Fu(-)p -Fs(x)44 b Fu(and)32 b(from)g(T)-8 b(able)32 b(3.1)g(w)m(e)i(get)244 -3721 y Ft(h)p Fb(fetch)p Fu(-)p Fs(x)12 b Fu(,)31 b Fo(")p -Fu(,)i Fs(s)8 b Ft(i)32 b Fh(\003)h Ft(h)p Fo(")o Fu(,)g(\()p -Fs(s)41 b(x)12 b Fu(\),)32 b Fs(s)8 b Ft(i)0 3916 y Fu(Since)33 -b Ft(A)o Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])p Fs(s)41 -b Fu(=)32 b Fs(s)41 b(x)j Fu(this)32 b(is)g(the)h(required)h(result.)0 -4083 y Fw(The)44 b(case)g Fs(a)535 4098 y Fn(1)574 4083 -y Fu(+)p Fs(a)707 4098 y Fn(2)747 4083 y Fu(:)65 b(W)-8 -b(e)44 b(ha)m(v)m(e)g Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)1486 -4098 y Fn(1)1525 4083 y Fu(+)p Fs(a)1658 4098 y Fn(2)1698 -4083 y Fu(])g(])44 b(=)f Ft(C)6 b(A)p Fu([)-17 b([)q -Fs(a)2131 4098 y Fn(2)2170 4083 y Fu(])g(])q(:)p Ft(C)6 -b(A)p Fu([)-17 b([)p Fs(a)2467 4098 y Fn(1)2507 4083 -y Fu(])g(])q(:)p Fb(add)p Fu(.)76 b(The)44 b(induction)0 -4204 y(h)m(yp)s(othesis)34 b(applied)d(to)h Fs(a)998 -4219 y Fn(1)1071 4204 y Fu(and)g Fs(a)1317 4219 y Fn(2)1389 -4204 y Fu(giv)m(es)h(that)244 4399 y Ft(hC)6 b(A)o Fu([)-17 -b([)q Fs(a)515 4414 y Fn(1)555 4399 y Fu(])g(],)33 b -Fo(")p Fu(,)f Fs(s)8 b Ft(i)33 b Fh(\003)954 4363 y Fi(\003)1026 -4399 y Ft(h)p Fo(")o Fu(,)g Ft(A)p Fu([)-17 b([)p Fs(a)1344 -4414 y Fn(1)1384 4399 y Fu(])g(])p Fs(s)8 b Fu(,)33 b -Fs(s)8 b Ft(i)0 4594 y Fu(and)244 4789 y Ft(hC)e(A)o -Fu([)-17 b([)q Fs(a)515 4804 y Fn(2)555 4789 y Fu(])g(],)33 -b Fo(")p Fu(,)f Fs(s)8 b Ft(i)33 b Fh(\003)954 4753 y -Fi(\003)1026 4789 y Ft(h)p Fo(")o Fu(,)g Ft(A)p Fu([)-17 -b([)p Fs(a)1344 4804 y Fn(2)1384 4789 y Fu(])g(])p Fs(s)8 -b Fu(,)33 b Fs(s)8 b Ft(i)0 4984 y Fu(In)46 b(b)s(oth)f(cases)i(all)d -(in)m(termediate)g(con\014gurations)h(will)e(ha)m(v)m(e)k(a)e(non-empt) -m(y)h(ev)-5 b(aluation)0 5104 y(stac)m(k.)45 b(Using)32 -b(Exercise)i(3.4)e(w)m(e)i(get)e(that)244 5299 y Ft(hC)6 -b(A)o Fu([)-17 b([)q Fs(a)515 5314 y Fn(2)555 5299 y -Fu(])g(]:)p Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)852 5314 -y Fn(1)892 5299 y Fu(])g(]:)p Fb(add)p Fu(,)33 b Fo(")p -Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)1503 5263 y Fi(\003)1575 -5299 y Ft(hC)6 b(A)p Fu([)-17 b([)q Fs(a)1847 5314 y -Fn(1)1886 5299 y Fu(])g(])q(:)p Fb(add)p Fu(,)33 b Ft(A)p -Fu([)-17 b([)p Fs(a)2370 5314 y Fn(2)2410 5299 y Fu(])g(])p -Fs(s)8 b Fu(,)33 b Fs(s)8 b Ft(i)0 5494 y Fu(Applying)32 -b(the)h(exercise)h(once)f(more)f(w)m(e)h(get)g(that)p -eop -%%Page: 74 84 -74 83 bop 251 130 a Fw(74)1535 b(3)112 b(Pro)m(v)-6 b(ably)36 -b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 527 -515 a Ft(hC)6 b(A)p Fu([)-17 b([)p Fs(a)798 530 y Fn(1)838 -515 y Fu(])g(])q(:)p Fb(add)p Fu(,)33 b Ft(A)p Fu([)-17 -b([)p Fs(a)1322 530 y Fn(2)1362 515 y Fu(])g(])p Fs(s)8 -b Fu(,)33 b Fs(s)8 b Ft(i)32 b Fh(\003)1704 479 y Fi(\003)1776 -515 y Ft(h)p Fb(add)p Fu(,)h(\()p Ft(A)o Fu([)-17 b([)q -Fs(a)2272 530 y Fn(1)2312 515 y Fu(])g(])p Fs(s)8 b Fu(\):\()p -Ft(A)p Fu([)-17 b([)p Fs(a)2674 530 y Fn(2)2714 515 y -Fu(])g(])q Fs(s)8 b Fu(\),)32 b Fs(s)8 b Ft(i)283 709 -y Fu(Using)33 b(the)g(transition)e(relation)f(for)i Fb(add)h -Fu(giv)m(en)g(in)f(T)-8 b(able)32 b(3.1)g(w)m(e)i(get)527 -903 y Ft(h)p Fb(add)p Fu(,)f(\()p Ft(A)p Fu([)-17 b([)p -Fs(a)1023 918 y Fn(1)1063 903 y Fu(])g(])q Fs(s)8 b Fu(\):\()p -Ft(A)o Fu([)-17 b([)q Fs(a)1426 918 y Fn(2)1465 903 y -Fu(])g(])q Fs(s)8 b Fu(\),)33 b Fs(s)8 b Ft(i)32 b Fh(\003)h -Ft(h)p Fo(")o Fu(,)g Ft(A)p Fu([)-17 b([)p Fs(a)2196 -918 y Fn(1)2236 903 y Fu(])g(])p Fs(s)8 b Fu(+)p Ft(A)p -Fu([)-17 b([)q Fs(a)2572 918 y Fn(2)2611 903 y Fu(])g(])q -Fs(s)8 b Fu(,)33 b Fs(s)8 b Ft(i)283 1097 y Fu(It)25 -b(is)e(easy)j(to)e(c)m(hec)m(k)i(that)e(all)e(in)m(termediate)h -(con\014gurations)h(ha)m(v)m(e)h(a)f(non-empt)m(y)h(ev)-5 -b(aluation)283 1217 y(stac)m(k.)45 b(Since)33 b Ft(A)o -Fu([)-17 b([)q Fs(a)1000 1232 y Fn(1)1040 1217 y Fu(+)p -Fs(a)1173 1232 y Fn(2)1212 1217 y Fu(])g(])q Fs(s)41 -b Fu(=)32 b Ft(A)o Fu([)-17 b([)q Fs(a)1613 1232 y Fn(1)1653 -1217 y Fu(])g(])p Fs(s)41 b Fu(+)32 b Ft(A)p Fu([)-17 -b([)p Fs(a)2053 1232 y Fn(2)2093 1217 y Fu(])g(])q Fs(s)40 -b Fu(w)m(e)34 b(ha)m(v)m(e)g(the)f(desired)g(result.)336 -b Fh(2)430 1421 y Fu(W)-8 b(e)33 b(ha)m(v)m(e)h(a)e(similar)d(result)k -(for)f(b)s(o)s(olean)f(expressions:)283 1636 y Fw(Exercise)37 -b(3.19)49 b(\(Essen)m(tial\))30 b Fu(Sho)m(w)k(that)e(for)g(all)e(b)s -(o)s(olean)h(expressions)k Fs(b)j Fu(w)m(e)c(ha)m(v)m(e)527 -1830 y Ft(hC)6 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 -b(])q(,)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)1181 -1794 y Fi(\003)1253 1830 y Ft(h)o Fo(")p Fu(,)h Ft(B)s -Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)8 b Fu(,)33 -b Fs(s)8 b Ft(i)283 2024 y Fu(F)-8 b(urthermore,)48 b(sho)m(w)d(that)g -(all)d(in)m(termediate)i(con\014gurations)g(of)g(this)g(computation)g -(se-)283 2144 y(quence)35 b(will)30 b(ha)m(v)m(e)k(a)e(non-empt)m(y)h -(ev)-5 b(aluation)31 b(stac)m(k.)1385 b Fh(2)283 2432 -y Fp(Statemen)l(ts)283 2616 y Fu(When)42 b(form)m(ulating)c(the)j -(correctness)h(of)e(the)h(result)g(for)f(statemen)m(ts)i(w)m(e)f(ha)m -(v)m(e)h(a)e(c)m(hoice)283 2737 y(b)s(et)m(w)m(een)35 -b(using)429 2931 y Ft(\017)48 b Fu(the)33 b(natural)f(seman)m(tics,)h -(or)429 3131 y Ft(\017)48 b Fu(the)33 b(structural)g(op)s(erational)d -(seman)m(tics.)283 3325 y(Here)e(w)m(e)g(shall)d(use)j(the)f(natural)f -(seman)m(tics)h(but)g(in)f(the)i(next)f(section)g(w)m(e)h(sk)m(etc)m(h) -h(the)f(pro)s(of)283 3445 y(in)k(the)h(case)h(where)g(the)f(structural) -f(op)s(erational)e(seman)m(tics)j(is)f(used.)430 3565 -y(The)k(correctness)i(of)d(the)h(translation)d(of)i(statemen)m(ts)i(is) -e(expressed)j(b)m(y)f(the)f(follo)m(wing)283 3686 y(theorem:)p -283 3806 3473 5 v 283 3971 a Fw(Theorem)i(3.20)49 b Fu(F)-8 -b(or)31 b(ev)m(ery)k(statemen)m(t)e Fs(S)44 b Fu(of)32 -b Fw(While)f Fu(w)m(e)j(ha)m(v)m(e)g Ft(S)2863 3986 y -Fn(ns)2934 3971 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])33 -b(=)g Ft(S)3284 3986 y Fn(am)3383 3971 y Fu([)-17 b([)p -Fs(S)12 b Fu(])-17 b(])q(.)p 283 4091 V 430 4285 a(This)28 -b(theorem)g(relates)g(the)h(b)s(eha)m(viour)f(of)g(a)g(statemen)m(t)h -(under)g(the)g(natural)e(seman)m(tics)283 4406 y(with)47 -b(the)g(b)s(eha)m(viour)f(of)g(the)h(co)s(de)g(on)g(the)g(abstract)g -(mac)m(hine)f(under)h(its)f(op)s(erational)283 4526 y(seman)m(tics.)e -(In)33 b(analogy)e(with)i(Theorem)g(2.26)e(it)h(expresses)k(t)m(w)m(o)d -(prop)s(erties:)429 4720 y Ft(\017)48 b Fu(If)27 b(the)g(execution)g -(of)f Fs(S)38 b Fu(from)26 b(some)g(state)h(terminates)f(in)g(one)g(of) -h(the)f(seman)m(tics)h(then)527 4840 y(it)32 b(also)g(terminates)f(in)h -(the)h(other)g(and)g(the)g(resulting)e(states)j(will)c(b)s(e)j(equal.) -429 5040 y Ft(\017)48 b Fu(F)-8 b(urthermore,)39 b(if)e(the)i -(execution)g(of)f Fs(S)50 b Fu(from)37 b(some)h(state)g(lo)s(ops)f(in)h -(one)g(of)g(the)h(se-)527 5161 y(man)m(tics)32 b(then)h(it)f(will)e -(also)i(lo)s(op)f(in)h(the)h(other.)283 5355 y(The)d(theorem)e(is)f -(pro)m(v)m(ed)j(in)e(t)m(w)m(o)h(stages)f(as)h(expressed)i(b)m(y)e -(Lemmas)e(3.21)h(and)g(3.22)g(b)s(elo)m(w.)283 5475 y(W)-8 -b(e)33 b(shall)f(\014rst)h(pro)m(v)m(e:)p eop -%%Page: 75 85 -75 84 bop 0 130 a Fw(3.3)112 b(Correctness)2530 b(75)p -0 193 3473 4 v 0 515 3473 5 v 0 683 a(Lemma)37 b(3.21)49 -b Fu(F)-8 b(or)31 b(ev)m(ery)j(statemen)m(t)e Fs(S)44 -b Fu(of)32 b Fw(While)e Fu(and)i(states)h Fs(s)40 b Fu(and)32 -b Fs(s)2844 647 y Fi(0)2867 683 y Fu(,)g(w)m(e)h(ha)m(v)m(e)h(that)244 -880 y(if)d Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 -b(!)f Fs(s)798 843 y Fi(0)886 880 y Fu(then)i Ft(h)o(C)6 -b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 b Fo(")p -Fu(,)f Fs(s)8 b Ft(i)33 b Fh(\003)1777 843 y Fi(\003)1849 -880 y Ft(h)p Fo(")o Fu(,)g Fo(")p Fu(,)f Fs(s)2146 843 -y Fi(0)2170 880 y Ft(i)0 1076 y Fu(So)48 b(if)f(the)h(execution)h(of)e -Fs(S)60 b Fu(from)47 b Fs(s)56 b Fu(terminates)47 b(in)g(the)h(natural) -f(seman)m(tics)h(then)h(the)0 1197 y(execution)34 b(of)e(the)h(co)s(de) -g(for)g Fs(S)44 b Fu(from)32 b(storage)g Fs(s)41 b Fu(will)31 -b(terminate)g(and)i(the)h(resulting)d(states)0 1317 y(and)i(storages)g -(will)d(b)s(e)j(equal.)p 0 1437 V 0 1634 a Fw(Pro)s(of:)e -Fu(W)-8 b(e)27 b(pro)s(ceed)h(b)m(y)g(induction)e(on)g(the)i(shap)s(e)f -(of)g(the)g(deriv)-5 b(ation)25 b(tree)j(for)e Ft(h)p -Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)o(!)p Fs(s)3422 1598 -y Fi(0)3445 1634 y Fu(.)0 1802 y Fw(The)33 b(case)g Fu([ass)608 -1817 y Fn(ns)680 1802 y Fu(]:)44 b(W)-8 b(e)33 b(assume)g(that)244 -1998 y Ft(h)p Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(,)32 b Fs(s)8 -b Ft(i!)p Fs(s)794 1962 y Fi(0)0 2195 y Fu(where)34 b -Fs(s)330 2159 y Fi(0)353 2195 y Fu(=)p Fs(s)8 b Fu([)p -Fs(x)k Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q -Fs(s)8 b Fu(].)43 b(F)-8 b(rom)31 b(T)-8 b(able)33 b(3.3)f(w)m(e)h(ha)m -(v)m(e)244 2391 y Ft(C)6 b(S)i Fu([)-17 b([)q Fs(x)12 -b Fu(:=)p Fs(a)7 b Fu(])-17 b(])33 b(=)f Ft(C)6 b(A)p -Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q(:)p Fb(store)p -Fu(-)p Fs(x)0 2588 y Fu(F)-8 b(rom)31 b(Lemma)g(3.18)h(applied)g(to)g -Fs(a)40 b Fu(w)m(e)33 b(get)244 2785 y Ft(hC)6 b(A)o -Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q(,)32 b Fo(")p -Fu(,)h Fs(s)8 b Ft(i)32 b Fh(\003)915 2749 y Fi(\003)987 -2785 y Ft(h)o Fo(")p Fu(,)h Ft(A)o Fu([)-17 b([)q Fs(a)7 -b Fu(])-17 b(])q Fs(s)8 b Fu(,)32 b Fs(s)8 b Ft(i)0 2981 -y Fu(and)33 b(then)g(Exercise)h(3.4)e(giv)m(es)h(the)g(\014rst)g(part)f -(of)244 3178 y Ft(hC)6 b(A)o Fu([)-17 b([)q Fs(a)7 b -Fu(])-17 b(])q(:)p Fb(store)p Fu(-)p Fs(x)12 b Fu(,)31 -b Fo(")p Fu(,)i Fs(s)8 b Ft(i)32 b Fh(\003)1314 3142 -y Fi(\003)1386 3178 y Ft(h)p Fb(store)p Fu(-)p Fs(x)12 -b Fu(,)31 b(\()p Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 -b(])q Fs(s)8 b Fu(\),)33 b Fs(s)8 b Ft(i)1237 3346 y -Fh(\003)72 b Ft(h)p Fo(")p Fu(,)32 b Fo(")p Fu(,)h Fs(s)8 -b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 -b(])q Fs(s)8 b Fu(])p Ft(i)0 3542 y Fu(and)35 b(the)g(second)h(part)e -(follo)m(ws)g(from)f(the)i(op)s(erational)d(seman)m(tics)j(for)f -Fb(store)p Fu(-)p Fs(x)45 b Fu(giv)m(en)35 b(in)0 3663 -y(T)-8 b(able)32 b(3.1.)43 b(Since)33 b Fs(s)766 3626 -y Fi(0)822 3663 y Fu(=)f Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)p -Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])33 -b(this)f(completes)g(the)h(pro)s(of.)0 3830 y Fw(The)g(case)g -Fu([skip)654 3845 y Fn(ns)726 3830 y Fu(]:)43 b(Straigh)m(tforw)m(ard.) -0 3998 y Fw(The)33 b(case)g Fu([comp)711 4013 y Fn(ns)782 -3998 y Fu(]:)43 b(Assume)34 b(that)244 4194 y Ft(h)p -Fs(S)350 4209 y Fn(1)389 4194 y Fu(;)p Fs(S)483 4209 -y Fn(2)522 4194 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)g Fs(s)881 -4158 y Fi(00)0 4391 y Fu(holds)g(b)s(ecause)244 4588 -y Ft(h)p Fs(S)350 4603 y Fn(1)389 4588 y Fu(,)h Fs(s)8 -b Ft(i)32 b(!)g Fs(s)748 4551 y Fi(0)804 4588 y Fu(and)h -Ft(h)o Fs(S)1099 4603 y Fn(2)1139 4588 y Fu(,)f Fs(s)1246 -4551 y Fi(0)1270 4588 y Ft(i)g(!)g Fs(s)1521 4551 y Fi(00)0 -4784 y Fu(F)-8 b(rom)31 b(T)-8 b(able)32 b(3.3)g(w)m(e)i(ha)m(v)m(e)244 -4981 y Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)475 4996 y Fn(1)514 -4981 y Fu(;)p Fs(S)608 4996 y Fn(2)647 4981 y Fu(])g(])33 -b(=)g Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)1056 4996 y Fn(1)1096 -4981 y Fu(])g(]:)p Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)1391 -4996 y Fn(2)1430 4981 y Fu(])g(])0 5177 y(W)-8 b(e)44 -b(shall)e(no)m(w)i(apply)g(the)g(induction)e(h)m(yp)s(othesis)j(to)e -(the)h(premises)g Ft(h)p Fs(S)2850 5192 y Fn(1)2889 5177 -y Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)3248 5141 y Fi(0)3315 -5177 y Fu(and)0 5298 y Ft(h)p Fs(S)106 5313 y Fn(2)145 -5298 y Fu(,)h Fs(s)253 5262 y Fi(0)276 5298 y Ft(i)f(!)g -Fs(s)527 5262 y Fi(00)602 5298 y Fu(and)h(w)m(e)h(get)244 -5494 y Ft(hC)6 b(S)i Fu([)-17 b([)p Fs(S)513 5509 y Fn(1)553 -5494 y Fu(])g(],)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 -b Fh(\003)952 5458 y Fi(\003)1024 5494 y Ft(h)p Fo(")o -Fu(,)h Fo(")o Fu(,)g Fs(s)1321 5458 y Fi(0)1344 5494 -y Ft(i)p eop -%%Page: 76 86 -76 85 bop 251 130 a Fw(76)1535 b(3)112 b(Pro)m(v)-6 b(ably)36 -b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283 -515 a Fu(and)527 716 y Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)797 -731 y Fn(2)836 716 y Fu(])g(])q(,)32 b Fo(")p Fu(,)g -Fs(s)1086 680 y Fi(0)1110 716 y Ft(i)g Fh(\003)1259 680 -y Fi(\003)1331 716 y Ft(h)o Fo(")p Fu(,)h Fo(")o Fu(,)g -Fs(s)1628 680 y Fi(00)1670 716 y Ft(i)283 917 y Fu(Using)g(Exercise)h -(3.4)e(w)m(e)h(then)h(ha)m(v)m(e)527 1117 y Ft(hC)6 b(S)i -Fu([)-17 b([)q Fs(S)797 1132 y Fn(1)836 1117 y Fu(])g(])q(:)p -Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)1131 1132 y Fn(2)1171 -1117 y Fu(])g(],)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 -b Fh(\003)1570 1081 y Fi(\003)1642 1117 y Ft(hC)6 b(S)i -Fu([)-17 b([)p Fs(S)1911 1132 y Fn(2)1951 1117 y Fu(])g(],)33 -b Fo(")o Fu(,)g Fs(s)2201 1081 y Fi(0)2224 1117 y Ft(i)g -Fh(\003)2373 1081 y Fi(\003)2445 1117 y Ft(h)p Fo(")o -Fu(,)g Fo(")p Fu(,)f Fs(s)2742 1081 y Fi(00)2785 1117 -y Ft(i)283 1318 y Fu(and)h(the)g(result)g(follo)m(ws.)283 -1486 y Fw(The)g(case)g Fu([if)836 1450 y Fn(tt)824 1510 -y(ns)895 1486 y Fu(]:)43 b(Assume)34 b(that)527 1686 -y Ft(h)p Fr(if)f Fs(b)39 b Fr(then)33 b Fs(S)1089 1701 -y Fn(1)1161 1686 y Fr(else)h Fs(S)1466 1701 y Fn(2)1505 -1686 y Fu(,)e Fs(s)8 b Ft(i)33 b(!)f Fs(s)1864 1650 y -Fi(0)283 1887 y Fu(b)s(ecause)i Ft(B)t Fu([)-17 b([)p -Fs(b)6 b Fu(])-17 b(])q Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)527 -2088 y Ft(h)p Fs(S)633 2103 y Fn(1)672 2088 y Fu(,)h -Fs(s)8 b Ft(i)32 b(!)g Fs(s)1031 2052 y Fi(0)283 2288 -y Fu(F)-8 b(rom)32 b(T)-8 b(able)32 b(3.3)g(w)m(e)i(get)e(that)527 -2489 y Ft(C)6 b(S)i Fu([)-17 b([)q Fr(if)33 b Fs(b)38 -b Fr(then)c Fs(S)1214 2504 y Fn(1)1286 2489 y Fr(else)f -Fs(S)1590 2504 y Fn(2)1630 2489 y Fu(])-17 b(])33 b(=)f -Ft(C)6 b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(]:)p -Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)2717 -2504 y Fn(1)2756 2489 y Fu(])g(])q(,)32 b Ft(C)6 b(S)i -Fu([)-17 b([)q Fs(S)3084 2504 y Fn(2)3123 2489 y Fu(])g(])q(\))283 -2690 y(Using)33 b(Exercises)h(3.19)e(and)h(3.4)f(w)m(e)h(get)g(the)g -(\014rst)g(part)f(of)527 2890 y Ft(hC)6 b(B)t Fu([)-17 -b([)p Fs(b)6 b Fu(])-17 b(])q(:)p Fb(branch)p Fu(\()p -Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)1475 2905 y Fn(1)1514 -2890 y Fu(])g(],)33 b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)1842 -2905 y Fn(2)1881 2890 y Fu(])g(])q(\),)32 b Fo(")p Fu(,)g -Fs(s)8 b Ft(i)819 3058 y Fh(\003)896 3022 y Fi(\003)968 -3058 y Ft(h)p Fb(branch)p Fu(\()p Ft(C)e(S)i Fu([)-17 -b([)q Fs(S)1636 3073 y Fn(1)1675 3058 y Fu(])g(])q(,)32 -b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)2003 3073 y Fn(2)2042 -3058 y Fu(])g(])q(\),)32 b(\()p Ft(B)t Fu([)-17 b([)p -Fs(b)6 b Fu(])-17 b(])q Fs(s)8 b Fu(\),)32 b Fs(s)8 b -Ft(i)819 3226 y Fh(\003)72 b Ft(hC)6 b(S)i Fu([)-17 b([)q -Fs(S)1238 3241 y Fn(1)1277 3226 y Fu(])g(])q(,)32 b Fo(")p -Fu(,)h Fs(s)8 b Ft(i)819 3393 y Fh(\003)896 3357 y Fi(\003)968 -3393 y Ft(h)p Fo(")p Fu(,)32 b Fo(")p Fu(,)h Fs(s)1266 -3357 y Fi(0)1289 3393 y Ft(i)283 3594 y Fu(The)49 b(second)h(part)d -(follo)m(ws)g(from)f(the)j(de\014nition)e(of)g(the)h(meaning)f(of)g -(the)i(instruction)283 3714 y Fb(branch)31 b Fu(in)f(the)h(case)h -(where)g(the)f(elemen)m(t)g(on)f(top)h(of)f(the)h(ev)-5 -b(aluation)29 b(stac)m(k)j(is)f Fw(tt)e Fu(\(whic)m(h)283 -3835 y(is)39 b(the)h(v)-5 b(alue)38 b(of)h Ft(B)s Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)8 b Fu(\).)64 b(The)40 -b(third)e(part)h(of)g(the)g(computation)f(sequence)k(comes)d(from)283 -3955 y(applying)32 b(the)h(induction)e(h)m(yp)s(othesis)j(to)e(the)h -(premise)g Ft(h)o Fs(S)2515 3970 y Fn(1)2555 3955 y Fu(,)f -Fs(s)8 b Ft(i)32 b(!)h Fs(s)2914 3919 y Fi(0)2937 3955 -y Fu(.)283 4123 y Fw(The)g(case)g Fu([if)836 4087 y Fn(\013)824 -4147 y(ns)895 4123 y Fu(]:)43 b(Analogous.)283 4290 y -Fw(The)33 b(case)g Fu([while)1001 4254 y Fn(tt)989 4315 -y(ns)1060 4290 y Fu(]:)44 b(Assume)33 b(that)527 4491 -y Ft(h)p Fr(while)h Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 -b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1499 4455 y Fi(00)283 4692 -y Fu(b)s(ecause)i Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 -b(])q Fs(s)41 b Fu(=)32 b Fw(tt)p Fu(,)527 4892 y Ft(h)p -Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)992 4856 -y Fi(0)1048 4892 y Fu(and)h Ft(h)o Fr(while)h Fs(b)39 -b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)1958 4856 y Fi(0)1982 -4892 y Ft(i)g(!)g Fs(s)2233 4856 y Fi(00)283 5093 y Fu(F)-8 -b(rom)32 b(T)-8 b(able)32 b(3.3)g(w)m(e)i(ha)m(v)m(e)527 -5294 y Ft(C)6 b(S)i Fu([)-17 b([)q Fr(while)34 b Fs(b)k -Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)g Fb(loop)p -Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 -b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(]\))283 5494 y(and)33 b(get)p eop -%%Page: 77 87 -77 86 bop 0 130 a Fw(3.3)112 b(Correctness)2530 b(77)p -0 193 3473 4 v 244 515 a Ft(h)p Fb(loop)p Fu(\()p Ft(C)6 -b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 -b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p -Fu(,)f Fs(s)8 b Ft(i)516 683 y Fh(\003)48 b Ft(h)o(C)6 -b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(]:)p Fb(branch)p -Fu(\()p Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(]:)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)q -Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fb(noop)p Fu(\),)g -Fo(")o Fu(,)g Fs(s)8 b Ft(i)516 851 y Fh(\003)593 814 -y Fi(\003)641 851 y Ft(h)o Fb(branch)p Fu(\()p Ft(C)e(S)i -Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]:)p Fb(loop)p Fu(\()p -Ft(C)6 b(B)f Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 -b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 -b Fb(noop)p Fu(\),)g(\()p Ft(B)s Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(])p Fs(s)8 b Fu(\),)33 b Fs(s)8 b Ft(i)516 -1018 y Fh(\003)48 b Ft(h)o(C)6 b(S)j Fu([)-17 b([)p Fs(S)12 -b Fu(])-17 b(])q(:)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 -b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p Fu(,)f Fs(s)8 -b Ft(i)0 1211 y Fu(Here)25 b(the)f(\014rst)g(part)g(follo)m(ws)f(from)g -(the)h(meaning)e(of)i(the)g Fb(loop)p Fu(-instruction)f(\(see)i(T)-8 -b(able)24 b(3.1\))0 1331 y(and)32 b(the)h(second)h(part)e(from)f -(Exercises)j(3.19)e(and)g(3.4.)43 b(Since)33 b Ft(B)s -Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 -b Fw(tt)f Fu(the)i(third)f(part)0 1451 y(follo)m(ws)38 -b(from)h(the)h(meaning)e(of)h(the)i Fb(branch)p Fu(-instruction.)63 -b(The)41 b(induction)d(h)m(yp)s(othesis)0 1572 y(can)33 -b(no)m(w)f(b)s(e)h(applied)e(to)h(the)h(premises)f Ft(h)p -Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)2002 -1536 y Fi(0)2058 1572 y Fu(and)g Ft(h)p Fr(while)h Fs(b)38 -b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)2966 1536 y Fi(0)2990 -1572 y Ft(i)g(!)g Fs(s)3241 1536 y Fi(00)3315 1572 y -Fu(and)0 1692 y(giv)m(es)244 1885 y Ft(hC)6 b(S)i Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b Fo(")p Fu(,)h Fs(s)8 -b Ft(i)32 b Fh(\003)912 1849 y Fi(\003)984 1885 y Ft(h)p -Fo(")p Fu(,)g Fo(")p Fu(,)h Fs(s)1282 1849 y Fi(0)1305 -1885 y Ft(i)244 2052 y(h)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t -Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 -b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p -Fu(,)f Fs(s)1385 2016 y Fi(0)1409 2052 y Ft(i)g Fh(\003)1557 -2016 y Fi(\003)1629 2052 y Ft(h)p Fo(")p Fu(,)g Fo(")p -Fu(,)h Fs(s)1927 2016 y Fi(00)1969 2052 y Ft(i)0 2245 -y Fu(so)g(using)f(Exercise)i(3.4)e(w)m(e)i(get)244 2437 -y Ft(hC)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(:)p -Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)6 -b Fu(])-17 b(])q(,)33 b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 -b Fu(])-17 b(])q(\),)32 b Fo(")p Fu(,)g Fs(s)8 b Ft(i)578 -2605 y Fh(\003)655 2569 y Fi(\003)727 2605 y Ft(h)p Fb(loop)p -Fu(\()p Ft(C)e(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 -b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(\),)32 -b Fo(")p Fu(,)h Fs(s)1869 2569 y Fi(0)1892 2605 y Ft(i)578 -2773 y Fh(\003)655 2736 y Fi(\003)727 2773 y Ft(h)p Fo(")p -Fu(,)f Fo(")p Fu(,)h Fs(s)1025 2736 y Fi(00)1067 2773 -y Ft(i)0 2965 y Fw(The)28 b(case)g Fu([while)708 2929 -y Fn(\013)696 2990 y(ns)767 2965 y Fu(]:)41 b(Assume)28 -b(that)f Ft(h)p Fr(while)i Fs(b)k Fr(do)28 b Fs(S)12 -b Fu(,)28 b Fs(s)8 b Ft(i)27 b(!)g Fs(s)2366 2929 y Fi(0)2417 -2965 y Fu(holds)h(b)s(ecause)g Ft(B)t Fu([)-17 b([)q -Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(\013)0 -3085 y Fu(and)h(then)g Fs(s)40 b Fu(=)33 b Fs(s)649 3049 -y Fi(0)672 3085 y Fu(.)44 b(W)-8 b(e)33 b(ha)m(v)m(e)244 -3278 y Ft(h)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 -b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p Fu(,)f Fs(s)8 -b Ft(i)516 3445 y Fh(\003)48 b Ft(h)o(C)6 b(B)t Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(]:)p Fb(branch)p Fu(\()p Ft(C)6 -b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]:)p Fb(loop)p -Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(]\),)33 b Fb(noop)p Fu(\),)g Fo(")o Fu(,)g Fs(s)8 b -Ft(i)516 3613 y Fh(\003)593 3577 y Fi(\003)641 3613 y -Ft(h)o Fb(branch)p Fu(\()p Ft(C)e(S)i Fu([)-17 b([)q -Fs(S)12 b Fu(])-17 b(]:)p Fb(loop)p Fu(\()p Ft(C)6 b(B)f -Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 -b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fb(noop)p -Fu(\),)g(\()p Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(])p Fs(s)8 b Fu(\),)33 b Fs(s)8 b Ft(i)516 3781 y Fh(\003)48 -b Ft(h)o Fb(noop)p Fu(,)33 b Fo(")p Fu(,)g Fs(s)8 b Ft(i)516 -3948 y Fh(\003)48 b Ft(h)o Fo(")p Fu(,)33 b Fo(")o Fu(,)g -Fs(s)8 b Ft(i)0 4141 y Fu(using)36 b(the)h(de\014nitions)f(of)g(the)h -Fb(loop)p Fu(-,)g Fb(branch)p Fu(-)f(and)g Fb(noop)p -Fu(-instructions)g(in)g(T)-8 b(able)36 b(3.1)0 4261 y(together)d(with)f -(Exercises)i(3.19)e(and)h(3.4.)1821 b Fh(2)146 4465 y -Fu(This)33 b(pro)m(v)m(es)h(Lemma)e(3.21.)42 b(The)34 -b(second)g(part)e(of)g(the)h(theorem)g(follo)m(ws)e(from:)p -0 4585 3473 5 v 0 4748 a Fw(Lemma)37 b(3.22)49 b Fu(F)-8 -b(or)31 b(ev)m(ery)j(statemen)m(t)e Fs(S)44 b Fu(of)32 -b Fw(While)e Fu(and)i(states)h Fs(s)40 b Fu(and)32 b -Fs(s)2844 4712 y Fi(0)2867 4748 y Fu(,)g(w)m(e)h(ha)m(v)m(e)h(that)244 -4941 y(if)d Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(],)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)1002 -4905 y Fn(k)1076 4941 y Ft(h)o Fo(")p Fu(,)h Fs(e)7 b -Fu(,)33 b Fs(s)1380 4905 y Fi(0)1403 4941 y Ft(i)f Fu(then)h -Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)2161 -4905 y Fi(0)2217 4941 y Fu(and)h Fs(e)40 b Fu(=)32 b -Fo(")0 5133 y Fu(So)f(if)f(the)i(execution)g(of)f(the)h(co)s(de)f(for)g -Fs(S)43 b Fu(from)30 b(a)i(storage)f Fs(s)39 b Fu(terminates)31 -b(then)h(the)g(natural)0 5254 y(seman)m(tics)k(of)g Fs(S)48 -b Fu(from)34 b Fs(s)44 b Fu(will)34 b(terminate)h(in)g(a)h(state)g(b)s -(eing)f(equal)h(to)g(the)g(storage)g(of)g(the)0 5374 -y(terminal)30 b(con\014guration.)p 0 5494 V eop -%%Page: 78 88 -78 87 bop 251 130 a Fw(78)1535 b(3)112 b(Pro)m(v)-6 b(ably)36 -b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283 -515 a(Pro)s(of:)29 b Fu(W)-8 b(e)26 b(shall)d(pro)s(ceed)j(b)m(y)g -(induction)e(on)h(the)h(length)e(k)i(of)e(the)i(computation)d(sequence) -283 636 y(of)37 b(the)f(abstract)h(mac)m(hine.)55 b(If)37 -b(k)f(=)h(0)f(the)h(result)f(holds)h(v)-5 b(acuously)37 -b(b)s(ecause)g Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)12 b -Fu(])-17 b(])37 b(=)f Fo(")283 756 y Fu(cannot)d(o)s(ccur.)43 -b(So)32 b(assume)h(that)f(it)f(holds)h(for)g(k)g Ft(\024)h -Fu(k)2331 771 y Fn(0)2403 756 y Fu(and)f(w)m(e)h(shall)e(pro)m(v)m(e)i -(that)f(it)f(holds)283 877 y(for)h(k)i(=)e(k)676 892 -y Fn(0)716 877 y Fu(+1.)43 b(W)-8 b(e)33 b(pro)s(ceed)g(b)m(y)h(cases)g -(on)e(the)h(statemen)m(t)g Fs(S)12 b Fu(.)283 1044 y -Fw(The)33 b(case)g Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(:)44 -b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)h Ft(C)6 b(S)i Fu([)-17 -b([)q Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])33 b(=)f -Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q(:)p -Fb(store)p Fu(-)p Fs(x)43 b Fu(so)33 b(assume)g(that)527 -1245 y Ft(hC)6 b(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 -b(])q(:)p Fb(store)p Fu(-)p Fs(x)12 b Fu(,)32 b Fo(")o -Fu(,)h Fs(s)8 b Ft(i)32 b Fh(\003)1598 1209 y Fn(k)1635 -1218 y Fd(0)1670 1209 y Fn(+1)1797 1245 y Ft(h)o Fo(")p -Fu(,)h Fs(e)7 b Fu(,)32 b Fs(s)2100 1209 y Fi(0)2124 -1245 y Ft(i)283 1446 y Fu(Then)41 b(b)m(y)f(Exercise)h(3.5)e(there)h(m) -m(ust)g(b)s(e)f(a)g(con\014guration)g(of)g(the)g(form)f -Ft(h)p Fo(")p Fu(,)32 b Fs(e)3297 1409 y Fi(00)3340 1446 -y Fu(,)h Fs(s)3448 1409 y Fi(00)3490 1446 y Ft(i)39 b -Fu(suc)m(h)283 1566 y(that)527 1767 y Ft(hC)6 b(A)p Fu([)-17 -b([)p Fs(a)7 b Fu(])-17 b(])q(,)33 b Fo(")p Fu(,)f Fs(s)8 -b Ft(i)33 b Fh(\003)1198 1730 y Fn(k)1235 1739 y Fd(1)1307 -1767 y Ft(h)o Fo(")p Fu(,)g Fs(e)1503 1730 y Fi(00)1545 -1767 y Fu(,)g Fs(s)1653 1730 y Fi(00)1695 1767 y Ft(i)527 -1934 y(h)p Fb(store)p Fu(-)p Fs(x)12 b Fu(,)31 b Fs(e)1050 -1898 y Fi(00)1093 1934 y Fu(,)i Fs(s)1201 1898 y Fi(00)1243 -1934 y Ft(i)g Fh(\003)1392 1898 y Fn(k)1429 1907 y Fd(2)1500 -1934 y Ft(h)p Fo(")p Fu(,)g Fs(e)7 b Fu(,)32 b Fs(s)1804 -1898 y Fi(0)1828 1934 y Ft(i)283 2135 y Fu(where)h(k)615 -2150 y Fn(1)687 2135 y Fu(+)e(k)845 2150 y Fn(2)916 2135 -y Fu(=)g(k)1074 2150 y Fn(0)1146 2135 y Fu(+)g(1.)43 -b(F)-8 b(rom)30 b(Lemma)g(3.18)h(and)g(Exercise)i(3.6)e(w)m(e)i(get)e -(that)h Fs(e)3473 2099 y Fi(00)3547 2135 y Fu(m)m(ust)283 -2255 y(b)s(e)39 b(\()p Ft(A)o Fu([)-17 b([)q Fs(a)7 b -Fu(])-17 b(])q Fs(s)8 b Fu(\))37 b(and)i Fs(s)1039 2219 -y Fi(00)1119 2255 y Fu(m)m(ust)f(b)s(e)g Fs(s)8 b Fu(.)60 -b(Using)38 b(the)g(seman)m(tics)g(of)g Fb(store)p Fu(-)p -Fs(x)48 b Fu(w)m(e)39 b(therefore)g(see)283 2376 y(that)33 -b Fs(s)543 2340 y Fi(0)599 2376 y Fu(is)f Fs(s)8 b Fu([)p -Fs(x)k Ft(7!)o(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])p -Fs(s)8 b Fu(])33 b(and)g Fs(e)40 b Fu(is)32 b Fo(")o -Fu(.)44 b(It)32 b(no)m(w)i(follo)m(ws)d(from)g([ass)2748 -2391 y Fn(ns)2820 2376 y Fu(])i(that)f Ft(h)p Fs(x)12 -b Fu(:=)p Fs(a)7 b Fu(,)33 b Fs(s)8 b Ft(i)o(!)p Fs(s)3641 -2340 y Fi(0)3664 2376 y Fu(.)283 2543 y Fw(The)33 b(case)g -Fr(skip)p Fu(:)45 b(Straigh)m(tforw)m(ard.)283 2711 y -Fw(The)33 b(case)g Fs(S)806 2726 y Fn(1)846 2711 y Fu(;)p -Fs(S)940 2726 y Fn(2)979 2711 y Fu(:)44 b(Assume)33 b(that)527 -2912 y Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)797 2927 y Fn(1)836 -2912 y Fu(])g(])q(:)p Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)1131 -2927 y Fn(2)1171 2912 y Fu(])g(],)33 b Fo(")o Fu(,)g -Fs(s)8 b Ft(i)32 b Fh(\003)1570 2875 y Fn(k)1607 2884 -y Fd(0)1642 2875 y Fn(+1)1769 2912 y Ft(h)o Fo(")p Fu(,)h -Fs(e)7 b Fu(,)33 b Fs(s)2073 2875 y Fi(00)2115 2912 y -Ft(i)283 3112 y Fu(Then)c(b)m(y)f(Exercise)g(3.5)f(there)h(m)m(ust)f(b) -s(e)h(a)e(con\014guration)h(of)f(the)i(form)e Ft(h)p -Fo(")o Fu(,)i Fs(e)3146 3076 y Fi(0)3170 3112 y Fu(,)g -Fs(s)3273 3076 y Fi(0)3297 3112 y Ft(i)e Fu(suc)m(h)j(that)527 -3313 y Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)797 3328 y Fn(1)836 -3313 y Fu(])g(])q(,)32 b Fo(")p Fu(,)g Fs(s)8 b Ft(i)33 -b Fh(\003)1235 3277 y Fn(k)1272 3286 y Fd(1)1344 3313 -y Ft(h)p Fo(")o Fu(,)g Fs(e)1540 3277 y Fi(0)1563 3313 -y Fu(,)g Fs(s)1671 3277 y Fi(0)1694 3313 y Ft(i)527 3481 -y(hC)6 b(S)i Fu([)-17 b([)q Fs(S)797 3496 y Fn(2)836 -3481 y Fu(])g(])q(,)32 b Fs(e)985 3444 y Fi(0)1009 3481 -y Fu(,)g Fs(s)1116 3444 y Fi(0)1140 3481 y Ft(i)g Fh(\003)1289 -3444 y Fn(k)1326 3453 y Fd(2)1397 3481 y Ft(h)p Fo(")o -Fu(,)h Fs(e)7 b Fu(,)33 b Fs(s)1701 3444 y Fi(00)1743 -3481 y Ft(i)283 3681 y Fu(where)e(k)613 3696 y Fn(1)682 -3681 y Fu(+)f(k)839 3696 y Fn(2)908 3681 y Fu(=)f(k)1064 -3696 y Fn(0)1134 3681 y Fu(+)g(1.)42 b(The)31 b(induction)d(h)m(yp)s -(othesis)j(can)e(no)m(w)h(b)s(e)g(applied)e(to)h(the)h(\014rst)283 -3802 y(of)j(these)g(computation)e(sequences)36 b(b)s(ecause)e(k)2068 -3817 y Fn(1)2141 3802 y Ft(\024)f Fu(k)2302 3817 y Fn(0)2374 -3802 y Fu(and)g(giv)m(es)527 4002 y Ft(h)p Fs(S)633 4017 -y Fn(1)672 4002 y Fu(,)g Fs(s)8 b Ft(i)32 b(!)g Fs(s)1031 -3966 y Fi(0)1087 4002 y Fu(and)h Fs(e)1329 3966 y Fi(0)1385 -4002 y Fu(=)g Fo(")283 4203 y Fu(Th)m(us)49 b(w)m(e)f(ha)m(v)m(e)g -Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)1212 4218 y Fn(2)1251 -4203 y Fu(])g(])q(,)50 b Fo(")p Fu(,)g Fs(s)1537 4167 -y Fi(0)1561 4203 y Ft(i)c Fh(\003)1724 4167 y Fn(k)1761 -4176 y Fd(2)1847 4203 y Ft(h)p Fo(")o Fu(,)51 b Fs(e)7 -b Fu(,)51 b Fs(s)2187 4167 y Fi(00)2229 4203 y Ft(i)c -Fu(and)g(since)g(k)2823 4218 y Fn(2)2910 4203 y Ft(\024)h -Fu(k)3086 4218 y Fn(0)3172 4203 y Fu(the)g(induction)283 -4323 y(h)m(yp)s(othesis)34 b(can)f(b)s(e)g(applied)e(to)h(this)h -(computation)e(sequence)k(and)e(giv)m(es)527 4524 y Ft(h)p -Fs(S)633 4539 y Fn(2)672 4524 y Fu(,)g Fs(s)780 4488 -y Fi(0)803 4524 y Ft(i)g(!)f Fs(s)1055 4488 y Fi(00)1130 -4524 y Fu(and)g Fs(e)40 b Fu(=)33 b Fo(")283 4725 y Fu(The)h(rule)e -([comp)934 4740 y Fn(ns)1005 4725 y Fu(])h(no)m(w)g(giv)m(es)g -Ft(h)p Fs(S)1613 4740 y Fn(1)1652 4725 y Fu(;)p Fs(S)1746 -4740 y Fn(2)1785 4725 y Fu(,)g Fs(s)8 b Ft(i)32 b(!)g -Fs(s)2144 4689 y Fi(00)2219 4725 y Fu(as)h(required.)283 -4892 y Fw(The)g(case)g Fr(if)h Fs(b)k Fr(then)c Fs(S)1263 -4907 y Fn(1)1334 4892 y Fr(else)g Fs(S)1639 4907 y Fn(2)1678 -4892 y Fu(:)44 b(The)33 b(co)s(de)g(generated)g(for)g(the)g -(conditional)d(is)527 5093 y Ft(C)6 b(B)t Fu([)-17 b([)q -Fs(b)6 b Fu(])-17 b(]:)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i -Fu([)-17 b([)q Fs(S)1436 5108 y Fn(1)1475 5093 y Fu(])g(])q(,)32 -b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)1803 5108 y Fn(2)1842 -5093 y Fu(])g(])q(\))283 5294 y(so)33 b(w)m(e)h(assume)f(that)527 -5494 y Ft(hC)6 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 -b(])q(:)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17 b([)q -Fs(S)1475 5509 y Fn(1)1514 5494 y Fu(])g(],)33 b Ft(C)6 -b(S)i Fu([)-17 b([)q Fs(S)1842 5509 y Fn(2)1881 5494 -y Fu(])g(])q(\),)32 b Fo(")p Fu(,)g Fs(s)8 b Ft(i)33 -b Fh(\003)2318 5458 y Fn(k)2355 5467 y Fd(0)2390 5458 -y Fn(+1)2517 5494 y Ft(h)p Fo(")o Fu(,)g Fs(e)7 b Fu(,)33 -b Fs(s)2821 5458 y Fi(0)2844 5494 y Ft(i)p eop -%%Page: 79 89 -79 88 bop 0 130 a Fw(3.3)112 b(Correctness)2530 b(79)p -0 193 3473 4 v 0 515 a Fu(Then)39 b(b)m(y)h(Exercise)f(3.5)f(there)h(m) -m(ust)f(b)s(e)h(a)f(con\014guration)f(of)h(the)h(form)e -Ft(h)p Fo(")o Fu(,)j Fs(e)3008 479 y Fi(00)3051 515 y -Fu(,)f Fs(s)3165 479 y Fi(00)3208 515 y Ft(i)f Fu(suc)m(h)0 -636 y(that)244 848 y Ft(hC)6 b(B)s Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(],)33 b Fo(")p Fu(,)f Fs(s)8 b Ft(i)33 b -Fh(\003)897 812 y Fn(k)934 821 y Fd(1)1006 848 y Ft(h)o -Fo(")p Fu(,)g Fs(e)1202 812 y Fi(00)1244 848 y Fu(,)g -Fs(s)1352 812 y Fi(00)1395 848 y Ft(i)0 1060 y Fu(and)244 -1272 y Ft(h)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17 -b([)p Fs(S)911 1287 y Fn(1)950 1272 y Fu(])g(])q(,)33 -b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)1278 1287 y Fn(2)1318 -1272 y Fu(])g(]\),)33 b Fs(e)1505 1235 y Fi(00)1547 1272 -y Fu(,)g Fs(s)1655 1235 y Fi(00)1698 1272 y Ft(i)f Fh(\003)1846 -1235 y Fn(k)1883 1244 y Fd(2)1955 1272 y Ft(h)p Fo(")o -Fu(,)h Fs(e)7 b Fu(,)33 b Fs(s)2259 1235 y Fi(0)2282 -1272 y Ft(i)0 1484 y Fu(where)42 b(k)341 1499 y Fn(1)421 -1484 y Fu(+)e(k)588 1499 y Fn(2)669 1484 y Fu(=)g(k)836 -1499 y Fn(0)916 1484 y Fu(+)h(1.)66 b(F)-8 b(rom)39 b(Exercises)k(3.19) -d(and)g(3.6)g(w)m(e)i(get)e(that)g Fs(e)3039 1447 y Fi(00)3123 -1484 y Fu(m)m(ust)g(b)s(e)0 1604 y Ft(B)s Fu([)-17 b([)q -Fs(b)6 b Fu(])-17 b(])q Fs(s)39 b Fu(and)32 b Fs(s)511 -1568 y Fi(00)586 1604 y Fu(m)m(ust)g(b)s(e)g Fs(s)8 b -Fu(.)43 b(W)-8 b(e)32 b(shall)f(no)m(w)h(assume)h(that)e -Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40 -b Fu(=)31 b Fw(tt)p Fu(.)43 b(Then)33 b(there)f(m)m(ust)0 -1724 y(b)s(e)h(a)f(con\014guration)g Ft(hC)6 b(S)i Fu([)-17 -b([)p Fs(S)1074 1739 y Fn(1)1113 1724 y Fu(])g(])q(,)33 -b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fu(suc)m(h)i(that)244 -1936 y(\()p Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)512 1951 -y Fn(1)552 1936 y Fu(])g(],)33 b Fo(")p Fu(,)f Fs(s)8 -b Ft(i)33 b Fh(\003)951 1900 y Fn(k)988 1909 y Fd(2)1023 -1900 y Fi(\000)p Fn(1)1150 1936 y Ft(h)o Fo(")p Fu(,)g -Fs(e)7 b Fu(,)33 b Fs(s)1454 1900 y Fi(0)1477 1936 y -Ft(i)0 2148 y Fu(The)24 b(induction)d(h)m(yp)s(othesis)j(can)f(no)m(w)g -(b)s(e)g(applied)e(to)h(this)h(computation)e(sequence)k(b)s(ecause)0 -2269 y(k)51 2284 y Fn(2)123 2269 y Ft(\000)33 b Fu(1)g -Ft(\024)g Fu(k)476 2284 y Fn(0)548 2269 y Fu(and)g(w)m(e)g(get)244 -2481 y Ft(h)p Fs(S)350 2496 y Fn(1)389 2481 y Fu(,)g -Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 2444 y Fi(0)804 2481 -y Fu(and)h Fs(e)39 b Fu(=)33 b Fo(")0 2692 y Fu(The)g(rule)e([if)491 -2656 y Fn(tt)479 2717 y(ns)549 2692 y Fu(])h(giv)m(es)g(the)g(required) -g Ft(h)p Fr(if)g Fs(b)38 b Fr(then)33 b Fs(S)1954 2707 -y Fn(1)2025 2692 y Fr(else)f Fs(S)2328 2707 y Fn(2)2368 -2692 y Fu(,)g Fs(s)8 b Ft(i)31 b(!)g Fs(s)2724 2656 y -Fi(0)2748 2692 y Fu(.)43 b(The)33 b(case)f(where)0 2813 -y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])q Fs(s)40 -b Fu(=)33 b Fw(\013)f Fu(is)h(similar.)0 2980 y Fw(The)d(case)g -Fr(while)h Fs(b)36 b Fr(do)30 b Fs(S)12 b Fu(:)29 b(The)i(co)s(de)f -(for)f(the)h Fr(while)p Fu(-lo)s(op)f(is)g Fb(loop)p -Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(],)31 b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17 -b(])q(\))29 b(and)0 3101 y(w)m(e)34 b(therefore)f(assume)g(that)244 -3313 y Ft(h)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 -b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p Fu(,)f Fs(s)8 -b Ft(i)33 b Fh(\003)1534 3277 y Fn(k)1571 3286 y Fd(0)1606 -3277 y Fn(+1)1733 3313 y Ft(h)p Fo(")o Fu(,)g Fs(e)7 -b Fu(,)33 b Fs(s)2037 3277 y Fi(00)2079 3313 y Ft(i)0 -3525 y Fu(Using)48 b(the)g(de\014nition)f(of)g(the)h -Fb(loop)p Fu(-instruction)f(this)h(means)g(that)g(the)g(computation)0 -3645 y(sequence)35 b(can)e(b)s(e)g(rewritten)g(as)244 -3857 y Ft(h)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 -b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p Fu(,)f Fs(s)8 -b Ft(i)516 4025 y Fh(\003)98 b Ft(hC)6 b(B)s Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(])q(:)p Fb(branch)p Fu(\()p -Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(:)p -Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)6 -b Fu(])-17 b(])q(,)33 b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 -b Fu(])-17 b(])q(\),)32 b Fb(noop)p Fu(\),)h Fo(")p Fu(,)f -Fs(s)8 b Ft(i)516 4192 y Fh(\003)593 4156 y Fn(k)630 -4165 y Fd(0)691 4192 y Ft(h)p Fo(")o Fu(,)33 b Fs(e)7 -b Fu(,)33 b Fs(s)995 4156 y Fi(00)1037 4192 y Ft(i)0 -4404 y Fu(According)f(to)h(Exercise)h(3.5)e(there)h(will)d(then)j(b)s -(e)g(a)f(con\014guration)g Ft(h)p Fo(")p Fu(,)g Fs(e)2780 -4368 y Fi(0)2804 4404 y Fu(,)g Fs(s)2911 4368 y Fi(0)2935 -4404 y Ft(i)g Fu(suc)m(h)i(that)244 4616 y Ft(hC)6 b(B)s -Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fo(")p Fu(,)f -Fs(s)8 b Ft(i)33 b Fh(\003)897 4580 y Fn(k)934 4589 y -Fd(1)1006 4616 y Ft(h)o Fo(")p Fu(,)g Fs(e)1202 4580 -y Fi(0)1225 4616 y Fu(,)g Fs(s)1333 4580 y Fi(0)1356 -4616 y Ft(i)0 4828 y Fu(and)244 5040 y Ft(h)p Fb(branch)p -Fu(\()p Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17 -b(])q(:)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)p -Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)j Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q(\),)32 b Fb(noop)p Fu(\),)h -Fs(e)2318 5004 y Fi(0)2342 5040 y Fu(,)f Fs(s)2449 5004 -y Fi(0)2473 5040 y Ft(i)g Fh(\003)2621 5004 y Fn(k)2658 -5013 y Fd(2)2730 5040 y Ft(h)p Fo(")o Fu(,)h Fs(e)7 b -Fu(,)33 b Fs(s)3034 5004 y Fi(00)3076 5040 y Ft(i)0 5252 -y Fu(where)k(k)336 5267 y Fn(1)411 5252 y Fu(+)e(k)573 -5267 y Fn(2)648 5252 y Fu(=)h(k)811 5267 y Fn(0)851 5252 -y Fu(.)51 b(F)-8 b(rom)34 b(Exercises)k(3.19)c(and)i(3.6)f(w)m(e)h(get) -g Fs(e)2539 5216 y Fi(0)2598 5252 y Fu(=)f Ft(B)s Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)44 b Fu(and)35 b Fs(s)3227 -5216 y Fi(0)3286 5252 y Fu(=)g Fs(s)8 b Fu(.)0 5372 y(W)-8 -b(e)33 b(no)m(w)g(ha)m(v)m(e)h(t)m(w)m(o)f(cases.)146 -5494 y(In)g(the)g(\014rst)g(case)h(assume)f(that)f Ft(B)t -Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 -b Fw(\013)p Fu(.)44 b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)p -eop -%%Page: 80 90 -80 89 bop 251 130 a Fw(80)1535 b(3)112 b(Pro)m(v)-6 b(ably)36 -b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 527 -515 a Ft(h)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(]:)p Fb(loop)p Fu(\()p Ft(C)6 -b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(C)6 -b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fb(noop)p -Fu(\),)f Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q -Fs(s)8 b Fu(,)33 b Fs(s)8 b Ft(i)926 683 y Fh(\003)33 -b Ft(h)p Fb(noop)p Fu(,)g Fo(")o Fu(,)g Fs(s)8 b Ft(i)926 -851 y Fh(\003)33 b Ft(h)p Fo(")o Fu(,)g Fo(")p Fu(,)f -Fs(s)8 b Ft(i)283 1033 y Fu(so)25 b Fs(e)33 b Fu(=)24 -b Fo(")h Fu(and)g Fs(s)32 b Fu(=)25 b Fs(s)1047 997 y -Fi(00)1090 1033 y Fu(.)40 b(Using)25 b(rule)f([while)1873 -997 y Fn(\013)1861 1058 y(ns)1932 1033 y Fu(])h(w)m(e)h(get)e -Ft(h)p Fr(while)i Fs(b)31 b Fr(do)25 b Fs(S)12 b Fu(,)25 -b Fs(s)8 b Ft(i)25 b(!)f Fs(s)3200 997 y Fi(00)3267 1033 -y Fu(as)h(required.)430 1154 y(In)33 b(the)g(second)h(case)f(assume)g -(that)f Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p -Fs(s)41 b Fu(=)32 b Fw(tt)p Fu(.)43 b(Then)33 b(w)m(e)h(ha)m(v)m(e)527 -1337 y Ft(h)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(]:)p Fb(loop)p Fu(\()p Ft(C)6 -b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(C)6 -b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fb(noop)p -Fu(\),)f Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q -Fs(s)8 b Fu(,)33 b Fs(s)8 b Ft(i)926 1504 y Fh(\003)163 -b Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]:)p -Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(],)33 b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 -b Fu(])-17 b(])q(\),)32 b Fo(")p Fu(,)h Fs(s)8 b Ft(i)926 -1672 y Fh(\003)1004 1636 y Fn(k)1041 1645 y Fd(2)1075 -1636 y Fi(\000)p Fn(1)1166 1672 y Ft(h)p Fo(")p Fu(,)32 -b Fs(e)7 b Fu(,)33 b Fs(s)1470 1636 y Fi(00)1513 1672 -y Ft(i)283 1855 y Fu(W)-8 b(e)31 b(then)f(pro)s(ceed)h(v)m(ery)h(m)m -(uc)m(h)e(as)g(in)g(the)g(case)h(of)f(the)g(comp)s(osition)e(statemen)m -(t)i(and)g(get)g(a)283 1975 y(con\014guration)i Ft(h)p -Fo(")p Fu(,)g Fs(e)1070 1939 y Fi(0)1094 1975 y Fu(,)g -Fs(s)1201 1939 y Fi(0)1225 1975 y Ft(i)g Fu(suc)m(h)i(that)527 -2158 y Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(],)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)1196 -2122 y Fn(k)1233 2131 y Fd(3)1304 2158 y Ft(h)p Fo(")p -Fu(,)g Fs(e)1500 2122 y Fi(0)1524 2158 y Fu(,)h Fs(s)1632 -2122 y Fi(0)1655 2158 y Ft(i)527 2326 y(h)p Fb(loop)p -Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(],)33 b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17 -b(])q(\),)32 b Fs(e)1567 2289 y Fi(0)1591 2326 y Fu(,)h -Fs(s)1699 2289 y Fi(0)1722 2326 y Ft(i)f Fh(\003)1871 -2289 y Fn(k)1908 2298 y Fd(4)1979 2326 y Ft(h)p Fo(")p -Fu(,)g Fs(e)7 b Fu(,)33 b Fs(s)2283 2289 y Fi(00)2326 -2326 y Ft(i)283 2508 y Fu(where)h(k)616 2523 y Fn(3)689 -2508 y Fu(+)f(k)849 2523 y Fn(4)921 2508 y Fu(=)g(k)1081 -2523 y Fn(2)1153 2508 y Ft(\000)g Fu(1.)44 b(Since)33 -b(k)1689 2523 y Fn(3)1762 2508 y Ft(\024)g Fu(k)1923 -2523 y Fn(0)1995 2508 y Fu(w)m(e)h(can)f(apply)f(the)i(induction)d(h)m -(yp)s(othesis)j(to)283 2629 y(the)f(\014rst)h(of)e(these)h(computation) -f(sequences)j(and)e(get)527 2812 y Ft(h)p Fs(S)12 b Fu(,)33 -b Fs(s)8 b Ft(i)32 b(!)g Fs(s)992 2775 y Fi(0)1048 2812 -y Fu(and)h Fs(e)1290 2775 y Fi(0)1346 2812 y Fu(=)f Fo(")283 -2994 y Fu(W)-8 b(e)35 b(can)g(then)f(use)i(that)e(k)1292 -3009 y Fn(4)1366 2994 y Ft(\024)g Fu(k)1528 3009 y Fn(0)1603 -2994 y Fu(and)g(apply)g(the)g(induction)g(h)m(yp)s(othesis)h(to)f(the)h -(compu-)283 3115 y(tation)d(sequence)j Ft(h)p Fb(loop)p -Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 -b(])q(,)32 b Ft(C)6 b(S)j Fu([)-17 b([)p Fs(S)12 b Fu(])-17 -b(])q(\),)32 b Fo(")p Fu(,)g Fs(s)2116 3079 y Fi(0)2140 -3115 y Ft(i)g Fh(\003)2288 3079 y Fn(k)2325 3088 y Fd(4)2397 -3115 y Ft(h)p Fo(")o Fu(,)h Fs(e)7 b Fu(,)33 b Fs(s)2701 -3079 y Fi(00)2743 3115 y Ft(i)g Fu(and)f(get)527 3298 -y Ft(h)p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 -b Fs(s)1248 3261 y Fi(0)1271 3298 y Ft(i)g(!)f Fs(s)1523 -3261 y Fi(00)1598 3298 y Fu(and)g Fs(e)40 b Fu(=)33 b -Fo(")283 3480 y Fu(Using)24 b(rule)f([while)997 3444 -y Fn(tt)985 3505 y(ns)1056 3480 y Fu(])h(w)m(e)h(then)f(get)g -Ft(h)p Fr(while)h Fs(b)30 b Fr(do)24 b Fs(S)12 b Fu(,)24 -b Fs(s)8 b Ft(i)24 b(!)f Fs(s)2529 3444 y Fi(00)2596 -3480 y Fu(as)h(required.)41 b(This)24 b(completes)283 -3601 y(the)33 b(pro)s(of)f(of)g(the)h(lemma.)2385 b Fh(2)430 -3804 y Fu(The)37 b(pro)s(of)e(tec)m(hnique)j(emplo)m(y)m(ed)e(in)g(the) -g(ab)s(o)m(v)m(e)h(pro)s(of)f(ma)m(y)g(b)s(e)g(summarized)f(as)i(fol-) -283 3924 y(lo)m(ws:)p 283 4054 3470 4 v 283 4071 V 281 -4279 4 208 v 298 4279 V 1371 4200 a Fw(Pro)s(of)32 b(Summary)h(for)f -(While)p Fu(:)p 3735 4279 V 3752 4279 V 281 4486 V 298 -4486 V 1266 4407 a Fw(Correctness)g(of)h(Implemen)m(tation)p -3735 4486 V 3752 4486 V 283 4490 3470 4 v 281 4979 4 -490 v 298 4979 V 350 4655 a Fu(1:)143 b(Pro)m(v)m(e)24 -b(b)m(y)h Fs(induction)h(on)f(the)i(shap)-5 b(e)25 b(of)h(derivation)g -(tr)-5 b(e)g(es)31 b Fu(that)23 b(for)g(eac)m(h)h(deriv)-5 -b(ation)569 4775 y(tree)34 b(in)g(the)g(natural)f(seman)m(tics)i(there) -g(is)e(a)h(corresp)s(onding)g(\014nite)g(computation)569 -4896 y(sequence)h(on)e(the)g(abstract)f(mac)m(hine.)p -3735 4979 V 3752 4979 V 281 5508 4 529 v 298 5508 V 350 -5063 a(2:)143 b(Pro)m(v)m(e)26 b(b)m(y)f Fs(induction)i(on)g(the)h -(length)f(of)g(c)-5 b(omputation)27 b(se)-5 b(quenc)g(es)32 -b Fu(that)25 b(for)f(eac)m(h)h(\014-)569 5184 y(nite)h(computation)f -(sequence)k(obtained)d(from)f(executing)i(a)f(statemen)m(t)h(of)f -Fw(While)569 5304 y Fu(on)41 b(the)h(abstract)f(mac)m(hine)g(there)h -(is)e(a)h(corresp)s(onding)h(deriv)-5 b(ation)39 b(tree)j(in)e(the)569 -5424 y(natural)31 b(seman)m(tics.)p 3735 5508 V 3752 -5508 V 283 5511 3470 4 v 283 5528 V eop -%%Page: 81 91 -81 90 bop 0 130 a Fw(3.4)112 b(An)38 b(alternativ)m(e)e(pro)s(of)i(tec) -m(hnique)1593 b(81)p 0 193 3473 4 v 0 515 a Fu(Note)28 -b(the)h Fs(similarities)35 b Fu(b)s(et)m(w)m(een)30 b(this)e(pro)s(of)f -(tec)m(hnique)i(and)f(that)g(for)g(sho)m(wing)g(the)g(equiv-)0 -636 y(alence)j(of)g(t)m(w)m(o)i(op)s(erational)28 b(seman)m(tics)k -(\(see)h(Section)e(2.3\).)42 b(Again)31 b(one)g(has)h(to)f(b)s(e)h -(careful)0 756 y(when)47 b(adapting)d(this)i(approac)m(h)g(to)f(a)g -(language)g(with)g(additional)e(programming)g(con-)0 -877 y(structs)34 b(or)e(a)g(di\013eren)m(t)h(mac)m(hine)f(language.)0 -1091 y Fw(Exercise)k(3.23)49 b Fu(Consider)33 b(the)f(\\optimized")e -(co)s(de)j(generation)e(function)h Ft(C)6 b(S)3021 1055 -y Fi(0)3077 1091 y Fu(that)32 b(is)f(as)0 1211 y Ft(C)6 -b(S)46 b Fu(of)37 b(T)-8 b(able)38 b(3.3)f(except)j(that)e -Ft(C)6 b(S)1371 1175 y Fi(0)1394 1211 y Fu([)-17 b([)p -Fr(skip)p Fu(])g(])40 b(=)e Fo(")o Fu(.)60 b(W)-8 b(ould)37 -b(this)g(complicate)g(the)h(pro)s(of)f(of)0 1332 y(Theorem)c(3.20?)2766 -b Fh(2)0 1546 y Fw(Exercise)36 b(3.24)49 b Fu(Extend)29 -b(the)e(pro)s(of)f(of)h(Theorem)g(3.20)f(to)h(hold)f(for)h(the)g -Fw(While)e Fu(language)0 1666 y(extended)48 b(with)e -Fr(repeat)i Fs(S)58 b Fr(until)48 b Fs(b)6 b Fu(.)85 -b(The)47 b(co)s(de)g(generated)g(for)f(this)g(construct)h(w)m(as)0 -1787 y(studied)33 b(in)f(Exercise)i(3.14)e(and)g(its)g(natural)g(seman) -m(tics)h(in)e(Exercise)j(2.7.)593 b Fh(2)0 2001 y Fw(Exercise)36 -b(3.25)49 b Fu(Pro)m(v)m(e)27 b(that)f(the)g(co)s(de)g(generated)g(for) -g Fw(AM)2314 2016 y Fn(1)2379 2001 y Fu(in)e(Exercise)j(3.16)f(is)f -(correct.)0 2121 y(What)33 b(assumptions)f(do)h(y)m(ou)g(need)g(to)g -(mak)m(e)f(ab)s(out)g Fs(env)11 b Fu(?)1168 b Fh(2)0 -2452 y Fj(3.4)161 b(An)53 b(alternativ)l(e)h(pro)t(of)g(tec)l(hnique)0 -2671 y Fu(In)32 b(Theorem)f(3.20)g(w)m(e)i(pro)m(v)m(ed)g(the)e -(correctness)j(of)d(the)h(implemen)m(tation)c(with)j(resp)s(ect)i(to)0 -2792 y(the)j(natural)f(seman)m(tics.)53 b(It)36 b(is)f(ob)m(vious)h -(that)g(the)g(implemen)m(tation)d(will)g(also)i(b)s(e)h(correct)0 -2912 y(with)c(resp)s(ect)i(to)e(the)h(structural)g(op)s(erational)d -(seman)m(tics,)j(that)f(is)244 3105 y Ft(S)312 3120 y -Fn(sos)407 3105 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])33 -b(=)g Ft(S)758 3120 y Fn(am)856 3105 y Fu([)-17 b([)p -Fs(S)12 b Fu(])-17 b(])33 b(for)f(all)f(statemen)m(ts)i -Fs(S)45 b Fu(of)32 b Fw(While)0 3298 y Fu(b)s(ecause)41 -b(w)m(e)g(sho)m(w)m(ed)h(in)d(Theorem)h(2.26)g(that)f(the)i(natural)e -(seman)m(tics)h(is)f(equiv)-5 b(alen)m(t)40 b(to)0 3418 -y(the)35 b(structural)f(op)s(erational)e(seman)m(tics.)49 -b(Ho)m(w)m(ev)m(er,)37 b(one)e(migh)m(t)e(argue)h(that)g(it)g(w)m(ould) -g(b)s(e)0 3538 y(easier)e(to)f(giv)m(e)h(a)g(direct)f(pro)s(of)h(of)f -(the)h(correctness)i(of)e(the)g(implemen)m(tation)d(with)i(resp)s(ect)0 -3659 y(to)d(the)h(structural)f(op)s(erational)e(seman)m(tics,)j(b)s -(ecause)h(b)s(oth)e(approac)m(hes)i(are)e(based)i(on)e(the)0 -3779 y(idea)c(of)h(sp)s(ecifying)g(the)g(individual)e(steps)j(of)f(the) -g(computation.)40 b(W)-8 b(e)25 b(shall)f(commen)m(t)g(up)s(on)0 -3899 y(this)32 b(shortly)-8 b(.)146 4020 y(A)39 b(direct)g(pro)s(of)f -(of)h(the)g(correctness)i(result)e(with)g(resp)s(ect)h(to)f(the)g -(structural)g(op)s(era-)0 4140 y(tional)31 b(seman)m(tics)j(could)f -(pro)s(ceed)h(as)g(follo)m(ws.)45 b(W)-8 b(e)34 b(shall)e(de\014ne)j(a) -e Fs(bisimulation)40 b Fu(relation)0 4261 y Ft(\031)31 -b Fu(b)s(et)m(w)m(een)i(the)e(con\014gurations)g(of)f(the)h(structural) -g(op)s(erational)d(seman)m(tics)j(and)g(those)h(of)0 -4381 y(the)h(op)s(erational)d(seman)m(tics)j(for)f Fw(AM)p -Fu(.)h(It)f(is)g(de\014ned)i(b)m(y)294 4565 y Ft(h)o -Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)99 b(\031)h(hC)6 b(S)i -Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 b Fo(")p Fu(,)f -Fs(s)8 b Ft(i)498 4733 y Fs(s)107 b Ft(\031)100 b(h)p -Fo(")p Fu(,)32 b Fo(")p Fu(,)h Fs(s)8 b Ft(i)0 4919 y -Fu(for)30 b(all)f(statemen)m(ts)j Fs(S)42 b Fu(and)31 -b(states)h Fs(s)8 b Fu(.)43 b(The)31 b(\014rst)h(stage)f(will)d(then)k -(b)s(e)f(to)f(pro)m(v)m(e)i(that)f(when-)0 5039 y(ev)m(er)43 -b Fs(one)48 b Fu(step)43 b(of)e(the)h(structural)g(op)s(erational)d -(seman)m(tics)j Fs(changes)48 b Fu(the)42 b(con\014guration)0 -5160 y(then)32 b(there)g(is)f(a)f Fs(se)-5 b(quenc)g(e)38 -b Fu(of)31 b(steps)i(in)d(the)i(seman)m(tics)f(of)g Fw(AM)g -Fu(that)g(will)e(mak)m(e)i(a)g Fs(similar)0 5280 y(change)39 -b Fu(in)32 b(the)h(con\014guration)e(of)i(the)g(abstract)f(mac)m(hine:) -0 5494 y Fw(Exercise)k(3.26)49 b Fu(*)33 b(Sho)m(w)g(that)f(if)p -eop -%%Page: 82 92 -82 91 bop 251 130 a Fw(82)1535 b(3)112 b(Pro)m(v)-6 b(ably)36 -b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 527 -515 a Fo(\015)583 530 y Fn(sos)711 515 y Ft(\031)c Fo(\015)877 -530 y Fn(am)1008 515 y Fu(and)f Fo(\015)1253 530 y Fn(sos)1381 -515 y Ft(\))g Fo(\015)1569 479 y Fi(0)1569 540 y Fn(sos)283 -774 y Fu(then)i(there)f(exists)g(a)g(con\014guration)e -Fo(\015)1752 738 y Fi(0)1752 798 y Fn(am)1883 774 y Fu(suc)m(h)j(that) -527 1032 y Fo(\015)583 1047 y Fn(am)714 1032 y Fh(\003)792 -996 y Fn(+)883 1032 y Fo(\015)939 996 y Fi(0)939 1057 -y Fn(am)1070 1032 y Fu(and)f Fo(\015)1316 996 y Fi(0)1316 -1057 y Fn(sos)1443 1032 y Ft(\031)g Fo(\015)1609 996 -y Fi(0)1609 1057 y Fn(am)283 1291 y Fu(Argue)g(that)g(this)f(means)h -(that)f(if)f Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 -b(\))1959 1255 y Fi(\003)2030 1291 y Fs(s)2078 1255 y -Fi(0)2134 1291 y Fu(then)i Ft(h)o(C)7 b(S)g Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(],)33 b Fo(")p Fu(,)f Fs(s)8 -b Ft(i)33 b Fh(\003)3025 1255 y Fi(\003)3097 1291 y Ft(h)p -Fo(")o Fu(,)g Fo(")p Fu(,)f Fs(s)3394 1255 y Fi(0)3418 -1291 y Ft(i)o Fu(.)198 b Fh(2)430 1596 y Fu(The)33 b(second)h(part)e -(of)g(the)h(pro)s(of)e(is)h(to)g(sho)m(w)i(that)e(whenev)m(er)j -Fw(AM)d Fu(mak)m(es)h(a)f(sequence)283 1717 y(of)f(mo)m(v)m(es)h(from)e -(a)h(con\014guration)g(with)g(an)g Fs(empty)40 b Fu(ev)-5 -b(aluation)29 b(stac)m(k)k(to)e(another)g(con\014gu-)283 -1837 y(ration)j(with)g(an)h Fs(empty)44 b Fu(ev)-5 b(aluation)33 -b(stac)m(k,)k(then)e(the)h(structural)e(op)s(erational)f(seman)m(tics) -283 1957 y(can)39 b(mak)m(e)g(a)f(similar)d(c)m(hange)40 -b(of)e(con\014gurations.)60 b(Note)39 b(that)f Fw(AM)h -Fu(ma)m(y)f(ha)m(v)m(e)i(to)e(mak)m(e)283 2078 y(more)e(than)g(one)h -(step)g(to)f(arriv)m(e)g(at)g(a)g(con\014guration)g(with)g(an)g(empt)m -(y)h(stac)m(k,)h(due)f(to)f(the)283 2198 y(w)m(a)m(y)48 -b(it)e(ev)-5 b(aluates)47 b(expressions;)56 b(in)46 b(the)h(structural) -f(op)s(erational)f(seman)m(tics,)50 b(ho)m(w)m(ev)m(er,)283 -2319 y(expressions)35 b(are)d(ev)-5 b(aluated)33 b(as)f(part)h(of)f(a)g -(single)g(step.)283 2635 y Fw(Exercise)37 b(3.27)49 b -Fu(**)32 b(Assume)h(that)g Fo(\015)1734 2650 y Fn(sos)1861 -2635 y Ft(\031)g Fo(\015)2039 2599 y Fn(1)2027 2660 y(am)2158 -2635 y Fu(and)527 2893 y Fo(\015)595 2857 y Fn(1)583 -2918 y(am)714 2893 y Fh(\003)g Fo(\015)892 2857 y Fn(2)880 -2918 y(am)1011 2893 y Fh(\003)g Ft(\001)17 b(\001)g(\001)31 -b Fh(\003)i Fo(\015)1447 2857 y Fn(k)1436 2918 y(am)283 -3152 y Fu(where)e(k)p Fo(>)p Fu(1)e(and)h(only)f Fo(\015)1232 -3116 y Fn(1)1221 3177 y(am)1348 3152 y Fu(and)g Fo(\015)1602 -3116 y Fn(k)1590 3177 y(am)1718 3152 y Fu(ha)m(v)m(e)h(empt)m(y)g(ev)-5 -b(aluation)28 b(stac)m(ks)j(\(that)e(is,)g(are)h(of)e(the)283 -3272 y(form)k Ft(h)p Fs(c)6 b Fu(,)32 b Fo(")o Fu(,)h -Fs(s)8 b Ft(i)p Fu(\).)43 b(Sho)m(w)34 b(that)e(there)h(exists)h(a)e -(con\014guration)g Fo(\015)2679 3236 y Fi(0)2679 3297 -y Fn(sos)2806 3272 y Fu(suc)m(h)i(that)527 3531 y Fo(\015)583 -3546 y Fn(sos)711 3531 y Ft(\))e Fo(\015)899 3495 y Fi(0)899 -3555 y Fn(sos)1027 3531 y Fu(and)g Fo(\015)1272 3495 -y Fi(0)1272 3555 y Fn(sos)1400 3531 y Ft(\031)h Fo(\015)1578 -3495 y Fn(k)1566 3555 y(am)283 3789 y Fu(Argue)g(that)g(this)f(means)h -(that)f(if)f Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(],)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)2243 -3753 y Fi(\003)2315 3789 y Ft(h)p Fo(")o Fu(,)h Fo(")o -Fu(,)g Fs(s)2612 3753 y Fi(0)2635 3789 y Ft(i)g Fu(then)g -Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(\))3313 -3753 y Fi(\003)3385 3789 y Fs(s)3433 3753 y Fi(0)3456 -3789 y Fu(.)198 b Fh(2)283 4095 y Fw(Exercise)37 b(3.28)49 -b Fu(Sho)m(w)e(that)f(Exercises)i(3.26)d(and)i(3.27)e(together)i -(constitute)f(a)g(direct)283 4215 y(pro)s(of)32 b(of)g -Ft(S)717 4230 y Fn(sos)812 4215 y Fu([)-17 b([)q Fs(S)12 -b Fu(])-17 b(])33 b(=)f Ft(S)1163 4230 y Fn(am)1261 4215 -y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 b(for)f(all)e(statemen)m -(ts)k Fs(S)44 b Fu(of)32 b Fw(While)p Fu(.)912 b Fh(2)430 -4520 y Fu(The)41 b(success)i(of)d(this)g(approac)m(h)h(relies)e(on)i -(the)f(t)m(w)m(o)h(seman)m(tics)g(pro)s(ceeding)f(in)g -Fs(lo)-5 b(ck-)283 4641 y(step)p Fu(:)51 b(that)36 b(one)h(is)f(able)f -(to)h(\014nd)h(con\014gurations)f(in)f(the)i(t)m(w)m(o)g(deriv)-5 -b(ation)35 b(sequences)k(that)283 4761 y(corresp)s(ond)e(to)f(one)g -(another)g(\(as)h(sp)s(eci\014ed)f(b)m(y)h(the)g(bisim)m(ulation)32 -b(relation\).)52 b(Often)36 b(this)283 4882 y(is)41 b(not)g(p)s -(ossible)f(and)i(then)f(one)h(has)f(to)g(raise)g(the)g(lev)m(el)g(of)f -(abstraction)h(for)f(one)i(of)e(the)283 5002 y(seman)m(tics.)h(This)23 -b(is)g(exactly)h(what)f(happ)s(ens)i(when)f(the)g(structural)f(op)s -(erational)e(seman)m(tics)283 5122 y(is)31 b(replaced)g(b)m(y)h(the)f -(natural)f(seman)m(tics:)43 b(w)m(e)31 b(do)g(not)g(care)g(ab)s(out)g -(the)g(individual)d(steps)k(of)283 5243 y(the)h(execution)h(but)f(only) -f(on)g(the)h(result.)430 5374 y(The)27 b(pro)s(of)f(tec)m(hnique)i -(emplo)m(y)m(ed)f(in)e(the)i(ab)s(o)m(v)m(e)g(sk)m(etc)m(h)i(of)d(pro)s -(of)g(ma)m(y)g(b)s(e)h(summarized)283 5494 y(as)33 b(follo)m(ws:)p -eop -%%Page: 83 93 -83 92 bop 0 130 a Fw(3.4)112 b(An)38 b(alternativ)m(e)e(pro)s(of)i(tec) -m(hnique)1593 b(83)p 0 193 3473 4 v 0 419 3470 4 v 0 -436 V -2 643 4 208 v 15 643 V 1088 564 a(Pro)s(of)32 -b(Summary)g(for)h(While)p Fu(:)p 3452 643 V 3469 643 -V -2 851 V 15 851 V 513 772 a Fw(Correctness)g(of)g(Implemen)m(tation)d -(using)i(Bisim)m(ulation)p 3452 851 V 3469 851 V 0 854 -3470 4 v -2 1464 4 610 v 15 1464 V 66 1020 a Fu(1:)143 -b(Pro)m(v)m(e)36 b(that)e(one)g(step)h(in)e(the)i(structural)f(op)s -(erational)e(seman)m(tics)i(can)g(b)s(e)h(sim)m(u-)285 -1140 y(lated)j(b)m(y)i(a)f(non-empt)m(y)g(sequence)i(of)d(steps)j(on)d -(the)i(abstract)f(mac)m(hine.)61 b(Sho)m(w)285 1260 y(that)56 -b(this)f(extends)j(to)d(sequences)k(of)c(steps)i(in)e(the)h(structural) -g(op)s(erational)285 1381 y(seman)m(tics.)p 3452 1464 -V 3469 1464 V -2 1993 4 529 v 15 1993 V 66 1549 a(2:)143 -b(Pro)m(v)m(e)44 b(that)e(a)f(carefully)g(selected)j(non-empt)m(y)e -(sequence)i(of)e(steps)h(on)f(the)h(ab-)285 1669 y(stract)d(mac)m(hine) -e(can)h(b)s(e)g(sim)m(ulated)f(b)m(y)i(a)f(step)g(in)g(the)g -(structural)g(op)s(erational)285 1789 y(seman)m(tics.)49 -b(Sho)m(w)35 b(that)f(this)g(extends)i(to)e(more)g(general)g(sequences) -j(of)d(steps)h(on)285 1910 y(the)e(abstract)g(mac)m(hine.)p -3452 1993 V 3469 1993 V 0 1996 3470 4 v 0 2013 V 0 2209 -a(Again,)41 b(this)g(metho)s(d)f(needs)i(to)e(b)s(e)g(mo)s(di\014ed)g -(when)h(considering)f(a)g(programming)e(lan-)0 2329 y(guage)32 -b(with)h(additional)c(constructs)34 b(or)f(a)f(di\013eren)m(t)h -(abstract)g(mac)m(hine.)0 2557 y Fw(Exercise)j(3.29)49 -b Fu(*)34 b(Consider)f(the)h(follo)m(wing,)e(seemingly)g(inno)s(cen)m -(t,)i(mo)s(di\014cation)d(of)i(the)0 2678 y(structural)e(op)s -(erational)d(seman)m(tics)j(of)g(T)-8 b(able)30 b(2.2)h(in)f(whic)m(h)h -([while)2571 2693 y Fn(sos)2666 2678 y Fu(])g(is)f(replaced)h(b)m(y)h -(the)0 2798 y(t)m(w)m(o)h(axioms:)244 3001 y Ft(h)p Fr(while)g -Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 -b(\))f(h)p Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)k Fr(do)33 -b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b Fu(if)g Ft(B)s -Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 -b Fw(tt)244 3169 y Ft(h)p Fr(while)h Fs(b)39 b Fr(do)33 -b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))f Fs(s)878 -b Fu(if)32 b Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(])p Fs(s)41 b Fu(=)32 b Fw(\013)0 3372 y Fu(Sho)m(w)h(that)g(the)g -(mo)s(di\014ed)e(seman)m(tic)h(function,)h Ft(S)1916 -3336 y Fi(0)1916 3397 y Fn(sos)2011 3372 y Fu(,)g(satis\014es)244 -3576 y Ft(S)312 3591 y Fn(sos)407 3576 y Fu([)-17 b([)p -Fs(S)12 b Fu(])-17 b(])33 b(=)g Ft(S)758 3540 y Fi(0)758 -3600 y Fn(sos)853 3576 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 -b(])33 b(for)f(all)f(statemen)m(ts)i Fs(S)45 b Fu(of)32 -b Fw(While)0 3779 y Fu(In)m(v)m(estigate)h(whether)h(or)d(not)h(this)g -(complicates)f(the)h(pro)s(ofs)g(of)g(\(analogues)f(of)7 -b(\))32 b(Exercises)0 3900 y(3.26)g(and)h(3.27.)2801 -b Fh(2)p eop -%%Page: 84 94 -84 93 bop 251 130 a Fw(84)1535 b(3)112 b(Pro)m(v)-6 b(ably)36 -b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v eop -%%Page: 85 95 -85 94 bop 0 1184 a Fv(Chapter)78 b(4)0 1604 y(Denotational)g(Seman)-6 -b(tics)0 2062 y Fu(In)45 b(the)g(op)s(erational)d(approac)m(h)j(w)m(e)h -(w)m(ere)g(in)m(terested)g(in)e Fs(how)54 b Fu(a)45 b(program)e(is)h -(executed.)0 2182 y(This)37 b(is)g(con)m(trary)h(to)f(the)h -(denotational)d(approac)m(h)j(where)g(w)m(e)h(are)e(merely)g(in)m -(terested)h(in)0 2302 y(the)32 b Fs(e\013e)-5 b(ct)40 -b Fu(of)30 b(executing)i(a)f(program.)42 b(By)31 b(e\013ect)h(w)m(e)g -(here)g(mean)f(an)g(asso)s(ciation)e(b)s(et)m(w)m(een)0 -2423 y(initial)k(states)38 b(and)e(\014nal)g(states.)57 -b(The)38 b(idea)e(then)h(is)g(to)f(de\014ne)i(a)e Fs(semantic)i -(function)44 b Fu(for)0 2543 y(eac)m(h)27 b Fs(syntactic)j(c)-5 -b(ate)g(gory)p Fu(.)41 b(It)27 b(maps)f(eac)m(h)h Fs(syntactic)j(c)-5 -b(onstruct)36 b Fu(to)26 b(a)h Fs(mathematic)-5 b(al)28 -b(obje)-5 b(ct)p Fu(,)0 2664 y(often)33 b(a)f(function,)g(that)g -(describ)s(es)i(the)f(e\013ect)g(of)g(executing)g(that)f(construct.)146 -2789 y(The)i(hallmark)c(of)i(denotational)e(seman)m(tics)j(is)f(that)g -(seman)m(tic)g(functions)h(are)f(de\014ned)0 2909 y Fs(c)-5 -b(omp)g(ositional)5 b(ly)p Fu(,)31 b(that)i(is)145 3137 -y Ft(\017)49 b Fu(there)d(is)e(a)h(seman)m(tic)g(clause)g(for)g(eac)m -(h)h(of)e(the)i(basis)f(elemen)m(ts)g(of)g(the)h(syn)m(tactic)244 -3257 y(category)-8 b(,)33 b(and)145 3485 y Ft(\017)49 -b Fu(for)32 b(eac)m(h)h(metho)s(d)f(of)f(constructing)i(a)f(comp)s -(osite)f(elemen)m(t)h(\(in)g(the)g(syn)m(tactic)i(cate-)244 -3605 y(gory\))40 b(there)i(is)e(a)g(seman)m(tic)g(clause)h(de\014ned)h -(in)e(terms)g(of)h(the)g(seman)m(tic)f(function)244 3726 -y(applied)31 b(to)i(the)g(immediate)c(constituen)m(ts)34 -b(of)e(the)h(comp)s(osite)f(elemen)m(t.)0 3953 y(The)j(functions)e -Ft(A)h Fu(and)f Ft(B)k Fu(de\014ned)f(in)d(Chapter)h(1)f(are)h -(examples)g(of)f(denotational)f(de\014ni-)0 4073 y(tions:)51 -b(the)36 b(mathematical)e(ob)5 b(jects)37 b(asso)s(ciated)g(with)f -(arithmetic)e(expressions)k(are)e(func-)0 4194 y(tions)26 -b(in)f Fw(State)33 b Ft(!)f Fw(Z)27 b Fu(and)f(those)h(asso)s(ciated)g -(with)e(b)s(o)s(olean)g(expressions)j(are)f(functions)f(in)0 -4314 y Fw(State)33 b Ft(!)f Fw(T)p Fu(.)42 b(The)29 b(functions)f -Ft(S)1247 4329 y Fn(ns)1347 4314 y Fu(and)g Ft(S)1600 -4329 y Fn(sos)1724 4314 y Fu(asso)s(ciate)g(mathematical)d(ob)5 -b(jects)29 b(with)f(eac)m(h)0 4435 y(statemen)m(t,)43 -b(namely)d(partial)f(functions)h(in)g Fw(State)h Fo(,)-17 -b Ft(!)41 b Fw(State)p Fu(.)68 b(Ho)m(w)m(ev)m(er,)45 -b(they)d(are)e Fs(not)0 4555 y Fu(examples)28 b(of)g(denotational)e -(de\014nitions)i(b)s(ecause)i(they)f(are)f Fs(not)38 -b Fu(de\014ned)29 b(comp)s(ositionally)-8 b(.)0 4918 -y Fj(4.1)161 b(Direct)53 b(st)l(yle)g(seman)l(tics:)70 -b(sp)t(eci\014cation)0 5147 y Fu(The)32 b(e\013ect)g(of)f(executing)h -(a)f(statemen)m(t)g Fs(S)43 b Fu(is)31 b(to)g(c)m(hange)h(the)g(state)f -(so)h(w)m(e)g(shall)e(de\014ne)i(the)0 5267 y(meaning)f(of)h -Fs(S)45 b Fu(to)32 b(b)s(e)h(a)f(partial)e(function)i(on)h(states:)244 -5494 y Ft(S)312 5509 y Fn(ds)383 5494 y Fu(:)43 b Fw(Stm)32 -b Ft(!)g Fu(\()p Fw(State)h Fo(,)-17 b Ft(!)32 b Fw(State)p -Fu(\))1687 5849 y(85)p eop -%%Page: 86 96 -86 95 bop 251 130 a Fw(86)2034 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 1501 -4 1083 v 666 519 a Ft(S)733 534 y Fn(ds)805 519 y Fu([)-17 -b([)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])q Fs(s)40 -b Fu(=)33 b Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17 -b([)q Fs(a)7 b Fu(])-17 b(])p Fs(s)8 b Fu(])666 710 y -Ft(S)733 725 y Fn(ds)805 710 y Fu([)-17 b([)p Fr(skip)p -Fu(])g(])34 b(=)f(id)666 901 y Ft(S)733 916 y Fn(ds)805 -901 y Fu([)-17 b([)p Fs(S)909 916 y Fn(1)981 901 y Fu(;)33 -b Fs(S)1108 916 y Fn(2)1147 901 y Fu(])-17 b(])33 b(=)f -Ft(S)1393 916 y Fn(ds)1464 901 y Fu([)-17 b([)q Fs(S)1569 -916 y Fn(2)1608 901 y Fu(])g(])33 b Ft(\016)g(S)1828 -916 y Fn(ds)1900 901 y Fu([)-17 b([)p Fs(S)2004 916 y -Fn(1)2043 901 y Fu(])g(])666 1092 y Ft(S)733 1107 y Fn(ds)805 -1092 y Fu([)g([)p Fr(if)33 b Fs(b)39 b Fr(then)33 b Fs(S)1365 -1107 y Fn(1)1437 1092 y Fr(else)h Fs(S)1742 1107 y Fn(2)1781 -1092 y Fu(])-17 b(])33 b(=)f(cond\()p Ft(B)t Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(S)2520 1107 y Fn(ds)2591 -1092 y Fu([)-17 b([)q Fs(S)2696 1107 y Fn(1)2735 1092 -y Fu(])g(],)33 b Ft(S)2900 1107 y Fn(ds)2971 1092 y Fu([)-17 -b([)q Fs(S)3076 1107 y Fn(2)3115 1092 y Fu(])g(]\))666 -1284 y Ft(S)733 1299 y Fn(ds)805 1284 y Fu([)g([)p Fr(while)34 -b Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)g(FIX)f -Fs(F)1138 1451 y Fu(where)i Fs(F)45 b(g)c Fu(=)33 b(cond\()p -Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b -Fs(g)41 b Ft(\016)33 b(S)2453 1466 y Fn(ds)2524 1451 -y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))p -3753 1501 V 283 1504 3473 4 v 1054 1665 a(T)-8 b(able)33 -b(4.1:)43 b(Denotational)30 b(seman)m(tics)i(for)h Fw(While)283 -1920 y Fu(This)k(is)f(also)g(the)h(functionalit)m(y)e(of)h -Ft(S)1743 1935 y Fn(ns)1850 1920 y Fu(and)h Ft(S)2112 -1935 y Fn(sos)2244 1920 y Fu(and)f(the)h(need)h(for)e(partialit)m(y)e -(is)i(again)283 2041 y(demonstrated)26 b(b)m(y)g(the)g(statemen)m(t)f -Fr(while)i(true)f(do)g(skip)p Fu(.)42 b(The)26 b(de\014nition)e(is)h -(summarized)283 2161 y(in)38 b(T)-8 b(able)39 b(4.1)f(and)h(w)m(e)g -(explain)f(it)g(in)g(detail)f(b)s(elo)m(w;)k(in)d(particular,)h(w)m(e)g -(shall)f(de\014ne)h(the)283 2281 y Fs(auxiliary)c(functions)40 -b Fu(`cond')34 b(and)e(FIX.)430 2402 y(F)-8 b(or)32 b(assignmen)m(t)g -(the)h(clause)527 2590 y Ft(S)595 2605 y Fn(ds)666 2590 -y Fu([)-17 b([)q Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17 -b(])q Fs(s)40 b Fu(=)33 b Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p -Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])283 -2778 y(ensures)34 b(that)e(if)f Ft(S)993 2793 y Fn(ds)1064 -2778 y Fu([)-17 b([)q Fs(x)43 b Fu(:=)32 b Fs(a)7 b Fu(])-17 -b(])q Fs(s)40 b Fu(=)32 b Fs(s)1656 2741 y Fi(0)1711 -2778 y Fu(then)h Fs(s)1981 2741 y Fi(0)2036 2778 y Fs(x)44 -b Fu(=)31 b Ft(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])p -Fs(s)40 b Fu(and)32 b Fs(s)2761 2741 y Fi(0)2817 2778 -y Fs(y)41 b Fu(=)32 b Fs(s)40 b(y)g Fu(for)32 b Fs(y)9 -b Ft(6)p Fu(=)p Fs(x)j Fu(.)43 b(The)283 2898 y(clause)35 -b(for)g Fr(skip)h Fu(expresses)h(that)e(no)g(state)g(c)m(hange)h(tak)m -(es)g(place:)47 b(the)36 b(function)e(id)g(is)g(the)283 -3018 y(iden)m(tit)m(y)f(function)f(on)g Fw(State)h Fu(so)g -Ft(S)1637 3033 y Fn(ds)1708 3018 y Fu([)-17 b([)p Fr(skip)p -Fu(])g(])r Fs(s)41 b Fu(=)32 b Fs(s)8 b Fu(.)430 3139 -y(F)-8 b(or)32 b(sequencing)i(the)f(clause)f(is)527 3327 -y Ft(S)595 3342 y Fn(ds)666 3327 y Fu([)-17 b([)q Fs(S)771 -3342 y Fn(1)843 3327 y Fu(;)32 b Fs(S)969 3342 y Fn(2)1009 -3327 y Fu(])-17 b(])33 b(=)f Ft(S)1255 3342 y Fn(ds)1326 -3327 y Fu([)-17 b([)q Fs(S)1431 3342 y Fn(2)1470 3327 -y Fu(])g(])33 b Ft(\016)f(S)1690 3342 y Fn(ds)1761 3327 -y Fu([)-17 b([)q Fs(S)1866 3342 y Fn(1)1905 3327 y Fu(])g(])283 -3515 y(So)42 b(the)g(e\013ect)h(of)e(executing)i Fs(S)1505 -3530 y Fn(1)1586 3515 y Fu(;)j Fs(S)1726 3530 y Fn(2)1807 -3515 y Fu(is)41 b(the)i(functional)d(comp)s(osition)f(of)i(the)i -(e\013ect)f(of)283 3635 y(executing)26 b Fs(S)779 3650 -y Fn(1)843 3635 y Fu(and)e(that)h(of)f(executing)i Fs(S)1827 -3650 y Fn(2)1866 3635 y Fu(.)41 b(F)-8 b(unctional)22 -b(comp)s(osition)h(is)h(de\014ned)i(suc)m(h)g(that)283 -3755 y(if)31 b(one)h(of)f(the)h(functions)g(is)f(unde\014ned)j(on)e(a)f -(giv)m(en)h(argumen)m(t)f(then)i(their)e(comp)s(osition)e(is)283 -3876 y(unde\014ned)35 b(as)e(w)m(ell.)42 b(Giv)m(en)33 -b(a)f(state)h Fs(s)8 b Fu(,)33 b(w)m(e)g(therefore)h(ha)m(v)m(e)527 -4064 y Ft(S)595 4079 y Fn(ds)666 4064 y Fu([)-17 b([)q -Fs(S)771 4079 y Fn(1)843 4064 y Fu(;)32 b Fs(S)969 4079 -y Fn(2)1009 4064 y Fu(])-17 b(])p Fs(s)846 4228 y Fu(=)99 -b(\()p Ft(S)1127 4243 y Fn(ds)1198 4228 y Fu([)-17 b([)q -Fs(S)1303 4243 y Fn(2)1342 4228 y Fu(])g(])33 b Ft(\016)g(S)1562 -4243 y Fn(ds)1634 4228 y Fu([)-17 b([)p Fs(S)1738 4243 -y Fn(1)1777 4228 y Fu(])g(])q(\))p Fs(s)846 4735 y Fu(=)1021 -4312 y Fg(8)1021 4386 y(>)1021 4411 y(>)1021 4436 y(>)1021 -4461 y(>)1021 4486 y(>)1021 4511 y(>)1021 4536 y(>)1021 -4561 y(>)1021 4586 y(>)1021 4611 y(>)1021 4635 y(<)1021 -4785 y(>)1021 4810 y(>)1021 4835 y(>)1021 4860 y(>)1021 -4885 y(>)1021 4909 y(>)1021 4934 y(>)1021 4959 y(>)1021 -4984 y(>)1021 5009 y(>)1021 5034 y(:)1137 4399 y Fs(s)1185 -4363 y Fi(00)1455 4399 y Fu(if)32 b(there)h(exists)h -Fs(s)2112 4363 y Fi(0)2167 4399 y Fu(suc)m(h)g(that)f -Ft(S)2667 4414 y Fn(ds)2738 4399 y Fu([)-17 b([)p Fs(S)2842 -4414 y Fn(1)2882 4399 y Fu(])g(])p Fs(s)41 b Fu(=)32 -b Fs(s)3156 4363 y Fi(0)1455 4567 y Fu(and)h Ft(S)1713 -4582 y Fn(ds)1784 4567 y Fu([)-17 b([)q Fs(S)1889 4582 -y Fn(2)1928 4567 y Fu(])g(])q Fs(s)2014 4531 y Fi(0)2069 -4567 y Fu(=)33 b Fs(s)2226 4531 y Fi(00)1137 4734 y Fu(undef)p -1137 4747 236 4 v 83 w(if)f Ft(S)1613 4749 y Fn(ds)1684 -4734 y Fu([)-17 b([)p Fs(S)1788 4749 y Fn(1)1828 4734 -y Fu(])g(])p Fs(s)41 b Fu(=)32 b(undef)p 2054 4747 V -1455 4902 a(or)h(if)e(there)i(exists)h Fs(s)2231 4866 -y Fi(0)2287 4902 y Fu(suc)m(h)g(that)e Ft(S)2786 4917 -y Fn(ds)2857 4902 y Fu([)-17 b([)q Fs(S)2962 4917 y Fn(1)3001 -4902 y Fu(])g(])p Fs(s)41 b Fu(=)32 b Fs(s)3275 4866 -y Fi(0)1455 5070 y Fu(but)h Ft(S)1702 5085 y Fn(ds)1773 -5070 y Fu([)-17 b([)q Fs(S)1878 5085 y Fn(2)1917 5070 -y Fu(])g(])q Fs(s)2003 5033 y Fi(0)2059 5070 y Fu(=)32 -b(undef)p 2167 5083 V 283 5254 a(It)46 b(follo)m(ws)f(that)h(the)g -(sequencing)h(construct)g(will)d(only)h(giv)m(e)h(a)f(de\014ned)j -(result)d(if)g(b)s(oth)283 5374 y(comp)s(onen)m(ts)34 -b(do.)430 5494 y(F)-8 b(or)32 b(conditional)e(the)j(clause)f(is)p -eop -%%Page: 87 97 -87 96 bop 0 130 a Fw(4.1)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:)50 -b(sp)s(eci\014cation)1342 b(87)p 0 193 3473 4 v 244 515 -a Ft(S)312 530 y Fn(ds)383 515 y Fu([)-17 b([)p Fr(if)34 -b Fs(b)k Fr(then)c Fs(S)944 530 y Fn(1)1015 515 y Fr(else)g -Fs(S)1320 530 y Fn(2)1359 515 y Fu(])-17 b(])33 b(=)g(cond\()p -Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b -Ft(S)2098 530 y Fn(ds)2169 515 y Fu([)-17 b([)q Fs(S)2274 -530 y Fn(1)2313 515 y Fu(])g(])q(,)32 b Ft(S)2478 530 -y Fn(ds)2549 515 y Fu([)-17 b([)q Fs(S)2654 530 y Fn(2)2693 -515 y Fu(])g(])q(\))0 715 y(and)33 b(the)g(auxiliary)d(function)i -(`cond')h(has)g(functionalit)m(y)244 915 y(cond:)44 b(\()p -Fw(State)32 b Ft(!)h Fw(T)p Fu(\))f Ft(\002)h Fu(\()p -Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)p Fu(\))g Ft(\002)g -Fu(\()p Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)p Fu(\))515 -1082 y Ft(!)f Fu(\()p Fw(State)h Fo(,)-17 b Ft(!)32 b -Fw(State)p Fu(\))0 1282 y(and)h(is)f(de\014ned)i(b)m(y)244 -1563 y(cond\()p Fs(p)6 b Fu(,)33 b Fs(g)652 1578 y Fn(1)691 -1563 y Fu(,)f Fs(g)804 1578 y Fn(2)843 1563 y Fu(\))h -Fs(s)41 b Fu(=)1103 1389 y Fg(8)1103 1464 y(<)1103 1613 -y(:)1218 1479 y Fs(g)1272 1494 y Fn(1)1344 1479 y Fs(s)91 -b Fu(if)31 b Fs(p)39 b(s)h Fu(=)33 b Fw(tt)1218 1646 -y Fs(g)1272 1661 y Fn(2)1344 1646 y Fs(s)91 b Fu(if)31 -b Fs(p)39 b(s)h Fu(=)33 b Fw(\013)0 1845 y Fu(The)e(\014rst)g -(parameter)f(to)f(`cond')i(is)f(a)g(function)g(that,)g(when)i(supplied) -e(with)f(an)i(argumen)m(t,)0 1965 y(will)d(select)i(either)g(the)h -(second)g(or)f(the)g(third)f(parameter)h(of)f(`cond')i(and)f(then)h -(supply)g(that)0 2085 y(parameter)h(with)g(the)h(same)g(argumen)m(t.)43 -b(Th)m(us)34 b(w)m(e)g(ha)m(v)m(e)244 2285 y Ft(S)312 -2300 y Fn(ds)383 2285 y Fu([)-17 b([)p Fr(if)34 b Fs(b)k -Fr(then)c Fs(S)944 2300 y Fn(1)1015 2285 y Fr(else)g -Fs(S)1320 2300 y Fn(2)1359 2285 y Fu(])-17 b(])33 b Fs(s)530 -2450 y Fu(=)99 b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(],)33 b Ft(S)1266 2465 y Fn(ds)1337 2450 -y Fu([)-17 b([)q Fs(S)1442 2465 y Fn(1)1481 2450 y Fu(])g(],)33 -b Ft(S)1646 2465 y Fn(ds)1717 2450 y Fu([)-17 b([)q Fs(S)1822 -2465 y Fn(2)1861 2450 y Fu(])g(])q(\))32 b Fs(s)530 2870 -y Fu(=)705 2546 y Fg(8)705 2621 y(>)705 2646 y(>)705 -2670 y(>)705 2695 y(>)705 2720 y(>)705 2745 y(>)705 2770 -y(<)705 2920 y(>)705 2944 y(>)705 2969 y(>)705 2994 y(>)705 -3019 y(>)705 3044 y(>)705 3069 y(:)821 2617 y Fs(s)869 -2581 y Fi(0)1139 2617 y Fu(if)g Ft(B)s Fu([)-17 b([)q -Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)h -Ft(S)1990 2632 y Fn(ds)2061 2617 y Fu([)-17 b([)p Fs(S)2165 -2632 y Fn(1)2205 2617 y Fu(])g(])p Fs(s)41 b Fu(=)32 -b Fs(s)2479 2581 y Fi(0)1139 2785 y Fu(or)h(if)e Ft(B)t -Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 -b Fw(\013)g Fu(and)f Ft(S)2087 2800 y Fn(ds)2158 2785 -y Fu([)-17 b([)q Fs(S)2263 2800 y Fn(2)2302 2785 y Fu(])g(])q -Fs(s)40 b Fu(=)33 b Fs(s)2577 2749 y Fi(0)821 2953 y -Fu(undef)p 821 2966 236 4 v 83 w(if)f Ft(B)s Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(tt)g -Fu(and)h Ft(S)1990 2968 y Fn(ds)2061 2953 y Fu([)-17 -b([)p Fs(S)2165 2968 y Fn(1)2205 2953 y Fu(])g(])p Fs(s)41 -b Fu(=)32 b(undef)p 2431 2966 V 1139 3120 a(or)h(if)e -Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40 -b Fu(=)33 b Fw(\013)g Fu(and)f Ft(S)2087 3135 y Fn(ds)2158 -3120 y Fu([)-17 b([)q Fs(S)2263 3135 y Fn(2)2302 3120 -y Fu(])g(])q Fs(s)40 b Fu(=)33 b(undef)p 2529 3133 V -0 3313 a(So)f(if)e(the)j(selected)g(branc)m(h)f(giv)m(es)h(a)e -(de\014ned)j(result)d(then)i(so)f(do)s(es)g(the)h(conditional.)40 -b(Note)0 3434 y(that)32 b(since)h Ft(B)t Fu([)-17 b([)p -Fs(b)6 b Fu(])-17 b(])33 b(is)g(a)f(total)f(function,)h -Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40 -b Fu(cannot)33 b(b)s(e)g(undef)p 2227 3447 V(.)146 3554 -y(De\014ning)38 b(the)i(e\013ect)g(of)e Fr(while)i Fs(b)45 -b Fr(do)39 b Fs(S)51 b Fu(is)38 b(a)h(ma)5 b(jor)38 b(task.)63 -b(T)-8 b(o)39 b(motiv)-5 b(ate)37 b(the)i(actual)0 3674 -y(de\014nition)32 b(w)m(e)h(\014rst)g(observ)m(e)i(that)d(the)h -(e\013ect)g(of)f Fr(while)i Fs(b)39 b Fr(do)33 b Fs(S)44 -b Fu(m)m(ust)33 b(equal)f(that)h(of)244 3874 y Fr(if)g -Fs(b)38 b Fr(then)c Fu(\()p Fs(S)12 b Fu(;)32 b Fr(while)i -Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(\))32 b Fr(else)i(skip)0 -4074 y Fu(Using)e(the)h(parts)g(of)f Ft(S)871 4089 y -Fn(ds)975 4074 y Fu(that)g(ha)m(v)m(e)i(already)e(b)s(een)h(de\014ned,) -h(this)f(giv)m(es)269 4241 y Ft(S)337 4256 y Fn(ds)408 -4241 y Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 -b Fs(S)12 b Fu(])-17 b(])33 b(=)f(cond\()p Ft(B)t Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(S)1758 4256 y Fn(ds)1830 -4241 y Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 -b Fs(S)12 b Fu(])-17 b(])33 b Ft(\016)f(S)2662 4256 y -Fn(ds)2733 4241 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 -b(id\))294 b(\(*\))0 4409 y(Note)35 b(that)f(w)m(e)i(cannot)f(use)h -(\(*\))e(as)h(the)g(de\014nition)f(of)g Ft(S)2158 4424 -y Fn(ds)2229 4409 y Fu([)-17 b([)q Fr(while)36 b Fs(b)k -Fr(do)c Fs(S)12 b Fu(])-17 b(])35 b(b)s(ecause)h(then)0 -4529 y Ft(S)68 4544 y Fn(ds)172 4529 y Fu(w)m(ould)c -Fs(not)42 b Fu(b)s(e)33 b(a)f(comp)s(ositional)d(de\014nition.)43 -b(Ho)m(w)m(ev)m(er,)35 b(\(*\))d(expresses)j(that)244 -4729 y Ft(S)312 4744 y Fn(ds)383 4729 y Fu([)-17 b([)p -Fr(while)31 b Fs(b)k Fr(do)30 b Fs(S)12 b Fu(])-17 b(])30 -b(m)m(ust)f(b)s(e)g(a)g Fs(\014xe)-5 b(d)32 b(p)-5 b(oint)29 -b Fu(of)f(the)i(functional)e Fs(F)42 b Fu(de\014ned)31 -b(b)m(y)458 4931 y Fs(F)46 b(g)41 b Fu(=)32 b(cond\()p -Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(g)41 -b Ft(\016)33 b(S)1491 4946 y Fn(ds)1563 4931 y Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))0 5133 y(that)39 -b(is)g Ft(S)391 5148 y Fn(ds)462 5133 y Fu([)-17 b([)q -Fr(while)41 b Fs(b)k Fr(do)40 b Fs(S)12 b Fu(])-17 b(])40 -b(=)g Fs(F)52 b Fu(\()p Ft(S)1510 5148 y Fn(ds)1581 5133 -y Fu([)-17 b([)q Fr(while)41 b Fs(b)k Fr(do)40 b Fs(S)12 -b Fu(])-17 b(])q(\).)64 b(In)40 b(this)f(w)m(a)m(y)i(w)m(e)g(will)c -(get)j(a)0 5254 y(comp)s(ositional)28 b(de\014nition)j(of)g -Ft(S)1231 5269 y Fn(ds)1334 5254 y Fu(b)s(ecause)i(when)g(de\014ning)f -Fs(F)44 b Fu(w)m(e)33 b(only)e(apply)h Ft(S)3116 5269 -y Fn(ds)3219 5254 y Fu(to)f(the)0 5374 y(immediate)g(constituen)m(ts)k -(of)f Fr(while)h Fs(b)k Fr(do)c Fs(S)45 b Fu(and)34 b(not)g(to)g(the)g -(construct)h(itself.)46 b(Th)m(us)35 b(w)m(e)0 5494 y(write)p -eop -%%Page: 88 98 -88 97 bop 251 130 a Fw(88)2034 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(S)595 -530 y Fn(ds)666 515 y Fu([)-17 b([)q Fr(while)34 b Fs(b)k -Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)g(FIX)f Fs(F)704 -683 y Fu(where)i Fs(F)45 b(g)c Fu(=)33 b(cond\()p Ft(B)t -Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Fs(g)41 -b Ft(\016)33 b(S)2019 698 y Fn(ds)2090 683 y Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))283 897 y(to)i(indicate)e -(that)i Ft(S)1053 912 y Fn(ds)1125 897 y Fu([)-17 b([)p -Fr(while)35 b Fs(b)k Fr(do)c Fs(S)12 b Fu(])-17 b(])33 -b(is)h(a)f(\014xed)i(p)s(oin)m(t)d(of)h Fs(F)13 b Fu(.)34 -b(The)h(functionalit)m(y)c(of)i(the)283 1017 y(auxiliary)e(function)h -(FIX)g(is)527 1231 y(FIX:)h(\(\()p Fw(State)f Fo(,)-17 -b Ft(!)33 b Fw(State)p Fu(\))g Ft(!)f Fu(\()p Fw(State)g -Fo(,)-17 b Ft(!)33 b Fw(State)p Fu(\)\))f Ft(!)g Fu(\()p -Fw(State)h Fo(,)-17 b Ft(!)33 b Fw(State)p Fu(\))283 -1477 y Fw(Example)k(4.1)49 b Fu(Consider)33 b(the)g(statemen)m(t)527 -1691 y Fr(while)h Ft(:)q Fu(\()p Fr(x)e Fu(=)h Fr(0)p -Fu(\))f Fr(do)h(skip)283 1905 y Fu(It)g(is)f(easy)i(to)e(v)m(erify)h -(that)f(the)h(corresp)s(onding)g(functional)e Fs(F)2633 -1868 y Fi(0)2689 1905 y Fu(is)h(de\014ned)i(b)m(y)527 -2200 y(\()p Fs(F)642 2164 y Fi(0)698 2200 y Fs(g)9 b -Fu(\))32 b Fs(s)41 b Fu(=)1011 2026 y Fg(8)1011 2101 -y(<)1011 2250 y(:)1126 2116 y Fs(g)g(s)92 b Fu(if)31 -b Fs(s)41 b Fr(x)32 b Ft(6)p Fu(=)h Fw(0)1126 2283 y -Fs(s)178 b Fu(if)31 b Fs(s)41 b Fr(x)32 b Fu(=)h Fw(0)283 -2496 y Fu(The)h(function)e Fs(g)920 2511 y Fn(1)992 2496 -y Fu(de\014ned)i(b)m(y)527 2791 y Fs(g)581 2806 y Fn(1)653 -2791 y Fs(s)40 b Fu(=)842 2617 y Fg(8)842 2692 y(<)842 -2841 y(:)957 2707 y Fu(undef)p 957 2720 236 4 v 84 w(if)31 -b Fs(s)41 b Fr(x)33 b Ft(6)p Fu(=)f Fw(0)957 2874 y Fs(s)279 -b Fu(if)31 b Fs(s)41 b Fr(x)33 b Fu(=)f Fw(0)283 3091 -y Fu(is)h(a)f(\014xed)i(p)s(oin)m(t)d(of)h Fs(F)1141 -3055 y Fi(0)1197 3091 y Fu(b)s(ecause)577 3386 y(\()p -Fs(F)692 3350 y Fi(0)748 3386 y Fs(g)802 3401 y Fn(1)841 -3386 y Fu(\))g Fs(s)108 b Fu(=)1235 3212 y Fg(8)1235 -3287 y(<)1235 3436 y(:)1350 3302 y Fs(g)1404 3317 y Fn(1)1475 -3302 y Fs(s)91 b Fu(if)32 b Fs(s)41 b Fr(x)32 b Ft(6)p -Fu(=)h Fw(0)1350 3469 y Fs(s)216 b Fu(if)32 b Fs(s)41 -b Fr(x)32 b Fu(=)h Fw(0)1059 3739 y Fu(=)1235 3564 y -Fg(8)1235 3639 y(<)1235 3789 y(:)1350 3654 y Fu(undef)p -1350 3667 V 84 w(if)e Fs(s)41 b Fr(x)32 b Ft(6)p Fu(=)h -Fw(0)1350 3822 y Fs(s)279 b Fu(if)31 b Fs(s)41 b Fr(x)32 -b Fu(=)h Fw(0)1059 3947 y Fu(=)100 b Fs(g)1289 3962 y -Fn(1)1360 3947 y Fs(s)283 4155 y Fu(Next)34 b(w)m(e)g(claim)c(that)i -(the)h(function)f Fs(g)1741 4170 y Fn(2)1813 4155 y Fu(de\014ned)i(b)m -(y)527 4369 y Fs(g)581 4384 y Fn(2)653 4369 y Fs(s)40 -b Fu(=)33 b(undef)p 842 4382 V 33 w(for)f(all)f Fs(s)283 -4583 y Fu(cannot)39 b(b)s(e)g(a)f(\014xed)h(p)s(oin)m(t)f(for)g -Fs(F)1569 4546 y Fi(0)1592 4583 y Fu(.)61 b(The)39 b(reason)g(is)f -(that)g(if)g Fs(s)2661 4546 y Fi(0)2722 4583 y Fu(is)g(a)g(state)h -(with)f Fs(s)3434 4546 y Fi(0)3496 4583 y Fr(x)h Fu(=)f -Fw(0)283 4703 y Fu(then)c(\()p Fs(F)621 4667 y Fi(0)676 -4703 y Fs(g)730 4718 y Fn(2)769 4703 y Fu(\))f Fs(s)888 -4667 y Fi(0)944 4703 y Fu(=)f Fs(s)1100 4667 y Fi(0)1156 -4703 y Fu(whereas)i Fs(g)1579 4718 y Fn(2)1651 4703 y -Fs(s)1699 4667 y Fi(0)1755 4703 y Fu(=)e(undef)p 1863 -4716 V 1 w(.)1555 b Fh(2)430 4946 y Fu(Unfortunately)-8 -b(,)39 b(this)g(do)s(es)f Fs(not)48 b Fu(su\016ce)40 -b(for)e(de\014ning)h Ft(S)2590 4961 y Fn(ds)2662 4946 -y Fu([)-17 b([)p Fr(while)40 b Fs(b)k Fr(do)39 b Fs(S)12 -b Fu(])-17 b(])q(.)61 b(W)-8 b(e)39 b(face)283 5067 y(t)m(w)m(o)34 -b(problems:)429 5281 y Ft(\017)48 b Fu(there)34 b(are)e(functionals)g -(that)g(ha)m(v)m(e)i Fs(mor)-5 b(e)34 b(than)h(one)f(\014xe)-5 -b(d)34 b(p)-5 b(oint)p Fu(,)33 b(and)429 5494 y Ft(\017)48 -b Fu(there)34 b(are)e(functionals)g(that)g(ha)m(v)m(e)i -Fs(no)g(\014xe)-5 b(d)35 b(p)-5 b(oint)41 b Fu(at)32 -b(all.)p eop -%%Page: 89 99 -89 98 bop 0 130 a Fw(4.1)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:)50 -b(sp)s(eci\014cation)1342 b(89)p 0 193 3473 4 v 0 515 -a Fu(The)39 b(functional)e Fs(F)747 479 y Fi(0)808 515 -y Fu(of)h(Example)f(4.1)h(has)h(more)e(than)h(one)h(\014xed)g(p)s(oin)m -(t.)60 b(In)38 b(fact,)i Fs(every)0 636 y Fu(function)34 -b Fs(g)438 600 y Fi(0)495 636 y Fu(of)f Fw(State)h Fo(,)-17 -b Ft(!)35 b Fw(State)f Fu(satisfying)f Fs(g)1820 600 -y Fi(0)1877 636 y Fs(s)42 b Fu(=)34 b Fs(s)42 b Fu(if)33 -b Fs(s)42 b Fr(x)35 b Fu(=)f Fw(0)g Fu(will)e(b)s(e)i(a)g(\014xed)h(p)s -(oin)m(t)0 756 y(of)d Fs(F)188 720 y Fi(0)211 756 y Fu(.)146 -877 y(T)-8 b(o)28 b(giv)m(e)g(an)f(example)h(of)f(a)g(functional)f -(that)i(has)g(no)g(\014xed)g(p)s(oin)m(ts)g(consider)g -Fs(F)3102 892 y Fn(1)3169 877 y Fu(de\014ned)0 997 y(b)m(y)244 -1277 y Fs(F)321 1292 y Fn(1)393 1277 y Fs(g)41 b Fu(=)587 -1103 y Fg(8)587 1178 y(<)587 1327 y(:)703 1193 y Fs(g)757 -1208 y Fn(1)879 1193 y Fu(if)31 b Fs(g)41 b Fu(=)33 b -Fs(g)1217 1208 y Fn(2)703 1360 y Fs(g)757 1375 y Fn(2)879 -1360 y Fu(otherwise)0 1558 y(If)f Fs(g)151 1573 y Fn(1)190 -1558 y Ft(6)p Fu(=)p Fs(g)320 1573 y Fn(2)391 1558 y -Fu(then)h(clearly)f(there)h(will)d(b)s(e)i(no)h(function)e -Fs(g)2061 1573 y Fn(0)2133 1558 y Fu(suc)m(h)j(that)e -Fs(F)2641 1573 y Fn(1)2712 1558 y Fs(g)2766 1573 y Fn(0)2838 -1558 y Fu(=)g Fs(g)3000 1573 y Fn(0)3039 1558 y Fu(.)43 -b(Th)m(us)34 b Fs(F)3433 1573 y Fn(1)0 1678 y Fu(has)f(no)f(\014xed)i -(p)s(oin)m(ts)e(at)h(all.)0 1900 y Fw(Exercise)j(4.2)49 -b Fu(Determine)32 b(the)h(functional)e Fs(F)45 b Fu(asso)s(ciated)33 -b(with)f(the)h(statemen)m(t)244 2099 y Fr(while)h Ft(:)p -Fu(\()p Fr(x)p Fu(=)p Fr(0)p Fu(\))f Fr(do)g(x)g Fu(:=)f -Fr(x)p Ft(\000)p Fr(1)0 2298 y Fu(using)27 b(the)g(seman)m(tic)g -(equations)h(of)f(T)-8 b(able)26 b(4.1.)42 b(Consider)27 -b(the)h(follo)m(wing)c(partial)h(functions)0 2418 y(of)32 -b Fw(State)h Fo(,)-17 b Ft(!)32 b Fw(State)p Fu(:)244 -2617 y Fs(g)298 2632 y Fn(1)369 2617 y Fs(s)41 b Fu(=)32 -b(undef)p 558 2630 236 4 v 34 w(for)g(all)e Fs(s)244 -2866 y(g)298 2881 y Fn(2)369 2866 y Fs(s)41 b Fu(=)558 -2692 y Fg(8)558 2767 y(<)558 2916 y(:)674 2782 y Fs(s)8 -b Fu([)p Fr(x)p Ft(7!)p Fw(0)p Fu(])83 b(if)31 b Fs(s)41 -b Fr(x)33 b Ft(\025)g Fw(0)674 2949 y Fu(undef)p 674 -2962 V 157 w(if)e Fs(s)41 b Fr(x)33 b Fo(<)f Fw(0)244 -3221 y Fs(g)298 3236 y Fn(3)369 3221 y Fs(s)41 b Fu(=)558 -3046 y Fg(8)558 3121 y(<)558 3271 y(:)674 3136 y Fs(s)8 -b Fu([)p Fr(x)p Ft(7!)p Fw(0)p Fu(])83 b(if)31 b Fs(s)41 -b Fr(x)33 b Ft(\025)g Fw(0)674 3304 y Fs(s)352 b Fu(if)31 -b Fs(s)41 b Fr(x)33 b Fo(<)f Fw(0)244 3476 y Fs(g)298 -3491 y Fn(4)369 3476 y Fs(s)41 b Fu(=)32 b Fs(s)8 b Fu([)p -Fr(x)p Ft(7!)p Fw(0)p Fu(])33 b(for)f(all)f Fs(s)244 -3643 y(g)298 3658 y Fn(5)369 3643 y Fs(s)41 b Fu(=)32 -b Fs(s)41 b Fu(for)32 b(all)f Fs(s)0 3842 y Fu(Determine)h(whic)m(h)h -(of)f(these)i(functions)e(are)h(\014xed)g(p)s(oin)m(ts)g(of)f -Fs(F)13 b Fu(.)955 b Fh(2)0 4064 y Fw(Exercise)36 b(4.3)49 -b Fu(Consider)33 b(the)g(follo)m(wing)d(fragmen)m(t)i(of)g(the)h -(factorial)d(statemen)m(t)244 4263 y Fr(while)k Ft(:)p -Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p -Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f -Fr(x)p Ft(\000)p Fr(1)p Fu(\))0 4462 y(Determine)40 b(the)i(functional) -d Fs(F)54 b Fu(asso)s(ciated)41 b(with)g(this)g(statemen)m(t.)70 -b(Determine)40 b(at)h(least)0 4582 y(t)m(w)m(o)33 b(di\013eren)m(t)g -(\014xed)h(p)s(oin)m(ts)e(for)g Fs(F)13 b Fu(.)2047 b -Fh(2)0 4870 y Fp(Requiremen)l(ts)47 b(on)d(the)i(\014xed)e(p)t(oin)l(t) -0 5055 y Fu(Our)h(solution)e(to)i(the)g(t)m(w)m(o)g(problems)g(listed)e -(ab)s(o)m(v)m(e)j(will)d(b)s(e)i(to)f(dev)m(elop)i(a)e(framew)m(ork)0 -5175 y(where)145 5374 y Ft(\017)49 b Fu(w)m(e)36 b(imp)s(ose)d -(requiremen)m(ts)j(on)e(the)i(\014xed)f(p)s(oin)m(ts)g(and)g(sho)m(w)g -(that)g(there)g(is)g(at)f(most)244 5494 y(one)f(\014xed)g(p)s(oin)m(t)f -(ful\014lling)d(these)34 b(requiremen)m(ts,)g(and)p eop -%%Page: 90 100 -90 99 bop 251 130 a Fw(90)2034 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 429 515 a Ft(\017)48 -b Fu(all)35 b(functionals)g(originating)e(from)j(statemen)m(ts)h(in)f -Fw(While)f Fu(do)i(ha)m(v)m(e)h(a)e(\014xed)i(p)s(oin)m(t)527 -636 y(that)33 b(satis\014es)g(these)h(requiremen)m(ts.)430 -833 y(T)-8 b(o)28 b(motiv)-5 b(ate)26 b(our)i(c)m(hoice)h(of)e -(requiremen)m(ts)i(let)f(us)h(consider)f(the)h(execution)f(of)g(a)g -(state-)283 953 y(men)m(t)33 b Fr(while)h Fs(b)k Fr(do)33 -b Fs(S)45 b Fu(from)31 b(a)h(state)h Fs(s)1735 968 y -Fn(0)1775 953 y Fu(.)43 b(There)34 b(are)f(three)g(p)s(ossible)f -(outcomes:)367 1151 y Fw(A)p Fu(:)48 b(it)32 b Fs(terminates)8 -b Fu(,)372 1352 y Fw(B)p Fu(:)48 b(it)32 b Fs(lo)-5 b(ops)40 -b(lo)-5 b(c)g(al)5 b(ly)k Fu(,)32 b(that)g(is)g(there)h(is)g(a)f -(construct)i(in)d Fs(S)45 b Fu(that)32 b(lo)s(ops,)g(or)371 -1553 y Fw(C)p Fu(:)48 b(it)32 b Fs(lo)-5 b(ops)40 b(glob)-5 -b(al)5 b(ly)k Fu(,)32 b(that)g(is)g(the)h(outer)g Fr(while)p -Fu(-construct)h(lo)s(ops.)283 1751 y(W)-8 b(e)40 b(shall)d(no)m(w)j(in) -m(v)m(estigate)e(what)i(can)f(b)s(e)g(said)f(ab)s(out)g(the)i -(functional)d Fs(F)51 b Fu(and)39 b(its)g(\014xed)283 -1871 y(p)s(oin)m(ts)33 b(in)e(eac)m(h)j(of)e(the)h(three)g(cases.)283 -2039 y Fw(The)e(case)h(A)p Fu(:)e(In)h(this)f(case)i(the)f(execution)g -(of)f Fr(while)i Fs(b)37 b Fr(do)31 b Fs(S)42 b Fu(from)29 -b Fs(s)2975 2054 y Fn(0)3046 2039 y Fu(terminates.)42 -b(This)283 2159 y(means)33 b(that)f(there)i(are)e(states)i -Fs(s)1531 2174 y Fn(1)1570 2159 y Fu(,)f Ft(\001)17 b(\001)g(\001)n -Fu(,)33 b Fs(s)1854 2174 y Fn(n)1930 2159 y Fu(suc)m(h)h(that)527 -2438 y Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 -b Fs(s)802 2453 y Fn(i)859 2438 y Fu(=)967 2264 y Fg(8)967 -2338 y(<)967 2488 y(:)1082 2353 y Fw(tt)83 b Fu(if)31 -b(i)p Fo(<)p Fu(n)1082 2521 y Fw(\013)106 b Fu(if)31 -b(i=n)283 2717 y(and)527 2914 y Ft(S)595 2929 y Fn(ds)666 -2914 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])33 b Fs(s)889 -2929 y Fn(i)945 2914 y Fu(=)g Fs(s)1102 2929 y Fn(i+1)1313 -2914 y Fu(for)f(i)p Fo(<)p Fu(n)283 3111 y(An)c(example)g(of)f(a)g -(statemen)m(t)i(and)f(a)f(state)h(satisfying)f(these)i(conditions)e(is) -g(the)h(statemen)m(t)527 3309 y Fr(while)34 b(0)p Ft(\024)q -Fr(x)f(do)g(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)283 3506 -y Fu(and)h(an)m(y)g(state)g(where)h Fr(x)f Fu(has)g(a)f(non-negativ)m -(e)h(v)-5 b(alue.)430 3626 y(Let)40 b Fs(g)666 3641 y -Fn(0)744 3626 y Fu(b)s(e)g(an)m(y)h(\014xed)f(p)s(oin)m(t)f(of)g -Fs(F)13 b Fu(,)40 b(that)g(is)f(assume)h(that)f Fs(F)53 -b(g)2899 3641 y Fn(0)2978 3626 y Fu(=)39 b Fs(g)3147 -3641 y Fn(0)3186 3626 y Fu(.)65 b(In)40 b(the)g(case)283 -3747 y(where)34 b(i)p Fo(<)p Fu(n)e(w)m(e)i(calculate)577 -3919 y Fs(g)631 3934 y Fn(0)703 3919 y Fs(s)751 3934 -y Fn(i)874 3919 y Fu(=)100 b(\()p Fs(F)45 b(g)1251 3934 -y Fn(0)1290 3919 y Fu(\))33 b Fs(s)1409 3934 y Fn(i)874 -4087 y Fu(=)100 b(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 -b Fu(])-17 b(])q(,)32 b Fs(g)1596 4102 y Fn(0)1668 4087 -y Ft(\016)g(S)1818 4102 y Fn(ds)1889 4087 y Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(],)33 b(id\))f Fs(s)2291 4102 -y Fn(i)874 4254 y Fu(=)100 b Fs(g)1104 4269 y Fn(0)1175 -4254 y Fu(\()p Ft(S)1281 4269 y Fn(ds)1352 4254 y Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(])33 b Fs(s)1575 4269 y Fn(i)1598 -4254 y Fu(\))874 4422 y(=)100 b Fs(g)1104 4437 y Fn(0)1175 -4422 y Fs(s)1223 4437 y Fn(i+1)283 4612 y Fu(In)33 b(the)g(case)h -(where)g(i=n)d(w)m(e)j(get)577 4801 y Fs(g)631 4816 y -Fn(0)703 4801 y Fs(s)751 4816 y Fn(n)894 4801 y Fu(=)99 -b(\()p Fs(F)46 b(g)1271 4816 y Fn(0)1310 4801 y Fu(\))32 -b Fs(s)1428 4816 y Fn(n)894 4969 y Fu(=)99 b(cond\()p -Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(g)1616 -4984 y Fn(0)1687 4969 y Ft(\016)g(S)1838 4984 y Fn(ds)1909 -4969 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))g -Fs(s)2310 4984 y Fn(n)894 5136 y Fu(=)99 b(id)32 b Fs(s)1231 -5151 y Fn(n)894 5304 y Fu(=)99 b Fs(s)1117 5319 y Fn(n)283 -5494 y Fu(Th)m(us)35 b Fs(every)41 b Fu(\014xed)34 b(p)s(oin)m(t)d -Fs(g)1339 5509 y Fn(0)1411 5494 y Fu(of)h Fs(F)45 b Fu(will)31 -b(satisfy)p eop -%%Page: 91 101 -91 100 bop 0 130 a Fw(4.1)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:)50 -b(sp)s(eci\014cation)1342 b(91)p 0 193 3473 4 v 244 515 -a Fs(g)298 530 y Fn(0)369 515 y Fs(s)417 530 y Fn(0)489 -515 y Fu(=)33 b Fs(s)646 530 y Fn(n)0 716 y Fu(so)j(in)e(this)h(case)h -(w)m(e)h(do)e(not)g(obtain)g(an)m(y)h(additional)c(requiremen)m(ts)k -(that)g(will)d(help)i(us)h(to)0 836 y(c)m(ho)s(ose)d(one)g(of)f(the)h -(\014xed)h(p)s(oin)m(ts)e(as)h(the)g(preferred)h(one.)0 -1004 y Fw(The)41 b(case)h(B)p Fu(:)f(In)g(this)g(case)h(the)g -(execution)f(of)g Fr(while)h Fs(b)47 b Fr(do)42 b Fs(S)53 -b Fu(from)39 b Fs(s)2833 1019 y Fn(0)2914 1004 y Fu(lo)s(ops)h -Fs(lo)-5 b(c)g(al)5 b(ly)k Fu(.)0 1124 y(This)33 b(means)f(that)h -(there)g(are)g(states)g Fs(s)1470 1139 y Fn(1)1510 1124 -y Fu(,)f Ft(\001)17 b(\001)g(\001)n Fu(,)33 b Fs(s)1793 -1139 y Fn(n)1869 1124 y Fu(suc)m(h)h(that)244 1324 y -Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)486 -1339 y Fn(i)543 1324 y Fu(=)32 b Fw(tt)g Fu(for)g(i)p -Ft(\024)p Fu(n)0 1524 y(and)244 1787 y Ft(S)312 1802 -y Fn(ds)383 1787 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 -b(])q Fs(s)573 1802 y Fn(i)629 1787 y Fu(=)738 1612 y -Fg(8)738 1687 y(<)738 1836 y(:)853 1702 y Fs(s)901 1717 -y Fn(i+1)1172 1702 y Fu(for)32 b(i)p Fo(<)p Fu(n)853 -1870 y(undef)p 853 1883 236 4 v 84 w(for)g(i=n)0 2068 -y(An)c(example)f(of)h(a)f(statemen)m(t)h(and)g(a)g(state)g(satisfying)f -(these)i(conditions)d(is)i(the)g(statemen)m(t)244 2268 -y Fr(while)34 b(0)p Ft(\024)p Fr(x)f(do)g Fu(\()p Fr(if)g(x)p -Fu(=)p Fr(0)g(then)h Fu(\()p Fr(while)g(true)f(do)g(skip)p -Fu(\))1264 2436 y Fr(else)h(x)f Fu(:=)f Fr(x)p Ft(\000)p -Fr(1)p Fu(\))0 2636 y(and)h(an)m(y)g(state)g(where)h -Fr(x)f Fu(has)f(a)h(non-negativ)m(e)f(v)-5 b(alue.)146 -2757 y(Let)37 b Fs(g)379 2772 y Fn(0)454 2757 y Fu(b)s(e)f(an)m(y)h -(\014xed)g(p)s(oin)m(t)f(of)f Fs(F)13 b Fu(,)37 b(that)e(is)h -Fs(F)49 b(g)2014 2772 y Fn(0)2089 2757 y Fu(=)36 b Fs(g)2255 -2772 y Fn(0)2294 2757 y Fu(.)55 b(In)36 b(the)h(case)g(where)g(i)p -Fo(<)p Fu(n)e(w)m(e)0 2877 y(obtain)244 3077 y Fs(g)298 -3092 y Fn(0)369 3077 y Fs(s)417 3092 y Fn(i)474 3077 -y Fu(=)d Fs(g)636 3092 y Fn(0)708 3077 y Fs(s)756 3092 -y Fn(i+1)0 3277 y Fu(just)h(as)g(in)f(the)h(previous)g(case.)44 -b(Ho)m(w)m(ev)m(er,)35 b(in)d(the)h(case)g(where)h(i=n)e(w)m(e)h(get) -294 3469 y Fs(g)348 3484 y Fn(0)419 3469 y Fs(s)467 3484 -y Fn(n)610 3469 y Fu(=)100 b(\()p Fs(F)45 b(g)987 3484 -y Fn(0)1026 3469 y Fu(\))33 b Fs(s)1145 3484 y Fn(n)610 -3637 y Fu(=)100 b(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 -b Fu(])-17 b(])q(,)32 b Fs(g)1332 3652 y Fn(0)1404 3637 -y Ft(\016)g(S)1554 3652 y Fn(ds)1625 3637 y Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(],)33 b(id\))f Fs(s)2027 3652 -y Fn(n)610 3804 y Fu(=)100 b(\()p Fs(g)878 3819 y Fn(0)949 -3804 y Ft(\016)33 b(S)1099 3819 y Fn(ds)1171 3804 y Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q(\))32 b Fs(s)1431 3819 -y Fn(n)610 3972 y Fu(=)100 b(undef)p 786 3985 V 0 4165 -a(Th)m(us)34 b Fs(any)41 b Fu(\014xed)34 b(p)s(oin)m(t)e -Fs(g)985 4180 y Fn(0)1056 4165 y Fu(of)g Fs(F)46 b Fu(will)30 -b(satisfy)244 4365 y Fs(g)298 4380 y Fn(0)369 4365 y -Fs(s)417 4380 y Fn(0)489 4365 y Fu(=)j(undef)p 598 4378 -V 0 4565 a(so,)e(again,)f(in)g(this)g(case)h(w)m(e)h(do)e(not)g(obtain) -g(an)m(y)h(additional)d(requiremen)m(ts)j(that)f(will)f(help)0 -4686 y(us)k(to)f(c)m(ho)s(ose)i(one)f(of)f(the)h(\014xed)h(p)s(oin)m -(ts)e(as)h(the)g(preferred)g(one.)0 4853 y Fw(The)27 -b(case)g(C)p Fu(:)g(The)h(p)s(oten)m(tial)d(di\013erence)i(b)s(et)m(w)m -(een)i(\014xed)f(p)s(oin)m(ts)e(comes)h(to)f(ligh)m(t)f(when)j(w)m(e)0 -4974 y(consider)j(the)h(p)s(ossibilit)m(y)c(that)j(the)g(execution)h -(of)e Fr(while)j Fs(b)j Fr(do)c Fs(S)42 b Fu(from)30 -b Fs(s)2804 4989 y Fn(0)2874 4974 y Fu(lo)s(ops)g Fs(glob)-5 -b(al)5 b(ly)k Fu(.)0 5094 y(This)33 b(means)f(that)h(there)g(are)g -(in\014nitely)e(man)m(y)h(states)i Fs(s)2145 5109 y Fn(1)2184 -5094 y Fu(,)f Ft(\001)17 b(\001)g(\001)31 b Fu(suc)m(h)j(that)244 -5294 y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p -Fs(s)486 5309 y Fn(i)543 5294 y Fu(=)32 b Fw(tt)g Fu(for)g(all)e(i)0 -5494 y(and)p eop -%%Page: 92 102 -92 101 bop 251 130 a Fw(92)2034 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(S)595 -530 y Fn(ds)666 515 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])p Fs(s)856 530 y Fn(i)913 515 y Fu(=)32 b Fs(s)1069 -530 y Fn(i+1)1216 515 y Fu(for)g(all)e(i.)283 713 y(An)e(example)g(of)f -(a)g(statemen)m(t)i(and)f(a)f(state)h(satisfying)f(these)i(conditions)e -(is)g(the)h(statemen)m(t)527 912 y Fr(while)34 b Ft(:)q -Fu(\()p Fr(x)p Fu(=)p Fr(0)p Fu(\))e Fr(do)h(skip)283 -1110 y Fu(and)g(an)m(y)g(state)g(where)h Fr(x)f Fu(is)f(not)h(equal)f -(to)g Fw(0)p Fu(.)430 1230 y(Let)g Fs(g)658 1245 y Fn(0)728 -1230 y Fu(b)s(e)g(an)m(y)h(\014xed)g(p)s(oin)m(t)d(of)i -Fs(F)13 b Fu(,)31 b(that)h(is)f Fs(F)45 b(g)2249 1245 -y Fn(0)2319 1230 y Fu(=)32 b Fs(g)2481 1245 y Fn(0)2520 -1230 y Fu(.)43 b(As)32 b(in)f(the)i(previous)f(cases)h(w)m(e)283 -1350 y(get)527 1549 y Fs(g)581 1564 y Fn(0)653 1549 y -Fs(s)701 1564 y Fn(i)757 1549 y Fu(=)g Fs(g)920 1564 -y Fn(0)991 1549 y Fs(s)1039 1564 y Fn(i+1)283 1747 y -Fu(for)f(all)f(i)p Ft(\025)p Fu(0.)43 b(Th)m(us)34 b(w)m(e)g(ha)m(v)m -(e)527 1945 y Fs(g)581 1960 y Fn(0)653 1945 y Fs(s)701 -1960 y Fn(0)773 1945 y Fu(=)e Fs(g)935 1960 y Fn(0)1007 -1945 y Fs(s)1055 1960 y Fn(i)1111 1945 y Fu(for)g(all)f(i)283 -2143 y(and)38 b(w)m(e)g(cannot)f(determine)f(the)i(v)-5 -b(alue)36 b(of)g Fs(g)2007 2158 y Fn(0)2083 2143 y Fs(s)2131 -2158 y Fn(0)2208 2143 y Fu(in)g(this)h(w)m(a)m(y)-8 b(.)57 -b(This)37 b(is)g(the)g(situation)f(in)283 2263 y(whic)m(h)e(the)f(v)-5 -b(arious)31 b(\014xed)j(p)s(oin)m(ts)e(of)g Fs(F)46 b -Fu(ma)m(y)32 b(di\013er.)430 2384 y(This)24 b(is)g(not)g(surprising)g -(b)s(ecause)h(the)g(statemen)m(t)g Fr(while)h Ft(:)p -Fu(\()p Fr(x)p Fu(=)p Fr(0)p Fu(\))e Fr(do)h(skip)h Fu(of)d(Example)283 -2504 y(4.1)33 b(has)g(the)g(functional)e Fs(F)1318 2468 -y Fi(0)1373 2504 y Fu(giv)m(en)i(b)m(y)527 2784 y(\()p -Fs(F)642 2748 y Fi(0)698 2784 y Fs(g)9 b Fu(\))32 b Fs(s)41 -b Fu(=)1011 2609 y Fg(8)1011 2684 y(<)1011 2834 y(:)1126 -2699 y Fs(g)g(s)92 b Fu(if)31 b Fs(s)41 b Fr(x)32 b Ft(6)p -Fu(=)h Fw(0)1126 2867 y Fs(s)178 b Fu(if)31 b Fs(s)41 -b Fr(x)32 b Fu(=)h Fw(0)283 3063 y Fu(and)38 b Fs(any)45 -b Fu(partial)35 b(function)i Fs(g)45 b Fu(of)37 b Fw(State)g -Fo(,)-17 b Ft(!)37 b Fw(State)g Fu(satisfying)f Fs(g)46 -b(s)f Fu(=)37 b Fs(s)45 b Fu(if)36 b Fs(s)45 b Fr(x)37 -b Fu(=)g Fw(0)g Fu(will)283 3184 y(indeed)29 b(b)s(e)g(a)f(\014xed)i(p) -s(oin)m(t)e(of)g Fs(F)1461 3148 y Fi(0)1484 3184 y Fu(.)42 -b(Ho)m(w)m(ev)m(er,)32 b(our)d(computational)c(exp)s(erience)30 -b(tells)e(us)h(that)283 3304 y(w)m(e)34 b(w)m(an)m(t)527 -3565 y Ft(S)595 3580 y Fn(ds)666 3565 y Fu([)-17 b([)q -Fr(while)34 b Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(0)p Fu(\))f -Fr(do)g(skip)p Fu(])-17 b(])r Fs(s)1772 3580 y Fn(0)1844 -3565 y Fu(=)1952 3390 y Fg(8)1952 3465 y(<)1952 3614 -y(:)2067 3480 y Fu(undef)p 2067 3493 236 4 v 84 w(if)32 -b Fs(s)2524 3495 y Fn(0)2596 3480 y Fr(x)g Ft(6)p Fu(=)h -Fw(0)2067 3648 y Fs(s)2115 3663 y Fn(0)2386 3648 y Fu(if)f -Fs(s)2524 3663 y Fn(0)2596 3648 y Fr(x)g Fu(=)h Fw(0)283 -3848 y Fu(in)c(order)g(to)g(record)h(the)f(lo)s(oping.)40 -b(Th)m(us)31 b(our)e(preferred)h(\014xed)h(p)s(oin)m(t)d(of)h -Fs(F)3095 3812 y Fi(0)3147 3848 y Fu(is)g(the)g(function)283 -3969 y Fs(g)337 3984 y Fn(0)409 3969 y Fu(de\014ned)34 -b(b)m(y)527 4248 y Fs(g)581 4263 y Fn(0)653 4248 y Fs(s)40 -b Fu(=)842 4074 y Fg(8)842 4149 y(<)842 4298 y(:)957 -4164 y Fu(undef)p 957 4177 V 84 w(if)31 b Fs(s)41 b Fr(x)33 -b Ft(6)p Fu(=)f Fw(0)957 4331 y Fs(s)279 b Fu(if)31 b -Fs(s)41 b Fr(x)33 b Fu(=)f Fw(0)283 4532 y Fu(The)42 -b(prop)s(ert)m(y)f(that)f(distinguishes)g Fs(g)1755 4547 -y Fn(0)1835 4532 y Fu(from)f(some)h(other)h(\014xed)h(p)s(oin)m(t)d -Fs(g)3148 4496 y Fi(0)3211 4532 y Fu(of)h Fs(F)3407 4496 -y Fi(0)3471 4532 y Fu(is)g(that)283 4652 y(whenev)m(er)c -Fs(g)766 4667 y Fn(0)837 4652 y Fs(s)41 b Fu(=)32 b Fs(s)1074 -4616 y Fi(0)1130 4652 y Fu(then)h(w)m(e)h(also)d(ha)m(v)m(e)j -Fs(g)1970 4616 y Fi(0)2026 4652 y Fs(s)40 b Fu(=)33 b -Fs(s)2263 4616 y Fi(0)2319 4652 y Fu(but)f(not)h(vice)g(v)m(ersa.)430 -4773 y(Generalizing)41 b(this)h(exp)s(erience)j(leads)d(to)h(the)h -(follo)m(wing)c(requiremen)m(t:)65 b(the)43 b(desired)283 -4893 y(\014xed)34 b(p)s(oin)m(t)e(FIX)g Fs(F)46 b Fu(should)32 -b(b)s(e)h(some)g(partial)d(function)i Fs(g)2525 4908 -y Fn(0)2564 4893 y Fu(:)43 b Fw(State)33 b Fo(,)-17 b -Ft(!)33 b Fw(State)f Fu(suc)m(h)i(that)429 5091 y Ft(\017)48 -b Fs(g)581 5106 y Fn(0)653 5091 y Fu(is)32 b(a)g(\014xed)i(p)s(oin)m(t) -e(of)g Fs(F)13 b Fu(,)32 b(that)h(is)f Fs(F)45 b(g)2043 -5106 y Fn(0)2115 5091 y Fu(=)32 b Fs(g)2277 5106 y Fn(0)2316 -5091 y Fu(,)h(and)429 5293 y Ft(\017)48 b Fu(if)32 b -Fs(g)41 b Fu(is)32 b(another)h(\014xed)g(p)s(oin)m(t)f(of)g -Fs(F)13 b Fu(,)33 b(that)f(is)g Fs(F)46 b(g)41 b Fu(=)32 -b Fs(g)9 b Fu(,)32 b(then)742 5494 y Fs(g)796 5509 y -Fn(0)867 5494 y Fs(s)41 b Fu(=)32 b Fs(s)1104 5458 y -Fi(0)1160 5494 y Fu(implies)e Fs(g)42 b(s)e Fu(=)33 b -Fs(s)1815 5458 y Fi(0)p eop -%%Page: 93 103 -93 102 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2183 -b(93)p 0 193 3473 4 v 244 515 a Fu(for)32 b(all)e(c)m(hoices)k(of)e -Fs(s)41 b Fu(and)32 b Fs(s)1286 479 y Fi(0)1310 515 y -Fu(.)0 743 y(Note)h(that)f(if)f Fs(g)590 758 y Fn(0)662 -743 y Fs(s)41 b Fu(=)32 b(undef)p 851 756 236 4 v 33 -w(then)h(there)h(are)e(no)h(requiremen)m(ts)g(on)g Fs(g)41 -b(s)8 b Fu(.)0 1009 y Fw(Exercise)36 b(4.4)49 b Fu(Determine)39 -b(whic)m(h)i(of)f(the)h(\014xed)g(p)s(oin)m(ts)f(considered)h(in)e -(Exercise)j(4.2)e(is)0 1129 y(the)33 b(desired)g(\014xed)h(p)s(oin)m -(t,)e(if)f(an)m(y)-8 b(.)2122 b Fh(2)0 1391 y Fw(Exercise)36 -b(4.5)49 b Fu(Determine)35 b(the)h(desired)g(\014xed)h(p)s(oin)m(t)e -(of)g(the)h(functional)e(constructed)j(in)0 1512 y(Exercise)d(4.3.)2862 -b Fh(2)0 1874 y Fj(4.2)161 b(Fixed)54 b(p)t(oin)l(t)g(theory)0 -2102 y Fu(T)-8 b(o)26 b(prepare)h(for)f(a)g(framew)m(ork)g(that)h -(guaran)m(tees)g(the)g(existence)g(of)f(the)h(desired)g(\014xed)g(p)s -(oin)m(t)0 2223 y(FIX)35 b Fs(F)47 b Fu(w)m(e)36 b(shall)d(reform)m -(ulate)h(the)h(requiremen)m(ts)h(to)e(FIX)h Fs(F)47 b -Fu(in)34 b(a)h(sligh)m(tly)e(more)h(formal)0 2343 y(w)m(a)m(y)-8 -b(.)72 b(The)43 b(\014rst)f(step)h(will)d(b)s(e)i(to)f(formalize)e(the) -k(requiremen)m(t)f(that)f(FIX)h Fs(F)55 b Fu(shares)43 -b(its)0 2464 y(results)c(with)f(all)f(other)i(\014xed)h(p)s(oin)m(ts.) -61 b(T)-8 b(o)39 b(do)f(so)h(w)m(e)h(de\014ne)g(an)e -Fs(or)-5 b(dering)47 b Ft(v)39 b Fu(on)g(partial)0 2584 -y(functions)33 b(of)f Fw(State)g Fo(,)-17 b Ft(!)33 b -Fw(State)p Fu(.)43 b(W)-8 b(e)33 b(set)244 2811 y Fs(g)298 -2826 y Fn(1)369 2811 y Ft(v)g Fs(g)533 2826 y Fn(2)0 -3039 y Fu(when)38 b(the)f(partial)d(function)j Fs(g)1190 -3054 y Fn(1)1229 3039 y Fu(:)51 b Fw(State)37 b Fo(,)-17 -b Ft(!)37 b Fw(State)f Fs(shar)-5 b(es)38 b(its)h(r)-5 -b(esults)45 b Fu(with)37 b(the)g(partial)0 3159 y(function)32 -b Fs(g)436 3174 y Fn(2)475 3159 y Fu(:)44 b Fw(State)32 -b Fo(,)-17 b Ft(!)33 b Fw(State)f Fu(in)g(the)h(sense)i(that)244 -3386 y(if)c Fs(g)387 3401 y Fn(1)459 3386 y Fs(s)40 b -Fu(=)33 b Fs(s)696 3350 y Fi(0)752 3386 y Fu(then)g Fs(g)1028 -3401 y Fn(2)1099 3386 y Fs(s)41 b Fu(=)32 b Fs(s)1336 -3350 y Fi(0)0 3613 y Fu(for)g(all)f(c)m(hoices)i(of)f -Fs(s)41 b Fu(and)32 b Fs(s)1042 3577 y Fi(0)1066 3613 -y Fu(.)0 3880 y Fw(Example)37 b(4.6)48 b Fu(Let)25 b -Fs(g)875 3895 y Fn(1)914 3880 y Fu(,)h Fs(g)1021 3895 -y Fn(2)1060 3880 y Fu(,)g Fs(g)1167 3895 y Fn(3)1230 -3880 y Fu(and)e Fs(g)1465 3895 y Fn(4)1528 3880 y Fu(b)s(e)h(partial)d -(functions)i(in)f Fw(State)h Fo(,)-17 b Ft(!)25 b Fw(State)f -Fu(de\014ned)0 4000 y(as)33 b(follo)m(ws:)244 4227 y -Fs(g)298 4242 y Fn(1)369 4227 y Fs(s)41 b Fu(=)32 b Fs(s)41 -b Fu(for)32 b(all)f Fs(s)244 4477 y(g)298 4492 y Fn(2)369 -4477 y Fs(s)41 b Fu(=)558 4302 y Fg(8)558 4377 y(<)558 -4527 y(:)674 4392 y Fs(s)278 b Fu(if)32 b Fs(s)40 b Fr(x)33 -b Ft(\025)g Fw(0)674 4560 y Fu(undef)p 674 4573 V 83 -w(otherwise)244 4831 y Fs(g)298 4846 y Fn(3)369 4831 -y Fs(s)41 b Fu(=)558 4657 y Fg(8)558 4732 y(<)558 4881 -y(:)674 4747 y Fs(s)278 b Fu(if)32 b Fs(s)40 b Fr(x)33 -b Fu(=)g Fw(0)674 4914 y Fu(undef)p 674 4927 V 83 w(otherwise)244 -5186 y Fs(g)298 5201 y Fn(4)369 5186 y Fs(s)41 b Fu(=)558 -5011 y Fg(8)558 5086 y(<)558 5235 y(:)674 5101 y Fs(s)278 -b Fu(if)32 b Fs(s)40 b Fr(x)33 b Ft(\024)g Fw(0)674 5269 -y Fu(undef)p 674 5282 V 83 w(otherwise)0 5494 y(Then)h(w)m(e)f(ha)m(v)m -(e)p eop -%%Page: 94 104 -94 103 bop 251 130 a Fw(94)2034 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Fs(g)581 -530 y Fn(1)653 515 y Ft(v)d Fs(g)817 530 y Fn(1)856 515 -y Fu(,)527 683 y Fs(g)581 698 y Fn(2)653 683 y Ft(v)g -Fs(g)817 698 y Fn(1)856 683 y Fu(,)f Fs(g)969 698 y Fn(2)1041 -683 y Ft(v)h Fs(g)1205 698 y Fn(2)1244 683 y Fu(,)527 -851 y Fs(g)581 866 y Fn(3)653 851 y Ft(v)g Fs(g)817 866 -y Fn(1)856 851 y Fu(,)f Fs(g)969 866 y Fn(3)1041 851 -y Ft(v)h Fs(g)1205 866 y Fn(2)1244 851 y Fu(,)g Fs(g)1358 -866 y Fn(3)1429 851 y Ft(v)g Fs(g)1593 866 y Fn(3)1632 -851 y Fu(,)g Fs(g)1746 866 y Fn(3)1817 851 y Ft(v)g Fs(g)1981 -866 y Fn(4)2020 851 y Fu(,)g(and)527 1018 y Fs(g)581 -1033 y Fn(4)653 1018 y Ft(v)g Fs(g)817 1033 y Fn(1)856 -1018 y Fu(,)f Fs(g)969 1033 y Fn(4)1041 1018 y Ft(v)h -Fs(g)1205 1033 y Fn(4)1244 1018 y Fu(.)283 1228 y(It)f(is)f(neither)g -(the)h(case)g(that)g Fs(g)1451 1243 y Fn(2)1521 1228 -y Ft(v)g Fs(g)1684 1243 y Fn(4)1754 1228 y Fu(nor)g(that)f -Fs(g)2191 1243 y Fn(4)2261 1228 y Ft(v)h Fs(g)2424 1243 -y Fn(2)2463 1228 y Fu(.)43 b(Pictorially)-8 b(,)29 b(the)i(ordering)g -(ma)m(y)283 1348 y(b)s(e)i(expressed)j(as)c(follo)m(ws)1262 -1312 y Fn(1)1301 1348 y Fu(:)1366 1666 y Ft(\017)65 b -Fs(g)1535 1681 y Fn(1)976 1915 y Ft(\017)g Fs(g)1145 -1930 y Fn(2)1756 1915 y Ft(\017)g Fs(g)1925 1930 y Fn(4)1366 -2164 y Ft(\017)g Fs(g)1535 2179 y Fn(3)1275 2139 y Fq(Q)1192 -2084 y(Q)1108 2028 y(Q)1025 1973 y(Q)1416 2139 y(\021)1499 -2084 y(\021)1582 2028 y(\021)1665 1973 y(\021)1275 1713 -y(\021)1192 1768 y(\021)1108 1823 y(\021)1025 1879 y(\021)1416 -1713 y(Q)1499 1768 y(Q)1582 1823 y(Q)1665 1879 y(Q)283 -2456 y Fu(The)29 b(idea)d(is)h(that)g(the)g(smaller)e(elemen)m(ts)j -(are)f(at)g(the)g(b)s(ottom)f(of)h(the)g(picture)g(and)h(that)e(the)283 -2577 y(lines)38 b(indicate)f(the)i(order)f(b)s(et)m(w)m(een)i(the)f -(elemen)m(ts.)61 b(Ho)m(w)m(ev)m(er,)42 b(w)m(e)d(shall)e(not)h(dra)m -(w)h(lines)283 2697 y(when)e(there)g(already)e(is)h(a)f(\\brok)m(en)i -(line",)e(so)h(the)g(fact)g(that)g Fs(g)2722 2712 y Fn(3)2796 -2697 y Ft(v)h Fs(g)2964 2712 y Fn(1)3038 2697 y Fu(is)f(left)f -(implicit)d(in)283 2817 y(the)h(picture.)2905 b Fh(2)283 -3054 y Fw(Exercise)37 b(4.7)49 b Fu(Let)33 b Fs(g)1148 -3069 y Fn(1)1187 3054 y Fu(,)f Fs(g)1300 3069 y Fn(2)1372 -3054 y Fu(and)g Fs(g)1615 3069 y Fn(3)1687 3054 y Fu(b)s(e)h(de\014ned) -h(as)e(follo)m(ws:)527 3345 y Fs(g)581 3360 y Fn(1)653 -3345 y Fs(s)40 b Fu(=)842 3171 y Fg(8)842 3245 y(<)842 -3395 y(:)957 3260 y Fs(s)279 b Fu(if)31 b Fs(s)41 b Fr(x)33 -b Fu(is)f(ev)m(en)957 3428 y(undef)p 957 3441 236 4 v -84 w(otherwise)527 3699 y Fs(g)581 3714 y Fn(2)653 3699 -y Fs(s)40 b Fu(=)842 3525 y Fg(8)842 3600 y(<)842 3749 -y(:)957 3615 y Fs(s)279 b Fu(if)31 b Fs(s)41 b Fr(x)33 -b Fu(is)f(a)g(prime)957 3782 y(undef)p 957 3795 V 84 -w(otherwise)527 3922 y Fs(g)581 3937 y Fn(3)653 3922 -y Fs(s)40 b Fu(=)33 b Fs(s)283 4132 y Fu(First,)42 b(determine)d(the)i -(ordering)e(among)g(these)i(partial)d(functions.)66 b(Next,)42 -b(determine)e(a)283 4252 y(partial)32 b(function)i Fs(g)1037 -4267 y Fn(4)1109 4252 y Fu(suc)m(h)i(that)e Fs(g)1598 -4267 y Fn(4)1670 4252 y Ft(v)h Fs(g)1836 4267 y Fn(1)1875 -4252 y Fu(,)f Fs(g)1990 4267 y Fn(4)2063 4252 y Ft(v)g -Fs(g)2228 4267 y Fn(2)2301 4252 y Fu(and)g Fs(g)2546 -4267 y Fn(4)2619 4252 y Ft(v)g Fs(g)2784 4267 y Fn(3)2823 -4252 y Fu(.)48 b(Finally)-8 b(,)32 b(determine)h(a)283 -4372 y(partial)c(function)h Fs(g)1030 4387 y Fn(5)1099 -4372 y Fu(suc)m(h)i(that)e Fs(g)1580 4387 y Fn(1)1650 -4372 y Ft(v)h Fs(g)1812 4387 y Fn(5)1851 4372 y Fu(,)g -Fs(g)1963 4387 y Fn(2)2032 4372 y Ft(v)g Fs(g)2194 4387 -y Fn(5)2264 4372 y Fu(and)f Fs(g)2505 4387 y Fn(5)2575 -4372 y Ft(v)h Fs(g)2737 4387 y Fn(3)2806 4372 y Fu(but)g -Fs(g)3037 4387 y Fn(5)3106 4372 y Fu(is)f(neither)h(equal)283 -4493 y(to)i Fs(g)457 4508 y Fn(1)496 4493 y Fu(,)f Fs(g)609 -4508 y Fn(2)681 4493 y Fu(nor)g Fs(g)908 4508 y Fn(3)947 -4493 y Fu(.)2707 b Fh(2)283 4729 y Fw(Exercise)37 b(4.8)49 -b(\(Essen)m(tial\))36 b Fu(An)j(alternativ)m(e)f(c)m(haracterization)f -(of)h(the)h(ordering)f Ft(v)h Fu(on)283 4850 y Fw(State)33 -b Fo(,)-17 b Ft(!)33 b Fw(State)f Fu(is)552 5017 y Fs(g)606 -5032 y Fn(1)678 5017 y Ft(v)h Fs(g)842 5032 y Fn(2)913 -5017 y Fu(if)f(and)g(only)g(if)g(graph\()p Fs(g)1832 -5032 y Fn(1)1871 5017 y Fu(\))g Ft(\022)h Fu(graph\()p -Fs(g)2387 5032 y Fn(2)2426 5017 y Fu(\))1167 b(\(*\))283 -5185 y(where)39 b(graph\()p Fs(g)9 b Fu(\))36 b(is)h(the)g(graph)g(of)g -(the)h(partial)d(function)h Fs(g)46 b Fu(as)37 b(de\014ned)i(in)d(App)s -(endix)i(A.)283 5305 y(Pro)m(v)m(e)c(that)f(\(*\))f(is)g(indeed)h -(correct.)2028 b Fh(2)p 283 5403 1389 4 v 396 5464 a -Fm(1)433 5494 y Fk(Suc)n(h)28 b(a)f(diagram)f(is)h(sometimes)h(called)f -(a)g(Hasse)g(diagram.)p eop -%%Page: 95 105 -95 104 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2183 -b(95)p 0 193 3473 4 v 146 515 a Fu(The)47 b(set)f Fw(State)f -Fo(,)-17 b Ft(!)45 b Fw(State)g Fu(equipp)s(ed)h(with)f(the)h(ordering) -e Ft(v)i Fu(is)f(an)g(example)g(of)g(a)0 636 y(partially)32 -b(ordered)j(set)f(as)h(w)m(e)g(shall)e(see)i(in)f(Lemma)f(4.13)g(b)s -(elo)m(w.)49 b(In)34 b(general,)h(a)e Fs(p)-5 b(artial)5 -b(ly)0 756 y(or)-5 b(der)g(e)g(d)29 b(set)f Fu(is)e(a)h(pair)g(\()p -Fs(D)9 b Fu(,)27 b Ft(v)1097 771 y Fc(D)1161 756 y Fu(\))g(where)i -Fs(D)63 b Fu(is)27 b(a)g(set)h(and)f Ft(v)2218 771 y -Fc(D)2309 756 y Fu(is)g(a)g(relation)e(on)i Fs(D)36 b -Fu(satisfying)294 999 y Fs(d)42 b Ft(v)464 1014 y Fc(D)560 -999 y Fs(d)1529 b Fu(\(re\015exivit)m(y\))294 1167 y -Fs(d)354 1182 y Fn(1)426 1167 y Ft(v)503 1182 y Fc(D)600 -1167 y Fs(d)660 1182 y Fn(2)732 1167 y Fu(and)33 b Fs(d)982 -1182 y Fn(2)1054 1167 y Ft(v)1131 1182 y Fc(D)1228 1167 -y Fs(d)1288 1182 y Fn(3)1360 1167 y Fu(imply)d Fs(d)1693 -1182 y Fn(1)1766 1167 y Ft(v)1843 1182 y Fc(D)1940 1167 -y Fs(d)2000 1182 y Fn(3)2139 1167 y Fu(\(transitivit)m(y\))294 -1335 y Fs(d)354 1350 y Fn(1)426 1335 y Ft(v)503 1350 -y Fc(D)600 1335 y Fs(d)660 1350 y Fn(2)732 1335 y Fu(and)j -Fs(d)982 1350 y Fn(2)1054 1335 y Ft(v)1131 1350 y Fc(D)1228 -1335 y Fs(d)1288 1350 y Fn(1)1360 1335 y Fu(imply)d Fs(d)1693 -1350 y Fn(1)1766 1335 y Fu(=)i Fs(d)1934 1350 y Fn(2)2139 -1335 y Fu(\(an)m(ti-symmetry\))0 1574 y(The)41 b(relation)d -Ft(v)650 1589 y Fc(D)754 1574 y Fu(is)i(said)f(to)h(b)s(e)g(a)f -Fs(p)-5 b(artial)42 b(or)-5 b(der)39 b Fu(on)h Fs(D)49 -b Fu(and)40 b(w)m(e)h(shall)d(often)i(omit)e(the)0 1694 -y(subscript)f Fs(D)45 b Fu(of)35 b Ft(v)733 1709 y Fc(D)832 -1694 y Fu(and)h(write)g Ft(v)q Fu(.)53 b(Occasionally)-8 -b(,)35 b(w)m(e)i(ma)m(y)f(write)g Fs(d)2701 1709 y Fn(1)2773 -1694 y Ft(w)d Fs(d)2943 1709 y Fn(2)3018 1694 y Fu(instead)72 -b(of)0 1815 y Fs(d)60 1830 y Fn(2)132 1815 y Ft(v)33 -b Fs(d)302 1830 y Fn(1)373 1815 y Fu(and)e(w)m(e)h(shall)d(sa)m(y)j -(that)f Fs(d)1366 1830 y Fn(2)1437 1815 y Fs(shar)-5 -b(es)32 b(its)i(information)e(with)38 b(d)2676 1830 y -Fn(1)2716 1815 y Fu(.)43 b(An)31 b(elemen)m(t)g Fs(d)41 -b Fu(of)0 1935 y Fs(D)h Fu(satisfying)244 2181 y Fs(d)h -Ft(v)33 b Fs(d)507 2145 y Fi(0)562 2181 y Fu(for)g(all)d -Fs(d)907 2145 y Fi(0)963 2181 y Fu(of)i Fs(D)0 2427 y -Fu(is)g(called)f Fs(a)k(le)-5 b(ast)35 b(element)41 b -Fu(of)32 b Fs(D)42 b Fu(and)32 b(w)m(e)i(shall)d(sa)m(y)j(that)e(it)g -(con)m(tains)g Fs(no)j(information)p Fu(.)p 0 2556 3473 -5 v 0 2782 a Fw(F)-9 b(act)37 b(4.9)49 b Fu(If)31 b(a)f(partially)e -(ordered)j(set)g(\()p Fs(D)9 b Fu(,)30 b Ft(v)q Fu(\))g(has)h(a)f -(least)g(elemen)m(t)h Fs(d)40 b Fu(then)31 b Fs(d)41 -b Fu(is)30 b(unique.)p 0 2902 V 0 3148 a Fw(Pro)s(of:)51 -b Fu(Assume)45 b(that)g Fs(D)53 b Fu(has)45 b(t)m(w)m(o)g(least)f -(elemen)m(ts)h Fs(d)2171 3163 y Fn(1)2255 3148 y Fu(and)g -Fs(d)2517 3163 y Fn(2)2556 3148 y Fu(.)80 b(Since)44 -b Fs(d)2989 3163 y Fn(1)3074 3148 y Fu(is)g(a)g(least)0 -3269 y(elemen)m(t)34 b(w)m(e)h(ha)m(v)m(e)g Fs(d)793 -3284 y Fn(1)867 3269 y Ft(v)f Fs(d)1038 3284 y Fn(2)1078 -3269 y Fu(.)48 b(Since)34 b Fs(d)1469 3284 y Fn(2)1543 -3269 y Fu(is)f(a)h(least)g(elemen)m(t)f(w)m(e)i(also)f(ha)m(v)m(e)h -Fs(d)2945 3284 y Fn(2)3019 3269 y Ft(v)f Fs(d)3190 3284 -y Fn(1)3230 3269 y Fu(.)47 b(The)0 3389 y(an)m(ti-symmetry)32 -b(of)g(the)h(ordering)e Ft(v)i Fu(then)h(giv)m(es)f(that)f -Fs(d)2160 3404 y Fn(1)2232 3389 y Fu(=)h Fs(d)2401 3404 -y Fn(2)2440 3389 y Fu(.)931 b Fh(2)146 3601 y Fu(This)30 -b(fact)g(p)s(ermits)f(us)i(to)f(talk)f(ab)s(out)g Fs(the)38 -b Fu(least)29 b(elemen)m(t)h(of)g Fs(D)9 b Fu(,)30 b(if)f(one)h -(exists,)h(and)f(w)m(e)0 3721 y(shall)h(denote)i(it)f(b)m(y)i -Ft(?)853 3736 y Fc(D)950 3721 y Fu(or)e(simply)f Ft(?)i -Fu(\(pronounced)h(\\b)s(ottom"\).)0 4018 y Fw(Example)j(4.10)49 -b Fu(Let)32 b Fs(S)45 b Fu(b)s(e)32 b(a)h(non-empt)m(y)f(set)i(and)e -(de\014ne)244 4264 y Ft(P)8 b Fu(\()p Fs(S)k Fu(\))33 -b(=)f Ft(f)g Fs(K)47 b Ft(j)32 b Fs(K)47 b Ft(\022)33 -b Fs(S)45 b Ft(g)0 4510 y Fu(Then)34 b(\()p Ft(P)8 b -Fu(\()p Fs(S)k Fu(\),)32 b Ft(\022)q Fu(\))g(is)g(a)h(partially)d -(ordered)j(set)g(b)s(ecause)145 4756 y Ft(\017)49 b(\022)33 -b Fu(is)f(re\015exiv)m(e:)45 b Fs(K)i Ft(\022)33 b Fs(K)145 -5002 y Ft(\017)49 b(\022)33 b Fu(is)f(transitiv)m(e:)43 -b(if)31 b Fs(K)1103 5017 y Fn(1)1175 5002 y Ft(\022)i -Fs(K)1375 5017 y Fn(2)1446 5002 y Fu(and)g Fs(K)1726 -5017 y Fn(2)1797 5002 y Ft(\022)g Fs(K)1997 5017 y Fn(3)2069 -5002 y Fu(then)g Fs(K)2381 5017 y Fn(1)2452 5002 y Ft(\022)g -Fs(K)2652 5017 y Fn(3)145 5248 y Ft(\017)49 b(\022)33 -b Fu(is)f(an)m(ti-symmetric:)41 b(if)32 b Fs(K)1342 5263 -y Fn(1)1413 5248 y Ft(\022)h Fs(K)1613 5263 y Fn(2)1685 -5248 y Fu(and)f Fs(K)1964 5263 y Fn(2)2036 5248 y Ft(\022)h -Fs(K)2236 5263 y Fn(1)2307 5248 y Fu(then)g Fs(K)2619 -5263 y Fn(1)2691 5248 y Fu(=)f Fs(K)2889 5263 y Fn(2)0 -5494 y Fu(In)h(the)g(case)g(where)h Fs(S)45 b Fu(=)32 -b Ft(f)p Fu(a,b,c)p Ft(g)h Fu(the)g(ordering)e(can)i(b)s(e)g(depicted)g -(as)g(follo)m(ws:)p eop -%%Page: 96 106 -96 105 bop 251 130 a Fw(96)2034 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 1696 540 a Ft(\017)130 -b(f)p Fu(a,b,c)p Ft(g)1032 872 y(\017)g(f)p Fu(a,b)p -Ft(g)254 b(\017)130 b(f)p Fu(a,c)p Ft(g)266 b(\017)130 -b(f)p Fu(b,c)p Ft(g)1032 1204 y(\017)g(f)p Fu(a)p Ft(g)335 -b(\017)130 b(f)p Fu(b)p Ft(g)331 b(\017)130 b(f)p Fu(c)p -Ft(g)1696 1537 y(\017)g(;)1605 1503 y Fq(H)1522 1462 -y(H)1439 1420 y(H)1356 1379 y(H)1273 1337 y(H)1190 1296 -y(H)1107 1254 y(H)1082 1242 y(H)p 1720 1478 4 266 v 1746 -1503 a(\010)1829 1462 y(\010)1912 1420 y(\010)1995 1379 -y(\010)2078 1337 y(\010)2161 1296 y(\010)2244 1254 y(\010)2269 -1242 y(\010)p 1056 1146 V 1082 1171 a(\010)1165 1130 -y(\010)1248 1088 y(\010)1331 1047 y(\010)1414 1005 y(\010)1497 -964 y(\010)1580 922 y(\010)1605 910 y(\010)1605 1171 -y(H)1522 1130 y(H)1439 1088 y(H)1356 1047 y(H)1273 1005 -y(H)1190 964 y(H)1107 922 y(H)1082 910 y(H)1746 1171 -y(\010)1829 1130 y(\010)1912 1088 y(\010)1995 1047 y(\010)2078 -1005 y(\010)2161 964 y(\010)2244 922 y(\010)2269 910 -y(\010)2269 1171 y(H)2186 1130 y(H)2103 1088 y(H)2020 -1047 y(H)1937 1005 y(H)1854 964 y(H)1771 922 y(H)1746 -910 y(H)p 2384 1146 V 1082 839 a(\010)1165 798 y(\010)1248 -756 y(\010)1331 715 y(\010)1414 673 y(\010)1497 632 y(\010)1580 -590 y(\010)1605 578 y(\010)p 1720 814 V 2269 839 a(H)2186 -798 y(H)2103 756 y(H)2020 715 y(H)1937 673 y(H)1854 632 -y(H)1771 590 y(H)1746 578 y(H)283 1816 y Fu(Also,)33 -b(\()p Ft(P)8 b Fu(\()p Fs(S)k Fu(\),)32 b Ft(\022)q -Fu(\))g(has)h(a)f(least)h(elemen)m(t,)f(namely)g Ft(;)p -Fu(.)1398 b Fh(2)283 2059 y Fw(Exercise)37 b(4.11)49 -b Fu(Sho)m(w)32 b(that)g(\()p Ft(P)8 b Fu(\()p Fs(S)k -Fu(\),)31 b Ft(\023)q Fu(\))g(is)h(a)f(partially)e(ordered)j(set)g(and) -g(determine)f(the)283 2180 y(least)i(elemen)m(t.)43 b(Dra)m(w)32 -b(a)h(picture)f(of)g(the)h(ordering)f(when)i Fs(S)44 -b Fu(=)33 b Ft(f)p Fu(a,b,c)p Ft(g)p Fu(.)644 b Fh(2)283 -2423 y Fw(Exercise)37 b(4.12)49 b Fu(Let)33 b Fs(S)44 -b Fu(b)s(e)33 b(a)f(non-empt)m(y)h(set)g(and)g(de\014ne)527 -2637 y Ft(P)605 2652 y Fn(\014n)687 2637 y Fu(\()p Fs(S)12 -b Fu(\))33 b(=)f Ft(f)g Fs(K)47 b Ft(j)32 b Fs(K)47 b -Fu(is)33 b(\014nite)f(and)g Fs(K)47 b Ft(\022)33 b Fs(S)45 -b Ft(g)283 2852 y Fu(V)-8 b(erify)47 b(that)f(\()p Ft(P)926 -2867 y Fn(\014n)1008 2852 y Fu(\()p Fs(S)12 b Fu(\),)47 -b Ft(\022)p Fu(\))g(and)g(\()p Ft(P)1706 2867 y Fn(\014n)1789 -2852 y Fu(\()p Fs(S)12 b Fu(\),)46 b Ft(\023)p Fu(\))h(are)g(partially) -d(ordered)j(sets.)87 b(Do)46 b(b)s(oth)283 2972 y(partially)30 -b(ordered)k(sets)f(ha)m(v)m(e)h(a)f(least)f(elemen)m(t)g(for)g(all)f(c) -m(hoices)i(of)f Fs(S)12 b Fu(?)730 b Fh(2)p 283 3216 -3473 5 v 283 3403 a Fw(Lemma)38 b(4.13)49 b Fu(\()p Fw(State)22 -b Fo(,)-17 b Ft(!)22 b Fw(State)p Fu(,)45 b Ft(v)q Fu(\))22 -b(is)g(a)g(partially)e(ordered)j(set.)41 b(The)23 b(partial)d(function) -283 3523 y Ft(?)q Fu(:)43 b Fw(State)33 b Fo(,)-17 b -Ft(!)33 b Fw(State)f Fu(de\014ned)i(b)m(y)527 3737 y -Ft(?)f Fs(s)41 b Fu(=)32 b(undef)p 826 3750 236 4 v 34 -w(for)g(all)e Fs(s)283 3952 y Fu(is)j(the)g(least)f(elemen)m(t)g(of)g -Fw(State)h Fo(,)-17 b Ft(!)32 b Fw(State)p Fu(.)p 283 -4072 3473 5 v 283 4286 a Fw(Pro)s(of:)g Fu(W)-8 b(e)27 -b(shall)f(\014rst)i(pro)m(v)m(e)h(that)e Ft(v)h Fu(ful\014ls)e(the)h -(three)h(requiremen)m(ts)h(to)e(a)g(partial)e(order:)283 -4407 y(Clearly)-8 b(,)43 b Fs(g)49 b Ft(v)42 b Fs(g)49 -b Fu(holds)41 b(b)s(ecause)h Fs(g)50 b(s)f Fu(=)41 b -Fs(s)1941 4371 y Fi(0)2005 4407 y Fu(trivially)d(implies)g(that)j -Fs(g)50 b(s)f Fu(=)41 b Fs(s)3290 4371 y Fi(0)3354 4407 -y Fu(so)g Ft(v)h Fu(is)e(a)283 4527 y Fs(r)-5 b(e\015exive)40 -b Fu(ordering.)430 4650 y(T)-8 b(o)30 b(see)h(that)f(it)f(is)h(a)g -Fs(tr)-5 b(ansitive)37 b Fu(ordering)29 b(assume)i(that)f -Fs(g)2617 4665 y Fn(1)2686 4650 y Ft(v)h Fs(g)2848 4665 -y Fn(2)2917 4650 y Fu(and)f Fs(g)3158 4665 y Fn(2)3227 -4650 y Ft(v)g Fs(g)3388 4665 y Fn(3)3458 4650 y Fu(and)g(w)m(e)283 -4770 y(shall)j(pro)m(v)m(e)i(that)f Fs(g)1044 4785 y -Fn(1)1117 4770 y Ft(v)h Fs(g)1283 4785 y Fn(3)1322 4770 -y Fu(.)48 b(Assume)35 b(that)f Fs(g)2027 4785 y Fn(1)2100 -4770 y Fs(s)42 b Fu(=)33 b Fs(s)2339 4734 y Fi(0)2363 -4770 y Fu(.)48 b(F)-8 b(rom)32 b Fs(g)2749 4785 y Fn(1)2822 -4770 y Ft(v)j Fs(g)2988 4785 y Fn(2)3061 4770 y Fu(w)m(e)g(get)f -Fs(g)3424 4785 y Fn(2)3496 4770 y Fs(s)40 b Fu(=)33 b -Fs(s)3733 4734 y Fi(0)283 4890 y Fu(and)g(then)g Fs(g)749 -4905 y Fn(2)821 4890 y Ft(v)g Fs(g)985 4905 y Fn(3)1056 -4890 y Fu(giv)m(es)g(that)g Fs(g)1561 4905 y Fn(3)1632 -4890 y Fs(s)41 b Fu(=)32 b Fs(s)1869 4854 y Fi(0)1893 -4890 y Fu(.)430 5013 y(T)-8 b(o)32 b(see)h(that)f(it)f(is)g(an)h -Fs(anti-symmetric)37 b Fu(ordering)31 b(assume)i(that)e -Fs(g)2934 5028 y Fn(1)3005 5013 y Ft(v)i Fs(g)3169 5028 -y Fn(2)3240 5013 y Fu(and)f Fs(g)3483 5028 y Fn(2)3554 -5013 y Ft(v)g Fs(g)3717 5028 y Fn(1)283 5133 y Fu(and)40 -b(w)m(e)g(shall)d(then)j(pro)m(v)m(e)g(that)f Fs(g)1634 -5148 y Fn(1)1712 5133 y Fu(=)g Fs(g)1881 5148 y Fn(2)1920 -5133 y Fu(.)62 b(Assume)40 b(that)f Fs(g)2649 5148 y -Fn(1)2727 5133 y Fs(s)47 b Fu(=)39 b Fs(s)2977 5097 y -Fi(0)3000 5133 y Fu(.)63 b(Then)40 b Fs(g)3405 5148 y -Fn(2)3483 5133 y Fs(s)47 b Fu(=)39 b Fs(s)3733 5097 y -Fi(0)283 5254 y Fu(follo)m(ws)31 b(from)g Fs(g)887 5269 -y Fn(1)957 5254 y Ft(v)i Fs(g)1121 5269 y Fn(2)1191 5254 -y Fu(so)f Fs(g)1364 5269 y Fn(1)1435 5254 y Fu(and)g -Fs(g)1678 5269 y Fn(2)1749 5254 y Fu(are)f(equal)h(on)g -Fs(s)8 b Fu(.)43 b(If)32 b Fs(g)2571 5269 y Fn(1)2642 -5254 y Fs(s)39 b Fu(=)32 b(undef)p 2829 5267 236 4 v -33 w(then)g(it)f(m)m(ust)h(b)s(e)283 5374 y(the)i(case)g(that)f -Fs(g)925 5389 y Fn(2)997 5374 y Fs(s)41 b Fu(=)33 b(undef)p -1187 5387 V 34 w(since)h(otherwise)f Fs(g)2184 5389 y -Fn(2)2256 5374 y Fs(s)42 b Fu(=)32 b Fs(s)2494 5338 y -Fi(0)2551 5374 y Fu(and)h(the)h(assumption)e Fs(g)3480 -5389 y Fn(2)3552 5374 y Ft(v)i Fs(g)3717 5389 y Fn(1)283 -5494 y Fu(then)g(giv)m(es)f Fs(g)799 5509 y Fn(1)870 -5494 y Fs(s)41 b Fu(=)32 b Fs(s)1107 5458 y Fi(0)1163 -5494 y Fu(whic)m(h)h(is)f(a)h(con)m(tradiction.)42 b(Th)m(us)34 -b Fs(g)2554 5509 y Fn(1)2626 5494 y Fu(and)e Fs(g)2869 -5509 y Fn(2)2941 5494 y Fu(will)e(b)s(e)j(equal)f(on)h -Fs(s)8 b Fu(.)p eop -%%Page: 97 107 -97 106 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2183 -b(97)p 0 193 3473 4 v 146 515 a Fu(Finally)-8 b(,)39 -b(w)m(e)i(shall)e(pro)m(v)m(e)i(that)e Ft(?)i Fu(is)e(the)h -Fs(le)-5 b(ast)42 b(element)48 b Fu(of)40 b Fw(State)g -Fo(,)-17 b Ft(!)40 b Fw(State)p Fu(.)65 b(It)40 b(is)0 -636 y(easy)35 b(to)f(see)h(that)f Ft(?)h Fu(is)e(indeed)i(an)f(elemen)m -(t)g(of)f Fw(State)i Fo(,)-17 b Ft(!)34 b Fw(State)g -Fu(and)g(it)f(is)h(also)f(ob)m(vious)0 756 y(that)f Ft(?)h(v)g -Fs(g)41 b Fu(holds)33 b(for)f(all)e Fs(g)41 b Fu(since)33 -b Ft(?)g Fs(s)41 b Fu(=)32 b Fs(s)1729 720 y Fi(0)1785 -756 y Fu(v)-5 b(acuously)33 b(implies)d(that)j Fs(g)41 -b(s)f Fu(=)33 b Fs(s)3096 720 y Fi(0)3119 756 y Fu(.)252 -b Fh(2)146 960 y Fu(Ha)m(ving)27 b(in)m(tro)s(duced)g(an)g(ordering)f -(on)h(the)h(partial)c(functions)j(w)m(e)h(can)g(no)m(w)f(giv)m(e)g(a)g -(more)0 1080 y(precise)33 b(statemen)m(t)g(of)f(the)h(requiremen)m(ts)h -(to)e(FIX)h Fs(F)13 b Fu(:)145 1265 y Ft(\017)49 b Fu(FIX)32 -b Fs(F)46 b Fu(is)32 b(a)g Fs(\014xe)-5 b(d)34 b(p)-5 -b(oint)42 b Fu(of)32 b Fs(F)13 b Fu(,)33 b(that)f(is)g -Fs(F)13 b Fu(\(FIX)33 b Fs(F)13 b Fu(\))32 b(=)g(FIX)h -Fs(F)13 b Fu(,)33 b(and)145 1462 y Ft(\017)49 b Fu(FIX)32 -b Fs(F)46 b Fu(is)32 b(a)g Fs(le)-5 b(ast)42 b Fu(\014xed)34 -b(p)s(oin)m(t)e(of)g Fs(F)13 b Fu(,)32 b(that)h(is)458 -1660 y(if)f Fs(F)45 b(g)c Fu(=)33 b Fs(g)41 b Fu(then)33 -b(FIX)g Fs(F)45 b Ft(v)33 b Fs(g)9 b Fu(.)0 1902 y Fw(Exercise)36 -b(4.14)49 b Fu(By)30 b(analogy)e(with)h(F)-8 b(act)28 -b(4.9)h(sho)m(w)h(that)f(if)f Fs(F)42 b Fu(has)29 b(a)g(least)g -(\014xed)h(p)s(oin)m(t)e Fs(g)3433 1917 y Fn(0)0 2023 -y Fu(then)33 b Fs(g)276 2038 y Fn(0)348 2023 y Fu(is)f(unique.)2641 -b Fh(2)146 2227 y Fu(The)30 b(next)f(task)h(will)c(b)s(e)j(to)f(ensure) -i(that)f(all)d(functionals)i Fs(F)41 b Fu(that)29 b(ma)m(y)f(arise)g -(do)h(indeed)0 2347 y(ha)m(v)m(e)37 b(least)d(\014xed)j(p)s(oin)m(ts.) -51 b(W)-8 b(e)35 b(shall)f(do)h(so)h(b)m(y)g(dev)m(eloping)f(a)g -(general)f(theory)i(that)f(giv)m(es)0 2467 y(more)h(structure)h(to)f -(the)g(partially)e(ordered)j(sets)g(and)g(that)f(imp)s(oses)f -(restrictions)h(on)g(the)0 2588 y(functionals)31 b(so)i(that)g(they)g -(ha)m(v)m(e)h(least)e(\014xed)i(p)s(oin)m(ts.)0 2792 -y Fw(Exercise)i(4.15)49 b Fu(Determine)37 b(the)h(least)f(\014xed)i(p)s -(oin)m(ts)f(of)f(the)h(functionals)f(considered)h(in)0 -2912 y(Exercises)c(4.2)f(and)f(4.3.)43 b(Compare)33 b(with)f(Exercises) -i(4.4)e(and)h(4.5.)873 b Fh(2)0 3198 y Fp(Complete)46 -b(partially)h(ordered)e(sets)0 3383 y Fu(Consider)38 -b(a)e(partially)f(ordered)j(set)g(\()p Fs(D)9 b Fu(,)37 -b Ft(v)p Fu(\))g(and)g(assume)h(that)f(w)m(e)h(ha)m(v)m(e)h(a)d(subset) -j Fs(Y)57 b Fu(of)0 3503 y Fs(D)9 b Fu(.)31 b(W)-8 b(e)32 -b(shall)d(b)s(e)j(in)m(terested)g(in)e(an)h(elemen)m(t)g(of)g -Fs(D)40 b Fu(that)31 b(summarizes)f(all)f(the)j(information)0 -3623 y(of)c Fs(Y)48 b Fu(and)29 b(this)f(is)g(called)g(an)g -Fs(upp)-5 b(er)31 b(b)-5 b(ound)39 b Fu(of)28 b Fs(Y)20 -b Fu(;)28 b(formally)-8 b(,)27 b(it)h(is)g(an)g(elemen)m(t)h -Fs(d)38 b Fu(of)28 b Fs(D)38 b Fu(suc)m(h)0 3744 y(that)244 -3929 y Ft(8)p Fs(d)359 3893 y Fi(0)415 3929 y Ft(2)33 -b Fs(Y)20 b Fu(.)32 b Fs(d)725 3893 y Fi(0)781 3929 y -Ft(v)h Fs(d)0 4114 y Fu(An)g(upp)s(er)g(b)s(ound)g Fs(d)42 -b Fu(of)32 b Fs(Y)53 b Fu(is)32 b(a)g Fs(le)-5 b(ast)35 -b(upp)-5 b(er)34 b(b)-5 b(ound)33 b Fu(if)e(and)i(only)f(if)244 -4299 y Fs(d)304 4263 y Fi(0)360 4299 y Fu(is)g(an)g(upp)s(er)i(b)s -(ound)e(of)g Fs(Y)53 b Fu(implies)30 b(that)i Fs(d)43 -b Ft(v)33 b Fs(d)2214 4263 y Fi(0)0 4485 y Fu(Th)m(us)i(a)f(least)g -(upp)s(er)g(b)s(ound)g(of)g Fs(Y)53 b Fu(will)32 b(add)i(as)g(little)d -(extra)k(information)30 b(as)k(p)s(ossible)g(to)0 4605 -y(that)e(already)g(presen)m(t)j(in)d(the)h(elemen)m(ts)f(of)h -Fs(Y)19 b Fu(.)0 4809 y Fw(Exercise)36 b(4.16)49 b Fu(By)31 -b(analogy)f(with)g(F)-8 b(act)30 b(4.9)g(sho)m(w)h(that)g(if)e -Fs(Y)50 b Fu(has)31 b(a)f(least)g(upp)s(er)h(b)s(ound)0 -4929 y Fs(d)43 b Fu(then)33 b Fs(d)43 b Fu(is)32 b(unique.)2581 -b Fh(2)146 5133 y Fu(If)37 b Fs(Y)56 b Fu(has)37 b(a)f(\(necessarily)h -(unique\))g(least)f(upp)s(er)h(b)s(ound)g(w)m(e)g(shall)e(denote)j(it)d -(b)m(y)3284 5067 y Fg(F)3354 5133 y Fs(Y)19 b Fu(.)0 -5254 y(Finally)-8 b(,)30 b(a)i(subset)i Fs(Y)52 b Fu(is)32 -b(called)f(a)i Fs(chain)39 b Fu(if)31 b(it)g(is)h(consisten)m(t)i(in)d -(the)i(sense)i(that)d(if)f(w)m(e)j(tak)m(e)0 5374 y(an)m(y)28 -b(t)m(w)m(o)f(elemen)m(ts)g(of)g Fs(Y)46 b Fu(then)27 -b(one)h(will)c(share)k(its)e(information)e(with)i(the)h(other;)i -(formally)-8 b(,)0 5494 y(this)32 b(is)g(expressed)k(b)m(y)p -eop -%%Page: 98 108 -98 107 bop 251 130 a Fw(98)2034 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(8)q Fs(d)643 -530 y Fn(1)682 515 y Fu(,)d Fs(d)802 530 y Fn(2)874 515 -y Ft(2)g Fs(Y)20 b Fu(.)32 b Fs(d)1184 530 y Fn(1)1256 -515 y Ft(v)h Fs(d)1426 530 y Fn(2)1498 515 y Fu(or)g -Fs(d)1678 530 y Fn(2)1750 515 y Ft(v)g Fs(d)1920 530 -y Fn(1)283 758 y Fw(Example)k(4.17)49 b Fu(Consider)d(the)g(partially)d -(ordered)j(set)g(\()p Ft(P)9 b Fu(\()p Ft(f)p Fu(a,b,c)p -Ft(g)p Fu(\),)48 b Ft(\022)q Fu(\))d(of)g(Example)283 -879 y(4.10.)e(Then)34 b(the)f(subset)527 1091 y Fs(Y)619 -1106 y Fn(0)691 1091 y Fu(=)f Ft(f)h(;)o Fu(,)g Ft(f)p -Fu(a)p Ft(g)p Fu(,)f Ft(f)p Fu(a,c)p Ft(g)g(g)283 1304 -y Fu(is)i(a)f(c)m(hain.)48 b(Both)33 b Ft(f)p Fu(a,b,c)p -Ft(g)h Fu(and)g Ft(f)p Fu(a,c)p Ft(g)g Fu(are)g(upp)s(er)g(b)s(ounds)h -(of)e Fs(Y)2775 1319 y Fn(0)2848 1304 y Fu(and)h Ft(f)p -Fu(a,c)p Ft(g)g Fu(is)f(the)h(least)283 1424 y(upp)s(er)k(b)s(ound.)55 -b(The)38 b(elemen)m(t)e Ft(f)p Fu(a,b)p Ft(g)g Fu(is)g -Fs(not)46 b Fu(an)37 b(upp)s(er)g(b)s(ound)g(b)s(ecause)h -Ft(f)p Fu(a,c)p Ft(g)e(6\022)h(f)p Fu(a,b)p Ft(g)p Fu(.)283 -1545 y(In)e(general,)f(the)g(least)g(upp)s(er)h(b)s(ound)f(of)g(a)f -(non-empt)m(y)i(c)m(hain)f(in)f Ft(P)8 b Fu(\()p Ft(f)p -Fu(a,b,c)p Ft(g)p Fu(\))34 b(will)e(b)s(e)i(the)283 1665 -y(largest)e(elemen)m(t)h(of)f(the)h(c)m(hain.)430 1787 -y(The)47 b(subset)i Ft(f)d(;)p Fu(,)k Ft(f)p Fu(a)p Ft(g)p -Fu(,)g Ft(f)p Fu(c)p Ft(g)p Fu(,)h Ft(f)p Fu(a,c)p Ft(g)46 -b(g)h Fu(is)f Fs(not)56 b Fu(a)46 b(c)m(hain)h(b)s(ecause)h -Ft(f)p Fu(a)p Ft(g)e Fu(and)h Ft(f)p Fu(c)p Ft(g)g Fu(are)283 -1908 y(unrelated)42 b(b)m(y)g(the)g(ordering.)69 b(Ho)m(w)m(ev)m(er,)46 -b(it)40 b(do)s(es)i(ha)m(v)m(e)h(a)e(least)g(upp)s(er)h(b)s(ound,)i -(namely)283 2028 y Ft(f)p Fu(a,c)p Ft(g)p Fu(.)430 2150 -y(The)35 b Fs(subset)43 b Ft(;)34 b Fu(of)g Ft(P)8 b -Fu(\()p Ft(f)p Fu(a,b,c)p Ft(g)p Fu(\))34 b(is)g(a)g(c)m(hain)g(and)g -(it)f(has)i(an)m(y)g(elemen)m(t)e(of)h Ft(P)9 b Fu(\()p -Ft(f)p Fu(a,b,c)p Ft(g)p Fu(\))34 b(as)283 2271 y(an)f(upp)s(er)g(b)s -(ound.)44 b(Its)33 b(least)f(upp)s(er)h(b)s(ound)g(is)f(the)h -Fs(element)41 b Ft(;)p Fu(.)981 b Fh(2)283 2512 y Fw(Exercise)37 -b(4.18)49 b Fu(Let)37 b Fs(S)49 b Fu(b)s(e)37 b(a)g(non-empt)m(y)h(set) -f(and)h(consider)f(the)h(partially)c(ordered)k(set)283 -2632 y(\()p Ft(P)9 b Fu(\()p Fs(S)j Fu(\),)33 b Ft(\022)p -Fu(\).)45 b(Sho)m(w)34 b(that)f(ev)m(ery)i(subset)f(of)f -Ft(P)8 b Fu(\()p Fs(S)k Fu(\))33 b(has)g(a)g(least)g(upp)s(er)g(b)s -(ound.)45 b(Rep)s(eat)33 b(the)283 2753 y(exercise)h(for)e(the)h -(partially)d(ordered)k(set)f(\()p Ft(P)8 b Fu(\()p Fs(S)k -Fu(\),)33 b Ft(\023)p Fu(\).)1362 b Fh(2)283 2994 y Fw(Exercise)37 -b(4.19)49 b Fu(Let)37 b Fs(S)49 b Fu(b)s(e)37 b(a)g(non-empt)m(y)h(set) -f(and)h(consider)f(the)h(partially)c(ordered)k(set)283 -3114 y(\()p Ft(P)399 3129 y Fn(\014n)481 3114 y Fu(\()p -Fs(S)12 b Fu(\),)31 b Ft(\022)q Fu(\))f(as)i(de\014ned)g(in)e(Exercise) -j(4.12.)42 b(Sho)m(w)32 b(b)m(y)g(means)f(of)f(an)h(example)f(that)h -(there)283 3234 y(are)45 b(c)m(hoices)h(of)e Fs(S)57 -b Fu(suc)m(h)46 b(that)f(\()p Ft(P)1605 3249 y Fn(\014n)1688 -3234 y Fu(\()p Fs(S)12 b Fu(\),)44 b Ft(\022)q Fu(\))h(has)g(a)f(c)m -(hain)h(with)g(no)f(upp)s(er)i(b)s(ound)f(and)283 3355 -y(therefore)34 b(no)e(least)g(upp)s(er)h(b)s(ound.)2051 -b Fh(2)283 3596 y Fw(Example)37 b(4.20)49 b Fu(Let)33 -b Fs(g)1223 3611 y Fn(n)1266 3596 y Fu(:)43 b Fw(State)33 -b Fo(,)-17 b Ft(!)32 b Fw(State)h Fu(b)s(e)g(de\014ned)h(b)m(y)527 -3969 y Fs(g)581 3984 y Fn(n)657 3969 y Fs(s)40 b Fu(=)846 -3719 y Fg(8)846 3794 y(>)846 3819 y(>)846 3844 y(>)846 -3869 y(<)846 4018 y(>)846 4043 y(>)846 4068 y(>)846 4093 -y(:)961 3800 y Fu(undef)p 961 3813 236 4 v 235 w(if)31 -b Fs(s)41 b Fr(x)33 b Fo(>)f Fu(n)961 3968 y Fs(s)8 b -Fu([)p Fr(x)p Ft(7!\000)p Fw(1)p Fu(])84 b(if)31 b Fw(0)i -Ft(\024)g Fs(s)40 b Fr(x)33 b Fu(and)g Fs(s)40 b Fr(x)33 -b Ft(\024)g Fu(n)961 4135 y Fs(s)430 b Fu(if)31 b Fs(s)41 -b Fr(x)33 b Fo(<)f Fw(0)283 4341 y Fu(It)38 b(is)f(straigh)m(tforw)m -(ard)g(to)g(v)m(erify)h(that)f Fs(g)1858 4356 y Fn(n)1939 -4341 y Ft(v)h Fs(g)2108 4356 y Fn(m)2208 4341 y Fu(whenev)m(er)i(n)e -Ft(\024)f Fu(m)g(b)s(ecause)i Fs(g)3386 4356 y Fn(n)3466 -4341 y Fu(will)d(b)s(e)283 4462 y(unde\014ned)f(for)d(more)g(states)h -(than)g Fs(g)1680 4477 y Fn(m)1742 4462 y Fu(.)44 b(No)m(w)33 -b(de\014ne)h Fs(Y)2408 4477 y Fn(0)2480 4462 y Fu(to)f(b)s(e)527 -4674 y Fs(Y)619 4689 y Fn(0)691 4674 y Fu(=)f Ft(f)h -Fs(g)936 4689 y Fn(n)1011 4674 y Ft(j)f Fu(n)h Ft(\025)g -Fu(0)f Ft(g)283 4887 y Fu(Then)i Fs(Y)630 4902 y Fn(0)702 -4887 y Fu(is)e(a)g(c)m(hain)h(b)s(ecause)h Fs(g)1554 -4902 y Fn(n)1629 4887 y Ft(v)f Fs(g)1793 4902 y Fn(m)1888 -4887 y Fu(whenev)m(er)i(n)e Ft(\024)g Fu(m.)43 b(The)33 -b(partial)d(function)527 5181 y Fs(g)41 b(s)g Fu(=)802 -5007 y Fg(8)802 5081 y(<)802 5231 y(:)918 5096 y Fs(s)8 -b Fu([)p Fr(x)p Ft(7!\000)p Fw(1)p Fu(])83 b(if)32 b -Fw(0)g Ft(\024)h Fs(s)41 b Fr(x)918 5264 y Fs(s)429 b -Fu(if)32 b Fs(s)40 b Fr(x)33 b Fo(<)g Fw(0)283 5475 y -Fu(is)g(the)g(least)f(upp)s(er)h(b)s(ound)g(of)f Fs(Y)19 -b Fu(.)2094 b Fh(2)p eop -%%Page: 99 109 -99 108 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2183 -b(99)p 0 193 3473 4 v 0 515 a(Exercise)36 b(4.21)49 b -Fu(Construct)e(a)f(subset)h Fs(Y)66 b Fu(of)45 b Fw(State)h -Fo(,)-17 b Ft(!)46 b Fw(State)g Fu(suc)m(h)h(that)f Fs(Y)65 -b Fu(has)46 b(no)0 636 y(upp)s(er)33 b(b)s(ound)g(and)g(hence)h(no)e -(least)g(upp)s(er)h(b)s(ound.)1420 b Fh(2)0 826 y Fw(Exercise)36 -b(4.22)49 b Fu(Let)33 b Fs(g)920 841 y Fn(n)996 826 y -Fu(b)s(e)f(the)h(partial)e(function)h(de\014ned)i(b)m(y)244 -1083 y Fs(g)298 1098 y Fn(n)373 1083 y Fs(s)41 b Fu(=)562 -909 y Fg(8)562 983 y(<)562 1133 y(:)678 998 y Fs(s)8 -b Fu([)p Fr(y)p Ft(7!)p Fu(\()p Fs(s)40 b Fr(x)p Fu(\)!][)p -Fr(x)p Ft(7!)q Fw(1)p Fu(])83 b(if)31 b Fw(0)i Fo(<)f -Fs(s)41 b Fr(x)33 b Fu(and)f Fs(s)41 b Fr(x)33 b Ft(\024)g -Fu(n)678 1166 y(undef)p 678 1179 236 4 v 597 w(if)e Fs(s)41 -b Fr(x)33 b Ft(\024)g Fw(0)f Fu(or)g Fs(s)41 b Fr(x)33 -b Fo(>)f Fu(n)0 1345 y(\(where)h Fo(m)p Fu(!)f(denotes)h(the)f -(factorial)d(of)i Fo(m)p Fu(.\))44 b(De\014ne)32 b Fs(Y)2060 -1360 y Fn(0)2131 1345 y Fu(=)f Ft(f)g Fs(g)2373 1360 -y Fn(n)2448 1345 y Ft(j)g Fu(n)h Ft(\025)g Fu(0)g Ft(g)f -Fu(and)h(sho)m(w)h(that)0 1466 y(it)d(is)h(a)g(c)m(hain.)43 -b(Characterize)32 b(the)f(upp)s(er)h(b)s(ounds)g(of)f -Fs(Y)2119 1481 y Fn(0)2190 1466 y Fu(and)g(determine)g(the)h(least)f -(upp)s(er)0 1586 y(b)s(ound.)3103 b Fh(2)146 1777 y Fu(A)33 -b(partially)d(ordered)k(set)g(\()p Fs(D)9 b Fu(,)32 b -Ft(v)q Fu(\))h(is)f(called)g(a)g Fs(chain)j(c)-5 b(omplete)39 -b Fu(partially)30 b(ordered)k(set)0 1897 y(\(abbreviated)j -Fs(c)-5 b(cp)g(o)p Fu(\))36 b(whenev)m(er)1262 1831 y -Fg(F)1331 1897 y Fs(Y)56 b Fu(exists)74 b(for)36 b(all)e(c)m(hains)j -Fs(Y)20 b Fu(.)37 b(It)f(is)g(a)h Fs(c)-5 b(omplete)37 -b(lattic)-5 b(e)0 2017 y Fu(if)89 1951 y Fg(F)159 2017 -y Fs(Y)52 b Fu(exists)33 b(for)f(all)f(subsets)j Fs(Y)52 -b Fu(of)33 b Fs(D)9 b Fu(.)0 2208 y Fw(Example)37 b(4.23)49 -b Fu(Exercise)35 b(4.18)f(sho)m(ws)i(that)e(\()p Ft(P)8 -b Fu(\()p Fs(S)k Fu(\),)34 b Ft(\022)q Fu(\))g(and)h(\()p -Ft(P)8 b Fu(\()p Fs(S)k Fu(\),)34 b Ft(\023)q Fu(\))g(are)g(complete)0 -2328 y(lattices,)51 b(and)d(hence)h(ccp)s(o's,)k(for)47 -b(all)f(non-empt)m(y)i(sets)i Fs(S)12 b Fu(.)47 b(Exercise)j(4.19)d -(sho)m(ws)j(that)0 2449 y(\()p Ft(P)115 2464 y Fn(\014n)198 -2449 y Fu(\()p Fs(S)12 b Fu(\),)32 b Ft(\022)q Fu(\))g(need)i(not)e(b)s -(e)h(a)f(complete)g(lattice)f(nor)i(a)f(ccp)s(o.)1051 -b Fh(2)p 0 2639 3473 5 v 0 2785 a Fw(F)-9 b(act)37 b(4.24)49 -b Fu(If)33 b(\()p Fs(D)9 b Fu(,)32 b Ft(v)q Fu(\))g(is)g(a)h(ccp)s(o)g -(then)g(it)e(has)i(a)g(least)f(elemen)m(t)g Ft(?)h Fu(giv)m(en)g(b)m(y) -g Ft(?)q Fu(=)3174 2719 y Fg(F)3243 2785 y Ft(;)p Fu(.)p -0 2906 V 0 3081 a Fw(Pro)s(of:)k Fu(It)c(is)f(straigh)m(tforw)m(ard)g -(to)h(c)m(hec)m(k)h(that)f Ft(;)f Fu(is)g(a)h(c)m(hain)f(and)h(since)g -(\()p Fs(D)9 b Fu(,)33 b Ft(v)p Fu(\))g(is)f(a)g(ccp)s(o)0 -3201 y(w)m(e)g(get)g(that)514 3135 y Fg(F)583 3201 y -Ft(;)f Fu(exists.)44 b(Using)31 b(the)h(de\014nition)e(of)1953 -3135 y Fg(F)2022 3201 y Ft(;)h Fu(w)m(e)i(see)f(that)f(for)g(an)m(y)h -(elemen)m(t)f Fs(d)42 b Fu(of)0 3321 y Fs(D)g Fu(w)m(e)33 -b(ha)m(v)m(e)484 3255 y Fg(F)553 3321 y Ft(;)g(v)g Fs(d)10 -b Fu(.)43 b(This)33 b(means)f(that)1609 3255 y Fg(F)1678 -3321 y Ft(;)g Fu(is)g(the)h(least)g(elemen)m(t)f(of)g -Fs(D)9 b Fu(.)562 b Fh(2)146 3525 y Fu(Exercise)26 b(4.21)e(sho)m(ws)j -(that)d Fw(State)h Fo(,)-17 b Ft(!)24 b Fw(State)h Fu(is)f(not)h(a)f -(complete)g(lattice.)39 b(F)-8 b(ortunately)g(,)0 3645 -y(w)m(e)34 b(ha)m(v)m(e)p 0 3766 V 0 3912 a Fw(Lemma)j(4.25)49 -b Fu(\()p Fw(State)39 b Fo(,)-17 b Ft(!)39 b Fw(State)p -Fu(,)f Ft(v)q Fu(\))h(is)f(a)g(ccp)s(o.)63 b(The)39 b(least)g(upp)s(er) -g(b)s(ound)3107 3845 y Fg(F)3176 3912 y Fs(Y)58 b Fu(of)39 -b(a)0 4032 y(c)m(hain)32 b Fs(Y)53 b Fu(is)32 b(giv)m(en)g(b)m(y)244 -4207 y(graph\()526 4141 y Fg(F)595 4207 y Fs(Y)20 b Fu(\))32 -b(=)865 4141 y Fg(S)935 4207 y Ft(f)g Fu(graph\()p Fs(g)9 -b Fu(\))32 b Ft(j)g Fs(g)41 b Ft(2)p Fs(Y)53 b Ft(g)0 -4382 y Fu(that)32 b(is)g(\()347 4316 y Fg(F)417 4382 -y Fs(Y)19 b Fu(\))p Fs(s)41 b Fu(=)32 b Fs(s)783 4346 -y Fi(0)839 4382 y Fu(if)f(and)i(only)f(if)g Fs(g)41 b(s)f -Fu(=)33 b Fs(s)1745 4346 y Fi(0)1801 4382 y Fu(for)f(some)g -Fs(g)41 b Ft(2)33 b Fs(Y)20 b Fu(.)p 0 4503 V 0 4678 -a Fw(Pro)s(of:)37 b Fu(The)d(pro)s(of)e(is)g(in)f(three)j(stages:)44 -b(First)32 b(w)m(e)h(pro)m(v)m(e)h(that)269 4779 y Fg(S)338 -4845 y Ft(f)e Fu(graph\()p Fs(g)9 b Fu(\))32 b Ft(j)g -Fs(g)41 b Ft(2)33 b Fs(Y)52 b Ft(g)2103 b Fu(\(*\))0 -5013 y(is)41 b(indeed)h(a)f(graph)h(of)f(a)g(partial)f(function)h(in)g -Fw(State)h Fo(,)-17 b Ft(!)41 b Fw(State)p Fu(.)71 b(Secondly)-8 -b(,)44 b(w)m(e)f(pro)m(v)m(e)0 5133 y(that)29 b(this)g(function)g(will) -d(b)s(e)k(an)f(upp)s(er)h(b)s(ound)f(of)g Fs(Y)49 b Fu(and)29 -b(thirdly)f(that)h(it)f(is)h(less)g(than)h(an)m(y)0 5254 -y(other)j(upp)s(er)g(b)s(ound)g(of)f Fs(Y)19 b Fu(,)33 -b(that)f(is)g(it)g(is)g(the)h(least)f(upp)s(er)h(b)s(ound)g(of)f -Fs(Y)20 b Fu(.)146 5374 y(T)-8 b(o)25 b(v)m(erify)g(that)g(\(*\))f(sp)s -(eci\014es)i(a)f Fs(p)-5 b(artial)27 b(function)32 b -Fu(w)m(e)26 b(only)e(need)i(to)f(sho)m(w)h(that)e(if)g -Ft(h)p Fs(s)8 b Fu(,)32 b Fs(s)3410 5338 y Fi(0)3434 -5374 y Ft(i)0 5494 y Fu(and)h Ft(h)o Fs(s)8 b Fu(,)33 -b Fs(s)384 5458 y Fi(00)427 5494 y Ft(i)f Fu(are)g(elemen)m(ts)h(of)p -eop -%%Page: 100 110 -100 109 bop 251 130 a Fw(100)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Fs(X)49 b -Fu(=)756 449 y Fg(S)826 515 y Ft(f)32 b Fu(graph\()p -Fs(g)9 b Fu(\))32 b Ft(j)g Fs(g)9 b Ft(2)p Fs(Y)52 b -Ft(g)283 710 y Fu(then)35 b Fs(s)555 673 y Fi(0)613 710 -y Fu(=)f Fs(s)771 673 y Fi(00)813 710 y Fu(.)49 b(When)35 -b Ft(h)p Fs(s)8 b Fu(,)34 b Fs(s)1371 673 y Fi(0)1395 -710 y Ft(i)g(2)g Fs(X)51 b Fu(there)35 b(will)c(b)s(e)k(a)f(partial)e -(function)i Fs(g)41 b Ft(2)33 b Fs(Y)53 b Fu(suc)m(h)36 -b(that)283 830 y Fs(g)k(s)f Fu(=)30 b Fs(s)601 794 y -Fi(0)625 830 y Fu(.)43 b(Similarly)-8 b(,)27 b(when)32 -b Ft(h)p Fs(s)8 b Fu(,)31 b Fs(s)1573 794 y Fi(00)1616 -830 y Ft(i)f(2)h Fs(X)47 b Fu(then)32 b(there)g(will)c(b)s(e)j(a)g -(partial)e(function)h Fs(g)3510 794 y Fi(0)3565 830 y -Ft(2)j Fs(Y)283 950 y Fu(suc)m(h)i(that)d Fs(g)769 914 -y Fi(0)824 950 y Fs(s)41 b Fu(=)32 b Fs(s)1061 914 y -Fi(00)1104 950 y Fu(.)43 b(Since)33 b Fs(Y)52 b Fu(is)33 -b(a)f(c)m(hain)g(w)m(e)i(will)c(ha)m(v)m(e)k(that)f(either)f -Fs(g)41 b Ft(v)33 b Fs(g)3281 914 y Fi(0)3337 950 y Fu(or)f -Fs(g)3510 914 y Fi(0)3565 950 y Ft(v)h Fs(g)9 b Fu(.)283 -1071 y(In)44 b(an)m(y)h(case)f(w)m(e)h(get)f Fs(g)52 -b(s)g Fu(=)43 b Fs(g)1520 1034 y Fi(0)1587 1071 y Fs(s)51 -b Fu(and)44 b(this)g(means)f(that)h Fs(s)2661 1034 y -Fi(0)2728 1071 y Fu(=)f Fs(s)2895 1034 y Fi(00)2981 1071 -y Fu(as)h(required.)78 b(This)283 1191 y(completes)33 -b(the)g(\014rst)g(part)f(of)g(the)h(pro)s(of.)430 1311 -y(In)g(the)g(second)h(part)e(of)g(the)h(pro)s(of)f(w)m(e)h(de\014ne)h -(the)f(partial)d(function)j Fs(g)3124 1326 y Fn(0)3195 -1311 y Fu(b)m(y)527 1506 y(graph\()p Fs(g)863 1521 y -Fn(0)902 1506 y Fu(\))g(=)1081 1439 y Fg(S)1150 1506 -y Ft(f)g Fu(graph\()p Fs(g)9 b Fu(\))31 b Ft(j)i Fs(g)41 -b Ft(2)33 b Fs(Y)52 b Ft(g)283 1700 y Fu(T)-8 b(o)33 -b(sho)m(w)g(that)f Fs(g)933 1715 y Fn(0)1004 1700 y Fu(is)g(an)g(upp)s -(er)h(b)s(ound)f(of)g Fs(Y)52 b Fu(let)31 b Fs(g)41 b -Fu(b)s(e)32 b(an)g(elemen)m(t)g(of)g Fs(Y)20 b Fu(.)32 -b(Then)h(w)m(e)h(ha)m(v)m(e)283 1820 y(graph\()p Fs(g)9 -b Fu(\))36 b Ft(\022)g Fu(graph\()p Fs(g)1142 1835 y -Fn(0)1181 1820 y Fu(\))g(and)g(using)f(the)h(result)g(of)g(Exercise)h -(4.8)e(w)m(e)i(see)g(that)f Fs(g)44 b Ft(v)37 b Fs(g)3594 -1835 y Fn(0)3669 1820 y Fu(as)283 1940 y(required)d(and)e(w)m(e)i(ha)m -(v)m(e)g(completed)e(the)h(second)h(part)e(of)g(the)h(pro)s(of.)430 -2061 y(In)26 b(the)h(third)e(part)h(of)g(the)h(pro)s(of)e(w)m(e)i(sho)m -(w)h(that)e Fs(g)2296 2076 y Fn(0)2361 2061 y Fu(is)g(the)g(least)g -(upp)s(er)h(b)s(ound)f(of)g Fs(Y)20 b Fu(.)26 b(So)283 -2181 y(let)33 b Fs(g)479 2196 y Fn(1)551 2181 y Fu(b)s(e)h(some)f(upp)s -(er)h(b)s(ound)f(of)g Fs(Y)19 b Fu(.)34 b(Using)f(the)g(de\014nition)f -(of)h(an)g(upp)s(er)h(b)s(ound)g(w)m(e)g(get)283 2302 -y(that)29 b Fs(g)38 b Ft(v)30 b Fs(g)735 2317 y Fn(1)803 -2302 y Fu(m)m(ust)f(hold)f(for)h(all)e Fs(g)38 b Ft(2)p -Fs(Y)20 b Fu(.)29 b(Exercise)i(4.8)d(giv)m(es)i(that)f(graph\()p -Fs(g)9 b Fu(\))28 b Ft(\022)i Fu(graph\()p Fs(g)3652 -2317 y Fn(1)3691 2302 y Fu(\).)283 2422 y(Hence)k(it)e(m)m(ust)h(b)s(e) -f(the)h(case)h(that)527 2550 y Fg(S)597 2616 y Ft(f)e -Fu(graph\()p Fs(g)9 b Fu(\))32 b Ft(j)g Fs(g)41 b Ft(2)33 -b Fs(Y)52 b Ft(g)32 b(\022)h Fu(graph\()p Fs(g)1982 2631 -y Fn(1)2021 2616 y Fu(\))283 2810 y(But)28 b(this)g(is)f(the)h(same)f -(as)h(graph\()p Fs(g)1604 2825 y Fn(0)1643 2810 y Fu(\))f -Ft(\022)h Fu(graph\()p Fs(g)2149 2825 y Fn(1)2188 2810 -y Fu(\))g(and)f(Exercise)i(4.8)f(giv)m(es)g(that)f Fs(g)3464 -2825 y Fn(0)3531 2810 y Ft(v)h Fs(g)3690 2825 y Fn(1)3729 -2810 y Fu(.)283 2931 y(This)k(sho)m(ws)h(that)e Fs(g)1048 -2946 y Fn(0)1118 2931 y Fu(is)f(the)i(least)f(upp)s(er)h(b)s(ound)f(of) -g Fs(Y)50 b Fu(and)32 b(thereb)m(y)h(w)m(e)f(ha)m(v)m(e)g(completed)283 -3051 y(the)h(pro)s(of.)2980 b Fh(2)283 3421 y Fp(Con)l(tin)l(uous)46 -b(functions)283 3606 y Fu(Let)35 b(\()p Fs(D)9 b Fu(,)34 -b Ft(v)p Fu(\))g(and)g(\()p Fs(D)1103 3570 y Fi(0)1126 -3606 y Fu(,)h Ft(v)1265 3570 y Fi(0)1288 3606 y Fu(\))f(b)s(e)g(ccp)s -(o's)h(and)f(consider)h(a)e(\(total\))g(function)g Fs(f)21 -b Fu(:)46 b Fs(D)d Ft(!)34 b Fs(D)3593 3570 y Fi(0)3616 -3606 y Fu(.)48 b(If)283 3726 y Fs(d)343 3741 y Fn(1)416 -3726 y Ft(v)33 b Fs(d)586 3741 y Fn(2)657 3726 y Fu(then)g(the)f(in)m -(tuition)e(is)h(that)h Fs(d)1812 3741 y Fn(1)1884 3726 -y Fu(shares)h(its)e(information)e(with)j Fs(d)3122 3741 -y Fn(2)3161 3726 y Fu(.)43 b(So)32 b(when)h(the)283 3847 -y(function)k Fs(f)58 b Fu(has)37 b(b)s(een)h(applied)e(to)h(the)g(t)m -(w)m(o)h(elemen)m(ts)f Fs(d)2465 3862 y Fn(1)2542 3847 -y Fu(and)g Fs(d)2796 3862 y Fn(2)2872 3847 y Fu(then)h(w)m(e)g(shall)e -(exp)s(ect)283 3967 y(that)31 b(a)g(similar)c(relationship)i(holds)i(b) -s(et)m(w)m(een)i(the)e(results.)43 b(That)31 b(is)g(w)m(e)g(shall)f -(exp)s(ect)i(that)283 4088 y Fs(f)55 b(d)428 4103 y Fn(1)502 -4088 y Ft(v)579 4051 y Fi(0)637 4088 y Fs(f)g(d)782 4103 -y Fn(2)855 4088 y Fu(and)34 b(when)h(this)f(is)g(the)g(case)h(w)m(e)g -(sa)m(y)g(that)f Fs(f)55 b Fu(is)33 b Fs(monotone)p Fu(.)47 -b(F)-8 b(ormally)g(,)31 b Fs(f)55 b Fu(is)283 4208 y(monotone)32 -b(if)g(and)g(only)g(if)527 4402 y Fs(d)587 4417 y Fn(1)659 -4402 y Ft(v)h Fs(d)829 4417 y Fn(2)902 4402 y Fu(implies)d -Fs(f)53 b(d)1376 4417 y Fn(1)1448 4402 y Ft(v)1526 4366 -y Fi(0)1581 4402 y Fs(f)h(d)1725 4417 y Fn(2)283 4596 -y Fu(for)32 b(all)f(c)m(hoices)i(of)g Fs(d)1068 4611 -y Fn(1)1140 4596 y Fu(and)f Fs(d)1389 4611 y Fn(2)1429 -4596 y Fu(.)283 4812 y Fw(Example)37 b(4.26)49 b Fu(Consider)24 -b(the)h(ccp)s(o's)g(\()p Ft(P)8 b Fu(\()p Ft(f)p Fu(a,b,c)p -Ft(g)p Fu(\),)26 b Ft(\022)p Fu(\))e(and)h(\()p Ft(P)8 -b Fu(\()p Ft(f)p Fu(d,e)p Ft(g)p Fu(\),)26 b Ft(\022)p -Fu(\).)41 b(The)25 b(func-)283 4932 y(tion)32 b Fs(f)535 -4947 y Fn(1)574 4932 y Fu(:)44 b Ft(P)8 b Fu(\()p Ft(f)p -Fu(a,b,c)p Ft(g)p Fu(\))33 b Ft(!)f(P)8 b Fu(\()p Ft(f)p -Fu(d,e)p Ft(g)p Fu(\))33 b(de\014ned)h(b)m(y)g(the)f(table)639 -5205 y Fs(X)p 869 5288 4 249 v 209 w Ft(f)p Fu(a,b,c)p -Ft(g)100 b(f)p Fu(a,b)p Ft(g)i(f)p Fu(a,c)p Ft(g)g(f)p -Fu(b,c)p Ft(g)h(f)p Fu(a)p Ft(g)f(f)p Fu(b)p Ft(g)d(f)p -Fu(c)p Ft(g)h(;)p 527 5291 2620 4 v 577 5457 a Fs(f)628 -5472 y Fn(1)700 5457 y Fs(X)p 869 5528 4 237 v 186 w -Ft(f)p Fu(d,e)p Ft(g)176 b(f)p Fu(d)p Ft(g)137 b(f)p -Fu(d,e)p Ft(g)100 b(f)p Fu(d,e)p Ft(g)g(f)p Fu(d)p Ft(g)g(f)p -Fu(d)p Ft(g)f(f)p Fu(e)p Ft(g)h(;)p eop -%%Page: 101 111 -101 110 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2127 -b(101)p 0 193 3473 4 v 0 515 a Fu(is)32 b(monotone:)43 -b(it)31 b(simply)h(c)m(hanges)h(a's)g(and)g(b's)g(to)g(d's)g(and)g(c's) -g(to)f(e's.)146 636 y(The)i(function)e Fs(f)780 651 y -Fn(2)819 636 y Fu(:)44 b Ft(P)8 b Fu(\()p Ft(f)p Fu(a,b,c)p -Ft(g)p Fu(\))33 b Ft(!)f(P)8 b Fu(\()p Ft(f)p Fu(d,e)p -Ft(g)p Fu(\))33 b(de\014ned)h(b)m(y)g(the)f(table)355 -917 y Fs(X)p 585 1001 4 249 v 210 w Ft(f)p Fu(a,b,c)p -Ft(g)100 b(f)p Fu(a,b)p Ft(g)f(f)p Fu(a,c)p Ft(g)g(f)p -Fu(b,c)p Ft(g)k(f)p Fu(a)p Ft(g)f(f)p Fu(b)p Ft(g)d(f)p -Fu(c)p Ft(g)146 b(;)p 244 1004 2707 4 v 294 1169 a Fs(f)345 -1184 y Fn(2)417 1169 y Fs(X)p 585 1240 4 237 v 221 w -Ft(f)p Fu(d)p Ft(g)211 b(f)p Fu(d)p Ft(g)170 b(f)p Fu(d)p -Ft(g)i(f)p Fu(e)p Ft(g)140 b(f)p Fu(d)p Ft(g)105 b(f)p -Fu(e)p Ft(g)g(f)p Fu(e)p Ft(g)100 b(f)p Fu(e)p Ft(g)0 -1406 y Fu(is)36 b Fs(not)46 b Fu(monotone)36 b(b)s(ecause)j -Ft(f)p Fu(b,c)p Ft(g)d(\022)i(f)p Fu(a,b,c)p Ft(g)e Fu(but)h -Fs(f)2050 1421 y Fn(2)2127 1406 y Ft(f)p Fu(b,c)p Ft(g)f(6\022)i -Fs(f)2553 1421 y Fn(2)2629 1406 y Ft(f)p Fu(a,b,c)p Ft(g)p -Fu(.)56 b(In)m(tuitiv)m(ely)-8 b(,)0 1527 y(all)36 b(sets)j(that)f(con) -m(tain)g(an)g(a)g(are)g(mapp)s(ed)g(to)g Ft(f)p Fu(d)p -Ft(g)g Fu(whereas)h(the)g(others)g(are)f(mapp)s(ed)g(to)0 -1647 y Ft(f)p Fu(e)p Ft(g)43 b Fu(and)h(since)g(the)g(elemen)m(ts)g -Ft(f)p Fu(d)p Ft(g)f Fu(and)g Ft(f)p Fu(e)p Ft(g)h Fu(are)f -(incomparable)f(this)h(do)s(es)h(not)f(giv)m(e)h(a)0 -1767 y(monotone)32 b(function.)42 b(Ho)m(w)m(ev)m(er,)35 -b(if)c(w)m(e)j(c)m(hange)f(the)g(de\014nition)e(suc)m(h)j(that)e(sets)h -(with)f(an)h(a)0 1888 y(are)e(mapp)s(ed)g(to)g Ft(f)p -Fu(d)p Ft(g)f Fu(and)i(all)c(other)k(sets)g(to)f Ft(;)f -Fu(then)i(the)g(function)e(will)f(b)s(e)i(monotone.)75 -b Fh(2)0 2116 y Fw(Exercise)36 b(4.27)49 b Fu(Consider)37 -b(the)g(ccp)s(o)g(\()p Ft(P)9 b Fu(\()p Fw(N)p Fu(\),)36 -b Ft(\022)p Fu(\).)55 b(Determine)36 b(whic)m(h)h(of)f(the)h(follo)m -(wing)0 2237 y(functions)c(in)e Ft(P)9 b Fu(\()p Fw(N)p -Fu(\))32 b Ft(!)g(P)8 b Fu(\()p Fw(N)p Fu(\))33 b(are)f(monotone:)145 -2440 y Ft(\017)49 b Fs(f)295 2455 y Fn(1)367 2440 y Fs(X)f -Fu(=)33 b Fw(N)f Ft(n)g Fs(X)145 2643 y Ft(\017)49 b -Fs(f)295 2658 y Fn(2)367 2643 y Fs(X)f Fu(=)33 b Fs(X)49 -b Ft([)32 b(f)p Fw(27)p Ft(g)145 2847 y(\017)49 b Fs(f)295 -2862 y Fn(3)367 2847 y Fs(X)f Fu(=)33 b Fs(X)49 b Ft(\\)32 -b(f)p Fw(7)p Fu(,)h Fw(9)p Fu(,)g Fw(13)p Ft(g)145 3050 -y(\017)49 b Fs(f)295 3065 y Fn(4)367 3050 y Fs(X)f Fu(=)33 -b Ft(f)f Fs(n)40 b Ft(2)33 b Fs(X)49 b Ft(j)32 b Fs(n)40 -b Fu(is)32 b(a)g(prime)f Ft(g)145 3254 y(\017)49 b Fs(f)295 -3269 y Fn(5)367 3254 y Fs(X)f Fu(=)33 b Ft(f)f Fw(2)h -Fo(?)f Fs(n)40 b Ft(j)32 b Fs(n)40 b Ft(2)33 b Fs(X)48 -b Ft(g)2031 b Fh(2)0 3482 y Fw(Exercise)36 b(4.28)49 -b Fu(Determine)32 b(whic)m(h)h(of)f(the)h(follo)m(wing)d(functionals)h -(of)244 3685 y(\()p Fw(State)h Fo(,)-17 b Ft(!)33 b Fw(State)p -Fu(\))g Ft(!)f Fu(\()p Fw(State)g Fo(,)-17 b Ft(!)33 -b Fw(State)p Fu(\))0 3889 y(are)g(monotone:)145 4092 -y Ft(\017)49 b Fs(F)321 4107 y Fn(0)393 4092 y Fs(g)41 -b Fu(=)32 b Fs(g)145 4377 y Ft(\017)49 b Fs(F)321 4392 -y Fn(1)393 4377 y Fs(g)41 b Fu(=)587 4203 y Fg(8)587 -4277 y(<)587 4427 y(:)703 4292 y Fs(g)757 4307 y Fn(1)879 -4292 y Fu(if)31 b Fs(g)41 b Fu(=)33 b Fs(g)1217 4307 -y Fn(2)703 4460 y Fs(g)757 4475 y Fn(2)879 4460 y Fu(otherwise)1494 -4377 y(where)h Fs(g)1830 4392 y Fn(1)1902 4377 y Ft(6)p -Fu(=)e Fs(g)2064 4392 y Fn(2)145 4767 y Ft(\017)49 b -Fu(\()p Fs(F)359 4731 y Fi(0)415 4767 y Fs(g)9 b Fu(\))32 -b Fs(s)40 b Fu(=)728 4593 y Fg(8)728 4668 y(<)728 4817 -y(:)843 4683 y Fs(g)h(s)91 b Fu(if)32 b Fs(s)40 b Fr(x)33 -b Ft(6)p Fu(=)f Fw(0)843 4850 y Fs(s)177 b Fu(if)32 b -Fs(s)40 b Fr(x)33 b Fu(=)f Fw(0)3398 4767 y Fh(2)146 -5077 y Fu(The)d(monotone)d(functions)i(ha)m(v)m(e)g(a)f(couple)h(of)f -(in)m(teresting)g(prop)s(erties.)41 b(First)27 b(w)m(e)h(pro)m(v)m(e)0 -5198 y(that)k(the)h(comp)s(osition)e(of)h(t)m(w)m(o)h(monotone)f -(functions)g(is)g(a)h(monotone)e(function.)p eop -%%Page: 102 112 -102 111 bop 251 130 a Fw(102)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 283 515 3473 5 v 283 -689 a(F)-9 b(act)38 b(4.29)49 b Fu(Let)e(\()p Fs(D)9 -b Fu(,)47 b Ft(v)p Fu(\),)k(\()p Fs(D)1476 653 y Fi(0)1499 -689 y Fu(,)g Ft(v)1654 653 y Fi(0)1677 689 y Fu(\))c(and)g(\()p -Fs(D)2087 653 y Fi(00)2130 689 y Fu(,)j Ft(v)2285 653 -y Fi(00)2327 689 y Fu(\))d(b)s(e)g(ccp)s(o's)h(and)f(let)f -Fs(f)21 b Fu(:)72 b Fs(D)56 b Ft(!)47 b Fs(D)3733 653 -y Fi(0)283 809 y Fu(and)42 b Fs(f)533 773 y Fi(0)557 -809 y Fu(:)h Fs(D)710 773 y Fi(0)766 809 y Ft(!)32 b -Fs(D)981 773 y Fi(00)1065 809 y Fu(b)s(e)42 b(monotone)f(functions.)71 -b(Then)43 b Fs(f)2467 773 y Fi(0)2522 809 y Ft(\016)33 -b Fs(f)21 b Fu(:)43 b Fs(D)f Ft(!)32 b Fs(D)3057 773 -y Fi(00)3141 809 y Fu(is)41 b(a)h(monotone)283 930 y(function.)p -283 1050 V 283 1253 a Fw(Pro)s(of:)33 b Fu(Assume)d(that)f -Fs(d)1245 1268 y Fn(1)1313 1253 y Ft(v)g Fs(d)1479 1268 -y Fn(2)1519 1253 y Fu(.)42 b(The)30 b(monotonicit)m(y)d(of)h -Fs(f)50 b Fu(giv)m(es)29 b(that)g Fs(f)50 b(d)3142 1268 -y Fn(1)3210 1253 y Ft(v)3287 1217 y Fi(0)3339 1253 y -Fs(f)g(d)3479 1268 y Fn(2)3519 1253 y Fu(.)42 b(The)283 -1373 y(monotonicit)m(y)31 b(of)h Fs(f)1036 1337 y Fi(0)1092 -1373 y Fu(then)h(giv)m(es)g Fs(f)1604 1337 y Fi(0)1660 -1373 y Fu(\()p Fs(f)53 b(d)1841 1388 y Fn(1)1881 1373 -y Fu(\))32 b Ft(v)2029 1337 y Fi(00)2104 1373 y Fs(f)2155 -1337 y Fi(0)2211 1373 y Fu(\()p Fs(f)53 b(d)2392 1388 -y Fn(2)2431 1373 y Fu(\))33 b(as)g(required.)683 b Fh(2)430 -1576 y Fu(Next)33 b(w)m(e)g(pro)m(v)m(e)h(that)e(the)h(image)e(of)h(a)g -(c)m(hain)g(under)h(a)g(monotone)e(function)h(is)g(itself)f(a)283 -1697 y(c)m(hain.)p 283 1817 V 283 1991 a Fw(Lemma)38 -b(4.30)49 b Fu(Let)24 b(\()p Fs(D)9 b Fu(,)23 b Ft(v)q -Fu(\))h(and)g(\()p Fs(D)1708 1955 y Fi(0)1731 1991 y -Fu(,)h Ft(v)1861 1955 y Fi(0)1884 1991 y Fu(\))f(b)s(e)g(ccp)s(o's)h -(and)f(let)f Fs(f)e Fu(:)39 b Fs(D)33 b Ft(!)23 b Fs(D)3095 -1955 y Fi(0)3142 1991 y Fu(b)s(e)h(a)g(monotone)283 2111 -y(function.)42 b(If)30 b Fs(Y)49 b Fu(is)29 b(a)h(c)m(hain)f(in)g -Fs(D)39 b Fu(then)30 b Ft(f)f Fs(f)51 b(d)39 b Ft(j)30 -b Fs(d)39 b Ft(2)30 b Fs(Y)49 b Ft(g)30 b Fu(is)f(a)g(c)m(hain)h(in)f -Fs(D)3104 2075 y Fi(0)3127 2111 y Fu(.)42 b(F)-8 b(urthermore,)552 -2212 y Fg(F)621 2243 y Fi(0)645 2279 y Ft(f)32 b Fs(f)53 -b(d)43 b Ft(j)32 b Fs(d)43 b Ft(2)33 b Fs(Y)52 b Ft(g)32 -b(v)1439 2243 y Fi(0)1495 2279 y Fs(f)21 b Fu(\()1584 -2212 y Fg(F)1653 2279 y Fs(Y)e Fu(\))p 283 2399 V 283 -2602 a Fw(Pro)s(of:)42 b Fu(If)37 b Fs(Y)56 b Fu(=)36 -b Ft(;)g Fu(then)h(the)g(result)f(holds)h(immediately)c(since)k -Ft(?)2868 2566 y Fi(0)2928 2602 y Ft(v)3005 2566 y Fi(0)3065 -2602 y Fs(f)57 b Ft(?)q Fu(.)e(So)36 b(assume)283 2722 -y(that)d Fs(Y)53 b Ft(6)p Fu(=)33 b Ft(;)p Fu(.)45 b(W)-8 -b(e)34 b(shall)e(\014rst)h(pro)m(v)m(e)i(that)e Ft(f)g -Fs(f)54 b(d)43 b Ft(j)33 b Fs(d)43 b Ft(2)33 b Fs(Y)53 -b Ft(g)33 b Fu(is)g(a)g(c)m(hain)g(in)f Fs(D)3283 2686 -y Fi(0)3306 2722 y Fu(.)46 b(So)33 b(let)f Fs(d)3716 -2686 y Fi(0)3716 2747 y Fn(1)283 2843 y Fu(and)37 b Fs(d)537 -2806 y Fi(0)537 2867 y Fn(2)613 2843 y Fu(b)s(e)f(t)m(w)m(o)h(elemen)m -(ts)g(of)f Ft(f)g Fs(f)57 b(d)46 b Ft(j)36 b Fs(d)47 -b Ft(2)36 b Fs(Y)56 b Ft(g)p Fu(.)f(Then)37 b(there)g(are)f(elemen)m -(ts)h Fs(d)3387 2858 y Fn(1)3463 2843 y Fu(and)f Fs(d)3716 -2858 y Fn(2)283 2963 y Fu(in)d Fs(Y)54 b Fu(suc)m(h)35 -b(that)e Fs(d)1017 2927 y Fi(0)1017 2988 y Fn(1)1090 -2963 y Fu(=)h Fs(f)54 b(d)1344 2978 y Fn(1)1417 2963 -y Fu(and)34 b Fs(d)1668 2927 y Fi(0)1668 2988 y Fn(2)1741 -2963 y Fu(=)f Fs(f)55 b(d)1995 2978 y Fn(2)2035 2963 -y Fu(.)46 b(Since)34 b Fs(Y)53 b Fu(is)33 b(a)h(c)m(hain)f(w)m(e)i(ha)m -(v)m(e)g(that)e(either)283 3083 y Fs(d)343 3098 y Fn(1)416 -3083 y Ft(v)g Fs(d)586 3098 y Fn(2)660 3083 y Fu(or)i -Fs(d)842 3098 y Fn(2)917 3083 y Ft(v)g Fs(d)1089 3098 -y Fn(1)1129 3083 y Fu(.)51 b(In)35 b(either)g(case)h(w)m(e)g(get)g -(that)f(the)g(same)g(order)g(holds)g(b)s(et)m(w)m(een)i -Fs(d)3716 3047 y Fi(0)3716 3108 y Fn(1)283 3204 y Fu(and)g -Fs(d)537 3168 y Fi(0)537 3228 y Fn(2)613 3204 y Fu(b)s(ecause)h(of)e -(the)h(monotonicit)m(y)e(of)h Fs(f)21 b Fu(.)56 b(This)36 -b(pro)m(v)m(es)j(that)d Ft(f)g Fs(f)58 b(d)47 b Ft(j)36 -b Fs(d)47 b Ft(2)36 b Fs(Y)57 b Ft(g)36 b Fu(is)g(a)283 -3324 y(c)m(hain.)430 3444 y(T)-8 b(o)46 b(pro)m(v)m(e)g(the)h(second)g -(part)e(of)g(the)h(lemma)e(consider)i(an)f(arbitrary)g(elemen)m(t)h -Fs(d)55 b Fu(of)283 3565 y Fs(Y)20 b Fu(.)48 b(Then)g(it)f(will)e(b)s -(e)j(the)g(case)g(that)g Fs(d)57 b Ft(v)2042 3498 y Fg(F)2111 -3565 y Fs(Y)20 b Fu(.)48 b(The)g(monotonicit)m(y)e(of)h -Fs(f)68 b Fu(giv)m(es)48 b(that)283 3685 y Fs(f)54 b(d)43 -b Ft(v)537 3649 y Fi(0)593 3685 y Fs(f)21 b Fu(\()682 -3619 y Fg(F)751 3685 y Fs(Y)f Fu(\).)76 b(Since)44 b(this)f(holds)g -(for)g(all)e Fs(d)54 b Ft(2)44 b Fs(Y)63 b Fu(w)m(e)45 -b(get)e(that)h Fs(f)21 b Fu(\()3012 3619 y Fg(F)3081 -3685 y Fs(Y)e Fu(\))44 b(is)f(an)g(upp)s(er)283 3806 -y(b)s(ound)33 b(on)g Ft(f)f Fs(f)53 b(d)43 b Ft(j)32 -b Fs(d)43 b Ft(2)p Fs(Y)53 b Ft(g)o Fu(,)33 b(that)f(is)1740 -3739 y Fg(F)1810 3769 y Fi(0)1865 3806 y Ft(f)h Fs(f)53 -b(d)43 b Ft(j)32 b Fs(d)43 b Ft(2)p Fs(Y)52 b Ft(g)33 -b(v)2627 3769 y Fi(0)2683 3806 y Fs(f)21 b Fu(\()2772 -3739 y Fg(F)2841 3806 y Fs(Y)f Fu(\).)683 b Fh(2)430 -4009 y Fu(In)40 b(general)f(w)m(e)i(cannot)f(exp)s(ect)h(that)e(a)g -(monotone)g(function)h(preserv)m(es)i(least)d(upp)s(er)283 -4129 y(b)s(ounds)d(on)f(c)m(hains,)g(that)g(is)1402 4063 -y Fg(F)1471 4093 y Fi(0)1529 4129 y Ft(f)g Fs(f)55 b(d)45 -b Ft(j)35 b Fs(d)44 b Ft(2)q Fs(Y)54 b Ft(g)35 b Fu(=)f -Fs(f)21 b Fu(\()2428 4063 y Fg(F)2497 4129 y Fs(Y)f Fu(\).)35 -b(This)g(is)f(illustrated)f(b)m(y)i(the)283 4250 y(follo)m(wing)30 -b(example:)283 4477 y Fw(Example)37 b(4.31)49 b Fu(F)-8 -b(rom)29 b(Example)i(4.23)f(w)m(e)i(get)f(that)f(\()p -Ft(P)9 b Fu(\()p Fw(N)30 b Ft([)h(f)p Fu(a)p Ft(g)p Fu(\),)g -Ft(\022)p Fu(\))g(is)f(a)h(ccp)s(o.)43 b(No)m(w)283 4597 -y(consider)33 b(the)g(function)f Fs(f)21 b Fu(:)44 b -Ft(P)8 b Fu(\()p Fw(N)32 b Ft([)h(f)p Fu(a)p Ft(g)p Fu(\))f -Ft(!)g(P)9 b Fu(\()p Fw(N)32 b Ft([)h(f)p Fu(a)p Ft(g)p -Fu(\))f(de\014ned)i(b)m(y)527 4887 y Fs(f)54 b(X)48 b -Fu(=)840 4713 y Fg(8)840 4788 y(<)840 4937 y(:)955 4803 -y Fs(X)379 b Fu(if)32 b Fs(X)48 b Fu(is)32 b(\014nite)955 -4970 y Fs(X)49 b Ft([)33 b(f)p Fu(a)p Ft(g)82 b Fu(if)32 -b Fs(X)48 b Fu(is)32 b(in\014nite)283 5171 y(Clearly)-8 -b(,)34 b Fs(f)54 b Fu(is)33 b(a)h(monotone)e(function:)46 -b(if)32 b Fs(X)1960 5186 y Fn(1)2033 5171 y Ft(\022)i -Fs(X)2232 5186 y Fn(2)2306 5171 y Fu(then)g(also)f Fs(f)54 -b(X)2898 5186 y Fn(1)2971 5171 y Ft(\022)35 b Fs(f)54 -b(X)3255 5186 y Fn(2)3295 5171 y Fu(.)46 b(Ho)m(w)m(ev)m(er,)283 -5292 y Fs(f)54 b Fu(do)s(es)33 b(not)f(preserv)m(e)i(the)f(least)f(upp) -s(er)h(b)s(ounds)g(of)f(c)m(hains.)44 b(T)-8 b(o)32 b(see)i(this)e -(consider)g(the)h(set)527 5494 y Fs(Y)53 b Fu(=)32 b -Ft(f)g(f)p Fu(0,1,)p Ft(\001)17 b(\001)g(\001)n Fu(,n)p -Ft(g)33 b(j)f Fu(n)p Ft(\025)q Fu(0)g Ft(g)p eop -%%Page: 103 113 -103 112 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2127 -b(103)p 0 193 3473 4 v 0 515 a Fu(It)25 b(consists)h(of)f(the)g(elemen) -m(ts)h Ft(f)p Fu(0)p Ft(g)p Fu(,)g Ft(f)p Fu(0,1)p Ft(g)p -Fu(,)g Ft(f)p Fu(0,1,2)p Ft(g)p Fu(,)f Ft(\001)17 b(\001)g(\001)24 -b Fu(and)h(it)f(is)h(straigh)m(tforw)m(ard)f(to)h(v)m(erify)0 -636 y(that)40 b(it)f(is)h(a)g(c)m(hain)g(with)g Fw(N)g -Fu(as)g(its)g(least)f(upp)s(er)i(b)s(ound,)i(that)d(is)2597 -569 y Fg(F)2666 636 y Fs(Y)60 b Fu(=)40 b Fw(N)p Fu(.)g(When)h(w)m(e)0 -756 y(apply)32 b Fs(f)54 b Fu(to)32 b(the)h(elemen)m(ts)g(of)f -Fs(Y)52 b Fu(w)m(e)34 b(get)244 897 y Fg(F)346 963 y -Ft(f)e Fs(f)53 b(X)c Ft(j)32 b Fs(X)49 b Ft(2)33 b Fs(Y)52 -b Ft(g)32 b Fu(=)1227 897 y Fg(F)1296 963 y Fs(Y)52 b -Fu(=)33 b Fw(N)0 1171 y Fu(Ho)m(w)m(ev)m(er,)i(w)m(e)f(also)d(ha)m(v)m -(e)244 1378 y Fs(f)53 b Fu(\()365 1312 y Fg(F)434 1378 -y Fs(Y)20 b Fu(\))33 b(=)f Fs(f)53 b Fw(N)33 b Fu(=)f -Fw(N)g Ft([)h(f)p Fu(a)p Ft(g)0 1585 y Fu(sho)m(wing)g(that)f -Fs(f)54 b Fu(do)s(es)33 b(not)f(preserv)m(e)j(the)e(least)f(upp)s(er)h -(b)s(ounds)g(of)g(c)m(hains.)542 b Fh(2)146 1819 y Fu(W)-8 -b(e)31 b(shall)e(b)s(e)i(in)m(terested)h(in)e(functions)g(that)h -(preserv)m(e)h(least)f(upp)s(er)g(b)s(ounds)g(of)f(c)m(hains,)0 -1939 y(that)i(is)g(functions)h Fs(f)53 b Fu(that)33 b(satisfy)244 -2080 y Fg(F)313 2110 y Fi(0)336 2147 y Ft(f)g Fs(f)53 -b(d)43 b Ft(j)32 b Fs(d)43 b Ft(2)p Fs(Y)52 b Ft(g)33 -b Fu(=)f Fs(f)21 b Fu(\()1218 2080 y Fg(F)1287 2147 y -Fs(Y)f Fu(\))0 2354 y(In)m(tuitiv)m(ely)-8 b(,)54 b(this)c(means)g -(that)g(w)m(e)i(obtain)d(the)i(same)f(information)d(indep)s(enden)m -(tly)k(of)0 2474 y(whether)42 b(w)m(e)g(determine)f(the)g(least)g(upp)s -(er)h(b)s(ound)f(b)s(efore)g(or)f(after)h(applying)f(the)h(func-)0 -2595 y(tion)32 b Fs(f)20 b Fu(.)146 2716 y(W)-8 b(e)31 -b(shall)d(sa)m(y)j(that)f(a)f(function)h Fs(f)21 b Fu(:)42 -b Fs(D)c Ft(!)30 b Fs(D)1815 2680 y Fi(0)1868 2716 y -Fu(de\014ned)h(on)f(ccp)s(o's)h(\()p Fs(D)9 b Fu(,)30 -b Ft(v)p Fu(\))g(and)g(\()p Fs(D)3253 2680 y Fi(0)3276 -2716 y Fu(,)h Ft(v)3411 2680 y Fi(0)3435 2716 y Fu(\))0 -2836 y(is)h Fs(c)-5 b(ontinuous)32 b Fu(if)g(it)f(is)h(monotone)g(and) -244 2977 y Fg(F)313 3007 y Fi(0)336 3043 y Ft(f)h Fs(f)53 -b(d)43 b Ft(j)32 b Fs(d)43 b Ft(2)p Fs(Y)52 b Ft(g)33 -b Fu(=)f Fs(f)21 b Fu(\()1218 2977 y Fg(F)1287 3043 y -Fs(Y)f Fu(\))0 3251 y(holds)40 b(for)g(all)f Fs(non-empty)h -Fu(c)m(hains)h Fs(Y)19 b Fu(.)41 b(If)1622 3184 y Fg(F)1691 -3251 y Ft(f)f Fs(f)62 b(d)50 b Ft(j)41 b Fs(d)50 b Ft(2)41 -b Fs(Y)61 b Ft(g)40 b Fu(=)g Fs(f)21 b Fu(\()2677 3184 -y Fg(F)2746 3251 y Fs(Y)f Fu(\))41 b(holds)f(for)g(the)0 -3371 y(empt)m(y)33 b(c)m(hain,)g(that)f(is)g Ft(?)h Fu(=)f -Fs(f)54 b Ft(?)p Fu(,)33 b(then)g(w)m(e)h(shall)d(sa)m(y)i(that)g -Fs(f)53 b Fu(is)32 b Fs(strict)p Fu(.)0 3606 y Fw(Example)37 -b(4.32)49 b Fu(The)37 b(function)g Fs(f)1353 3621 y Fn(1)1429 -3606 y Fu(of)f(Example)g(4.26)h(is)f(also)g(con)m(tin)m(uous.)57 -b(T)-8 b(o)37 b(see)h(this)0 3726 y(consider)31 b(a)g(non-empt)m(y)g(c) -m(hain)g Fs(Y)50 b Fu(of)31 b Ft(P)8 b Fu(\()p Ft(f)p -Fu(a,b,c)p Ft(g)p Fu(\).)43 b(The)32 b(least)f(upp)s(er)g(b)s(ound)g -(of)g Fs(Y)51 b Fu(will)28 b(b)s(e)0 3846 y(the)33 b(largest)f(elemen)m -(t,)g(sa)m(y)i Fs(X)1127 3861 y Fn(0)1167 3846 y Fu(,)e(of)g -Fs(Y)52 b Fu(\(see)34 b(Example)e(4.17\).)43 b(Therefore)34 -b(w)m(e)f(ha)m(v)m(e)294 4051 y Fs(f)345 4066 y Fn(1)417 -4051 y Fu(\()455 3984 y Fg(F)524 4051 y Fs(Y)19 b Fu(\))100 -b(=)h Fs(f)981 4066 y Fn(1)1053 4051 y Fs(X)1141 4066 -y Fn(0)1879 4051 y Fu(b)s(ecause)34 b Fs(X)2328 4066 -y Fn(0)2400 4051 y Fu(=)2508 3984 y Fg(F)2577 4051 y -Fs(Y)753 4218 y Ft(\022)930 4152 y Fg(F)999 4218 y Ft(f)f -Fs(f)1132 4233 y Fn(1)1204 4218 y Fs(X)49 b Ft(j)32 b -Fs(X)49 b Ft(2)33 b Fs(Y)52 b Ft(g)100 b Fu(b)s(ecause)34 -b Fs(X)2328 4233 y Fn(0)2400 4218 y Ft(2)f Fs(Y)0 4424 -y Fu(Using)41 b(that)h Fs(f)555 4439 y Fn(1)636 4424 -y Fu(is)f(monotone)g(w)m(e)i(get)f(from)e(Lemma)h(4.30)g(that)2559 -4358 y Fg(F)2628 4424 y Ft(f)h Fs(f)2771 4439 y Fn(1)2852 -4424 y Fs(X)58 b Ft(j)41 b Fs(X)58 b Ft(2)42 b Fs(Y)62 -b Ft(g)0 4545 y(\022)36 b Fs(f)163 4560 y Fn(1)238 4545 -y Fu(\()276 4478 y Fg(F)345 4545 y Fs(Y)20 b Fu(\).)35 -b(It)g(follo)m(ws)f(that)h Fs(f)1233 4560 y Fn(1)1307 -4545 y Fu(is)g(con)m(tin)m(uous.)52 b(Also,)35 b Fs(f)2243 -4560 y Fn(1)2317 4545 y Fu(is)g(a)g(strict)f(function)h(b)s(ecause)0 -4665 y Fs(f)51 4680 y Fn(1)123 4665 y Ft(;)d Fu(=)h Ft(;)o -Fu(.)146 4786 y(The)j(function)f Fs(f)56 b Fu(of)35 b(Example)f(4.31)h -(is)g Fs(not)44 b Fu(a)35 b(con)m(tin)m(uous)h(function)e(b)s(ecause)j -(there)f(is)0 4907 y(a)c(c)m(hain)h(for)f(whic)m(h)h(it)e(do)s(es)i -(not)g(preserv)m(e)i(the)e(least)f(upp)s(er)h(b)s(ound.)790 -b Fh(2)0 5140 y Fw(Exercise)36 b(4.33)49 b Fu(Sho)m(w)34 -b(that)e(the)h(functional)e Fs(F)1863 5104 y Fi(0)1919 -5140 y Fu(of)h(Example)g(4.1)g(is)g(con)m(tin)m(uous.)226 -b Fh(2)0 5374 y Fw(Exercise)36 b(4.34)49 b Fu(Assume)33 -b(that)e(\()p Fs(D)9 b Fu(,)31 b Ft(v)q Fu(\))g(and)h(\()p -Fs(D)1898 5338 y Fi(0)1921 5374 y Fu(,)g Ft(v)2057 5338 -y Fi(0)2081 5374 y Fu(\))f(are)h(ccp)s(o's)g(and)g(that)f -Fs(f)21 b Fu(:)43 b Fs(D)d Ft(!)31 b Fs(D)3449 5338 y -Fi(0)0 5494 y Fu(satis\014es)p eop -%%Page: 104 114 -104 113 bop 251 130 a Fw(104)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 527 449 a Fg(F)597 -479 y Fi(0)620 515 y Ft(f)c Fs(f)54 b(d)42 b Ft(j)32 -b Fs(d)43 b Ft(2)q Fs(Y)52 b Ft(g)32 b Fu(=)g Fs(f)21 -b Fu(\()1501 449 y Fg(F)1570 515 y Fs(Y)f Fu(\))283 721 -y(for)32 b(all)f Fs(non-empty)h Fu(c)m(hains)h Fs(Y)52 -b Fu(of)32 b Fs(D)9 b Fu(.)33 b(Sho)m(w)g(that)f Fs(f)54 -b Fu(is)32 b(monotone.)863 b Fh(2)430 953 y Fu(W)-8 b(e)33 -b(can)h(extend)h(the)e(result)g(of)g(Lemma)f(4.29)h(to)g(sho)m(w)h -(that)f(the)h(comp)s(osition)c(of)j(t)m(w)m(o)283 1074 -y(con)m(tin)m(uous)h(functions)e(will)f(also)g(b)s(e)i(con)m(tin)m -(uous:)p 283 1195 3473 5 v 283 1372 a Fw(Lemma)38 b(4.35)49 -b Fu(Let)38 b(\()p Fs(D)9 b Fu(,)38 b Ft(v)p Fu(\),)h(\()p -Fs(D)1597 1336 y Fi(0)1621 1372 y Fu(,)g Ft(v)1764 1336 -y Fi(0)1788 1372 y Fu(\))e(and)i(\()p Fs(D)2180 1336 -y Fi(00)2222 1372 y Fu(,)g Ft(v)2366 1336 y Fi(00)2408 -1372 y Fu(\))f(b)s(e)g(ccp)s(o's)h(and)f(let)f Fs(f)21 -b Fu(:)54 b Fs(D)47 b Ft(!)38 b Fs(D)3733 1336 y Fi(0)283 -1493 y Fu(and)d Fs(f)526 1456 y Fi(0)550 1493 y Fu(:)43 -b Fs(D)703 1456 y Fi(0)759 1493 y Ft(!)32 b Fs(D)974 -1456 y Fi(00)1051 1493 y Fu(b)s(e)j(con)m(tin)m(uous)g(functions.)50 -b(Then)36 b Fs(f)2449 1456 y Fi(0)2505 1493 y Ft(\016)c -Fs(f)21 b Fu(:)44 b Fs(D)d Ft(!)32 b Fs(D)3039 1456 y -Fi(00)3116 1493 y Fu(is)j(a)f(con)m(tin)m(uous)283 1613 -y(function.)p 283 1733 V 283 1939 a Fw(Pro)s(of:)48 b -Fu(F)-8 b(rom)40 b(Lemma)h(4.29)g(w)m(e)h(get)g(that)g -Fs(f)2067 1903 y Fi(0)2132 1939 y Ft(\016)g Fs(f)62 b -Fu(is)42 b(monotone.)70 b(T)-8 b(o)41 b(pro)m(v)m(e)i(that)f(it)e(is) -283 2060 y(con)m(tin)m(uous)34 b(let)e Fs(Y)52 b Fu(b)s(e)33 -b(a)f(non-empt)m(y)h(c)m(hain)f(in)g Fs(D)9 b Fu(.)33 -b(The)g(con)m(tin)m(uit)m(y)g(of)f Fs(f)53 b Fu(giv)m(es)527 -2199 y Fg(F)597 2230 y Fi(0)620 2266 y Ft(f)32 b Fs(f)54 -b(d)42 b Ft(j)32 b Fs(d)43 b Ft(2)33 b Fs(Y)52 b Ft(g)33 -b Fu(=)f Fs(f)53 b Fu(\()1566 2199 y Fg(F)1636 2266 y -Fs(Y)19 b Fu(\))283 2472 y(Since)36 b Ft(f)e Fs(f)56 -b(d)46 b Ft(j)34 b Fs(d)45 b Ft(2)36 b Fs(Y)54 b Ft(g)35 -b Fu(is)g(a)g(\(non-empt)m(y\))g(c)m(hain)g(in)f Fs(D)2487 -2436 y Fi(0)2545 2472 y Fu(w)m(e)i(can)g(use)g(the)f(con)m(tin)m(uit)m -(y)g(of)283 2592 y Fs(f)334 2556 y Fi(0)390 2592 y Fu(and)e(get)527 -2732 y Fg(F)597 2762 y Fi(00)639 2798 y Ft(f)f Fs(f)772 -2762 y Fi(0)828 2798 y Fs(d)888 2762 y Fi(0)944 2798 -y Ft(j)g Fs(d)1064 2762 y Fi(0)1120 2798 y Ft(2)h(f)f -Fs(f)54 b(d)42 b Ft(j)33 b Fs(d)42 b Ft(2)33 b Fs(Y)52 -b Ft(g)33 b(g)f Fu(=)h Fs(f)2177 2762 y Fi(0)2233 2798 -y Fu(\()2271 2732 y Fg(F)2340 2762 y Fi(0)2364 2798 y -Ft(f)f Fs(f)53 b(d)43 b Ft(j)32 b Fs(d)43 b Ft(2)33 b -Fs(Y)52 b Ft(g)p Fu(\))283 3004 y(whic)m(h)34 b(is)e(equiv)-5 -b(alen)m(t)32 b(to)527 3144 y Fg(F)597 3174 y Fi(00)639 -3210 y Ft(f)g Fs(f)772 3174 y Fi(0)828 3210 y Fu(\()p -Fs(f)53 b(d)10 b Fu(\))33 b Ft(j)f Fs(d)43 b Ft(2)33 -b Fs(Y)52 b Ft(g)32 b Fu(=)h Fs(f)1698 3174 y Fi(0)1753 -3210 y Fu(\()p Fs(f)54 b Fu(\()1913 3144 y Fg(F)1982 -3210 y Fs(Y)20 b Fu(\)\))283 3416 y(This)33 b(pro)m(v)m(es)i(the)e -(result.)2439 b Fh(2)283 3732 y Fw(Exercise)37 b(4.36)49 -b Fu(Pro)m(v)m(e)34 b(that)e(if)g Fs(f)53 b Fu(and)33 -b Fs(f)1875 3696 y Fi(0)1930 3732 y Fu(are)g(strict)f(functions)h(then) -g(so)g(is)f Fs(f)3260 3696 y Fi(0)3316 3732 y Ft(\016)g -Fs(f)21 b Fu(.)205 b Fh(2)430 3964 y Fu(W)-8 b(e)33 b(can)g(no)m(w)g -(de\014ne)h(the)f(required)g(\014xed)g(p)s(oin)m(t)f(op)s(erator)g -(FIX:)p 283 4085 V 283 4262 a Fw(Theorem)38 b(4.37)49 -b Fu(Let)29 b Fs(f)21 b Fu(:)42 b Fs(D)d Ft(!)29 b Fs(D)38 -b Fu(b)s(e)30 b(a)f(con)m(tin)m(uous)h(function)g(on)f(the)h(ccp)s(o)g -(\()p Fs(D)9 b Fu(,)29 b Ft(v)q Fu(\))g(with)283 4382 -y(least)k(elemen)m(t)f Ft(?)q Fu(.)43 b(Then)527 4588 -y(FIX)33 b Fs(f)53 b Fu(=)924 4522 y Fg(F)993 4588 y -Ft(f)32 b Fs(f)1126 4552 y Fn(n)1202 4588 y Ft(?)h(j)f -Fu(n)p Ft(\025)q Fu(0)g Ft(g)283 4794 y Fu(de\014nes)j(an)d(elemen)m(t) -h(of)f Fs(D)41 b Fu(and)33 b(this)f(elemen)m(t)h(is)f(the)h(least)f -(\014xed)i(p)s(oin)m(t)d(of)h Fs(f)21 b Fu(.)p 283 4915 -V 283 5121 a(Here)34 b(w)m(e)f(ha)m(v)m(e)h(used)g(that)527 -5327 y Fs(f)578 5291 y Fn(0)650 5327 y Fu(=)f(id,)f(and)527 -5494 y Fs(f)578 5458 y Fn(n+1)744 5494 y Fu(=)h Fs(f)53 -b Ft(\016)32 b Fs(f)1069 5458 y Fn(n)1145 5494 y Fu(for)g(n)p -Ft(\025)q Fu(0)p eop -%%Page: 105 115 -105 114 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2127 -b(105)p 0 193 3473 4 v 0 515 a(Pro)s(of:)33 b Fu(W)-8 -b(e)28 b(\014rst)h(sho)m(w)h(the)f Fs(wel)5 b(l-de\014ne)-5 -b(dness)34 b Fu(of)28 b(FIX)g Fs(f)21 b Fu(.)42 b(Note)29 -b(that)f Fs(f)2724 479 y Fn(0)2792 515 y Ft(?)h Fu(=)f -Ft(?)h Fu(and)g(that)0 636 y Ft(?)k(v)g Fs(d)43 b Fu(for)32 -b(all)e Fs(d)43 b Ft(2)33 b Fs(D)9 b Fu(.)32 b(By)h(induction)f(on)h(n) -f(one)h(ma)m(y)f(sho)m(w)i(that)244 801 y Fs(f)295 765 -y Fn(n)371 801 y Ft(?)f(v)g Fs(f)642 765 y Fn(n)717 801 -y Fs(d)0 966 y Fu(for)i(all)f Fs(d)46 b Ft(2)36 b Fs(D)45 -b Fu(since)36 b Fs(f)56 b Fu(is)36 b(monotone.)52 b(It)36 -b(follo)m(ws)e(that)i Fs(f)2233 930 y Fn(n)2312 966 y -Ft(?)g(v)g Fs(f)2589 930 y Fn(m)2688 966 y Ft(?)g Fu(whenev)m(er)i(n)p -Ft(\024)q Fu(m.)0 1086 y(Hence)33 b Ft(f)f Fs(f)422 1050 -y Fn(n)497 1086 y Ft(?)h(j)e Fu(n)p Ft(\025)q Fu(0)h -Ft(g)g Fu(is)f(a)h(\(non-empt)m(y\))g(c)m(hain)g(in)f -Fs(D)41 b Fu(and)32 b(FIX)g Fs(f)53 b Fu(exists)33 b(b)s(ecause)g -Fs(D)41 b Fu(is)0 1207 y(a)32 b(ccp)s(o.)146 1327 y(W)-8 -b(e)44 b(next)f(sho)m(w)h(that)f(FIX)g Fs(f)63 b Fu(is)43 -b(a)f Fs(\014xe)-5 b(d)44 b(p)-5 b(oint)p Fu(,)45 b(that)d(is)h -Fs(f)63 b Fu(\(FIX)43 b Fs(f)21 b Fu(\))43 b(=)f(FIX)33 -b Fs(f)21 b Fu(.)74 b(W)-8 b(e)0 1448 y(calculate:)294 -1585 y Fs(f)53 b Fu(\(FIX)33 b Fs(f)20 b Fu(\))100 b(=)g -Fs(f)53 b Fu(\()1105 1518 y Fg(F)1174 1585 y Ft(f)32 -b Fs(f)1307 1549 y Fn(n)1383 1585 y Ft(?)h(j)f Fu(n)p -Ft(\025)q Fu(0)g Ft(g)p Fu(\))325 b(\(de\014nition)31 -b(of)h(FIX)h Fs(f)21 b Fu(\))808 1752 y(=)984 1686 y -Fg(F)1053 1752 y Ft(f)32 b Fs(f)21 b Fu(\()p Fs(f)1275 -1716 y Fn(n)1351 1752 y Ft(?)p Fu(\))33 b Ft(j)f Fu(n)p -Ft(\025)q Fu(0)g Ft(g)357 b Fu(\(con)m(tin)m(uit)m(y)32 -b(of)h Fs(f)21 b Fu(\))808 1920 y(=)984 1854 y Fg(F)1053 -1920 y Ft(f)32 b Fs(f)1186 1884 y Fn(n)1262 1920 y Ft(?)h(j)f -Fu(n)p Ft(\025)q Fu(1)g Ft(g)808 2088 y Fu(=)984 2021 -y Fg(F)1053 2088 y Fu(\()p Ft(f)g Fs(f)1224 2052 y Fn(n)1300 -2088 y Ft(?)h(j)f Fu(n)p Ft(\025)q Fu(1)g Ft(g)g([)h(f?)q(g)p -Fu(\))99 b(\()2217 2021 y Fg(F)2286 2088 y Fu(\()p Fs(Y)52 -b Ft([)33 b(f?g)p Fu(\))g(=)2903 2021 y Fg(F)2972 2088 -y Fs(Y)2179 2255 y Fu(for)f(all)e(c)m(hains)j Fs(Y)20 -b Fu(\))808 2423 y(=)984 2357 y Fg(F)1053 2423 y Ft(f)32 -b Fs(f)1186 2387 y Fn(n)1262 2423 y Ft(?)h(j)f Fu(n)p -Ft(\025)q Fu(0)g Ft(g)484 b Fu(\()p Fs(f)2268 2387 y -Fn(0)2340 2423 y Ft(?)33 b Fu(=)f Ft(?)q Fu(\))808 2591 -y(=)100 b(FIX)32 b Fs(f)961 b Fu(\(de\014nition)31 b(of)h(FIX)h -Fs(f)21 b Fu(\))146 2749 y(T)-8 b(o)39 b(see)h(that)e(FIX)h -Fs(f)60 b Fu(is)38 b(the)h Fs(le)-5 b(ast)48 b Fu(\014xed)40 -b(p)s(oin)m(t)e(assume)h(that)g Fs(d)49 b Fu(is)38 b(some)g(other)h -(\014xed)0 2869 y(p)s(oin)m(t.)i(Clearly)28 b Ft(?)h(v)g -Fs(d)39 b Fu(so)29 b(the)g(monotonicit)m(y)e(of)h Fs(f)50 -b Fu(giv)m(es)29 b Fs(f)2267 2833 y Fn(n)2339 2869 y -Ft(?)g(v)g Fs(f)2602 2833 y Fn(n)2678 2869 y Fs(d)39 -b Fu(for)28 b(n)p Ft(\025)q Fu(0)g(and)h(as)g Fs(d)0 -2990 y Fu(w)m(as)34 b(a)f(\014xed)i(p)s(oin)m(t)d(w)m(e)j(obtain)d -Fs(f)1262 2953 y Fn(n)1339 2990 y Ft(?)h(v)h Fs(d)44 -b Fu(for)33 b(all)e(n)p Ft(\025)q Fu(0.)45 b(Hence)35 -b Fs(d)43 b Fu(is)33 b(an)g(upp)s(er)h(b)s(ound)g(of)0 -3110 y(the)g(c)m(hain)g Ft(f)f Fs(f)561 3074 y Fn(n)637 -3110 y Ft(?)g(j)g Fu(n)p Ft(\025)p Fu(0)f Ft(g)i Fu(and)g(using)g(that) -g(FIX)e Fs(f)55 b Fu(is)33 b(the)i(least)e(upp)s(er)i(b)s(ound)f(w)m(e) -h(ha)m(v)m(e)0 3230 y(FIX)d Fs(f)54 b Ft(v)33 b Fs(d)10 -b Fu(.)2913 b Fh(2)0 3491 y Fw(Example)37 b(4.38)49 b -Fu(Consider)33 b(the)g(function)f Fs(F)1745 3455 y Fi(0)1800 -3491 y Fu(of)g(Example)h(4.1:)244 3737 y(\()p Fs(F)359 -3701 y Fi(0)415 3737 y Fs(g)9 b Fu(\))32 b Fs(s)40 b -Fu(=)728 3563 y Fg(8)728 3638 y(<)728 3787 y(:)843 3653 -y Fs(g)h(s)91 b Fu(if)32 b Fs(s)40 b Fr(x)33 b Ft(6)p -Fu(=)f Fw(0)843 3820 y Fs(s)177 b Fu(if)32 b Fs(s)40 -b Fr(x)33 b Fu(=)f Fw(0)0 3984 y Fu(W)-8 b(e)32 b(shall)e(determine)i -(its)f(least)g(\014xed)i(p)s(oin)m(t)d(using)i(the)g(approac)m(h)g(of)f -(Theorem)h(4.37.)42 b(The)0 4105 y(least)32 b(elemen)m(t)h -Ft(?)g Fu(of)g Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)g -Fu(is)g(giv)m(en)f(b)m(y)i(Lemma)e(4.13)g(and)h(has)g -Ft(?)g Fs(s)41 b Fu(=)33 b(undef)p 3237 4118 236 4 v -0 4225 a(for)f(all)f Fs(s)8 b Fu(.)43 b(W)-8 b(e)33 b(then)g(determine) -f(the)h(elemen)m(ts)g(of)f(the)h(set)h Ft(f)e Fs(F)2406 -4189 y Fi(0)p Fn(n)2501 4225 y Ft(?)h(j)f Fu(n)p Ft(\025)q -Fu(0)g Ft(g)h Fu(as)f(follo)m(ws:)294 4387 y(\()p Fs(F)409 -4351 y Fi(0)p Fn(0)500 4387 y Ft(?)p Fu(\))h Fs(s)107 -b Fu(=)100 b(\(id)32 b Ft(?)p Fu(\))h Fs(s)663 b Fu(\(de\014nition)32 -b(of)g Fs(F)2634 4351 y Fi(0)p Fn(0)2725 4387 y Ft(?)p -Fu(\))795 4578 y(=)100 b(undef)p 971 4591 V 768 w(\(de\014nition)32 -b(of)g(id)g(and)g Ft(?)q Fu(\))294 4770 y(\()p Fs(F)409 -4733 y Fi(0)p Fn(1)500 4770 y Ft(?)p Fu(\))h Fs(s)107 -b Fu(=)100 b(\()p Fs(F)1086 4733 y Fi(0)1142 4770 y Ft(?)p -Fu(\))33 b Fs(s)644 b Fu(\(de\014nition)32 b(of)g Fs(F)2634 -4733 y Fi(0)p Fn(1)2725 4770 y Ft(?)p Fu(\))795 5051 -y(=)971 4877 y Fg(8)971 4951 y(<)971 5101 y(:)1086 4966 -y Ft(?)h Fs(s)91 b Fu(if)32 b Fs(s)40 b Fr(x)33 b Ft(6)p -Fu(=)f Fw(0)1086 5134 y Fs(s)201 b Fu(if)32 b Fs(s)40 -b Fr(x)33 b Fu(=)f Fw(0)1974 5051 y Fu(\(de\014nition)g(of)g -Fs(F)2634 5015 y Fi(0)2690 5051 y Ft(?)p Fu(\))795 5403 -y(=)971 5229 y Fg(8)971 5304 y(<)971 5453 y(:)1086 5319 -y Fu(undef)p 1086 5332 V 84 w(if)f Fs(s)41 b Fr(x)33 -b Ft(6)p Fu(=)f Fw(0)1086 5486 y Fs(s)279 b Fu(if)31 -b Fs(s)41 b Fr(x)33 b Fu(=)f Fw(0)1974 5403 y Fu(\(de\014nition)g(of)g -Ft(?)p Fu(\))p eop -%%Page: 106 116 -106 115 bop 251 130 a Fw(106)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 577 500 a Fu(\()p Fs(F)692 -464 y Fi(0)p Fn(2)783 500 y Ft(?)q Fu(\))c Fs(s)108 b -Fu(=)99 b Fs(F)1331 464 y Fi(0)1387 500 y Fu(\()p Fs(F)1502 -464 y Fi(0)p Fn(1)1593 500 y Ft(?)q Fu(\))32 b Fs(s)643 -b Fu(\(de\014nition)31 b(of)i Fs(F)3084 464 y Fi(0)p -Fn(2)3175 500 y Ft(?)p Fu(\))1079 781 y(=)1254 607 y -Fg(8)1254 682 y(<)1254 831 y(:)1370 697 y Fu(\()p Fs(F)1485 -661 y Fi(0)p Fn(1)1576 697 y Ft(?)p Fu(\))g Fs(s)91 b -Fu(if)31 b Fs(s)41 b Fr(x)32 b Ft(6)p Fu(=)h Fw(0)1370 -864 y Fs(s)445 b Fu(if)31 b Fs(s)41 b Fr(x)32 b Fu(=)h -Fw(0)2424 781 y Fu(\(de\014nition)e(of)i Fs(F)3084 745 -y Fi(0)3107 781 y Fu(\))1079 1134 y(=)1254 959 y Fg(8)1254 -1034 y(<)1254 1183 y(:)1370 1049 y Fu(undef)p 1370 1062 -236 4 v 83 w(if)f Fs(s)40 b Fr(x)33 b Ft(6)p Fu(=)g Fw(0)1370 -1217 y Fs(s)278 b Fu(if)32 b Fs(s)40 b Fr(x)33 b Fu(=)g -Fw(0)2424 1134 y Fu(\(de\014nition)e(of)i Fs(F)3084 1097 -y Fi(0)p Fn(1)3175 1134 y Ft(?)p Fu(\))765 1318 y(.)765 -1351 y(.)765 1384 y(.)283 1580 y(In)g(general)f(w)m(e)i(ha)m(v)m(e)g -Fs(F)1187 1544 y Fi(0)p Fn(n)1282 1580 y Ft(?)f Fu(=)f -Fs(F)1577 1544 y Fi(0)p Fn(n+1)1762 1580 y Ft(?)h Fu(for)f(n)h -Fo(>)g Fu(0.)43 b(Therefore)527 1707 y Fg(F)597 1774 -y Ft(f)32 b Fs(F)756 1737 y Fi(0)p Fn(n)851 1774 y Ft(?)h(j)f -Fu(n)p Ft(\025)q Fu(0)g Ft(g)g Fu(=)1425 1707 y Fg(F)1526 -1774 y Ft(f)p Fs(F)1653 1737 y Fi(0)p Fn(0)1744 1774 -y Ft(?)q Fu(,)g Fs(F)1958 1737 y Fi(0)p Fn(1)2049 1774 -y Ft(?)q(g)g Fu(=)h Fs(F)2395 1737 y Fi(0)p Fn(1)2486 -1774 y Ft(?)283 1967 y Fu(b)s(ecause)h Fs(F)721 1931 -y Fi(0)p Fn(0)812 1967 y Ft(?)f Fu(=)g Ft(?)p Fu(.)44 -b(Th)m(us)34 b(the)f(least)f(\014xed)i(p)s(oin)m(t)e(of)g -Fs(F)2501 1931 y Fi(0)2556 1967 y Fu(will)f(b)s(e)h(the)h(function)552 -2216 y Fs(g)606 2231 y Fn(1)678 2216 y Fs(s)40 b Fu(=)867 -2042 y Fg(8)867 2116 y(<)867 2266 y(:)982 2131 y Fu(undef)p -982 2144 V 84 w(if)31 b Fs(s)41 b Fr(x)33 b Ft(6)p Fu(=)f -Fw(0)982 2299 y Fs(s)279 b Fu(if)31 b Fs(s)41 b Fr(x)33 -b Fu(=)f Fw(0)3681 2216 y Fh(2)283 2512 y Fw(Exercise)37 -b(4.39)49 b Fu(Redo)39 b(Exercise)h(4.15)e(using)h(the)g(approac)m(h)g -(of)g(Theorem)g(4.37,)h(that)e(is)283 2633 y(deduce)d(the)e(general)f -(form)g(of)g(the)h(iterands,)g Fs(F)2102 2597 y Fn(n)2178 -2633 y Ft(?)p Fu(,)g(for)g(the)g(functional,)e Fs(F)13 -b Fu(,)33 b(of)f(Exercises)283 2753 y(4.2)h(and)f(4.3.)2899 -b Fh(2)283 2968 y Fw(Exercise)37 b(4.40)49 b(\(Essen)m(tial\))36 -b Fu(Let)j Fs(f)20 b Fu(:)56 b Fs(D)47 b Ft(!)38 b Fs(D)47 -b Fu(b)s(e)39 b(a)f(con)m(tin)m(uous)h(function)f(on)g(a)h(ccp)s(o)283 -3088 y(\()p Fs(D)9 b Fu(,)33 b Ft(v)p Fu(\))g(and)g(let)f -Fs(d)10 b Ft(2)p Fs(D)42 b Fu(satisfy)32 b Fs(f)54 b(d)42 -b Ft(v)33 b Fs(d)10 b Fu(.)44 b(Sho)m(w)33 b(that)g(FIX)f -Fs(f)54 b Ft(v)33 b Fs(d)10 b Fu(.)821 b Fh(2)430 3303 -y Fu(The)38 b(table)f(b)s(elo)m(w)g(summarizes)g(the)h(dev)m(elopmen)m -(t)g(w)m(e)h(ha)m(v)m(e)g(p)s(erformed)e(in)g(order)g(to)283 -3424 y(demonstrate)c(the)g(existence)h(of)e(least)h(\014xed)g(p)s(oin)m -(ts:)p 283 3573 3470 4 v 283 3589 V 281 3797 4 208 v -298 3797 V 1541 3718 a Fw(Fixed)g(P)m(oin)m(t)d(Theory)p -3735 3797 V 3752 3797 V 283 3800 3470 4 v 281 4049 4 -249 v 298 4049 V 350 3966 a Fu(1:)143 b(W)-8 b(e)33 b(restrict)f -(ourselv)m(es)i(to)e Fs(chain)i(c)-5 b(omplete)34 b(p)-5 -b(artial)5 b(ly)35 b(or)-5 b(der)g(e)g(d)34 b(sets)41 -b Fu(|)32 b(ccp)s(o's.)p 3735 4049 V 3752 4049 V 281 -4217 4 168 v 298 4217 V 350 4133 a(2:)143 b(W)-8 b(e)33 -b(restrict)f(ourselv)m(es)i(to)e Fs(c)-5 b(ontinuous)35 -b(functions)40 b Fu(on)33 b(ccp)s(o's.)p 3735 4217 V -3752 4217 V 281 4505 4 289 v 298 4505 V 350 4301 a(3:)143 -b(W)-8 b(e)26 b(sho)m(w)h(that)f(con)m(tin)m(uous)g(functions)g(on)g -(ccp)s(o's)h(alw)m(a)m(ys)f(ha)m(v)m(e)i Fs(le)-5 b(ast)28 -b(\014xe)-5 b(d)28 b(p)-5 b(oints)569 4421 y Fu(\(Theorem)33 -b(4.37\).)p 3735 4505 V 3752 4505 V 283 4508 3470 4 v -283 4525 V 283 4702 a Fw(Exercise)k(4.41)49 b Fu(*)32 -b(Let)h(\()p Fs(D)9 b Fu(,)32 b Ft(v)q Fu(\))g(b)s(e)h(a)f(ccp)s(o)h -(and)g(de\014ne)h(\()p Fs(D)9 b Ft(!)o Fs(D)g Fu(,)p -Ft(v)2878 4666 y Fi(0)2901 4702 y Fu(\))33 b(b)m(y)g(setting)527 -4895 y Fs(f)578 4910 y Fn(1)650 4895 y Ft(v)728 4859 -y Fi(0)784 4895 y Fs(f)834 4910 y Fn(2)906 4895 y Fu(if)f(and)g(only)h -(if)e Fs(f)1540 4910 y Fn(1)1612 4895 y Fs(d)43 b Ft(v)33 -b Fs(f)1865 4910 y Fn(2)1937 4895 y Fs(d)43 b Fu(for)32 -b(all)f Fs(d)42 b Ft(2)33 b Fs(D)283 5089 y Fu(Sho)m(w)h(that)e(\()p -Fs(D)9 b Ft(!)p Fs(D)g Fu(,)p Ft(v)1160 5052 y Fi(0)1184 -5089 y Fu(\))32 b(is)g(a)h(ccp)s(o)f(and)h(that)f(FIX)h(is)f(\\con)m -(tin)m(uous")h(in)f(the)h(sense)h(that)527 5282 y(FIX)f(\()770 -5215 y Fg(F)839 5246 y Fi(0)895 5282 y Ft(F)9 b Fu(\))33 -b(=)1155 5215 y Fg(F)1224 5282 y Ft(f)g Fu(FIX)f Fs(f)54 -b Ft(j)32 b Fs(f)53 b Ft(2)33 b(F)42 b(g)283 5475 y Fu(holds)33 -b(for)f(all)e(non-empt)m(y)j(c)m(hains)g Ft(F)42 b(\022)33 -b Fs(D)9 b Ft(!)p Fs(D)41 b Fu(of)32 b(con)m(tin)m(uous)h(functions.) -538 b Fh(2)p eop -%%Page: 107 117 -107 116 bop 0 130 a Fw(4.3)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:) -50 b(existence)1444 b(107)p 0 193 3473 4 v 0 515 a(Exercise)36 -b(4.42)49 b Fu(**)34 b(\(F)-8 b(or)34 b(mathematicians\))e(Giv)m(en)j -(a)f(ccp)s(o)h(\()p Fs(D)9 b Fu(,)35 b Ft(v)p Fu(\))g(w)m(e)h(de\014ne) -g(an)e Fs(op)-5 b(en)0 636 y(set)42 b Fu(of)32 b Fs(D)42 -b Fu(to)32 b(b)s(e)h(a)f(subset)i Fs(Y)52 b Fu(of)32 -b Fs(D)42 b Fu(satisfying)70 849 y(\(1\))49 b(if)31 b -Fs(d)393 864 y Fn(1)433 849 y Ft(2)p Fs(Y)52 b Fu(and)33 -b Fs(d)873 864 y Fn(1)945 849 y Ft(v)g Fs(d)1115 864 -y Fn(2)1187 849 y Fu(then)h Fs(d)1470 864 y Fn(2)1509 -849 y Ft(2)q Fs(Y)19 b Fu(,)33 b(and)70 1063 y(\(2\))49 -b(if)30 b Fs(Y)424 1027 y Fi(0)479 1063 y Fu(is)h(a)h(non-empt)m(y)g(c) -m(hain)f(satisfying)1834 997 y Fg(F)1903 1063 y Fs(Y)1995 -1027 y Fi(0)2050 1063 y Ft(2)h Fs(Y)52 b Fu(then)32 b(there)g(exists)h -(an)f(elemen)m(t)244 1184 y Fs(d)43 b Fu(of)32 b Fs(Y)539 -1147 y Fi(0)595 1184 y Fu(whic)m(h)h(also)f(is)g(an)g(elemen)m(t)h(of)f -Fs(Y)20 b Fu(.)0 1397 y(The)36 b(set)f(of)g(op)s(en)f(sets)i(of)f -Fs(D)43 b Fu(is)35 b(denoted)h Ft(O)1686 1412 y Fc(D)1750 -1397 y Fu(.)50 b(Sho)m(w)35 b(that)g(this)f(is)h(indeed)g(a)f -Fs(top)-5 b(olo)g(gy)43 b Fu(on)0 1518 y Fs(D)9 b Fu(,)33 -b(that)f(is)g(sho)m(w)i(that)145 1731 y Ft(\017)49 b(;)32 -b Fu(and)h Fs(D)41 b Fu(are)33 b(mem)m(b)s(ers)f(of)g -Ft(O)1400 1746 y Fc(D)1464 1731 y Fu(,)g(and)145 1945 -y Ft(\017)49 b Fu(the)33 b(in)m(tersection)f(of)g(t)m(w)m(o)i(op)s(en)e -(sets)i(is)e(an)h(op)s(en)g(set,)g(and)145 2159 y Ft(\017)49 -b Fu(the)33 b(union)f(of)g(an)m(y)h(collection)e(of)h(op)s(en)h(sets)g -(is)f(an)h(op)s(en)g(set.)0 2372 y(Let)c(\()p Fs(D)9 -b Fu(,)28 b Ft(v)q Fu(\))g(and)g(\()p Fs(D)797 2336 y -Fi(0)821 2372 y Fu(,)h Ft(v)955 2336 y Fi(0)978 2372 -y Fu(\))f(b)s(e)h(ccp)s(o's.)43 b(A)28 b(function)g Fs(f)21 -b Fu(:)p Fs(D)9 b Ft(!)p Fs(D)2323 2336 y Fi(0)2375 2372 -y Fu(is)28 b Fs(top)-5 b(olo)g(gic)g(al)5 b(ly-c)-5 b(ontinuous)0 -2493 y Fu(if)31 b(and)i(only)f(if)g(the)h(function)f -Fs(f)1184 2457 y Fi(\000)p Fn(1)1278 2493 y Fu(:)43 b -Ft(P)9 b Fu(\()p Fs(D)1547 2457 y Fi(0)1570 2493 y Fu(\))33 -b Ft(!)f(P)8 b Fu(\()p Fs(D)h Fu(\))33 b(de\014ned)h(b)m(y)244 -2706 y Fs(f)295 2670 y Fi(\000)p Fn(1)389 2706 y Fu(\()p -Fs(Y)519 2670 y Fi(0)542 2706 y Fu(\))e(=)h Ft(f)f Fs(d)43 -b Ft(2)33 b Fs(D)41 b Ft(j)32 b Fs(f)54 b(d)43 b Ft(2)33 -b Fs(Y)1537 2670 y Fi(0)1593 2706 y Ft(g)0 2920 y Fu(maps)24 -b(op)s(en)g(sets)h(to)e(op)s(en)h(sets,)j(that)d(is)f(sp)s(ecializes)g -(to)h Fs(f)2119 2884 y Fi(\000)p Fn(1)2213 2920 y Fu(:)39 -b Ft(O)2361 2935 y Fc(D)2421 2916 y Fa(0)2471 2920 y -Ft(!)24 b(O)2677 2935 y Fc(D)2741 2920 y Fu(.)40 b(Sho)m(w)25 -b(that)f Fs(f)44 b Fu(is)24 b(a)0 3041 y(con)m(tin)m(uous)h(function)f -(b)s(et)m(w)m(een)i Fs(D)33 b Fu(and)25 b Fs(D)1594 3004 -y Fi(0)1641 3041 y Fu(if)e(and)h(only)g(if)f(it)g(is)h(a)g(top)s -(ologically-con)m(tin)m(uous)0 3161 y(function)32 b(b)s(et)m(w)m(een)j -Fs(D)41 b Fu(and)33 b Fs(D)1147 3125 y Fi(0)1170 3161 -y Fu(.)2201 b Fh(2)0 3506 y Fj(4.3)161 b(Direct)53 b(st)l(yle)g(seman)l -(tics:)70 b(existence)0 3730 y Fu(W)-8 b(e)43 b(ha)m(v)m(e)h(no)m(w)g -(obtained)e(the)h(mathematical)d(foundations)i(needed)i(to)e(pro)m(v)m -(e)i(that)f(the)0 3850 y(seman)m(tic)33 b(clauses)h(of)f(T)-8 -b(able)33 b(4.1)g(do)h(indeed)f(de\014ne)i(a)e(function.)46 -b(So)33 b(consider)h(once)g(again)0 3970 y(the)f(clause)244 -4184 y Ft(S)312 4199 y Fn(ds)383 4184 y Fu([)-17 b([)p -Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17 -b(])33 b(=)f(FIX)h Fs(F)480 4352 y Fu(where)h Fs(F)45 -b(g)c Fu(=)33 b(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 -b Fu(])-17 b(])q(,)33 b Fs(g)41 b Ft(\016)32 b(S)1795 -4367 y Fn(ds)1866 4352 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(],)33 b(id\))0 4565 y(F)-8 b(or)43 b(this)g(to)h(mak)m(e)f(sense)j(w) -m(e)f(m)m(ust)e(sho)m(w)i(that)f Fs(F)56 b Fu(is)43 b(con)m(tin)m -(uous.)78 b(T)-8 b(o)44 b(do)f(so)h(w)m(e)h(\014rst)0 -4686 y(observ)m(e)34 b(that)244 4899 y Fs(F)45 b(g)c -Fu(=)33 b Fs(F)625 4914 y Fn(1)697 4899 y Fu(\()p Fs(F)812 -4914 y Fn(2)884 4899 y Fs(g)9 b Fu(\))0 5113 y(where)244 -5327 y Fs(F)321 5342 y Fn(1)393 5327 y Fs(g)41 b Fu(=)32 -b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 -b Fs(g)9 b Fu(,)32 b(id\))244 5494 y Fs(F)321 5509 y -Fn(2)393 5494 y Fs(g)41 b Fu(=)32 b Fs(g)41 b Ft(\016)33 -b(S)824 5509 y Fn(ds)895 5494 y Fu([)-17 b([)p Fs(S)12 -b Fu(])-17 b(])p eop -%%Page: 108 118 -108 117 bop 251 130 a Fw(108)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(Using)29 -b(Lemma)f(4.35)h(w)m(e)i(then)f(obtain)e(the)i(con)m(tin)m(uit)m(y)f -(of)g Fs(F)42 b Fu(b)m(y)31 b(sho)m(wing)e(that)g Fs(F)3384 -530 y Fn(1)3453 515 y Fu(and)g Fs(F)3716 530 y Fn(2)283 -636 y Fu(are)k(con)m(tin)m(uous.)44 b(W)-8 b(e)33 b(shall)e(\014rst)i -(pro)m(v)m(e)h(that)f Fs(F)2121 651 y Fn(1)2193 636 y -Fu(is)f(con)m(tin)m(uous:)p 283 756 3473 5 v 283 928 -a Fw(Lemma)38 b(4.43)49 b Fu(Let)32 b Fs(g)1157 943 y -Fn(0)1196 928 y Fu(:)44 b Fw(State)32 b Fo(,)-17 b Ft(!)33 -b Fw(State)p Fu(,)g Fs(p)6 b Fu(:)43 b Fw(State)33 b -Ft(!)f Fw(T)g Fu(and)h(de\014ne)527 1129 y Fs(F)46 b(g)41 -b Fu(=)32 b(cond\()p Fs(p)6 b Fu(,)33 b Fs(g)9 b Fu(,)32 -b Fs(g)1352 1144 y Fn(0)1391 1129 y Fu(\))283 1329 y(Then)i -Fs(F)46 b Fu(is)32 b(con)m(tin)m(uous.)p 283 1450 V 283 -1651 a Fw(Pro)s(of:)39 b Fu(W)-8 b(e)33 b(shall)f(\014rst)i(pro)m(v)m -(e)h(that)e Fs(F)46 b Fu(is)33 b Fs(monotone)7 b Fu(.)45 -b(So)33 b(assume)h(that)f Fs(g)3145 1666 y Fn(1)3217 -1651 y Ft(v)h Fs(g)3382 1666 y Fn(2)3454 1651 y Fu(and)g(w)m(e)283 -1771 y(shall)29 b(sho)m(w)i(that)f Fs(F)45 b(g)1120 1786 -y Fn(1)1192 1771 y Ft(v)33 b Fs(F)45 b(g)1465 1786 y -Fn(2)1504 1771 y Fu(.)e(It)30 b(su\016ces)i(to)e(consider)g(an)g -(arbitrary)f(state)i Fs(s)38 b Fu(and)30 b(sho)m(w)283 -1891 y(that)527 2092 y(\()p Fs(F)46 b(g)729 2107 y Fn(1)768 -2092 y Fu(\))32 b Fs(s)41 b Fu(=)32 b Fs(s)1075 2056 -y Fi(0)1131 2092 y Fu(implies)e(\()p Fs(F)46 b(g)1664 -2107 y Fn(2)1703 2092 y Fu(\))32 b Fs(s)41 b Fu(=)32 -b Fs(s)2010 2056 y Fi(0)283 2293 y Fu(If)i Fs(p)40 b(s)i -Fu(=)34 b Fw(tt)f Fu(then)i(\()p Fs(F)47 b(g)1212 2308 -y Fn(1)1251 2293 y Fu(\))34 b Fs(s)42 b Fu(=)33 b Fs(g)1568 -2308 y Fn(1)1641 2293 y Fs(s)42 b Fu(and)34 b(from)f -Fs(g)2200 2308 y Fn(1)2273 2293 y Ft(v)h Fs(g)2438 2308 -y Fn(2)2511 2293 y Fu(w)m(e)h(get)f(that)g Fs(g)3087 -2308 y Fn(1)3160 2293 y Fs(s)42 b Fu(=)34 b Fs(s)3400 -2257 y Fi(0)3457 2293 y Fu(implies)283 2413 y Fs(g)337 -2428 y Fn(2)411 2413 y Fs(s)42 b Fu(=)34 b Fs(s)651 2377 -y Fi(0)674 2413 y Fu(.)48 b(Since)34 b(\()p Fs(F)47 b(g)1208 -2428 y Fn(2)1247 2413 y Fu(\))34 b Fs(s)42 b Fu(=)34 -b Fs(g)1565 2428 y Fn(2)1638 2413 y Fs(s)42 b Fu(w)m(e)35 -b(ha)m(v)m(e)h(pro)m(v)m(ed)f(the)g(result.)48 b(So)34 -b(consider)g(the)h(case)283 2534 y(where)30 b Fs(p)35 -b(s)i Fu(=)28 b Fw(\013)p Fu(.)43 b(Then)30 b(\()p Fs(F)41 -b(g)1410 2549 y Fn(1)1449 2534 y Fu(\))29 b Fs(s)37 b -Fu(=)28 b Fs(g)1751 2549 y Fn(0)1819 2534 y Fs(s)37 b -Fu(and)28 b(similarly)d(\()p Fs(F)46 b(g)2678 2549 y -Fn(2)2717 2534 y Fu(\))32 b Fs(s)37 b Fu(=)29 b Fs(g)3023 -2549 y Fn(0)3090 2534 y Fs(s)37 b Fu(and)29 b(the)g(result)283 -2654 y(is)k(immediate.)430 2775 y(T)-8 b(o)29 b(pro)m(v)m(e)h(that)f -Fs(F)42 b Fu(is)28 b Fs(c)-5 b(ontinuous)37 b Fu(let)29 -b Fs(Y)48 b Fu(b)s(e)30 b(a)e(non-empt)m(y)h(c)m(hain)g(in)g -Fw(State)j Fo(,)-17 b Ft(!)33 b Fw(State)p Fu(.)283 2895 -y(W)-8 b(e)33 b(m)m(ust)g(sho)m(w)h(that)527 3096 y Fs(F)46 -b Fu(\()675 3029 y Fg(F)744 3096 y Fs(Y)20 b Fu(\))32 -b Ft(v)1016 3029 y Fg(F)1085 3096 y Ft(f)h Fs(F)45 b(g)c -Ft(j)32 b Fs(g)9 b Ft(2)p Fs(Y)53 b Ft(g)283 3297 y Fu(since)32 -b Fs(F)43 b Fu(\()666 3230 y Fg(F)736 3297 y Fs(Y)19 -b Fu(\))31 b Ft(w)1004 3230 y Fg(F)1073 3297 y Ft(f)g -Fs(F)44 b(g)39 b Ft(j)30 b Fs(g)9 b Ft(2)p Fs(Y)51 b -Ft(g)30 b Fu(follo)m(ws)g(from)f(the)i(monotonicit)m(y)e(of)i -Fs(F)43 b Fu(\(see)32 b(Lemma)283 3417 y(4.30\).)43 b(Th)m(us)34 -b(w)m(e)g(ha)m(v)m(e)g(to)e(sho)m(w)i(that)527 3618 y(graph\()p -Fs(F)13 b Fu(\()924 3551 y Fg(F)993 3618 y Fs(Y)20 b -Fu(\)\))32 b Ft(\022)1303 3551 y Fg(S)1373 3618 y Ft(f)g -Fu(graph\()p Fs(F)45 b(g)9 b Fu(\))32 b Ft(j)g Fs(g)9 -b Ft(2)p Fs(Y)53 b Ft(g)283 3819 y Fu(using)26 b(the)h(c)m -(haracterization)e(of)h(least)g(upp)s(er)h(b)s(ounds)g(of)f(c)m(hains)g -(in)g Fw(State)g Fo(,)-17 b Ft(!)26 b Fw(State)h Fu(giv)m(en)283 -3939 y(in)h(Lemma)f(4.25.)42 b(So)28 b(assume)h(that)f(\()p -Fs(F)41 b Fu(\()1832 3872 y Fg(F)1901 3939 y Fs(Y)20 -b Fu(\)\))28 b Fs(s)37 b Fu(=)28 b Fs(s)2326 3903 y Fi(0)2377 -3939 y Fu(and)h(let)f(us)h(determine)f Fs(g)37 b Ft(2)28 -b Fs(Y)48 b Fu(suc)m(h)283 4059 y(that)30 b(\()p Fs(F)42 -b(g)9 b Fu(\))29 b Fs(s)37 b Fu(=)30 b Fs(s)988 4023 -y Fi(0)1011 4059 y Fu(.)42 b(If)30 b Fs(p)35 b(s)j Fu(=)29 -b Fw(\013)h Fu(w)m(e)g(ha)m(v)m(e)h Fs(F)45 b Fu(\()2047 -3993 y Fg(F)2117 4059 y Fs(Y)19 b Fu(\))33 b Fs(s)k Fu(=)29 -b Fs(g)2515 4074 y Fn(0)2587 4059 y Fs(s)37 b Fu(=)30 -b Fs(s)2818 4023 y Fi(0)2870 4059 y Fu(and)g(clearly)-8 -b(,)29 b(for)g(ev)m(ery)283 4180 y(elemen)m(t)k Fs(g)42 -b Fu(of)33 b(the)h(non-empt)m(y)f(set)h Fs(Y)53 b Fu(w)m(e)34 -b(ha)m(v)m(e)g(\()p Fs(F)46 b(g)9 b Fu(\))32 b Fs(s)41 -b Fu(=)33 b Fs(g)2663 4195 y Fn(0)2735 4180 y Fs(s)41 -b Fu(=)33 b Fs(s)2973 4144 y Fi(0)2996 4180 y Fu(.)46 -b(If)33 b Fs(p)39 b(s)i Fu(=)33 b Fw(tt)f Fu(then)283 -4300 y(w)m(e)i(get)f(\()p Fs(F)45 b Fu(\()775 4234 y -Fg(F)844 4300 y Fs(Y)20 b Fu(\)\))32 b Fs(s)41 b Fu(=)32 -b(\()1271 4234 y Fg(F)1340 4300 y Fs(Y)20 b Fu(\))33 -b Fs(s)40 b Fu(=)33 b Fs(s)1740 4264 y Fi(0)1795 4300 -y Fu(so)g Ft(h)p Fs(s)8 b Fu(,)33 b Fs(s)2110 4264 y -Fi(0)2133 4300 y Ft(i)f(2)h Fu(graph\()2585 4234 y Fg(F)2654 -4300 y Fs(Y)20 b Fu(\).)32 b(Since)527 4501 y(graph\()809 -4434 y Fg(F)878 4501 y Fs(Y)20 b Fu(\))32 b(=)1149 4434 -y Fg(S)1218 4501 y Ft(f)g Fu(graph\()p Fs(g)9 b Fu(\))32 -b Ft(j)g Fs(g)9 b Ft(2)p Fs(Y)53 b Ft(g)283 4702 y Fu(\(according)25 -b(to)f(Lemma)g(4.25\))g(w)m(e)i(therefore)f(ha)m(v)m(e)i -Fs(g)9 b Ft(2)p Fs(Y)44 b Fu(suc)m(h)26 b(that)f Fs(g)33 -b(s)g Fu(=)25 b Fs(s)3148 4665 y Fi(0)3196 4702 y Fu(and)g(it)f(follo)m -(ws)283 4822 y(that)33 b(\()p Fs(F)45 b(g)9 b Fu(\))32 -b Fs(s)41 b Fu(=)32 b Fs(s)1003 4786 y Fi(0)1027 4822 -y Fu(.)43 b(This)33 b(pro)m(v)m(es)h(the)f(result.)1626 -b Fh(2)283 5130 y Fw(Exercise)37 b(4.44)49 b(\(Essen)m(tial\))29 -b Fu(Pro)m(v)m(e)j(that)f(\(in)g(the)g(setting)g(of)g(Lemma)f(4.43\))g -Fs(F)44 b Fu(de\014ned)283 5250 y(b)m(y)38 b Fs(F)50 -b(g)c Fu(=)37 b(cond\()p Fs(p)6 b Fu(,)38 b Fs(g)1154 -5265 y Fn(0)1193 5250 y Fu(,)g Fs(g)9 b Fu(\))37 b(is)f(con)m(tin)m -(uous,)j(that)e(is)f(`cond')i(is)e(con)m(tin)m(uous)i(in)e(its)h -(second)283 5371 y(and)c(third)f(argumen)m(ts.)2495 b -Fh(2)p eop -%%Page: 109 119 -109 118 bop 0 130 a Fw(4.3)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:) -50 b(existence)1444 b(109)p 0 193 3473 4 v 0 515 3473 -5 v 0 683 a(Lemma)37 b(4.45)49 b Fu(Let)33 b Fs(g)874 -698 y Fn(0)913 683 y Fu(:)43 b Fw(State)33 b Fo(,)-17 -b Ft(!)33 b Fw(State)f Fu(and)h(de\014ne)244 880 y Fs(F)45 -b(g)c Fu(=)33 b Fs(g)41 b Ft(\016)32 b Fs(g)770 895 y -Fn(0)0 1077 y Fu(Then)i Fs(F)45 b Fu(is)32 b(con)m(tin)m(uous.)p -0 1198 V 0 1395 a Fw(Pro)s(of:)48 b Fu(W)-8 b(e)43 b(shall)d(\014rst)j -(pro)m(v)m(e)g(that)f Fs(F)55 b Fu(is)41 b(monotone.)71 -b(If)42 b Fs(g)2373 1410 y Fn(1)2454 1395 y Ft(v)h Fs(g)2628 -1410 y Fn(2)2709 1395 y Fu(then)f(graph\()p Fs(g)3276 -1410 y Fn(1)3315 1395 y Fu(\))g Ft(\022)0 1515 y Fu(graph\()p -Fs(g)336 1530 y Fn(2)375 1515 y Fu(\))32 b(according)g(to)g(Exercise)i -(4.8)f(so)f(that)244 1712 y(graph\()p Fs(g)580 1727 y -Fn(0)619 1712 y Fu(\))g Ft(\005)f Fu(graph\()p Fs(g)1107 -1727 y Fn(1)1146 1712 y Fu(\))i Ft(\022)g Fu(graph\()p -Fs(g)1663 1727 y Fn(0)1702 1712 y Fu(\))f Ft(\005)f Fu(graph\()p -Fs(g)2190 1727 y Fn(2)2229 1712 y Fu(\))0 1909 y(and)h(this)g(sho)m(ws) -i(that)e Fs(F)45 b(g)1033 1924 y Fn(1)1105 1909 y Ft(v)32 -b Fs(F)46 b(g)1378 1924 y Fn(2)1417 1909 y Fu(.)d(Next)33 -b(w)m(e)g(shall)e(pro)m(v)m(e)j(that)e Fs(F)45 b Fu(is)32 -b(con)m(tin)m(uous.)44 b(If)32 b Fs(Y)0 2029 y Fu(is)g(a)g(non-empt)m -(y)h(c)m(hain)g(then)244 2226 y(graph\()p Fs(F)13 b Fu(\()641 -2160 y Fg(F)710 2226 y Fs(Y)19 b Fu(\)\))33 b(=)f(graph\(\()1338 -2160 y Fg(F)1407 2226 y Fs(Y)20 b Fu(\))32 b Ft(\016)h -Fs(g)1706 2241 y Fn(0)1745 2226 y Fu(\))910 2394 y(=)f(graph\()p -Fs(g)1354 2409 y Fn(0)1393 2394 y Fu(\))h Ft(\005)e Fu(graph\()1828 -2328 y Fg(F)1897 2394 y Fs(Y)20 b Fu(\))910 2562 y(=)32 -b(graph\()p Fs(g)1354 2577 y Fn(0)1393 2562 y Fu(\))h -Ft(\005)1546 2495 y Fg(S)1615 2562 y Ft(f)p Fu(graph\()p -Fs(g)9 b Fu(\))32 b Ft(j)g Fs(g)9 b Ft(2)p Fs(Y)20 b -Ft(g)910 2729 y Fu(=)1018 2663 y Fg(S)1087 2729 y Ft(f)p -Fu(graph\()p Fs(g)1473 2744 y Fn(0)1512 2729 y Fu(\))33 -b Ft(\005)e Fu(graph\()p Fs(g)9 b Fu(\))32 b Ft(j)g Fs(g)9 -b Ft(2)p Fs(Y)20 b Ft(g)910 2897 y Fu(=)32 b(graph\()1300 -2830 y Fg(F)1369 2897 y Ft(f)p Fs(F)46 b(g)41 b Ft(j)32 -b Fs(g)9 b Ft(2)p Fs(Y)19 b Ft(g)p Fu(\))0 3094 y(where)34 -b(w)m(e)f(ha)m(v)m(e)h(used)g(Lemma)d(4.25)h(t)m(wice.)44 -b(Th)m(us)34 b Fs(F)46 b Fu(\()2112 3027 y Fg(F)2181 -3094 y Fs(Y)20 b Fu(\))32 b(=)2451 3027 y Fg(F)2521 3094 -y Ft(f)p Fs(F)45 b(g)c Ft(j)32 b Fs(g)9 b Ft(2)p Fu(Y)p -Ft(g)p Fu(.)302 b Fh(2)0 3397 y Fw(Exercise)36 b(4.46)49 -b(\(Essen)m(tial\))29 b Fu(Pro)m(v)m(e)k(that)e(\(in)f(the)i(setting)f -(of)g(Lemma)e(4.45\))i Fs(F)44 b Fu(de\014ned)0 3517 -y(b)m(y)33 b Fs(F)46 b(g)41 b Fu(=)32 b Fs(g)493 3532 -y Fn(0)565 3517 y Ft(\016)g Fs(g)41 b Fu(is)32 b(con)m(tin)m(uous,)i -(that)e(is)g Ft(\016)h Fu(is)f(con)m(tin)m(uous)h(in)f(b)s(oth)g -(argumen)m(ts.)260 b Fh(2)146 3737 y Fu(W)-8 b(e)26 b(ha)m(v)m(e)g(no)m -(w)g(established)f(the)h(results)f(needed)i(to)e(sho)m(w)h(that)f(the)h -(equations)f(of)g(T)-8 b(able)0 3857 y(4.1)32 b(de\014ne)i(a)e -(function)g Ft(S)970 3872 y Fn(ds)1041 3857 y Fu(:)p -0 3978 V 0 4145 a Fw(Prop)s(osition)k(4.47)49 b Fu(The)44 -b(seman)m(tic)e(equations)i(of)f(T)-8 b(able)42 b(4.1)h(de\014ne)h(a)f -(total)f(function)0 4266 y Ft(S)68 4281 y Fn(ds)172 4266 -y Fu(in)31 b Fw(Stm)h Ft(!)g Fu(\()p Fw(State)h Fo(,)-17 -b Ft(!)32 b Fw(State)p Fu(\).)p 0 4386 V 0 4583 a Fw(Pro)s(of:)37 -b Fu(The)d(pro)s(of)e(is)g(b)m(y)h(structural)f(induction)g(on)g(the)h -(statemen)m(t)h Fs(S)12 b Fu(.)0 4751 y Fw(The)24 b(case)g -Fs(x)36 b Fu(:=)23 b Fs(a)7 b Fu(:)40 b(Clearly)23 b(the)h(function)f -(that)g(maps)h(a)f(state)h Fs(s)32 b Fu(to)23 b(the)i(state)f -Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17 b([)p Fs(a)7 -b Fu(])-17 b(])q Fs(s)8 b Fu(])0 4871 y(is)32 b(w)m(ell-de\014ned.)0 -5039 y Fw(The)h(case)g Fr(skip)p Fu(:)45 b(Clearly)31 -b(the)i(function)f(id)g(is)g(w)m(ell-de\014ned.)0 5206 -y Fw(The)42 b(case)h Fs(S)542 5221 y Fn(1)582 5206 y -Fu(;)p Fs(S)676 5221 y Fn(2)715 5206 y Fu(:)63 b(The)43 -b(induction)e(h)m(yp)s(othesis)i(giv)m(es)g(that)f Ft(S)2486 -5221 y Fn(ds)2557 5206 y Fu([)-17 b([)p Fs(S)2661 5221 -y Fn(1)2701 5206 y Fu(])g(])42 b(and)h Ft(S)3048 5221 -y Fn(ds)3119 5206 y Fu([)-17 b([)p Fs(S)3223 5221 y Fn(2)3263 -5206 y Fu(])g(])42 b(are)0 5327 y(w)m(ell-de\014ned)33 -b(and)f(clearly)g(their)g(comp)s(osition)e(will)h(b)s(e)h(w)m -(ell-de\014ned.)0 5494 y Fw(The)42 b(case)f Fr(if)h Fs(b)47 -b Fr(then)c Fs(S)1023 5509 y Fn(1)1103 5494 y Fr(else)f -Fs(S)1416 5509 y Fn(2)1456 5494 y Fu(:)60 b(The)43 b(induction)d(h)m -(yp)s(othesis)i(giv)m(es)g(that)f Ft(S)3220 5509 y Fn(ds)3291 -5494 y Fu([)-17 b([)q Fs(S)3396 5509 y Fn(1)3435 5494 -y Fu(])g(])p eop -%%Page: 110 120 -110 119 bop 251 130 a Fw(110)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(and)41 -b Ft(S)549 530 y Fn(ds)620 515 y Fu([)-17 b([)q Fs(S)725 -530 y Fn(2)764 515 y Fu(])g(])41 b(are)g(w)m(ell-de\014ned)f(functions) -h(and)g(clearly)e(this)h(prop)s(ert)m(y)i(is)e(preserv)m(ed)j(b)m(y)283 -636 y(the)33 b(function)g(`cond'.)283 803 y Fw(The)24 -b(case)g Fr(while)g Fs(b)29 b Fr(do)24 b Fs(S)12 b Fu(:)23 -b(The)h(induction)e(h)m(yp)s(othesis)i(giv)m(es)g(that)f -Ft(S)2903 818 y Fn(ds)2974 803 y Fu([)-17 b([)p Fs(S)12 -b Fu(])-17 b(])24 b(is)f(w)m(ell-de\014ned.)283 924 y(The)34 -b(functions)f Fs(F)982 939 y Fn(1)1053 924 y Fu(and)g -Fs(F)1320 939 y Fn(2)1392 924 y Fu(de\014ned)h(b)m(y)527 -1121 y Fs(F)604 1136 y Fn(1)676 1121 y Fs(g)41 b Fu(=)33 -b(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 -b Fs(g)9 b Fu(,)33 b(id\))527 1288 y Fs(F)604 1303 y -Fn(2)676 1288 y Fs(g)41 b Fu(=)33 b Fs(g)41 b Ft(\016)32 -b(S)1107 1303 y Fn(ds)1178 1288 y Fu([)-17 b([)q Fs(S)12 -b Fu(])-17 b(])283 1485 y(are)34 b(con)m(tin)m(uous)h(according)e(to)h -(Lemmas)f(4.43)g(and)h(4.45.)47 b(Th)m(us)35 b(Lemma)e(4.35)g(giv)m(es) -h(that)283 1606 y Fs(F)47 b(g)c Fu(=)34 b Fs(F)669 1621 -y Fn(1)742 1606 y Fu(\()p Fs(F)857 1621 y Fn(2)931 1606 -y Fs(g)9 b Fu(\))33 b(is)h(con)m(tin)m(uous.)49 b(F)-8 -b(rom)32 b(Theorem)j(4.37)e(w)m(e)i(then)g(ha)m(v)m(e)g(that)f(FIX)g -Fs(F)47 b Fu(is)283 1726 y(w)m(ell-de\014ned)37 b(and)g(thereb)m(y)i -(that)d Ft(S)1655 1741 y Fn(ds)1726 1726 y Fu([)-17 b([)q -Fr(while)38 b Fs(b)k Fr(do)c Fs(S)12 b Fu(])-17 b(])37 -b(is)f(w)m(ell-de\014ned.)56 b(This)37 b(completes)283 -1846 y(the)c(pro)s(of.)2980 b Fh(2)283 2149 y Fw(Example)37 -b(4.48)49 b Fu(Consider)33 b(the)g(denotational)e(seman)m(tics)h(of)g -(the)h(factorial)e(statemen)m(t:)527 2346 y Ft(S)595 -2361 y Fn(ds)666 2346 y Fu([)-17 b([)q Fr(y)33 b Fu(:=)f -Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p -Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p -Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p -Fr(1)p Fu(\)])-17 b(])283 2543 y(W)-8 b(e)29 b(shall)d(b)s(e)i(in)m -(terested)h(in)e(applying)g(this)g(function)h(to)f(a)h(state)g -Fs(s)2780 2558 y Fn(0)2848 2543 y Fu(where)h Fr(x)f Fu(has)g(the)g(v)-5 -b(alue)283 2663 y Fw(3)p Fu(.)44 b(T)-8 b(o)33 b(do)f(that)g(w)m(e)i -(shall)d(\014rst)i(apply)g(the)g(clauses)g(of)f(T)-8 -b(able)32 b(4.1)g(and)h(w)m(e)h(then)f(get)f(that)527 -2860 y Ft(S)595 2875 y Fn(ds)666 2860 y Fu([)-17 b([)q -Fr(y)33 b Fu(:=)f Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p -Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p -Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p -Fr(1)p Fu(\)])-17 b(])35 b Fs(s)2705 2875 y Fn(0)764 -3028 y Fu(=)d(\(FIX)g Fs(F)13 b Fu(\))33 b Fs(s)1310 -3043 y Fn(0)1349 3028 y Fu([)p Fr(y)p Ft(7!)p Fw(1)p -Fu(])283 3225 y(where)527 3484 y Fs(F)46 b(g)41 b(s)g -Fu(=)912 3310 y Fg(8)912 3384 y(<)912 3534 y(:)1027 3399 -y Fs(g)g Fu(\()p Ft(S)1219 3414 y Fn(ds)1290 3399 y Fu([)-17 -b([)q Fr(y)p Fu(:=)33 b Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p -Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(])-17 b(])34 b Fs(s)8 -b Fu(\))83 b(if)31 b Ft(B)t Fu([)-17 b([)p Ft(:)q Fu(\()p -Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])33 b Fs(s)41 b Fu(=)32 -b Fw(tt)1027 3567 y Fs(s)1232 b Fu(if)31 b Ft(B)t Fu([)-17 -b([)p Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])33 -b Fs(s)41 b Fu(=)32 b Fw(\013)283 3763 y Fu(or,)h(equiv)-5 -b(alen)m(tly)d(,)527 4041 y Fs(F)46 b(g)41 b(s)g Fu(=)912 -3867 y Fg(8)912 3942 y(<)912 4091 y(:)1027 3957 y Fs(g)g -Fu(\()p Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fu(\()p Fs(s)41 -b Fr(y)p Fu(\))p Fo(?)p Fu(\()p Fs(s)f Fr(x)p Fu(\)][)p -Fr(x)p Ft(7!)q Fu(\()p Fs(s)g Fr(x)p Fu(\))p Ft(\000)p -Fw(1)p Fu(]\))84 b(if)31 b Fs(s)41 b Fr(x)33 b Ft(6)p -Fu(=)f Fw(1)1027 4124 y Fs(s)1469 b Fu(if)31 b Fs(s)41 -b Fr(x)33 b Fu(=)f Fw(1)283 4320 y Fu(W)-8 b(e)34 b(can)g(no)m(w)g -(calculate)f(the)g(v)-5 b(arious)33 b(functions)h Fs(F)2246 -4284 y Fn(n)2322 4320 y Ft(?)g Fu(used)h(in)e(the)g(de\014nition)g(of)g -(FIX)g Fs(F)283 4440 y Fu(in)f(Theorem)h(4.37:)527 4637 -y(\()p Fs(F)642 4601 y Fn(0)714 4637 y Ft(?)q Fu(\))f -Fs(s)41 b Fu(=)32 b(undef)p 1051 4650 236 4 v 527 4892 -a(\()p Fs(F)642 4856 y Fn(1)714 4892 y Ft(?)q Fu(\))g -Fs(s)41 b Fu(=)1051 4718 y Fg(8)1051 4792 y(<)1051 4942 -y(:)1166 4807 y Fu(undef)p 1166 4820 V 84 w(if)32 b Fs(s)40 -b Fr(x)33 b Ft(6)p Fu(=)f Fw(1)1166 4975 y Fs(s)279 b -Fu(if)32 b Fs(s)40 b Fr(x)33 b Fu(=)f Fw(1)527 5325 y -Fu(\()p Fs(F)642 5289 y Fn(2)714 5325 y Ft(?)q Fu(\))g -Fs(s)41 b Fu(=)1051 5076 y Fg(8)1051 5150 y(>)1051 5175 -y(>)1051 5200 y(>)1051 5225 y(<)1051 5375 y(>)1051 5400 -y(>)1051 5424 y(>)1051 5449 y(:)1166 5156 y Fu(undef)p -1166 5169 V 675 w(if)32 b Fs(s)40 b Fr(x)33 b Ft(6)p -Fu(=)g Fw(1)f Fu(and)h Fs(s)40 b Fr(x)33 b Ft(6)p Fu(=)g -Fw(2)1166 5324 y Fs(s)8 b Fu([)p Fr(y)p Ft(7!)q Fu(\()p -Fs(s)40 b Fr(y)p Fu(\))p Fo(?)p Fw(2)p Fu(][)p Fr(x)p -Ft(7!)p Fw(1)p Fu(])83 b(if)32 b Fs(s)40 b Fr(x)33 b -Fu(=)g Fw(2)1166 5492 y Fs(s)870 b Fu(if)32 b Fs(s)40 -b Fr(x)33 b Fu(=)g Fw(1)p eop -%%Page: 111 121 -111 120 bop 0 130 a Fw(4.3)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:) -50 b(existence)1444 b(111)p 0 193 3473 4 v 0 515 a Fu(Th)m(us)32 -b(if)d Fr(x)h Fu(is)g Fw(1)g Fu(or)g Fw(2)g Fu(then)h(the)f -Fs(F)1260 479 y Fn(2)1330 515 y Ft(?)g Fu(will)e(giv)m(e)i(the)h -(correct)g(v)-5 b(alue)29 b(for)h Fr(y)g Fu(and)h(for)e(all)f(other)0 -636 y(v)-5 b(alues)27 b(of)g Fr(x)h Fu(the)g(result)f(is)g -(unde\014ned.)44 b(This)28 b(is)f(a)g(general)g(pattern:)41 -b(the)28 b(n)m(th)g Fs(iter)-5 b(and)37 b(F)3319 600 -y Fn(n)3395 636 y Ft(?)0 756 y Fu(will)d(determine)h(the)i(correct)g(v) --5 b(alue)35 b(if)g(it)g(can)h(b)s(e)g(computed)h(with)e -Fs(at)k(most)c Fu(n)i Fs(unfoldings)0 877 y Fu(of)i(the)h -Fr(while)p Fu(-lo)s(op)f(\(that)h(is)f(n)g(ev)-5 b(aluations)39 -b(of)g(the)h(b)s(o)s(olean)e(condition\).)63 b(The)41 -b(general)0 997 y(form)m(ula)31 b(is)269 1227 y(\()p -Fs(F)384 1191 y Fn(n)460 1227 y Ft(?)p Fu(\))h Fs(s)41 -b Fu(=)796 1052 y Fg(8)796 1127 y(<)796 1277 y(:)912 -1142 y Fu(undef)p 912 1155 236 4 v 989 w(if)31 b Fs(s)41 -b Fr(x)32 b Fo(<)h Fw(1)f Fu(or)h Fs(s)40 b Fr(x)33 b -Fo(>)f Fu(n)912 1310 y Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p -Fu(\()p Fs(s)40 b Fr(y)p Fu(\))p Fo(?)p Fs(j)14 b Ft(\001)j(\001)g -(\001)o Fo(?)p Fw(2)p Fo(?)o Fw(1)p Fu(][)p Fr(x)p Ft(7!)p -Fw(1)p Fu(])84 b(if)31 b Fs(s)41 b Fr(x)32 b Fu(=)h Fs(j)46 -b Fu(and)33 b Fw(1)p Ft(\024)q Fs(j)46 b Fu(and)33 b -Fs(j)14 b Ft(\024)q Fu(n)0 1476 y(W)-8 b(e)33 b(then)g(ha)m(v)m(e)244 -1793 y(\(FIX)f Fs(F)13 b Fu(\))33 b Fs(s)40 b Fu(=)823 -1619 y Fg(8)823 1694 y(<)823 1843 y(:)938 1709 y Fu(undef)p -938 1722 V 1007 w(if)31 b Fs(s)41 b Fr(x)33 b Fo(<)f -Fw(1)938 1876 y Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fu(\()p -Fs(s)41 b Fr(y)p Fu(\))p Fo(?)p Fs(n)7 b Ft(\001)17 b(\001)g(\001)n -Fo(?)p Fw(2)p Fo(?)p Fw(1)p Fu(][)p Fr(x)p Ft(7!)p Fw(1)p -Fu(])83 b(if)31 b Fs(s)41 b Fr(x)33 b Fu(=)f Fs(n)40 -b Fu(and)33 b Fs(n)7 b Ft(\025)p Fw(1)0 2130 y Fu(So)32 -b(in)f(the)i(state)f Fs(s)702 2145 y Fn(0)773 2130 y -Fu(where)i Fr(x)e Fu(has)g(the)h(v)-5 b(alue)31 b Fw(3)h -Fu(w)m(e)h(get)f(that)g(the)g(v)-5 b(alue)32 b(computed)g(b)m(y)h(the)0 -2250 y(factorial)d(statemen)m(t)j(is)244 2505 y(\(FIX)f -Fs(F)13 b Fu(\))33 b(\()p Fs(s)720 2520 y Fn(0)759 2505 -y Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(]\))g Fr(y)g Fu(=)f -Fw(1)h Fo(?)f Fw(3)g Fo(?)h Fw(2)f Fo(?)g Fw(1)h Fu(=)f -Fw(6)0 2760 y Fu(as)h(exp)s(ected.)2879 b Fh(2)0 3061 -y Fw(Exercise)36 b(4.49)49 b Fu(Consider)33 b(the)g(statemen)m(t)244 -3315 y Fr(z)p Fu(:=)p Fr(0)p Fu(;)g Fr(while)h(y)p Ft(\024)q -Fr(x)e(do)h Fu(\()p Fr(z)p Fu(:=)p Fr(z)p Fu(+)p Fr(1)p -Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(y)p Fu(\))0 -3570 y(and)f(p)s(erform)e(a)h(dev)m(elopmen)m(t)i(analogous)d(to)h -(that)h(of)f(Example)g(4.48.)694 b Fh(2)0 3871 y Fw(Exercise)36 -b(4.50)49 b Fu(Sho)m(w)30 b(that)f Ft(S)1220 3886 y Fn(ds)1292 -3871 y Fu([)-17 b([)p Fr(while)30 b(true)g(do)g(skip)p -Fu(])-17 b(])30 b(is)e(the)i(totally)d(unde\014ned)j(func-)0 -3991 y(tion)i Ft(?)p Fu(.)3093 b Fh(2)0 4292 y Fw(Exercise)36 -b(4.51)49 b Fu(Extend)42 b(the)f(language)e(with)h(the)h(statemen)m(t)g -Fr(repeat)34 b Fs(S)44 b Fr(until)34 b Fs(b)46 b Fu(and)0 -4412 y(giv)m(e)37 b(the)g(new)g(\(comp)s(ositional\))c(clause)k(for)f -Ft(S)1795 4427 y Fn(ds)1866 4412 y Fu(.)56 b(V)-8 b(alidate)34 -b(the)j(w)m(ell-de\014nedness)i(of)d(the)0 4532 y(extended)f(v)m -(ersion)e(of)f Ft(S)925 4547 y Fn(ds)996 4532 y Fu(.)2375 -b Fh(2)0 4833 y Fw(Exercise)36 b(4.52)49 b Fu(Extend)37 -b(the)e(language)f(with)g(the)h(statemen)m(t)g Fr(for)h -Fs(x)47 b Fu(:=)34 b Fs(a)2937 4848 y Fn(1)3012 4833 -y Fr(to)h Fs(a)3206 4848 y Fn(2)3280 4833 y Fr(do)h Fs(S)0 -4953 y Fu(and)f(giv)m(e)g(the)g(new)h(\(comp)s(ositional\))c(clause)j -(for)f Ft(S)1977 4968 y Fn(ds)2048 4953 y Fu(.)51 b(V)-8 -b(alidate)33 b(the)i(w)m(ell-de\014nedness)i(of)0 5074 -y(the)c(extended)i(v)m(ersion)e(of)f Ft(S)1093 5089 y -Fn(ds)1164 5074 y Fu(.)2207 b Fh(2)146 5374 y Fu(T)-8 -b(o)31 b(summarize,)f(the)h(w)m(ell-de\014nedness)h(of)e -Ft(S)1851 5389 y Fn(ds)1952 5374 y Fu(relies)g(on)g(the)h(follo)m(wing) -d(results)j(estab-)0 5494 y(lished)h(ab)s(o)m(v)m(e:)p -eop -%%Page: 112 122 -112 121 bop 251 130 a Fw(112)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 283 419 3470 4 v 283 -436 V 281 643 4 208 v 298 643 V 1371 564 a(Pro)s(of)c(Summary)h(for)f -(While)p Fu(:)p 3735 643 V 3752 643 V 281 851 V 298 851 -V 961 772 a Fw(W)-9 b(ell)p Fu(-)p Fw(de\014nedness)32 -b(of)h(Denotational)e(Seman)m(tics)p 3735 851 V 3752 -851 V 283 854 3470 4 v 281 1223 4 370 v 298 1223 V 350 -1020 a Fu(1:)143 b(The)34 b(set)g Fw(State)g Fo(,)-17 -b Ft(!)33 b Fw(State)g Fu(equipp)s(ed)h(with)f(an)h(appropriate)e -(order)i Ft(v)f Fu(is)g(a)g(ccp)s(o)569 1140 y(\(Lemmas)e(4.13)h(and)h -(4.25\).)p 3735 1223 V 3752 1223 V 281 1511 4 289 v 298 -1511 V 350 1308 a(2:)143 b(Certain)34 b(functions)g(\011:)47 -b(\()p Fw(State)34 b Fo(,)-17 b Ft(!)35 b Fw(State)p -Fu(\))f Ft(!)g Fu(\()p Fw(State)g Fo(,)-17 b Ft(!)35 -b Fw(State)p Fu(\))f(are)g(con)m(tin-)569 1428 y(uous)f(\(Lemmas)e -(4.43)h(and)h(4.45\).)p 3735 1511 V 3752 1511 V 281 1799 -V 298 1799 V 350 1596 a(3:)143 b(In)31 b(the)g(de\014nition)f(of)g -Ft(S)1464 1611 y Fn(ds)1566 1596 y Fu(w)m(e)i(only)e(apply)g(the)i -(\014xed)g(p)s(oin)m(t)e(op)s(eration)f(to)h(con)m(tin-)569 -1716 y(uous)j(functions)f(\(Prop)s(osition)f(4.47\).)p -3735 1799 V 3752 1799 V 283 1803 3470 4 v 283 1819 V -283 2069 a Fp(Prop)t(erties)46 b(of)f(the)h(seman)l(tics)283 -2260 y Fu(In)35 b(the)f(op)s(erational)d(seman)m(tics)j(w)m(e)h -(de\014ned)g(a)f(notion)f(of)g(t)m(w)m(o)h(statemen)m(ts)h(b)s(eing)e -(seman-)283 2380 y(tically)46 b(equiv)-5 b(alen)m(t.)87 -b(A)48 b(similar)c(notion)i(can)i(b)s(e)g(de\014ned)g(based)h(on)e(the) -h(denotational)283 2501 y(seman)m(tics:)c Fs(S)831 2516 -y Fn(1)903 2501 y Fu(and)33 b Fs(S)1160 2516 y Fn(2)1231 -2501 y Fu(are)g Fs(semantic)-5 b(al)5 b(ly)34 b(e)-5 -b(quivalent)41 b Fu(if)32 b(and)g(only)h(if)527 2720 -y Ft(S)595 2735 y Fn(ds)666 2720 y Fu([)-17 b([)q Fs(S)771 -2735 y Fn(1)810 2720 y Fu(])g(])33 b(=)g Ft(S)1056 2735 -y Fn(ds)1128 2720 y Fu([)-17 b([)p Fs(S)1232 2735 y Fn(2)1272 -2720 y Fu(])g(])283 2973 y Fw(Exercise)37 b(4.53)49 b -Fu(Sho)m(w)f(that)f(the)g(follo)m(wing)e(statemen)m(ts)j(of)f -Fw(While)e Fu(are)j(seman)m(tically)283 3093 y(equiv)-5 -b(alen)m(t)33 b(in)f(the)h(ab)s(o)m(v)m(e)g(sense:)429 -3312 y Ft(\017)48 b Fs(S)12 b Fu(;)p Fr(skip)34 b Fu(and)f -Fs(S)429 3531 y Ft(\017)48 b Fs(S)594 3546 y Fn(1)634 -3531 y Fu(;\()p Fs(S)766 3546 y Fn(2)805 3531 y Fu(;)p -Fs(S)899 3546 y Fn(3)938 3531 y Fu(\))33 b(and)f(\()p -Fs(S)1303 3546 y Fn(1)1343 3531 y Fu(;)p Fs(S)1437 3546 -y Fn(2)1476 3531 y Fu(\);)p Fs(S)1608 3546 y Fn(3)429 -3749 y Ft(\017)48 b Fr(while)34 b Fs(b)39 b Fr(do)33 -b Fs(S)44 b Fu(and)33 b Fr(if)g Fs(b)38 b Fr(then)c Fu(\()p -Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)k Fr(do)c Fs(S)12 -b Fu(\))32 b Fr(else)h(skip)651 b Fh(2)283 3999 y Fw(Exercise)37 -b(4.54)49 b Fu(*)29 b(Pro)m(v)m(e)h(that)f Fr(repeat)i -Fs(S)41 b Fr(until)30 b Fs(b)35 b Fu(and)29 b Fs(S)12 -b Fu(;)29 b Fr(while)h Ft(:)q Fs(b)35 b Fr(do)29 b Fs(S)41 -b Fu(are)29 b(seman-)283 4120 y(tically)i(equiv)-5 b(alen)m(t)33 -b(using)g(the)h(denotational)d(approac)m(h.)45 b(The)34 -b(seman)m(tics)g(of)e(the)i Fr(repeat)p Fu(-)283 4240 -y(construct)g(is)e(giv)m(en)h(in)f(Exercise)i(4.51.)1917 -b Fh(2)283 4592 y Fj(4.4)161 b(An)53 b(equiv)-9 b(alence)55 -b(result)283 4817 y Fu(Ha)m(ving)33 b(pro)s(duced)h(y)m(et)g(another)g -(seman)m(tics)f(of)f(the)i(language)e Fw(While)f Fu(w)m(e)k(shall)c(b)s -(e)j(in)m(ter-)283 4937 y(ested)d(in)e(its)f(relation)g(to)h(the)h(op)s -(erational)d(seman)m(tics)i(and)g(for)g(this)g(w)m(e)i(shall)d(fo)s -(cus)h(on)g(the)283 5058 y(structural)k(op)s(erational)d(seman)m(tics.) -p 283 5181 3473 5 v 283 5374 a Fw(Theorem)38 b(4.55)49 -b Fu(F)-8 b(or)31 b(ev)m(ery)k(statemen)m(t)e Fs(S)44 -b Fu(of)32 b Fw(While)f Fu(w)m(e)j(ha)m(v)m(e)g Ft(S)2863 -5389 y Fn(sos)2958 5374 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 -b(])33 b(=)g Ft(S)3308 5389 y Fn(ds)3380 5374 y Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q(.)p 283 5494 V eop -%%Page: 113 123 -113 122 bop 0 130 a Fw(4.4)112 b(An)38 b(equiv)-6 b(alence)37 -b(result)1991 b(113)p 0 193 3473 4 v 0 515 a Fu(Both)25 -b Ft(S)302 530 y Fn(ds)373 515 y Fu([)-17 b([)q Fs(S)12 -b Fu(])-17 b(])25 b(and)g Ft(S)790 530 y Fn(sos)885 515 -y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])25 b(are)g(functions)f(in)g -Fw(State)h Fo(,)-17 b Ft(!)24 b Fw(State)p Fu(,)j(that)d(is)g(they)i -(are)e(elemen)m(ts)0 636 y(of)40 b(a)h(partially)c(ordered)42 -b(set.)68 b(T)-8 b(o)41 b(pro)m(v)m(e)h(that)e(t)m(w)m(o)i(elemen)m(ts) -e Fs(d)2485 651 y Fn(1)2566 636 y Fu(and)g Fs(d)2823 -651 y Fn(2)2904 636 y Fu(of)g(a)g(partially)0 756 y(ordered)30 -b(set)g(are)g(equal)f(it)g(is)g(su\016cien)m(t)i(to)e(pro)m(v)m(e)i -(that)e Fs(d)2153 771 y Fn(1)2222 756 y Ft(v)h Fs(d)2389 -771 y Fn(2)2458 756 y Fu(and)g(that)f Fs(d)2913 771 y -Fn(2)2982 756 y Ft(v)h Fs(d)3149 771 y Fn(1)3188 756 -y Fu(.)43 b(Th)m(us)0 877 y(to)32 b(pro)m(v)m(e)i(Theorem)f(4.55)f(w)m -(e)i(shall)d(sho)m(w)i(that)145 1066 y Ft(\017)49 b(S)312 -1081 y Fn(sos)407 1066 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 -b(])33 b Ft(v)g(S)759 1081 y Fn(ds)830 1066 y Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(],)33 b(and)145 1264 y Ft(\017)49 -b(S)312 1279 y Fn(ds)383 1264 y Fu([)-17 b([)p Fs(S)12 -b Fu(])-17 b(])33 b Ft(v)g(S)735 1279 y Fn(sos)830 1264 -y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(].)0 1454 y(The)34 -b(\014rst)f(result)f(is)g(expressed)k(b)m(y)d(the)g(follo)m(wing)d -(lemma:)p 0 1574 3473 5 v 0 1734 a Fw(Lemma)37 b(4.56)49 -b Fu(F)-8 b(or)32 b(ev)m(ery)i(statemen)m(t)f Fs(S)45 -b Fu(of)32 b Fw(While)f Fu(w)m(e)i(ha)m(v)m(e)h Ft(S)2501 -1749 y Fn(sos)2596 1734 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])33 b Ft(v)g(S)2949 1749 y Fn(ds)3020 1734 y Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q(.)p 0 1854 V 0 2044 a -Fw(Pro)s(of:)37 b Fu(It)c(is)f(su\016cien)m(t)i(to)e(pro)m(v)m(e)i -(that)e(for)g(all)f(states)i Fs(s)41 b Fu(and)32 b Fs(s)2427 -2007 y Fi(0)269 2211 y Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8 -b Ft(i)32 b(\))653 2175 y Fi(\003)725 2211 y Fs(s)773 -2175 y Fi(0)829 2211 y Fu(implies)e Ft(S)1228 2226 y -Fn(ds)1299 2211 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q -Fs(s)40 b Fu(=)33 b Fs(s)1678 2175 y Fi(0)3348 2211 y -Fu(\(*\))0 2379 y(T)-8 b(o)33 b(do)f(so)h(w)m(e)g(shall)f(need)h(to)f -(establish)h(the)g(follo)m(wing)c(prop)s(ert)m(y)310 -2538 y Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))f -Fs(s)775 2502 y Fi(0)1109 2538 y Fu(implies)80 b Ft(S)1558 -2553 y Fn(ds)1629 2538 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])p Fs(s)41 b Fu(=)32 b Fs(s)2008 2502 y Fi(0)310 2706 -y Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))f(h)p -Fs(S)833 2670 y Fi(0)856 2706 y Fu(,)g Fs(s)963 2670 -y Fi(0)987 2706 y Ft(i)83 b Fu(implies)d Ft(S)1558 2721 -y Fn(ds)1629 2706 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])p Fs(s)41 b Fu(=)32 b Ft(S)2028 2721 y Fn(ds)2099 -2706 y Fu([)-17 b([)q Fs(S)2204 2670 y Fi(0)2227 2706 -y Fu(])g(])p Fs(s)2312 2670 y Fi(0)3299 2623 y Fu(\(**\))0 -2872 y(Assuming)39 b(that)g(\(**\))g(holds)h(the)g(pro)s(of)e(of)h -(\(*\))h(is)f(a)g(straigh)m(tforw)m(ard)g(induction)f(on)i(the)0 -2992 y(length)32 b(k)h(of)f(the)h(deriv)-5 b(ation)31 -b(sequence)k Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 -b(\))1908 2956 y Fn(k)1981 2992 y Fs(s)2029 2956 y Fi(0)2085 -2992 y Fu(\(see)i(Section)e(2.2\).)146 3113 y(W)-8 b(e)40 -b(no)m(w)g(turn)f(to)g(the)g(pro)s(of)g(of)f(\(**\))h(and)g(for)g(this) -g(w)m(e)h(shall)e(use)i(induction)e(on)h(the)0 3233 y(shap)s(e)33 -b(of)f(the)h(deriv)-5 b(ation)31 b(tree)i(for)f Ft(h)p -Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))g Fs(s)1820 -3197 y Fi(0)1876 3233 y Fu(or)g Ft(h)p Fs(S)12 b Fu(,)32 -b Fs(s)8 b Ft(i)33 b(\))f(h)p Fs(S)2518 3197 y Fi(0)2541 -3233 y Fu(,)g Fs(s)2648 3197 y Fi(0)2672 3233 y Ft(i)o -Fu(.)0 3401 y Fw(The)h(case)g Fu([ass)608 3416 y Fn(sos)704 -3401 y Fu(]:)44 b(W)-8 b(e)32 b(ha)m(v)m(e)244 3590 y -Ft(h)p Fs(x)44 b Fu(:=)32 b Fs(a)7 b Fu(,)33 b Fs(s)8 -b Ft(i)33 b(\))f Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17 -b([)q Fs(a)7 b Fu(])-17 b(])p Fs(s)8 b Fu(])0 3779 y(and)33 -b(since)g Ft(S)496 3794 y Fn(ds)568 3779 y Fu([)-17 b([)p -Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])q Fs(s)41 -b Fu(=)32 b Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 -b([)q Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])32 b(the)h(result)g(follo)m -(ws.)0 3947 y Fw(The)g(case)g Fu([skip)654 3962 y Fn(sos)749 -3947 y Fu(]:)44 b(Analogous.)0 4114 y Fw(The)33 b(case)g -Fu([comp)723 4078 y Fn(1)711 4139 y(sos)806 4114 y Fu(]:)43 -b(Assume)34 b(that)244 4304 y Ft(h)p Fs(S)350 4319 y -Fn(1)389 4304 y Fu(;)p Fs(S)483 4319 y Fn(2)522 4304 -y Fu(,)f Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)939 4268 y -Fi(0)939 4328 y Fn(1)978 4304 y Fu(;)p Fs(S)1072 4319 -y Fn(2)1112 4304 y Fu(,)g Fs(s)1219 4268 y Fi(0)1243 -4304 y Ft(i)0 4493 y Fu(b)s(ecause)39 b Ft(h)o Fs(S)471 -4508 y Fn(1)511 4493 y Fu(,)f Fs(s)8 b Ft(i)37 b(\))g(h)o -Fs(S)942 4457 y Fi(0)942 4517 y Fn(1)982 4493 y Fu(,)h -Fs(s)1095 4457 y Fi(0)1118 4493 y Ft(i)p Fu(.)57 b(Then)39 -b(the)e(induction)g(h)m(yp)s(othesis)h(applied)e(to)h(the)g(latter)0 -4613 y(transition)31 b(giv)m(es)i Ft(S)752 4628 y Fn(ds)823 -4613 y Fu([)-17 b([)q Fs(S)928 4628 y Fn(1)967 4613 y -Fu(])g(])p Fs(s)41 b Fu(=)32 b Ft(S)1261 4628 y Fn(ds)1332 -4613 y Fu([)-17 b([)q Fs(S)1437 4577 y Fi(0)1437 4638 -y Fn(1)1476 4613 y Fu(])g(])q Fs(s)1562 4577 y Fi(0)1618 -4613 y Fu(and)32 b(w)m(e)i(get)244 4802 y Ft(S)312 4817 -y Fn(ds)383 4802 y Fu([)-17 b([)p Fs(S)487 4817 y Fn(1)527 -4802 y Fu(;)p Fs(S)621 4817 y Fn(2)660 4802 y Fu(])g(])33 -b Fs(s)41 b Fu(=)32 b Ft(S)987 4817 y Fn(ds)1058 4802 -y Fu([)-17 b([)q Fs(S)1163 4817 y Fn(2)1202 4802 y Fu(])g(])q(\()p -Ft(S)1345 4817 y Fn(ds)1417 4802 y Fu([)g([)p Fs(S)1521 -4817 y Fn(1)1560 4802 y Fu(])g(])q Fs(s)8 b Fu(\))811 -4970 y(=)32 b Ft(S)987 4985 y Fn(ds)1058 4970 y Fu([)-17 -b([)q Fs(S)1163 4985 y Fn(2)1202 4970 y Fu(])g(])q(\()p -Ft(S)1345 4985 y Fn(ds)1417 4970 y Fu([)g([)p Fs(S)1521 -4934 y Fi(0)1521 4995 y Fn(1)1560 4970 y Fu(])g(])q Fs(s)1646 -4934 y Fi(0)1669 4970 y Fu(\))811 5138 y(=)32 b Ft(S)987 -5153 y Fn(ds)1058 5138 y Fu([)-17 b([)q Fs(S)1163 5102 -y Fi(0)1163 5162 y Fn(1)1202 5138 y Fu(;)p Fs(S)1296 -5153 y Fn(2)1335 5138 y Fu(])g(])q Fs(s)1421 5102 y Fi(0)0 -5327 y Fu(as)33 b(required.)0 5494 y Fw(The)g(case)g -Fu([comp)723 5458 y Fn(2)711 5519 y(sos)806 5494 y Fu(]:)43 -b(Assume)34 b(that)p eop -%%Page: 114 124 -114 123 bop 251 130 a Fw(114)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(h)p Fs(S)633 -530 y Fn(1)672 515 y Fu(;)p Fs(S)766 530 y Fn(2)806 515 -y Fu(,)c Fs(s)8 b Ft(i)33 b(\))f(h)p Fs(S)1223 530 y -Fn(2)1262 515 y Fu(,)g Fs(s)1369 479 y Fi(0)1393 515 -y Ft(i)283 747 y Fu(b)s(ecause)44 b Ft(h)p Fs(S)760 762 -y Fn(1)799 747 y Fu(,)g Fs(s)8 b Ft(i\))42 b Fs(s)1147 -711 y Fi(0)1170 747 y Fu(.)72 b(Then)43 b(the)f(induction)f(h)m(yp)s -(othesis)i(applied)e(to)h(that)f(transition)283 867 y(giv)m(es)33 -b Ft(S)590 882 y Fn(ds)661 867 y Fu([)-17 b([)q Fs(S)766 -882 y Fn(1)805 867 y Fu(])g(])q Fs(s)41 b Fu(=)32 b Fs(s)1080 -831 y Fi(0)1136 867 y Fu(and)g(w)m(e)i(get)527 1099 y -Ft(S)595 1114 y Fn(ds)666 1099 y Fu([)-17 b([)q Fs(S)771 -1114 y Fn(1)810 1099 y Fu(;)p Fs(S)904 1114 y Fn(2)944 -1099 y Fu(])g(])p Fs(s)41 b Fu(=)32 b Ft(S)1238 1114 -y Fn(ds)1309 1099 y Fu([)-17 b([)q Fs(S)1414 1114 y Fn(2)1453 -1099 y Fu(])g(])q(\()p Ft(S)1596 1114 y Fn(ds)1668 1099 -y Fu([)g([)p Fs(S)1772 1114 y Fn(1)1811 1099 y Fu(])g(])q -Fs(s)8 b Fu(\))32 b(=)h Ft(S)2144 1114 y Fn(ds)2215 1099 -y Fu([)-17 b([)p Fs(S)2319 1114 y Fn(2)2359 1099 y Fu(])g(])p -Fs(s)2444 1063 y Fi(0)283 1331 y Fu(where)40 b(the)g(\014rst)f(equalit) -m(y)f(comes)h(from)e(the)i(de\014nition)f(of)g Ft(S)2659 -1346 y Fn(ds)2769 1331 y Fu(and)h(w)m(e)g(just)h(argued)e(for)283 -1451 y(the)33 b(second)h(equalit)m(y)-8 b(.)43 b(This)33 -b(pro)m(v)m(es)h(the)f(result.)283 1619 y Fw(The)g(case)g -Fu([if)836 1582 y Fn(tt)824 1643 y(sos)919 1619 y Fu(]:)43 -b(Assume)34 b(that)527 1850 y Ft(h)p Fr(if)f Fs(b)39 -b Fr(then)33 b Fs(S)1089 1865 y Fn(1)1161 1850 y Fr(else)h -Fs(S)1466 1865 y Fn(2)1505 1850 y Fu(,)e Fs(s)8 b Ft(i)33 -b(\))f(h)p Fs(S)1922 1865 y Fn(1)1961 1850 y Fu(,)h Fs(s)8 -b Ft(i)283 2082 y Fu(b)s(ecause)34 b Ft(B)t Fu([)-17 -b([)p Fs(b)6 b Fu(])-17 b(])33 b Fs(s)41 b Fu(=)32 b -Fw(tt)p Fu(.)43 b(Then)552 2249 y Ft(S)620 2264 y Fn(ds)691 -2249 y Fu([)-17 b([)q Fr(if)33 b Fs(b)38 b Fr(then)c -Fs(S)1252 2264 y Fn(1)1324 2249 y Fr(else)f Fs(S)1628 -2264 y Fn(2)1667 2249 y Fu(])-17 b(])q Fs(s)41 b Fu(=)32 -b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 -b Ft(S)2455 2264 y Fn(ds)2526 2249 y Fu([)-17 b([)p Fs(S)2630 -2264 y Fn(1)2670 2249 y Fu(])g(],)33 b Ft(S)2835 2264 -y Fn(ds)2906 2249 y Fu([)-17 b([)p Fs(S)3010 2264 y Fn(2)3050 -2249 y Fu(])g(]\))p Fs(s)41 b Fu(=)32 b Ft(S)3382 2264 -y Fn(ds)3453 2249 y Fu([)-17 b([)q Fs(S)3558 2264 y Fn(1)3597 -2249 y Fu(])g(])q Fs(s)283 2417 y Fu(as)33 b(required.)283 -2585 y Fw(The)g(case)g Fu([if)836 2549 y Fn(\013)824 -2609 y(sos)919 2585 y Fu(]:)43 b(Analogous.)283 2752 -y Fw(The)33 b(case)g Fu([while)989 2767 y Fn(sos)1084 -2752 y Fu(]:)43 b(Assume)34 b(that)527 2984 y Ft(h)p -Fr(while)g Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 -b Ft(i)32 b(\))g(h)p Fr(if)h Fs(b)39 b Fr(then)33 b Fu(\()p -Fs(S)12 b Fu(;)33 b Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 -b Fu(\))32 b Fr(else)i(skip)p Fu(,)f Fs(s)8 b Ft(i)283 -3216 y Fu(F)-8 b(rom)41 b(the)i(de\014nition)f(of)g Ft(S)1359 -3231 y Fn(ds)1473 3216 y Fu(w)m(e)h(ha)m(v)m(e)h Ft(S)1929 -3231 y Fn(ds)2000 3216 y Fu([)-17 b([)q Fr(while)43 b -Fs(b)49 b Fr(do)42 b Fs(S)12 b Fu(])-17 b(])43 b(=)f(FIX)h -Fs(F)55 b Fu(where)44 b Fs(F)55 b(g)c Fu(=)283 3336 y(cond\()p -Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(g)41 -b Ft(\016)33 b(S)1012 3351 y Fn(ds)1084 3336 y Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\).)43 b(W)-8 -b(e)33 b(therefore)g(get)527 3568 y Ft(S)595 3583 y Fn(ds)666 -3568 y Fu([)-17 b([)q Fr(while)34 b Fs(b)k Fr(do)33 b -Fs(S)12 b Fu(])-17 b(])q(=)32 b(\(FIX)h Fs(F)13 b Fu(\))1316 -3735 y(=)32 b Fs(F)46 b Fu(\(FIX)32 b Fs(F)13 b Fu(\))1316 -3903 y(=)32 b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b -Fu(])-17 b(],)33 b Ft(S)1985 3918 y Fn(ds)2056 3903 y -Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 -b Fu(])-17 b(])33 b Ft(\016)f(S)2888 3918 y Fn(ds)2959 -3903 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 b(id\))1316 -4070 y(=)f(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(],)33 b Ft(S)1985 4085 y Fn(ds)2056 4070 y Fu([)-17 -b([)p Fs(S)12 b Fu(;)33 b Fr(while)h Fs(b)k Fr(do)33 -b Fs(S)12 b Fu(])-17 b(])q(,)32 b Ft(S)2959 4085 y Fn(ds)3030 -4070 y Fu([)-17 b([)q Fr(skip)p Fu(])g(])q(\))1316 4238 -y(=)32 b Ft(S)1492 4253 y Fn(ds)1563 4238 y Fu([)-17 -b([)q Fr(if)33 b Fs(b)38 b Fr(then)c Fu(\()p Fs(S)12 -b Fu(;)32 b Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\))33 -b Fr(else)g(skip)p Fu(])-17 b(])283 4470 y(as)33 b(required.)44 -b(This)33 b(completes)f(the)h(pro)s(of)f(of)g(\(**\).)1450 -b Fh(2)430 4679 y Fu(Note)39 b(that)g(\(*\))g(do)s(es)g -Fs(not)49 b Fu(imply)37 b(that)i Ft(S)2032 4694 y Fn(sos)2127 -4679 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])40 b(=)f -Ft(S)2491 4694 y Fn(ds)2562 4679 y Fu([)-17 b([)p Fs(S)12 -b Fu(])-17 b(])40 b(as)f(w)m(e)h(ha)m(v)m(e)h(only)d(pro)m(v)m(ed)283 -4799 y(that)26 b Fs(if)46 b Ft(S)662 4814 y Fn(sos)757 -4799 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])p Fs(s)33 -b Ft(6)p Fu(=)26 b(undef)p 1074 4812 236 4 v 26 w Fs(then)33 -b Ft(S)1617 4814 y Fn(sos)1713 4799 y Fu([)-17 b([)p -Fs(S)12 b Fu(])-17 b(])q Fs(s)33 b Fu(=)25 b Ft(S)2097 -4814 y Fn(ds)2168 4799 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])p Fs(s)8 b Fu(.)42 b(Still)23 b(there)j(is)f(the)h(p)s(ossibilit)m -(y)d(that)283 4919 y Ft(S)351 4934 y Fn(ds)422 4919 y -Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])28 b(ma)m(y)f(b)s(e)h(de\014ned)h -(for)e(more)f(argumen)m(ts)i(than)f Ft(S)2399 4934 y -Fn(sos)2494 4919 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(].)42 b(Ho)m(w)m(ev)m(er)30 b(this)d(is)g(ruled)g(out)283 -5040 y(b)m(y)34 b(the)f(follo)m(wing)d(lemma:)p 283 5166 -3473 5 v 283 5374 a Fw(Lemma)38 b(4.57)49 b Fu(F)-8 b(or)31 -b(ev)m(ery)k(statemen)m(t)e Fs(S)44 b Fu(of)32 b Fw(While)f -Fu(w)m(e)j(ha)m(v)m(e)g Ft(S)2785 5389 y Fn(ds)2856 5374 -y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])33 b Ft(v)g(S)3208 -5389 y Fn(sos)3303 5374 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(].)p 283 5494 V eop -%%Page: 115 125 -115 124 bop 0 130 a Fw(4.4)112 b(An)38 b(equiv)-6 b(alence)37 -b(result)1991 b(115)p 0 193 3473 4 v 0 515 a(Pro)s(of:)37 -b Fu(W)-8 b(e)33 b(pro)s(ceed)h(b)m(y)f(structural)f(induction)g(on)h -(the)g(statemen)m(t)g Fs(S)12 b Fu(.)0 683 y Fw(The)38 -b(case)g Fs(x)50 b Fu(:=)37 b Fs(a)7 b Fu(:)54 b(Clearly)37 -b Ft(S)1251 698 y Fn(ds)1322 683 y Fu([)-17 b([)q Fs(x)49 -b Fu(:=)38 b Fs(a)7 b Fu(])-17 b(])q Fs(s)46 b Fu(=)37 -b Ft(S)1957 698 y Fn(sos)2052 683 y Fu([)-17 b([)q Fs(x)49 -b Fu(:=)38 b Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(.)59 -b(Note)37 b(that)h(this)f(means)0 803 y(that)32 b Ft(S)279 -818 y Fn(sos)407 803 y Fu(satis\014es)h(the)g(clause)g(de\014ning)f -Ft(S)1658 818 y Fn(ds)1762 803 y Fu(in)g(T)-8 b(able)32 -b(4.1.)0 971 y Fw(The)h(case)g Fr(skip)p Fu(:)45 b(Clearly)31 -b Ft(S)1138 986 y Fn(ds)1209 971 y Fu([)-17 b([)q Fr(skip)p -Fu(])g(])r Fs(s)40 b Fu(=)32 b Ft(S)1746 986 y Fn(sos)1841 -971 y Fu([)-17 b([)q Fr(skip)p Fu(])g(])r Fs(s)8 b Fu(.)0 -1139 y Fw(The)28 b(case)h Fs(S)514 1154 y Fn(1)582 1139 -y Fu(;)g Fs(S)705 1154 y Fn(2)745 1139 y Fu(:)41 b(Recall)26 -b(that)i Ft(\016)g Fu(is)g(monotone)f(in)h(b)s(oth)g(argumen)m(ts)g -(\(Lemma)f(4.45)g(and)0 1259 y(Exercise)34 b(4.46\).)43 -b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)244 1456 y Ft(S)312 -1471 y Fn(ds)383 1456 y Fu([)-17 b([)p Fs(S)487 1471 -y Fn(1)559 1456 y Fu(;)33 b Fs(S)686 1471 y Fn(2)725 -1456 y Fu(])-17 b(])33 b(=)g Ft(S)971 1471 y Fn(ds)1043 -1456 y Fu([)-17 b([)p Fs(S)1147 1471 y Fn(2)1186 1456 -y Fu(])g(])34 b Ft(\016)e(S)1407 1471 y Fn(ds)1478 1456 -y Fu([)-17 b([)p Fs(S)1582 1471 y Fn(1)1622 1456 y Fu(])g(])795 -1623 y Ft(v)32 b(S)971 1638 y Fn(sos)1067 1623 y Fu([)-17 -b([)p Fs(S)1171 1638 y Fn(2)1210 1623 y Fu(])g(])33 b -Ft(\016)g(S)1431 1638 y Fn(sos)1526 1623 y Fu([)-17 b([)p -Fs(S)1630 1638 y Fn(1)1670 1623 y Fu(])g(])0 1820 y(b)s(ecause)39 -b(the)g(induction)e(h)m(yp)s(othesis)i(applied)e(to)h -Fs(S)2004 1835 y Fn(1)2081 1820 y Fu(and)g Fs(S)2343 -1835 y Fn(2)2421 1820 y Fu(giv)m(es)g Ft(S)2733 1835 -y Fn(ds)2804 1820 y Fu([)-17 b([)q Fs(S)2909 1835 y Fn(1)2948 -1820 y Fu(])g(])33 b Ft(v)g(S)3196 1835 y Fn(sos)3291 -1820 y Fu([)-17 b([)q Fs(S)3396 1835 y Fn(1)3435 1820 -y Fu(])g(])0 1940 y(and)44 b Ft(S)269 1955 y Fn(ds)340 -1940 y Fu([)-17 b([)q Fs(S)445 1955 y Fn(2)484 1940 y -Fu(])g(])33 b Ft(v)g(S)732 1955 y Fn(sos)827 1940 y Fu([)-17 -b([)p Fs(S)931 1955 y Fn(2)971 1940 y Fu(])g(].)78 b(F)-8 -b(urthermore,)46 b(Exercise)f(2.21)f(giv)m(es)g(that)g(if)f -Ft(h)o Fs(S)3011 1955 y Fn(1)3051 1940 y Fu(,)32 b Fs(s)8 -b Ft(i)32 b(\))3329 1904 y Fi(\003)3401 1940 y Fs(s)3449 -1904 y Fi(0)0 2060 y Fu(then)h Ft(h)p Fs(S)328 2075 y -Fn(1)400 2060 y Fu(;)f Fs(S)526 2075 y Fn(2)566 2060 -y Fu(,)g Fs(s)8 b Ft(i)33 b(\))844 2024 y Fi(\003)916 -2060 y Ft(h)p Fs(S)1022 2075 y Fn(2)1061 2060 y Fu(,)g -Fs(s)1169 2024 y Fi(0)1192 2060 y Ft(i)f Fu(and)h(hence)244 -2257 y Ft(S)312 2272 y Fn(sos)407 2257 y Fu([)-17 b([)p -Fs(S)511 2272 y Fn(2)551 2257 y Fu(])g(])33 b Ft(\016)f(S)771 -2272 y Fn(sos)866 2257 y Fu([)-17 b([)q Fs(S)971 2272 -y Fn(1)1010 2257 y Fu(])g(])33 b Ft(v)g(S)1258 2272 y -Fn(sos)1353 2257 y Fu([)-17 b([)p Fs(S)1457 2272 y Fn(1)1529 -2257 y Fu(;)33 b Fs(S)1656 2272 y Fn(2)1695 2257 y Fu(])-17 -b(])0 2453 y(and)38 b(this)f(pro)m(v)m(es)i(the)f(result.)58 -b(Note)38 b(that)f(in)g(this)g(case)h Ft(S)2243 2468 -y Fn(sos)2376 2453 y Fu(ful\014ls)e(a)h(w)m(eak)m(er)j(v)m(ersion)e(of) -0 2574 y(the)33 b(clause)g(de\014ning)f Ft(S)892 2589 -y Fn(ds)996 2574 y Fu(in)g(T)-8 b(able)32 b(4.1.)0 2741 -y Fw(The)d(case)h Fr(if)f Fs(b)35 b Fr(then)30 b Fs(S)961 -2756 y Fn(1)1030 2741 y Fr(else)g Fs(S)1331 2756 y Fn(2)1370 -2741 y Fu(:)42 b(Recall)27 b(that)i(`cond')g(is)g(monotone)f(in)g(its)h -(second)h(and)0 2862 y(third)i(argumen)m(t)g(\(Lemma)f(4.43)h(and)h -(Exercise)h(4.44\).)43 b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)244 -3058 y Ft(S)312 3073 y Fn(ds)383 3058 y Fu([)-17 b([)p -Fr(if)34 b Fs(b)k Fr(then)c Fs(S)944 3073 y Fn(1)1015 -3058 y Fr(else)g Fs(S)1320 3073 y Fn(2)1359 3058 y Fu(])-17 -b(])33 b(=)g(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 b -Fu(])-17 b(])q(,)32 b Ft(S)2098 3073 y Fn(ds)2169 3058 -y Fu([)-17 b([)q Fs(S)2274 3073 y Fn(1)2313 3058 y Fu(])g(])q(,)32 -b Ft(S)2478 3073 y Fn(ds)2549 3058 y Fu([)-17 b([)q Fs(S)2654 -3073 y Fn(2)2693 3058 y Fu(])g(])q(\))1429 3226 y Ft(v)32 -b Fu(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 -b(])q(,)32 b Ft(S)2098 3241 y Fn(sos)2193 3226 y Fu([)-17 -b([)q Fs(S)2298 3241 y Fn(1)2337 3226 y Fu(])g(])q(,)32 -b Ft(S)2502 3241 y Fn(sos)2597 3226 y Fu([)-17 b([)q -Fs(S)2702 3241 y Fn(2)2741 3226 y Fu(])g(])q(\))0 3422 -y(b)s(ecause)39 b(the)g(induction)e(h)m(yp)s(othesis)i(applied)e(to)h -Fs(S)2004 3437 y Fn(1)2081 3422 y Fu(and)g Fs(S)2343 -3437 y Fn(2)2421 3422 y Fu(giv)m(es)g Ft(S)2733 3437 -y Fn(ds)2804 3422 y Fu([)-17 b([)q Fs(S)2909 3437 y Fn(1)2948 -3422 y Fu(])g(])33 b Ft(v)g(S)3196 3437 y Fn(sos)3291 -3422 y Fu([)-17 b([)q Fs(S)3396 3437 y Fn(1)3435 3422 -y Fu(])g(])0 3543 y(and)33 b Ft(S)257 3558 y Fn(ds)329 -3543 y Fu([)-17 b([)p Fs(S)433 3558 y Fn(2)473 3543 y -Fu(])g(])33 b Ft(v)g(S)720 3558 y Fn(sos)816 3543 y Fu([)-17 -b([)p Fs(S)920 3558 y Fn(2)959 3543 y Fu(])g(])q(.)43 -b(F)-8 b(urthermore,)33 b(it)e(follo)m(ws)g(from)h([if)2405 -3507 y Fn(tt)2393 3568 y(sos)2487 3543 y Fu(])g(and)h([if)2833 -3507 y Fn(\013)2821 3568 y(sos)2915 3543 y Fu(])g(that)244 -3739 y Ft(S)312 3754 y Fn(sos)407 3739 y Fu([)-17 b([)p -Fr(if)33 b Fs(b)39 b Fr(then)33 b Fs(S)967 3754 y Fn(1)1039 -3739 y Fr(else)h Fs(S)1344 3754 y Fn(2)1383 3739 y Fu(])-17 -b(])q Fs(s)40 b Fu(=)33 b Ft(S)1677 3754 y Fn(sos)1773 -3739 y Fu([)-17 b([)p Fs(S)1877 3754 y Fn(1)1916 3739 -y Fu(])g(])q Fs(s)73 b Fu(if)32 b Ft(B)s Fu([)-17 b([)q -Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(tt)244 -3907 y Ft(S)312 3922 y Fn(sos)407 3907 y Fu([)-17 b([)p -Fr(if)33 b Fs(b)39 b Fr(then)33 b Fs(S)967 3922 y Fn(1)1039 -3907 y Fr(else)h Fs(S)1344 3922 y Fn(2)1383 3907 y Fu(])-17 -b(])q Fs(s)40 b Fu(=)33 b Ft(S)1677 3922 y Fn(sos)1773 -3907 y Fu([)-17 b([)p Fs(S)1877 3922 y Fn(2)1916 3907 -y Fu(])g(])q Fs(s)73 b Fu(if)32 b Ft(B)s Fu([)-17 b([)q -Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(\013)0 -4104 y Fu(so)h(that)244 4300 y(cond\()p Ft(B)t Fu([)-17 -b([)p Fs(b)6 b Fu(])-17 b(])q(,)33 b Ft(S)804 4315 y -Fn(sos)899 4300 y Fu([)-17 b([)q Fs(S)1004 4315 y Fn(1)1043 -4300 y Fu(])g(])q(,)32 b Ft(S)1208 4315 y Fn(sos)1303 -4300 y Fu([)-17 b([)q Fs(S)1408 4315 y Fn(2)1447 4300 -y Fu(])g(])q(\))32 b(=)h Ft(S)1731 4315 y Fn(sos)1827 -4300 y Fu([)-17 b([)p Fr(if)33 b Fs(b)39 b Fr(then)33 -b Fs(S)2387 4315 y Fn(1)2459 4300 y Fr(else)h Fs(S)2764 -4315 y Fn(2)2803 4300 y Fu(])-17 b(])0 4497 y(and)39 -b(this)g(pro)m(v)m(es)i(the)f(result.)63 b(Note)39 b(that)g(in)g(this)f -(case)i Ft(S)2263 4512 y Fn(sos)2397 4497 y Fu(ful\014ls)e(the)i -(clause)f(de\014ning)0 4617 y Ft(S)68 4632 y Fn(ds)172 -4617 y Fu(in)31 b(T)-8 b(able)33 b(4.1.)0 4785 y Fw(The)g(case)g -Fr(while)h Fs(b)k Fr(do)33 b Fs(S)12 b Fu(:)33 b(W)-8 -b(e)33 b(ha)m(v)m(e)244 4981 y Ft(S)312 4996 y Fn(ds)383 -4981 y Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 -b Fs(S)12 b Fu(])-17 b(])33 b(=)f(FIX)h Fs(F)0 5178 y -Fu(where)i Fs(F)47 b(g)42 b Fu(=)34 b(cond\()p Ft(B)t -Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)34 b Fs(g)42 -b Ft(\016)34 b(S)1323 5193 y Fn(ds)1395 5178 y Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q(,)34 b(id\))f(and)g(w)m(e)i(recall)e -(that)g Fs(F)47 b Fu(is)33 b(con)m(tin)m(uous.)48 b(It)34 -b(is)0 5298 y(su\016cien)m(t)g(to)e(pro)m(v)m(e)i(that)244 -5494 y Fs(F)13 b Fu(\()p Fs(S)426 5509 y Fn(sos)521 5494 -y Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 -b Fu(])-17 b(]\))33 b Ft(v)g Fs(S)1418 5509 y Fn(sos)1512 -5494 y Fu([)-17 b([)q Fr(while)34 b Fs(b)k Fr(do)33 b -Fs(S)12 b Fu(])-17 b(])p eop -%%Page: 116 126 -116 125 bop 251 130 a Fw(116)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(b)s(ecause)g(then)f -(Exercise)h(4.40)e(giv)m(es)h(FIX)f Fs(F)47 b Ft(v)35 -b Fs(S)2201 530 y Fn(sos)2296 515 y Fu([)-17 b([)q Fr(while)35 -b Fs(b)41 b Fr(do)34 b Fs(S)12 b Fu(])-17 b(])35 b(as)g(required.)49 -b(F)-8 b(rom)283 636 y(Exercise)34 b(2.21)e(w)m(e)i(get)602 -795 y Ft(S)670 810 y Fn(sos)765 795 y Fu([)-17 b([)q -Fr(while)33 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17 -b(])101 b(=)f(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b -Fu(])-17 b(],)33 b Ft(S)2251 810 y Fn(sos)2347 795 y -Fu([)-17 b([)p Fs(S)45 b Fu(;)32 b Fr(while)i Fs(b)k -Fr(do)33 b Fs(S)12 b Fu(])-17 b(])q(,)33 b(id\))1514 -963 y Ft(w)100 b Fu(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(],)33 b Ft(S)2251 978 y Fn(sos)2347 963 -y Fu([)-17 b([)p Fr(while)34 b Fs(b)k Fr(do)c Fs(S)12 -b Fu(])-17 b(])32 b Ft(\016)h(S)3179 978 y Fn(sos)3274 -963 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))283 -1129 y(The)h(induction)e(h)m(yp)s(othesis)i(applied)d(to)i -Fs(S)43 b Fu(giv)m(es)32 b Ft(S)2259 1144 y Fn(ds)2330 -1129 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])32 b Ft(v)g(S)2681 -1144 y Fn(sos)2776 1129 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])32 b(so)g(using)f(the)h(mono-)283 1249 y(tonicit)m(y)g(of)g -Ft(\016)h Fu(and)f(`cond')h(w)m(e)h(get)527 1453 y Ft(S)595 -1468 y Fn(sos)690 1453 y Fu([)-17 b([)q Fr(while)34 b -Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b Ft(w)g -Fu(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 -b Ft(S)2043 1468 y Fn(sos)2138 1453 y Fu([)-17 b([)p -Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17 -b(])33 b Ft(\016)f(S)2970 1468 y Fn(sos)3065 1453 y Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))1372 1620 -y Ft(w)h Fu(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(],)33 b Ft(S)2043 1635 y Fn(sos)2138 1620 y Fu([)-17 -b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17 -b(])33 b Ft(\016)f(S)2970 1635 y Fn(ds)3041 1620 y Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q(,)33 b(id\))1372 1788 -y(=)h Fs(F)13 b Fu(\()p Ft(S)1665 1803 y Fn(sos)1760 -1788 y Fu([)-17 b([)q Fr(while)33 b Fs(b)39 b Fr(do)33 -b Fs(S)12 b Fu(])-17 b(]\))283 1991 y(Note)37 b(that)e(in)h(this)f -(case)i Ft(S)1326 2006 y Fn(sos)1457 1991 y Fu(also)e(ful\014ls)g(a)g -(w)m(eak)m(er)j(v)m(ersion)f(of)e(the)i(clause)f(de\014ning)g -Ft(S)3685 2006 y Fn(ds)283 2112 y Fu(in)c(T)-8 b(able)33 -b(4.1.)2863 b Fh(2)430 2315 y Fu(The)33 b(k)m(ey)h(tec)m(hnique)g(used) -g(in)e(the)h(pro)s(of)f(can)h(b)s(e)f(summarized)g(as)h(follo)m(ws:)p -283 2393 3470 4 v 283 2410 V 281 2618 4 208 v 298 2618 -V 1371 2539 a Fw(Pro)s(of)f(Summary)h(for)f(While)p Fu(:)p -3735 2618 V 3752 2618 V 281 2825 V 298 2825 V 402 2746 -a Fw(Equiv)-6 b(alence)31 b(of)i(Op)s(erational)f(Seman)m(tics)g(and)h -(Denotational)f(Seman)m(tics)p 3735 2825 V 3752 2825 -V 283 2829 3470 4 v 281 4290 4 1461 v 298 4290 V 350 -2994 a Fu(1:)143 b(Pro)m(v)m(e)23 b(that)g Ft(S)1102 -3009 y Fn(sos)1197 2994 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])23 b Ft(v)f(S)1529 3009 y Fn(ds)1600 2994 y Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(])23 b(b)m(y)g(\014rst)g(using)f -Fs(induction)j(on)g(the)g(shap)-5 b(e)25 b(of)g(deriva-)569 -3114 y(tion)34 b(tr)-5 b(e)g(es)41 b Fu(to)32 b(sho)m(w)i(that)714 -3318 y Ft(\017)49 b Fu(if)d(a)h(statemen)m(t)h(is)f(executed)i -Fs(one)f(step)54 b Fu(in)46 b(the)i(structural)f(op)s(erational)813 -3438 y(seman)m(tics)f(and)h(do)s(es)g(not)g(terminate)e(then)i(this)f -(do)s(es)h(not)g(c)m(hange)g(the)813 3559 y(meaning)31 -b(in)h(the)h(denotational)d(seman)m(tics,)j(and)714 3762 -y Ft(\017)49 b Fu(if)d(a)h(statemen)m(t)h(is)f(executed)i -Fs(one)f(step)54 b Fu(in)46 b(the)i(structural)f(op)s(erational)813 -3882 y(seman)m(tics)39 b(and)f(do)s(es)i(terminate,)f(then)g(the)h -(same)e(result)h(is)f(obtained)h(in)813 4003 y(the)33 -b(denotational)d(seman)m(tics.)569 4206 y(and)i(secondly)i(b)m(y)f -(using)g Fs(induction)h(on)g(the)h(length)g(of)f(derivation)g(se)-5 -b(quenc)g(es)p Fu(.)p 3735 4290 V 3752 4290 V 281 5391 -4 1102 v 298 5391 V 350 4374 a(2:)143 b(Pro)m(v)m(e)34 -b(that)e Ft(S)1123 4389 y Fn(ds)1194 4374 y Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(])33 b Ft(v)g(S)1546 4389 -y Fn(sos)1642 4374 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 -b(])33 b(b)m(y)h(sho)m(wing)e(that)714 4577 y Ft(\017)49 -b(S)880 4592 y Fn(sos)998 4577 y Fu(ful\014ls)21 b(sligh)m(tly)f(w)m -(eak)m(er)25 b(v)m(ersions)e(of)f(the)g(clauses)h(de\014ning)f -Ft(S)3254 4592 y Fn(ds)3348 4577 y Fu(in)f(T)-8 b(able)813 -4698 y(4.1,)32 b(that)g(is)g(if)1027 4901 y Ft(S)1095 -4916 y Fn(ds)1166 4901 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])33 b(=)f(\011\()p Ft(\001)17 b(\001)g(\001)31 b(S)1779 -4916 y Fn(ds)1851 4901 y Fu([)-17 b([)p Fs(S)1955 4865 -y Fi(0)1978 4901 y Fu(])g(])34 b Ft(\001)17 b(\001)g(\001)n -Fu(\))813 5104 y(then)33 b Ft(S)1103 5119 y Fn(sos)1198 -5104 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])33 b Ft(w)g -Fu(\011\()p Ft(\001)17 b(\001)g(\001)31 b(S)1813 5119 -y Fn(sos)1908 5104 y Fu([)-17 b([)p Fs(S)2012 5068 y -Fi(0)2035 5104 y Fu(])g(])34 b Ft(\001)17 b(\001)g(\001)n -Fu(\))569 5308 y(A)32 b(pro)s(of)g(b)m(y)i Fs(structur)-5 -b(al)35 b(induction)40 b Fu(then)33 b(giv)m(es)g(that)f -Ft(S)2684 5323 y Fn(ds)2755 5308 y Fu([)-17 b([)q Fs(S)12 -b Fu(])-17 b(])33 b Ft(v)g(S)3108 5323 y Fn(sos)3203 -5308 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(.)p 3735 -5391 V 3752 5391 V 283 5395 3470 4 v 283 5411 V eop -%%Page: 117 127 -117 126 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063 -b(117)p 0 193 3473 4 v 0 515 a(Exercise)36 b(4.58)49 -b Fu(Giv)m(e)33 b(a)f(detailed)f(argumen)m(t)i(sho)m(wing)f(that)236 -683 y Ft(S)304 698 y Fn(sos)399 683 y Fu([)-17 b([)q -Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 -b Ft(w)g Fu(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(],)33 b Ft(S)1751 698 y Fn(sos)1847 683 y Fu([)-17 -b([)p Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 -b(])33 b Ft(\016)g(S)2679 698 y Fn(sos)2774 683 y Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\).)276 b Fh(2)0 -861 y Fw(Exercise)36 b(4.59)49 b Fu(Extend)24 b(the)e(pro)s(of)g(of)f -(Theorem)i(4.55)e(so)h(that)g(it)f(applies)g(to)h(the)g(language)0 -981 y(when)34 b(augmen)m(ted)f(with)f Fr(repeat)i Fs(S)44 -b Fr(until)34 b Fs(b)6 b Fu(.)1619 b Fh(2)0 1159 y Fw(Exercise)36 -b(4.60)49 b Fu(Extend)24 b(the)e(pro)s(of)g(of)f(Theorem)i(4.55)e(so)h -(that)g(it)f(applies)g(to)h(the)g(language)0 1279 y(when)34 -b(augmen)m(ted)f(with)f Fr(for)h Fs(x)12 b Fu(:=)p Fs(a)1376 -1294 y Fn(1)1448 1279 y Fr(to)33 b Fs(a)1640 1294 y Fn(2)1712 -1279 y Fr(do)g Fs(S)12 b Fu(.)1457 b Fh(2)0 1457 y Fw(Exercise)36 -b(4.61)49 b Fu(Com)m(bining)31 b(the)i(results)f(of)g(Theorem)h(2.26)e -(and)i(Theorem)f(4.55)g(w)m(e)h(get)0 1577 y(that)h Ft(S)281 -1592 y Fn(ns)352 1577 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])35 b(=)f Ft(S)707 1592 y Fn(ds)778 1577 y Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(])34 b(holds)h(for)e(ev)m(ery)k(statemen)m -(t)e Fs(S)46 b Fu(of)34 b Fw(While)p Fu(.)48 b(Giv)m(e)34 -b(a)g(direct)g(pro)s(of)0 1698 y(of)e(this)g(\(that)h(is)f(without)g -(using)g(the)h(t)m(w)m(o)g(theorems\).)1329 b Fh(2)0 -2024 y Fj(4.5)161 b(Extensions)52 b(of)i(While)0 2243 -y Fu(W)-8 b(e)23 b(shall)e(conclude)i(this)g(c)m(hapter)g(b)m(y)h -(considering)e(a)g(couple)h(of)f(extensions)i(of)e(the)h(language)0 -2363 y Fw(While)p Fu(.)88 b(The)49 b(extensions)h(ha)m(v)m(e)f(b)s(een) -g(c)m(hosen)g(so)f(as)h(to)e(illustrate)f(t)m(w)m(o)j(of)f(the)g(most)0 -2484 y(imp)s(ortan)m(t)31 b(concepts)j(of)e(denotational)f(seman)m -(tics:)145 2649 y Ft(\017)49 b Fs(lo)-5 b(c)g(ations)p -Fu(,)32 b(and)145 2840 y Ft(\017)49 b Fs(c)-5 b(ontinuations)p -Fu(.)0 3005 y(In)32 b(the)g(\014rst)g(case)g Fw(While)e -Fu(is)h(extended)j(with)d(blo)s(c)m(ks)h(and)g(pro)s(cedures)h(and)e -(in)g(the)h(second)0 3126 y(case)g(with)f(exceptions.)44 -b(In)31 b(b)s(oth)g(cases)i(w)m(e)f(shall)e(sho)m(w)i(ho)m(w)g(to)f(mo) -s(dify)e(the)j(seman)m(tics)f(of)0 3246 y(T)-8 b(able)32 -b(4.1.)0 3528 y Fp(The)44 b(concept)h(of)g(lo)t(cations)0 -3713 y Fu(W)-8 b(e)32 b(shall)e(\014rst)i(extend)h Fw(While)d -Fu(with)h(blo)s(c)m(ks)h(declaring)f(lo)s(cal)e(v)-5 -b(ariables)30 b(and)i(pro)s(cedures.)0 3833 y(The)i(new)f(language)e -(is)i(called)e Fw(Pro)s(c)h Fu(and)g(its)h(syn)m(tax)h(is)294 -3990 y Fs(S)188 b Fu(::=)100 b Fs(x)44 b Fu(:=)33 b Fs(a)40 -b Ft(j)32 b Fr(skip)h Ft(j)f Fs(S)1506 4005 y Fn(1)1578 -3990 y Fu(;)h Fs(S)1705 4005 y Fn(2)1777 3990 y Ft(j)f -Fr(if)h Fs(b)38 b Fr(then)c Fs(S)2360 4005 y Fn(1)2432 -3990 y Fr(else)f Fs(S)2736 4005 y Fn(2)588 4158 y Ft(j)151 -b Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)45 b Ft(j)32 b -Fr(begin)i Fs(D)1806 4173 y Fc(V)1899 4158 y Fs(D)1982 -4173 y Fc(P)2073 4158 y Fs(S)45 b Fr(end)33 b Ft(j)f -Fr(call)i Fs(p)294 4326 y(D)377 4341 y Fc(V)537 4326 -y Fu(::=)100 b Fr(var)33 b Fs(x)45 b Fu(:=)32 b Fs(a)7 -b Fu(;)33 b Fs(D)1378 4341 y Fc(V)1471 4326 y Ft(j)g -Fo(")294 4493 y Fs(D)377 4508 y Fc(P)537 4493 y Fu(::=)100 -b Fr(proc)34 b Fs(p)k Fr(is)33 b Fs(S)12 b Fu(;)32 b -Fs(D)1437 4508 y Fc(P)1529 4493 y Ft(j)g Fo(")0 4652 -y Fu(where)i Fs(D)365 4667 y Fc(V)459 4652 y Fu(and)f -Fs(D)732 4667 y Fc(P)823 4652 y Fu(are)g(meta-v)-5 b(ariables)31 -b(ranging)g(o)m(v)m(er)j(the)f(syn)m(tactic)h(categories)f -Fw(Dec)3415 4667 y Fn(V)0 4772 y Fu(of)c(v)-5 b(ariable)27 -b(declarations)h(and)i Fw(Dec)1383 4787 y Fn(P)1464 4772 -y Fu(of)f(pro)s(cedure)h(declarations,)f(resp)s(ectiv)m(ely)-8 -b(,)30 b(and)g Fs(p)35 b Fu(is)0 4893 y(a)c(meta-v)-5 -b(ariable)29 b(ranging)h(o)m(v)m(er)i(the)64 b(syn)m(tactic)32 -b(category)g Fw(Pname)f Fu(of)g(pro)s(cedure)h(names.)0 -5013 y(The)k(idea)f(is)f(that)h(v)-5 b(ariables)34 b(and)i(pro)s -(cedures)g(are)g(only)e(kno)m(wn)j(inside)d(the)i(blo)s(c)m(k)f(where)0 -5133 y(they)26 b(are)g(declared.)41 b(Pro)s(cedures)28 -b(ma)m(y)d(or)g(ma)m(y)h(not)f(b)s(e)h(recursiv)m(e)h(and)f(w)m(e)g -(shall)e(emphasize)0 5254 y(the)33 b(di\013erences)h(in)e(the)h(seman)m -(tics)f(to)h(b)s(e)f(sp)s(eci\014ed)i(b)s(elo)m(w.)146 -5374 y(W)-8 b(e)39 b(shall)d(adopt)i Fs(static)i(sc)-5 -b(op)g(e)39 b(rules)46 b Fu(rather)38 b(than)g(dynamic)f(scop)s(e)i -(rules.)60 b(Consider)0 5494 y(the)33 b(follo)m(wing)d(statemen)m(t:)p -eop -%%Page: 118 128 -118 127 bop 251 130 a Fw(118)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Fr(begin)e(var)g(x)e -Fu(:=)h Fr(7)p Fu(;)g Fr(proc)g(p)g(is)g(x)g Fu(:=)f -Fr(0)p Fu(;)816 683 y Fr(begin)i(var)f(x)g Fu(:=)g Fr(5)p -Fu(;)f Fr(call)i(p)f(end)527 851 y(end)283 1024 y Fu(Using)k(static)g -(scop)s(e)h(rules)f(the)g(e\013ect)h(of)f(executing)h -Fr(call)g(p)f Fu(in)g(the)g(inner)g(blo)s(c)m(k)g(will)e(b)s(e)283 -1144 y(to)k(mo)s(dify)e(the)i Fs(glob)-5 b(al)48 b Fu(v)-5 -b(ariable)37 b Fr(x)p Fu(.)63 b(Using)38 b(dynamic)g(scop)s(e)i(rules)f -(the)g(e\013ect)h(will)c(b)s(e)j(to)283 1264 y(mo)s(dify)31 -b(the)i Fs(lo)-5 b(c)g(al)43 b Fu(v)-5 b(ariable)30 b -Fr(x)p Fu(.)430 1385 y(T)-8 b(o)48 b(obtain)e(static)h(scop)s(e)i -(rules)f(w)m(e)g(shall)f(in)m(tro)s(duce)g(the)h(notion)f(of)g -Fs(lo)-5 b(c)g(ations)8 b Fu(:)73 b(to)283 1505 y(eac)m(h)39 -b(v)-5 b(ariable)35 b(w)m(e)k(asso)s(ciate)e(a)g(unique)g(lo)s(cation)e -(and)j(to)f(eac)m(h)h(lo)s(cation)d(w)m(e)j(asso)s(ciate)f(a)283 -1625 y(v)-5 b(alue.)43 b(This)31 b(is)f(in)h(con)m(trast)g(to)g(what)g -(w)m(e)h(did)f(in)f(T)-8 b(able)30 b(4.1)h(where)h(w)m(e)g(emplo)m(y)m -(ed)f(a)g(direct)283 1746 y(asso)s(ciation)36 b(b)s(et)m(w)m(een)j(v)-5 -b(ariables)35 b(and)i(v)-5 b(alues.)57 b(The)38 b(idea)e(then)i(is)e -(that)h(whenev)m(er)i(a)e(new)283 1866 y(v)-5 b(ariable)33 -b(is)h(declared)h(it)e(is)h(asso)s(ciated)g(with)g(a)h(new)g(un)m(used) -h(lo)s(cation)c(and)j(that)f(it)f(is)h(the)283 1987 y(v)-5 -b(alue)31 b(of)f(this)h(lo)s(cation)d(that)j(is)g(c)m(hanged)h(b)m(y)f -(assignmen)m(t)g(to)g(the)g(v)-5 b(ariable.)41 b(With)31 -b(resp)s(ect)283 2107 y(to)d(the)g(ab)s(o)m(v)m(e)g(statemen)m(t)g -(this)f(means)h(that)f(the)h(global)d(v)-5 b(ariable)26 -b Fr(x)i Fu(and)f(the)h(lo)s(cal)e(v)-5 b(ariable)283 -2227 y Fr(x)35 b Fu(will)e(ha)m(v)m(e)j(di\013eren)m(t)f(lo)s(cations.) -48 b(In)35 b(the)h(inner)e(blo)s(c)m(k)h(w)m(e)g(can)g(only)g(directly) -f(access)i(the)283 2348 y(lo)s(cation)i(of)h(the)h(lo)s(cal)d(v)-5 -b(ariable)38 b(but)i(the)g(pro)s(cedure)g(b)s(o)s(dy)g(for)f -Fr(p)h Fu(ma)m(y)f(only)g(access)i(the)283 2468 y(lo)s(cation)31 -b(of)h(the)h(global)d(v)-5 b(ariable.)283 2723 y Fw(Stores)38 -b(and)g(v)-6 b(ariable)37 b(en)m(vironmen)m(ts)283 2907 -y Fu(So)32 b(far)e(states)j(in)d Fw(State)i Fu(ha)m(v)m(e)g(b)s(een)g -(used)h(to)e(asso)s(ciate)g(v)-5 b(alues)31 b(with)g(v)-5 -b(ariables.)42 b(W)-8 b(e)31 b(shall)283 3028 y(no)m(w)48 -b(replace)e(states)h(with)f Fs(stor)-5 b(es)55 b Fu(that)46 -b(map)f(lo)s(cations)g(to)h(v)-5 b(alues)46 b(and)h(with)f -Fs(variable)283 3148 y(envir)-5 b(onments)40 b Fu(that)32 -b(map)g(v)-5 b(ariables)31 b(to)h(lo)s(cations.)42 b(W)-8 -b(e)33 b(in)m(tro)s(duce)g(the)g(domain)527 3321 y Fw(Lo)s(c)g -Fu(=)g Fw(Z)283 3494 y Fu(of)g(lo)s(cations)f(whic)m(h)i(for)f(the)h -(sak)m(e)h(of)e(simplicit)m(y)e(has)j(b)s(een)g(iden)m(ti\014ed)f(with) -g(the)h(in)m(tegers.)283 3614 y(W)-8 b(e)33 b(shall)f(need)h(an)g(op)s -(eration)527 3787 y(new:)45 b Fw(Lo)s(c)33 b Ft(!)f Fw(Lo)s(c)283 -3960 y Fu(on)37 b(lo)s(cations)d(that)i(giv)m(en)h(a)f(lo)s(cation)d -(will)h(giv)m(e)j(the)f(next)i(one;)g(since)f Fw(Lo)s(c)f -Fu(is)g Fw(Z)h Fu(w)m(e)g(ma)m(y)283 4081 y(tak)m(e)d(`new')g(to)e(b)s -(e)h(the)g(successor)h(function)f(on)f(the)h(in)m(tegers.)430 -4201 y(W)-8 b(e)33 b(can)g(no)m(w)g(de\014ne)h(a)e(store,)h -Fs(sto)6 b Fu(,)33 b(as)g(an)f(elemen)m(t)g(of)527 4374 -y Fw(Store)h Fu(=)f Fw(Lo)s(c)h Ft([)g(f)p Fu(next)p -Ft(g)g(!)f Fw(Z)283 4547 y Fu(where)h(`next')f(is)f(a)g(sp)s(ecial)f -(tok)m(en)i(used)g(to)f(hold)g(the)g Fs(next)j(fr)-5 -b(e)g(e)33 b(lo)-5 b(c)g(ation)p Fu(.)42 b(Note)31 b(that)g(since)283 -4667 y Fw(Lo)s(c)i Fu(is)f Fw(Z)h Fu(w)m(e)h(ha)m(v)m(e)g(that)e(`)p -Fs(sto)39 b Fu(next')34 b(is)e(a)g(lo)s(cation.)430 4788 -y(A)g(v)-5 b(ariable)31 b(en)m(vironmen)m(t)i Fs(env)1618 -4803 y Fc(V)1711 4788 y Fu(is)f(an)g(elemen)m(t)h(of)527 -4960 y Fw(En)m(v)719 4975 y Fn(V)810 4960 y Fu(=)f Fw(V)-9 -b(ar)32 b Ft(!)g Fw(Lo)s(c)283 5133 y Fu(Th)m(us)j(the)e(v)-5 -b(ariable)30 b(en)m(vironmen)m(t)j(will)e(assign)h(a)g(lo)s(cation)e -(to)j(eac)m(h)g(v)-5 b(ariable.)430 5254 y(So,)43 b(rather)e(than)h(ha) -m(ving)f(a)f(single)h(mapping)e Fs(s)49 b Fu(from)40 -b(v)-5 b(ariables)40 b(to)h(v)-5 b(alues)41 b(w)m(e)i(ha)m(v)m(e)283 -5374 y(split)29 b(it)g(in)m(to)g(t)m(w)m(o)i(mappings)e -Fs(env)1563 5389 y Fc(V)1653 5374 y Fu(and)h Fs(sto)36 -b Fu(and)30 b(the)h(idea)e(is)h(that)f Fs(s)38 b Fu(=)30 -b Fs(sto)36 b Ft(\016)30 b Fs(env)3436 5389 y Fc(V)3496 -5374 y Fu(.)43 b(This)283 5494 y(motiv)-5 b(ates)32 b(de\014ning)g(the) -h(function)f(`lo)s(okup')g(b)m(y)p eop -%%Page: 119 129 -119 128 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063 -b(119)p 0 193 3473 4 v 0 419 V 0 1836 4 1418 v 382 519 -a Ft(S)450 483 y Fi(0)450 543 y Fn(ds)521 519 y Fu([)-17 -b([)q Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(])-17 b(])p Fs(env)969 -534 y Fc(V)1062 519 y Fs(sto)39 b Fu(=)32 b Fs(sto)6 -b Fu([)p Fs(l)k Ft(7!A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 -b(])q(\(lo)s(okup)32 b Fs(env)2347 534 y Fc(V)2439 519 -y Fs(sto)6 b Fu(\)])651 686 y(where)34 b Fs(l)42 b Fu(=)33 -b Fs(env)1265 701 y Fc(V)1357 686 y Fs(x)382 878 y Ft(S)450 -841 y Fi(0)450 902 y Fn(ds)521 878 y Fu([)-17 b([)q Fr(skip)p -Fu(])g(])q Fs(env)957 893 y Fc(V)1050 878 y Fu(=)32 b(id)382 -1069 y Ft(S)450 1033 y Fi(0)450 1093 y Fn(ds)521 1069 -y Fu([)-17 b([)q Fs(S)626 1084 y Fn(1)697 1069 y Fu(;)33 -b Fs(S)824 1084 y Fn(2)863 1069 y Fu(])-17 b(])q Fs(env)1057 -1084 y Fc(V)1150 1069 y Fu(=)32 b(\()p Ft(S)1364 1033 -y Fi(0)1364 1093 y Fn(ds)1435 1069 y Fu([)-17 b([)p Fs(S)1539 -1084 y Fn(2)1579 1069 y Fu(])g(])p Fs(env)1772 1084 y -Fc(V)1832 1069 y Fu(\))33 b Ft(\016)f Fu(\()p Ft(S)2091 -1033 y Fi(0)2091 1093 y Fn(ds)2162 1069 y Fu([)-17 b([)q -Fs(S)2267 1084 y Fn(1)2306 1069 y Fu(])g(])q Fs(env)2500 -1084 y Fc(V)2560 1069 y Fu(\))382 1260 y Ft(S)450 1224 -y Fi(0)450 1285 y Fn(ds)521 1260 y Fu([)g([)q Fr(if)33 -b Fs(b)38 b Fr(then)c Fs(S)1082 1275 y Fn(1)1154 1260 -y Fr(else)f Fs(S)1458 1275 y Fn(2)1497 1260 y Fu(])-17 -b(])q Fs(env)1691 1275 y Fc(V)1784 1260 y Fu(=)651 1428 -y(cond\()p Ft(B)t Fu([)g([)p Fs(b)6 b Fu(])-17 b(])q -Ft(\016)p Fu(\(lo)s(okup)31 b Fs(env)1647 1443 y Fc(V)1707 -1428 y Fu(\),)i Ft(S)1873 1392 y Fi(0)1873 1452 y Fn(ds)1944 -1428 y Fu([)-17 b([)q Fs(S)2049 1443 y Fn(1)2088 1428 -y Fu(])g(])p Fs(env)2281 1443 y Fc(V)2342 1428 y Fu(,)32 -b Ft(S)2469 1392 y Fi(0)2469 1452 y Fn(ds)2540 1428 y -Fu([)-17 b([)q Fs(S)2645 1443 y Fn(2)2684 1428 y Fu(])g(])q -Fs(env)2878 1443 y Fc(V)2938 1428 y Fu(\))382 1619 y -Ft(S)450 1583 y Fi(0)450 1644 y Fn(ds)521 1619 y Fu([)g([)q -Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 b(])p -Fs(env)1326 1634 y Fc(V)1419 1619 y Fu(=)32 b(FIX)h Fs(F)618 -1787 y Fu(where)h Fs(F)46 b(g)41 b Fu(=)32 b(cond\()p -Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Ft(\016)p -Fu(\(lo)s(okup)32 b Fs(env)2201 1802 y Fc(V)2261 1787 -y Fu(\),)g Fs(g)41 b Ft(\016)33 b Fu(\()p Ft(S)2632 1750 -y Fi(0)2632 1811 y Fn(ds)2704 1787 y Fu([)-17 b([)p Fs(S)12 -b Fu(])-17 b(])q Fs(env)3002 1802 y Fc(V)3062 1787 y -Fu(\),)32 b(id\))p 3469 1836 V 0 1839 3473 4 v 438 2000 -a(T)-8 b(able)33 b(4.2:)43 b(Denotational)30 b(seman)m(tics)j(for)f -Fw(While)f Fu(using)h(lo)s(cations)244 2286 y(lo)s(okup)g -Fs(env)720 2301 y Fc(V)812 2286 y Fs(sto)39 b Fu(=)32 -b Fs(sto)39 b Ft(\016)32 b Fs(env)1480 2301 y Fc(V)0 -2491 y Fu(so)h(that)f(`lo)s(okup)g Fs(env)834 2506 y -Fc(V)894 2491 y Fu(')h(will)d(transform)i(a)g(store)h(to)f(a)g(state,)i -(that)e(is)244 2696 y(lo)s(okup:)43 b Fw(En)m(v)794 2711 -y Fn(V)884 2696 y Ft(!)32 b Fw(Store)g Ft(!)h Fw(State)146 -2902 y Fu(Ha)m(ving)e(replaced)g(a)g(one)h(stage)f(mapping)e(with)i(a)g -(t)m(w)m(o)h(stage)f(mapping)f(w)m(e)i(shall)e(w)m(an)m(t)0 -3022 y(to)38 b(reform)m(ulate)g(the)h(seman)m(tic)f(equations)h(of)f(T) --8 b(able)39 b(4.1)f(to)g(use)i(v)-5 b(ariable)37 b(en)m(vironmen)m(ts) -0 3142 y(and)c(stores.)44 b(The)34 b(new)f(seman)m(tic)f(function)g -Ft(S)1760 3106 y Fi(0)1760 3167 y Fn(ds)1864 3142 y Fu(has)h -(functionalit)m(y)244 3347 y Ft(S)312 3311 y Fi(0)312 -3372 y Fn(ds)383 3347 y Fu(:)43 b Fw(Stm)32 b Ft(!)g -Fw(En)m(v)1009 3362 y Fn(V)1100 3347 y Ft(!)g Fu(\()p -Fw(Store)g Fo(,)-17 b Ft(!)33 b Fw(Store)p Fu(\))0 3553 -y(so)f(that)g(only)f(the)i(store)f(is)f(up)s(dated)i(during)e(the)h -(execution)h(of)f(statemen)m(ts.)44 b(The)33 b(clauses)0 -3673 y(de\014ning)41 b Ft(S)445 3637 y Fi(0)445 3698 -y Fn(ds)557 3673 y Fu(are)g(giv)m(en)g(in)f(T)-8 b(able)41 -b(4.2.)68 b(Note)41 b(that)g(in)f(the)i(clause)f(for)f(assignmen)m(t)h -(the)0 3793 y(v)-5 b(ariable)40 b(en)m(vironmen)m(t)h(is)g(consulted)h -(to)g(determine)f(the)h(lo)s(cation)d(of)i(the)h(v)-5 -b(ariable)39 b(and)0 3914 y(this)g(lo)s(cation)e(is)i(up)s(dated)h(in)f -(the)h(store.)64 b(In)40 b(the)g(clauses)g(for)f(the)h(conditional)c -(and)k(the)0 4034 y Fr(while)p Fu(-construct)35 b(w)m(e)e(use)h(the)f -(auxiliary)d(function)i(`cond')h(of)g(functionalit)m(y)244 -4239 y(cond:)44 b(\()p Fw(Store)32 b Ft(!)g Fw(T)p Fu(\))h -Ft(\002)g Fu(\()p Fw(Store)f Fo(,)-17 b Ft(!)33 b Fw(Store)p -Fu(\))f Ft(\002)h Fu(\()p Fw(Store)f Fo(,)-17 b Ft(!)33 -b Fw(Store)p Fu(\))749 4407 y Ft(!)f Fu(\()p Fw(Store)g -Fo(,)-17 b Ft(!)33 b Fw(Store)p Fu(\))0 4612 y(and)g(its)f -(de\014nition)f(is)h(as)h(in)f(Section)g(4.1.)0 4843 -y Fw(Exercise)k(4.62)49 b Fu(W)-8 b(e)34 b(ha)m(v)m(e)g(to)f(mak)m(e)g -(sure)g(that)g(the)h(clauses)f(of)g(T)-8 b(able)32 b(4.2)h(de\014ne)h -(a)f(w)m(ell-)0 4964 y(de\014ned)h(function)e Ft(S)786 -4928 y Fi(0)786 4988 y Fn(ds)857 4964 y Fu(.)44 b(T)-8 -b(o)32 b(do)h(so)145 5169 y Ft(\017)49 b Fu(equip)33 -b Fw(Store)f Fo(,)-17 b Ft(!)33 b Fw(Store)f Fu(with)g(a)g(partial)f -(ordering)h(suc)m(h)i(that)e(it)g(b)s(ecomes)h(a)f(ccp)s(o,)145 -5374 y Ft(\017)49 b Fu(sho)m(w)31 b(that)e Ft(\016)g -Fu(is)h(con)m(tin)m(uous)g(in)f(b)s(oth)g(of)g(its)h(argumen)m(ts)f -(and)h(that)g(`cond')g(is)f(con)m(tin-)244 5494 y(uous)k(in)f(its)g -(second)i(and)e(third)g(argumen)m(t,)h(and)p eop -%%Page: 120 130 -120 129 bop 251 130 a Fw(120)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 429 515 a Ft(\017)48 -b Fu(sho)m(w)34 b(that)e(the)h(\014xed)h(p)s(oin)m(t)e(op)s(eration)f -(is)h(only)g(applied)g(to)g(con)m(tin)m(uous)h(functions.)283 -717 y(Conclude)h(that)e Ft(S)991 681 y Fi(0)991 742 y -Fn(ds)1094 717 y Fu(is)h(a)f(w)m(ell-de\014ned)h(function.)1496 -b Fh(2)283 943 y Fw(Exercise)37 b(4.63)49 b Fu(*)32 b(Pro)m(v)m(e)i -(that)e(the)h(t)m(w)m(o)h(seman)m(tic)e(functions)h Ft(S)2787 -958 y Fn(ds)2891 943 y Fu(and)g Ft(S)3149 907 y Fi(0)3149 -967 y Fn(ds)3252 943 y Fu(satisfy)527 1144 y Ft(S)595 -1159 y Fn(ds)666 1144 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])33 b Ft(\016)f Fu(\(lo)s(okup)g Fs(env)1437 1159 -y Fc(V)1497 1144 y Fu(\))g(=)h(\(lo)s(okup)f Fs(env)2190 -1159 y Fc(V)2250 1144 y Fu(\))g Ft(\016)g Fu(\()p Ft(S)2508 -1108 y Fi(0)2508 1169 y Fn(ds)2579 1144 y Fu([)-17 b([)q -Fs(S)12 b Fu(])-17 b(])p Fs(env)2877 1159 y Fc(V)2937 -1144 y Fu(\))283 1346 y(for)44 b(all)e(statemen)m(ts)j -Fs(S)55 b Fu(of)44 b Fw(While)e Fu(and)i(for)g(all)d -Fs(env)2326 1361 y Fc(V)2430 1346 y Fu(suc)m(h)46 b(that)e -Fs(env)3041 1361 y Fc(V)3145 1346 y Fu(is)f(an)h(injectiv)m(e)283 -1466 y(mapping.)3001 b Fh(2)283 1692 y Fw(Exercise)37 -b(4.64)49 b Fu(Ha)m(ving)23 b(replaced)h(a)f(one)h(stage)g(mapping)f -(with)g(a)g(t)m(w)m(o)i(stage)f(mapping)e(w)m(e)283 1812 -y(migh)m(t)j(consider)h(rede\014ning)g(the)g(seman)m(tic)g(functions)f -Ft(A)h Fu(and)f Ft(B)t Fu(.)41 b(The)27 b(new)g(functionalities)283 -1933 y(of)33 b Ft(A)f Fu(and)g Ft(B)k Fu(migh)m(t)31 -b(b)s(e)527 2134 y Ft(A)607 2098 y Fi(0)630 2134 y Fu(:)44 -b Fw(Aexp)32 b Ft(!)g Fw(En)m(v)1314 2149 y Fn(V)1405 -2134 y Ft(!)g Fu(\()p Fw(Store)g Ft(!)g Fw(Z)p Fu(\))527 -2302 y Ft(B)596 2266 y Fi(0)619 2302 y Fu(:)44 b Fw(Bexp)32 -b Ft(!)g Fw(En)m(v)1298 2317 y Fn(V)1389 2302 y Ft(!)g -Fu(\()p Fw(Store)g Ft(!)g Fw(T)p Fu(\))283 2504 y(and)h(the)g(in)m -(tended)g(relationship)e(is)h(that)527 2705 y Ft(A)607 -2669 y Fi(0)630 2705 y Fu([)-17 b([)q Fs(a)7 b Fu(])-17 -b(])q Fs(env)919 2720 y Fc(V)1011 2705 y Fu(=)33 b Ft(A)o -Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])33 b Ft(\016)f Fu(\(lo)s(okup)g -Fs(env)1960 2720 y Fc(V)2020 2705 y Fu(\))527 2873 y -Ft(B)596 2837 y Fi(0)619 2873 y Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(])p Fs(env)901 2888 y Fc(V)994 2873 y Fu(=)32 -b Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(\016)g -Fu(\(lo)s(okup)e Fs(env)1925 2888 y Fc(V)1985 2873 y -Fu(\))283 3074 y(Giv)m(e)40 b(a)g(comp)s(ositional)c(de\014nition)j(of) -h(the)g(functions)g Ft(A)2479 3038 y Fi(0)2542 3074 y -Fu(and)g Ft(B)2808 3038 y Fi(0)2871 3074 y Fu(suc)m(h)h(that)f(this)g -(is)f(the)283 3195 y(case.)3198 b Fh(2)283 3454 y Fw(Up)s(dating)38 -b(the)f(v)-6 b(ariable)37 b(en)m(vironmen)m(t)283 3639 -y Fu(The)g(v)-5 b(ariable)34 b(en)m(vironmen)m(t)j(is)e(up)s(dated)h -(whenev)m(er)j(w)m(e)e(en)m(ter)f(a)g(blo)s(c)m(k)g(con)m(taining)e(lo) -s(cal)283 3759 y(declarations.)60 b(T)-8 b(o)38 b(express)i(this)e(w)m -(e)h(shall)e(in)m(tro)s(duce)h(a)g(seman)m(tic)f(function)h -Ft(D)3357 3723 y Fn(V)3357 3784 y(ds)3466 3759 y Fu(for)f(the)283 -3880 y(syn)m(tactic)d(category)f(of)f(v)-5 b(ariable)31 -b(declarations.)42 b(It)33 b(has)g(functionalit)m(y)527 -4081 y Ft(D)607 4045 y Fn(V)607 4106 y(ds)678 4081 y -Fu(:)44 b Fw(Dec)936 4096 y Fn(V)1026 4081 y Ft(!)32 -b Fw(En)m(v)1350 4096 y Fc(V)1443 4081 y Ft(\002)h Fw(Store)g -Ft(!)f Fw(En)m(v)2169 4096 y Fc(V)2262 4081 y Ft(\002)h -Fw(Store)283 4283 y Fu(The)i(function)f Ft(D)949 4246 -y Fn(V)949 4307 y(ds)1020 4283 y Fu([)-17 b([)p Fs(D)1140 -4298 y Fc(V)1201 4283 y Fu(])g(])35 b(will)c(tak)m(e)k(a)f(pair)f(as)h -(argumen)m(ts:)47 b(the)34 b(\014rst)h(comp)s(onen)m(t)f(of)f(that)283 -4403 y(pair)22 b(will)e(b)s(e)i(the)h(curren)m(t)g(v)-5 -b(ariable)21 b(en)m(vironmen)m(t)h(and)h(the)f(second)i(comp)s(onen)m -(t)e(the)h(curren)m(t)283 4523 y(store.)62 b(The)39 b(function)f(will)e -(return)j(the)g(up)s(dated)f(v)-5 b(ariable)37 b(en)m(vironmen)m(t)i -(as)f(w)m(ell)g(as)g(the)283 4644 y(up)s(dated)32 b(store.)44 -b(The)32 b(function)f(is)g(de\014ned)h(b)m(y)h(the)e(seman)m(tic)g -(clauses)h(of)f(T)-8 b(able)31 b(4.3.)43 b(Note)283 4764 -y(that)36 b(w)m(e)i(pro)s(cess)f(the)g(declarations)e(from)g(left)g(to) -h(righ)m(t)g(and)g(that)g(w)m(e)h(up)s(date)g(the)f(v)-5 -b(alue)283 4885 y(of)33 b(the)g(tok)m(en)g(`next')h(in)e(the)h(store.) -430 5005 y(In)28 b(the)h(case)g(where)g(there)g(are)f -Fs(no)34 b Fu(pro)s(cedure)29 b(declarations)e(in)h(a)g(blo)s(c)m(k)g -(w)m(e)h(can)f(extend)283 5125 y(the)33 b(seman)m(tic)g(function)f -Ft(S)1306 5089 y Fi(0)1306 5150 y Fn(ds)1409 5125 y Fu(of)g(T)-8 -b(able)33 b(4.2)f(with)g(a)g(clause)h(lik)m(e)527 5327 -y Ft(S)595 5291 y Fi(0)595 5351 y Fn(ds)666 5327 y Fu([)-17 -b([)q Fr(begin)34 b Fs(D)1076 5342 y Fc(V)1169 5327 y -Fs(S)45 b Fr(end)p Fu(])-17 b(])q Fs(env)1616 5342 y -Fc(V)1709 5327 y Fs(sto)38 b Fu(=)33 b Ft(S)2045 5291 -y Fi(0)2045 5351 y Fn(ds)2117 5327 y Fu([)-17 b([)p Fs(S)12 -b Fu(])-17 b(])q Fs(env)2415 5291 y Fi(0)2415 5351 y -Fc(V)2507 5327 y Fs(sto)2635 5291 y Fi(0)796 5494 y Fu(where)34 -b Ft(D)1158 5458 y Fn(V)1158 5519 y(ds)1229 5494 y Fu([)-17 -b([)p Fs(D)1349 5509 y Fc(V)1410 5494 y Fu(])g(])q(\()p -Fs(env)1642 5509 y Fc(V)1702 5494 y Fu(,)32 b Fs(sto)6 -b Fu(\))33 b(=)f(\()p Fs(env)2262 5458 y Fi(0)2262 5519 -y Fc(V)2322 5494 y Fu(,)h Fs(sto)2510 5458 y Fi(0)2534 -5494 y Fu(\))p eop -%%Page: 121 131 -121 130 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063 -b(121)p 0 193 3473 4 v 0 419 V 0 1102 4 683 v 382 526 -a Ft(D)462 489 y Fn(V)462 550 y(ds)533 526 y Fu([)-17 -b([)p Fr(var)34 b Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(;)32 -b Fs(D)1181 541 y Fc(V)1242 526 y Fu(])-17 b(])q(\()p -Fs(env)1474 541 y Fc(V)1534 526 y Fu(,)33 b Fs(sto)6 -b Fu(\))32 b(=)651 693 y Ft(D)730 657 y Fn(V)730 718 -y(ds)802 693 y Fu([)-17 b([)p Fs(D)922 708 y Fc(V)983 -693 y Fu(])g(])q(\()p Fs(env)1215 708 y Fc(V)1275 693 -y Fu([)p Fs(x)12 b Ft(7!)o Fs(l)e Fu(],)33 b Fs(sto)6 -b Fu([)p Fs(l)k Ft(7!)p Fs(v)h Fu(][next)p Ft(7!)q Fu(new)33 -b Fs(l)10 b Fu(]\))651 861 y(where)34 b Fs(l)42 b Fu(=)33 -b Fs(sto)38 b Fu(next)c(and)f Fs(v)43 b Fu(=)32 b Ft(A)p -Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q(\(lo)s(okup)32 -b Fs(env)2601 876 y Fc(V)2693 861 y Fs(sto)6 b Fu(\))382 -1052 y Ft(D)462 1016 y Fn(V)462 1077 y(ds)533 1052 y -Fu([)-17 b([)p Fo(")p Fu(])g(])33 b(=)g(id)p 3469 1102 -V 0 1105 3473 4 v 479 1266 a(T)-8 b(able)32 b(4.3:)43 -b(Denotational)30 b(seman)m(tics)j(for)f(v)-5 b(ariable)31 -b(declarations)0 1536 y(Th)m(us)g(w)m(e)e(ev)-5 b(aluate)29 -b(the)g(b)s(o)s(dy)g Fs(S)41 b Fu(in)28 b(an)h(up)s(dated)g(v)-5 -b(ariable)28 b(en)m(vironmen)m(t)h(and)g(an)g(up)s(dated)0 -1657 y(store.)55 b(W)-8 b(e)36 b(shall)f(later)g(mo)s(dify)g(the)h(ab)s -(o)m(v)m(e)i(clause)e(to)g(tak)m(e)h(the)f(pro)s(cedure)h(declarations) -0 1777 y(in)m(to)32 b(accoun)m(t.)0 2025 y Fw(Exercise)k(4.65)49 -b Fu(Consider)33 b(the)g(follo)m(wing)d(statemen)m(t)j(of)f -Fw(Pro)s(c)p Fu(:)244 2241 y Fr(begin)i(var)f(y)g Fu(:=)f -Fr(0)p Fu(;)h Fr(var)h(x)e Fu(:=)h Fr(1)p Fu(;)533 2409 -y Fr(begin)h(var)f(x)g Fu(:=)f Fr(7)p Fu(;)h Fr(x)g Fu(:=)f -Fr(x)p Fu(+)p Fr(1)h(end)p Fu(;)533 2576 y Fr(y)g Fu(:=)f -Fr(x)244 2744 y(end)0 2960 y Fu(Use)g(the)f(seman)m(tic)f(equations)h -(to)f(sho)m(w)i(that)f(the)g(lo)s(cation)d(for)i Fr(y)h -Fu(is)f(assigned)h(the)g(v)-5 b(alue)30 b Fw(1)0 3080 -y Fu(in)i(the)h(\014nal)f(store.)2666 b Fh(2)0 3355 y -Fw(Pro)s(cedure)37 b(en)m(vironmen)m(ts)0 3545 y Fu(T)-8 -b(o)32 b(cater)g(for)g(pro)s(cedures)h(w)m(e)g(shall)e(in)m(tro)s(duce) -h(the)g(notion)f(of)h(a)g Fs(pr)-5 b(o)g(c)g(e)g(dur)g(e)34 -b(envir)-5 b(onment)p Fu(.)0 3666 y(It)43 b(will)e(b)s(e)j(a)f(total)e -(function)i(that)g(will)e(asso)s(ciate)i(eac)m(h)h(pro)s(cedure)g(with) -f(the)h(e\013ect)g(of)0 3786 y(executing)38 b(its)g(b)s(o)s(dy)-8 -b(.)59 b(This)38 b(means)g(that)f(a)h(pro)s(cedure)g(en)m(vironmen)m -(t,)i Fs(env)2918 3801 y Fc(P)2976 3786 y Fu(,)f(will)c(b)s(e)j(an)0 -3906 y(elemen)m(t)32 b(of)244 4122 y Fw(En)m(v)436 4137 -y Fn(P)520 4122 y Fu(=)h Fw(Pname)f Ft(!)g Fu(\()p Fw(Store)h -Fo(,)-17 b Ft(!)32 b Fw(Store)p Fu(\))0 4338 y Fw(Remark)24 -b Fu(This)h(notion)e(of)h(pro)s(cedure)h(en)m(vironmen)m(t)g(di\013ers) -f(from)g(that)g(of)g(the)h(op)s(erational)0 4458 y(approac)m(h.)2984 -b Fh(2)146 4581 y Fu(The)46 b(pro)s(cedure)g(en)m(vironmen)m(t)f(is)f -(up)s(dated)i(using)e(the)h(seman)m(tic)g(function)f -Ft(D)3240 4545 y Fn(P)3240 4606 y(ds)3356 4581 y Fu(for)0 -4702 y(pro)s(cedure)34 b(declarations.)42 b(It)33 b(has)g(functionalit) -m(y)244 4917 y Ft(D)323 4881 y Fn(P)323 4942 y(ds)395 -4917 y Fu(:)43 b Fw(Dec)652 4932 y Fn(P)737 4917 y Ft(!)32 -b Fw(En)m(v)1061 4932 y Fn(V)1151 4917 y Ft(!)g Fw(En)m(v)1475 -4932 y Fn(P)1560 4917 y Ft(!)g Fw(En)m(v)1884 4932 y -Fn(P)0 5133 y Fu(So)e(giv)m(en)f(the)i(curren)m(t)g(v)-5 -b(ariable)27 b(en)m(vironmen)m(t)k(and)e(the)i(curren)m(t)f(pro)s -(cedure)h(en)m(vironmen)m(t)0 5254 y(the)k(function)e -Ft(D)633 5218 y Fn(P)633 5278 y(ds)704 5254 y Fu([)-17 -b([)q Fs(D)825 5269 y Fc(P)883 5254 y Fu(])g(])35 b(will)d(up)s(date)i -(the)h(pro)s(cedure)g(en)m(vironmen)m(t.)48 b(The)35 -b(v)-5 b(ariable)33 b(en)m(vi-)0 5374 y(ronmen)m(t)e(m)m(ust)g(b)s(e)h -(a)m(v)-5 b(ailable)29 b(b)s(ecause)j(pro)s(cedures)h(m)m(ust)e(kno)m -(w)h(the)g(v)-5 b(ariables)30 b(that)h(ha)m(v)m(e)0 5494 -y(b)s(een)i(declared)g(so)g(far.)43 b(An)33 b(example)f(is)g(the)h -(statemen)m(t)p eop -%%Page: 122 132 -122 131 bop 251 130 a Fw(122)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 934 4 -516 v 666 526 a Ft(D)745 489 y Fn(P)745 550 y(ds)816 -526 y Fu([)-17 b([)q Fr(proc)34 b Fs(p)k Fr(is)33 b Fs(S)12 -b Fu(;)32 b Fs(D)1524 541 y Fc(P)1583 526 y Fu(])-17 -b(])q Fs(env)1777 541 y Fc(V)1869 526 y Fs(env)2025 541 -y Fc(P)2116 526 y Fu(=)32 b Ft(D)2304 489 y Fn(P)2304 -550 y(ds)2375 526 y Fu([)-17 b([)q Fs(D)2496 541 y Fc(P)2554 -526 y Fu(])g(])q Fs(env)2748 541 y Fc(V)2840 526 y Fu(\()p -Fs(env)3034 541 y Fc(P)3092 526 y Fu([)p Fs(p)6 b Ft(7!)p -Fs(g)j Fu(]\))934 693 y(where)34 b Fs(g)41 b Fu(=)33 -b Ft(S)1478 708 y Fn(ds)1550 693 y Fu([)-17 b([)p Fs(S)12 -b Fu(])-17 b(])q Fs(env)1848 708 y Fc(V)1940 693 y Fs(env)2096 -708 y Fc(P)666 884 y Ft(D)745 848 y Fn(P)745 909 y(ds)816 -884 y Fu([)g([)q Fo(")p Fu(])g(])p Fs(env)1093 899 y -Fc(V)1186 884 y Fu(=)32 b(id)p 3753 934 V 283 937 3473 -4 v 421 1098 a(T)-8 b(able)32 b(4.4:)43 b(Denotational)30 -b(seman)m(tics)j(for)f(non-recursiv)m(e)h(pro)s(cedure)h(declarations) -527 1360 y Fr(begin)g(var)g(x)e Fu(:=)h Fr(7)p Fu(;)g -Fr(proc)g(p)g(is)g(x)g Fu(:=)f Fr(0)p Fu(;)816 1527 y -Fr(begin)i(var)f(x)g Fu(:=)g Fr(5)p Fu(;)f Fr(call)i(p)f(end)527 -1695 y(end)283 1864 y Fu(where)k(the)f(b)s(o)s(dy)g(of)f -Fr(p)h Fu(m)m(ust)g(kno)m(w)h(that)e(a)h(v)-5 b(ariable)34 -b Fr(x)h Fu(has)h(b)s(een)h(declared)f(in)f(the)h(outer)283 -1984 y(blo)s(c)m(k.)430 2104 y(The)h(seman)m(tic)g(clauses)g -(de\014ning)g Ft(D)1826 2068 y Fn(P)1826 2129 y(ds)1933 -2104 y Fu(in)f(the)h(case)h(of)e Fs(non-r)-5 b(e)g(cursive)38 -b(pr)-5 b(o)g(c)g(e)g(dur)g(es)36 b Fu(are)283 2225 y(giv)m(en)i(in)e -(T)-8 b(able)37 b(4.4.)56 b(In)37 b(the)h(clause)f(for)g(pro)s(cedure)h -(declarations)e(w)m(e)i(use)g(the)f(seman)m(tic)283 2345 -y(function)30 b Ft(S)730 2360 y Fn(ds)831 2345 y Fu(for)f(statemen)m -(ts)i(\(de\014ned)g(b)s(elo)m(w\))e(to)g(determine)g(the)h(meaning)f -(of)g(the)h(b)s(o)s(dy)283 2465 y(of)35 b(the)h(pro)s(cedure)g(using)f -(that)h Fs(env)1652 2480 y Fc(V)1747 2465 y Fu(and)g -Fs(env)2096 2480 y Fc(P)2189 2465 y Fu(are)f(the)h(en)m(vironmen)m(ts)g -(at)f(the)h(p)s(oin)m(t)e(of)283 2586 y(declaration.)41 -b(The)30 b(v)-5 b(ariables)28 b(o)s(ccurring)h(in)f(the)h(b)s(o)s(dy)h -Fs(S)40 b Fu(of)29 b Fs(p)35 b Fu(will)27 b(therefore)j(b)s(e)f(b)s -(ound)g(to)283 2706 y(the)37 b(lo)s(cations)e(of)h(the)h(v)-5 -b(ariables)35 b(as)h(kno)m(wn)i(at)e(the)h(time)e(of)h(declaration)e -(but)j(the)g(v)-5 b(alues)283 2827 y(of)39 b(the)g(lo)s(cations)e(will) -f(not)j(b)s(e)g(kno)m(wn)h(un)m(til)d(the)i(time)f(of)g(call.)60 -b(In)39 b(this)g(w)m(a)m(y)h(w)m(e)f(ensure)283 2947 -y(that)j(w)m(e)g(obtain)f(static)g(scop)s(e)h(for)f(v)-5 -b(ariables.)69 b(Also)41 b(an)g(o)s(ccurrence)i(of)e -Fr(call)i Fs(p)3433 2911 y Fi(0)3498 2947 y Fu(in)d(the)283 -3067 y(b)s(o)s(dy)g(of)e(the)i(pro)s(cedure)g(will)d(refer)i(to)g(a)g -(pro)s(cedure)h Fs(p)2439 3031 y Fi(0)2502 3067 y Fu(men)m(tioned)e(in) -h Fs(env)3259 3082 y Fc(P)3317 3067 y Fu(,)h(that)f(is)g(a)283 -3188 y(pro)s(cedure)k(declared)g(in)e(an)h(outer)g(blo)s(c)m(k)g(or)g -(in)f(the)i(curren)m(t)g(blo)s(c)m(k)f(but)g(preceding)g(the)283 -3308 y(presen)m(t)32 b(pro)s(cedure.)44 b(In)30 b(this)g(w)m(a)m(y)h(w) -m(e)g(obtain)e(static)h(scop)s(e)h(for)f(pro)s(cedures.)44 -b(This)30 b(will)e(b)s(e)283 3429 y(illustrated)j(in)h(Exercise)i(4.67) -e(b)s(elo)m(w.)283 3682 y Fw(The)38 b(seman)m(tic)e(function)h -Ft(S)1483 3697 y Fn(ds)1592 3682 y Fw(for)g(Pro)s(c)283 -3867 y Fu(The)j(meaning)c(of)i(a)g(statemen)m(t)g(dep)s(ends)i(on)e -(the)h(v)-5 b(ariables)37 b(and)h(pro)s(cedures)i(that)e(ha)m(v)m(e)283 -3987 y(b)s(een)i(declared.)63 b(Therefore)40 b(the)f(seman)m(tic)g -(function)f Ft(S)2451 4002 y Fn(ds)2561 3987 y Fu(for)g(statemen)m(ts)i -(in)e Fw(Pro)s(c)g Fu(will)283 4108 y(ha)m(v)m(e)c(functionalit)m(y)527 -4276 y Ft(S)595 4291 y Fn(ds)666 4276 y Fu(:)44 b Fw(Stm)32 -b Ft(!)g Fw(En)m(v)1293 4291 y Fn(V)1383 4276 y Ft(!)g -Fw(En)m(v)1707 4291 y Fn(P)1792 4276 y Ft(!)g Fu(\()p -Fw(Store)g Fo(,)-17 b Ft(!)33 b Fw(Store)p Fu(\))283 -4445 y(The)f(function)d(is)h(de\014ned)i(b)m(y)f(the)f(clauses)h(of)f -(T)-8 b(able)30 b(4.5.)42 b(In)30 b(most)g(cases)i(the)e(de\014nition)f -(of)283 4565 y Ft(S)351 4580 y Fn(ds)453 4565 y Fu(is)h(a)g(straigh)m -(tforw)m(ard)h(mo)s(di\014cation)d(of)i(the)h(clauses)g(of)f -Ft(S)2648 4529 y Fi(0)2648 4590 y Fn(ds)2719 4565 y Fu(.)43 -b(Note)31 b(that)f(the)h(meaning)283 4686 y(of)i(a)f(pro)s(cedure)h -(call)e(is)h(obtained)g(b)m(y)i(simply)d(consulting)h(the)h(pro)s -(cedure)g(en)m(vironmen)m(t.)283 4867 y Fw(Example)k(4.66)49 -b Fu(This)29 b(example)e(sho)m(ws)j(ho)m(w)g(w)m(e)f(obtain)e(static)h -(scop)s(e)h(rules)g(for)f(the)h(v)-5 b(ari-)283 4988 -y(ables.)44 b(Consider)33 b(the)g(application)d(of)i(the)h(seman)m(tic) -f(function)g Ft(S)2778 5003 y Fn(ds)2882 4988 y Fu(to)g(the)h(statemen) -m(t)527 5156 y Fr(begin)h(var)g(x)e Fu(:=)h Fr(7)p Fu(;)g -Fr(proc)g(p)g(is)g(x)g Fu(:=)f Fr(0)p Fu(;)816 5324 y -Fr(begin)i(var)f(x)g Fu(:=)g Fr(5)p Fu(;)f Fr(call)i(p)f(end)527 -5492 y(end)p eop -%%Page: 123 133 -123 132 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063 -b(123)p 0 193 3473 4 v 0 419 V 0 2889 4 2471 v 382 519 -a Ft(S)450 534 y Fn(ds)521 519 y Fu([)-17 b([)q Fs(x)12 -b Fu(:=)p Fs(a)7 b Fu(])-17 b(])p Fs(env)969 534 y Fc(V)1062 -519 y Fs(env)1218 534 y Fc(P)1308 519 y Fs(sto)39 b Fu(=)32 -b Fs(sto)6 b Fu([)p Fs(l)k Ft(7!A)p Fu([)-17 b([)q Fs(a)7 -b Fu(])-17 b(]\(lo)s(okup)32 b Fs(env)2593 534 y Fc(V)2686 -519 y Fs(sto)6 b Fu(\)])651 686 y(where)34 b Fs(l)42 -b Fu(=)33 b Fs(env)1265 701 y Fc(V)1357 686 y Fs(x)382 -878 y Ft(S)450 893 y Fn(ds)521 878 y Fu([)-17 b([)q Fr(skip)p -Fu(])g(])q Fs(env)957 893 y Fc(V)1050 878 y Fs(env)1206 -893 y Fc(P)1296 878 y Fu(=)33 b(id)382 1069 y Ft(S)450 -1084 y Fn(ds)521 1069 y Fu([)-17 b([)q Fs(S)626 1084 -y Fn(1)697 1069 y Fu(;)33 b Fs(S)824 1084 y Fn(2)863 -1069 y Fu(])-17 b(])q Fs(env)1057 1084 y Fc(V)1150 1069 -y Fs(env)1306 1084 y Fc(P)1396 1069 y Fu(=)32 b(\()p -Ft(S)1610 1084 y Fn(ds)1681 1069 y Fu([)-17 b([)q Fs(S)1786 -1084 y Fn(2)1825 1069 y Fu(])g(])q Fs(env)2019 1084 y -Fc(V)2111 1069 y Fs(env)2267 1084 y Fc(P)2325 1069 y -Fu(\))33 b Ft(\016)f Fu(\()p Ft(S)2584 1084 y Fn(ds)2655 -1069 y Fu([)-17 b([)q Fs(S)2760 1084 y Fn(1)2799 1069 -y Fu(])g(])p Fs(env)2992 1084 y Fc(V)3085 1069 y Fs(env)3241 -1084 y Fc(P)3299 1069 y Fu(\))382 1260 y Ft(S)450 1275 -y Fn(ds)521 1260 y Fu([)g([)q Fr(if)33 b Fs(b)38 b Fr(then)c -Fs(S)1082 1275 y Fn(1)1154 1260 y Fr(else)f Fs(S)1458 -1275 y Fn(2)1497 1260 y Fu(])-17 b(])q Fs(env)1691 1275 -y Fc(V)1784 1260 y Fs(env)1940 1275 y Fc(P)2030 1260 -y Fu(=)651 1428 y(cond\()p Ft(B)t Fu([)g([)p Fs(b)6 b -Fu(])-17 b(])q Ft(\016)p Fu(\(lo)s(okup)31 b Fs(env)1647 -1443 y Fc(V)1707 1428 y Fu(\),)i Ft(S)1873 1443 y Fn(ds)1944 -1428 y Fu([)-17 b([)q Fs(S)2049 1443 y Fn(1)2088 1428 -y Fu(])g(])p Fs(env)2281 1443 y Fc(V)2374 1428 y Fs(env)2530 -1443 y Fc(P)2588 1428 y Fu(,)1359 1595 y Ft(S)1427 1610 -y Fn(ds)1498 1595 y Fu([)g([)q Fs(S)1603 1610 y Fn(2)1642 -1595 y Fu(])g(])q Fs(env)1836 1610 y Fc(V)1929 1595 y -Fs(env)2085 1610 y Fc(P)2142 1595 y Fu(\))382 1787 y -Ft(S)450 1802 y Fn(ds)521 1787 y Fu([)g([)q Fr(while)34 -b Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 b(])p Fs(env)1326 -1802 y Fc(V)1419 1787 y Fs(env)1575 1802 y Fc(P)1665 -1787 y Fu(=)33 b(FIX)f Fs(F)618 1954 y Fu(where)i Fs(F)46 -b(g)41 b Fu(=)32 b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(])p Ft(\016)p Fu(\(lo)s(okup)32 b Fs(env)2201 -1969 y Fc(V)2261 1954 y Fu(\),)1359 2122 y Fs(g)42 b -Ft(\016)32 b Fu(\()p Ft(S)1634 2137 y Fn(ds)1705 2122 -y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q Fs(env)2003 -2137 y Fc(V)2095 2122 y Fs(env)2251 2137 y Fc(P)2309 -2122 y Fu(\),)33 b(id\))382 2313 y Ft(S)450 2328 y Fn(ds)521 -2313 y Fu([)-17 b([)q Fr(begin)34 b Fs(D)931 2328 y Fc(V)1024 -2313 y Fs(D)1107 2328 y Fc(P)1198 2313 y Fs(S)44 b Fr(end)p -Fu(])-17 b(])r Fs(env)1645 2328 y Fc(V)1738 2313 y Fs(env)1894 -2328 y Fc(P)1984 2313 y Fs(sto)39 b Fu(=)32 b Ft(S)2321 -2328 y Fn(ds)2392 2313 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])p Fs(env)2690 2277 y Fi(0)2690 2338 y Fc(V)2783 2313 -y Fs(env)2939 2277 y Fi(0)2939 2338 y Fc(P)3029 2313 -y Fs(sto)3157 2277 y Fi(0)651 2481 y Fu(where)34 b Ft(D)1012 -2445 y Fn(V)1012 2505 y(ds)1083 2481 y Fu([)-17 b([)q -Fs(D)1204 2496 y Fc(V)1265 2481 y Fu(])g(])q(\()p Fs(env)1497 -2496 y Fc(V)1557 2481 y Fu(,)32 b Fs(sto)6 b Fu(\))33 -b(=)f(\()p Fs(env)2117 2445 y Fi(0)2117 2505 y Fc(V)2177 -2481 y Fu(,)h Fs(sto)2365 2445 y Fi(0)2388 2481 y Fu(\))651 -2648 y(and)f Ft(D)920 2612 y Fn(P)920 2673 y(ds)991 2648 -y Fu([)-17 b([)q Fs(D)1112 2663 y Fc(P)1171 2648 y Fu(])g(])p -Fs(env)1364 2612 y Fi(0)1364 2673 y Fc(V)1457 2648 y -Fs(env)1613 2663 y Fc(P)1703 2648 y Fu(=)33 b Fs(env)1968 -2612 y Fi(0)1968 2673 y Fc(P)382 2840 y Ft(S)450 2855 -y Fn(ds)521 2840 y Fu([)-17 b([)q Fr(call)33 b Fs(p)6 -b Fu(])-17 b(])q Fs(env)1046 2855 y Fc(V)1138 2840 y -Fs(env)1294 2855 y Fc(P)1385 2840 y Fu(=)32 b Fs(env)1649 -2855 y Fc(P)1740 2840 y Fs(p)p 3469 2889 V 0 2892 3473 -4 v 801 3053 a Fu(T)-8 b(able)32 b(4.5:)43 b(Denotational)30 -b(seman)m(tics)j(for)f Fw(Pro)s(c)0 3325 y Fu(Assume)49 -b(that)f(the)g(initial)c(en)m(vironmen)m(ts)49 b(are)f -Fs(env)2033 3340 y Fc(V)2141 3325 y Fu(and)g Fs(env)2502 -3340 y Fc(P)2608 3325 y Fu(and)g(that)g(the)g(initial)0 -3445 y(store)40 b Fs(sto)46 b Fu(has)41 b Fs(sto)46 b -Fu(next)40 b(=)g Fw(12)p Fu(.)66 b(Then)41 b(the)f(\014rst)h(step)f -(will)e(b)s(e)i(to)g(up)s(date)g(the)g(v)-5 b(ariable)0 -3565 y(en)m(vironmen)m(t)33 b(with)f(the)h(declarations)f(of)g(the)h -(outer)f(blo)s(c)m(k:)244 3783 y Ft(D)323 3747 y Fn(V)323 -3808 y(ds)395 3783 y Fu([)-17 b([)p Fr(var)34 b(x)e Fu(:=)h -Fr(7)p Fu(;])-17 b(])q(\()p Fs(env)1148 3798 y Fc(V)1208 -3783 y Fu(,)32 b Fs(sto)6 b Fu(\))513 3951 y(=)32 b Ft(D)701 -3914 y Fn(V)701 3975 y(ds)772 3951 y Fu([)-17 b([)p Fo(")p -Fu(])g(])q(\()p Fs(env)1087 3966 y Fc(V)1147 3951 y Fu([)p -Fr(x)p Ft(7!)p Fw(12)p Fu(],)32 b Fs(sto)6 b Fu([)p Fw(12)p -Ft(7!)p Fw(7)p Fu(][next)p Ft(7!)q Fw(13)p Fu(]\))513 -4118 y(=)32 b(\()p Fs(env)815 4133 y Fc(V)875 4118 y -Fu([)p Fr(x)p Ft(7!)p Fw(12)p Fu(],)h Fs(sto)6 b Fu([)p -Fw(12)p Ft(7!)p Fw(7)p Fu(][next)p Ft(7!)q Fw(13)p Fu(]\))0 -4336 y(Next)33 b(w)m(e)h(up)s(date)f(the)g(pro)s(cedure)g(en)m -(vironmen)m(t:)244 4553 y Ft(D)323 4517 y Fn(P)323 4578 -y(ds)395 4553 y Fu([)-17 b([)p Fr(proc)34 b(p)f(is)g(x)f -Fu(:=)h(0;])-17 b(]\()p Fs(env)1415 4568 y Fc(V)1475 -4553 y Fu([)p Fr(x)p Ft(7!)p Fw(12)p Fu(]\))33 b Fs(env)2019 -4568 y Fc(P)513 4721 y Fu(=)f Ft(D)701 4685 y Fn(P)701 -4746 y(ds)772 4721 y Fu([)-17 b([)p Fo(")p Fu(])g(])q(\()p -Fs(env)1087 4736 y Fc(V)1147 4721 y Fu([)p Fr(x)p Ft(7!)p -Fw(12)p Fu(]\))32 b(\()p Fs(env)1728 4736 y Fc(P)1786 -4721 y Fu([)p Fr(p)p Ft(7!)p Fs(g)9 b Fu(]\))513 4889 -y(=)32 b Fs(env)777 4904 y Fc(P)835 4889 y Fu([)p Fr(p)p -Ft(7!)p Fs(g)9 b Fu(])0 5106 y(where)244 5324 y Fs(g)41 -b(sto)e Fu(=)32 b Ft(S)667 5339 y Fn(ds)738 5324 y Fu([)-17 -b([)q Fr(x)32 b Fu(:=)h Fr(0)p Fu(])-17 b(])q(\()p Fs(env)1278 -5339 y Fc(V)1338 5324 y Fu([)p Fr(x)p Ft(7!)p Fw(12)p -Fu(]\))32 b Fs(env)1881 5339 y Fc(P)1972 5324 y Fs(sto)491 -5492 y Fu(=)g Fs(sto)6 b Fu([)p Fw(12)p Ft(7!)p Fw(0)p -Fu(])p eop -%%Page: 124 134 -124 133 bop 251 130 a Fw(124)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(b)s(ecause)44 -b Fr(x)f Fu(is)f(to)g(b)s(e)g(found)g(in)g(lo)s(cation)e -Fw(12)i Fu(according)g(to)g(the)h(v)-5 b(ariable)40 b(en)m(vironmen)m -(t.)283 636 y(Then)34 b(w)m(e)g(get)527 798 y Ft(S)595 -813 y Fn(ds)666 798 y Fu([)-17 b([)q Fr(begin)34 b(var)f(x)g -Fu(:=)f Fr(7)p Fu(;)h Fr(proc)h(p)f(is)g(x)f Fu(:=)h -Fr(0)p Fu(;)993 965 y Fr(begin)h(var)f(x)g Fu(:=)f Fr(5)p -Fu(;)h Fr(call)h(p)e(end)i(end)p Fu(])-17 b(])q Fs(env)2653 -980 y Fc(V)2746 965 y Fs(env)2902 980 y Fc(P)2992 965 -y Fs(sto)527 1133 y Fu(=)33 b Ft(S)704 1148 y Fn(ds)775 -1133 y Fu([)-17 b([)p Fr(begin)34 b(var)f(x)g Fu(:=)g -Fr(5)p Fu(;)g Fr(call)g(p)g(end)p Fu(])-17 b(])34 b(\()p -Fs(env)2357 1148 y Fc(V)2417 1133 y Fu([)p Fr(x)p Ft(7!)p -Fw(12)p Fu(]\))f(\()p Fs(env)2999 1148 y Fc(P)3056 1133 -y Fu([)p Fr(p)p Ft(7!)p Fs(g)9 b Fu(]\))1269 1300 y(\()p -Fs(sto)d Fu([)p Fw(12)p Ft(7!)o Fw(7)p Fu(][next)p Ft(7!)q -Fw(13)p Fu(]\))283 1462 y(F)-8 b(or)32 b(the)h(v)-5 b(ariable)31 -b(declarations)h(of)g(the)h(inner)f(blo)s(c)m(k)g(w)m(e)i(ha)m(v)m(e) -527 1624 y Ft(D)607 1588 y Fn(V)607 1649 y(ds)678 1624 -y Fu([)-17 b([)q Fr(var)33 b(x)g Fu(:=)f Fr(5)p Fu(;])-17 -b(])q(\()p Fs(env)1431 1639 y Fc(V)1491 1624 y Fu([)p -Fr(x)p Ft(7!)p Fw(12)p Fu(],)33 b Fs(sto)6 b Fu([)p Fw(12)p -Ft(7!)p Fw(7)p Fu(][next)p Ft(7!)q Fw(13)p Fu(]\))796 -1792 y(=)32 b Ft(D)984 1755 y Fn(V)984 1816 y(ds)1055 -1792 y Fu([)-17 b([)q Fo(")p Fu(])g(]\()p Fs(env)1370 -1807 y Fc(V)1430 1792 y Fu([)p Fr(x)p Ft(7!)p Fw(13)p -Fu(],)33 b Fs(sto)6 b Fu([)p Fw(12)p Ft(7!)p Fw(7)p Fu(][)p -Fw(13)p Ft(7!)p Fw(5)p Fu(][next)p Ft(7!)q Fw(14)p Fu(]\))796 -1959 y(=)32 b(\()p Fs(env)1098 1974 y Fc(V)1159 1959 -y Fu([)p Fr(x)p Ft(7!)p Fw(13)p Fu(],)g Fs(sto)6 b Fu([)p -Fw(12)p Ft(7!)p Fw(7)p Fu(][)p Fw(13)p Ft(7!)p Fw(5)p -Fu(][next)p Ft(7!)q Fw(14)p Fu(]\))283 2121 y(and)527 -2283 y Ft(D)607 2247 y Fn(P)607 2307 y(ds)678 2283 y -Fu([)-17 b([)q Fo(")o Fu(])g(])q(\()p Fs(env)993 2298 -y Fc(V)1053 2283 y Fu([)p Fr(x)p Ft(7!)p Fw(13)p Fu(]\))33 -b(\()p Fs(env)1635 2298 y Fc(P)1692 2283 y Fu([)p Fr(p)p -Ft(7!)p Fs(g)9 b Fu(]\))33 b(=)f Fs(env)2286 2298 y Fc(P)2344 -2283 y Fu([)p Fr(p)p Ft(7!)p Fs(g)9 b Fu(])283 2445 y(Th)m(us)35 -b(w)m(e)e(get)527 2606 y Ft(S)595 2621 y Fn(ds)666 2606 -y Fu([)-17 b([)q Fr(begin)34 b(var)f(x)g Fu(:=)f Fr(5)p -Fu(;)h Fr(call)h(p)f(end)p Fu(])-17 b(])34 b(\()p Fs(env)2249 -2621 y Fc(V)2309 2606 y Fu([)p Fr(x)p Ft(7!)p Fw(12)p -Fu(]\))e(\()p Fs(env)2890 2621 y Fc(P)2948 2606 y Fu([)p -Fr(p)p Ft(7!)p Fs(g)9 b Fu(]\))1269 2774 y(\()p Fs(sto)d -Fu([)p Fw(12)p Ft(7!)o Fw(7)p Fu(][next)p Ft(7!)q Fw(13)p -Fu(]\))796 2942 y(=)32 b Ft(S)972 2957 y Fn(ds)1043 2942 -y Fu([)-17 b([)q Fr(call)34 b(p)p Fu(])-17 b(]\()p Fs(env)1601 -2957 y Fc(V)1662 2942 y Fu([)p Fr(x)p Ft(7!)p Fw(13)p -Fu(]\))32 b(\()p Fs(env)2243 2957 y Fc(P)2301 2942 y -Fu([)p Fr(p)p Ft(7!)p Fs(g)9 b Fu(]\))1269 3109 y(\()p -Fs(sto)d Fu([)p Fw(12)p Ft(7!)o Fw(7)p Fu(][)p Fw(13)p -Ft(7!)p Fw(5)p Fu(][next)p Ft(7!)q Fw(14)p Fu(]\))796 -3277 y(=)32 b Fs(g)42 b Fu(\()p Fs(sto)6 b Fu([)p Fw(12)p -Ft(7!)o Fw(7)p Fu(][)p Fw(13)p Ft(7!)p Fw(5)p Fu(][next)p -Ft(7!)q Fw(14)p Fu(]\))796 3445 y(=)32 b Fs(sto)6 b Fu([)p -Fw(12)p Ft(7!)p Fw(0)p Fu(][)p Fw(13)p Ft(7!)p Fw(5)p -Fu(][next)p Ft(7!)q Fw(14)p Fu(])283 3606 y(so)33 b(w)m(e)h(see)g(that) -e(in)g(the)h(\014nal)e(store)i(the)g(lo)s(cation)e(for)h(the)h(lo)s -(cal)d(v)-5 b(ariable)31 b(has)i(the)g(v)-5 b(alue)32 -b Fw(5)283 3727 y Fu(and)h(the)g(one)g(for)f(the)h(global)d(v)-5 -b(ariable)31 b(has)i(the)g(v)-5 b(alue)32 b Fw(0)p Fu(.)1214 -b Fh(2)283 3899 y Fw(Exercise)37 b(4.67)49 b Fu(Consider)33 -b(the)g(follo)m(wing)d(statemen)m(t)j(in)f Fw(Pro)s(c)p -Fu(:)527 4061 y Fr(begin)i(var)g(x)e Fu(:=)h Fr(0)p Fu(;)816 -4229 y Fr(proc)h(p)f(is)g(x)f Fu(:=)h Fr(x)p Fu(+)p Fr(1)p -Fu(;)816 4397 y Fr(proc)h(q)f(is)g(call)g(p)p Fu(;)816 -4564 y Fr(begin)h(proc)g(p)e(is)h(x)g Fu(:=)g Fr(7)p -Fu(;)1105 4732 y Fr(call)h(q)816 4899 y(end)527 5067 -y(end)283 5229 y Fu(Use)i(the)g(seman)m(tic)e(clauses)i(of)e -Fw(Pro)s(c)h Fu(to)f(illustrate)f(that)i(pro)s(cedures)h(ha)m(v)m(e)g -(static)f(scop)s(e,)283 5349 y(that)i(is)e(sho)m(w)j(that)e(the)h -(\014nal)e(store)i(will)d(asso)s(ciate)i(the)g(lo)s(cation)e(of)i -Fr(x)h Fu(with)e(the)i(v)-5 b(alue)36 b Fw(1)283 5470 -y Fu(\(rather)d(than)g Fw(7)p Fu(\).)2718 b Fh(2)p eop -%%Page: 125 135 -125 134 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063 -b(125)p 0 193 3473 4 v 0 419 V 0 934 4 516 v 382 526 -a Ft(D)462 489 y Fn(P)462 550 y(ds)533 526 y Fu([)-17 -b([)p Fr(proc)34 b Fs(p)k Fr(is)c Fs(S)12 b Fu(;)32 b -Fs(D)1241 541 y Fc(P)1300 526 y Fu(])-17 b(])p Fs(env)1493 -541 y Fc(V)1586 526 y Fs(env)1742 541 y Fc(P)1832 526 -y Fu(=)33 b Ft(D)2020 489 y Fn(P)2020 550 y(ds)2091 526 -y Fu([)-17 b([)q Fs(D)2212 541 y Fc(P)2271 526 y Fu(])g(])p -Fs(env)2464 541 y Fc(V)2557 526 y Fu(\()p Fs(env)2751 -541 y Fc(P)2809 526 y Fu([)p Fs(p)6 b Ft(7!)o Fu(FIX)33 -b Fs(F)13 b Fu(]\))651 693 y(where)34 b Fs(F)45 b(g)c -Fu(=)33 b Ft(S)1304 708 y Fn(ds)1376 693 y Fu([)-17 b([)p -Fs(S)12 b Fu(])-17 b(])q Fs(env)1674 708 y Fc(V)1766 -693 y Fu(\()p Fs(env)1960 708 y Fc(P)2018 693 y Fu([)p -Fs(p)6 b Ft(7!)p Fs(g)j Fu(]\))382 884 y Ft(D)462 848 -y Fn(P)462 909 y(ds)533 884 y Fu([)-17 b([)p Fo(")p Fu(])g(])q -Fs(env)810 899 y Fc(V)902 884 y Fu(=)33 b(id)p 3469 934 -V 0 937 3473 4 v 232 1098 a(T)-8 b(able)32 b(4.6:)43 -b(Denotational)30 b(seman)m(tics)j(for)f(recursiv)m(e)i(pro)s(cedure)g -(declarations)0 1370 y Fw(Recursiv)m(e)i(pro)s(cedures)0 -1555 y Fu(In)d(the)f(case)h(where)h(pro)s(cedures)f(are)g(allo)m(w)m -(ed)e(to)h(b)s(e)g Fs(r)-5 b(e)g(cursive)39 b Fu(w)m(e)34 -b(shall)c(b)s(e)j(in)m(terested)g(in)0 1675 y(a)f(function)g -Fs(g)41 b Fu(in)32 b Fw(Store)h Fo(,)-17 b Ft(!)32 b -Fw(Store)h Fu(satisfying)244 1859 y Fs(g)41 b Fu(=)32 -b Ft(S)506 1874 y Fn(ds)577 1859 y Fu([)-17 b([)q Fs(S)12 -b Fu(])-17 b(])p Fs(env)875 1874 y Fc(V)968 1859 y Fu(\()p -Fs(env)1162 1874 y Fc(P)1220 1859 y Fu([)p Fs(p)6 b Ft(7!)o -Fs(g)j Fu(]\))0 2043 y(since)29 b(this)f(will)f(ensure)j(that)e(the)h -(meaning)f(of)g(all)e(the)j(recursiv)m(e)i(calls)c(is)h(the)h(same)g -(as)g(that)0 2164 y(of)g(the)h(pro)s(cedure)g(b)s(eing)f(de\014ned.)44 -b(F)-8 b(or)28 b(this)h(only)g(the)h(clause)f(for)g Ft(D)2599 -2127 y Fn(P)2599 2188 y(ds)2670 2164 y Fu([)-17 b([)q -Fr(proc)33 b Fs(p)39 b Fr(is)33 b Fs(S)12 b Fu(;)32 b -Fo(D)3376 2179 y Fc(P)3435 2164 y Fu(])-17 b(])0 2284 -y(needs)42 b(to)e(b)s(e)h(mo)s(di\014ed)f(and)g(the)h(new)h(clause)f -(is)f(giv)m(en)h(in)f(T)-8 b(able)40 b(4.6.)67 b(W)-8 -b(e)41 b(shall)e(see)j(in)0 2404 y(Exercise)34 b(4.69)e(that)h(this)f -(is)h(a)f(p)s(ermissible)f(de\014nition,)h(that)h(is)f -Fs(F)46 b Fu(of)32 b(T)-8 b(able)32 b(4.6)h(is)f(indeed)0 -2525 y(con)m(tin)m(uous.)0 2692 y Fw(Remark)e Fu(Let)g(us)h(brie\015y)f -(compare)g(the)g(ab)s(o)m(v)m(e)h(seman)m(tics)g(with)f(the)g(op)s -(erational)e(seman-)0 2813 y(tics)35 b(giv)m(en)g(in)g(Section)g(2.5)g -(for)f(the)i(same)f(language.)51 b(In)35 b(the)h(op)s(erational)d -(seman)m(tics)i(the)0 2933 y(p)s(ossibilit)m(y)27 b(of)i(recursion)g -(is)g(handled)g(b)m(y)h(up)s(dating)e(the)i(en)m(vironmen)m(t)f -Fs(e)-5 b(ach)32 b(time)f(the)h(pr)-5 b(o-)0 3053 y(c)g(e)g(dur)g(e)42 -b(is)g(c)-5 b(al)5 b(le)-5 b(d)50 b Fu(and,)43 b(except)f(for)e -(recording)g(the)h(declaration,)h(no)e(action)g(tak)m(es)i(place)0 -3174 y(when)27 b(the)f(pro)s(cedure)g(is)f(declared.)41 -b(In)26 b(the)g(denotational)e(approac)m(h,)j(the)f(situation)e(is)h(v) -m(ery)0 3294 y(di\013eren)m(t.)66 b(The)41 b(p)s(ossibilit)m(y)c(of)j -(recursion)g(is)g(handled)f Fs(onc)-5 b(e)41 b(and)g(for)h(al)5 -b(l)p Fu(,)41 b(namely)e Fs(when)0 3415 y(the)c(pr)-5 -b(o)g(c)g(e)g(dur)g(e)34 b(is)h(de)-5 b(clar)g(e)g(d)p -Fu(.)2340 b Fh(2)0 3617 y Fw(Exercise)36 b(4.68)49 b -Fu(Consider)33 b(the)g(declaration)e(of)h(the)h(factorial)d(pro)s -(cedure)244 3801 y Fr(proc)j(fac)h(is)f(begin)h(var)f(z)g -Fu(:=)f Fr(x)p Fu(;)1092 3969 y Fr(if)h(x)f Fu(=)h Fr(1)g(then)g(skip) -1092 4136 y(else)g Fu(\()p Fr(x)g Fu(:=)f Fr(x)h Ft(\000)g -Fr(1)p Fu(;)g Fr(call)h(fac)p Fu(;)f Fr(y)g Fu(:=)f Fr(z)h -Fo(?)f Fr(y)p Fu(\))803 4304 y Fr(end)p Fu(;)0 4488 y(Assume)39 -b(that)g(the)g(initial)c(en)m(vironmen)m(ts)k(are)g Fs(env)1977 -4503 y Fc(V)2076 4488 y Fu(and)f Fs(env)2427 4503 y Fc(P)2524 -4488 y Fu(and)g(that)h Fs(env)3093 4503 y Fc(V)3192 4488 -y Fr(x)f Fu(=)h Fs(l)3431 4503 y Fn(x)0 4608 y Fu(and)33 -b Fs(env)346 4623 y Fc(V)438 4608 y Fr(y)g Fu(=)f Fs(l)665 -4623 y Fn(y)708 4608 y Fu(.)44 b(Determine)31 b(the)i(up)s(dated)g(pro) -s(cedure)h(en)m(vironmen)m(t.)586 b Fh(2)146 4811 y Fu(As)31 -b(for)e Fw(While)f Fu(w)m(e)j(m)m(ust)f(ensure)h(that)f(the)g(seman)m -(tic)g(clauses)g(de\014ne)h(a)f(total)e(function)0 4931 -y Ft(S)68 4946 y Fn(ds)139 4931 y Fu(.)43 b(W)-8 b(e)33 -b(lea)m(v)m(e)h(the)f(details)e(to)h(the)h(exercise)h(b)s(elo)m(w.)0 -5133 y Fw(Exercise)i(4.69)49 b Fu(**)40 b(T)-8 b(o)40 -b(ensure)h(that)f(the)g(clauses)h(for)e Ft(S)2243 5148 -y Fn(ds)2354 5133 y Fu(de\014ne)i(a)f(total)e(function)h(w)m(e)0 -5254 y(m)m(ust)23 b(sho)m(w)h(that)f(FIX)g(is)f(only)h(applied)e(to)i -(con)m(tin)m(uous)h(functions.)40 b(In)23 b(the)h(case)f(of)g(recursiv) -m(e)0 5374 y(pro)s(cedures)34 b(this)f(is)f(a)h(rather)g(lab)s(orious)d -(task.)45 b(First)32 b(one)h(ma)m(y)g(use)h(structural)e(induction)0 -5494 y(to)g(sho)m(w)i(that)e Ft(D)652 5458 y Fn(V)652 -5519 y(ds)756 5494 y Fu(is)g(indeed)h(a)f(w)m(ell-de\014ned)h -(function.)43 b(Secondly)33 b(one)g(ma)m(y)f(de\014ne)p -eop -%%Page: 126 136 -126 135 bop 251 130 a Fw(126)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Fs(env)683 -530 y Fc(P)774 515 y Ft(v)851 479 y Fi(0)907 515 y Fs(env)1063 -479 y Fi(0)1063 540 y Fc(P)1153 515 y Fu(if)c(and)h(only)f(if)f -Fs(env)1892 530 y Fc(P)1982 515 y Fs(p)39 b Ft(v)33 b -Fs(env)2337 479 y Fi(0)2337 540 y Fc(P)2427 515 y Fs(p)39 -b Fu(for)32 b(all)e Fs(p)39 b Ft(2)33 b Fw(Pname)283 -712 y Fu(and)j(sho)m(w)g(that)e(\()p Fw(En)m(v)1163 727 -y Fn(P)1215 712 y Fu(,)i Ft(v)1355 676 y Fi(0)1379 712 -y Fu(\))e(is)h(a)g(ccp)s(o.)51 b(Finally)-8 b(,)32 b(one)k(ma)m(y)e -(use)i(Exercise)h(4.41)d(\(with)g Fs(D)283 833 y Fu(b)s(eing)k -Fw(Store)f Fo(,)-17 b Ft(!)38 b Fw(Store)p Fu(\))g(to)f(sho)m(w)i(that) -f(for)g(all)d Fs(env)2370 848 y Fc(V)2468 833 y Ft(2)k -Fw(En)m(v)2765 848 y Fn(V)2860 833 y Fu(the)g(clauses)f(of)g(T)-8 -b(ables)283 953 y(4.3,)33 b(4.5)f(and)h(4.6)f(do)g(de\014ne)i(con)m -(tin)m(uous)f(functions)527 1150 y Ft(S)595 1165 y Fn(ds)666 -1150 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])p Fs(env)964 -1165 y Fc(V)1024 1150 y Fu(:)44 b Fw(En)m(v)1287 1165 -y Fn(P)1371 1150 y Ft(!)33 b Fu(\()p Fw(Store)f Fo(,)-17 -b Ft(!)32 b Fw(Store)p Fu(\))527 1318 y Ft(D)607 1282 -y Fn(P)607 1343 y(ds)678 1318 y Fu([)-17 b([)q Fs(D)799 -1333 y Fc(P)857 1318 y Fu(])g(])q Fs(env)1051 1333 y -Fc(V)1111 1318 y Fu(:)44 b Fw(En)m(v)1374 1333 y Fn(P)1458 -1318 y Ft(!)32 b Fw(En)m(v)1782 1333 y Fn(P)283 1515 -y Fu(This)38 b(is)e(p)s(erformed)g(using)h(m)m(utual)f(structural)g -(induction)g(on)h(statemen)m(ts)h Fs(S)49 b Fu(and)37 -b(decla-)283 1635 y(rations)32 b Fs(D)692 1650 y Fn(P)744 -1635 y Fu(.)2910 b Fh(2)283 1855 y Fw(Exercise)37 b(4.70)49 -b Fu(Mo)s(dify)43 b(the)h(syn)m(tax)h(of)e(pro)s(cedures)i(so)f(that)f -(they)i(tak)m(e)f(t)m(w)m(o)h Fs(c)-5 b(al)5 b(l-by-)283 -1976 y(value)40 b Fu(parameters:)527 2173 y Fs(D)610 -2188 y Fc(P)702 2173 y Fu(::=)32 b Fr(proc)i Fs(p)6 b -Fu(\()p Fs(x)1253 2188 y Fn(1)1292 2173 y Fu(,)p Fs(x)1376 -2188 y Fn(2)1415 2173 y Fu(\))33 b Fr(is)g Fs(S)12 b -Fu(;)32 b Fs(D)1830 2188 y Fc(P)1921 2173 y Ft(j)g Fo(")527 -2340 y Fs(S)45 b Fu(::=)32 b Ft(\001)17 b(\001)g(\001)31 -b(j)h Fr(call)i Fs(p)6 b Fu(\()p Fs(a)1387 2355 y Fn(1)1426 -2340 y Fu(,)p Fs(a)1510 2355 y Fn(2)1550 2340 y Fu(\))283 -2537 y(The)41 b(meaning)c(of)i(a)g(pro)s(cedure)h(will)d(no)m(w)j(dep)s -(end)g(up)s(on)g(the)f(v)-5 b(alues)39 b(of)g(its)g(parameters)283 -2658 y(as)34 b(w)m(ell)f(as)h(the)g(state)g(in)f(whic)m(h)h(it)f(is)g -(executed.)49 b(W)-8 b(e)34 b(therefore)g(c)m(hange)h(the)f -(de\014nition)e(of)283 2778 y Fw(En)m(v)475 2793 y Fn(P)560 -2778 y Fu(to)g(b)s(e)527 2975 y Fw(En)m(v)719 2990 y -Fn(P)804 2975 y Fu(=)g Fw(Pname)h Ft(!)f Fu(\(\()p Fw(Z)h -Ft(\002)g Fw(Z)p Fu(\))g Ft(!)f Fu(\()p Fw(Store)g Fo(,)-17 -b Ft(!)33 b Fw(Store)p Fu(\)\))283 3172 y(so)d(that)f(giv)m(en)h(a)f -(pair)f(of)h(v)-5 b(alues)29 b(and)g(a)h(store)f(w)m(e)i(can)e -(determine)g(the)h(\014nal)f(store.)42 b(Mo)s(dify)283 -3293 y(the)h(de\014nition)e(of)g Ft(S)1092 3308 y Fn(ds)1205 -3293 y Fu(to)g(use)i(this)e(pro)s(cedure)i(en)m(vironmen)m(t.)72 -b(Also)41 b(pro)m(vide)h(seman)m(tic)283 3413 y(clauses)36 -b(for)f Ft(D)844 3377 y Fn(P)844 3438 y(ds)950 3413 y -Fu(in)f(the)i(case)g(of)e(non-recursiv)m(e)j(as)e(w)m(ell)f(as)i -(recursiv)m(e)g(pro)s(cedures.)53 b(Con-)283 3533 y(struct)34 -b(statemen)m(ts)f(that)g(illustrate)d(ho)m(w)j(the)g(new)h(clauses)f -(are)g(used.)723 b Fh(2)283 3753 y Fw(Exercise)37 b(4.71)49 -b Fu(*)35 b(Mo)s(dify)f(the)h(seman)m(tics)h(of)e Fw(Pro)s(c)h -Fu(so)g(that)g(dynamic)f(scop)s(e)i(rules)f(are)283 3874 -y(emplo)m(y)m(ed)e(for)f(v)-5 b(ariables)32 b(as)g(w)m(ell)g(as)h(pro)s -(cedures.)1492 b Fh(2)283 4161 y Fp(The)45 b(concept)g(of)g(con)l(tin)l -(uations)283 4346 y Fu(Another)35 b(imp)s(ortan)m(t)c(concept)k(from)d -(denotational)g(seman)m(tics)i(is)f(that)g(of)g Fs(c)-5 -b(ontinuations)8 b Fu(.)283 4466 y(T)-8 b(o)35 b(illustrate)e(it)h(w)m -(e)i(shall)d(consider)i(an)g(extension)h(of)e Fw(While)f -Fu(where)k(exceptions)f(can)f(b)s(e)283 4587 y(raised)e(and)f(handled.) -44 b(The)33 b(new)h(language)d(is)i(called)e Fw(Exc)h -Fu(and)h(its)f(syn)m(tax)i(is:)577 4775 y Fs(S)112 b -Fu(::=)99 b Fs(x)45 b Fu(:=)32 b Fs(a)40 b Ft(j)32 b -Fr(skip)i Ft(j)e Fs(S)1713 4790 y Fn(1)1785 4775 y Fu(;)g -Fs(S)1911 4790 y Fn(2)1983 4775 y Ft(j)g Fr(if)h Fs(b)39 -b Fr(then)33 b Fs(S)2566 4790 y Fn(1)2638 4775 y Fr(else)h -Fs(S)2943 4790 y Fn(2)795 4943 y Ft(j)150 b Fr(while)34 -b Fs(b)39 b Fr(do)33 b Fs(S)44 b Ft(j)32 b Fr(begin)i -Fs(S)1996 4958 y Fn(1)2068 4943 y Fr(handle)g Fs(e)7 -b Fu(:)44 b Fs(S)2598 4958 y Fn(2)2669 4943 y Fr(end)34 -b Ft(j)e Fr(raise)i Fs(e)283 5133 y Fu(The)c(meta-v)-5 -b(ariable)26 b Fs(e)36 b Fu(ranges)29 b(o)m(v)m(er)h(the)f(syn)m -(tactic)g(category)g Fw(Exception)56 b Fu(of)29 b(exceptions.)283 -5254 y(The)34 b(statemen)m(t)e Fr(raise)i Fs(e)39 b Fu(is)32 -b(a)f(kind)h(of)g(jump)g(instruction:)42 b(when)33 b(it)e(is)h(encoun)m -(tered,)i(the)283 5374 y(execution)f(of)d(the)i(encapsulating)f(blo)s -(c)m(k)g(is)g(stopp)s(ed)h(and)g(the)f(\015o)m(w)h(of)f(con)m(trol)g -(is)g(giv)m(en)g(to)283 5494 y(the)i(statemen)m(t)h(declaring)d(the)i -(exception)g Fs(e)7 b Fu(.)44 b(An)33 b(example)f(is)g(the)h(statemen)m -(t)p eop -%%Page: 127 137 -127 136 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063 -b(127)p 0 193 3473 4 v 244 515 a Fr(begin)34 b(while)g(true)f(do)g(if)g -(x)p Ft(\024)q Fr(0)1194 683 y(then)h(raise)g(exit)1194 -851 y(else)g(x)f Fu(:=)f Fr(x)p Ft(\000)p Fr(1)533 1018 -y(handle)i(exit)p Fu(:)44 b Fr(y)33 b Fu(:=)g Fr(7)244 -1186 y(end)0 1381 y Fu(Assume)d(that)f Fs(s)614 1396 -y Fn(0)683 1381 y Fu(is)f(the)i(initial)25 b(state)30 -b(and)f(that)g Fs(s)1898 1396 y Fn(0)1967 1381 y Fr(x)g -Fo(>)g Fw(0)p Fu(.)43 b(Then)30 b(the)g(false)e(branc)m(h)i(of)f(the)0 -1502 y(conditional)h(will)h(b)s(e)h(c)m(hosen)j(and)e(the)g(v)-5 -b(alue)32 b(of)g Fr(x)h Fu(decremen)m(ted.)46 b(Ev)m(en)m(tually)-8 -b(,)33 b Fr(x)g Fu(gets)g(the)0 1622 y(v)-5 b(alue)31 -b Fw(0)g Fu(and)g(the)g(true)h(branc)m(h)g(of)e(the)i(conditional)c -(will)h(raise)i(the)g(exception)h Fr(exit)p Fu(.)44 b(This)0 -1742 y(will)37 b(cause)k(the)e(execution)h(of)f(the)h -Fr(while)p Fu(-lo)s(op)f(to)g(b)s(e)h(terminated)e(and)h(con)m(trol)g -(will)e(b)s(e)0 1863 y(transferred)d(to)f(the)h(handler)g(for)e -Fr(exit)p Fu(.)48 b(Th)m(us)35 b(the)f(statemen)m(t)g(will)d(terminate) -h(in)h(a)g(state)0 1983 y(where)h Fr(x)f Fu(has)g(the)g(v)-5 -b(alue)32 b Fw(0)g Fu(and)h Fr(y)g Fu(the)g(v)-5 b(alue)32 -b Fw(7)p Fu(.)146 2103 y(The)39 b(meaning)e(of)g(an)h(exception)h(will) -c(b)s(e)j(the)h(e\013ect)f(of)g Fs(exe)-5 b(cuting)39 -b(the)h(r)-5 b(emainder)39 b(of)0 2224 y(the)c(pr)-5 -b(o)g(gr)g(am)39 b Fu(starting)32 b(from)f(the)i(handler.)43 -b(Consider)33 b(a)g(statemen)m(t)g(of)f(the)h(form)244 -2419 y(\()p Fr(if)g Fs(b)38 b Fr(then)c Fs(S)805 2434 -y Fn(1)877 2419 y Fr(else)f Fs(S)1181 2434 y Fn(2)1221 -2419 y Fu(\))f(;)h Fs(S)1418 2434 y Fn(3)0 2614 y Fu(In)43 -b(the)h(language)e Fw(While)g Fu(it)g(is)g(eviden)m(t)i(that)f(indep)s -(enden)m(tly)h(of)f(whether)h(w)m(e)g(execute)0 2735 -y Fs(S)67 2750 y Fn(1)144 2735 y Fu(or)38 b Fs(S)336 -2750 y Fn(2)413 2735 y Fu(w)m(e)h(ha)m(v)m(e)g(to)e(con)m(tin)m(ue)i -(with)e Fs(S)1606 2750 y Fn(3)1646 2735 y Fu(.)59 b(When)39 -b(w)m(e)g(in)m(tro)s(duce)e(exceptions)i(this)f(do)s(es)0 -2855 y(not)32 b(hold)f(an)m(y)h(longer:)43 b(if)30 b(one)j(of)e(the)h -(branc)m(hes)i(raises)e(an)g(exception)g(not)g(handled)g(inside)0 -2975 y(that)41 b(branc)m(h,)j(then)d(w)m(e)h(will)d(certainly)h(not)g -(execute)j Fs(S)2173 2990 y Fn(3)2212 2975 y Fu(.)69 -b(It)41 b(is)f(therefore)i(necessary)h(to)0 3096 y(rewrite)32 -b(the)h(seman)m(tics)f(of)f Fw(While)g Fu(to)h(mak)m(e)g(the)g -(\\e\013ect)h(of)e(executing)i(the)g(remainder)e(of)0 -3216 y(the)i(program")e(more)h(explicit.)0 3475 y Fw(Con)m(tin)m -(uation)k(st)m(yle)h(seman)m(tics)f(for)i(While)0 3659 -y Fu(In)26 b(a)f Fs(c)-5 b(ontinuation)27 b(style)i(semantics)j -Fu(the)26 b(con)m(tin)m(uations)f(describ)s(e)h(the)51 -b Fs(e\013e)-5 b(ct)28 b(of)g(exe)-5 b(cuting)0 3780 -y(the)31 b(r)-5 b(emainder)29 b(of)h(the)h(pr)-5 b(o)g(gr)g(am)p -Fu(.)41 b(F)-8 b(or)27 b(us)i(a)e Fs(c)-5 b(ontinuation)35 -b(c)e Fu(is)28 b(an)g(elemen)m(t)f(of)h(the)g(domain)244 -3975 y Fw(Con)m(t)k Fu(=)h Fw(State)f Fo(,)-17 b Ft(!)33 -b Fw(State)0 4170 y Fu(and)38 b(is)f(th)m(us)h(a)f(partial)f(function)h -(from)f Fw(State)h Fu(to)g Fw(State)p Fu(.)59 b(Sometimes)36 -b(one)i(uses)h(partial)0 4291 y(functions)24 b(from)f -Fw(State)h Fu(to)f(a)h(\\simpler")e(set)i Fw(Ans)g Fu(of)g(answ)m(ers)i -(but)e(in)f(all)f(cases)j(the)g(purp)s(ose)0 4411 y(of)e(a)g(con)m(tin) -m(uation)g(is)g(to)g(express)i(the)f(\\outcome")f(of)g(the)h(remainder) -e(of)h(the)h(program)e(when)0 4531 y(started)33 b(in)f(a)g(giv)m(en)h -(state.)146 4652 y(Consider)e(a)f(statemen)m(t)g(of)g(the)g(form)f -Ft(\001)17 b(\001)g(\001)n Fu(;)31 b Fs(S)42 b Fu(;)30 -b Ft(\001)17 b(\001)g(\001)28 b Fu(and)i(let)g(us)h(explain)e(the)h -(meaning)f(of)0 4772 y Fs(S)47 b Fu(in)34 b(terms)g(of)h(the)g -(e\013ect)h(of)e(executing)i(the)f(remainder)f(of)g(the)i(program.)49 -b(The)35 b(starting)0 4893 y(p)s(oin)m(t)40 b(will)f(b)s(e)j(the)g(con) -m(tin)m(uation)e Fs(c)47 b Fu(determining)39 b(the)j(e\013ect)g(of)f -(executing)h(the)g(part)f(of)0 5013 y(the)35 b(program)f -Fs(after)45 b(S)12 b Fu(,)35 b(that)g(is)f Fs(c)41 b(s)i -Fu(is)34 b(the)h(state)h(obtained)e(when)i(the)g(remainder)e(of)g(the)0 -5133 y(program)29 b(is)i(executed)i(from)c(state)j Fs(s)8 -b Fu(.)43 b(W)-8 b(e)31 b(shall)e(then)j(determine)e(the)i(e\013ect)f -(of)g(executing)0 5254 y Fs(S)45 b Fu(and)32 b(the)i(remainder)e(of)g -(the)h(program,)f(that)g(is)h(w)m(e)g(shall)f(determine)g(a)h(con)m -(tin)m(uation)f Fs(c)3450 5218 y Fi(0)0 5374 y Fu(suc)m(h)f(that)e -Fs(c)476 5338 y Fi(0)529 5374 y Fs(s)37 b Fu(is)29 b(the)h(state)g -(obtained)f(when)i(executing)f Fs(S)42 b Fu(and)29 b(the)h(part)g(of)f -(the)h(program)0 5494 y(follo)m(wing)g Fs(S)44 b Fu(from)32 -b(state)h Fs(s)8 b Fu(.)43 b(Pictorially)-8 b(,)30 b(from)p -eop -%%Page: 128 138 -128 137 bop 251 130 a Fw(128)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 1501 -4 1083 v 666 519 a Ft(S)733 483 y Fi(0)733 543 y Fn(cs)797 -519 y Fu([)-17 b([)p Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(])-17 -b(])q Fs(c)38 b(s)j Fu(=)32 b Fs(c)38 b Fu(\()p Fs(s)8 -b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 -b(])q Fs(s)8 b Fu(]\))666 710 y Ft(S)733 674 y Fi(0)733 -735 y Fn(cs)797 710 y Fu([)-17 b([)p Fr(skip)p Fu(])g(])34 -b(=)f(id)666 901 y Ft(S)733 865 y Fi(0)733 926 y Fn(cs)797 -901 y Fu([)-17 b([)p Fs(S)901 916 y Fn(1)973 901 y Fu(;)33 -b Fs(S)1100 916 y Fn(2)1139 901 y Fu(])-17 b(])33 b(=)f -Ft(S)1385 865 y Fi(0)1385 926 y Fn(cs)1449 901 y Fu([)-17 -b([)p Fs(S)1553 916 y Fn(1)1592 901 y Fu(])g(])34 b Ft(\016)e(S)1813 -865 y Fi(0)1813 926 y Fn(cs)1876 901 y Fu([)-17 b([)q -Fs(S)1981 916 y Fn(2)2020 901 y Fu(])g(])666 1092 y Ft(S)733 -1056 y Fi(0)733 1117 y Fn(cs)797 1092 y Fu([)g([)p Fr(if)33 -b Fs(b)39 b Fr(then)33 b Fs(S)1357 1107 y Fn(1)1429 1092 -y Fr(else)h Fs(S)1734 1107 y Fn(2)1773 1092 y Fu(])-17 -b(])q Fs(c)38 b Fu(=)32 b(cond\()p Ft(B)t Fu([)-17 b([)q -Fs(b)6 b Fu(])-17 b(],)33 b Ft(S)2563 1056 y Fi(0)2563 -1117 y Fn(cs)2626 1092 y Fu([)-17 b([)p Fs(S)2730 1107 -y Fn(1)2770 1092 y Fu(])g(])p Fs(c)6 b Fu(,)32 b Ft(S)2985 -1056 y Fi(0)2985 1117 y Fn(cs)3049 1092 y Fu([)-17 b([)p -Fs(S)3153 1107 y Fn(2)3193 1092 y Fu(])g(])p Fs(c)6 b -Fu(\))666 1284 y Ft(S)733 1248 y Fi(0)733 1308 y Fn(cs)797 -1284 y Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 -b Fs(S)12 b Fu(])-17 b(])33 b(=)f(FIX)g Fs(G)934 1451 -y Fu(where)i(\()p Fs(G)42 b(g)9 b Fu(\))32 b Fs(c)38 -b Fu(=)32 b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(],)33 b Ft(S)2247 1415 y Fi(0)2247 1476 y Fn(cs)2310 -1451 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\()p Fs(g)41 -b(c)6 b Fu(\),)32 b Fs(c)6 b Fu(\))p 3753 1501 V 283 -1504 3473 4 v 937 1665 a(T)-8 b(able)32 b(4.7:)43 b(Con)m(tin)m(uation) -32 b(st)m(yle)h(seman)m(tics)g(for)f Fw(While)769 1959 -y Ft(\001)17 b(\001)g(\001)240 b Fu(;)300 b Fs(S)310 -b Fu(;)275 b Ft(\001)17 b(\001)g(\001)1879 1994 y Fg(|)p -1916 1994 226 10 v 226 w({z)p 2216 1994 V 226 w(})2154 -2075 y Fs(c)283 2266 y Fu(w)m(e)34 b(w)m(an)m(t)g(to)e(obtain)769 -2491 y Ft(\001)17 b(\001)g(\001)240 b Fu(;)300 b Fs(S)278 -b Fu(;)259 b Ft(\001)17 b(\001)g(\001)1187 2545 y Fg(|)p -1224 2545 548 10 v 548 w({z)p 1846 2545 V 548 w(})1772 -2657 y Fs(c)1823 2621 y Fi(0)283 2851 y Fu(W)-8 b(e)49 -b(shall)d(de\014ne)j(a)e(seman)m(tic)g(function)h Ft(S)1987 -2815 y Fi(0)1987 2876 y Fn(cs)2098 2851 y Fu(for)f Fw(While)g -Fu(that)g(ac)m(hiev)m(es)i(this.)89 b(It)47 b(has)283 -2971 y(functionalit)m(y)527 3196 y Ft(S)595 3160 y Fi(0)595 -3221 y Fn(cs)658 3196 y Fu(:)d Fw(Stm)32 b Ft(!)g Fu(\()p -Fw(Con)m(t)g Ft(!)g Fw(Con)m(t)p Fu(\))283 3421 y(and)j(is)f(de\014ned) -h(in)f(T)-8 b(able)34 b(4.7.)48 b(The)36 b(clauses)f(for)e(assignmen)m -(t)h(and)h Fr(skip)g Fu(are)f(straigh)m(tfor-)283 3542 -y(w)m(ard;)g(ho)m(w)m(ev)m(er,)h(note)e(that)g(w)m(e)h(no)m(w)f(use)h -(id)e(as)h(the)g(iden)m(tit)m(y)g(function)f(on)h Fw(Con)m(t)p -Fu(,)g(that)f(is)283 3662 y(id)c Fs(c)35 b(s)h Fu(=)29 -b Fs(c)34 b(s)8 b Fu(.)42 b(In)29 b(the)g(clause)g(for)g(comp)s -(osition)d(the)j(order)g(of)f(the)h(functional)e(comp)s(osition)283 -3783 y(is)33 b Fs(r)-5 b(everse)g(d)42 b Fu(compared)33 -b(with)g(the)g(direct)g(st)m(yle)g(seman)m(tics)h(of)e(T)-8 -b(able)33 b(4.1.)44 b(In)m(tuitiv)m(ely)-8 b(,)32 b(the)283 -3903 y(reason)43 b(is)e(that)h(the)g(con)m(tin)m(uations)f(are)h -(\\pulled)f(bac)m(kw)m(ards")i(through)f(the)g(t)m(w)m(o)h(state-)283 -4023 y(men)m(ts.)55 b(So)36 b(assuming)f(that)h Fs(c)41 -b Fu(is)36 b(the)g(con)m(tin)m(uation)f(for)h(the)g(remainder)f(of)h -(the)g(program)283 4144 y(w)m(e)44 b(shall)c(\014rst)j(determine)f(a)g -(con)m(tin)m(uation)f(for)g Fs(S)2239 4159 y Fn(2)2321 -4144 y Fu(follo)m(w)m(ed)g(b)m(y)i(the)g(remainder)e(of)g(the)283 -4264 y(program)32 b(and)g(next)i(for)e Fs(S)1299 4279 -y Fn(1)1371 4264 y Fu(follo)m(w)m(ed)f(b)m(y)j Fs(S)1950 -4279 y Fn(2)2022 4264 y Fs(and)42 b Fu(the)33 b(remainder)e(of)i(the)g -(program.)430 4389 y(The)42 b(clause)g(for)f(the)g(conditional)e(is)i -(straigh)m(tforw)m(ard)g(as)g(the)h(con)m(tin)m(uation)f(applies)283 -4509 y(to)g(b)s(oth)g(branc)m(hes.)72 b(In)41 b(the)h(clause)f(for)g -(the)h Fr(while)p Fu(-construct)h(w)m(e)f(use)h(the)e(\014xed)i(p)s -(oin)m(t)283 4630 y(op)s(erator)33 b(as)g(in)g(the)h(direct)f(st)m(yle) -g(seman)m(tics.)46 b(If)33 b(the)h(test)g(of)f Fr(while)h -Fs(b)39 b Fr(do)34 b Fs(S)45 b Fu(ev)-5 b(aluates)33 -b(to)283 4750 y Fw(\013)g Fu(then)f(w)m(e)h(return)f(the)g(con)m(tin)m -(uation)f Fs(c)37 b Fu(for)31 b(the)h(remainder)f(of)g(the)i(program.) -41 b(If)32 b(the)g(test)283 4870 y(ev)-5 b(aluates)33 -b(to)g Fw(tt)f Fu(then)i Fs(g)41 b(c)e Fu(denotes)34 -b(the)g(e\013ect)g(of)e(executing)i(the)f(remainder)f(of)h(the)g(lo)s -(op)283 4991 y(follo)m(w)m(ed)j(b)m(y)h(the)g(remainder)e(of)h(the)h -(program)d(and)j(is)f(the)g(con)m(tin)m(uation)g(to)f(b)s(e)i(used)g -(for)283 5111 y(the)c(\014rst)h(unfolding)c(of)i(the)h(lo)s(op.)283 -5374 y Fw(Example)k(4.72)49 b Fu(Consider)34 b(the)g(statemen)m(t)g -Fr(z)g Fu(:=)f Fr(x)p Fu(;)i Fr(x)f Fu(:=)f Fr(y)p Fu(;)i -Fr(y)e Fu(:=)h Fr(z)g Fu(of)f(Chapter)h(1.)47 b(Let)283 -5494 y(id)32 b(b)s(e)h(the)g(iden)m(tit)m(y)f(function)h(on)f -Fw(State)p Fu(.)44 b(Then)33 b(w)m(e)h(ha)m(v)m(e)p eop -%%Page: 129 139 -129 138 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063 -b(129)p 0 193 3473 4 v 244 515 a Ft(S)312 479 y Fi(0)312 -540 y Fn(cs)375 515 y Fu([)-17 b([)q Fr(z)32 b Fu(:=)h -Fr(x)p Fu(;)g Fr(x)g Fu(:=)f Fr(y)p Fu(;)h Fr(y)g Fu(:=)f -Fr(z)p Fu(])-17 b(])q(id)413 683 y(=)32 b(\()p Ft(S)627 -647 y Fi(0)627 708 y Fn(cs)690 683 y Fu([)-17 b([)q Fr(z)32 -b Fu(:=)h Fr(x)p Fu(])-17 b(])33 b Ft(\016)g(S)1218 647 -y Fi(0)1218 708 y Fn(cs)1282 683 y Fu([)-17 b([)p Fr(x)33 -b Fu(:=)g Fr(y)p Fu(])-17 b(])33 b Ft(\016)f(S)1810 647 -y Fi(0)1810 708 y Fn(cs)1874 683 y Fu([)-17 b([)p Fr(y)33 -b Fu(:=)f Fr(z)p Fu(])-17 b(])q(\))33 b(id)413 851 y(=)f(\()p -Ft(S)627 814 y Fi(0)627 875 y Fn(cs)690 851 y Fu([)-17 -b([)q Fr(z)32 b Fu(:=)h Fr(x)p Fu(])-17 b(])33 b Ft(\016)g(S)1218 -814 y Fi(0)1218 875 y Fn(cs)1282 851 y Fu([)-17 b([)p -Fr(x)33 b Fu(:=)g Fr(y)p Fu(])-17 b(])q(\))32 b Fs(g)1752 -866 y Fn(1)681 1018 y Fu(where)i Fs(g)1017 1033 y Fn(1)1089 -1018 y Fs(s)40 b Fu(=)33 b(id\()p Fs(s)8 b Fu([)p Fr(y)p -Ft(7!)o Fu(\()p Fs(s)41 b Fr(z)p Fu(\)]\))413 1186 y(=)32 -b Ft(S)589 1150 y Fi(0)589 1211 y Fn(cs)652 1186 y Fu([)-17 -b([)q Fr(z)33 b Fu(:=)f Fr(x)p Fu(])-17 b(])q Fs(g)1052 -1201 y Fn(2)681 1354 y Fu(where)34 b Fs(g)1017 1369 y -Fn(2)1089 1354 y Fs(s)40 b Fu(=)33 b Fs(g)1332 1369 y -Fn(1)1371 1354 y Fu(\()p Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p -Fu(\()p Fs(s)40 b Fr(y)p Fu(\)]\))1169 1521 y(=)33 b(id\()p -Fs(s)8 b Fu([)p Fr(x)p Ft(7!)o Fu(\()p Fs(s)41 b Fr(y)p -Fu(\)][)p Fr(y)p Ft(7!)p Fu(\()p Fs(s)f Fr(z)p Fu(\)]\))413 -1689 y(=)32 b Fs(g)575 1704 y Fn(3)681 1856 y Fu(where)i -Fs(g)1017 1871 y Fn(3)1089 1856 y Fs(s)40 b Fu(=)33 b -Fs(g)1332 1871 y Fn(2)1371 1856 y Fu(\()p Fs(s)8 b Fu([)p -Fr(z)p Ft(7!)p Fu(\()p Fs(s)40 b Fr(x)p Fu(\)]\))1169 -2024 y(=)33 b(id\()p Fs(s)8 b Fu([)p Fr(z)p Ft(7!)o Fu(\()p -Fs(s)41 b Fr(x)p Fu(\)][)p Fr(x)p Ft(7!)p Fu(\()p Fs(s)f -Fr(y)p Fu(\)][)p Fr(y)p Ft(7!)q Fu(\()p Fs(s)g Fr(x)p -Fu(\)]\))0 2242 y(Note)33 b(that)f(the)h(seman)m(tic)f(function)g(is)h -(constructed)h(in)e(a)g(\\bac)m(kw)m(ards")i(manner.)258 -b Fh(2)146 2491 y Fu(As)35 b(in)f(the)h(case)g(of)f(the)h(direct)g(st)m -(yle)g(seman)m(tics)f(w)m(e)i(m)m(ust)f(ensure)g(that)g(the)g(seman)m -(tic)0 2612 y(clauses)e(de\014ne)h(a)e(total)f(function)h -Ft(S)1372 2576 y Fi(0)1372 2636 y Fn(cs)1436 2612 y Fu(.)43 -b(W)-8 b(e)33 b(lea)m(v)m(e)g(the)g(details)f(to)g(the)h(exercise)h(b)s -(elo)m(w.)0 2864 y Fw(Exercise)i(4.73)49 b Fu(**)40 b(T)-8 -b(o)41 b(ensure)h(that)e(the)h(clauses)h(for)e Ft(S)2247 -2828 y Fi(0)2247 2889 y Fn(cs)2351 2864 y Fu(de\014ne)i(a)e(total)f -(function)h(w)m(e)0 2984 y(m)m(ust)31 b(sho)m(w)h(that)e(FIX)h(is)f -(only)g(applied)f(to)i(con)m(tin)m(uous)g(functions.)43 -b(First)30 b(one)h(ma)m(y)f(de\014ne)244 3203 y Fs(g)298 -3218 y Fn(1)369 3203 y Ft(v)447 3166 y Fi(0)503 3203 -y Fs(g)557 3218 y Fn(2)628 3203 y Fu(if)i(and)g(only)g(if)g -Fs(g)1265 3218 y Fn(1)1336 3203 y Fs(c)38 b Ft(v)33 b -Fs(g)1583 3218 y Fn(2)1655 3203 y Fs(c)38 b Fu(for)32 -b(all)f Fs(c)38 b Ft(2)33 b Fw(Con)m(t)0 3421 y Fu(and)g(sho)m(w)g -(that)g(\()p Fw(Con)m(t)f Ft(!)g Fw(Con)m(t)p Fu(,)g -Ft(v)1462 3385 y Fi(0)1485 3421 y Fu(\))h(is)f(a)g(ccp)s(o.)44 -b(Secondly)-8 b(,)33 b(one)g(ma)m(y)f(de\014ne)244 3639 -y([)p Fw(Con)m(t)g Ft(!)g Fw(Con)m(t)p Fu(])h(=)f Ft(f)g -Fs(g)9 b Fu(:)43 b Fw(Con)m(t)33 b Ft(!)f Fw(Con)m(t)g -Ft(j)g Fs(g)41 b Fu(is)32 b(con)m(tin)m(uous)i Ft(g)0 -3857 y Fu(and)29 b(sho)m(w)i(that)e(\([)p Fw(Con)m(t)g -Ft(!)f Fw(Con)m(t)p Fu(],)i Ft(v)1497 3821 y Fi(0)1520 -3857 y Fu(\))f(is)g(a)g(ccp)s(o.)42 b(Finally)-8 b(,)28 -b(one)h(ma)m(y)g(use)h(Exercise)h(4.41)0 3978 y(\(with)26 -b Fs(D)36 b Fu(=)26 b([)p Fw(Con)m(t)g Ft(!)g Fw(Con)m(t)p -Fu(]\))h(to)f(sho)m(w)i(that)e(the)h(clauses)g(of)f(T)-8 -b(able)27 b(4.7)f(de\014ne)i(a)e(function)244 4196 y -Ft(S)312 4160 y Fi(0)312 4221 y Fn(cs)375 4196 y Fu(:)43 -b([)p Fw(Con)m(t)33 b Ft(!)f Fw(Con)m(t)p Fu(])0 4414 -y(using)g(structural)h(induction)e(on)i Fs(S)12 b Fu(.)2029 -b Fh(2)0 4664 y Fw(Exercise)36 b(4.74)49 b Fu(*)33 b(Pro)m(v)m(e)h -(that)e(the)h(t)m(w)m(o)g(seman)m(tic)g(functions)f Ft(S)2504 -4679 y Fn(ds)2608 4664 y Fu(and)g Ft(S)2865 4627 y Fi(0)2865 -4688 y Fn(cs)2961 4664 y Fu(satisfy)244 4882 y Ft(S)312 -4846 y Fi(0)312 4906 y Fn(cs)375 4882 y Fu([)-17 b([)q -Fs(S)12 b Fu(])-17 b(])p Fs(c)38 b Fu(=)33 b Fs(c)38 -b Ft(\016)32 b(S)942 4897 y Fn(ds)1013 4882 y Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(])0 5100 y(for)32 b(all)f(statemen)m(ts)i -Fs(S)44 b Fu(of)33 b Fw(While)d Fu(and)j(for)f(all)f(con)m(tin)m -(uations)h Fs(c)6 b Fu(.)933 b Fh(2)0 5349 y Fw(Exercise)36 -b(4.75)49 b Fu(Extend)26 b(the)g(language)d Fw(While)g -Fu(with)h(the)h(construct)h Fr(repeat)34 b Fs(S)45 b -Fr(until)34 b Fs(b)0 5470 y Fu(and)f(giv)m(e)f(the)h(new)h(\(comp)s -(ositional\))29 b(clause)j(for)g Ft(S)1960 5433 y Fi(0)1960 -5494 y Fn(cs)2024 5470 y Fu(.)1347 b Fh(2)p eop -%%Page: 130 140 -130 139 bop 251 130 a Fw(130)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 2219 -4 1800 v 666 519 a Ft(S)733 534 y Fn(cs)797 519 y Fu([)-17 -b([)p Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(])-17 b(])q Fs(env)1245 -534 y Fc(E)1336 519 y Fs(c)38 b(s)j Fu(=)32 b Fs(c)38 -b Fu(\()p Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 b([)q -Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(]\))666 710 y Ft(S)733 -725 y Fn(cs)797 710 y Fu([)-17 b([)p Fr(skip)p Fu(])g(])r -Fs(env)1233 725 y Fc(E)1324 710 y Fu(=)33 b(id)666 901 -y Ft(S)733 916 y Fn(cs)797 901 y Fu([)-17 b([)p Fs(S)901 -916 y Fn(1)973 901 y Fu(;)33 b Fs(S)1100 916 y Fn(2)1139 -901 y Fu(])-17 b(])q Fs(env)1333 916 y Fc(E)1424 901 -y Fu(=)32 b(\()p Ft(S)1638 916 y Fn(cs)1701 901 y Fu([)-17 -b([)q Fs(S)1806 916 y Fn(1)1845 901 y Fu(])g(])q Fs(env)2039 -916 y Fc(E)2098 901 y Fu(\))32 b Ft(\016)g Fu(\()p Ft(S)2356 -916 y Fn(cs)2419 901 y Fu([)-17 b([)q Fs(S)2524 916 y -Fn(2)2563 901 y Fu(])g(])q Fs(env)2757 916 y Fc(E)2816 -901 y Fu(\))666 1092 y Ft(S)733 1107 y Fn(cs)797 1092 -y Fu([)g([)p Fr(if)33 b Fs(b)39 b Fr(then)33 b Fs(S)1357 -1107 y Fn(1)1429 1092 y Fr(else)h Fs(S)1734 1107 y Fn(2)1773 -1092 y Fu(])-17 b(])q Fs(env)1967 1107 y Fc(E)2058 1092 -y Fs(c)38 b Fu(=)934 1260 y(cond\()p Ft(B)t Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(S)1495 1275 y Fn(cs)1558 -1260 y Fu([)-17 b([)q Fs(S)1663 1275 y Fn(1)1702 1260 -y Fu(])g(])q Fs(env)1896 1275 y Fc(E)1987 1260 y Fs(c)6 -b Fu(,)32 b Ft(S)2165 1275 y Fn(cs)2228 1260 y Fu([)-17 -b([)q Fs(S)2333 1275 y Fn(2)2372 1260 y Fu(])g(])q Fs(env)2566 -1275 y Fc(E)2657 1260 y Fs(c)6 b Fu(\))666 1451 y Ft(S)733 -1466 y Fn(cs)797 1451 y Fu([)-17 b([)p Fr(while)34 b -Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17 b(])p Fs(env)1602 -1466 y Fc(E)1693 1451 y Fu(=)33 b(FIX)f Fs(G)934 1619 -y Fu(where)i(\()p Fs(G)42 b(g)9 b Fu(\))32 b Fs(c)38 -b Fu(=)32 b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(],)33 b Ft(S)2247 1634 y Fn(cs)2310 1619 y Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(])p Fs(env)2608 1634 y Fc(E)2699 -1619 y Fu(\()p Fs(g)41 b(c)6 b Fu(\),)33 b Fs(c)6 b Fu(\))666 -1810 y Ft(S)733 1825 y Fn(cs)797 1810 y Fu([)-17 b([)p -Fr(begin)34 b Fs(S)1190 1825 y Fn(1)1262 1810 y Fr(handle)g -Fs(e)7 b Fu(:)44 b Fs(S)1792 1825 y Fn(2)1864 1810 y -Fr(end)p Fu(])-17 b(])q Fs(env)2211 1825 y Fc(E)2302 -1810 y Fs(c)38 b Fu(=)934 1978 y Ft(S)1002 1993 y Fn(cs)1065 -1978 y Fu([)-17 b([)q Fs(S)1170 1993 y Fn(1)1209 1978 -y Fu(])g(])q(\()p Fs(env)1441 1993 y Fc(E)1500 1978 y -Fu([)p Fs(e)7 b Ft(7!S)1746 1993 y Fn(cs)1810 1978 y -Fu([)-17 b([)p Fs(S)1914 1993 y Fn(2)1954 1978 y Fu(])g(])p -Fs(env)2147 1993 y Fc(E)2238 1978 y Fs(c)6 b Fu(]\))33 -b Fs(c)666 2169 y Ft(S)733 2184 y Fn(cs)797 2169 y Fu([)-17 -b([)p Fr(raise)34 b Fs(e)7 b Fu(])-17 b(])q Fs(env)1369 -2184 y Fc(E)1460 2169 y Fs(c)38 b Fu(=)33 b Fs(env)1808 -2184 y Fc(E)1899 2169 y Fs(e)p 3753 2219 V 283 2222 3473 -4 v 991 2383 a Fu(T)-8 b(able)33 b(4.8:)43 b(Con)m(tin)m(uation)31 -b(st)m(yle)j(seman)m(tics)e(for)g Fw(Exc)283 2677 y(The)38 -b(seman)m(tic)e(function)h Ft(S)1483 2692 y Fn(cs)1584 -2677 y Fw(for)g(Exc)283 2871 y Fu(In)30 b(order)g(to)f(k)m(eep)i(trac)m -(k)f(of)f(the)h(exceptions)h(that)e(ha)m(v)m(e)i(b)s(een)f(in)m(tro)s -(duced)g(w)m(e)g(shall)e(use)j(an)283 2992 y Fs(exc)-5 -b(eption)34 b(envir)-5 b(onment)p Fu(.)43 b(It)32 b(will)f(b)s(e)h(an)h -(elemen)m(t,)f Fs(env)2408 3007 y Fc(E)2467 2992 y Fu(,)h(of)527 -3219 y Fw(En)m(v)719 3234 y Fn(E)804 3219 y Fu(=)f Fw(Exception)g -Ft(!)g Fw(Con)m(t)283 3446 y Fu(Giv)m(en)h(an)f(exception)h(en)m -(vironmen)m(t)f Fs(env)1853 3461 y Fc(E)1944 3446 y Fu(and)h(an)f -(exception)h Fs(e)7 b Fu(,)33 b(the)f(e\013ect)h(of)f(executing)283 -3566 y(the)f(remainder)e(of)g(the)i(program)d(starting)h(from)g(the)h -(handler)g(for)f Fs(e)38 b Fu(will)27 b(then)k(b)s(e)f -Fs(env)3588 3581 y Fc(E)3677 3566 y Fs(e)7 b Fu(.)430 -3691 y(The)40 b(seman)m(tic)f(function)f Ft(S)1504 3706 -y Fn(cs)1606 3691 y Fu(for)h(the)h(statemen)m(ts)g(of)e(the)i(language) -e Fw(Exc)g Fu(has)i(func-)283 3812 y(tionalit)m(y)527 -4039 y Ft(S)595 4054 y Fn(cs)658 4039 y Fu(:)k Fw(Stm)32 -b Ft(!)g Fw(En)m(v)1285 4054 y Fn(E)1369 4039 y Ft(!)h -Fu(\()p Fw(Con)m(t)f Ft(!)g Fw(Con)m(t)p Fu(\))283 4265 -y(The)25 b(function)f(is)f(de\014ned)i(b)m(y)g(the)g(clauses)f(of)g(T) --8 b(able)23 b(4.8.)40 b(Most)25 b(of)e(the)h(clauses)h(are)f(straigh)m -(t-)283 4386 y(forw)m(ard)g(extensions)h(of)e(those)h(giv)m(en)g(for)f -Fw(While)f Fu(in)g(T)-8 b(able)23 b(4.7.)40 b(The)25 -b(meaning)d(of)h(the)h(blo)s(c)m(k)283 4506 y(construct)33 -b(is)d(to)h(execute)i(the)f(b)s(o)s(dy)f(in)f(the)i(up)s(dated)g(en)m -(vironmen)m(t.)43 b(Therefore)32 b(the)g(en)m(vi-)283 -4627 y(ronmen)m(t)g(is)g(up)s(dated)g(so)g(that)g Fs(e)39 -b Fu(is)32 b(b)s(ound)g(to)g(the)g(e\013ect)h(of)e(executing)i(the)f -(remainder)f(of)283 4747 y(the)i(program)d(starting)h(from)f(the)i -(handler)f(for)g Fs(e)39 b Fu(and)32 b(this)f(is)h(the)g(con)m(tin)m -(uation)e(obtained)283 4867 y(b)m(y)j(executing)f(\014rst)g -Fs(S)1120 4882 y Fn(2)1191 4867 y Fu(and)g(then)g(the)g(remainder)f(of) -g(the)h(program,)e(that)h(is)h Ft(S)3296 4882 y Fn(cs)3360 -4867 y Fu([)-17 b([)p Fs(S)3464 4882 y Fn(2)3504 4867 -y Fu(])g(])p Fs(env)3697 4882 y Fc(E)283 4988 y Fs(c)6 -b Fu(.)48 b(Finally)-8 b(,)31 b(in)i(the)i(clause)f(for)f -Fr(raise)i Fs(e)41 b Fu(w)m(e)35 b Fs(ignor)-5 b(e)41 -b Fu(the)34 b(con)m(tin)m(uation)f(that)h(is)f(otherwise)283 -5108 y(supplied.)44 b(So)32 b(rather)h(than)f(using)h -Fs(c)38 b Fu(w)m(e)33 b(c)m(ho)s(ose)h(to)e(use)i Fs(env)2598 -5123 y Fc(E)2689 5108 y Fs(e)7 b Fu(.)283 5374 y Fw(Example)37 -b(4.76)49 b Fu(Let)40 b Fs(env)1332 5389 y Fc(E)1431 -5374 y Fu(b)s(e)g(an)g(initial)c(en)m(vironmen)m(t)k(and)g(assume)h -(that)e(the)i(initial)283 5494 y(con)m(tin)m(uation)32 -b(is)g(the)h(iden)m(tit)m(y)g(function,)f(id.)42 b(Then)34 -b(w)m(e)g(ha)m(v)m(e)p eop -%%Page: 131 141 -131 140 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063 -b(131)p 0 193 3473 4 v 244 515 a Ft(S)312 530 y Fn(cs)375 -515 y Fu([)-17 b([)q Fr(begin)33 b(while)h(true)g(do)f(if)g(x)p -Ft(\024)q Fr(0)g(then)g(raise)h(exit)g(else)f(x)g Fu(:=)f -Fr(x)p Ft(\000)p Fr(1)413 683 y(handle)i(exit)p Fu(:)44 -b Fr(y)33 b Fu(:=)g Fr(7)f(end)p Fu(])-17 b(])r Fs(env)1679 -698 y Fc(E)1770 683 y Fu(id)244 851 y(=)93 b(\(FIX)32 -b Fs(G)9 b Fu(\))33 b(id)0 1054 y(where)h Fs(G)42 b Fu(is)32 -b(de\014ned)i(b)m(y)244 1257 y Fs(G)42 b(g)f(c)d(s)i -Fu(=)33 b(cond\()p Ft(B)t Fu([)-17 b([)p Fr(true)p Fu(])g(])r(,)957 -1425 y(cond\()p Ft(B)t Fu([)g([)q Fr(x)p Ft(\024)q Fr(0)p -Fu(])g(],)33 b Fs(c)1630 1440 y Fn(exit)1749 1425 y Fu(,)g -Fs(S)1876 1440 y Fn(cs)1939 1425 y Fu([)-17 b([)q Fr(x)33 -b Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(])-17 b(])r Fs(env)2570 -1440 y Fc(E)2628 1425 y Fu([)p Fr(exit)p Ft(7!)p Fs(c)3010 -1440 y Fn(exit)3131 1425 y Fu(])32 b(\()p Fs(g)41 b(c)6 -b Fu(\)\),)957 1593 y Fs(c)g Fu(\))32 b Fs(s)610 1850 -y Fu(=)719 1676 y Fg(8)719 1751 y(<)719 1900 y(:)834 -1766 y Fs(c)885 1781 y Fn(exit)1037 1766 y Fs(s)756 b -Fu(if)31 b Fs(s)41 b Fr(x)32 b Ft(\024)h Fw(0)834 1933 -y Fu(\()p Fs(g)41 b(c)6 b Fu(\))32 b(\()p Fs(s)8 b Fu([)p -Fr(x)p Ft(7!)p Fu(\()p Fs(s)41 b Fr(x)p Fu(\))p Ft(\000)p -Fw(1)p Fu(]\))84 b(if)31 b Fs(s)41 b Fr(x)32 b Fo(>)h -Fw(0)0 2135 y Fu(and)g(the)g(con)m(tin)m(uation)e Fs(c)972 -2150 y Fn(exit)1124 2135 y Fu(asso)s(ciated)i(with)f(the)h(exception)g -Fr(exit)h Fu(is)e(giv)m(en)g(b)m(y)244 2339 y Fs(c)295 -2354 y Fn(exit)447 2339 y Fs(s)40 b Fu(=)33 b(id)f(\()p -Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(7)p Fu(]\))32 b(=)h -Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(7)p Fu(])0 2542 y(Note)36 -b(that)f Fs(G)45 b Fu(ma)m(y)36 b(c)m(ho)s(ose)h(to)e(use)i(the)f -(\\default")f(con)m(tin)m(uation)f Fs(c)42 b Fu(or)35 -b(the)h(con)m(tin)m(uation)0 2663 y Fs(c)51 2678 y Fn(exit)203 -2663 y Fu(asso)s(ciated)c(with)h(the)g(exception,)g(as)g(appropriate.) -42 b(W)-8 b(e)33 b(then)g(get)269 2912 y(\(FIX)f Fs(G)9 -b Fu(\))33 b(id)f Fs(s)40 b Fu(=)969 2738 y Fg(8)969 -2812 y(<)969 2962 y(:)1084 2827 y Fs(s)8 b Fu([)p Fr(y)p -Ft(7!)p Fw(7)p Fu(])344 b(if)32 b Fs(s)40 b Fr(x)33 b -Ft(\024)g Fw(0)1084 2995 y Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p -Fw(0)p Fu(][)p Fr(y)p Ft(7!)p Fw(7)p Fu(])83 b(if)32 -b Fs(s)40 b Fr(x)33 b Fo(>)g Fw(0)3398 2912 y Fh(2)0 -3222 y Fw(Exercise)j(4.77)49 b Fu(Sho)m(w)33 b(that)f(FIX)g -Fs(G)42 b Fu(as)32 b(sp)s(eci\014ed)h(in)f(the)g(ab)s(o)m(v)m(e)h -(example)f(is)f(indeed)i(the)0 3342 y(least)39 b(\014xed)j(p)s(oin)m -(t,)f(that)e(is)h(construct)h(the)f(iterands)g Fs(G)2171 -3306 y Fn(n)2254 3342 y Ft(?)h Fu(and)f(sho)m(w)h(that)e(their)h(least) -0 3463 y(upp)s(er)33 b(b)s(ound)g(is)f(as)h(sp)s(eci\014ed.)2213 -b Fh(2)0 3691 y Fw(Exercise)36 b(4.78)49 b Fu(**)31 b(Extend)j -(Exercise)f(4.73)e(to)g(sho)m(w)i(the)f(w)m(ell-de\014nedness)h(of)e -(the)h(func-)0 3811 y(tion)g Ft(S)268 3826 y Fn(cs)364 -3811 y Fu(de\014ned)i(b)m(y)g(the)f(clauses)g(of)f(T)-8 -b(able)32 b(4.8.)1537 b Fh(2)0 4040 y Fw(Exercise)36 -b(4.79)49 b Fu(Supp)s(ose)36 b(that)e(there)i(is)e(a)g(distinguished)g -(output)h(v)-5 b(ariable)33 b Fr(out)i Ft(2)g Fw(V)-9 -b(ar)0 4160 y Fu(and)38 b(that)f(only)h(the)g(\014nal)f(v)-5 -b(alue)37 b(of)g(this)h(v)-5 b(ariable)36 b(is)h(of)g(in)m(terest.)60 -b(This)38 b(migh)m(t)e(motiv)-5 b(ate)0 4280 y(de\014ning)244 -4484 y Fw(Con)m(t)32 b Fu(=)h Fw(State)f Fo(,)-17 b Ft(!)33 -b Fw(Z)0 4687 y Fu(De\014ne)h(the)h(initial)30 b(con)m(tin)m(uation)j -Fs(c)1372 4702 y Fn(0)1444 4687 y Ft(2)h Fw(Con)m(t)p -Fu(.)47 b(What)34 b(c)m(hanges)h(to)f Fw(En)m(v)2808 -4702 y Fn(E)2860 4687 y Fu(,)g(the)g(function-)0 4808 -y(alit)m(y)d(of)h Ft(S)401 4823 y Fn(cs)497 4808 y Fu(and)h(T)-8 -b(able)32 b(4.8)g(are)h(necessary?)1680 b Fh(2)p eop -%%Page: 132 142 -132 141 bop 251 130 a Fw(132)1978 b(4)112 b(Denotational)36 -b(Seman)m(tics)p 251 193 3473 4 v eop -%%Page: 133 143 -133 142 bop 0 1185 a Fv(Chapter)78 b(5)0 1606 y(Static)g(Program)f -(Analysis)0 2063 y Fu(When)41 b(implemen)m(ting)36 b(a)k(programming)d -(language)h(it)h(is)g(crucial)f(that)i(the)g(implemen)m(ta-)0 -2184 y(tion)30 b(is)h(faithful)f(to)h(the)h(seman)m(tics)g(of)f(the)h -(language)e(and)i(in)e(Chapter)j(3)e(w)m(e)h(sa)m(w)h(ho)m(w)f(the)0 -2304 y(op)s(erational)27 b(seman)m(tics)j(could)f(b)s(e)h(used)g(to)f -(pro)m(v)m(e)i(this)e(formally)-8 b(.)40 b(Ho)m(w)m(ev)m(er,)32 -b(it)d(is)g(also)g(im-)0 2425 y(p)s(ortan)m(t)f(that)f(the)h(implemen)m -(tation)d(is)j(reasonably)f(e\016cien)m(t)i(and)f(it)f(is)g(therefore)i -(common)0 2545 y(to)f(com)m(bine)f(the)h(co)s(de)h(generation)e(with)g -(v)-5 b(arious)28 b(analyses)g(collecting)e(information)f(ab)s(out)0 -2665 y(the)34 b(programs.)45 b(In)34 b(this)f(c)m(hapter)i(w)m(e)f -(shall)e(dev)m(elop)i(one)g(suc)m(h)h(analysis)e(in)f(detail)g(but)i -(let)0 2786 y(us)f(\014rst)g(consider)g(a)f(couple)h(of)f(example)g -(analyses.)146 2912 y Fs(Constant)47 b(pr)-5 b(op)g(agation)53 -b Fu(is)46 b(an)g(analysis)g(that)g(determines)h(whether)h(an)e -(expression)0 3032 y(alw)m(a)m(ys)30 b(ev)-5 b(aluates)30 -b(to)f(a)h(constan)m(t)g(v)-5 b(alue)30 b(and)f(if)g(so)h(determines)g -(that)f(v)-5 b(alue.)42 b(The)31 b(analysis)0 3152 y(is)44 -b(the)g(basis)g(for)g(an)g(optimization)d(called)i Fs(c)-5 -b(onstant)45 b(folding)51 b Fu(where)46 b(the)e(expression)i(is)0 -3273 y(replaced)30 b(b)m(y)i(the)e(constan)m(t.)44 b(As)31 -b(an)f(example)g(the)g(analysis)g(will)e(detect)j(that)f(the)h(v)-5 -b(alue)30 b(of)0 3393 y Fr(y)j Fu(in)f(the)h(statemen)m(t)244 -3624 y Fr(x)g Fu(:=)f Fr(5)p Fu(;)h Fr(y)g Fu(:=)f Fr(x)h -Fo(?)f Fr(x)h Fu(+)g Fr(25)0 3854 y Fu(will)d(alw)m(a)m(ys)j(b)s(e)g -Fw(50)p Fu(.)44 b(It)32 b(is)g(therefore)i(safe)f(to)f(replace)g(the)h -(statemen)m(t)g(b)m(y)244 4085 y Fr(x)g Fu(:=)f Fr(5)p -Fu(;)h Fr(y)g Fu(:=)f Fr(50)0 4316 y Fu(and)h(more)f(e\016cien)m(t)h -(co)s(de)g(can)g(b)s(e)f(generated.)146 4441 y(Another)j(example)f(is)g -(the)h Fs(dete)-5 b(ction)36 b(of)h(signs)f(analysis)41 -b Fu(where)36 b(the)f(idea)f(is)g(to)g(deter-)0 4562 -y(mine)e(the)i(sign)e(of)h(expressions.)47 b(So)33 b(it)f(will)f(for)i -(example)f(determine)h(that)g(the)h(v)-5 b(alue)32 b(of)h -Fr(y)0 4682 y Fu(in)244 4913 y Fr(y)g Fu(:=)f Fr(x)h -Fo(?)f Fr(x)h Fu(+)f Fr(25)0 5143 y Fu(alw)m(a)m(ys)24 -b(will)e(b)s(e)h(p)s(ositiv)m(e)g(\(indep)s(enden)m(tly)i(of)e(the)h(v) --5 b(alue)23 b(assigned)h(to)f Fr(x)p Fu(\).)41 b(This)24 -b(information)0 5264 y(will)30 b(b)s(e)j(useful)g(for)f(an)g -(optimization)d(kno)m(wn)34 b(as)f Fs(c)-5 b(o)g(de)34 -b(elimination)p Fu(:)42 b(in)32 b(a)g(statemen)m(t)h(as)244 -5494 y Fr(y)g Fu(:=)f Fr(x)h Fo(?)f Fr(x)h Fu(+)f Fr(25)p -Fu(;)i Fr(while)f(y)g Ft(\024)g Fr(0)g(do)g Ft(\001)17 -b(\001)g(\001)1663 5849 y Fu(133)p eop -%%Page: 134 144 -134 143 bop 251 130 a Fw(134)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fu(there)48 -b(is)f(no)g(need)h(to)f(generate)h(co)s(de)g(for)e(the)i -Fr(while)p Fu(-lo)s(op)e(b)s(ecause)j(it)d(will)f(nev)m(er)k(b)s(e)283 -636 y(executed.)430 757 y(The)30 b(example)f(analysis)f(to)h(b)s(e)h -(dev)m(elop)s(ed)g(in)e(this)h(c)m(hapter)h(is)f(a)g -Fs(dep)-5 b(endency)31 b(analysis)p Fu(.)283 878 y(Here)38 -b(the)f(idea)g(is)f(to)g(regard)h(some)g(of)f(the)i(v)-5 -b(ariables)35 b(as)i Fs(input)47 b Fu(v)-5 b(ariables)35 -b(and)i(others)h(as)283 998 y Fs(output)k Fu(v)-5 b(ariables.)41 -b(The)32 b(analysis)e(will)f(then)j(determine)e(whether)i(or)f(not)g -(the)g(\014nal)f(v)-5 b(alues)283 1118 y(of)24 b(the)g(output)g(v)-5 -b(ariables)23 b(only)g(dep)s(end)i(up)s(on)f(the)g(initial)c(v)-5 -b(alues)24 b(of)f(the)h(input)g(v)-5 b(ariables.)39 b(If)283 -1239 y(so)27 b(w)m(e)g(shall)e(sa)m(y)i(that)f(there)h(is)e(a)h -Fs(functional)i(dep)-5 b(endency)34 b Fu(b)s(et)m(w)m(een)28 -b(the)f(input)e(and)i(output)283 1359 y(v)-5 b(ariables)32 -b(of)g(the)h(statemen)m(t.)44 b(As)33 b(an)f(example)h(consider)f(once) -i(more)e(the)h(statemen)m(t)527 1568 y Fr(y)g Fu(:=)g -Fr(x)f Fo(?)h Fr(x)f Fu(+)h Fr(25)283 1776 y Fu(and)26 -b(assume)g(that)g Fr(x)g Fu(is)f(an)h(input)f(v)-5 b(ariable)24 -b(and)i Fr(y)g Fu(an)f(output)h(v)-5 b(ariable.)40 b(Then)26 -b(the)h(analysis)283 1897 y(will)j(conclude)i(that)f(there)h(is)f -(indeed)h(a)f(functional)f(dep)s(endency)k(b)s(et)m(w)m(een)g(the)e -(input)f(and)283 2017 y(output)37 b(v)-5 b(ariables)36 -b(for)g(the)i(ab)s(o)m(v)m(e)f(statemen)m(t.)57 b(Ho)m(w)m(ev)m(er,)40 -b(if)c Fr(x)h Fu(is)f Fs(not)46 b Fu(an)37 b(input)g(v)-5 -b(ariable)283 2138 y(then)30 b(the)f(analysis)f(will)f(determine)i -(that)f(the)i(v)-5 b(alue)28 b(of)g Fr(y)h Fu(is)g(dubious)g(as)g(it)f -(do)s(es)h(not)g(solely)283 2258 y(dep)s(end)e(on)e(the)g(v)-5 -b(alues)25 b(of)f(the)i(input)e(v)-5 b(ariables.)40 b(In)25 -b(that)g(case)h(the)f(compiler)e(migh)m(t)h(c)m(ho)s(ose)283 -2378 y(to)33 b(issue)g(a)f(w)m(arning)g(as)h(this)f(probably)g(is)h -(not)f(the)h(in)m(ten)m(tion)f(of)g(the)h(programmer.)430 -2500 y(A)f(more)g(in)m(teresting)g(example)h(program)e(is)h(the)h -(factorial)d(statemen)m(t:)527 2708 y Fr(y)j Fu(:=)g -Fr(1)p Fu(;)f Fr(while)i Ft(:)f Fu(\()p Fr(x)g Fu(=)f -Fr(1)p Fu(\))h Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)h -Fo(?)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)g Fr(x)f Ft(\000)h -Fr(1)p Fu(\))283 2917 y(Again)h(assume)h(that)f Fr(x)h -Fu(is)f(an)g(input)g(v)-5 b(ariable)33 b(and)h(that)h -Fr(y)f Fu(is)g(an)h(output)f(v)-5 b(ariable.)48 b(Then)283 -3038 y(the)35 b(\014nal)d(v)-5 b(alue)34 b(of)f Fr(y)h -Fu(only)f(dep)s(ends)i(up)s(on)f(the)g(initial)c(v)-5 -b(alue)33 b(of)g Fr(x)p Fu(.)47 b(Ho)m(w)m(ev)m(er,)37 -b(if)32 b(w)m(e)j(drop)283 3158 y(the)k(initialization)32 -b(of)37 b Fr(y)h Fu(\(and)g(assume)g(that)g Fr(y)g Fu(is)f(not)h(an)f -(input)h(v)-5 b(ariable\))36 b(and)i(consider)283 3278 -y(the)33 b(statemen)m(t)527 3487 y Fr(while)h Ft(:)f -Fu(\()p Fr(x)g Fu(=)f Fr(1)p Fu(\))h Fr(do)g Fu(\()p -Fr(y)g Fu(:=)f Fr(y)h Fo(?)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f -Fr(x)h Ft(\000)g Fr(1)p Fu(\))283 3696 y(then)42 b(the)f(\014nal)f(v)-5 -b(alue)40 b(of)g Fr(y)g Fu(do)s(es)h(not)g(only)f(dep)s(end)i(on)e(the) -h(initial)c(v)-5 b(alue)40 b(of)g(the)h(input)283 3816 -y(v)-5 b(ariable)23 b Fr(x)p Fu(,)j(but)e(also)f(on)h(the)g(initial)c -(v)-5 b(alue)23 b(of)h Fr(y)p Fu(,)i(so)e(it)f(is)g Fs(not)34 -b Fu(the)24 b(case)h(that)e(the)i(\014nal)e(v)-5 b(alues)283 -3936 y(of)33 b(the)g(output)f(v)-5 b(ariables)32 b(only)g(dep)s(end)h -(on)g(the)g(initial)c(v)-5 b(alues)32 b(of)g(the)h(input)f(v)-5 -b(ariables.)430 4058 y(The)38 b(kind)f(of)g(analyses)g(exempli\014ed)g -(ab)s(o)m(v)m(e)h(can)g(b)s(e)f(sp)s(eci\014ed)h(b)m(y)g(de\014ning)f -(so-called)283 4178 y Fs(non-standar)-5 b(d)42 b(semantics)47 -b Fu(of)41 b(the)g(programming)d(language.)67 b(These)42 -b(seman)m(tics)f(will)e(b)s(e)283 4299 y(patterned)k(after)e(the)h -(denotational)e(seman)m(tics)i(of)f(Chapter)h(4)g(but)g(they)g -(di\013er)f(in)g(that)283 4419 y(they)30 b(do)f Fs(not)39 -b Fu(op)s(erate)29 b(on)f(the)i(exact)g(v)-5 b(alues)29 -b(of)f(v)-5 b(ariables)28 b(and)h(expressions)i(but)e(rather)g(on)283 -4539 y Fs(pr)-5 b(op)g(erties)42 b Fu(of)33 b(the)h(exact)h(v)-5 -b(alues.)47 b(F)-8 b(or)33 b(the)h(constan)m(t)h(propagation)d -(analysis)h(w)m(e)i(ma)m(y)f(use)283 4660 y(prop)s(erties)f(lik)m(e)527 -4868 y Fb(any)p Fu(,)g Fb(const)p Fu(-)p Fb(0)p Fu(,)f -Fb(const)p Fu(-)p Fb(1)p Fu(,)g Fb(const)p Fu(-)p Fb(2)p -Fu(,)g Ft(\001)17 b(\001)g(\001)283 5077 y Fu(F)-8 b(or)32 -b(the)h(detection)g(of)f(signs)h(analysis)e(w)m(e)j(ma)m(y)e(use)i -(prop)s(erties)e(lik)m(e)527 5286 y Fb(any)p Fu(,)h Fb(pos)p -Fu(,)f Fb(neg)p Fu(,)h(and)f Fb(zer)n(o)283 5494 y Fu(and)h(for)f(the)h -(dep)s(endency)i(analysis)d(w)m(e)i(ma)m(y)e(use)i(prop)s(erties)p -eop -%%Page: 135 145 -135 144 bop 0 130 a Fw(5.1)112 b(Prop)s(erties)36 b(and)j(prop)s(ert)m -(y)e(states)1540 b(135)p 0 193 3473 4 v 244 515 a Fb(d)p -Fu(?)33 b(\(meaning)e(dubious\))h(and)h Fb(ok)g Fu(\(meaning)e(prop)s -(er\))146 701 y(Usually)-8 b(,)38 b(the)g(analyses)g(will)d(b)s(e)j -(part)f(of)g(a)g(compiler)e(and)j(it)e(is)h(therefore)h(imp)s(ortan)m -(t)0 821 y(that)29 b(they)g(alw)m(a)m(ys)h(terminate)d(ev)m(en)k(for)d -(programs)g(that)g(lo)s(op)f(when)j(executed.)45 b(The)30 -b(price)0 942 y(w)m(e)c(pa)m(y)f(for)f(alw)m(a)m(ys)h(getting)f(answ)m -(ers)j(is)d(that)g(w)m(e)i(o)s(ccasionally)c(get)j(imprecise)f(answ)m -(ers.)42 b(So)0 1062 y(in)28 b(the)i(case)g(of)f(constan)m(t)h -(propagation)d(the)j(prop)s(ert)m(y)g Fb(any)f Fu(means)g(that)g(the)h -(analysis)e(w)m(as)0 1182 y(not)e(able)f(to)h(detect)h(that)f(the)h(v) --5 b(alue)25 b(alw)m(a)m(ys)i(w)m(ould)f(b)s(e)g(constan)m(t.)43 -b(Similarly)-8 b(,)23 b(the)k(prop)s(ert)m(y)0 1303 y -Fb(any)40 b Fu(for)f(the)h(detection)g(of)g(signs)f(analysis)h(means)f -(that)h(the)g(analysis)f(w)m(as)i(not)f(able)f(to)0 1423 -y(detect)f(a)e(unique)h(sign)f(for)f(the)i(v)-5 b(alue.)55 -b(F)-8 b(or)35 b(the)i(dep)s(endency)i(analysis)d(the)h(prop)s(ert)m(y) -g Fb(d)p Fu(?)0 1544 y(means)k(that)h(the)f(analysis)g(w)m(as)h(not)g -(able)e(to)h(detect)i(that)e(the)h(v)-5 b(alue)41 b(only)f(dep)s(ends)j -(on)0 1664 y(the)f(input)g(v)-5 b(ariables.)69 b(Note)42 -b(that)g(an)f(analysis)h(that)f(alw)m(a)m(ys)h(returns)h(these)g -(\\fail-safe")0 1784 y(prop)s(erties)35 b(will)e(b)s(e)j(a)f(safe)h -(analysis)e(although)h(not)g(a)g(v)m(ery)i(informativ)m(e)c(one.)52 -b(Also)35 b(note)0 1905 y(that)29 b(in)f(the)i(case)g(of)f(the)h(dep)s -(endency)h(analysis)e(w)m(e)h(could)f(alw)m(a)m(ys)h(exp)s(ect)g(the)g -(answ)m(er)h Fb(ok)0 2025 y Fu(if)h(all)g(v)-5 b(ariables)32 -b(w)m(ere)j(regarded)f(as)g(input)f(v)-5 b(ariables)32 -b(but)i(again)e(this)h(is)g(not)h(what)g(w)m(e)g(are)0 -2145 y(in)m(terested)g(in.)146 2266 y(The)e(analysis)d(w)m(e)j(shall)d -(dev)m(elop)i(will)d(detect)j(whether)h(or)e(not)g(a)g(statemen)m(t)h -Fs(de\014nitely)0 2386 y Fu(has)k(a)f(functional)f(dep)s(endency)k(b)s -(et)m(w)m(een)f(its)e(input)g(and)h(output)f(v)-5 b(ariables.)48 -b(The)35 b(o)m(v)m(erall)0 2507 y(algorithm)h(op)s(erates)k(as)g(follo) -m(ws:)56 b(initially)36 b(all)h(input)i(v)-5 b(ariables)39 -b(ha)m(v)m(e)h(the)g(prop)s(ert)m(y)h Fb(ok)0 2627 y -Fu(and)31 b(all)e(other)h(v)-5 b(ariables)30 b(the)h(prop)s(ert)m(y)h -Fb(d)p Fu(?.)43 b(Then)32 b(the)f(analysis)f(is)g(p)s(erformed)g(and)h -(when)0 2747 y(it)g(has)h(terminated)g(the)g(prop)s(erties)g(of)g(the)g -(output)g(v)-5 b(ariables)31 b(are)h(insp)s(ected.)44 -b(If)32 b(they)h(are)0 2868 y(all)26 b Fb(ok)i Fu(then)h(the)f -(analysis)g(returns)g(the)h(answ)m(er)g(YES)g(and)f(otherwise)g(NO?.)42 -b(The)29 b(analysis)0 2988 y(is)36 b(guaran)m(teed)h(to)g(giv)m(e)f(an) -h(answ)m(er)g(within)f(a)g(\014nite)g(amoun)m(t)g(of)h(time)e(\(dep)s -(ending)h(up)s(on)0 3108 y(the)41 b(statemen)m(t\))g(but)g(the)g(answ)m -(er)h(will)d(not)h(b)s(e)h(precise)g(in)f(all)f(cases.)69 -b(Ho)m(w)m(ev)m(er,)45 b(it)40 b(will)0 3229 y(alw)m(a)m(ys)33 -b(b)s(e)g Fs(safe)39 b Fu(in)32 b(the)h(sense)h(that)145 -3414 y Ft(\017)49 b Fu(if)21 b(the)i(analysis)f(sa)m(ys)i(YES)f(then)g -(there)g(is)f(indeed)g(a)h(functional)d(dep)s(endency)25 -b(b)s(et)m(w)m(een)244 3535 y(input)32 b(and)h(output,)g(but)145 -3732 y Ft(\017)49 b Fu(if)33 b(the)i(analysis)f(sa)m(ys)i(NO?)e(then)h -(there)g(ma)m(y)g(or)f(ma)m(y)g(not)g(b)s(e)h(a)f(functional)f(dep)s -(en-)244 3853 y(dency)h(b)s(et)m(w)m(een)h(input)d(and)g(output.)0 -4038 y(The)c(analysis)e(will)e(b)s(e)j(sp)s(eci\014ed)g -Fs(c)-5 b(omp)g(ositional)5 b(ly)34 b Fu(just)27 b(as)g(the)g -(denotational)e(seman)m(tics)i(of)0 4158 y(Chapter)33 -b(4.)43 b(As)33 b(men)m(tioned)e(ab)s(o)m(v)m(e)i(the)g(main)d -(di\013erence)j(b)s(et)m(w)m(een)h(the)e(analysis)g(and)g(the)0 -4279 y(denotational)j(seman)m(tics)i(is)f(that)g(the)h(analysis)f(do)s -(es)h(not)g(op)s(erate)f(on)h(exact)h(v)-5 b(alues)36 -b(but)0 4399 y(rather)31 b(on)g Fs(pr)-5 b(op)g(erties)38 -b Fu(of)31 b(exact)g(v)-5 b(alues.)43 b(Because)33 b(of)d(the)h(close)g -(corresp)s(ondence)i(b)s(et)m(w)m(een)0 4520 y(the)d(sp)s -(eci\014cation)g(of)f(the)i(analysis)e(and)h(the)g(denotational)e -(seman)m(tics)i(w)m(e)h(shall)e(pro)m(v)m(e)i(the)0 4640 -y(safet)m(y)j(of)e(the)h(analysis)f(with)g(resp)s(ect)i(to)e(the)h -(denotational)e(seman)m(tics.)0 4970 y Fj(5.1)161 b(Prop)t(erties)53 -b(and)g(prop)t(ert)l(y)g(states)0 5189 y Fu(F)-8 b(or)32 -b(the)h(dep)s(endency)i(analysis)d(w)m(e)h(shall)f(b)s(e)g(in)m -(terested)i(in)e(t)m(w)m(o)h(prop)s(erties:)145 5374 -y Ft(\017)49 b Fb(ok)39 b Fu(meaning)f(that)h(the)g(v)-5 -b(alue)39 b Fs(de\014nitely)47 b Fu(only)39 b(dep)s(ends)h(on)f(the)h -(initial)35 b(v)-5 b(alues)39 b(of)244 5494 y(the)33 -b(input)f(v)-5 b(ariables,)31 b(and)p eop -%%Page: 136 146 -136 145 bop 251 130 a Fw(136)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 429 515 a Ft(\017)48 -b Fb(d)p Fu(?)42 b(meaning)e(that)h(the)h(v)-5 b(alue)41 -b Fs(may)49 b Fu(dep)s(end)43 b(on)e(the)h(initial)37 -b(v)-5 b(alues)42 b(of)f(non-input)527 636 y(v)-5 b(ariables,)32 -b(that)g(is)g(the)h(v)-5 b(alue)32 b(ma)m(y)h(b)s(e)f(dubious.)283 -822 y(W)-8 b(e)33 b(shall)f(write)527 1008 y Fw(P)g Fu(=)h -Ft(f)p Fb(ok)p Fu(,)g Fb(d)p Fu(?)p Ft(g)283 1194 y Fu(for)41 -b(this)g(set)i(of)e(prop)s(erties)g(and)h(w)m(e)g(use)g -Fs(p)48 b Fu(as)41 b(a)h(meta-v)-5 b(ariable)38 b(ranging)i(o)m(v)m(er) -j Fw(P)p Fu(.)e(It)g(is)283 1314 y(more)34 b(informativ)m(e)e(to)h(kno) -m(w)i(that)f(an)g(expression)h(has)f(the)h(prop)s(ert)m(y)f -Fb(ok)h Fu(than)f Fb(d)p Fu(?.)48 b(As)34 b(a)283 1435 -y(record)g(of)e(this)g(w)m(e)h(de\014ne)h(a)f(partial)d(order)j -Ft(v)2036 1450 y Fn(P)2121 1435 y Fu(on)f Fw(P)p Fu(:)527 -1621 y Fb(ok)h Ft(v)764 1636 y Fn(P)849 1621 y Fb(d)p -Fu(?,)98 b Fb(ok)33 b Ft(v)1318 1636 y Fn(P)1403 1621 -y Fb(ok)p Fu(,)98 b Fb(d)p Fu(?)33 b Ft(v)1872 1636 y -Fn(P)1957 1621 y Fb(d)p Fu(?)283 1807 y(and)g(depicted)g(as)942 -2232 y Ft(\017)65 b Fb(ok)942 1942 y Ft(\017)g Fb(d)p -Fu(?)p 966 2174 4 225 v 283 2501 a(Th)m(us)35 b(the)e(more)e -(informativ)m(e)g(prop)s(ert)m(y)i(is)f(at)h(the)g(b)s(ottom)e(of)h -(the)h(ordering!)43 b(W)-8 b(e)33 b(ha)m(v)m(e)p 283 -2622 3473 5 v 283 2779 a Fw(F)-9 b(act)38 b(5.1)49 b -Fu(\()p Fw(P)p Fu(,)32 b Ft(v)973 2794 y Fn(P)1026 2779 -y Fu(\))g(is)g(a)g(complete)g(lattice.)42 b(If)33 b Fs(Y)52 -b Fu(is)32 b(a)g(subset)j(of)d Fw(P)g Fu(then)552 2880 -y Fg(F)621 2961 y Fn(P)674 2946 y Fs(Y)52 b Fu(=)32 b -Fb(d)p Fu(?)h(if)e(and)i(only)f(if)f Fb(d)p Fu(?)i Ft(2)g -Fs(Y)p 283 3067 V 283 3253 a Fw(Pro)s(of:)g Fu(The)c(pro)s(of)f(is)g -(straigh)m(tforw)m(ard)g(using)g(the)h(de\014nition)f(of)f(complete)h -(lattices)g(giv)m(en)283 3373 y(in)k(Chapter)i(4.)2828 -b Fh(2)430 3577 y Fu(It)35 b(is)f(con)m(v)m(enien)m(t)i(to)f(write)f -Fs(p)1551 3592 y Fn(1)1623 3577 y Ft(t)1690 3592 y Fn(P)1774 -3577 y Fs(p)1830 3592 y Fn(2)1904 3577 y Fu(instead)h(of)2356 -3510 y Fg(F)2426 3592 y Fn(P)2478 3577 y Ft(f)p Fs(p)2584 -3592 y Fn(1)2623 3577 y Fu(,)g Fs(p)2741 3592 y Fn(2)2781 -3577 y Ft(g)p Fu(.)49 b(It)35 b(follo)m(ws)f(from)f(F)-8 -b(act)283 3697 y(5.1)33 b(that)f(the)h(binary)f(op)s(eration)f -Ft(t)1629 3712 y Fn(P)1714 3697 y Fu(ma)m(y)h(b)s(e)h(giv)m(en)f(b)m(y) -i(the)f(table)585 3875 y Ft(t)652 3890 y Fn(P)p 752 3911 -4 121 v 803 3875 a Fb(ok)101 b(d)p Fu(?)p 527 3914 661 -4 v 577 3998 a Fb(ok)p 752 4035 4 121 v 100 w(ok)g(d)p -Fu(?)596 4119 y Fb(d)p Fu(?)p 752 4155 V 109 w Fb(d)p -Fu(?)109 b Fb(d)p Fu(?)430 4298 y(When)23 b(reasoning)f(ab)s(out)g(the) -h(safet)m(y)g(of)f(the)h(analysis)e(w)m(e)j(need)f(to)f(b)s(e)h(a)f -(bit)f(more)h(precise)283 4418 y(ab)s(out)29 b(the)g(meaning)f(of)h -(the)g(prop)s(erties)g(with)g(resp)s(ect)h(to)e(the)i(v)-5 -b(alues)29 b(of)f(the)i(denotational)283 4539 y(seman)m(tics.)43 -b(While)28 b(it)g(ma)m(y)h(b)s(e)g(in)m(tuitiv)m(ely)f(clear)h(whether) -h(or)f(not)g(the)h(v)-5 b(alue)28 b(of)h(a)g(v)-5 b(ariable)283 -4659 y(only)42 b(dep)s(ends)h(on)f(the)g(input)f(v)-5 -b(ariables,)43 b(it)e(turns)h(out)g(to)f(b)s(e)h(imp)s(ossible)e(to)h -(insp)s(ect)h(a)283 4780 y(sp)s(eci\014c)36 b(v)-5 b(alue,)35 -b(for)f(example)g Fw(27)p Fu(,)h(and)g(decide)g(whether)h(or)f(not)f -(this)g(is)h(indeed)g(the)g(case.)283 4900 y(The)k(reason)g(is)e(that)h -(w)m(e)g(lose)g(the)g(con)m(text)h(in)e(whic)m(h)i(the)f(v)-5 -b(alue)37 b(arises.)60 b(W)-8 b(e)38 b(shall)e(solv)m(e)283 -5020 y(this)42 b(di\016cult)m(y)f(in)g(Section)h(5.3)f(and)h(to)f -(prepare)h(for)f(the)h(solution)f(w)m(e)h(shall)f(de\014ne)h(the)283 -5141 y(follo)m(wing)30 b(parameterized)i(relations:)527 -5327 y(rel)p 527 5340 109 4 v 15 x Fn(Aexp)801 5327 y -Fu(:)43 b Fw(P)32 b Ft(!)g Fu(\()p Fw(Z)h Ft(\002)g Fw(Z)g -Ft(!)f Fw(T)p Fu(\))527 5494 y(rel)p 527 5507 V 15 x -Fn(Bexp)798 5494 y Fu(:)43 b Fw(P)32 b Ft(!)g Fu(\()p -Fw(T)h Ft(\002)g Fw(T)f Ft(!)g Fw(T)p Fu(\))p eop -%%Page: 137 147 -137 146 bop 0 130 a Fw(5.1)112 b(Prop)s(erties)36 b(and)j(prop)s(ert)m -(y)e(states)1540 b(137)p 0 193 3473 4 v 0 515 a Fu(F)-8 -b(or)32 b(arithmetic)e(expressions)35 b(the)e(relation)d(is)i -(de\014ned)i(b)m(y:)244 801 y(rel)p 244 814 109 4 v 352 -816 a Fn(Aexp)517 801 y Fu(\()p Fs(p)6 b Fu(\)\()p Fs(v)743 -816 y Fn(1)782 801 y Fu(,)32 b Fs(v)897 816 y Fn(2)936 -801 y Fu(\))h(=)1115 627 y Fg(8)1115 701 y(<)1115 851 -y(:)1231 716 y Fw(tt)82 b Fs(p)38 b Fu(=)33 b Fb(d)p -Fu(?)f(or)h Fs(v)1914 731 y Fn(1)1985 716 y Fu(=)f Fs(v)2149 -731 y Fn(2)1231 884 y Fw(\013)105 b Fu(otherwise)0 1087 -y(and)33 b(similarly)c(for)j(b)s(o)s(olean)f(expression:)244 -1372 y(rel)p 244 1385 V 352 1387 a Fn(Bexp)514 1372 y -Fu(\()p Fs(p)6 b Fu(\)\()p Fs(v)740 1387 y Fn(1)779 1372 -y Fu(,)33 b Fs(v)895 1387 y Fn(2)934 1372 y Fu(\))f(=)1112 -1198 y Fg(8)1112 1273 y(<)1112 1422 y(:)1228 1288 y Fw(tt)82 -b Fs(p)38 b Fu(=)33 b Fb(d)p Fu(?)f(or)h Fs(v)1911 1303 -y Fn(1)1982 1288 y Fu(=)g Fs(v)2147 1303 y Fn(2)1228 -1455 y Fw(\013)105 b Fu(otherwise)0 1658 y(W)-8 b(e)46 -b(shall)f(often)h(omit)e(the)i(subscript)h(when)g(no)f(confusion)f(is)h -(lik)m(ely)e(to)i(result.)83 b(Eac)m(h)0 1778 y(of)43 -b(the)g(relations)f(tak)m(e)i(a)f(prop)s(ert)m(y)h(and)f(t)m(w)m(o)h(v) --5 b(alues)43 b(as)g(parameters.)76 b(In)m(tuitiv)m(ely)-8 -b(,)45 b(the)0 1899 y(prop)s(ert)m(y)37 b(expresses)i(ho)m(w)e(m)m(uc)m -(h)g(the)g(t)m(w)m(o)g(v)-5 b(alues)36 b(are)g(allo)m(w)m(ed)g(to)f -(di\013er.)54 b(Th)m(us)38 b Fb(d)p Fu(?)f(puts)0 2019 -y(no)32 b(requiremen)m(ts)i(on)e(the)h(v)-5 b(alues)33 -b(whereas)h Fb(ok)f Fu(requires)g(that)f(the)h(t)m(w)m(o)g(v)-5 -b(alues)33 b(are)f(equal.)0 2139 y(As)h(an)g(aid)e(to)h(readabilit)m(y) -f(w)m(e)j(shall)d(often)i(write)244 2343 y Fs(v)300 2358 -y Fn(1)371 2343 y Ft(\021)g Fs(v)537 2358 y Fn(2)609 -2343 y Fu(rel)p 609 2356 V 32 w Fs(p)0 2547 y Fu(instead)i(of)g(rel)p -453 2560 V(\()p Fs(p)6 b Fu(\)\()p Fs(v)788 2562 y Fn(1)827 -2547 y Fu(,)36 b Fs(v)946 2562 y Fn(2)985 2547 y Fu(\))f(and)h(w)m(e)g -(shall)e(sa)m(y)j(that)e Fs(v)2070 2562 y Fn(1)2144 2547 -y Fs(and)46 b(v)2401 2562 y Fn(2)2475 2547 y Fs(ar)-5 -b(e)37 b(e)-5 b(qual)38 b(as)f(far)g(as)43 b(p)f(is)0 -2668 y(c)-5 b(onc)g(erne)g(d)42 b Fu(\(or)32 b(relativ)m(e)g(to)g -Fs(p)6 b Fu(\).)0 2928 y Fw(Prop)s(ert)m(y)37 b(states)0 -3113 y Fu(In)49 b(the)g(op)s(erational)d(and)i(denotational)f(seman)m -(tics)h(a)h(state)f(maps)h(v)-5 b(ariables)47 b(to)h(their)0 -3234 y(v)-5 b(alues.)43 b(In)30 b(the)h(analysis)e(the)i(coun)m -(terpart)g(of)f(this)g(will)e(b)s(e)i(a)g Fs(pr)-5 b(op)g(erty)33 -b(state)38 b Fu(whic)m(h)31 b(maps)0 3354 y(v)-5 b(ariables)28 -b(to)h(prop)s(erties,)h(that)f(is)f(essen)m(tially)h(a)g(function)g(in) -f Fw(V)-9 b(ar)29 b Ft(!)f Fw(P)p Fu(.)h(The)h(idea)f(is)g(that)0 -3475 y(the)35 b(initial)c(prop)s(ert)m(y)36 b(state)f(will)e(only)h -(map)g(the)h(input)f(v)-5 b(ariables)34 b(to)g Fb(ok)i -Fu(and)f(that)f(if)g(the)0 3595 y(\014nal)40 b(prop)s(ert)m(y)h(state)g -(is)f(acceptable)h(and)f(maps)g(all)f(output)h(v)-5 b(ariables)40 -b(to)g Fb(ok)h Fu(then)g(the)0 3715 y(output)33 b(of)f(the)h(statemen)m -(t)g(will)d(de\014nitely)j(b)s(e)f(functionally)f(dep)s(enden)m(t)j(on) -f(the)g(input.)146 3836 y(T)-8 b(o)42 b(mak)m(e)g(this)f(idea)g(w)m -(ork)i(w)m(e)g(ha)m(v)m(e)g(to)e(extend)i(the)f(prop)s(ert)m(y)h(state) -f(to)f(mo)s(del)f(one)0 3956 y(additional)34 b(phenomenon,)j(namely)f -(the)h(\\\015o)m(w)g(of)f(con)m(trol".)54 b(W)-8 b(e)37 -b(shall)e(illustrate)f(this)i(in)0 4077 y(Example)i(5.3)g(b)s(elo)m(w)g -(but)g(let)g(us)h(\014rst)g(in)m(tro)s(duce)f(some)g(notation)f(that)h -(will)e(handle)i(the)0 4197 y(problem.)k(The)32 b(set)g -Fw(PState)f Fu(of)g(prop)s(ert)m(y)g(states)i(ranged)e(o)m(v)m(er)h(b)m -(y)g(the)g(meta-v)-5 b(ariable)28 b Fs(ps)8 b Fu(,)0 -4317 y(is)32 b(de\014ned)i(b)m(y)244 4521 y Fw(PState)e -Fu(=)g(\()p Fw(V)-9 b(ar)32 b Ft([)h(f)p Fu(on-trac)m(k)p -Ft(g)p Fu(\))g Ft(!)f Fw(P)0 4725 y Fu(where)27 b(`on-trac)m(k')f(is)f -(a)g(sp)s(ecial)g(tok)m(en)i(used)g(to)e(mo)s(del)f(the)i(\\\015o)m(w)g -(of)f(con)m(trol".)40 b(If)26 b(`on-trac)m(k')0 4846 -y(is)42 b(mapp)s(ed)h(to)f Fb(ok)i Fu(this)e(means)h(that)g(the)g -(\\\015o)m(w)g(of)f(con)m(trol")g(only)h(dep)s(ends)h(up)s(on)f(the)0 -4966 y(v)-5 b(alues)33 b(of)g(the)h(input)f(v)-5 b(ariables;)33 -b(if)f(it)g(is)h(mapp)s(ed)g(to)g Fb(d)p Fu(?)h(this)f(need)i(not)e(b)s -(e)g(the)h(case.)47 b(F)-8 b(or)0 5086 y(a)32 b(prop)s(ert)m(y)i(state) -f Fs(ps)40 b Ft(2)33 b Fw(PState)f Fu(w)m(e)i(de\014ne)g(the)f(set)244 -5290 y(OK\()p Fs(ps)8 b Fu(\))32 b(=)g Ft(f)h Fs(x)44 -b Ft(2)33 b Fw(V)-9 b(ar)32 b Ft([)h(f)p Fu(on-trac)m(k)p -Ft(g)f(j)g Fs(ps)41 b(x)j Fu(=)33 b Fb(ok)g Ft(g)0 5494 -y Fu(of)f(\\v)-5 b(ariables")31 b(mapp)s(ed)h(to)g Fb(ok)i -Fu(and)e(w)m(e)i(sa)m(y)f(that)p eop -%%Page: 138 148 -138 147 bop 251 130 a Fw(138)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 527 515 a Fs(ps)41 -b Fu(is)32 b Fs(pr)-5 b(op)g(er)43 b Fu(if)31 b(and)i(only)f(if)f -Fs(ps)8 b Fu(\(on-trac)m(k\))33 b(=)f Fb(ok)p Fu(.)283 -711 y(If)h Fs(ps)40 b Fu(is)32 b(not)h(prop)s(er)g(w)m(e)g(shall)e -(sometimes)h(sa)m(y)h(that)g(it)e(is)h(improp)s(er.)430 -832 y(The)d(relationship)d(b)s(et)m(w)m(een)31 b(prop)s(ert)m(y)d -(states)i(and)e(states)h(is)f(giv)m(en)g(b)m(y)h(the)g(parameter-)283 -952 y(ized)k(relation:)527 1148 y(rel)p 527 1161 109 -4 v 15 x Fn(Stm)765 1148 y Fu(:)44 b Fw(PState)32 b Ft(!)g -Fu(\()p Fw(State)h Ft(\002)g Fw(State)f Ft(!)g Fw(T)p -Fu(\))283 1344 y(de\014ned)i(b)m(y)527 1700 y(rel)p 527 -1713 V 15 x Fn(Stm)765 1700 y Fu(\()p Fs(ps)8 b Fu(\)\()p -Fs(s)1025 1715 y Fn(1)1065 1700 y Fu(,)32 b Fs(s)1172 -1715 y Fn(2)1212 1700 y Fu(\))g(=)1391 1451 y Fg(8)1391 -1525 y(>)1391 1550 y(>)1391 1575 y(>)1391 1600 y(<)1391 -1749 y(>)1391 1774 y(>)1391 1799 y(>)1391 1824 y(:)1506 -1531 y Fw(tt)82 b Fu(if)31 b Fs(ps)41 b Fu(on-trac)m(k)33 -b(=)f Fb(d)p Fu(?)1676 1699 y(or)g Ft(8)h Fs(x)44 b Ft(2)33 -b Fw(V)-9 b(ar)32 b Ft(\\)h Fu(OK\()p Fs(ps)8 b Fu(\):)43 -b Fs(s)2822 1714 y Fn(1)2894 1699 y Fs(x)i Fu(=)32 b -Fs(s)3140 1714 y Fn(2)3212 1699 y Fs(x)1506 1866 y Fw(\013)105 -b Fu(otherwise)283 2056 y(and)39 b(again)d(w)m(e)j(ma)m(y)f(omit)f(the) -h(subscript)h(when)g(no)f(confusion)g(is)g(lik)m(ely)f(to)h(o)s(ccur.) -60 b(The)283 2176 y(relation)34 b(expresses)39 b(the)e(exten)m(t)g(to)e -(whic)m(h)i(t)m(w)m(o)f(states)h(are)f(allo)m(w)m(ed)f(to)g(di\013er)h -(as)g(far)f(as)h(a)283 2296 y(giv)m(en)30 b(prop)s(ert)m(y)g(state)g -(is)e(concerned.)45 b(If)29 b Fs(ps)37 b Fu(is)29 b(not)g(prop)s(er)g -(then)h(rel)p 2766 2309 V -1 w(\()p Fs(ps)8 b Fu(\))29 -b(will)e(hold)i(on)g(an)m(y)283 2417 y(t)m(w)m(o)h(states.)44 -b(Ho)m(w)m(ev)m(er,)32 b(if)c Fs(ps)37 b Fu(is)29 b(prop)s(er)g(then)h -(rel)p 2031 2430 V -1 w(\()p Fs(ps)8 b Fu(\))29 b(will)e(hold)i(on)g(t) -m(w)m(o)h(states)g(if)e(they)i(are)283 2537 y(equal)37 -b(on)f(the)g(v)-5 b(ariables)35 b(in)h(OK\()p Fs(ps)8 -b Fu(\).)54 b(Phrased)37 b(di\013eren)m(tly)-8 b(,)37 -b(w)m(e)h(ma)m(y)e(view)g Fs(ps)44 b Fu(as)37 b(a)f(pair)283 -2657 y(of)i(glasses)g(that)f(only)h(allo)m(ws)e(us)i(to)g(see)h(part)e -(of)g(the)i(states)f(and)g(rel)p 2853 2670 V -1 w(\()p -Fs(ps)8 b Fu(\)\()p Fs(s)3221 2672 y Fn(1)3261 2657 y -Fu(,)39 b Fs(s)3375 2672 y Fn(2)3414 2657 y Fu(\))f(means)283 -2778 y(that)32 b Fs(s)542 2793 y Fn(1)614 2778 y Fu(and)g -Fs(s)851 2793 y Fn(2)922 2778 y Fu(lo)s(ok)f(the)i(same)f(when)h(view)m -(ed)g(through)f(that)g(pair)f(of)g(glasses.)44 b(Again)31 -b(w)m(e)283 2898 y(shall)h(write)527 3094 y Fs(s)575 -3109 y Fn(1)647 3094 y Ft(\021)h Fs(s)805 3109 y Fn(2)877 -3094 y Fu(rel)p 877 3107 V 32 w Fs(ps)283 3290 y Fu(for)f(rel)p -432 3303 V(\()p Fs(ps)8 b Fu(\)\()p Fs(s)801 3305 y Fn(1)840 -3290 y Fu(,)33 b Fs(s)948 3305 y Fn(2)987 3290 y Fu(\).)283 -3508 y Fw(Example)k(5.2)49 b Fu(Let)33 b Fs(s)1161 3523 -y Fn(1)1200 3508 y Fu(,)g Fs(s)1308 3523 y Fn(2)1380 -3508 y Fu(and)g Fs(ps)40 b Fu(b)s(e)33 b(giv)m(en)f(b)m(y)527 -3704 y Fs(s)575 3719 y Fn(1)647 3704 y Fr(x)h Fu(=)g -Fw(1)f Fu(and)h Fs(s)1166 3719 y Fn(1)1238 3704 y Fs(y)41 -b Fu(=)33 b Fw(0)f Fu(for)g Fs(y)42 b Ft(2)33 b Fw(V)-9 -b(ar)p Ft(n)o(f)p Fr(x)p Ft(g)527 3872 y Fs(s)575 3887 -y Fn(2)647 3872 y Fr(x)33 b Fu(=)g Fw(2)f Fu(and)h Fs(s)1166 -3887 y Fn(2)1238 3872 y Fs(y)41 b Fu(=)33 b Fw(0)f Fu(for)g -Fs(y)42 b Ft(2)33 b Fw(V)-9 b(ar)p Ft(n)o(f)p Fr(x)p -Ft(g)527 4039 y Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(d)p Fu(?)h(and)f -Fs(ps)41 b(y)g Fu(=)33 b Fb(ok)g Fu(for)f Fs(y)42 b Ft(2)32 -b Fu(\()p Fw(V)-9 b(ar)32 b Ft([)h(f)p Fu(on-trac)m(k)p -Ft(g)p Fu(\))p Ft(nf)p Fr(x)p Ft(g)283 4235 y Fu(Then)h -Fs(s)586 4250 y Fn(1)658 4235 y Ft(\021)f Fs(s)816 4250 -y Fn(2)888 4235 y Fu(rel)p 888 4248 V 32 w Fs(ps)8 b -Fu(.)2527 b Fh(2)283 4454 y Fw(Example)37 b(5.3)49 b -Fu(T)-8 b(o)26 b(motiv)-5 b(ate)24 b(the)j(need)g(for)f(improp)s(er)e -(prop)s(ert)m(y)j(states,)i(that)d(is)f(the)i(need)283 -4574 y(for)32 b(`on-trac)m(k',)i(consider)e(the)h(follo)m(wing)d -(statemen)m(ts:)527 4770 y Fs(S)594 4785 y Fn(1)634 4770 -y Fu(:)97 b Fr(x)33 b Fu(:=)g Fr(1)527 4937 y Fs(S)594 -4952 y Fn(2)634 4937 y Fu(:)97 b Fr(x)33 b Fu(:=)g Fr(2)283 -5133 y Fu(It)g(w)m(ould)f(b)s(e)g(natural)f(to)h(exp)s(ect)h(that)f -(the)h(analysis)e(of)h Fs(S)2496 5148 y Fn(1)2567 5133 -y Fu(will)e(map)i(an)m(y)h(prop)s(ert)m(y)f(state)283 -5254 y Fs(ps)46 b Fu(to)36 b(the)i(prop)s(ert)m(y)g(state)g -Fs(ps)8 b Fu([)p Fr(x)p Ft(7!)o Fb(ok)p Fu(])38 b(since)g(a)f(constan)m -(t)h(v)-5 b(alue)37 b(cannot)g(dep)s(end)h(on)f(the)283 -5374 y(v)-5 b(alue)31 b(of)f(an)m(y)i(\(non-input\))e(v)-5 -b(ariable.)41 b(A)31 b(similar)d(argumen)m(t)j(holds)f(for)h -Fs(S)3079 5389 y Fn(2)3118 5374 y Fu(.)43 b(No)m(w)32 -b(consider)283 5494 y(the)h(statemen)m(ts)p eop -%%Page: 139 149 -139 148 bop 0 130 a Fw(5.1)112 b(Prop)s(erties)36 b(and)j(prop)s(ert)m -(y)e(states)1540 b(139)p 0 193 3473 4 v 244 515 a Fs(S)311 -530 y Fn(11)385 515 y Fu(:)98 b Fr(if)33 b(x)g Fu(=)f -Fr(1)h(then)h Fs(S)1226 530 y Fn(1)1297 515 y Fr(else)g -Fs(S)1602 530 y Fn(1)244 683 y Fs(S)311 698 y Fn(12)385 -683 y Fu(:)98 b Fr(if)33 b(x)g Fu(=)f Fr(1)h(then)h Fs(S)1226 -698 y Fn(1)1297 683 y Fr(else)g Fs(S)1602 698 y Fn(2)0 -874 y Fu(Again)h(w)m(e)i(ma)m(y)f(exp)s(ect)h(that)f(the)h(analysis)e -(of)h Fs(S)1901 889 y Fn(11)2012 874 y Fu(will)d(map)j(an)m(y)g(prop)s -(ert)m(y)h(state)g Fs(ps)44 b Fu(to)0 994 y(the)33 b(prop)s(ert)m(y)g -(state)g Fs(ps)8 b Fu([)p Fr(x)p Ft(7!)p Fb(ok)p Fu(],)34 -b(since)f Fs(S)1601 1009 y Fn(11)1708 994 y Fu(is)f(seman)m(tically)e -(equiv)-5 b(alen)m(t)33 b(to)f Fs(S)3014 1009 y Fn(1)3053 -994 y Fu(.)146 1114 y(Concerning)d Fs(S)724 1129 y Fn(12)827 -1114 y Fu(it)f(will)e(not)j(alw)m(a)m(ys)g(b)s(e)g(correct)g(for)f(the) -h(analysis)f(to)g(map)g(a)h(prop)s(ert)m(y)0 1235 y(state)k -Fs(ps)40 b Fu(to)33 b Fs(ps)8 b Fu([)p Fr(x)p Ft(7!)p -Fb(ok)p Fu(].)44 b(F)-8 b(or)31 b(an)i(example)f(supp)s(ose)i(that)e -Fs(ps)8 b Fu(,)33 b Fs(s)2465 1250 y Fn(1)2537 1235 y -Fu(and)g Fs(s)2775 1250 y Fn(2)2847 1235 y Fu(are)f(suc)m(h)i(that)244 -1425 y Fs(ps)40 b Fr(x)33 b Fu(=)f Fb(d)p Fu(?)h(and)g -Fs(ps)40 b(y)i Fu(=)32 b Fb(ok)h Fu(for)g Fs(y)41 b Ft(2)33 -b Fu(\()p Fw(V)-9 b(ar)32 b Ft([)h(f)p Fu(on-trac)m(k)p -Ft(g)p Fu(\))p Ft(nf)p Fr(x)p Ft(g)244 1593 y Fs(s)292 -1608 y Fn(1)364 1593 y Fr(x)g Fu(=)f Fw(1)h Fu(and)f -Fs(s)882 1608 y Fn(1)954 1593 y Fs(y)42 b Fu(=)32 b Fw(0)h -Fu(for)f Fs(y)41 b Ft(2)33 b Fw(V)-9 b(ar)p Ft(nf)p Fr(x)p -Ft(g)244 1761 y Fs(s)292 1776 y Fn(2)364 1761 y Fr(x)33 -b Fu(=)f Fw(2)h Fu(and)f Fs(s)882 1776 y Fn(2)954 1761 -y Fs(y)42 b Fu(=)32 b Fw(0)h Fu(for)f Fs(y)41 b Ft(2)33 -b Fw(V)-9 b(ar)p Ft(nf)p Fr(x)p Ft(g)0 1951 y Fu(Then)34 -b(Example)e(5.2)g(giv)m(es)244 2142 y Fs(s)292 2157 y -Fn(1)364 2142 y Ft(\021)h Fs(s)522 2157 y Fn(2)594 2142 -y Fu(rel)p 594 2155 109 4 v 32 w Fs(ps)0 2333 y Fu(but)50 -b Ft(S)264 2348 y Fn(ds)335 2333 y Fu([)-17 b([)q Fs(S)440 -2348 y Fn(12)514 2333 y Fu(])g(])q Fs(s)600 2348 y Fn(1)689 -2333 y Ft(\021)51 b(S)885 2348 y Fn(ds)956 2333 y Fu([)-17 -b([)p Fs(S)1060 2348 y Fn(12)1135 2333 y Fu(])g(])q Fs(s)1221 -2348 y Fn(2)1310 2333 y Fu(rel)p 1310 2346 V 49 w Fs(ps)8 -b Fu([)p Fr(x)p Ft(7!)p Fb(ok)p Fu(])51 b Fs(fails)57 -b Fu(b)s(ecause)52 b Ft(S)2627 2348 y Fn(ds)2698 2333 -y Fu([)-17 b([)p Fs(S)2802 2348 y Fn(12)2877 2333 y Fu(])g(])q -Fs(s)2963 2348 y Fn(1)3052 2333 y Fu(=)50 b Fs(s)3226 -2348 y Fn(1)3315 2333 y Fu(and)0 2453 y Ft(S)68 2468 -y Fn(ds)139 2453 y Fu([)-17 b([)q Fs(S)244 2468 y Fn(12)318 -2453 y Fu(])g(])q Fs(s)404 2468 y Fn(2)476 2453 y Fu(=)32 -b Fs(s)632 2468 y Fn(2)704 2453 y Fu(and)h Fs(s)942 2468 -y Fn(1)1014 2453 y Fr(x)g Ft(6)p Fu(=)f Fs(s)1254 2468 -y Fn(2)1326 2453 y Fr(x)p Fu(.)146 2573 y(Ho)m(w)m(ev)m(er,)j(from)c -(the)i(p)s(oin)m(t)f(of)g(view)g(of)g(the)h Fs(analysis)40 -b Fu(there)33 b(is)f(no)g(di\013erence)h(b)s(et)m(w)m(een)0 -2694 y Fs(S)67 2709 y Fn(1)137 2694 y Fu(and)d Fs(S)391 -2709 y Fn(2)461 2694 y Fu(b)s(ecause)i(neither)e(the)h(v)-5 -b(alue)30 b(of)g Fr(1)g Fu(nor)h Fr(2)f Fu(dep)s(ends)i(on)f(the)g(v)-5 -b(alues)30 b(of)g(the)h(input)0 2814 y(v)-5 b(ariables.)90 -b(Since)48 b(the)h(analysis)f(is)g(comp)s(ositionally)c(de\014ned)50 -b(this)e(means)g(that)h(there)0 2935 y(can)36 b(b)s(e)g(no)f -(di\013erence)h(b)s(et)m(w)m(een)i Fs(S)1342 2950 y Fn(11)1452 -2935 y Fu(and)e Fs(S)1712 2950 y Fn(12)1822 2935 y Fu(from)e(the)i(p)s -(oin)m(t)f(of)g(view)h(of)f(the)h(analysis.)0 3055 y(Therefore)27 -b(w)m(e)g(ha)m(v)m(e)g(to)e(accept)h(that)g(also)f(the)h(analysis)f(of) -g Fs(S)2284 3070 y Fn(11)2384 3055 y Fu(should)h Fs(not)35 -b Fu(allo)m(w)24 b(mapping)0 3175 y(an)32 b(arbitrary)g(prop)s(ert)m(y) -h(state)g Fs(ps)41 b Fu(to)32 b Fs(ps)8 b Fu([)p Fr(x)p -Ft(7!)p Fb(ok)p Fu(].)146 3296 y(The)38 b(di\013erence)g(b)s(et)m(w)m -(een)h Fs(S)1240 3311 y Fn(1)1316 3296 y Fu(and)e Fs(S)1577 -3311 y Fn(2)1653 3296 y Fu(arises)f(when)i(the)g(\\\015o)m(w)f(of)f -(con)m(trol")g(do)s(es)i(not)0 3416 y(dep)s(end)25 b(on)e(the)i(input)e -(v)-5 b(ariables)22 b(and)i(it)f(is)g(here)h(the)h(need)f(for)f(the)i -(sp)s(ecial)d(tok)m(en)j(`on-trac)m(k')0 3536 y(comes)33 -b(in.)44 b(W)-8 b(e)34 b(shall)e(transform)g(a)g(prop)s(ert)m(y)i -(state)g(in)m(to)e(an)h(improp)s(er)e(one,)j(b)m(y)g(mapping)0 -3657 y(`on-trac)m(k')39 b(to)f Fb(d)p Fu(?,)i(whenev)m(er)h(the)e -(\\\015o)m(w)g(of)f(con)m(trol")f(is)h(not)h(\\functionally)d(dep)s -(enden)m(t")0 3777 y(on)47 b(the)g(input)f(v)-5 b(ariables.)85 -b(Th)m(us)48 b(if)e Fs(ps)55 b Fr(x)46 b Fu(=)h Fb(d)p -Fu(?)g(then)g(it)f(is)g(the)i(test,)j Fr(x)c Fu(=)f Fr(1)p -Fu(,)51 b(in)46 b Fs(S)3398 3792 y Fn(11)0 3898 y Fu(and)33 -b Fs(S)257 3913 y Fn(12)365 3898 y Fu(that)g(will)d(b)s(e)k(resp)s -(onsible)f(for)f(mapping)g Fs(ps)41 b Fu(in)m(to)32 b(the)i(improp)s -(er)d(prop)s(ert)m(y)j(state)0 4018 y Fs(ps)8 b Fu([on-trac)m(k)p -Ft(7!)p Fb(d)p Fu(?])39 b(and)g(then)g(the)g(e\013ect)h(of)e(analysing) -g Fs(S)2235 4033 y Fn(1)2313 4018 y Fu(and)h Fs(S)2576 -4033 y Fn(2)2653 4018 y Fu(do)s(es)h(not)e(matter)g(as)0 -4138 y(long)31 b(as)i(an)g(improp)s(er)e(prop)s(ert)m(y)i(state)g(is)f -(not)g(mapp)s(ed)h(in)m(to)e(a)i(prop)s(er)f(one.)468 -b Fh(2)146 4350 y Fu(Our)33 b(next)g(task)g(will)d(b)s(e)j(to)f(endo)m -(w)i Fw(PState)e Fu(with)g(some)g(partially)e(ordered)j(structure)0 -4470 y(and)h(to)h(in)m(v)m(estigate)f(the)h(prop)s(erties)f(of)g(rel)p -1543 4483 V 1651 4485 a Fn(Stm)1781 4470 y Fu(.)49 b(Concerning)35 -b(the)f(former)g(this)g(will)e(b)s(e)i(an)0 4590 y(instance)f(of)f(a)g -(general)g(pro)s(cedure:)p 0 4711 3473 5 v 0 4872 a Fw(Lemma)37 -b(5.4)49 b Fu(Assume)43 b(that)f Fs(S)54 b Fu(is)41 b(a)h(non-empt)m(y) -g(set)h(and)f(that)f(\()p Fs(D)9 b Fu(,)42 b Ft(v)q Fu(\))g(is)f(a)h -(partially)0 4993 y(ordered)33 b(set.)44 b(Let)33 b Ft(v)795 -4957 y Fi(0)851 4993 y Fu(b)s(e)f(the)h(ordering)f(on)h(the)g(set)g -Fs(S)12 b Ft(!)o Fs(D)42 b Fu(de\014ned)34 b(b)m(y)244 -5183 y Fs(f)295 5198 y Fn(1)367 5183 y Ft(v)444 5147 -y Fi(0)500 5183 y Fs(f)551 5198 y Fn(2)623 5183 y Fu(if)d(and)i(only)f -(if)g Fs(f)1256 5198 y Fn(1)1328 5183 y Fs(x)45 b Ft(v)33 -b Fs(f)1579 5198 y Fn(2)1651 5183 y Fs(x)44 b Fu(for)32 -b(all)e Fs(x)45 b Ft(2)33 b Fs(S)0 5374 y Fu(Then)i(\()p -Fs(S)12 b Ft(!)o Fs(D)d Fu(,)33 b Ft(v)681 5338 y Fi(0)704 -5374 y Fu(\))g(is)g(a)g(partially)e(ordered)j(set.)47 -b(F)-8 b(urthermore,)33 b(\()p Fs(S)12 b Ft(!)o Fs(D)d -Fu(,)34 b Ft(v)2914 5338 y Fi(0)2938 5374 y Fu(\))f(is)g(a)g(ccp)s(o)h -(if)0 5494 y Fs(D)42 b Fu(is)32 b(and)g(it)g(is)g(a)g(complete)g -(lattice)f(if)h Fs(D)41 b Fu(is.)i(In)33 b(b)s(oth)f(cases)i(w)m(e)g -(ha)m(v)m(e)p eop -%%Page: 140 150 -140 149 bop 251 130 a Fw(140)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 527 515 a Fu(\()565 -449 y Fg(F)634 479 y Fi(0)658 515 y Fs(Y)19 b Fu(\))33 -b Fs(x)44 b Fu(=)1018 449 y Fg(F)1119 515 y Ft(f)33 b -Fs(f)53 b(x)44 b Ft(j)33 b Fs(f)53 b Ft(2)33 b Fs(Y)52 -b Ft(g)283 715 y Fu(so)33 b(that)g(least)f(upp)s(er)h(b)s(ounds)g(are)g -(determined)f(p)s(oin)m(t)m(wise.)p 283 835 3473 5 v -283 1034 a Fw(Pro)s(of:)48 b Fu(It)41 b(is)g(straigh)m(tforw)m(ard)g -(to)g(v)m(erify)h(that)f Ft(v)2255 998 y Fi(0)2320 1034 -y Fu(is)g(a)g(partial)e(order)i(so)h(w)m(e)g(omit)d(the)283 -1155 y(details.)50 b(W)-8 b(e)35 b(shall)f(\014rst)h(pro)m(v)m(e)h(the) -g(lemma)d(in)h(the)h(case)h(where)g Fs(D)44 b Fu(is)34 -b(a)h(complete)f(lattice)283 1275 y(so)f(let)f Fs(Y)52 -b Fu(b)s(e)33 b(a)f(subset)j(of)d Fs(S)44 b Ft(!)32 b -Fs(D)9 b Fu(.)33 b(Then)g(the)g(form)m(ula)527 1474 y(\()565 -1408 y Fg(F)634 1438 y Fi(0)658 1474 y Fs(Y)19 b Fu(\))33 -b Fs(x)44 b Fu(=)1018 1408 y Fg(F)1119 1474 y Ft(f)33 -b Fs(f)53 b(x)44 b Ft(j)33 b Fs(f)53 b Ft(2)33 b Fs(Y)52 -b Ft(g)283 1674 y Fu(de\014nes)33 b(an)e(elemen)m(t)1094 -1607 y Fg(F)1164 1637 y Fi(0)1187 1674 y Fs(Y)50 b Fu(of)31 -b Fs(S)42 b Ft(!)31 b Fs(D)39 b Fu(b)s(ecause)32 b Fs(D)40 -b Fu(b)s(eing)30 b(a)h(complete)f(lattice)f(means)i(that)283 -1728 y Fg(F)353 1794 y Ft(f)43 b Fs(f)64 b(x)55 b Ft(j)43 -b Fs(f)64 b Ft(2)44 b Fs(Y)63 b Ft(g)43 b Fu(exists)h(for)f(all)e -Fs(x)55 b Fu(of)43 b Fs(S)12 b Fu(.)43 b(This)g(sho)m(ws)i(that)2834 -1728 y Fg(F)2904 1758 y Fi(0)2927 1794 y Fs(Y)63 b Fu(is)43 -b(a)g Fs(wel)5 b(l-de\014ne)-5 b(d)283 1914 y Fu(elemen)m(t)38 -b(of)e Fs(S)49 b Ft(!)37 b Fs(D)9 b Fu(.)37 b(T)-8 b(o)38 -b(see)g(that)1679 1848 y Fg(F)1748 1878 y Fi(0)1772 1914 -y Fs(Y)56 b Fu(is)37 b(an)g Fs(upp)-5 b(er)39 b(b)-5 -b(ound)48 b Fu(of)36 b Fs(Y)57 b Fu(let)37 b Fs(f)3151 -1929 y Fn(0)3223 1914 y Ft(2)c Fs(Y)56 b Fu(and)38 b(w)m(e)283 -2035 y(shall)c(sho)m(w)i(that)f Fs(f)1023 2050 y Fn(0)1097 -2035 y Ft(v)1175 1999 y Fi(0)1233 1968 y Fg(F)1302 1999 -y Fi(0)1325 2035 y Fs(Y)20 b Fu(.)35 b(This)g(amoun)m(ts)g(to)g -(considering)f(an)h(arbitrary)f Fs(x)47 b Fu(in)34 b -Fs(S)47 b Fu(and)283 2155 y(sho)m(wing)527 2354 y Fs(f)578 -2369 y Fn(0)650 2354 y Fs(x)e Ft(v)850 2288 y Fg(F)919 -2354 y Ft(f)32 b Fs(f)53 b(x)45 b Ft(j)32 b Fs(f)53 b -Ft(2)33 b Fs(Y)53 b Ft(g)283 2554 y Fu(and)34 b(this)g(is)f(immediate)f -(b)s(ecause)1606 2487 y Fg(F)1709 2554 y Fu(is)h(the)h(least)g(upp)s -(er)g(b)s(ound)g(op)s(eration)f(in)g Fs(D)9 b Fu(.)34 -b(T)-8 b(o)34 b(see)283 2674 y(that)500 2608 y Fg(F)569 -2638 y Fi(0)592 2674 y Fs(Y)57 b Fu(is)37 b(the)h Fs(le)-5 -b(ast)46 b Fu(upp)s(er)38 b(b)s(ound)g(of)f Fs(Y)57 b -Fu(let)36 b Fs(f)2261 2689 y Fn(1)2338 2674 y Fu(b)s(e)i(an)f(upp)s(er) -h(b)s(ound)f(of)g Fs(Y)57 b Fu(and)38 b(w)m(e)283 2794 -y(shall)32 b(sho)m(w)h(that)965 2728 y Fg(F)1034 2758 -y Fi(0)1057 2794 y Fs(Y)52 b Ft(v)1259 2758 y Fi(0)1315 -2794 y Fs(f)1366 2809 y Fn(1)1405 2794 y Fu(.)43 b(This)33 -b(amoun)m(ts)g(to)f(sho)m(wing)527 2927 y Fg(F)597 2994 -y Ft(f)g Fs(f)53 b(x)45 b Ft(j)32 b Fs(f)53 b Ft(2)33 -b Fs(Y)52 b Ft(g)33 b(v)g Fs(f)1462 3009 y Fn(1)1534 -2994 y Fs(x)283 3193 y Fu(for)c(an)g(arbitrary)f Fs(x)41 -b Ft(2)29 b Fs(S)12 b Fu(.)29 b(Ho)m(w)m(ev)m(er,)j(this)d(is)f -(immediate)f(b)s(ecause)j Fs(f)2856 3208 y Fn(1)2924 -3193 y Fs(x)41 b Fu(m)m(ust)29 b(b)s(e)g(an)g(upp)s(er)283 -3313 y(b)s(ound)j(of)e Ft(f)h Fs(f)52 b(x)43 b Ft(j)31 -b Fs(f)51 b Ft(2)32 b Fs(Y)51 b Ft(g)30 b Fu(and)i(b)s(ecause)1932 -3247 y Fg(F)2032 3313 y Fu(is)f(the)g(least)g(upp)s(er)g(b)s(ound)h(op) -s(eration)e(in)g Fs(D)9 b Fu(.)430 3434 y(T)-8 b(o)34 -b(pro)m(v)m(e)i(the)f(other)g(part)f(of)g(the)h(lemma)d(assume)j(that)g -Fs(D)43 b Fu(is)34 b(a)g(ccp)s(o)h(and)g(that)f Fs(Y)54 -b Fu(is)283 3554 y(a)33 b(c)m(hain)f(in)g Fs(S)44 b Ft(!)32 -b Fs(D)9 b Fu(.)33 b(The)h(form)m(ula)527 3753 y(\()565 -3687 y Fg(F)634 3717 y Fi(0)658 3753 y Fs(Y)19 b Fu(\))33 -b Fs(x)44 b Fu(=)1018 3687 y Fg(F)1119 3753 y Ft(f)33 -b Fs(f)53 b(x)44 b Ft(j)33 b Fs(f)53 b Ft(2)33 b Fs(Y)52 -b Ft(g)283 3953 y Fu(de\014nes)43 b(an)e(elemen)m(t)1125 -3886 y Fg(F)1194 3917 y Fi(0)1218 3953 y Fs(Y)60 b Fu(of)41 -b Fs(S)53 b Ft(!)41 b Fs(D)9 b Fu(:)41 b(eac)m(h)h Ft(f)f -Fs(f)62 b(x)52 b Ft(j)41 b Fs(f)62 b Ft(2)42 b Fs(Y)60 -b Ft(g)41 b Fu(will)e(b)s(e)i(a)g(c)m(hain)g(in)f Fs(D)283 -4073 y Fu(b)s(ecause)32 b Fs(Y)50 b Fu(is)30 b(a)g(c)m(hain)g(and)g -(hence)i(eac)m(h)1867 4007 y Fg(F)1937 4073 y Ft(f)e -Fs(f)51 b(x)42 b Ft(j)30 b Fs(f)51 b Ft(2)31 b Fs(Y)50 -b Ft(g)30 b Fu(exists)h(b)s(ecause)g Fs(D)40 b Fu(is)29 -b(a)h(ccp)s(o.)283 4194 y(That)527 4127 y Fg(F)597 4157 -y Fi(0)620 4194 y Fs(Y)52 b Fu(is)32 b(the)h(least)f(upp)s(er)h(b)s -(ound)g(of)f Fs(Y)52 b Fu(in)32 b Fs(S)45 b Ft(!)32 b -Fs(D)41 b Fu(follo)m(ws)32 b(as)g(ab)s(o)m(v)m(e.)457 -b Fh(2)430 4397 y Fu(Instan)m(tiating)31 b Fs(S)45 b -Fu(to)32 b(b)s(e)h Fw(V)-9 b(ar)32 b Ft([)h(f)p Fu(on-trac)m(k)p -Ft(g)f Fu(and)h Fs(D)41 b Fu(to)32 b(b)s(e)h Fw(P)f Fu(w)m(e)i(get:)p -283 4517 V 283 4688 a Fw(Corollary)i(5.5)49 b Fu(Let)33 -b Ft(v)1226 4703 y Fn(PS)1349 4688 y Fu(b)s(e)g(the)g(ordering)f(on)g -Fw(PState)h Fu(de\014ned)h(b)m(y)527 4887 y Fs(ps)625 -4902 y Fn(1)694 4887 y Ft(v)772 4902 y Fn(PS)893 4887 -y Fs(ps)991 4902 y Fn(2)1060 4887 y Fu(if)28 b(and)i(only)g(if)e -Fs(ps)1729 4902 y Fn(1)1798 4887 y Fs(x)42 b Ft(v)1962 -4902 y Fn(P)2044 4887 y Fs(ps)2142 4902 y Fn(2)2211 4887 -y Fs(x)f Fu(for)30 b(all)d Fs(x)42 b Ft(2)30 b Fw(V)-9 -b(ar)29 b Ft([)h(f)p Fu(on-trac)m(k)p Ft(g)283 5086 y -Fu(Then)40 b(\()p Fw(PState)p Fu(,)f Ft(v)1057 5101 y -Fn(PS)1149 5086 y Fu(\))e(is)h(a)g(complete)f(lattice.)59 -b(In)38 b(particular,)g(the)g(least)g(upp)s(er)h(b)s(ound)283 -5140 y Fg(F)353 5221 y Fn(PS)444 5206 y Fs(Y)52 b Fu(of)32 -b(a)h(subset)h Fs(Y)52 b Fu(of)32 b Fw(PState)g Fu(is)g(c)m -(haracterized)i(b)m(y)552 5374 y(\()590 5308 y Fg(F)659 -5389 y Fn(PS)751 5374 y Fs(Y)19 b Fu(\))33 b Fs(x)44 -b Fu(=)1111 5308 y Fg(F)1180 5389 y Fn(P)1264 5374 y -Ft(f)33 b Fs(ps)40 b(x)k Ft(j)33 b Fs(ps)40 b Ft(2)33 -b Fs(Y)52 b Ft(g)p 283 5494 V eop -%%Page: 141 151 -141 150 bop 0 130 a Fw(5.1)112 b(Prop)s(erties)36 b(and)j(prop)s(ert)m -(y)e(states)1540 b(141)p 0 193 3473 4 v 146 515 a Fu(W)-8 -b(e)28 b(shall)e(write)h Fb(lost)g Fu(for)g(the)h(prop)s(ert)m(y)g -(state)f Fs(ps)36 b Fu(that)27 b(maps)g(all)e(v)-5 b(ariables)26 -b(to)h Fb(d)p Fu(?)g(and)0 636 y(that)38 b(maps)f(`on-trac)m(k')h(to)g -Fb(d)p Fu(?.)59 b(Similarly)-8 b(,)35 b(w)m(e)k(shall)d(write)i -Fb(init)g Fu(for)f(the)h(prop)s(ert)m(y)h(state)0 756 -y(that)c(maps)h(all)d(v)-5 b(ariables)34 b(to)i Fb(ok)g -Fu(and)f(that)h(maps)f(`on-trac)m(k')h(to)f Fb(ok)p Fu(.)53 -b(Note)36 b(that)f Fb(init)h Fu(is)0 877 y(the)d Fs(le)-5 -b(ast)35 b(element)41 b Fu(of)32 b Fw(PState)p Fu(.)0 -1105 y Fw(Exercise)k(5.6)49 b(\(Essen)m(tial\))31 b Fu(Sho)m(w)i(that) -244 1308 y Fs(ps)342 1323 y Fn(1)414 1308 y Ft(v)491 -1323 y Fn(PS)615 1308 y Fs(ps)713 1323 y Fn(2)785 1308 -y Fu(if)e(and)i(only)f(if)g(OK\()p Fs(ps)1656 1323 y -Fn(1)1694 1308 y Fu(\))h Ft(\023)g Fu(OK\()p Fs(ps)2163 -1323 y Fn(2)2202 1308 y Fu(\))0 1512 y(Next)g(sho)m(w)h(that)244 -1715 y(OK\()434 1649 y Fg(F)503 1730 y Fn(PS)627 1715 -y Fs(Y)19 b Fu(\))33 b(=)897 1649 y Fg(T)966 1715 y Ft(f)g -Fu(OK\()p Fs(ps)8 b Fu(\))32 b Ft(j)g Fs(ps)40 b Ft(2)33 -b Fs(Y)52 b Ft(g)0 1918 y Fu(whenev)m(er)35 b Fs(Y)52 -b Fu(is)32 b(a)h(non-empt)m(y)f(subset)j(of)d Fw(PState)p -Fu(.)1409 b Fh(2)0 2178 y Fw(Prop)s(erties)36 b(of)i(rel)p -676 2191 129 4 v 0 2363 a Fu(T)-8 b(o)36 b(study)i(the)e(prop)s(erties) -h(of)e(the)i(parameterized)f(relation)e(rel)p 2339 2376 -109 4 v 36 w(w)m(e)j(need)h(a)e(notion)f(of)g(an)0 2483 -y(equiv)-5 b(alence)33 b(relation.)41 b(A)33 b(relation)244 -2687 y Fs(R)t Fu(:)g Fs(E)44 b Ft(\002)33 b Fs(E)45 b -Ft(!)32 b Fw(T)0 2890 y Fu(is)g(an)h Fs(e)-5 b(quivalenc)g(e)33 -b(r)-5 b(elation)40 b Fu(on)32 b(a)g(set)i Fs(E)45 b -Fu(if)31 b(and)i(only)f(if)294 3085 y Fs(R)t Fu(\()p -Fs(e)459 3100 y Fn(1)498 3085 y Fu(,)h Fs(e)610 3100 -y Fn(1)650 3085 y Fu(\))1416 b(\(re\015exivit)m(y\))294 -3253 y Fs(R)t Fu(\()p Fs(e)459 3268 y Fn(1)498 3253 y -Fu(,)33 b Fs(e)610 3268 y Fn(2)650 3253 y Fu(\))f(and)h -Fs(R)t Fu(\()p Fs(e)1075 3268 y Fn(2)1115 3253 y Fu(,)f -Fs(e)1226 3268 y Fn(3)1266 3253 y Fu(\))g(imply)f Fs(R)t -Fu(\()p Fs(e)1775 3268 y Fn(1)1815 3253 y Fu(,)i Fs(e)1927 -3268 y Fn(3)1966 3253 y Fu(\))100 b(\(transitivit)m(y\))294 -3420 y Fs(R)t Fu(\()p Fs(e)459 3435 y Fn(1)498 3420 y -Fu(,)33 b Fs(e)610 3435 y Fn(2)650 3420 y Fu(\))f(implies)e -Fs(R)t Fu(\()p Fs(e)1216 3435 y Fn(2)1256 3420 y Fu(,)j -Fs(e)1368 3435 y Fn(1)1407 3420 y Fu(\))659 b(\(symmetry\))0 -3617 y(for)32 b(all)f Fs(e)337 3632 y Fn(1)376 3617 y -Fu(,)i Fs(e)488 3632 y Fn(2)560 3617 y Fu(and)g Fs(e)802 -3632 y Fn(3)874 3617 y Fu(of)f Fs(E)12 b Fu(.)0 3845 -y Fw(Exercise)36 b(5.7)49 b Fu(Sho)m(w)39 b(that)f(rel)p -1115 3858 V 1223 3860 a Fn(Aexp)1388 3845 y Fu(\()p Fs(p)6 -b Fu(\),)39 b(rel)p 1586 3858 V 1694 3860 a Fn(Bexp)1856 -3845 y Fu(\()p Fs(p)6 b Fu(\))38 b(and)g(rel)p 2221 3858 -V 2329 3860 a Fn(Stm)2459 3845 y Fu(\()p Fs(ps)8 b Fu(\))38 -b(are)f(equiv)-5 b(alence)39 b(re-)0 3966 y(lations)31 -b(for)h(all)e(c)m(hoices)k(of)e Fs(p)38 b Ft(2)33 b Fw(P)f -Fu(and)h Fs(ps)40 b Ft(2)33 b Fw(PState)p Fu(.)1285 b -Fh(2)146 4194 y Fu(Eac)m(h)33 b(of)e(rel)p 498 4207 V -606 4209 a Fn(Aexp)771 4194 y Fu(,)h(rel)p 830 4207 V -938 4209 a Fn(Bexp)1132 4194 y Fu(and)f(rel)p 1320 4207 -V 15 x Fn(Stm)1590 4194 y Fu(are)h(examples)f(of)g(parameterized)g -(\(equiv)-5 b(alence\))0 4314 y(relations.)42 b(In)33 -b(general)f(a)g Fs(p)-5 b(ar)g(ameterize)g(d)34 b(r)-5 -b(elation)39 b Fu(is)33 b(of)f(the)h(form)244 4518 y -Ft(R)p Fu(:)44 b Fs(D)d Ft(!)32 b Fu(\()p Fs(E)45 b Ft(\002)33 -b Fs(E)45 b Ft(!)32 b Fw(T)p Fu(\))0 4721 y(where)e(\()p -Fs(D)9 b Fu(,)30 b Ft(v)p Fu(\))f(is)g(a)g(partially)e(ordered)j(set,)g -Fs(E)42 b Fu(is)29 b(a)g(set)h(and)f(eac)m(h)h Ft(R)q -Fu(\()p Fs(d)10 b Fu(\))29 b(is)f(a)h(relation.)41 b(W)-8 -b(e)0 4842 y(shall)31 b(sa)m(y)j(that)e(a)g(parameterized)g(relation)f -Ft(R)i Fu(is)f(a)g Fs(Kripke-r)-5 b(elation)39 b Fu(if)244 -5045 y Fs(d)304 5060 y Fn(1)376 5045 y Ft(v)33 b Fs(d)546 -5060 y Fn(2)618 5045 y Fu(implies)d(that)j(for)f(all)e -Fs(e)1497 5060 y Fn(1)1537 5045 y Fu(,)i Fs(e)1648 5060 -y Fn(2)1721 5045 y Ft(2)h Fs(E)12 b Fu(:)949 5213 y(if)32 -b Ft(R)p Fu(\()p Fs(d)1221 5228 y Fn(1)1261 5213 y Fu(\)\()p -Fs(e)1389 5228 y Fn(1)1428 5213 y Fu(,)h Fs(e)1540 5228 -y Fn(2)1579 5213 y Fu(\))g(then)g Ft(R)q Fu(\()p Fs(d)2055 -5228 y Fn(2)2094 5213 y Fu(\)\()p Fs(e)2222 5228 y Fn(1)2262 -5213 y Fu(,)f Fs(e)2373 5228 y Fn(2)2413 5213 y Fu(\))0 -5416 y(Note)h(that)f(this)g(is)g(a)h(kind)f(of)g(monotonicit)m(y)f -(prop)s(ert)m(y)-8 b(.)p eop -%%Page: 142 152 -142 151 bop 251 130 a Fw(142)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 283 515 3473 -5 v 283 702 a(Lemma)i(5.8)49 b Fu(rel)p 873 715 109 4 -v 981 717 a Fn(Stm)1143 702 y Fu(is)32 b(a)g(Kripk)m(e-relation.)p -283 822 3473 5 v 283 1036 a Fw(Pro)s(of:)38 b Fu(Let)32 -b Fs(ps)896 1051 y Fn(1)968 1036 y Fu(and)h Fs(ps)1256 -1051 y Fn(2)1328 1036 y Fu(b)s(e)g(suc)m(h)h(that)e Fs(ps)1990 -1051 y Fn(1)2062 1036 y Ft(v)2139 1051 y Fn(PS)2263 1036 -y Fs(ps)2361 1051 y Fn(2)2433 1036 y Fu(and)h(assume)g(that)527 -1250 y Fs(s)575 1265 y Fn(1)647 1250 y Ft(\021)g Fs(s)805 -1265 y Fn(2)877 1250 y Fu(rel)p 877 1263 109 4 v 32 w -Fs(ps)1116 1265 y Fn(1)283 1463 y Fu(holds)g(for)f(all)e(states)k -Fs(s)1149 1478 y Fn(1)1221 1463 y Fu(and)e Fs(s)1458 -1478 y Fn(2)1498 1463 y Fu(.)43 b(W)-8 b(e)33 b(m)m(ust)g(sho)m(w)527 -1677 y Fs(s)575 1692 y Fn(1)647 1677 y Ft(\021)g Fs(s)805 -1692 y Fn(2)877 1677 y Fu(rel)p 877 1690 V 32 w Fs(ps)1116 -1692 y Fn(2)283 1890 y Fu(If)40 b Fs(ps)486 1905 y Fn(2)565 -1890 y Fu(on-trac)m(k)g(=)g Fb(d)p Fu(?)g(this)f(is)g(immediate)e(from) -i(the)h(de\014nition)f(of)g(rel)p 2979 1903 V 3087 1905 -a Fn(Stm)3217 1890 y Fu(.)65 b(So)39 b(assume)283 2011 -y(that)33 b Fs(ps)593 2026 y Fn(2)665 2011 y Fu(on-trac)m(k)f(=)h -Fb(ok)p Fu(.)44 b(In)33 b(this)f(case)i(w)m(e)f(m)m(ust)g(sho)m(w)527 -2224 y Ft(8)q Fs(x)44 b Ft(2)33 b Fu(OK\()p Fs(ps)1059 -2239 y Fn(2)1098 2224 y Fu(\))f Ft(\\)h Fw(V)-9 b(ar)p -Fu(:)43 b Fs(s)1561 2239 y Fn(1)1633 2224 y Fs(x)i Fu(=)32 -b Fs(s)1879 2239 y Fn(2)1951 2224 y Fs(x)283 2438 y Fu(Since)g -Fs(ps)635 2453 y Fn(1)706 2438 y Ft(v)784 2453 y Fn(PS)907 -2438 y Fs(ps)1005 2453 y Fn(2)1076 2438 y Fu(and)g Fs(ps)1363 -2453 y Fn(2)1434 2438 y Fu(on-trac)m(k)g(=)g Fb(ok)g -Fu(it)f(m)m(ust)h(b)s(e)g(the)g(case)h(that)e Fs(ps)3235 -2453 y Fn(1)3306 2438 y Fu(on-trac)m(k)h(is)283 2558 -y Fb(ok)p Fu(.)45 b(F)-8 b(rom)31 b Fs(s)785 2573 y Fn(1)857 -2558 y Ft(\021)i Fs(s)1015 2573 y Fn(2)1087 2558 y Fu(rel)p -1087 2571 V 32 w Fs(ps)1326 2573 y Fn(1)1397 2558 y Fu(w)m(e)h -(therefore)f(get)527 2772 y Ft(8)q Fs(x)44 b Ft(2)33 -b Fu(OK\()p Fs(ps)1059 2787 y Fn(1)1098 2772 y Fu(\))f -Ft(\\)h Fw(V)-9 b(ar)p Fu(:)43 b Fs(s)1561 2787 y Fn(1)1633 -2772 y Fs(x)i Fu(=)32 b Fs(s)1879 2787 y Fn(2)1951 2772 -y Fs(x)283 2986 y Fu(F)-8 b(rom)38 b(Exercise)i(5.6)f(and)g(the)g -(assumption)f Fs(ps)2090 3001 y Fn(1)2168 2986 y Ft(v)2246 -3001 y Fn(PS)2376 2986 y Fs(ps)2474 3001 y Fn(2)2552 -2986 y Fu(w)m(e)i(get)f(OK\()p Fs(ps)3159 3001 y Fn(1)3198 -2986 y Fu(\))g Ft(\023)g Fu(OK\()p Fs(ps)3679 3001 y -Fn(2)3718 2986 y Fu(\))283 3106 y(and)33 b(thereb)m(y)h(w)m(e)g(get)f -(the)g(desired)g(result.)1784 b Fh(2)283 3434 y Fw(Exercise)37 -b(5.9)49 b(\(Essen)m(tial\))29 b Fu(Sho)m(w)k(that)f(rel)p -1938 3447 V 2046 3449 a Fn(Aexp)2243 3434 y Fu(and)f(rel)p -2431 3447 V 15 x Fn(Bexp)2734 3434 y Fu(are)g(Kripk)m(e-relations.)74 -b Fh(2)283 3779 y Fj(5.2)161 b(The)53 b(analysis)283 -4002 y Fu(When)43 b(sp)s(ecifying)d(the)i(analysis)f(w)m(e)h(shall)e(b) -s(e)i(concerned)h(with)e(expressions)i(as)e(w)m(ell)g(as)283 -4123 y(statemen)m(ts.)283 4424 y Fp(Expressions)283 4613 -y Fu(The)c(analysis)e(of)h(an)f(arithmetic)f(expression)j -Fs(a)43 b Fu(will)33 b(b)s(e)j(sp)s(eci\014ed)h(b)m(y)g(a)e(\(total\))f -(function)283 4733 y Ft(P)8 b(A)q Fu([)-17 b([)p Fs(a)7 -b Fu(])-17 b(])33 b(from)f(prop)s(ert)m(y)h(states)h(to)e(prop)s -(erties:)527 4947 y Ft(P)8 b(A)p Fu(:)44 b Fw(Aexp)33 -b Ft(!)f Fu(\()p Fw(PState)g Ft(!)g Fw(P)p Fu(\))283 -5160 y(Similarly)-8 b(,)21 b(the)j(analysis)e(of)g(a)h(b)s(o)s(olean)e -(expression)k Fs(b)j Fu(will)21 b(b)s(e)i(de\014ned)i(b)m(y)e(a)g -(\(total\))e(function)283 5281 y Ft(P)8 b(B)t Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(])33 b(from)e(prop)s(ert)m(y)j(states)f(to)f -(prop)s(erties:)527 5494 y Ft(P)8 b(B)t Fu(:)44 b Fw(Bexp)32 -b Ft(!)h Fu(\()p Fw(PState)f Ft(!)g Fw(P)p Fu(\))p eop -%%Page: 143 153 -143 152 bop 0 130 a Fw(5.2)112 b(The)38 b(analysis)2439 -b(143)p 0 193 3473 4 v 0 419 V 0 3216 4 2798 v 432 618 -a Ft(P)8 b(A)p Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])p -Fs(ps)382 b Fu(=)1373 444 y Fg(8)1373 519 y(<)1373 668 -y(:)1488 534 y Fb(ok)84 b Fu(if)31 b Fs(ps)41 b Fu(on-trac)m(k)33 -b(=)f Fb(ok)1488 701 y(d)p Fu(?)102 b(otherwise)432 971 -y Ft(P)8 b(A)p Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])p -Fs(ps)387 b Fu(=)1373 796 y Fg(8)1373 871 y(<)1373 1020 -y(:)1488 886 y Fs(ps)41 b(x)95 b Fu(if)31 b Fs(ps)40 -b Fu(on-trac)m(k)33 b(=)g Fb(ok)1488 1053 y(d)p Fu(?)163 -b(otherwise)432 1233 y Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)684 -1248 y Fn(1)756 1233 y Fu(+)32 b Fs(a)921 1248 y Fn(2)961 -1233 y Fu(])-17 b(])p Fs(ps)110 b Fu(=)99 b(\()p Ft(P)8 -b(A)p Fu([)-17 b([)q Fs(a)1663 1248 y Fn(1)1702 1233 -y Fu(])g(])q Fs(ps)8 b Fu(\))32 b Ft(t)1975 1248 y Fn(P)2059 -1233 y Fu(\()p Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)2349 -1248 y Fn(2)2389 1233 y Fu(])g(])p Fs(ps)8 b Fu(\))432 -1424 y Ft(P)g(A)p Fu([)-17 b([)q Fs(a)684 1439 y Fn(1)756 -1424 y Fo(?)32 b Fs(a)894 1439 y Fn(2)934 1424 y Fu(])-17 -b(])p Fs(ps)137 b Fu(=)99 b(\()p Ft(P)8 b(A)p Fu([)-17 -b([)q Fs(a)1663 1439 y Fn(1)1702 1424 y Fu(])g(])q Fs(ps)8 -b Fu(\))32 b Ft(t)1975 1439 y Fn(P)2059 1424 y Fu(\()p -Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)2349 1439 y Fn(2)2389 -1424 y Fu(])g(])p Fs(ps)8 b Fu(\))432 1615 y Ft(P)g(A)p -Fu([)-17 b([)q Fs(a)684 1630 y Fn(1)756 1615 y Ft(\000)33 -b Fs(a)923 1630 y Fn(2)962 1615 y Fu(])-17 b(])q Fs(ps)108 -b Fu(=)99 b(\()p Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)1663 -1630 y Fn(1)1702 1615 y Fu(])g(])q Fs(ps)8 b Fu(\))32 -b Ft(t)1975 1630 y Fn(P)2059 1615 y Fu(\()p Ft(P)8 b(A)p -Fu([)-17 b([)q Fs(a)2349 1630 y Fn(2)2389 1615 y Fu(])g(])p -Fs(ps)8 b Fu(\))432 1967 y Ft(P)g(B)t Fu([)-17 b([)p -Fr(true)p Fu(])g(])r Fs(ps)250 b Fu(=)1373 1793 y Fg(8)1373 -1868 y(<)1373 2017 y(:)1488 1883 y Fb(ok)84 b Fu(if)31 -b Fs(ps)41 b Fu(on-trac)m(k)33 b(=)f Fb(ok)1488 2050 -y(d)p Fu(?)102 b(otherwise)432 2320 y Ft(P)8 b(B)t Fu([)-17 -b([)p Fr(false)p Fu(])g(])r Fs(ps)199 b Fu(=)1373 2145 -y Fg(8)1373 2220 y(<)1373 2369 y(:)1488 2235 y Fb(ok)84 -b Fu(if)31 b Fs(ps)41 b Fu(on-trac)m(k)33 b(=)f Fb(ok)1488 -2402 y(d)p Fu(?)102 b(otherwise)432 2582 y Ft(P)8 b(B)t -Fu([)-17 b([)p Fs(a)672 2597 y Fn(1)745 2582 y Fu(=)32 -b Fs(a)910 2597 y Fn(2)950 2582 y Fu(])-17 b(])p Fs(ps)121 -b Fu(=)99 b(\()p Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)1663 -2597 y Fn(1)1702 2582 y Fu(])g(])q Fs(ps)8 b Fu(\))32 -b Ft(t)1975 2597 y Fn(P)2059 2582 y Fu(\()p Ft(P)8 b(A)p -Fu([)-17 b([)q Fs(a)2349 2597 y Fn(2)2389 2582 y Fu(])g(])p -Fs(ps)8 b Fu(\))432 2773 y Ft(P)g(B)t Fu([)-17 b([)p -Fs(a)672 2788 y Fn(1)745 2773 y Ft(\024)33 b Fs(a)912 -2788 y Fn(2)951 2773 y Fu(])-17 b(])q Fs(ps)119 b Fu(=)99 -b(\()p Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)1663 2788 y Fn(1)1702 -2773 y Fu(])g(])q Fs(ps)8 b Fu(\))32 b Ft(t)1975 2788 -y Fn(P)2059 2773 y Fu(\()p Ft(P)8 b(A)p Fu([)-17 b([)q -Fs(a)2349 2788 y Fn(2)2389 2773 y Fu(])g(])p Fs(ps)8 -b Fu(\))432 2964 y Ft(P)g(B)t Fu([)-17 b([)p Ft(:)33 -b Fs(b)6 b Fu(])-17 b(])q Fs(ps)305 b Fu(=)99 b Ft(P)8 -b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(ps)432 -3155 y Ft(P)8 b(B)t Fu([)-17 b([)p Fs(b)666 3170 y Fn(1)738 -3155 y Ft(^)33 b Fs(b)888 3170 y Fn(2)928 3155 y Fu(])-17 -b(])p Fs(ps)143 b Fu(=)99 b(\()p Ft(P)8 b(B)t Fu([)-17 -b([)q Fs(b)1646 3170 y Fn(1)1685 3155 y Fu(])g(])p Fs(ps)8 -b Fu(\))33 b Ft(t)1957 3170 y Fn(P)2042 3155 y Fu(\()p -Ft(P)8 b(B)t Fu([)-17 b([)p Fs(b)2314 3170 y Fn(2)2354 -3155 y Fu(])g(])p Fs(ps)8 b Fu(\))p 3469 3216 V 0 3219 -3473 4 v 1015 3380 a(T)-8 b(able)33 b(5.1:)43 b(Analysis)32 -b(of)g(expressions)0 3651 y(The)c(de\014ning)f(clauses)h(are)f(giv)m -(en)g(in)f(T)-8 b(able)27 b(5.1.)41 b(The)28 b(clause)f(for)g -Fs(n)34 b Fu(re\015ects)29 b(that)d(the)i(v)-5 b(alue)0 -3771 y(of)33 b Fs(n)40 b Fu(in)32 b(a)h(prop)s(er)g(prop)s(ert)m(y)h -(state)g Fs(ps)41 b Fu(do)s(es)33 b(not)g(dep)s(end)h(on)f(an)m(y)h(v) --5 b(ariable)32 b(and)h(therefore)0 3892 y(it)j(will)g(ha)m(v)m(e)i -(the)g(prop)s(ert)m(y)h Fb(ok)p Fu(.)58 b(The)39 b(prop)s(ert)m(y)f(of) -f(a)g(v)-5 b(ariable)36 b Fs(x)49 b Fu(in)37 b(a)g(prop)s(er)h(prop)s -(ert)m(y)0 4012 y(state)g Fs(ps)46 b Fu(is)37 b(the)h(prop)s(ert)m(y)g -(b)s(ound)g(to)g Fs(x)49 b Fu(in)37 b Fs(ps)8 b Fu(,)39 -b(that)e(is)g Fs(ps)46 b(x)12 b Fu(.)59 b(Th)m(us)39 -b(if)d Fs(ps)46 b Fu(is)37 b(the)h(initial)0 4132 y(prop)s(ert)m(y)c -(state)h(then)f(the)g(in)m(ten)m(tion)f(is)g(that)h Ft(P)8 -b(A)p Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])p Fs(ps)41 -b Fu(is)34 b Fb(ok)g Fu(if)f(and)g(only)h(if)e Fs(x)46 -b Fu(is)33 b(one)h(of)0 4253 y(the)j(input)f(v)-5 b(ariables.)54 -b(F)-8 b(or)36 b(a)g(comp)s(osite)g(expression,)j(lik)m(e)c -Fs(a)2358 4268 y Fn(1)2435 4253 y Fu(+)h Fs(a)2604 4268 -y Fn(2)2644 4253 y Fu(,)h(the)g(idea)f(is)g(that)g(it)0 -4373 y(can)d(only)f(ha)m(v)m(e)i(the)e(prop)s(ert)m(y)i -Fb(ok)f Fu(if)e(b)s(oth)h(sub)s(expressions)j(ha)m(v)m(e)f(that)e(prop) -s(ert)m(y)-8 b(.)44 b(This)33 b(is)0 4494 y(ensured)h(b)m(y)g(the)f -(binary)f(op)s(eration)f Ft(t)1471 4509 y Fn(P)1555 4494 -y Fu(in)m(tro)s(duced)i(in)f(Section)g(5.1.)0 4693 y -Fw(Example)37 b(5.10)49 b Fu(If)42 b Fs(ps)50 b Fr(x)43 -b Fu(=)f Fb(ok)h Fu(and)f Fs(ps)50 b Fu(on-trac)m(k)43 -b(=)f Fb(ok)h Fu(then)g Ft(P)8 b(A)p Fu([)-17 b([)q Fr(x)42 -b Fu(+)h Fr(1)p Fu(])-17 b(])p Fs(ps)51 b Fu(=)42 b Fb(ok)0 -4813 y Fu(since)35 b Ft(P)8 b(A)p Fu([)-17 b([)q Fr(x)p -Fu(])g(])q Fs(ps)42 b Fu(=)35 b Fb(ok)h Fu(and)f Ft(P)8 -b(A)p Fu([)-17 b([)p Fr(1)p Fu(])g(])q Fs(ps)43 b Fu(=)34 -b Fb(ok)p Fu(.)51 b(On)35 b(the)h(other)f(hand,)g(if)f -Fs(ps)43 b Fr(x)35 b Fu(=)g Fb(d)p Fu(?)g(then)0 4934 -y Ft(P)8 b(A)p Fu([)-17 b([)q Fr(x)32 b Fu(+)h Fr(1)p -Fu(])-17 b(])q Fs(ps)40 b Fu(=)32 b Fb(d)p Fu(?)h(b)s(ecause)h -Ft(P)8 b(A)p Fu([)-17 b([)q Fr(x)p Fu(])g(])q Fs(ps)40 -b Fu(=)32 b Fb(d)p Fu(?.)146 5054 y(F)-8 b(urthermore,)32 -b Ft(P)8 b(B)t Fu([)-17 b([)q Fr(x)33 b Fu(=)f Fr(x)p -Fu(])-17 b(])q Fs(ps)40 b Fu(=)32 b Fb(d)p Fu(?)h(if)e -Fs(ps)41 b Fr(x)32 b Fu(=)h Fb(d)p Fu(?)f(ev)m(en)i(though)f(the)g -(test)g Fr(x)g Fu(=)f Fr(x)h Fu(will)0 5175 y(ev)-5 b(aluate)32 -b(to)g Fw(tt)g Fu(indep)s(enden)m(tly)h(of)f(whether)i(or)f(not)f -Fr(x)h Fu(is)f(initialized)d(prop)s(erly)-8 b(.)359 b -Fh(2)146 5374 y Fu(The)43 b(functions)f Ft(P)8 b(A)p -Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])42 b(and)h Ft(P)8 -b(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])42 b(are)g(closely)g -(connected)h(with)f(the)g(sets)i(of)d(free)0 5494 y(v)-5 -b(ariables)31 b(de\014ned)j(in)e(Chapter)h(1:)p eop -%%Page: 144 154 -144 153 bop 251 130 a Fw(144)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 283 419 V 283 -1501 4 1083 v 666 519 a Ft(P)8 b(S)g Fu([)-17 b([)p Fs(x)45 -b Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])34 b Fs(ps)40 b Fu(=)32 -b Fs(ps)8 b Fu([)p Fs(x)k Ft(7!P)c(A)p Fu([)-17 b([)p -Fs(a)7 b Fu(])-17 b(])q Fs(ps)8 b Fu(])666 710 y Ft(P)g(S)g -Fu([)-17 b([)p Fr(skip)p Fu(])g(])35 b(=)d(id)666 901 -y Ft(P)8 b(S)g Fu([)-17 b([)p Fs(S)915 916 y Fn(1)955 -901 y Fu(;)p Fs(S)1049 916 y Fn(2)1088 901 y Fu(])g(])33 -b(=)g Ft(P)8 b(S)g Fu([)-17 b([)p Fs(S)1516 916 y Fn(2)1556 -901 y Fu(])g(])33 b Ft(\016)f(P)8 b(S)g Fu([)-17 b([)q -Fs(S)1958 916 y Fn(1)1997 901 y Fu(])g(])666 1092 y Ft(P)8 -b(S)g Fu([)-17 b([)p Fr(if)33 b Fs(b)39 b Fr(then)33 -b Fs(S)1371 1107 y Fn(1)1443 1092 y Fr(else)h Fs(S)1748 -1107 y Fn(2)1787 1092 y Fu(])-17 b(])33 b(=)g(cond)2166 -1107 y Fn(P)2218 1092 y Fu(\()p Ft(P)8 b(B)t Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(P)8 b(S)g Fu([)-17 -b([)q Fs(S)2838 1107 y Fn(1)2877 1092 y Fu(])g(])q(,)32 -b Ft(P)8 b(S)h Fu([)-17 b([)p Fs(S)3224 1107 y Fn(2)3263 -1092 y Fu(])g(])q(\))666 1284 y Ft(P)8 b(S)g Fu([)-17 -b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17 -b(])33 b(=)f(FIX)h Fs(H)934 1451 y Fu(where)h Fs(H)49 -b(h)39 b Fu(=)33 b(cond)1735 1466 y Fn(P)1788 1451 y -Fu(\()p Ft(P)8 b(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(])q(,)32 b Fs(h)40 b Ft(\016)32 b(P)8 b(S)h Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))p 3753 1501 -V 283 1504 3473 4 v 1088 1665 a(T)-8 b(able)33 b(5.2:)43 -b(Analysis)32 b(of)g(statemen)m(ts)i(in)d Fw(While)283 -1955 y(Exercise)37 b(5.11)49 b(\(Essen)m(tial\))27 b -Fu(Pro)m(v)m(e)j(that)f(for)g(ev)m(ery)i(arithmetic)c(expression)j -Fs(a)36 b Fu(w)m(e)31 b(ha)m(v)m(e)527 2169 y Ft(P)8 -b(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(ps)40 -b Fu(=)33 b Fb(ok)g Fu(if)e(and)i(only)f(if)f(FV\()p -Fs(a)7 b Fu(\))33 b Ft([)g(f)p Fu(on-trac)m(k)p Ft(g)f(\022)h -Fu(OK\()p Fs(ps)8 b Fu(\))283 2384 y(F)-8 b(orm)m(ulate)32 -b(and)i(pro)m(v)m(e)h(a)e(similar)e(result)i(for)g(b)s(o)s(olean)f -(expressions.)49 b(Deduce)34 b(that)g(for)f(all)283 2504 -y Fs(a)38 b Fu(of)31 b Fw(Aexp)g Fu(w)m(e)g(get)g Ft(P)8 -b(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(ps)38 -b Fu(=)31 b Fb(d)p Fu(?)g(if)e Fs(ps)39 b Fu(is)30 b(improp)s(er,)g -(and)h(that)f(for)g(all)f Fs(b)37 b Fu(of)30 b Fw(Bexp)h -Fu(w)m(e)283 2625 y(get)i Ft(P)8 b(B)t Fu([)-17 b([)q -Fs(b)6 b Fu(])-17 b(])p Fs(ps)41 b Fu(=)32 b Fb(d)p Fu(?)h(if)e -Fs(ps)41 b Fu(is)32 b(improp)s(er.)1849 b Fh(2)283 2928 -y Fp(Statemen)l(ts)283 3117 y Fu(T)-8 b(urning)40 b(to)f(statemen)m(ts) -i(w)m(e)g(shall)d(sp)s(ecify)j(their)e(analysis)g(b)m(y)i(a)e(function) -g Ft(P)8 b(S)49 b Fu(of)39 b(func-)283 3237 y(tionalit)m(y:)527 -3452 y Ft(P)8 b(S)h Fu(:)43 b Fw(Stm)32 b Ft(!)g Fu(\()p -Fw(PState)g Ft(!)g Fw(PState)p Fu(\))283 3667 y(The)47 -b(totalit)m(y)d(of)h Ft(P)8 b(S)h Fu([)-17 b([)p Fs(S)12 -b Fu(])-17 b(])46 b(re\015ects)i(that)d(w)m(e)i(shall)d(b)s(e)i(able)f -(to)g(analyse)h Fs(al)5 b(l)56 b Fu(statemen)m(ts)283 -3787 y(including)27 b(a)i(statemen)m(t)g(lik)m(e)f Fr(while)h(true)h -(do)f(skip)h Fu(that)e(lo)s(ops.)41 b(The)30 b(de\014nition)d(of)h -Ft(P)8 b(S)37 b Fu(is)283 3907 y(giv)m(en)30 b(in)e(T)-8 -b(able)28 b(5.2)h(and)g(the)g(clauses)h(for)e(assignmen)m(t,)i -Fr(skip)g Fu(and)f(comp)s(osition)d(are)j(m)m(uc)m(h)283 -4028 y(as)k(in)f(the)h(direct)g(st)m(yle)g(denotational)e(seman)m(tics) -h(of)h(Chapter)g(4.)43 b(The)34 b(remaining)c(clauses)283 -4148 y(will)h(b)s(e)i(explained)f(b)s(elo)m(w.)283 4395 -y Fw(Example)37 b(5.12)49 b Fu(Consider)33 b(the)g(statemen)m(t)527 -4609 y Fr(y)g Fu(:=)g Fr(x)283 4824 y Fu(First)j(assume)i(that)e -Fs(ps)45 b Fu(is)36 b(a)h(prop)s(er)g(prop)s(ert)m(y)g(state)g(with)g -Fs(ps)44 b Fr(x)37 b Fu(=)g Fb(ok)g Fu(and)g Fs(ps)45 -b Fr(y)37 b Fu(=)g Fb(d)p Fu(?.)283 4945 y(Then)d(w)m(e)g(ha)m(v)m(e) -527 5159 y(\()p Ft(P)8 b(S)h Fu([)-17 b([)p Fr(y)33 b -Fu(:=)f Fr(x)p Fu(])-17 b(])q Fs(ps)8 b Fu(\))33 b Fr(x)f -Fu(=)h Fb(ok)527 5327 y Fu(\()p Ft(P)8 b(S)h Fu([)-17 -b([)p Fr(y)33 b Fu(:=)f Fr(x)p Fu(])-17 b(])q Fs(ps)8 -b Fu(\))33 b Fr(y)f Fu(=)h Fb(ok)527 5494 y Fu(\()p Ft(P)8 -b(S)h Fu([)-17 b([)p Fr(y)33 b Fu(:=)f Fr(x)p Fu(])-17 -b(])q Fs(ps)8 b Fu(\))33 b(on-trac)m(k)f(=)h Fb(ok)p -eop -%%Page: 145 155 -145 154 bop 0 130 a Fw(5.2)112 b(The)38 b(analysis)2439 -b(145)p 0 193 3473 4 v 0 515 a Fu(Since)34 b Ft(P)8 b(S)g -Fu([)-17 b([)q Fr(y)34 b Fu(:=)f Fr(x)p Fu(])-17 b(])q -Fs(ps)42 b Fu(is)33 b(prop)s(er)h(w)m(e)h(conclude)f(that)g(b)s(oth)f -Fr(x)h Fu(and)g Fr(y)g Fu(only)f(dep)s(end)i(on)f(the)0 -636 y(input)26 b(v)-5 b(ariables)25 b(after)h Fr(y)g -Fu(is)g(assigned)h(a)f(v)-5 b(alue)25 b(that)h(only)g(dep)s(ends)i(on)e -(the)h(input)f(v)-5 b(ariables.)146 756 y(Assume)34 b(next)f(that)g -Fs(ps)40 b Fr(y)33 b Fu(=)f Fb(ok)h Fu(but)g Fs(ps)41 -b Fr(x)32 b Fu(=)h Fb(d)p Fu(?.)44 b(Then)244 940 y(\()p -Ft(P)8 b(S)g Fu([)-17 b([)q Fr(y)32 b Fu(:=)h Fr(x)p -Fu(])-17 b(])q Fs(ps)8 b Fu(\))32 b Fr(y)h Fu(=)f Fb(d)p -Fu(?)0 1123 y(sho)m(wing)42 b(that)g(when)h(a)f(dubious)g(v)-5 -b(alue)41 b(is)g(used)i(in)f(an)f(assignmen)m(t)h(then)h(the)f -(assigned)0 1244 y(v)-5 b(ariable)31 b(will)f(get)j(a)f(dubious)h(v)-5 -b(alue)32 b(as)g(w)m(ell.)1676 b Fh(2)0 1445 y Fw(Exercise)36 -b(5.13)49 b Fu(Consider)40 b(the)f(statemen)m(ts)g Fs(S)1843 -1460 y Fn(1)1921 1445 y Fu(and)g Fs(S)2184 1460 y Fn(2)2262 -1445 y Fu(of)g(Example)f(5.3.)62 b(Use)39 b(T)-8 b(ables)0 -1566 y(5.1)37 b(and)h(5.2)f(to)h(c)m(haracterize)g(the)g(b)s(eha)m -(viour)f(of)h Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)2185 1581 -y Fn(1)2224 1566 y Fu(])g(])38 b(and)g Ft(P)8 b(S)g Fu([)-17 -b([)q Fs(S)2744 1581 y Fn(2)2783 1566 y Fu(])g(])38 b(on)g(prop)s(er)f -(and)0 1686 y(improp)s(er)31 b(prop)s(ert)m(y)i(states.)45 -b(An)m(ticipating)30 b(Section)j(5.3)f(sho)m(w)i(that)244 -1870 y Fs(s)292 1885 y Fn(1)364 1870 y Ft(\021)f Fs(s)522 -1885 y Fn(2)594 1870 y Fu(rel)p 594 1883 109 4 v 32 w -Fs(ps)40 b Fu(implies)30 b Ft(S)1264 1885 y Fn(ds)1335 -1870 y Fu([)-17 b([)q Fs(S)1440 1885 y Fn(i)1464 1870 -y Fu(])g(])p Fs(s)1549 1885 y Fn(1)1621 1870 y Ft(\021)33 -b(S)1799 1885 y Fn(ds)1870 1870 y Fu([)-17 b([)q Fs(S)1975 -1885 y Fn(i)1998 1870 y Fu(])g(])q Fs(s)2084 1885 y Fn(2)2156 -1870 y Fu(rel)p 2156 1883 V 32 w Ft(P)8 b(S)g Fu([)-17 -b([)q Fs(S)2547 1885 y Fn(i)2570 1870 y Fu(])g(])q Fs(ps)0 -2053 y Fu(for)32 b(i)g(=)g(1,)g(2)h(and)f(for)g(all)f -Fs(ps)40 b Ft(2)33 b Fw(PState)p Fu(.)1829 b Fh(2)146 -2255 y Fu(In)40 b(the)g(clause)g(for)g Fr(if)g Fs(b)45 -b Fr(then)c Fs(S)1446 2270 y Fn(1)1525 2255 y Fr(else)g -Fs(S)1837 2270 y Fn(2)1915 2255 y Fu(w)m(e)g(use)g(the)f(auxiliary)e -(function)h(cond)3420 2270 y Fn(P)0 2376 y Fu(de\014ned)34 -b(b)m(y)244 2641 y(cond)444 2656 y Fn(P)497 2641 y Fu(\()p -Fs(f)20 b Fu(,)33 b Fs(h)702 2656 y Fn(1)742 2641 y Fu(,)f -Fs(h)858 2656 y Fn(2)898 2641 y Fu(\))g Fs(ps)41 b Fu(=)1207 -2466 y Fg(8)1207 2541 y(<)1207 2691 y(:)1323 2556 y Fu(\()p -Fs(h)1418 2571 y Fn(1)1490 2556 y Fs(ps)8 b Fu(\))32 -b Ft(t)1725 2571 y Fn(PS)1848 2556 y Fu(\()p Fs(h)1943 -2571 y Fn(2)2016 2556 y Fs(ps)8 b Fu(\))82 b(if)32 b -Fs(f)53 b(ps)41 b Fu(=)32 b Fb(ok)1323 2724 y(lost)692 -b Fu(if)32 b Fs(f)53 b(ps)41 b Fu(=)32 b Fb(d)p Fu(?)0 -2906 y(First)g(consider)h(the)g(case)h(where)g(w)m(e)g(are)f -(successful)i(in)d(analysing)f(the)j(condition,)d(that)i(is)0 -3026 y(where)39 b Fs(f)59 b(ps)46 b Fu(=)38 b Fb(ok)p -Fu(.)61 b(F)-8 b(or)37 b(eac)m(h)j(v)-5 b(ariable)36 -b Fs(x)50 b Fu(w)m(e)39 b(can)f(determine)g(the)h(result)f(of)g -(analysing)0 3147 y(eac)m(h)d(of)g(the)g(branc)m(hes,)h(namely)e(\()p -Fs(h)1374 3162 y Fn(1)1448 3147 y Fs(ps)8 b Fu(\))35 -b Fs(x)46 b Fu(for)34 b(the)h(true)g(branc)m(h)g(and)g(\()p -Fs(h)2850 3162 y Fn(2)2924 3147 y Fs(ps)8 b Fu(\))35 -b Fs(x)46 b Fu(for)34 b(the)0 3267 y(false)c(branc)m(h.)44 -b(The)32 b(least)e(upp)s(er)i(b)s(ound)f(of)f(these)i(t)m(w)m(o)g -(results)f(will)e(b)s(e)i(the)g(new)h(prop)s(ert)m(y)0 -3388 y(b)s(ound)h(to)f Fs(x)12 b Fu(,)32 b(that)h(is)f(the)h(new)g -(prop)s(ert)m(y)h(state)f(will)d(map)i Fs(x)44 b Fu(to)244 -3571 y(\(\()p Fs(h)377 3586 y Fn(1)449 3571 y Fs(ps)8 -b Fu(\))32 b Fs(x)12 b Fu(\))33 b Ft(t)811 3586 y Fn(P)896 -3571 y Fu(\(\()p Fs(h)1029 3586 y Fn(2)1101 3571 y Fs(ps)8 -b Fu(\))32 b Fs(x)12 b Fu(\))0 3755 y(If)24 b(the)h(analysis)f(of)g -(the)h(condition)e(is)i(not)f(successful,)k(that)c(is)g -Fs(f)46 b(ps)32 b Fu(=)24 b Fb(d)p Fu(?,)j(then)e(the)g(analysis)0 -3875 y(of)32 b(the)h(conditional)d(will)g(fail)h(and)h(w)m(e)i(shall)d -(therefore)i(use)h(the)f(prop)s(ert)m(y)g(state)g Fb(lost)p -Fu(.)0 4077 y Fw(Example)k(5.14)49 b Fu(Consider)33 b(no)m(w)g(the)g -(statemen)m(t)244 4260 y Fr(if)g(x)g Fu(=)f Fr(x)h(then)g(z)g -Fu(:=)g Fr(y)g(else)g(y)g Fu(:=)f Fr(z)0 4444 y Fu(Clearly)-8 -b(,)37 b(the)f(\014nal)g(v)-5 b(alue)36 b(of)g Fr(z)h -Fu(can)g(b)s(e)f(determined)h(uniquely)f(from)f(the)i(initial)c(v)-5 -b(alue)36 b(of)0 4564 y Fr(y)p Fu(.)53 b(Ho)m(w)m(ev)m(er,)39 -b(if)34 b Fr(z)i Fu(is)f(dubious)h(then)h(the)f(analysis)f(cannot)g -(giv)m(e)h(this)f(result.)53 b(T)-8 b(o)36 b(see)h(this)0 -4685 y(assume)h(that)f Fs(ps)46 b Fu(is)37 b(a)g(prop)s(er)h(prop)s -(ert)m(y)g(state)g(suc)m(h)h(that)f Fs(ps)i Fr(x)e Fu(=)f -Fb(ok)p Fu(,)j Fs(ps)45 b Fr(y)38 b Fu(=)f Fb(ok)h Fu(and)0 -4805 y Fs(ps)i Fr(z)33 b Fu(=)g Fb(d)p Fu(?.)43 b(Then)244 -4989 y(\()p Ft(P)8 b(S)g Fu([)-17 b([)q Fr(if)33 b(x)g -Fu(=)f Fr(x)h(then)g(z)g Fu(:=)g Fr(y)f(else)i(y)f Fu(:=)f -Fr(z)p Fu(])-17 b(])q Fs(ps)8 b Fu(\))32 b Fr(z)465 5156 -y Fu(=)g(\(cond)811 5171 y Fn(P)864 5156 y Fu(\()p Ft(P)8 -b(B)t Fu([)-17 b([)p Fr(x)33 b Fu(=)f Fr(x)p Fu(])-17 -b(])q(,)33 b Ft(P)8 b(S)g Fu([)-17 b([)q Fr(z)32 b Fu(:=)h -Fr(y)p Fu(])-17 b(])q(,)32 b Ft(P)8 b(S)h Fu([)-17 b([)p -Fr(y)33 b Fu(:=)g Fr(z)p Fu(])-17 b(]\))33 b Fs(ps)8 -b Fu(\))32 b Fr(z)465 5324 y Fu(=)g(\()p Ft(P)8 b(S)g -Fu([)-17 b([)q Fr(z)33 b Fu(:=)f Fr(y)p Fu(])-17 b(])34 -b Fs(ps)40 b Ft(t)1331 5339 y Fn(P)1416 5324 y Ft(P)8 -b(S)g Fu([)-17 b([)q Fr(y)33 b Fu(:=)f Fr(z)p Fu(])-17 -b(])34 b Fs(ps)8 b Fu(\))32 b Fr(z)465 5492 y Fu(=)g -Fb(d)p Fu(?)p eop -%%Page: 146 156 -146 155 bop 251 130 a Fw(146)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fu(b)s(ecause)d -Ft(P)8 b(B)t Fu([)-17 b([)p Fr(x)31 b Fu(=)g Fr(x)p Fu(])-17 -b(])q Fs(ps)39 b Fu(=)30 b Fb(ok)p Fu(,)i(\()p Ft(P)8 -b(S)g Fu([)-17 b([)q Fr(z)31 b Fu(:=)g Fr(y)p Fu(])-17 -b(])q Fs(ps)8 b Fu(\))30 b Fr(z)h Fu(=)g Fb(ok)g Fu(but)h(\()p -Ft(P)8 b(S)g Fu([)-17 b([)p Fr(y)32 b Fu(:=)e Fr(z)p -Fu(])-17 b(])q Fs(ps)8 b Fu(\))31 b Fr(z)g Fu(=)g Fb(d)p -Fu(?.)283 636 y(So)i(ev)m(en)h(though)e(the)h(false)f(branc)m(h)h(nev)m -(er)h(will)c(b)s(e)j(executed)h(it)e(will)e(in\015uence)j(the)g(result) -283 756 y(obtained)g(b)m(y)g(the)g(analysis.)430 877 -y(Similarly)-8 b(,)21 b(ev)m(en)j(if)e Fr(y)h Fu(and)g -Fr(z)g Fu(are)g(not)g(dubious)g(but)g Fr(x)g Fu(is,)i(the)e(analysis)f -(cannot)h(determine)283 997 y(that)35 b(the)g(\014nal)f(v)-5 -b(alue)35 b(of)f Fr(z)h Fu(only)f(dep)s(ends)j(on)d(the)i(v)-5 -b(alue)34 b(of)g Fr(y)p Fu(.)51 b(T)-8 b(o)34 b(see)i(this)f(assume)g -(that)283 1117 y Fs(ps)k Fu(is)31 b(a)f(prop)s(er)h(prop)s(ert)m(y)h -(state)f(suc)m(h)h(that)f Fs(ps)38 b Fr(x)32 b Fu(=)e -Fb(d)p Fu(?,)i Fs(ps)38 b Fr(y)31 b Fu(=)g Fb(ok)h Fu(and)f -Fs(ps)38 b Fr(z)31 b Fu(=)g Fb(ok)p Fu(.)43 b(W)-8 b(e)283 -1238 y(then)34 b(get)527 1440 y Ft(P)8 b(S)h Fu([)-17 -b([)p Fr(if)33 b(x)g Fu(=)f Fr(x)h(then)h(z)f Fu(:=)f -Fr(y)h(else)g(y)g Fu(:=)g Fr(z)p Fu(])-17 b(])q Fs(ps)710 -1608 y Fu(=)33 b(cond)1019 1623 y Fn(P)1071 1608 y Fu(\()p -Ft(P)8 b(B)t Fu([)-17 b([)q Fr(x)33 b Fu(=)f Fr(x)p Fu(])-17 -b(])q(,)32 b Ft(P)8 b(S)h Fu([)-17 b([)p Fr(z)33 b Fu(:=)g -Fr(y)p Fu(])-17 b(],)33 b Ft(P)8 b(S)g Fu([)-17 b([)q -Fr(y)33 b Fu(:=)f Fr(z)p Fu(])-17 b(])q(\))p Fs(ps)710 -1775 y Fu(=)33 b Fb(lost)283 1978 y Fu(b)s(ecause)j Ft(P)8 -b(B)t Fu([)-17 b([)p Fr(x)34 b Fu(=)g Fr(x)p Fu(])-17 -b(])q Fs(ps)41 b Fu(=)34 b Fb(d)p Fu(?.)48 b(These)35 -b(examples)f(sho)m(w)h(that)f(the)g(result)g(of)f(the)i(analysis)283 -2098 y(is)j(safe)h(but)g(usually)f(somewhat)g(imprecise.)60 -b(More)39 b(complex)f(analyses)h(could)f(do)g(b)s(etter)283 -2218 y(\(for)28 b(example)f(b)m(y)i(trying)e(to)g(predict)h(the)g -(outcome)f(of)h(tests\))g(but)g(in)f(general)h(no)f(decidable)283 -2339 y(analysis)32 b(can)h(pro)m(vide)g(exact)g(results.)1944 -b Fh(2)283 2566 y Fw(Exercise)37 b(5.15)49 b Fu(Consider)33 -b(the)g(statemen)m(ts)h Fs(S)2109 2581 y Fn(11)2217 2566 -y Fu(and)f Fs(S)2474 2581 y Fn(12)2581 2566 y Fu(of)f(Example)h(5.3.)44 -b(Use)34 b(T)-8 b(ables)283 2686 y(5.1)32 b(and)h(5.2)e(to)h(c)m -(haracterize)h(the)g(b)s(eha)m(viour)f(of)g Ft(P)8 b(S)g -Fu([)-17 b([)q Fs(S)2425 2701 y Fn(11)2499 2686 y Fu(])g(])33 -b(and)f Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)3008 2701 y -Fn(12)3083 2686 y Fu(])g(])32 b(on)g(prop)s(er)h(and)283 -2806 y(improp)s(er)e(prop)s(ert)m(y)j(states.)44 b(An)m(ticipating)31 -b(Section)h(5.3)g(sho)m(w)i(that)527 3009 y Fs(s)575 -3024 y Fn(1)647 3009 y Ft(\021)f Fs(s)805 3024 y Fn(2)877 -3009 y Fu(rel)p 877 3022 109 4 v 32 w Fs(ps)41 b Fu(implies)30 -b Ft(S)1548 3024 y Fn(ds)1619 3009 y Fu([)-17 b([)p Fs(S)1723 -3024 y Fn(i)1747 3009 y Fu(])g(])q Fs(s)1833 3024 y Fn(1)1905 -3009 y Ft(\021)33 b(S)2082 3024 y Fn(ds)2154 3009 y Fu([)-17 -b([)p Fs(S)2258 3024 y Fn(i)2282 3009 y Fu(])g(])p Fs(s)2367 -3024 y Fn(2)2439 3009 y Fu(rel)p 2439 3022 V 32 w Ft(P)8 -b(S)h Fu([)-17 b([)p Fs(S)2830 3024 y Fn(i)2854 3009 -y Fu(])g(])p Fs(ps)283 3211 y Fu(for)29 b(i)e(=)i(11,)g(12)f(and)h(for) -f(all)f Fs(ps)36 b Ft(2)29 b Fw(PState)p Fu(.)42 b(Finally)26 -b(argue)j(that)f(it)g(w)m(ould)h Fs(not)38 b Fu(b)s(e)29 -b(sensible)283 3331 y(to)k(use)527 3534 y(cond)727 3498 -y Fi(0)727 3558 y Fn(P)780 3534 y Fu(\()p Fs(f)21 b Fu(,)32 -b Fs(h)985 3549 y Fn(1)1025 3534 y Fu(,)h Fs(h)1142 3549 -y Fn(2)1181 3534 y Fu(\))g Fs(ps)40 b Fu(=)33 b(\()p -Fs(h)1586 3549 y Fn(1)1658 3534 y Fs(ps)8 b Fu(\))32 -b Ft(t)1893 3549 y Fn(PS)2017 3534 y Fu(\()p Fs(h)2112 -3549 y Fn(2)2184 3534 y Fs(ps)8 b Fu(\))283 3736 y(instead)33 -b(of)f(the)h(cond)1099 3751 y Fn(P)1184 3736 y Fu(de\014ned)h(ab)s(o)m -(v)m(e.)1891 b Fh(2)430 3963 y Fu(In)32 b(the)h(clause)f(for)g(the)g -Fr(while)p Fu(-lo)s(op)g(w)m(e)h(also)e(use)i(the)g(function)e(cond) -3080 3978 y Fn(P)3165 3963 y Fu(and)h(otherwise)283 4083 -y(the)23 b(clause)f(is)f(as)h(in)f(the)i(direct)e(st)m(yle)i -(denotational)d(seman)m(tics)i(of)f(Chapter)i(4.)39 b(In)23 -b(particular)283 4204 y(w)m(e)28 b(use)f(the)g(\014xed)h(p)s(oin)m(t)d -(op)s(eration)h(FIX)g(as)h(it)e(corresp)s(onds)j(to)e(unfolding)f(the)i -Fr(while)p Fu(-lo)s(op)283 4324 y(a)40 b(n)m(um)m(b)s(er)h(of)e(times)g -(|)h(once)g(for)g(eac)m(h)h(time)d(the)j Fs(analysis)47 -b Fu(tra)m(v)m(erses)42 b(the)f(lo)s(op.)64 b(As)41 b(in)283 -4444 y(Chapter)34 b(4)e(the)h(\014xed)h(p)s(oin)m(t)e(is)g(de\014ned)i -(b)m(y)527 4647 y(FIX)f Fs(H)48 b Fu(=)961 4580 y Fg(F)1030 -4647 y Ft(f)32 b Fs(H)1200 4611 y Fn(n)1276 4647 y Ft(?)h(j)g -Fu(n)f Ft(\025)h Fu(0)g Ft(g)283 4849 y Fu(where)h(the)f(functionalit)m -(y)e(of)h Fs(H)49 b Fu(is)527 5051 y Fs(H)16 b Fu(:)33 -b(\()p Fw(PState)f Ft(!)g Fw(PState)p Fu(\))g Ft(!)g -Fu(\()p Fw(PState)h Ft(!)f Fw(PState)p Fu(\))283 5254 -y(and)25 b(where)h Fw(PState)d Ft(!)h Fw(PState)g Fu(is)g(the)h(set)g -(of)f(total)f(functions)h(from)f Fw(PState)h Fu(to)g -Fw(PState)p Fu(.)283 5374 y(In)37 b(order)f(for)f(this)h(to)f(mak)m(e)i -(sense)g Fs(H)52 b Fu(m)m(ust)36 b(b)s(e)h(a)e(con)m(tin)m(uous)i -(function)e(on)h(a)g(ccp)s(o)g(with)283 5494 y Ft(?)d -Fu(as)g(its)f(least)g(elemen)m(t.)44 b(W)-8 b(e)33 b(shall)e(shortly)h -(v)m(erify)h(that)g(this)f(is)g(indeed)h(the)g(case.)p -eop -%%Page: 147 157 -147 156 bop 0 130 a Fw(5.2)112 b(The)38 b(analysis)2439 -b(147)p 0 193 3473 4 v 0 515 a(Example)37 b(5.16)49 b -Fu(W)-8 b(e)36 b(are)h(no)m(w)g(in)f(a)g(p)s(osition)f(where)j(w)m(e)f -(can)g(attempt)f(the)h(application)0 636 y(of)32 b(the)h(analysis)f(to) -g(the)h(factorial)d(statemen)m(t:)244 814 y Ft(P)8 b(S)g -Fu([)-17 b([)q Fr(y)33 b Fu(:=)f Fr(1)p Fu(;)h Fr(while)h -Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p -Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f -Fr(x)p Ft(\000)p Fr(1)p Fu(\)])-17 b(])0 993 y(W)-8 b(e)35 -b(shall)f(apply)g(this)h(function)f(to)g(the)i(prop)s(er)e(prop)s(ert)m -(y)i(state)f Fs(ps)2593 1008 y Fn(0)2667 993 y Fu(that)g(maps)f -Fr(x)h Fu(to)g Fb(ok)0 1113 y Fu(and)d(all)e(other)h(v)-5 -b(ariables)31 b(\(including)f Fr(y)p Fu(\))i(to)f Fb(d)p -Fu(?)h(as)g(this)f(corresp)s(onds)i(to)f(viewing)f Fr(x)h -Fu(as)g(the)0 1234 y(only)g(input)g(v)-5 b(ariable)31 -b(of)h(the)h(statemen)m(t.)146 1354 y(T)-8 b(o)33 b(do)f(so)h(w)m(e)h -(use)f(the)g(clauses)h(of)e(T)-8 b(ables)32 b(5.1)h(and)f(5.2)g(and)h -(get)244 1533 y Ft(P)8 b(S)g Fu([)-17 b([)q Fr(y)33 b -Fu(:=)f Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p Fr(x)p -Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f -Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p -Fr(1)p Fu(\)])-17 b(])34 b Fs(ps)2607 1548 y Fn(0)513 -1700 y Fu(=)e(\(FIX)g Fs(H)16 b Fu(\))33 b(\()p Fs(ps)1158 -1715 y Fn(0)1197 1700 y Fu([)p Fr(y)p Ft(7!)p Fb(ok)p -Fu(]\))0 1879 y(where)244 2057 y Fs(H)48 b(h)40 b Fu(=)33 -b(cond)763 2072 y Fn(P)815 2057 y Fu(\()p Ft(P)8 b(B)t -Fu([)-17 b([)q Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q(,)33 -b Fs(h)39 b Ft(\016)33 b(P)8 b(S)g Fu([)-17 b([)q Fr(y)32 -b Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f -Fr(x)p Ft(\000)p Fr(1)p Fu(])-17 b(])r(,)32 b(id\))0 -2236 y(W)-8 b(e)33 b(\014rst)g(simplify)d Fs(H)49 b Fu(and)32 -b(obtain)244 2496 y(\()p Fs(H)48 b(h)7 b Fu(\))33 b Fs(ps)41 -b Fu(=)769 2322 y Fg(8)769 2397 y(<)769 2546 y(:)884 -2412 y Fb(lost)449 b Fu(if)31 b Fs(ps)24 b Fu(on-trac)m(k)16 -b(=)g Fb(d)p Fu(?)34 b(or)e Fs(ps)24 b Fr(x)16 b Fu(=)g -Fb(d)p Fu(?)884 2579 y(\()p Fs(h)40 b(ps)8 b Fu(\))32 -b Ft(t)1247 2594 y Fn(PS)1371 2579 y Fs(ps)91 b Fu(if)31 -b Fs(ps)24 b Fu(on-trac)m(k)16 b(=)g Fb(ok)34 b Fu(and)f -Fs(ps)24 b Fr(x)16 b Fu(=)g Fb(ok)0 2762 y Fu(A)m(t)29 -b(this)g(p)s(oin)m(t)f(w)m(e)i(shall)e(pretend)i(that)f(w)m(e)h(ha)m(v) -m(e)g(sho)m(wn)h(the)e(follo)m(wing)d(prop)s(ert)m(y)k(of)f -Fs(H)45 b Fu(\(to)0 2882 y(b)s(e)33 b(pro)m(v)m(ed)h(in)e(Exercise)i -(5.18\):)244 3061 y(if)d Fs(H)421 3025 y Fn(n)497 3061 -y Ft(?)i Fu(=)g Fs(H)804 3025 y Fn(n+1)970 3061 y Ft(?)g -Fu(for)f(some)g(n)244 3229 y(then)h(FIX)g Fs(H)48 b Fu(=)33 -b Fs(H)988 3192 y Fn(n)1064 3229 y Ft(?)0 3407 y Fu(where)e -Ft(?)f Fu(is)f(the)h(function)f Ft(?)h Fs(ps)38 b Fu(=)29 -b Fb(init)h Fu(for)f(all)e Fs(ps)8 b Fu(.)43 b(W)-8 b(e)30 -b(can)g(no)m(w)g(calculate)e(the)i(iterands)0 3527 y -Fs(H)88 3491 y Fn(0)160 3527 y Ft(?)q Fu(,)i Fs(H)385 -3491 y Fn(1)457 3527 y Ft(?)q Fu(,)g Ft(\001)17 b(\001)g(\001)o -Fu(.)43 b(W)-8 b(e)33 b(obtain)244 3706 y(\()p Fs(H)370 -3670 y Fn(0)442 3706 y Ft(?)p Fu(\))g Fs(ps)40 b Fu(=)33 -b Fb(init)244 3961 y Fu(\()p Fs(H)370 3925 y Fn(1)442 -3961 y Ft(?)p Fu(\))g Fs(ps)40 b Fu(=)829 3786 y Fg(8)829 -3861 y(<)829 4011 y(:)944 3876 y Fb(lost)83 b Fu(if)31 -b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(d)p Fu(?)h(or)f Fs(ps)40 -b Fu(not)33 b(prop)s(er)944 4044 y Fs(ps)212 b Fu(if)31 -b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(ok)h Fu(and)g Fs(ps)40 -b Fu(prop)s(er)244 4315 y(\()p Fs(H)370 4279 y Fn(2)442 -4315 y Ft(?)p Fu(\))33 b Fs(ps)40 b Fu(=)829 4141 y Fg(8)829 -4216 y(<)829 4365 y(:)944 4231 y Fb(lost)83 b Fu(if)31 -b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(d)p Fu(?)h(or)f Fs(ps)40 -b Fu(not)33 b(prop)s(er)944 4398 y Fs(ps)212 b Fu(if)31 -b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(ok)h Fu(and)g Fs(ps)40 -b Fu(prop)s(er)0 4585 y(where)27 b Fs(ps)33 b Fu(is)25 -b(an)h(arbitrary)f(prop)s(ert)m(y)h(state.)42 b(Since)25 -b Fs(H)2027 4549 y Fn(1)2092 4585 y Ft(?)i Fu(=)e Fs(H)2385 -4549 y Fn(2)2450 4585 y Ft(?)h Fu(our)g(assumption)f(ab)s(o)m(v)m(e)0 -4706 y(ensures)35 b(that)d(w)m(e)h(ha)m(v)m(e)h(found)f(the)g(least)f -(\014xed)i(p)s(oin)m(t)e(for)g Fs(H)16 b Fu(:)244 4966 -y(\(FIX)32 b Fs(H)16 b Fu(\))33 b Fs(ps)40 b Fu(=)884 -4791 y Fg(8)884 4866 y(<)884 5016 y(:)999 4881 y Fb(lost)83 -b Fu(if)31 b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(d)p Fu(?)h(or)f -Fs(ps)40 b Fu(not)33 b(prop)s(er)999 5049 y Fs(ps)212 -b Fu(if)31 b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(ok)h Fu(and)g -Fs(ps)40 b Fu(prop)s(er)0 5232 y(It)e(is)g(no)m(w)h(straigh)m(tforw)m -(ard)f(to)g(v)m(erify)g(that)g(\(FIX)h Fs(H)16 b Fu(\))38 -b(\()p Fs(ps)2283 5247 y Fn(0)2322 5232 y Fu([)p Fr(y)p -Ft(7!)p Fb(ok)p Fu(]\))h Fr(y)f Fu(=)g Fb(ok)h Fu(and)g(that)0 -5352 y(\(FIX)32 b Fs(H)16 b Fu(\)\()p Fs(ps)504 5367 -y Fn(0)544 5352 y Fu([)p Fr(y)p Ft(7!)p Fb(ok)p Fu(]\))22 -b(is)g(prop)s(er.)40 b(W)-8 b(e)22 b(conclude)h(that)e(there)i -Fs(is)30 b Fu(a)22 b(functional)e(dep)s(endency)0 5472 -y(b)s(et)m(w)m(een)35 b(the)e(input)f(v)-5 b(ariable)31 -b Fr(x)h Fu(and)h(the)g(output)g(v)-5 b(ariable)31 b -Fr(y)p Fu(.)1022 b Fh(2)p eop -%%Page: 148 158 -148 157 bop 251 130 a Fw(148)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fp(W)-11 -b(ell-de\014nedness)46 b(of)f FC(P)10 b(S)283 700 y Fu(Ha)m(ving)32 -b(sp)s(eci\014ed)h(the)g(analysis)e(w)m(e)j(shall)c(no)m(w)j(sho)m(w)g -(that)f(it)g(is)f(indeed)i(w)m(ell-de\014ned.)43 b(As)283 -820 y(in)32 b(Chapter)i(4)e(there)h(are)g(three)g(stages:)429 -1024 y Ft(\017)48 b Fu(First)23 b(w)m(e)i(in)m(tro)s(duce)e(a)g -(partial)f(order)h(on)h Fw(PState)f Ft(!)g Fw(PState)g -Fu(suc)m(h)i(that)f(it)e(b)s(ecomes)527 1144 y(a)33 b(ccp)s(o.)429 -1348 y Ft(\017)48 b Fu(Then)37 b(w)m(e)f(sho)m(w)g(that)f(certain)g -(auxiliary)e(functions)i(used)h(in)e(the)i(de\014nition)e(of)h -Ft(P)8 b(S)527 1468 y Fu(are)33 b(con)m(tin)m(uous.)429 -1671 y Ft(\017)48 b Fu(Finally)32 b(w)m(e)j(sho)m(w)h(that)e(the)g -(\014xed)i(p)s(oin)m(t)d(op)s(erator)h(only)f(is)h(applied)f(to)h(con)m -(tin)m(uous)527 1792 y(functions.)283 1995 y(Th)m(us)h(our)d(\014rst)h -(task)g(is)f(to)h(de\014ne)g(a)g(partial)d(order)j(on)f -Fw(PState)g Ft(!)g Fw(PState)h Fu(and)f(for)g(this)283 -2116 y(w)m(e)j(use)g(the)g(approac)m(h)f(dev)m(elop)s(ed)h(in)e(Lemma)g -(5.4.)47 b(Instan)m(tiating)33 b(the)h(non-empt)m(y)g(set)h -Fs(S)283 2236 y Fu(to)d(the)h(set)g Fw(PState)f Fu(and)h(the)f -(partially)e(ordered)j(set)g(\()p Fs(D)9 b Fu(,)33 b -Ft(v)p Fu(\))f(to)g(\()p Fw(PState)p Fu(,)g Ft(v)3294 -2251 y Fn(PS)3385 2236 y Fu(\))g(w)m(e)i(get:)p 283 2356 -3473 5 v 283 2531 a Fw(Corollary)i(5.17)49 b Fu(Let)33 -b Ft(v)g Fu(b)s(e)g(the)g(ordering)f(on)g Fw(PState)g -Ft(!)g Fw(PState)h Fu(de\014ned)h(b)m(y)527 2734 y Fs(h)584 -2749 y Fn(1)657 2734 y Ft(v)f Fs(h)824 2749 y Fn(2)896 -2734 y Fu(if)e(and)i(only)f(if)f Fs(h)1535 2749 y Fn(1)1608 -2734 y Fs(ps)40 b Ft(v)1815 2749 y Fn(PS)1939 2734 y -Fs(h)1996 2749 y Fn(2)2069 2734 y Fs(ps)g Fu(for)32 b(all)e(prop)s(ert) -m(y)k(states)f Fs(ps)283 2938 y Fu(Then)42 b(\()p Fw(PState)d -Ft(!)h Fw(PState)p Fu(,)h Ft(v)p Fu(\))f(is)g(a)f(complete)h(lattice,)g -(and)g(hence)h(a)f(ccp)s(o,)i(and)e(the)283 3058 y(form)m(ula)31 -b(for)h(least)g(upp)s(er)h(b)s(ounds)h(is)527 3261 y(\()565 -3195 y Fg(F)667 3261 y Fs(Y)20 b Fu(\))32 b Fs(ps)41 -b Fu(=)1068 3195 y Fg(F)1137 3276 y Fn(PS)1261 3261 y -Ft(f)32 b Fs(h)40 b(ps)g Ft(j)33 b Fs(h)39 b Ft(2)33 -b Fs(Y)53 b Ft(g)283 3465 y Fu(for)32 b(an)m(y)i(subset)g -Fs(Y)52 b Fu(of)32 b Fw(PState)g Ft(!)g Fw(PState)p Fu(.)p -283 3585 V 283 3813 a Fw(Exercise)37 b(5.18)49 b(\(Essen)m(tial\))33 -b Fu(Sho)m(w)j(that)f(the)h(assumption)f(made)g(in)g(Example)g(5.16)f -(is)283 3934 y(correct.)45 b(That)32 b(is)h(\014rst)g(sho)m(w)g(that) -527 4137 y Fs(H)16 b Fu(:)33 b(\()p Fw(PState)f Ft(!)g -Fw(PState)p Fu(\))g Ft(!)g Fu(\()p Fw(PState)h Ft(!)f -Fw(PState)p Fu(\))283 4341 y(as)d(de\014ned)g(in)f(Example)g(5.16)f(is) -h(indeed)g(a)g(monotone)g(function.)41 b(Next)29 b(sho)m(w)h(that)e -(for)f(an)m(y)283 4461 y(monotone)32 b(function)g Fs(H)49 -b Fu(of)32 b(the)h(ab)s(o)m(v)m(e)g(functionalit)m(y)e(if)527 -4664 y Fs(H)615 4628 y Fn(n)691 4664 y Ft(?)i Fu(=)g -Fs(H)998 4628 y Fn(n+1)1164 4664 y Ft(?)283 4868 y Fu(for)f(some)h(n)g -(then)g Fs(H)1074 4832 y Fn(n)1150 4868 y Ft(?)g Fu(is)f(the)h(least)f -(\014xed)i(p)s(oin)m(t)e(of)g Fs(H)16 b Fu(.)1210 b Fh(2)430 -5096 y Fu(Our)37 b(second)i(task)f(is)f(to)g(ensure)i(that)e(the)h -(function)f Fs(H)53 b Fu(used)39 b(in)e(T)-8 b(able)37 -b(5.2)g(is)g(a)g(con-)283 5216 y(tin)m(uous)45 b(function)e(from)g -Fw(PState)h Ft(!)f Fw(PState)h Fu(to)g Fw(PState)f Ft(!)h -Fw(PState)p Fu(.)78 b(F)-8 b(or)43 b(this)h(w)m(e)283 -5337 y(follo)m(w)27 b(the)j(approac)m(h)f(of)f(Section)h(4.3)f(and)h -(sho)m(w)h(that)e(cond)2571 5352 y Fn(P)2653 5337 y Fu(is)g(con)m(tin)m -(uous)h(in)f(its)h(second)283 5457 y(argumen)m(t)k(and)f(later)g(that)g -(comp)s(osition)f(is)h(con)m(tin)m(uous)h(in)f(its)g(\014rst)h(argumen) -m(t.)p eop -%%Page: 149 159 -149 158 bop 0 130 a Fw(5.2)112 b(The)38 b(analysis)2439 -b(149)p 0 193 3473 4 v 0 515 3473 5 v 0 697 a(Lemma)37 -b(5.19)49 b Fu(Let)33 b Fs(f)21 b Fu(:)43 b Fw(PState)32 -b Ft(!)h Fw(P)p Fu(,)f Fs(h)1631 712 y Fn(0)1670 697 -y Fu(:)44 b Fw(PState)32 b Ft(!)g Fw(PState)g Fu(and)h(de\014ne)244 -906 y Fs(H)48 b(h)40 b Fu(=)33 b(cond)763 921 y Fn(P)815 -906 y Fu(\()p Fs(f)21 b Fu(,)33 b Fs(h)7 b Fu(,)33 b -Fs(h)1138 921 y Fn(0)1177 906 y Fu(\))0 1115 y(Then)h -Fs(H)16 b Fu(:)32 b(\()p Fw(PState)p Ft(!)p Fw(PState)p -Fu(\))g Ft(!)g Fu(\()p Fw(PState)p Ft(!)o Fw(PState)p -Fu(\))g(is)g(a)g(con)m(tin)m(uous)i(function.)p 0 1235 -V 0 1444 a Fw(Pro)s(of:)48 b Fu(W)-8 b(e)42 b(shall)e(\014rst)i(pro)m -(v)m(e)h(that)e Fs(H)58 b Fu(is)41 b Fs(monotone)48 b -Fu(so)42 b(let)f Fs(h)2505 1459 y Fn(1)2586 1444 y Fu(and)h -Fs(h)2842 1459 y Fn(2)2923 1444 y Fu(b)s(e)g(suc)m(h)h(that)0 -1565 y Fs(h)57 1580 y Fn(1)129 1565 y Ft(v)33 b Fs(h)296 -1580 y Fn(2)336 1565 y Fu(,)e(that)g(is)g Fs(h)758 1580 -y Fn(1)828 1565 y Fs(ps)39 b Ft(v)1035 1580 y Fn(PS)1157 -1565 y Fs(h)1214 1580 y Fn(2)1285 1565 y Fs(ps)f Fu(for)31 -b(all)e(prop)s(ert)m(y)i(states)h Fs(ps)8 b Fu(.)43 b(W)-8 -b(e)32 b(then)f(ha)m(v)m(e)i(to)d(sho)m(w)0 1685 y(that)38 -b(cond)417 1700 y Fn(P)470 1685 y Fu(\()p Fs(f)21 b Fu(,)39 -b Fs(h)682 1700 y Fn(1)722 1685 y Fu(,)h Fs(h)846 1700 -y Fn(0)885 1685 y Fu(\))e Fs(ps)46 b Ft(v)1175 1700 y -Fn(PS)1304 1685 y Fu(cond)1504 1700 y Fn(P)1557 1685 -y Fu(\()p Fs(f)21 b Fu(,)40 b Fs(h)1770 1700 y Fn(2)1809 -1685 y Fu(,)g Fs(h)1933 1700 y Fn(0)1973 1685 y Fu(\))e -Fs(ps)8 b Fu(.)60 b(The)39 b(pro)s(of)e(is)h(b)m(y)h(cases)h(on)e(the)0 -1806 y(v)-5 b(alue)32 b(of)g Fs(f)54 b(ps)8 b Fu(.)43 -b(If)32 b Fs(f)54 b(ps)40 b Fu(=)33 b Fb(ok)g Fu(then)g(the)g(result)g -(follo)m(ws)e(since)244 2015 y(\()p Fs(h)339 2030 y Fn(1)411 -2015 y Fs(ps)8 b Fu(\))32 b Ft(t)646 2030 y Fn(PS)770 -2015 y Fu(\()p Fs(h)865 2030 y Fn(0)937 2015 y Fs(ps)8 -b Fu(\))32 b Ft(v)1183 2030 y Fn(PS)1307 2015 y Fu(\()p -Fs(h)1402 2030 y Fn(2)1474 2015 y Fs(ps)8 b Fu(\))32 -b Ft(t)1708 2030 y Fn(PS)1832 2015 y Fu(\()p Fs(h)1927 -2030 y Fn(0)1999 2015 y Fs(ps)8 b Fu(\))0 2224 y(If)33 -b Fs(f)53 b(ps)40 b Fu(=)33 b Fb(d)p Fu(?)g(then)g(the)g(result)f -(follo)m(ws)g(since)h Fb(lost)f Ft(v)2111 2239 y Fn(PS)2234 -2224 y Fb(lost)p Fu(.)146 2345 y(T)-8 b(o)27 b(see)g(that)f -Fs(H)42 b Fu(is)26 b Fs(c)-5 b(ontinuous)34 b Fu(let)26 -b Fs(Y)46 b Fu(b)s(e)26 b(a)g(non-empt)m(y)h(c)m(hain)f(in)f -Fw(PState)h Ft(!)g Fw(PState)p Fu(.)0 2466 y(Using)f(the)g(c)m -(haracterization)f(of)h(least)f(upp)s(er)i(b)s(ounds)g(in)e -Fw(PState)g Fu(giv)m(en)h(in)g(Corollary)e(5.17)0 2586 -y(w)m(e)34 b(see)f(that)g(w)m(e)g(m)m(ust)g(sho)m(w)h(that)244 -2795 y(\()p Fs(H)48 b Fu(\()440 2729 y Fg(F)510 2795 -y Fs(Y)19 b Fu(\)\))33 b Fs(ps)40 b Fu(=)948 2729 y Fg(F)1018 -2810 y Fn(PS)1141 2795 y Ft(f)33 b Fu(\()p Fs(H)48 b(h)7 -b Fu(\))33 b Fs(ps)40 b Ft(j)33 b Fs(h)39 b Ft(2)33 b -Fs(Y)53 b Ft(g)0 3005 y Fu(for)35 b(all)f(prop)s(ert)m(y)i(states)g -Fs(ps)44 b Fu(in)35 b Fw(PState)p Fu(.)52 b(The)36 b(pro)s(of)f(is)g(b) -m(y)h(cases)h(on)f(the)g(v)-5 b(alue)35 b(of)g Fs(f)56 -b(ps)8 b Fu(.)0 3125 y(If)33 b Fs(f)53 b(ps)40 b Fu(=)33 -b Fb(d)p Fu(?)g(then)g(w)m(e)g(ha)m(v)m(e)h(\()p Fs(H)49 -b Fu(\()1348 3058 y Fg(F)1417 3125 y Fs(Y)20 b Fu(\)\))32 -b Fs(ps)40 b Fu(=)33 b Fb(lost)f Fu(and)244 3268 y Fg(F)313 -3349 y Fn(PS)437 3334 y Ft(f)g Fu(\()p Fs(H)49 b(h)7 -b Fu(\))33 b Fs(ps)40 b Ft(j)32 b Fs(h)40 b Ft(2)p Fs(Y)53 -b Ft(g)32 b Fu(=)1467 3268 y Fg(F)1536 3349 y Fn(PS)1660 -3334 y Ft(f)h Fb(lost)f Ft(j)g Fs(h)40 b Ft(2)33 b Fs(Y)52 -b Ft(g)1359 3502 y Fu(=)32 b Fb(lost)0 3711 y Fu(where)47 -b(the)g(last)e(equalit)m(y)h(is)f(b)s(ecause)j Fs(Y)65 -b Fu(is)46 b(not)g(empt)m(y)-8 b(.)84 b(Th)m(us)48 b(w)m(e)f(ha)m(v)m -(e)g(pro)m(v)m(ed)h(the)0 3831 y(required)33 b(result)g(in)f(this)g -(case.)45 b(If)33 b Fs(f)53 b(ps)41 b Fu(=)33 b Fb(ok)g -Fu(then)g(the)g(c)m(haracterization)f(of)h(least)f(upp)s(er)0 -3952 y(b)s(ounds)h(in)f Fw(PState)g Fu(giv)m(es:)244 -4161 y(\()p Fs(H)48 b Fu(\()440 4094 y Fg(F)510 4161 -y Fs(Y)19 b Fu(\)\))33 b Fs(ps)40 b Fu(=)32 b(\(\()1024 -4094 y Fg(F)1093 4161 y Fs(Y)20 b Fu(\))33 b Fs(ps)8 -b Fu(\))32 b Ft(t)1490 4176 y Fn(PS)1614 4161 y Fu(\()p -Fs(h)1709 4176 y Fn(0)1781 4161 y Fs(ps)8 b Fu(\))840 -4328 y(=)32 b(\()986 4262 y Fg(F)1056 4343 y Fn(PS)1179 -4328 y Ft(f)h Fs(h)40 b(ps)g Ft(j)32 b Fs(h)40 b Ft(2)33 -b Fs(Y)52 b Ft(g)p Fu(\))32 b Ft(t)2042 4343 y Fn(PS)2166 -4328 y Fu(\()p Fs(h)2261 4343 y Fn(0)2333 4328 y Fs(ps)8 -b Fu(\))840 4496 y(=)948 4430 y Fg(F)1018 4511 y Fn(PS)1141 -4496 y Ft(f)33 b Fs(h)40 b(ps)g Ft(j)32 b Fs(h)40 b Ft(2)33 -b Fs(Y)52 b Ft([)33 b(f)f Fs(h)2055 4511 y Fn(0)2128 -4496 y Ft(g)g(g)0 4705 y Fu(and)244 4848 y Fg(F)313 4929 -y Fn(PS)437 4914 y Ft(f)g Fu(\()p Fs(H)49 b(h)7 b Fu(\))33 -b Fs(ps)40 b Ft(j)32 b Fs(h)40 b Ft(2)33 b Fs(Y)52 b -Ft(g)32 b Fu(=)1500 4848 y Fg(F)1569 4929 y Fn(PS)1693 -4914 y Ft(f)g Fu(\()p Fs(h)40 b(ps)8 b Fu(\))32 b Ft(t)2138 -4929 y Fn(PS)2261 4914 y Fu(\()p Fs(h)2356 4929 y Fn(0)2429 -4914 y Fs(ps)8 b Fu(\))32 b Ft(j)g Fs(h)40 b Ft(2)33 -b Fs(Y)52 b Ft(g)1391 5082 y Fu(=)1500 5016 y Fg(F)1569 -5097 y Fn(PS)1693 5082 y Ft(f)32 b Fs(h)40 b(ps)g Ft(j)33 -b Fs(h)39 b Ft(2)33 b Fs(Y)52 b Ft([)33 b(f)g Fs(h)2607 -5097 y Fn(0)2679 5082 y Ft(g)f(g)0 5291 y Fu(where)g(the)f(last)f -(equalit)m(y)g(follo)m(ws)f(b)s(ecause)j Fs(Y)50 b Fu(is)30 -b(not)h(empt)m(y)-8 b(.)43 b(Th)m(us)32 b(the)f(result)g(follo)m(ws)e -(in)0 5411 y(this)j(case.)3008 b Fh(2)p eop -%%Page: 150 160 -150 159 bop 251 130 a Fw(150)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a(Exercise)h(5.20)49 -b Fu(Let)33 b Fs(f)20 b Fu(:)44 b Fw(PState)32 b Ft(!)g -Fw(P)p Fu(,)g Fs(h)1960 530 y Fn(0)2000 515 y Fu(:)44 -b Fw(PState)32 b Ft(!)g Fw(PState)g Fu(and)h(de\014ne)527 -706 y Fs(H)49 b(h)40 b Fu(=)32 b(cond)1046 721 y Fn(P)1099 -706 y Fu(\()p Fs(f)21 b Fu(,)32 b Fs(h)1304 721 y Fn(0)1344 -706 y Fu(,)h Fs(h)7 b Fu(\))283 897 y(Sho)m(w)32 b(that)e -Fs(H)16 b Fu(:)30 b(\()p Fw(PState)g Ft(!)f Fw(PState)p -Fu(\))h Ft(!)g Fu(\()p Fw(PState)g Ft(!)f Fw(PState)p -Fu(\))h(is)g(a)g(con)m(tin)m(uous)h(func-)283 1018 y(tion.)3202 -b Fh(2)p 283 1230 3473 5 v 283 1392 a Fw(Lemma)38 b(5.21)49 -b Fu(Let)32 b Fs(h)1160 1407 y Fn(0)1200 1392 y Fu(:)44 -b Fw(PState)32 b Ft(!)g Fw(PState)g Fu(and)h(de\014ne)527 -1583 y Fs(H)49 b(h)40 b Fu(=)32 b Fs(h)40 b Ft(\016)32 -b Fs(h)1075 1598 y Fn(0)283 1774 y Fu(Then)i Fs(H)16 -b Fu(:)33 b(\()p Fw(PState)p Ft(!)o Fw(PState)p Fu(\))f -Ft(!)g Fu(\()p Fw(PState)p Ft(!)o Fw(PState)p Fu(\))h(is)f(a)g(con)m -(tin)m(uous)h(function.)p 283 1894 V 283 2085 a Fw(Pro)s(of:)50 -b Fu(W)-8 b(e)43 b(shall)e(\014rst)j(sho)m(w)g(that)f -Fs(H)58 b Fu(is)43 b Fs(monotone)49 b Fu(so)43 b(let)f -Fs(h)2781 2100 y Fn(1)2864 2085 y Fu(and)h Fs(h)3121 -2100 y Fn(2)3204 2085 y Fu(b)s(e)g(suc)m(h)h(that)283 -2206 y Fs(h)340 2221 y Fn(1)413 2206 y Ft(v)33 b Fs(h)580 -2221 y Fn(2)619 2206 y Fu(,)h(that)g(is)f Fs(h)1049 2221 -y Fn(1)1123 2206 y Fs(ps)41 b Ft(v)1332 2221 y Fn(PS)1457 -2206 y Fs(h)1514 2221 y Fn(2)1587 2206 y Fs(ps)h Fu(for)33 -b(all)f(prop)s(ert)m(y)i(states)h Fs(ps)8 b Fu(.)46 b(Clearly)33 -b(w)m(e)i(then)g(ha)m(v)m(e)283 2326 y Fs(h)340 2341 -y Fn(1)380 2326 y Fu(\()p Fs(h)475 2341 y Fn(0)544 2326 -y Fs(ps)8 b Fu(\))29 b Ft(v)787 2341 y Fn(PS)908 2326 -y Fs(h)965 2341 y Fn(2)1004 2326 y Fu(\()p Fs(h)1099 -2341 y Fn(0)1168 2326 y Fs(ps)8 b Fu(\))30 b(for)e(all)g(prop)s(ert)m -(y)i(states)g Fs(ps)38 b Fu(and)29 b(thereb)m(y)i(w)m(e)g(ha)m(v)m(e)g -(pro)m(v)m(ed)f(the)283 2446 y(monotonicit)m(y)h(of)h -Fs(H)16 b Fu(.)430 2567 y(T)-8 b(o)40 b(pro)m(v)m(e)h(the)f -Fs(c)-5 b(ontinuity)49 b Fu(let)39 b Fs(Y)59 b Fu(b)s(e)40 -b(a)g(non-empt)m(y)g(c)m(hain)f(in)g Fw(PState)h Ft(!)f -Fw(PState)p Fu(.)283 2687 y(W)-8 b(e)33 b(m)m(ust)g(sho)m(w)h(that)527 -2878 y(\()p Fs(H)49 b Fu(\()724 2812 y Fg(F)793 2878 -y Fs(Y)20 b Fu(\)\))32 b Fs(ps)40 b Fu(=)33 b(\()1270 -2812 y Fg(F)1339 2878 y Ft(f)f Fs(H)49 b(h)40 b Ft(j)32 -b Fs(h)40 b Ft(2)33 b Fs(Y)52 b Ft(g)p Fu(\))32 b Fs(ps)283 -3069 y Fu(for)h(all)e(prop)s(ert)m(y)j(states)g Fs(ps)8 -b Fu(.)46 b(Using)33 b(the)g(c)m(haracterization)f(of)h(least)g(upp)s -(er)h(b)s(ounds)g(giv)m(en)283 3190 y(in)e(Corollary)f(5.17)h(w)m(e)i -(get)527 3381 y(\()p Fs(H)49 b Fu(\()724 3314 y Fg(F)793 -3381 y Fs(Y)20 b Fu(\)\))32 b Fs(ps)40 b Fu(=)33 b(\(\()1308 -3314 y Fg(F)1377 3381 y Fs(Y)20 b Fu(\))32 b Ft(\016)g -Fs(h)1678 3396 y Fn(0)1718 3381 y Fu(\))h Fs(ps)1123 -3548 y Fu(=)g(\()1270 3482 y Fg(F)1339 3548 y Fs(Y)20 -b Fu(\))32 b(\()p Fs(h)1596 3563 y Fn(0)1668 3548 y Fs(ps)8 -b Fu(\))1123 3716 y(=)1232 3649 y Fg(F)1301 3731 y Fn(PS)1425 -3716 y Ft(f)32 b Fs(h)40 b Fu(\()p Fs(h)1692 3731 y Fn(0)1764 -3716 y Fs(ps)8 b Fu(\))33 b Ft(j)f Fs(h)40 b Ft(2)32 -b Fs(Y)53 b Ft(g)283 3907 y Fu(and)527 4098 y(\()565 -4031 y Fg(F)634 4098 y Ft(f)33 b Fs(H)48 b(h)40 b Ft(j)32 -b Fs(h)40 b Ft(2)33 b Fs(Y)52 b Ft(g)p Fu(\))33 b Fs(ps)40 -b Fu(=)1659 4031 y Fg(F)1729 4113 y Fn(PS)1852 4098 y -Ft(f)33 b Fu(\()p Fs(H)48 b(h)7 b Fu(\))33 b Fs(ps)40 -b Ft(j)33 b Fs(h)39 b Ft(2)33 b Fs(Y)53 b Ft(g)1551 4265 -y Fu(=)1659 4199 y Fg(F)1729 4280 y Fn(PS)1852 4265 y -Ft(f)33 b Fu(\()p Fs(h)39 b Ft(\016)33 b Fs(h)2202 4280 -y Fn(0)2241 4265 y Fu(\))g Fs(ps)40 b Ft(j)33 b Fs(h)39 -b Ft(2)33 b Fs(Y)52 b Ft(g)283 4457 y Fu(Hence)34 b(the)f(result)g -(follo)m(ws.)2352 b Fh(2)430 4660 y Fu(This)33 b(su\016ces)h(for)e(sho) -m(wing)h(the)g(w)m(ell-de\014nedness)h(of)e Ft(P)8 b(S)h -Fu(:)p 283 4780 V 283 4942 a Fw(Prop)s(osition)36 b(5.22)49 -b Fu(The)41 b(seman)m(tic)f(function)f Ft(P)8 b(S)h Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q(:)58 b Fw(PState)39 b -Ft(!)h Fw(PState)g Fu(of)f(T)-8 b(able)283 5063 y(5.2)33 -b(is)f(a)g(w)m(ell-de\014ned)h(function)f(for)g(all)e(statemen)m(ts)k -Fs(S)44 b Fu(of)32 b(the)h(language)f Fw(While)p Fu(.)p -283 5183 V 283 5374 a Fw(Pro)s(of:)k Fu(The)c(pro)s(of)e(is)h(b)m(y)h -(structural)f(induction)f(on)h Fs(S)43 b Fu(and)32 b(only)e(the)i(case) -g(of)e(the)i Fr(while)p Fu(-)283 5494 y(lo)s(op)g(is)g(in)m(teresting.) -43 b(W)-8 b(e)33 b(note)f(that)h(the)g(function)f Fs(H)49 -b Fu(used)33 b(in)f(T)-8 b(able)32 b(5.2)g(is)h(giv)m(en)f(b)m(y)p -eop -%%Page: 151 161 -151 160 bop 0 130 a Fw(5.2)112 b(The)38 b(analysis)2439 -b(151)p 0 193 3473 4 v 244 515 a Fs(H)48 b Fu(=)33 b -Fs(H)561 530 y Fn(1)633 515 y Ft(\016)f Fs(H)803 530 -y Fn(2)0 724 y Fu(where)244 932 y Fs(H)332 947 y Fn(1)404 -932 y Fs(h)40 b Fu(=)32 b(cond)802 947 y Fn(P)855 932 -y Fu(\()p Ft(P)8 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 -b(])q(,)32 b Fs(h)7 b Fu(,)33 b(id\))244 1099 y Fs(H)332 -1114 y Fn(2)404 1099 y Fs(h)40 b Fu(=)32 b Fs(h)40 b -Ft(\016)32 b(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])0 1307 y(As)39 b Fs(H)238 1322 y Fn(1)315 1307 y -Fu(and)f Fs(H)598 1322 y Fn(2)676 1307 y Fu(are)g(con)m(tin)m(uous)g -(functions)g(b)m(y)h(Lemmas)e(5.19)h(and)g(5.21)f(w)m(e)i(ha)m(v)m(e)h -(that)0 1428 y Fs(H)47 b Fu(is)31 b(a)g(con)m(tin)m(uous)g(function)g -(b)m(y)h(Lemma)e(4.35.)42 b(Hence)32 b(FIX)f Fs(H)48 -b Fu(is)30 b(w)m(ell-de\014ned)i(and)f(this)0 1548 y(completes)h(the)h -(pro)s(of.)2530 b Fh(2)0 1867 y Fw(Exercise)36 b(5.23)49 -b Fu(Consider)33 b(the)g(statemen)m(t)244 2075 y Fr(z)g -Fu(:=)f Fr(0)p Fu(;)h Fr(while)h(y)p Ft(\024)q Fr(x)e(do)h -Fu(\()p Fr(z)g Fu(:=)g Fr(z)p Fu(+)p Fr(1)p Fu(;)g Fr(x)f -Fu(:=)h Fr(x)p Ft(\000)p Fr(y)p Fu(\))0 2283 y(where)h -Fr(x)f Fu(and)f Fr(y)h Fu(are)g(input)f(v)-5 b(ariables)31 -b(and)i Fr(z)g Fu(is)f(the)h(output)g(v)-5 b(ariable.)41 -b(Use)34 b(the)f(approac)m(h)0 2404 y(of)e(Example)g(5.16)g(to)h(sho)m -(w)g(that)g(there)g(is)f(a)h(functional)e(dep)s(endency)k(b)s(et)m(w)m -(een)g(the)e(input)0 2524 y(and)h(output)f(v)-5 b(ariables.)2489 -b Fh(2)0 2759 y Fw(Exercise)36 b(5.24)49 b Fu(Apply)31 -b(the)g(analysis)f Ft(P)8 b(S)39 b Fu(to)30 b(the)i(statemen)m(t)f -Fr(while)h(true)f(do)h(skip)f Fu(and)0 2879 y(explain)h(wh)m(y)i(the)f -(analysis)f(terminates.)1840 b Fh(2)0 3114 y Fw(Exercise)36 -b(5.25)49 b Fu(Extend)g Fw(While)d Fu(with)h(the)h(statemen)m(t)g -Fr(repeat)34 b Fs(S)45 b Fr(until)33 b Fs(b)54 b Fu(and)47 -b(giv)m(e)0 3235 y(the)38 b(new)g(\(comp)s(ositional\))c(clause)k(for)e -Ft(P)8 b(S)h Fu(.)58 b(Discuss)38 b(y)m(our)g(extension)g(and)f(v)-5 -b(alidate)36 b(the)0 3355 y(w)m(ell-de\014nedness.)2697 -b Fh(2)0 3590 y Fw(Exercise)36 b(5.26)49 b Fu(Extend)41 -b Fw(While)d Fu(with)i(the)g(statemen)m(t)g Fr(for)g -Fo(x)g Fu(:=)g Fo(a)2716 3605 y Fn(1)2795 3590 y Fr(to)g -Fo(a)2988 3605 y Fn(2)3067 3590 y Fr(do)g Fs(S)51 b Fu(and)0 -3711 y(giv)m(e)35 b(the)g(new)h(\(comp)s(ositional\))31 -b(clause)k(for)g Ft(P)8 b(S)g Fu(.)50 b(Discuss)36 b(y)m(our)f -(extension)h(and)f(v)-5 b(alidate)0 3831 y(the)33 b(w)m -(ell-de\014nedness.)2529 b Fh(2)0 4066 y Fw(Exercise)36 -b(5.27)49 b(\(Essen)m(tial\))31 b Fu(Sho)m(w)i(that)f(for)g(ev)m(ery)j -(statemen)m(t)e Fs(S)244 4274 y(ps)40 b Fu(on-trac)m(k)33 -b Ft(v)g Fu(\()p Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 -b Fu(])-17 b(])p Fs(ps)8 b Fu(\))33 b(on-trac)m(k)0 4482 -y(so)g(that)g Fs(ps)40 b Fu(m)m(ust)34 b(b)s(e)f(prop)s(er)g(if)e -Ft(P)8 b(S)h Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q -Fs(ps)40 b Fu(is.)k(In)33 b(the)h(case)g(of)e Fr(while)i -Fs(b)39 b Fr(do)33 b Fs(S)45 b Fu(y)m(ou)34 b(should)0 -4602 y(\014rst)f(pro)m(v)m(e)h(that)e(for)g(all)f(n)h -Ft(\025)h Fu(1:)244 4811 y Fs(ps)40 b Fu(on-trac)m(k)33 -b Ft(v)g Fu(\(\()p Fs(H)1033 4774 y Fn(n)1109 4811 y -Ft(?)p Fu(\))g Fs(ps)8 b Fu(\))32 b(on-trac)m(k)0 5019 -y(where)i Ft(?)f Fs(ps)490 4983 y Fi(0)546 5019 y Fu(=)f -Fb(init)h Fu(for)f(all)e Fs(ps)1249 4983 y Fi(0)1305 -5019 y Fu(and)j Fs(H)48 b(h)40 b Fu(=)32 b(cond)2013 -5034 y Fn(P)2066 5019 y Fu(\()p Ft(P)8 b(B)t Fu([)-17 -b([)p Fs(b)6 b Fu(])-17 b(])q(,)33 b Fs(h)39 b Ft(\016)33 -b(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 -b(id\).)296 b Fh(2)0 5254 y Fw(Exercise)36 b(5.28)49 -b Fu(Sho)m(w)25 b(that)f(there)h(exists)g Fs(h)1702 5269 -y Fn(0)1741 5254 y Fu(:)40 b Fw(PState)23 b Ft(!)h Fw(PState)f -Fu(suc)m(h)j(that)e Fs(H)40 b Fu(de\014ned)0 5374 y(b)m(y)h -Fs(H)56 b(h)47 b Fu(=)40 b Fs(h)541 5389 y Fn(0)621 5374 -y Ft(\016)g Fs(h)47 b Fu(is)40 b Fs(not)h(even)47 b Fu(a)40 -b(monotone)f(function)h(from)f Fw(PState)g Ft(!)h Fw(PState)g -Fu(to)0 5494 y Fw(PState)32 b Ft(!)g Fw(PState)p Fu(.)2543 -b Fh(2)p eop -%%Page: 152 162 -152 161 bop 251 130 a Fw(152)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a(Remark)30 -b Fu(The)h(example)f(of)f(the)i(ab)s(o)m(v)m(e)g(exercise)g(indicates)f -(a)g(ma)5 b(jor)29 b(departure)i(from)d(the)283 636 y(secure)46 -b(w)m(orld)d(of)g(Chapter)h(4.)76 b(Luc)m(kily)44 b(an)f(insurance)h(p) -s(olicy)e(can)i(b)s(e)g(arranged.)76 b(The)283 756 y(premium)31 -b(is)h(to)h(replace)f(all)f(o)s(ccurrences)j(of)527 993 -y Fw(PState)e Ft(!)h Fw(PState)97 b Fu(and)130 b Fw(PState)32 -b Ft(!)g Fw(P)283 1229 y Fu(b)m(y)527 1466 y([)p Fw(PState)h -Ft(!)f Fw(PState)p Fu(])97 b(and)130 b([)p Fw(PState)32 -b Ft(!)h Fw(P)p Fu(])283 1702 y(where)45 b([)p Fs(D)52 -b Ft(!)42 b Fs(E)12 b Fu(])44 b(=)e Ft(f)h Fs(f)21 b -Fu(:)64 b Fs(D)52 b Ft(!)43 b Fs(E)55 b Ft(j)43 b Fs(f)64 -b Fu(is)42 b(con)m(tin)m(uous)i Ft(g)p Fu(.)75 b(One)43 -b(can)g(then)h(sho)m(w)g(that)283 1823 y([)p Fs(D)49 -b Ft(!)39 b Fs(E)12 b Fu(])40 b(is)f(a)h(ccp)s(o)g(if)e -Fs(D)49 b Fu(and)40 b Fs(E)51 b Fu(are)40 b(and)g(that)f(the)h(c)m -(haracterization)f(of)g(least)g(upp)s(er)283 1943 y(b)s(ounds)c(giv)m -(en)f(in)g(Lemma)f(5.4)g(still)f(holds.)48 b(F)-8 b(urthermore,)34 -b(one)g(can)g(sho)m(w)i(that)d(Exercise)283 2063 y(5.6)26 -b(ensures)h(that)f Ft(P)8 b(A)p Fu([)-17 b([)p Fs(a)7 -b Fu(])-17 b(])27 b(and)f Ft(P)8 b(B)t Fu([)-17 b([)p -Fs(b)6 b Fu(])-17 b(])26 b(are)g(con)m(tin)m(uous.)42 -b(Finally)-8 b(,)24 b(the)i(en)m(tire)g(dev)m(elopmen)m(t)283 -2184 y(in)k(this)h(section)g(still)d(carries)j(through)f(although)g -(there)h(are)g(additional)d(pro)s(of)i(obligations)283 -2304 y(to)i(b)s(e)h(carried)f(out.)43 b(In)32 b(this)g(setting)g(one)g -(gets)h(that)f(if)f Fs(h)2438 2319 y Fn(0)2478 2304 y -Fu(:)43 b([)p Fw(PState)32 b Ft(!)g Fw(PState)p Fu(])g(then)g -Fs(H)283 2424 y Fu(de\014ned)c(b)m(y)f Fs(H)42 b(h)34 -b Fu(=)26 b Fs(h)1099 2439 y Fn(0)1171 2424 y Ft(\016)32 -b Fs(h)h Fu(is)26 b(indeed)g(a)g(con)m(tin)m(uous)h(function)f(from)f -([)p Fw(PState)g Ft(!)h Fw(PState)p Fu(])283 2545 y(to)33 -b([)p Fw(PState)f Ft(!)g Fw(PState)p Fu(].)2369 b Fh(2)430 -2672 y Fu(T)-8 b(o)30 b(summarize,)f(the)h(w)m(ell-de\014nedness)i(of)e -Ft(P)8 b(S)38 b Fu(relies)29 b(on)h(the)g(follo)m(wing)d(results)k -(estab-)283 2792 y(lished)h(ab)s(o)m(v)m(e:)p 283 2922 -3470 4 v 283 2939 V 281 3146 4 208 v 298 3146 V 1371 -3067 a Fw(Pro)s(of)g(Summary)h(for)f(While)p Fu(:)p 3735 -3146 V 3752 3146 V 281 3354 V 298 3354 V 1174 3275 a -Fw(W)-9 b(ell)p Fu(-)p Fw(de\014nedness)32 b(of)g(Static)g(Analysis)p -3735 3354 V 3752 3354 V 283 3357 3470 4 v 281 3726 4 -370 v 298 3726 V 350 3523 a Fu(1:)143 b(The)37 b(set)h -Fw(PState)e Ft(!)g Fw(PState)g Fu(equipp)s(ed)h(with)f(an)h -(appropriate)f(ordering)f Ft(v)i Fu(is)569 3643 y(a)32 -b(ccp)s(o)h(\(Corollary)e(5.17\).)p 3735 3726 V 3752 -3726 V 281 4014 4 289 v 298 4014 V 350 3811 a(2:)143 -b(Certain)38 b(functions)g(\011:)55 b(\()p Fw(PState)38 -b Ft(!)g Fw(PState)p Fu(\))g Ft(!)g Fu(\()p Fw(PState)g -Ft(!)g Fw(PState)p Fu(\))g(are)569 3931 y(con)m(tin)m(uous)33 -b(\(Lemmas)f(5.19)g(and)g(5.21\).)p 3735 4014 V 3752 -4014 V 281 4302 V 298 4302 V 350 4099 a(3:)143 b(In)30 -b(the)h(de\014nition)e(of)h Ft(P)8 b(S)39 b Fu(w)m(e)31 -b(only)f(apply)g(the)h(\014xed)g(p)s(oin)m(t)f(op)s(eration)f(to)g(con) -m(tin-)569 4219 y(uous)k(functions)f(\(Prop)s(osition)f(5.22\).)p -3735 4302 V 3752 4302 V 283 4306 3470 4 v 283 4322 V -283 4518 a(Our)h(o)m(v)m(erall)e(algorithm)f(for)i(determining)f -(whether)j(or)e(not)g(there)h(is)f(a)h(functional)d(dep)s(en-)283 -4638 y(dency)35 b(b)s(et)m(w)m(een)f(input)e(and)h(output)g(v)-5 -b(ariables)31 b(then)i(pro)s(ceeds)h(as)f(follo)m(ws:)333 -4821 y(INPUT:)212 b(a)33 b(statemen)m(t)g Fs(S)44 b Fu(of)32 -b Fw(While)889 4989 y Fu(a)h(set)g Fs(I)48 b Ft(\022)33 -b Fw(V)-9 b(ar)32 b Fu(of)g(input)g(v)-5 b(ariables)889 -5156 y(a)33 b(set)g Fs(O)42 b Ft(\022)33 b Fw(V)-9 b(ar)32 -b Fu(of)g(output)h(v)-5 b(ariables)333 5324 y(OUTPUT:)101 -b(YES,)34 b(if)d(there)i Fs(de\014nitely)41 b Fu(is)32 -b(a)h(functional)e(dep)s(endency)889 5492 y(NO?,)i(if)f(there)h -Fs(may)i(not)41 b Fu(b)s(e)33 b(a)g(functional)d(dep)s(endency)p -eop -%%Page: 153 163 -153 162 bop 0 130 a Fw(5.3)112 b(Safet)m(y)38 b(of)g(the)f(analysis) -2007 b(153)p 0 193 3473 4 v 50 500 a Fu(METHOD:)100 b(let)32 -b Fs(ps)865 515 y Fc(I)937 500 y Fu(b)s(e)h(uniquely)g(determined)f(b)m -(y)i(OK\()p Fs(ps)2399 515 y Fc(I)2438 500 y Fu(\))f(=)f -Fs(I)48 b Ft([)33 b(f)p Fu(on-trac)m(k)p Ft(g)626 668 -y Fu(let)f Fs(ps)865 683 y Fc(O)957 668 y Fu(=)h Ft(P)8 -b(S)g Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q Fs(ps)1451 -683 y Fc(I)626 835 y Fu(output)33 b(YES)g(if)f(OK\()p -Fs(ps)1550 850 y Fc(O)1609 835 y Fu(\))g Ft(\023)h Fs(O)42 -b Ft([)33 b(f)p Fu(on-trac)m(k)p Ft(g)626 1003 y Fu(output)g(NO?)g -(otherwise)0 1289 y Fj(5.3)161 b(Safet)l(y)53 b(of)h(the)f(analysis)0 -1508 y Fu(In)44 b(this)g(section)g(w)m(e)h(shall)d(sho)m(w)j(that)f -(the)g(analysis)g(functions)g Ft(P)8 b(A)p Fu(,)46 b -Ft(P)8 b(B)48 b Fu(and)c Ft(P)8 b(S)52 b Fu(are)0 1628 -y(correct)37 b(with)e(resp)s(ect)i(to)f(the)h(seman)m(tic)e(functions)h -Ft(A)p Fu(,)h Ft(B)i Fu(and)d Ft(S)2526 1643 y Fn(ds)2597 -1628 y Fu(.)54 b(This)36 b(amoun)m(ts)g(to)g(a)0 1749 -y(formalization)29 b(of)k(the)h(considerations)f(that)g(w)m(ere)i -(already)e(illustrated)e(in)i(Exercises)i(5.13)0 1869 -y(and)e(5.15.)43 b(W)-8 b(e)33 b(b)s(egin)e(with)i(the)g(rather)f -(simple)f(case)j(of)e(arithmetic)e(expressions.)0 2150 -y Fp(Expressions)0 2334 y Fu(Let)37 b Fs(g)9 b Fu(:)53 -b Fw(State)37 b Ft(!)g Fw(Z)h Fu(b)s(e)f(a)g(function,)i(p)s(erhaps)f -(of)e(the)i(form)e Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 -b(])39 b(for)d(some)h(arithmetic)0 2455 y(expression)j -Fs(a)45 b Ft(2)39 b Fw(Aexp)p Fu(,)h(and)e(let)g Fs(h)7 -b Fu(:)55 b Fw(PState)38 b Ft(!)g Fw(P)g Fu(b)s(e)g(another)g -(function,)i(p)s(erhaps)f(of)0 2575 y(the)c(form)d Ft(P)8 -b(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])35 b(for)e(some)h -(arithmetic)e(expression)k Fs(a)41 b Ft(2)34 b Fw(Aexp)p -Fu(.)48 b(W)-8 b(e)35 b(shall)e(in)m(tro)s(duce)h(a)0 -2696 y(relation)244 2852 y Fs(g)41 b Fu(sat)p 330 2865 -126 4 v 15 x Fn(Aexp)652 2852 y Fs(h)0 3007 y Fu(for)30 -b(expressing)i(when)f(the)g(analysis)f Fs(h)38 b Fu(is)30 -b(correct)h(with)f(resp)s(ect)h(to)f(the)h(seman)m(tics)g -Fs(g)9 b Fu(.)42 b(It)31 b(is)0 3128 y(de\014ned)j(b)m(y)244 -3284 y Fs(s)292 3299 y Fn(1)364 3284 y Ft(\021)f Fs(s)522 -3299 y Fn(2)594 3284 y Fu(rel)p 594 3297 109 4 v 702 -3299 a Fn(Stm)864 3284 y Fs(ps)41 b Fu(implies)30 b Fs(g)41 -b(s)1460 3299 y Fn(1)1532 3284 y Ft(\021)33 b Fs(g)41 -b(s)1776 3299 y Fn(2)1848 3284 y Fu(rel)p 1848 3297 V -15 x Fn(Aexp)2154 3284 y Fs(h)f(ps)0 3440 y Fu(for)27 -b(all)f(states)j Fs(s)596 3455 y Fn(1)663 3440 y Fu(and)f -Fs(s)896 3455 y Fn(2)963 3440 y Fu(and)g(prop)s(ert)m(y)h(states)g -Fs(ps)8 b Fu(.)41 b(This)28 b(condition)f(sa)m(ys)i(that)f(the)g -(results)0 3560 y(of)34 b Fs(g)42 b Fu(will)32 b(b)s(e)i(suitably)g -(related)f(pro)m(vided)i(that)f(the)g(argumen)m(ts)g(are.)48 -b(It)35 b(is)e(p)s(erhaps)i(more)0 3680 y(in)m(tuitiv)m(e)c(when)j -(rephrased)g(as)244 3836 y(\()p Fs(s)330 3851 y Fn(1)402 -3836 y Ft(\021)f Fs(s)560 3851 y Fn(2)632 3836 y Fu(rel)p -632 3849 V 740 3851 a Fn(Stm)902 3836 y Fs(ps)8 b Fu(\))33 -b(and)f(\()p Fs(h)40 b(ps)h Fu(=)32 b Fb(ok)p Fu(\))h(imply)e -Fs(g)41 b(s)2232 3851 y Fn(1)2304 3836 y Fu(=)32 b Fs(g)41 -b(s)2546 3851 y Fn(2)0 3992 y Fu(The)34 b(safet)m(y)f(of)f(the)h -(analysis)f Ft(P)8 b(A)33 b Fu(is)f(then)h(expressed)i(b)m(y)p -0 4113 3473 5 v 0 4239 a Fw(F)-9 b(act)37 b(5.29)49 b -Fu(F)-8 b(or)32 b(all)f(arithmetic)f(expressions)k Fs(a)40 -b Ft(2)33 b Fw(Aexp)g Fu(w)m(e)h(ha)m(v)m(e)269 4407 -y Ft(A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])33 b(sat)p -513 4420 126 4 v 15 x Fn(Aexp)836 4407 y Ft(P)8 b(A)p -Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])p 0 4528 3473 5 -v 0 4684 a Fw(Pro)s(of:)37 b Fu(This)c(is)f(an)h(immediate)d -(consequence)35 b(of)d(Lemma)f(1.11)h(and)h(Exercise)h(5.11.)134 -b Fh(2)146 4887 y Fu(The)34 b(analysis)e Ft(P)8 b(B)36 -b Fu(of)c(b)s(o)s(olean)f(expressions)k(is)d(safe)h(in)f(the)h(follo)m -(wing)c(sense:)0 5043 y Fw(Exercise)36 b(5.30)49 b(\(Essen)m(tial\))21 -b Fu(Rep)s(eat)i(the)g(dev)m(elopmen)m(t)g(for)g(b)s(o)s(olean)e -(expressions,)27 b(that)0 5163 y(is)32 b(de\014ne)i(a)e(relation)f(sat) -p 819 5176 126 4 v 15 x Fn(Bexp)1139 5163 y Fu(and)h(sho)m(w)i(that)244 -5319 y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 -b(sat)p 471 5332 V 15 x Fn(Bexp)791 5319 y Ft(P)8 b(B)t -Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])0 5475 y(for)32 -b(all)f(b)s(o)s(olean)g(expressions)j Fs(b)k Ft(2)33 -b Fw(Bexp)p Fu(.)1781 b Fh(2)p eop -%%Page: 154 164 -154 163 bop 251 130 a Fw(154)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fp(Statemen)l(ts)283 -704 y Fu(The)k(safet)m(y)g(of)f(the)g(analysis)g(of)f(statemen)m(ts)i -(will)d(express)k(that)e(if)f(OK\()p Fs(ps)8 b Fu(\))38 -b(includes)h(all)283 824 y(the)45 b(input)e(v)-5 b(ariables)42 -b(and)i(if)e(OK\()p Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 -b Fu(])-17 b(])p Fs(ps)8 b Fu(\))44 b(includes)f(`on-trac)m(k')h(and)g -(all)e(the)i(output)283 945 y(v)-5 b(ariables)32 b(then)i -Ft(S)979 960 y Fn(ds)1050 945 y Fu([)-17 b([)q Fs(S)12 -b Fu(])-17 b(])33 b(determines)h(a)e(functional)g(relationship)f(b)s -(et)m(w)m(een)k(the)f(input)f(and)283 1065 y(output)49 -b(v)-5 b(ariables.)90 b(This)49 b(v)-5 b(alidation)45 -b(is)j(imp)s(ortan)m(t)f(b)s(ecause)j(although)d(the)i(in)m(tuition)283 -1185 y(ab)s(out)35 b Fb(ok)g Fu(meaning)f(\\dep)s(ending)h(only)f(on)h -(input)f(v)-5 b(ariables")34 b(go)s(es)g(a)h(long)f(w)m(a)m(y)i(to)m(w) -m(ards)283 1306 y(motiv)-5 b(ating)30 b(the)j(analysis,)f(it)g(is)g -(not)h(p)s(erfect.)44 b(As)33 b(w)m(e)h(already)e(men)m(tioned)h(in)f -(Section)g(5.1)283 1426 y(one)c(cannot)f(insp)s(ect)g(a)f(v)-5 -b(alue,)28 b(lik)m(e)e Fw(27)p Fu(,)i(and)f(determine)g(whether)h(it)e -(has)h(its)f(v)-5 b(alue)26 b(b)s(ecause)283 1547 y(it)36 -b(only)g(dep)s(ends)h(on)g(input)e(v)-5 b(ariables)35 -b(or)h(b)s(ecause)i(it)d(just)i(happ)s(ened)g(to)f(b)s(e)h -Fw(27)p Fu(.)55 b(T)-8 b(o)36 b(aid)283 1667 y(the)42 -b(in)m(tuition)e(in)h(determining)f(that)h(no)h(errors)f(ha)m(v)m(e)i -(b)s(een)g(made)e(in)g(the)h(de\014nition)e(of)283 1787 -y(the)33 b(analysis)e(it)f(is)h Fs(ne)-5 b(c)g(essary)40 -b Fu(to)31 b(giv)m(e)h(a)f(formal)f(statemen)m(t)i(of)f(the)h -(relationship)e(b)s(et)m(w)m(een)283 1908 y(computations)i(in)g(the)h -(standard)g(\(denotational\))d(seman)m(tics)j(and)g(in)f(the)h -(analysis.)430 2030 y(Our)h(k)m(ey)h(to)s(ol)e(will)e(b)s(e)j(the)h -(relation)d Fs(s)1905 2045 y Fn(1)1979 2030 y Ft(\021)i -Fs(s)2138 2045 y Fn(2)2211 2030 y Fu(rel)p 2211 2043 -109 4 v 34 w Fs(ps)42 b Fu(and)34 b(w)m(e)h(shall)d(sho)m(w)k(that)d -(if)g(this)283 2150 y(relationship)i(holds)i(b)s(efore)g(the)g -(statemen)m(t)h(is)e(executed)j(and)e(analysed)g(then)h(either)e(the) -283 2271 y(statemen)m(t)e(will)c(lo)s(op)h(on)i(b)s(oth)f(states)i(or)e -(the)h(same)g(relationship)d(will)h(hold)h(b)s(et)m(w)m(een)i(the)283 -2391 y(\014nal)j(states)h(and)f(the)g(\014nal)f(prop)s(ert)m(y)i(state) -g(\(pro)m(vided)f(that)g(the)g(analysis)g(do)s(es)g(not)g(get)283 -2511 y(\\lost"\).)43 b(W)-8 b(e)33 b(shall)e(formalize)f(this)i(b)m(y)i -(de\014ning)e(a)g(relation)527 2724 y Fs(g)41 b Fu(sat)p -613 2737 126 4 v 739 2739 a Fn(Stm)901 2724 y Fs(h)283 -2937 y Fu(b)s(et)m(w)m(een)35 b(a)d(function)g Fs(g)9 -b Fu(:)44 b Fw(State)32 b Fo(,)-17 b Ft(!)33 b Fw(State)p -Fu(,)f(p)s(erhaps)i(of)e(the)h(form)e Ft(S)2936 2952 -y Fn(ds)3007 2937 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])33 b(for)f(some)g Fs(S)45 b Fu(in)283 3057 y Fw(Stm)p -Fu(,)29 b(and)h(another)f(function)f Fs(h)7 b Fu(:)42 -b Fw(PState)29 b Ft(!)f Fw(PState)p Fu(,)i(p)s(erhaps)f(of)g(the)g -(form)f Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])29 b(for)283 3178 y(some)k Fs(S)44 b Fu(in)32 b Fw(Stm)p -Fu(.)43 b(The)33 b(formal)d(de\014nition)i(amoun)m(ts)g(to)764 -3390 y(\()p Fs(s)850 3405 y Fn(1)922 3390 y Ft(\021)h -Fs(s)1080 3405 y Fn(2)1152 3390 y Fu(rel)p 1152 3403 -109 4 v 31 w Fs(ps)8 b Fu(\))33 b(and)g(\()p Fs(h)39 -b(ps)i Fu(is)32 b(prop)s(er\))527 3558 y(imply)764 3726 -y(\()p Fs(g)41 b(s)936 3741 y Fn(1)1008 3726 y Fu(=)32 -b(undef)p 1116 3739 236 4 v 33 w(and)h Fs(g)41 b(s)1708 -3741 y Fn(2)1780 3726 y Fu(=)32 b(undef)p 1888 3739 V -1 w(\))h(or)764 3893 y(\()p Fs(g)41 b(s)936 3908 y Fn(1)1008 -3893 y Ft(6)p Fu(=)32 b(undef)p 1116 3906 V 33 w(and)h -Fs(g)41 b(s)1708 3908 y Fn(2)1780 3893 y Ft(6)p Fu(=)32 -b(undef)p 1888 3906 V 34 w(and)g Fs(g)41 b(s)2480 3908 -y Fn(1)2553 3893 y Ft(\021)33 b Fs(g)41 b(s)2797 3908 -y Fn(2)2869 3893 y Fu(rel)p 2869 3906 109 4 v 32 w Fs(h)e(ps)8 -b Fu(\))283 4106 y(for)39 b(all)e(states)j Fs(s)913 4121 -y Fn(1)952 4106 y Fu(,)h Fs(s)1068 4121 y Fn(2)1146 4106 -y Ft(2)e Fw(State)g Fu(and)g(all)e(prop)s(ert)m(y)j(states)g -Fs(ps)46 b Ft(2)40 b Fw(PState)p Fu(.)62 b(T)-8 b(o)39 -b(motiv)-5 b(ate)283 4226 y(this)34 b(de\014nition)e(consider)i(t)m(w)m -(o)g(states)h Fs(s)1802 4241 y Fn(1)1875 4226 y Fu(and)f -Fs(s)2114 4241 y Fn(2)2187 4226 y Fu(that)f(are)h(equal)f(relativ)m(e)g -(to)g Fs(ps)8 b Fu(.)46 b(If)34 b Fs(ps)41 b Fu(is)283 -4347 y(prop)s(er)e(this)g(means)f(that)h Fs(s)1368 4362 -y Fn(1)1446 4347 y Fs(x)51 b Fu(=)38 b Fs(s)1704 4362 -y Fn(2)1782 4347 y Fs(x)51 b Fu(for)38 b(all)f(v)-5 b(ariables)37 -b Fs(x)50 b Fu(in)38 b(OK\()p Fs(ps)8 b Fu(\).)62 b(The)40 -b(analysis)283 4467 y(of)c(the)h(statemen)m(t)g(ma)m(y)f(get)h(\\lost") -e(in)g(whic)m(h)i(case)g Fs(h)44 b(ps)g Fu(is)36 b(not)g(prop)s(er)h -(and)f(w)m(e)i(cannot)283 4588 y(deduce)h(an)m(ything)d(ab)s(out)g(the) -h(b)s(eha)m(viour)f(of)g(the)h(statemen)m(t.)56 b(Alternativ)m(ely)-8 -b(,)37 b(it)e(ma)m(y)i(b)s(e)283 4708 y(the)j(case)f(that)g -Fs(h)46 b(ps)g Fu(is)38 b(prop)s(er)h(and)g(in)f(that)g(case)i(the)f -(statemen)m(t)g(m)m(ust)g(b)s(eha)m(v)m(e)h(in)e(the)283 -4828 y(same)33 b(w)m(a)m(y)h(whether)g(executed)g(from)e -Fs(s)1782 4843 y Fn(1)1854 4828 y Fu(or)g(from)f Fs(s)2251 -4843 y Fn(2)2291 4828 y Fu(.)43 b(In)33 b(particular)429 -5041 y Ft(\017)48 b Fu(the)j(statemen)m(t)f(ma)m(y)g(en)m(ter)h(a)f(lo) -s(op)f(when)i(executed)h(from)d Fs(s)2996 5056 y Fn(1)3085 -5041 y Fu(and)i Fs(s)3341 5056 y Fn(2)3380 5041 y Fu(,)j(that)c(is)527 -5161 y Fs(g)41 b(s)661 5176 y Fn(1)733 5161 y Fu(=)33 -b(undef)p 842 5174 236 4 v 33 w(and)g Fs(g)41 b(s)1434 -5176 y Fn(2)1506 5161 y Fu(=)32 b(undef)p 1614 5174 V -1 w(,)h(or)429 5374 y Ft(\017)48 b Fu(the)37 b(statemen)m(t)f(do)s(es)h -(not)f(en)m(ter)h(a)f(lo)s(op)e(when)j(executed)i(from)34 -b Fs(s)3055 5389 y Fn(1)3131 5374 y Fu(and)i Fs(s)3372 -5389 y Fn(2)3412 5374 y Fu(,)g(that)g(is)527 5494 y Fs(g)41 -b(s)661 5509 y Fn(1)733 5494 y Ft(6)p Fu(=)33 b(undef)p -842 5507 V 33 w(and)g Fs(g)41 b(s)1434 5509 y Fn(2)1506 -5494 y Ft(6)p Fu(=)32 b(undef)p 1614 5507 V 1 w(.)p eop -%%Page: 155 165 -155 164 bop 0 130 a Fw(5.3)112 b(Safet)m(y)38 b(of)g(the)f(analysis) -2007 b(155)p 0 193 3473 4 v 0 515 a Fu(In)34 b(the)h(latter)e(case)i -(the)g(t)m(w)m(o)g(\014nal)e(states)i Fs(g)43 b(s)1757 -530 y Fn(1)1830 515 y Fu(and)35 b Fs(g)42 b(s)2157 530 -y Fn(2)2231 515 y Fu(m)m(ust)34 b(b)s(e)h(equal)f(relativ)m(e)f(to)h -(the)0 636 y(resulting)41 b(prop)s(ert)m(y)h(state)g -Fs(h)49 b(ps)8 b Fu(,)44 b(that)e(is)f(\()p Fs(g)50 b(s)1843 -651 y Fn(1)1882 636 y Fu(\))42 b Fs(x)53 b Fu(=)42 b(\()p -Fs(g)50 b(s)2359 651 y Fn(2)2399 636 y Fu(\))41 b Fs(x)54 -b Fu(for)41 b(all)e(v)-5 b(ariables)41 b Fs(x)53 b Fu(in)0 -756 y(OK\()p Fs(h)39 b(ps)8 b Fu(\).)146 877 y(W)-8 b(e)28 -b(ma)m(y)f(then)h(form)m(ulate)e(the)i(desired)f(relationship)f(b)s(et) -m(w)m(een)j(the)f(seman)m(tics)g(and)f(the)0 997 y(analysis)32 -b(as)h(follo)m(ws:)p 0 1117 3473 5 v 0 1292 a Fw(Theorem)k(5.31)49 -b Fu(F)-8 b(or)32 b(all)e(statemen)m(ts)k Fs(S)44 b Fu(of)32 -b Fw(While)f Fu(w)m(e)j(ha)m(v)m(e)g Ft(S)2496 1307 y -Fn(ds)2567 1292 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])33 -b(sat)p 2741 1305 126 4 v 2867 1307 a Fn(Stm)3029 1292 -y Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(].)p -0 1412 3473 5 v 146 1615 a(Before)32 b(conducting)f(the)h(pro)s(of)e(w) -m(e)j(need)f(to)f(establish)g(some)g(prop)s(erties)g(of)g(the)g(auxil-) -0 1736 y(iary)h(op)s(erations)g(comp)s(osition)e(and)i(conditional.)p -0 1856 V 0 2031 a Fw(Lemma)37 b(5.32)49 b Fu(Let)39 b -Fs(g)880 2046 y Fn(1)919 2031 y Fu(,)h Fs(g)1040 2046 -y Fn(2)1079 2031 y Fu(:)56 b Fw(State)38 b Fo(,)-17 b -Ft(!)39 b Fw(State)g Fu(and)f Fs(h)2150 2046 y Fn(1)2190 -2031 y Fu(,)i Fs(h)2314 2046 y Fn(2)2354 2031 y Fu(:)56 -b Fw(PState)38 b Ft(!)g Fw(PState)g Fu(and)0 2151 y(assume)33 -b(that)269 2319 y Fs(ps)40 b Fu(on-trac)m(k)33 b Ft(v)861 -2334 y Fn(P)946 2319 y Fu(\()p Fs(h)1041 2334 y Fn(2)1113 -2319 y Fs(ps)8 b Fu(\))33 b(on-trac)m(k)1714 b(\(*\))0 -2486 y(holds)32 b(for)g(all)f Fs(ps)40 b Ft(2)33 b Fw(PState)p -Fu(.)43 b(Then)269 2654 y Fs(g)323 2669 y Fn(1)394 2654 -y Fu(sat)p 394 2667 126 4 v 15 x Fn(Stm)682 2654 y Fs(h)739 -2669 y Fn(1)811 2654 y Fu(and)32 b Fs(g)1054 2669 y Fn(2)1126 -2654 y Fu(sat)p 1126 2667 V 15 x Fn(Stm)1413 2654 y Fs(h)1470 -2669 y Fn(2)1543 2654 y Fu(imply)e Fs(g)1870 2669 y Fn(2)1942 -2654 y Ft(\016)i Fs(g)2078 2669 y Fn(1)2150 2654 y Fu(sat)p -2150 2667 V 15 x Fn(Stm)2437 2654 y Fs(h)2494 2669 y -Fn(2)2566 2654 y Ft(\016)g Fs(h)2705 2669 y Fn(1)p 0 -2774 3473 5 v 0 2978 a Fw(Pro)s(of:)37 b Fu(Let)c Fs(s)563 -2993 y Fn(1)603 2978 y Fu(,)f Fs(s)710 2993 y Fn(2)782 -2978 y Fu(and)h Fs(ps)40 b Fu(b)s(e)33 b(suc)m(h)h(that)244 -3181 y Fs(s)292 3196 y Fn(1)364 3181 y Ft(\021)f Fs(s)522 -3196 y Fn(2)594 3181 y Fu(rel)p 594 3194 109 4 v 32 w -Fs(ps)8 b Fu(,)32 b(and)h(\()p Fs(h)1177 3196 y Fn(2)1249 -3181 y Ft(\016)g Fs(h)1389 3196 y Fn(1)1428 3181 y Fu(\))g -Fs(ps)40 b Fu(is)32 b(prop)s(er)0 3384 y(Using)f(that)g -Fs(h)540 3399 y Fn(2)611 3384 y Fu(\()p Fs(h)706 3399 -y Fn(1)777 3384 y Fs(ps)8 b Fu(\))31 b(is)g(prop)s(er)g(w)m(e)h(get)f -(from)g(\(*\))f(that)h Fs(h)2306 3399 y Fn(1)2377 3384 -y Fs(ps)39 b Fu(m)m(ust)32 b(b)s(e)f(prop)s(er)h(as)f(w)m(ell)0 -3505 y(\(b)m(y)i(taking)f Fs(ps)41 b Fu(to)32 b(b)s(e)h -Fs(h)914 3520 y Fn(1)986 3505 y Fs(ps)8 b Fu(\).)43 b(So)33 -b(from)e(the)i(assumption)f Fs(g)2296 3520 y Fn(1)2367 -3505 y Fu(sat)p 2367 3518 126 4 v 2493 3520 a Fn(Stm)2655 -3505 y Fs(h)2712 3520 y Fn(1)2784 3505 y Fu(w)m(e)i(get)244 -3708 y Fs(g)298 3723 y Fn(1)369 3708 y Fs(s)417 3723 -y Fn(1)489 3708 y Fu(=)f(undef)p 598 3721 236 4 v 33 -w(and)g Fs(g)1110 3723 y Fn(1)1181 3708 y Fs(s)1229 3723 -y Fn(2)1301 3708 y Fu(=)g(undef)p 1410 3721 V(,)g(or)244 -3876 y Fs(g)298 3891 y Fn(1)369 3876 y Fs(s)417 3891 -y Fn(1)489 3876 y Ft(6)p Fu(=)g(undef)p 598 3889 V 33 -w(and)g Fs(g)1110 3891 y Fn(1)1181 3876 y Fs(s)1229 3891 -y Fn(2)1301 3876 y Ft(6)p Fu(=)g(undef)p 1410 3889 V -33 w(and)g Fs(g)1922 3891 y Fn(1)1993 3876 y Fs(s)2041 -3891 y Fn(1)2113 3876 y Ft(\021)g Fs(g)2277 3891 y Fn(1)2349 -3876 y Fs(s)2397 3891 y Fn(2)2469 3876 y Fu(rel)p 2469 -3889 109 4 v 32 w Fs(h)2667 3891 y Fn(1)2739 3876 y Fs(ps)0 -4079 y Fu(In)e(the)g(\014rst)h(case)f(w)m(e)h(are)f(\014nished)g(since) -h(it)d(follo)m(ws)h(that)g(\()p Fs(g)2302 4094 y Fn(2)2372 -4079 y Ft(\016)h Fs(g)2507 4094 y Fn(1)2546 4079 y Fu(\))f -Fs(s)2662 4094 y Fn(1)2733 4079 y Fu(=)g(undef)p 2839 -4092 236 4 v 32 w(and)h(that)0 4200 y(\()p Fs(g)92 4215 -y Fn(2)163 4200 y Ft(\016)i Fs(g)300 4215 y Fn(1)339 -4200 y Fu(\))f Fs(s)457 4215 y Fn(2)529 4200 y Fu(=)h(undef)p -638 4213 V(.)44 b(In)33 b(the)g(second)h(case)f(w)m(e)h(use)f(that)244 -4403 y Fs(g)298 4418 y Fn(1)369 4403 y Fs(s)417 4418 -y Fn(1)489 4403 y Ft(\021)g Fs(g)653 4418 y Fn(1)725 -4403 y Fs(s)773 4418 y Fn(2)845 4403 y Fu(rel)p 845 4416 -109 4 v 32 w Fs(h)1043 4418 y Fn(1)1115 4403 y Fs(ps)8 -b Fu(,)33 b(and)f Fs(h)1519 4418 y Fn(2)1559 4403 y Fu(\()p -Fs(h)1654 4418 y Fn(1)1726 4403 y Fs(ps)8 b Fu(\))33 -b(is)f(prop)s(er)0 4606 y(The)i(assumption)d Fs(g)770 -4621 y Fn(2)842 4606 y Fu(sat)p 842 4619 126 4 v 15 x -Fn(Stm)1129 4606 y Fs(h)1186 4621 y Fn(2)1259 4606 y -Fu(then)i(giv)m(es)244 4810 y Fs(g)298 4825 y Fn(2)369 -4810 y Fu(\()p Fs(g)461 4825 y Fn(1)533 4810 y Fs(s)581 -4825 y Fn(1)620 4810 y Fu(\))g(=)f(undef)p 799 4823 236 -4 v 33 w(and)h Fs(g)1311 4825 y Fn(2)1383 4810 y Fu(\()p -Fs(g)1475 4825 y Fn(1)1546 4810 y Fs(s)1594 4825 y Fn(2)1634 -4810 y Fu(\))f(=)h(undef)p 1813 4823 V(,)g(or)244 4977 -y Fs(g)298 4992 y Fn(2)369 4977 y Fu(\()p Fs(g)461 4992 -y Fn(1)533 4977 y Fs(s)581 4992 y Fn(1)620 4977 y Fu(\))g -Ft(6)p Fu(=)f(undef)p 799 4990 V 33 w(and)h Fs(g)1311 -4992 y Fn(2)1383 4977 y Fu(\()p Fs(g)1475 4992 y Fn(1)1546 -4977 y Fs(s)1594 4992 y Fn(2)1634 4977 y Fu(\))f Ft(6)p -Fu(=)h(undef)p 1813 4990 V 33 w(and)513 5145 y Fs(g)567 -5160 y Fn(2)606 5145 y Fu(\()p Fs(g)698 5160 y Fn(1)769 -5145 y Fs(s)817 5160 y Fn(1)857 5145 y Fu(\))f Ft(\021)h -Fs(g)1091 5160 y Fn(2)1130 5145 y Fu(\()p Fs(g)1222 5160 -y Fn(1)1294 5145 y Fs(s)1342 5160 y Fn(2)1381 5145 y -Fu(\))g(rel)p 1452 5158 109 4 v 31 w Fs(h)1649 5160 y -Fn(2)1689 5145 y Fu(\()p Fs(h)1784 5160 y Fn(1)1856 5145 -y Fs(ps)8 b Fu(\))0 5348 y(In)33 b(b)s(oth)f(cases)i(w)m(e)g(ha)m(v)m -(e)g(completed)e(the)h(pro)s(of.)1548 b Fh(2)p eop -%%Page: 156 166 -156 165 bop 251 130 a Fw(156)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 283 515 3473 -5 v 283 667 a(Lemma)i(5.33)49 b Fu(Assume)31 b(that)g -Fs(g)1552 682 y Fn(1)1591 667 y Fu(,)g Fs(g)1703 682 -y Fn(2)1742 667 y Fu(:)43 b Fw(State)31 b Fo(,)-17 b -Ft(!)31 b Fw(State)p Fu(,)g(and)h Fs(g)9 b Fu(:)42 b -Fw(State)31 b Ft(!)f Fw(T)h Fu(and)g(that)283 787 y Fs(h)340 -802 y Fn(1)380 787 y Fu(,)i Fs(h)497 802 y Fn(2)536 787 -y Fu(:)44 b Fw(PState)32 b Ft(!)g Fw(PState)g Fu(and)h -Fs(f)21 b Fu(:)43 b Fw(PState)33 b Ft(!)f Fw(P)p Fu(.)g(Then)552 -955 y Fs(g)41 b Fu(sat)p 638 968 126 4 v 15 x Fn(Bexp)958 -955 y Fs(f)21 b Fu(,)32 b Fs(g)1122 970 y Fn(1)1194 955 -y Fu(sat)p 1194 968 V 15 x Fn(Stm)1481 955 y Fs(h)1538 -970 y Fn(1)1611 955 y Fu(and)g Fs(g)1854 970 y Fn(2)1926 -955 y Fu(sat)p 1926 968 V 15 x Fn(Stm)2213 955 y Fs(h)2270 -970 y Fn(2)2342 955 y Fu(imply)788 1122 y(cond\()p Fs(g)9 -b Fu(,)33 b Fs(g)1194 1137 y Fn(1)1233 1122 y Fu(,)g -Fs(g)1347 1137 y Fn(2)1386 1122 y Fu(\))f(sat)p 1456 -1135 V 15 x Fn(Stm)1743 1122 y Fu(cond)1943 1137 y Fn(P)1996 -1122 y Fu(\()p Fs(f)21 b Fu(,)33 b Fs(h)2202 1137 y Fn(1)2241 -1122 y Fu(,)g Fs(h)2358 1137 y Fn(2)2398 1122 y Fu(\))p -283 1243 3473 5 v 283 1423 a Fw(Pro)s(of:)38 b Fu(Let)32 -b Fs(s)846 1438 y Fn(1)886 1423 y Fu(,)h Fs(s)994 1438 -y Fn(2)1066 1423 y Fu(and)f Fs(ps)41 b Fu(b)s(e)33 b(suc)m(h)h(that)527 -1603 y Fs(s)575 1618 y Fn(1)647 1603 y Ft(\021)f Fs(s)805 -1618 y Fn(2)877 1603 y Fu(rel)p 877 1616 109 4 v 32 w -Fs(ps)41 b Fu(and)32 b(cond)1538 1618 y Fn(P)1591 1603 -y Fu(\()p Fs(f)21 b Fu(,)33 b Fs(h)1797 1618 y Fn(1)1836 -1603 y Fu(,)g Fs(h)1953 1618 y Fn(2)1993 1603 y Fu(\))f -Fs(ps)40 b Fu(is)33 b(prop)s(er)283 1783 y(First)42 b(assume)h(that)g -Fs(f)63 b(ps)51 b Fu(=)42 b Fb(d)p Fu(?.)74 b(This)43 -b(case)h(turns)f(out)g(to)f(b)s(e)h(imp)s(ossible)d(since)j(then)283 -1904 y(cond)483 1919 y Fn(P)536 1904 y Fu(\()p Fs(f)21 -b Fu(,)33 b Fs(h)742 1919 y Fn(1)781 1904 y Fu(,)g Fs(h)898 -1919 y Fn(2)938 1904 y Fu(\))f Fs(ps)40 b Fu(=)33 b Fb(lost)f -Fu(so)h(cond)1818 1919 y Fn(P)1871 1904 y Fu(\()p Fs(f)21 -b Fu(,)32 b Fs(h)2076 1919 y Fn(1)2116 1904 y Fu(,)h -Fs(h)2233 1919 y Fn(2)2272 1904 y Fu(\))g Fs(ps)40 b -Fu(cannot)33 b(b)s(e)g(prop)s(er.)430 2024 y(So)k(w)m(e)i(kno)m(w)g -(that)f Fs(f)59 b(ps)45 b Fu(=)38 b Fb(ok)p Fu(.)60 b(F)-8 -b(rom)36 b Fs(g)41 b Fu(sat)p 2094 2037 126 4 v 15 x -Fn(Bexp)2413 2024 y Fs(f)59 b Fu(w)m(e)39 b(then)f(get)g -Fs(g)j(s)3180 2039 y Fn(1)3252 2024 y Fu(=)33 b Fs(g)41 -b(s)3495 2039 y Fn(2)3534 2024 y Fu(.)59 b(W)-8 b(e)283 -2144 y(also)32 b(get)h(that)f(cond)1053 2159 y Fn(P)1106 -2144 y Fu(\()p Fs(f)20 b Fu(,)33 b Fs(h)1311 2159 y Fn(1)1351 -2144 y Fu(,)f Fs(h)1467 2159 y Fn(2)1507 2144 y Fu(\))g -Fs(ps)41 b Fu(=)32 b(\()p Fs(h)1911 2159 y Fn(1)1983 -2144 y Fs(ps)8 b Fu(\))33 b Ft(t)2218 2159 y Fn(PS)2342 -2144 y Fu(\()p Fs(h)2437 2159 y Fn(2)2509 2144 y Fs(ps)8 -b Fu(\).)43 b(Th)m(us)34 b Fs(h)3019 2159 y Fn(1)3092 -2144 y Fs(ps)40 b Fu(as)33 b(w)m(ell)e(as)i Fs(h)3716 -2159 y Fn(2)283 2265 y Fs(ps)41 b Fu(m)m(ust)32 b(b)s(e)g(prop)s(er)g -(since)h(otherwise)g(cond)1971 2280 y Fn(P)2024 2265 -y Fu(\()p Fs(f)20 b Fu(,)33 b Fs(h)2229 2280 y Fn(1)2268 -2265 y Fu(,)g Fs(h)2385 2280 y Fn(2)2424 2265 y Fu(\))f -Fs(ps)41 b Fu(cannot)32 b(b)s(e)g(prop)s(er.)44 b(No)m(w)33 -b(let)283 2385 y(i)f(denote)h(the)g(branc)m(h)h(c)m(hosen)g(b)m(y)g -(the)f(test)g Fs(g)9 b Fu(.)43 b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)527 -2565 y Fs(s)575 2580 y Fn(1)647 2565 y Ft(\021)g Fs(s)805 -2580 y Fn(2)877 2565 y Fu(rel)p 877 2578 109 4 v 32 w -Fs(ps)41 b Fu(and)32 b Fs(h)1395 2580 y Fn(i)1452 2565 -y Fs(ps)40 b Fu(is)32 b(prop)s(er)283 2745 y(F)-8 b(rom)32 -b(the)h(assumption)e Fs(g)1277 2760 y Fn(i)1333 2745 -y Fu(sat)p 1333 2758 126 4 v 15 x Fn(Stm)1621 2745 y -Fs(h)1678 2760 y Fn(i)1734 2745 y Fu(w)m(e)j(therefore)f(get)527 -2926 y Fs(g)581 2941 y Fn(i)637 2926 y Fs(s)685 2941 -y Fn(1)757 2926 y Fu(=)g(undef)p 866 2939 236 4 v 33 -w(and)g Fs(g)1378 2941 y Fn(i)1433 2926 y Fs(s)1481 2941 -y Fn(2)1553 2926 y Fu(=)g(undef)p 1662 2939 V 1 w(,)f(or)527 -3093 y Fs(g)581 3108 y Fn(i)637 3093 y Fs(s)685 3108 -y Fn(1)757 3093 y Ft(6)p Fu(=)h(undef)p 866 3106 V 33 -w(and)g Fs(g)1378 3108 y Fn(i)1433 3093 y Fs(s)1481 3108 -y Fn(2)1553 3093 y Ft(6)p Fu(=)g(undef)p 1662 3106 V -33 w(and)g Fs(g)2174 3108 y Fn(i)2230 3093 y Fs(s)2278 -3108 y Fn(1)2350 3093 y Ft(\021)g Fs(g)2514 3108 y Fn(i)2569 -3093 y Fs(s)2617 3108 y Fn(2)2690 3093 y Fu(rel)p 2690 -3106 109 4 v 31 w Fs(h)2887 3108 y Fn(i)2944 3093 y Fs(ps)283 -3273 y Fu(In)g(the)g(\014rst)g(case)h(w)m(e)g(get)527 -3454 y(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)933 3469 y Fn(1)972 -3454 y Fu(,)g Fs(g)1086 3469 y Fn(2)1125 3454 y Fu(\))f -Fs(s)1243 3469 y Fn(1)1315 3454 y Fu(=)g(undef)p 1423 -3467 236 4 v 34 w(and)g(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)2287 -3469 y Fn(1)2326 3454 y Fu(,)g Fs(g)2440 3469 y Fn(2)2479 -3454 y Fu(\))f Fs(s)2597 3469 y Fn(2)2669 3454 y Fu(=)h(undef)p -2778 3467 V 283 3634 a(and)g(w)m(e)h(are)e(\014nished.)45 -b(In)32 b(the)h(second)h(case)g(w)m(e)f(get)527 3814 -y(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)933 3829 y Fn(1)972 -3814 y Fu(,)g Fs(g)1086 3829 y Fn(2)1125 3814 y Fu(\))f -Fs(s)1243 3829 y Fn(1)1315 3814 y Ft(6)p Fu(=)g(undef)p -1423 3827 V 34 w(and)g(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)2287 -3829 y Fn(1)2326 3814 y Fu(,)g Fs(g)2440 3829 y Fn(2)2479 -3814 y Fu(\))f Fs(s)2597 3829 y Fn(2)2669 3814 y Ft(6)p -Fu(=)h(undef)p 2778 3827 V 283 3994 a(F)-8 b(urthermore,)33 -b(w)m(e)g(ha)m(v)m(e)527 4174 y(cond\()p Fs(g)9 b Fu(,)33 -b Fs(g)933 4189 y Fn(1)972 4174 y Fu(,)g Fs(g)1086 4189 -y Fn(2)1125 4174 y Fu(\))f Fs(s)1243 4189 y Fn(1)1315 -4174 y Ft(\021)h Fu(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)1831 -4189 y Fn(1)1870 4174 y Fu(,)f Fs(g)1983 4189 y Fn(2)2022 -4174 y Fu(\))h Fs(s)2141 4189 y Fn(2)2213 4174 y Fu(rel)p -2213 4187 109 4 v 32 w Fs(h)2411 4189 y Fn(i)2467 4174 -y Fs(ps)283 4355 y Fu(Clearly)d Fs(h)677 4370 y Fn(i)732 -4355 y Fs(ps)38 b Ft(v)31 b Fs(h)1025 4370 y Fn(1)1095 -4355 y Fs(ps)38 b Ft(t)1290 4370 y Fn(PS)1412 4355 y -Fs(h)1469 4370 y Fn(2)1539 4355 y Fs(ps)g Fu(and)31 b(using)f(the)h -(de\014nition)e(of)h(cond)3014 4370 y Fn(P)3098 4355 -y Fu(and)g(Lemma)f(5.8)283 4475 y(w)m(e)34 b(get)527 -4655 y(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)933 4670 y Fn(1)972 -4655 y Fu(,)g Fs(g)1086 4670 y Fn(2)1125 4655 y Fu(\))f -Fs(s)1243 4670 y Fn(1)1315 4655 y Ft(\021)h Fu(cond\()p -Fs(g)9 b Fu(,)33 b Fs(g)1831 4670 y Fn(1)1870 4655 y -Fu(,)f Fs(g)1983 4670 y Fn(2)2022 4655 y Fu(\))h Fs(s)2141 -4670 y Fn(2)2213 4655 y Fu(rel)p 2213 4668 V 32 w(cond)2554 -4670 y Fn(P)2606 4655 y Fu(\()p Fs(f)21 b Fu(,)33 b Fs(h)2812 -4670 y Fn(1)2852 4655 y Fu(,)f Fs(h)2968 4670 y Fn(2)3008 -4655 y Fu(\))g Fs(ps)283 4835 y Fu(as)h(required.)2902 -b Fh(2)430 5039 y Fu(W)-8 b(e)33 b(no)m(w)g(ha)m(v)m(e)h(the)f -(apparatus)g(needed)h(to)e(sho)m(w)i(the)f(safet)m(y)g(of)g -Ft(P)8 b(S)g Fu(:)283 5206 y Fw(Pro)s(of)56 b(of)g(Theorem)g(5.31:)76 -b Fu(W)-8 b(e)49 b(shall)e(sho)m(w)j(that)e Ft(S)2538 -5221 y Fn(ds)2609 5206 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])49 b(sat)p 2800 5219 126 4 v 15 x Fn(Stm)3103 5206 -y Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])49 -b(and)g(w)m(e)283 5327 y(pro)s(ceed)34 b(b)m(y)f(structural)g -(induction)e(on)i(the)g(statemen)m(t)g Fs(S)12 b Fu(.)283 -5494 y Fw(The)33 b(case)g Fs(x)45 b Fu(:=)32 b Fs(a)7 -b Fu(:)44 b(Let)33 b Fs(s)1315 5509 y Fn(1)1354 5494 -y Fu(,)g Fs(s)1462 5509 y Fn(2)1534 5494 y Fu(and)g Fs(ps)40 -b Fu(b)s(e)33 b(giv)m(en)g(suc)m(h)h(that)p eop -%%Page: 157 167 -157 166 bop 0 130 a Fw(5.3)112 b(Safet)m(y)38 b(of)g(the)f(analysis) -2007 b(157)p 0 193 3473 4 v 244 515 a Fs(s)292 530 y -Fn(1)364 515 y Ft(\021)33 b Fs(s)522 530 y Fn(2)594 515 -y Fu(rel)p 594 528 109 4 v 32 w Fs(ps)40 b Fu(and)33 -b Ft(P)8 b(S)g Fu([)-17 b([)q Fs(x)44 b Fu(:=)33 b Fs(a)7 -b Fu(])-17 b(])p Fs(ps)41 b Fu(is)32 b(prop)s(er)0 726 -y(It)c(then)h(follo)m(ws)e(from)f(Exercise)k(5.27)d(that)h -Fs(ps)36 b Fu(is)28 b(prop)s(er)g(b)s(ecause)h Ft(P)8 -b(S)g Fu([)-17 b([)q Fs(x)40 b Fu(:=)28 b Fs(a)7 b Fu(])-17 -b(])q Fs(ps)35 b Fu(is.)42 b(Also)0 847 y(b)s(oth)27 -b Ft(S)293 862 y Fn(ds)364 847 y Fu([)-17 b([)q Fs(x)44 -b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])q Fs(s)770 862 y Fn(1)837 -847 y Fu(and)27 b Ft(S)1089 862 y Fn(ds)1160 847 y Fu([)-17 -b([)q Fs(x)39 b Fu(:=)28 b Fs(a)7 b Fu(])-17 b(])p Fs(s)1555 -862 y Fn(2)1622 847 y Fu(will)26 b(b)s(e)h(de\014ned)i(so)f(w)m(e)h -(only)e(ha)m(v)m(e)i(to)e(sho)m(w)i(that)244 1058 y(\()p -Ft(S)350 1073 y Fn(ds)421 1058 y Fu([)-17 b([)p Fs(x)45 -b Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])q Fs(s)826 1073 y -Fn(1)866 1058 y Fu(\))32 b Fs(y)42 b Fu(=)32 b(\()p Ft(S)1239 -1073 y Fn(ds)1310 1058 y Fu([)-17 b([)q Fs(x)44 b Fu(:=)32 -b Fs(a)7 b Fu(])-17 b(])q Fs(s)1715 1073 y Fn(2)1755 -1058 y Fu(\))32 b Fs(y)0 1269 y Fu(for)26 b(all)e Fs(y)35 -b Ft(2)26 b Fw(V)-9 b(ar)26 b Ft(\\)g Fu(OK\()p Ft(P)8 -b(S)g Fu([)-17 b([)q Fs(x)38 b Fu(:=)26 b Fs(a)7 b Fu(])-17 -b(])q Fs(ps)8 b Fu(\).)41 b(If)26 b Fs(y)35 b Ft(6)p -Fu(=)26 b Fs(x)38 b Fu(and)26 b Fo(y)j Fu(is)d(in)g(OK\()p -Ft(P)8 b(S)f Fu([)-17 b([)q Fs(x)38 b Fu(:=)26 b Fs(a)7 -b Fu(])-17 b(])q Fs(ps)8 b Fu(\))26 b(then)0 1389 y Fs(y)41 -b Ft(2)32 b Fu(OK\()p Fs(ps)8 b Fu(\))31 b(and)h(it)f(is)h(immediate)d -(from)h(the)j(de\014nition)d(of)i Ft(S)2411 1404 y Fn(ds)2514 -1389 y Fu(that)f(\()p Ft(S)2830 1404 y Fn(ds)2901 1389 -y Fu([)-17 b([)q Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17 -b(])p Fs(s)3306 1404 y Fn(1)3346 1389 y Fu(\))32 b Fs(y)0 -1509 y Fu(=)40 b(\()p Ft(S)222 1524 y Fn(ds)293 1509 -y Fu([)-17 b([)q Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17 -b(])p Fs(s)698 1524 y Fn(2)738 1509 y Fu(\))32 b Fs(y)9 -b Fu(.)67 b(If)41 b Fs(y)49 b Fu(=)40 b Fs(x)52 b Fu(and)41 -b Fs(x)52 b Fu(is)40 b(in)f(OK\()p Ft(P)8 b(S)g Fu([)-17 -b([)q Fs(x)52 b Fu(:=)40 b Fs(a)7 b Fu(])-17 b(])q Fs(ps)8 -b Fu(\))40 b(then)h(w)m(e)h(use)f(the)0 1630 y(assumption)32 -b Fs(s)564 1645 y Fn(1)636 1630 y Ft(\021)h Fs(s)794 -1645 y Fn(2)866 1630 y Fu(rel)p 866 1643 V 32 w Fs(ps)40 -b Fu(together)33 b(with)f(\()p Ft(P)8 b(S)h Fu([)-17 -b([)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])q Fs(ps)8 -b Fu(\))32 b Fs(x)44 b Fu(=)33 b Fb(ok)g Fu(to)f(get)244 -1841 y Ft(A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q -Fs(s)504 1856 y Fn(1)576 1841 y Fu(=)32 b Ft(A)p Fu([)-17 -b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)944 1856 y Fn(2)0 -2052 y Fu(b)m(y)41 b(F)-8 b(act)39 b(5.29.)64 b(Hence)41 -b(\()p Ft(S)1036 2067 y Fn(ds)1107 2052 y Fu([)-17 b([)p -Fs(x)52 b Fu(:=)39 b Fs(a)7 b Fu(])-17 b(])q Fs(s)1526 -2067 y Fn(1)1566 2052 y Fu(\))39 b Fs(y)49 b Fu(=)40 -b(\()p Ft(S)1960 2067 y Fn(ds)2032 2052 y Fu([)-17 b([)p -Fs(x)52 b Fu(:=)39 b Fs(a)7 b Fu(])-17 b(])q Fs(s)2451 -2067 y Fn(2)2490 2052 y Fu(\))40 b Fs(y)49 b Fu(follo)m(ws)38 -b(also)h(in)g(this)0 2172 y(case.)44 b(This)33 b(pro)m(v)m(es)h(the)f -(required)h(relationship.)0 2340 y Fw(The)f(case)g Fr(skip)p -Fu(:)45 b(Straigh)m(tforw)m(ard.)0 2507 y Fw(The)33 b(case)g -Fs(S)523 2522 y Fn(1)562 2507 y Fu(;)p Fs(S)656 2522 -y Fn(2)696 2507 y Fu(:)43 b(The)34 b(induction)d(h)m(yp)s(othesis)j -(applied)d(to)i Fs(S)2409 2522 y Fn(1)2480 2507 y Fu(and)g -Fs(S)2737 2522 y Fn(2)2809 2507 y Fu(giv)m(es)244 2718 -y Ft(S)312 2733 y Fn(ds)383 2718 y Fu([)-17 b([)p Fs(S)487 -2733 y Fn(1)527 2718 y Fu(])g(])33 b(sat)p 597 2731 126 -4 v 15 x Fn(Stm)884 2718 y Ft(P)8 b(S)g Fu([)-17 b([)q -Fs(S)1134 2733 y Fn(1)1173 2718 y Fu(])g(])33 b(and)g -Ft(S)1501 2733 y Fn(ds)1572 2718 y Fu([)-17 b([)q Fs(S)1677 -2733 y Fn(2)1716 2718 y Fu(])g(])33 b(sat)p 1786 2731 -V 15 x Fn(Stm)2073 2718 y Ft(P)8 b(S)h Fu([)-17 b([)p -Fs(S)2323 2733 y Fn(2)2363 2718 y Fu(])g(])0 2929 y(It)37 -b(follo)m(ws)e(from)g(Exercise)j(5.27)e(that)h Fs(ps)44 -b Fu(on-trac)m(k)37 b Ft(v)2082 2944 y Fn(P)2171 2929 -y Fu(\()p Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)2459 2944 -y Fn(2)2498 2929 y Fu(])g(])q Fs(ps)8 b Fu(\))36 b(on-trac)m(k)h(holds) -f(for)0 3050 y(all)30 b(prop)s(ert)m(y)k(states)f Fs(ps)8 -b Fu(.)44 b(The)33 b(desired)g(result)244 3261 y Ft(S)312 -3276 y Fn(ds)383 3261 y Fu([)-17 b([)p Fs(S)487 3276 -y Fn(2)527 3261 y Fu(])g(])33 b Ft(\016)f(S)747 3276 -y Fn(ds)818 3261 y Fu([)-17 b([)q Fs(S)923 3276 y Fn(1)962 -3261 y Fu(])g(])33 b(sat)p 1032 3274 V 15 x Fn(Stm)1319 -3261 y Ft(P)8 b(S)h Fu([)-17 b([)p Fs(S)1569 3276 y Fn(2)1609 -3261 y Fu(])g(])33 b Ft(\016)f(P)8 b(S)g Fu([)-17 b([)q -Fs(S)2011 3276 y Fn(1)2050 3261 y Fu(])g(])0 3472 y(then)33 -b(follo)m(ws)e(from)h(Lemma)f(5.32.)0 3639 y Fw(The)i(case)g -Fr(if)g Fs(b)39 b Fr(then)33 b Fs(S)979 3654 y Fn(1)1051 -3639 y Fr(else)g Fs(S)1355 3654 y Fn(2)1395 3639 y Fu(:)43 -b(F)-8 b(rom)31 b(Exercise)j(5.30)e(w)m(e)i(ha)m(v)m(e)244 -3850 y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 -b(sat)p 471 3863 V 15 x Fn(Bexp)791 3850 y Ft(P)8 b(B)t -Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])0 4061 y(and)33 -b(the)g(induction)e(h)m(yp)s(othesis)j(applied)d(to)i -Fs(S)1800 4076 y Fn(1)1871 4061 y Fu(and)g Fs(S)2128 -4076 y Fn(2)2200 4061 y Fu(giv)m(es)244 4272 y Ft(S)312 -4287 y Fn(ds)383 4272 y Fu([)-17 b([)p Fs(S)487 4287 -y Fn(1)527 4272 y Fu(])g(])33 b(sat)p 597 4285 V 15 x -Fn(Stm)884 4272 y Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)1134 -4287 y Fn(1)1173 4272 y Fu(])g(])33 b(and)g Ft(S)1501 -4287 y Fn(ds)1572 4272 y Fu([)-17 b([)q Fs(S)1677 4287 -y Fn(2)1716 4272 y Fu(])g(])33 b(sat)p 1786 4285 V 15 -x Fn(Stm)2073 4272 y Ft(P)8 b(S)h Fu([)-17 b([)p Fs(S)2323 -4287 y Fn(2)2363 4272 y Fu(])g(])0 4483 y(The)34 b(desired)f(result)244 -4694 y(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 -b(])q(,)33 b Ft(S)804 4709 y Fn(ds)876 4694 y Fu([)-17 -b([)p Fs(S)980 4709 y Fn(1)1019 4694 y Fu(])g(])q(,)33 -b Ft(S)1184 4709 y Fn(ds)1256 4694 y Fu([)-17 b([)p Fs(S)1360 -4709 y Fn(2)1399 4694 y Fu(])g(])q(\))32 b(sat)p 1507 -4707 V 1633 4709 a Fn(Stm)1795 4694 y Fu(cond)1995 4709 -y Fn(P)2047 4694 y Fu(\()p Ft(P)8 b(B)t Fu([)-17 b([)q -Fs(b)6 b Fu(])-17 b(],)33 b Ft(P)8 b(S)g Fu([)-17 b([)q -Fs(S)2667 4709 y Fn(1)2706 4694 y Fu(])g(])q(,)32 b Ft(P)8 -b(S)h Fu([)-17 b([)p Fs(S)3053 4709 y Fn(2)3093 4694 -y Fu(])g(]\))0 4905 y(then)33 b(follo)m(ws)e(from)h(Lemma)f(5.33.)0 -5073 y Fw(The)i(case)g Fr(while)h Fs(b)k Fr(do)33 b Fs(S)12 -b Fu(:)33 b(W)-8 b(e)33 b(m)m(ust)f(pro)m(v)m(e)i(that)244 -5284 y(FIX\()p Fs(G)9 b Fu(\))33 b(sat)p 609 5297 V 15 -x Fn(Stm)896 5284 y Fu(FIX\()p Fs(H)16 b Fu(\))0 5494 -y(where)p eop -%%Page: 158 168 -158 167 bop 251 130 a Fw(158)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 527 515 a Fs(G)42 -b(g)f Fu(=)33 b(cond)g(\()p Ft(B)s Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(],)33 b Fs(g)41 b Ft(\016)32 b(S)1600 530 -y Fn(ds)1671 515 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(],)33 b(id\))527 683 y Fs(H)49 b(h)40 b Fu(=)32 b(cond)1046 -698 y Fn(P)1131 683 y Fu(\()p Ft(P)8 b(B)t Fu([)-17 b([)q -Fs(b)6 b Fu(])-17 b(],)33 b Fs(h)40 b Ft(\016)32 b(P)8 -b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 b(id\))283 -879 y(T)-8 b(o)33 b(do)g(this)f(w)m(e)h(recall)f(the)h(de\014nition)e -(of)h(the)h(least)f(\014xed)i(p)s(oin)m(ts:)527 1075 -y(FIX)f Fs(G)42 b Fu(=)957 1008 y Fg(F)1026 1075 y Ft(f)p -Fs(G)1160 1038 y Fn(n)1236 1075 y Fs(g)1290 1090 y Fn(0)1362 -1075 y Ft(j)32 b Fu(n)h Ft(\025)g Fu(0)f Ft(g)g Fu(where)i -Fs(g)2118 1090 y Fn(0)2190 1075 y Fs(s)40 b Fu(=)33 b(undef)p -2379 1088 236 4 v 33 w(for)f(all)e Fs(s)527 1242 y Fu(FIX)j -Fs(H)48 b Fu(=)961 1176 y Fg(F)1030 1242 y Ft(f)p Fs(H)1168 -1206 y Fn(n)1244 1242 y Fs(h)1301 1257 y Fn(0)1373 1242 -y Ft(j)32 b Fu(n)h Ft(\025)g Fu(0)f Ft(g)h Fu(where)g -Fs(h)2132 1257 y Fn(0)2205 1242 y Fs(ps)40 b Fu(=)32 -b Fb(init)h Fu(for)f(all)f Fs(ps)283 1438 y Fu(The)j(pro)s(of)e(pro)s -(ceeds)i(in)d(t)m(w)m(o)j(stages.)44 b(W)-8 b(e)33 b(b)s(egin)f(b)m(y)h -(pro)m(ving)f(that)552 1606 y Fs(G)636 1570 y Fn(n)712 -1606 y Fs(g)766 1621 y Fn(0)838 1606 y Fu(sat)p 838 1619 -126 4 v 15 x Fn(Stm)1125 1606 y Fu(FIX)h Fs(H)48 b Fu(for)32 -b(all)f(n)1842 b(\(*\))283 1773 y(and)33 b(then)552 1941 -y(FIX)g Fs(G)41 b Fu(sat)p 873 1954 V 999 1956 a Fn(Stm)1161 -1941 y Fu(FIX)32 b Fs(H)2145 b Fu(\(**\))283 2132 y(W)-8 -b(e)33 b(pro)m(v)m(e)h(\(*\))e(b)m(y)i(induction)d(on)i(n.)44 -b(F)-8 b(or)31 b(the)i(base)h(case)f(w)m(e)h(observ)m(e)g(that)527 -2328 y Fs(g)581 2343 y Fn(0)653 2328 y Fu(sat)p 653 2341 -V 15 x Fn(Stm)940 2328 y Fu(FIX)f Fs(H)283 2524 y Fu(holds)27 -b(trivially)d(since)k Fs(g)1184 2539 y Fn(0)1250 2524 -y Fs(s)35 b Fu(=)27 b(undef)p 1428 2537 236 4 v 27 w(for)g(all)e -(states)j Fs(s)8 b Fu(.)42 b(F)-8 b(or)26 b(the)h(induction)f(step)i(w) -m(e)g(assume)283 2644 y(that)527 2840 y Fs(G)611 2804 -y Fn(n)687 2840 y Fs(g)741 2855 y Fn(0)813 2840 y Fu(sat)p -813 2853 126 4 v 15 x Fn(Stm)1100 2840 y Fu(FIX)33 b -Fs(H)283 3036 y Fu(and)g(w)m(e)h(shall)d(pro)m(v)m(e)j(the)f(result)f -(for)g(n+1.)44 b(W)-8 b(e)33 b(ha)m(v)m(e)527 3232 y -Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b(sat)p -754 3245 V 880 3247 a Fn(Bexp)1074 3232 y Ft(P)8 b(B)t -Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])283 3427 y(from)32 -b(Exercise)i(5.30,)527 3623 y Ft(S)595 3638 y Fn(ds)666 -3623 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])33 b(sat)p -841 3636 V 15 x Fn(Stm)1128 3623 y Ft(P)8 b(S)g Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(])283 3819 y(from)41 b(the)h(induction)f(h)m -(yp)s(othesis)i(applied)e(to)g(the)i(b)s(o)s(dy)e(of)h(the)g -Fr(while)p Fu(-lo)s(op,)i(and)e(it)e(is)283 3939 y(clear)33 -b(that)527 4135 y(id)f(sat)p 641 4148 V 15 x Fn(Stm)928 -4135 y Fu(id)283 4331 y(By)i(Exercise)f(5.27)f(w)m(e)i(also)e(ha)m(v)m -(e)527 4527 y Fs(ps)41 b Fu(on-trac)m(k)33 b Ft(v)1120 -4542 y Fn(P)1205 4527 y Fu(\(\(FIX)f Fs(H)16 b Fu(\))33 -b Fs(ps)8 b Fu(\))32 b(on-trac)m(k)283 4723 y(for)g(all)f(prop)s(ert)m -(y)i(states)h Fs(ps)8 b Fu(.)43 b(W)-8 b(e)33 b(then)g(obtain)552 -4890 y(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(],)33 b(\()p Fs(G)1167 4854 y Fn(n)1259 4890 y Fs(g)1313 -4905 y Fn(0)1352 4890 y Fu(\))p Ft(\016S)1508 4905 y -Fn(ds)1579 4890 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 -b(id\))e(sat)p 1932 4903 V 15 x Fn(Stm)2220 4890 y Fu(cond)2420 -4905 y Fn(P)2472 4890 y Fu(\()p Ft(P)8 b(B)t Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(],)33 b(\(FIX)f Fs(H)16 b Fu(\))p -Ft(\016P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 -b(id\))283 5058 y(from)j(Lemmas)f(5.32)h(and)g(5.33)g(and)h(this)f(is)g -(indeed)g(the)h(desired)g(result)g(since)f(the)h(righ)m(t-)283 -5178 y(hand)c(side)g(amoun)m(ts)f(to)h Fs(H)48 b Fu(\(FIX)33 -b Fs(H)16 b Fu(\))32 b(whic)m(h)h(equals)g(FIX)g Fs(H)16 -b Fu(.)430 5299 y(Finally)30 b(w)m(e)j(m)m(ust)g(sho)m(w)h(\(**\).)43 -b(This)32 b(amoun)m(ts)h(to)f(sho)m(wing)527 5428 y Fg(F)597 -5494 y Fs(Y)52 b Fu(sat)p 721 5507 V 15 x Fn(Stm)1008 -5494 y Fu(FIX)33 b Fs(H)p eop -%%Page: 159 169 -159 168 bop 0 130 a Fw(5.3)112 b(Safet)m(y)38 b(of)g(the)f(analysis) -2007 b(159)p 0 193 3473 4 v 0 515 a Fu(where)34 b Fs(Y)52 -b Fu(=)32 b Ft(f)h Fs(G)681 479 y Fn(n)757 515 y Fs(g)811 -530 y Fn(0)882 515 y Ft(j)g Fu(n)f Ft(\025)h Fu(0)g Ft(g)p -Fu(.)43 b(So)32 b(assume)h(that)244 715 y Fs(s)292 730 -y Fn(1)364 715 y Ft(\021)g Fs(s)522 730 y Fn(2)594 715 -y Fu(rel)p 594 728 109 4 v 32 w Fs(ps)40 b Fu(and)33 -b(\(FIX)f Fs(H)16 b Fu(\))33 b Fs(ps)40 b Fu(is)32 b(prop)s(er)0 -914 y(Since)h Fs(g)41 b Fu(sat)p 341 927 126 4 v 15 x -Fn(Stm)628 914 y Fu(FIX)33 b Fs(H)48 b Fu(holds)32 b(for)h(all)d -Fs(g)41 b Ft(2)33 b Fs(Y)52 b Fu(b)m(y)34 b(\(*\))e(w)m(e)h(get)g(that) -f(either)244 1113 y Fs(g)41 b(s)378 1128 y Fn(1)450 1113 -y Fu(=)32 b(undef)p 558 1126 236 4 v 34 w(and)g Fs(g)41 -b(s)1150 1128 y Fn(2)1222 1113 y Fu(=)33 b(undef)p 1331 -1126 V 1 w(,)f(or)244 1281 y Fs(g)41 b(s)378 1296 y Fn(1)450 -1281 y Ft(6)p Fu(=)32 b(undef)p 558 1294 V 34 w(and)g -Fs(g)41 b(s)1150 1296 y Fn(2)1222 1281 y Ft(6)p Fu(=)33 -b(undef)p 1331 1294 V 33 w(and)g Fs(g)41 b(s)1923 1296 -y Fn(1)1995 1281 y Ft(\021)33 b Fs(g)41 b(s)2239 1296 -y Fn(2)2311 1281 y Fu(rel)p 2311 1294 109 4 v 32 w(\(FIX)32 -b Fs(H)16 b Fu(\))33 b Fs(ps)0 1480 y Fu(If)e(\()134 -1414 y Fg(F)203 1480 y Fs(Y)20 b Fu(\))31 b Fs(s)412 -1495 y Fn(1)482 1480 y Fu(=)g(undef)p 589 1493 236 4 -v 32 w(then)h Fs(g)39 b(s)1209 1495 y Fn(1)1280 1480 -y Fu(=)31 b(undef)p 1387 1493 V 32 w(for)f(all)f Fs(g)40 -b Ft(2)31 b Fs(Y)51 b Fu(and)31 b(thereb)m(y)i Fs(g)40 -b(s)2912 1495 y Fn(2)2982 1480 y Fu(=)31 b(undef)p 3089 -1493 V 32 w(for)0 1600 y(all)j Fs(g)46 b Ft(2)36 b Fs(Y)57 -b Fu(so)36 b(that)h(\()838 1534 y Fg(F)907 1600 y Fs(Y)19 -b Fu(\))37 b Fs(s)1121 1615 y Fn(2)1197 1600 y Fu(=)f(undef)p -1309 1613 V 1 w(.)55 b(Similarly)33 b(\()2084 1534 y -Fg(F)2153 1600 y Fs(Y)20 b Fu(\))36 b Fs(s)2367 1615 -y Fn(2)2443 1600 y Fu(=)g(undef)p 2555 1613 V 38 w(will)e(imply)h(that) -0 1721 y(\()38 1654 y Fg(F)107 1721 y Fs(Y)20 b Fu(\))39 -b Fs(s)324 1736 y Fn(1)404 1721 y Fu(=)g(undef)p 519 -1734 V 1 w(.)65 b(So)40 b(consider)g(no)m(w)h(the)f(case)g(where)i(\() -2304 1654 y Fg(F)2373 1721 y Fs(Y)19 b Fu(\))33 b Fs(s)2583 -1736 y Fn(1)2662 1721 y Ft(6)p Fu(=)40 b(undef)p 2778 -1734 V 40 w(as)g(w)m(ell)f(as)0 1841 y(\()38 1775 y Fg(F)107 -1841 y Fs(Y)20 b Fu(\))32 b Fs(s)317 1856 y Fn(2)389 -1841 y Ft(6)p Fu(=)h(undef)p 498 1854 V 33 w(and)g(let)f -Fs(x)44 b Ft(2)33 b Fw(V)-9 b(ar)32 b Ft(\\)h Fu(OK\(\(FIX)f -Fs(H)16 b Fu(\))32 b Fs(ps)8 b Fu(\).)44 b(By)33 b(Lemma)e(4.25)h(w)m -(e)i(ha)m(v)m(e)244 2040 y(graph\()526 1974 y Fg(F)595 -2040 y Fs(Y)20 b Fu(\))32 b(=)865 1974 y Fg(S)935 2040 -y Ft(f)g Fu(graph)g Fs(g)41 b Ft(j)33 b Fs(g)41 b Ft(2)33 -b Fs(Y)52 b Ft(g)0 2240 y Fu(and)41 b(\()236 2173 y Fg(F)305 -2240 y Fs(Y)19 b Fu(\))41 b Fs(s)523 2255 y Fn(i)587 -2240 y Ft(6)p Fu(=)f(undef)p 703 2253 V 41 w(therefore)h(sho)m(ws)h -(the)f(existence)h(of)e(an)g(elemen)m(t)h Fs(g)2968 2255 -y Fn(i)3031 2240 y Fu(in)f Fs(Y)60 b Fu(suc)m(h)0 2360 -y(that)38 b Fs(g)271 2375 y Fn(i)326 2360 y Fs(s)374 -2375 y Fn(i)431 2360 y Ft(6)p Fu(=)32 b(undef)p 539 2373 -V 39 w(and)37 b(\()1045 2294 y Fg(F)1114 2360 y Fs(Y)20 -b Fu(\))38 b Fs(s)1330 2375 y Fn(i)1391 2360 y Fu(=)g -Fs(g)1559 2375 y Fn(i)1620 2360 y Fs(s)1668 2375 y Fn(i)1729 -2360 y Fu(\(for)f(i)g(=)h(1,)h(2\).)58 b(Since)38 b Fs(Y)57 -b Fu(is)38 b(a)f(c)m(hain)h(either)0 2480 y Fs(g)54 2495 -y Fn(1)126 2480 y Ft(v)33 b Fs(g)290 2495 y Fn(2)361 -2480 y Fu(or)f Fs(g)534 2495 y Fn(2)606 2480 y Ft(v)h -Fs(g)770 2495 y Fn(1)841 2480 y Fu(so)g(let)f Fs(g)41 -b Fu(b)s(e)33 b(the)g(larger)e(of)h(the)h(t)m(w)m(o.)45 -b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)294 2671 y(\(\()370 -2605 y Fg(F)439 2671 y Fs(Y)19 b Fu(\))33 b Fs(s)649 -2686 y Fn(1)688 2671 y Fu(\))g Fs(x)111 b Fu(=)33 b(\()p -Fs(g)1116 2686 y Fn(1)1187 2671 y Fs(s)1235 2686 y Fn(1)1275 -2671 y Fu(\))f Fs(x)255 b Fu(as)33 b(\()1803 2605 y Fg(F)1872 -2671 y Fs(Y)20 b Fu(\))32 b Fs(s)2082 2686 y Fn(1)2154 -2671 y Fu(=)h Fs(g)2317 2686 y Fn(1)2388 2671 y Fs(s)2436 -2686 y Fn(1)915 2839 y Fu(=)g(\()p Fs(g)41 b(s)1196 2854 -y Fn(1)1235 2839 y Fu(\))33 b Fs(x)294 b Fu(as)33 b Fs(g)1819 -2854 y Fn(1)1891 2839 y Ft(v)g Fs(g)41 b Fu(and)32 b -Fs(g)2330 2854 y Fn(1)2402 2839 y Fs(s)2450 2854 y Fn(1)2522 -2839 y Ft(6)p Fu(=)g(undef)p 2630 2852 V 915 3006 a(=)h(\()p -Fs(g)41 b(s)1196 3021 y Fn(2)1235 3006 y Fu(\))33 b Fs(x)294 -b Fu(as)33 b Fs(g)41 b(s)1899 3021 y Fn(1)1971 3006 y -Ft(\021)33 b Fs(g)41 b(s)2215 3021 y Fn(2)2287 3006 y -Fu(rel)p 2287 3019 109 4 v 32 w(\(FIX)33 b Fs(H)16 b -Fu(\))32 b Fs(ps)915 3174 y Fu(=)h(\()p Fs(g)1116 3189 -y Fn(2)1187 3174 y Fs(s)1235 3189 y Fn(2)1275 3174 y -Fu(\))f Fs(x)255 b Fu(as)33 b Fs(g)1819 3189 y Fn(2)1891 -3174 y Ft(v)g Fs(g)41 b Fu(and)32 b Fs(g)2330 3189 y -Fn(2)2402 3174 y Fs(s)2450 3189 y Fn(2)2522 3174 y Ft(6)p -Fu(=)g(undef)p 2630 3187 236 4 v 915 3342 a(=)h(\(\()1100 -3275 y Fg(F)1169 3342 y Fs(Y)19 b Fu(\))33 b Fs(s)1379 -3357 y Fn(2)1418 3342 y Fu(\))g Fs(x)111 b Fu(as)33 b(\()1803 -3275 y Fg(F)1872 3342 y Fs(Y)20 b Fu(\))32 b Fs(s)2082 -3357 y Fn(2)2154 3342 y Fu(=)h Fs(g)2317 3357 y Fn(2)2388 -3342 y Fs(s)2436 3357 y Fn(2)0 3534 y Fu(as)g(required.)44 -b(This)33 b(\014nishes)g(the)g(pro)s(of)f(of)g(the)h(theorem.)1217 -b Fh(2)146 3737 y Fu(It)31 b(follo)m(ws)e(from)g(this)g(theorem)h(that) -g(the)h(algorithm)c(listed)i(at)h(the)h(end)g(of)f(Section)g(5.2)0 -3858 y(is)c(indeed)h(correct.)42 b(The)28 b(pro)s(of)e(of)g(safet)m(y)i -(of)e(the)h(analysis)f(can)h(b)s(e)g(summarized)f(as)h(follo)m(ws:)p -0 4007 3470 4 v 0 4024 V -2 4231 4 208 v 15 4231 V 1088 -4152 a Fw(Pro)s(of)32 b(Summary)g(for)h(While)p Fu(:)p -3452 4231 V 3469 4231 V -2 4439 V 15 4439 V 1142 4360 -a Fw(Safet)m(y)g(of)g(Static)f(Analysis)p 3452 4439 V -3469 4439 V 0 4442 3470 4 v -2 4811 4 370 v 15 4811 V -66 4608 a Fu(1:)143 b(De\014ne)32 b(a)f(relation)e(sat)p -1022 4621 126 4 v 15 x Fn(Stm)1308 4608 y Fu(expressing)k(the)e -(relationship)e(b)s(et)m(w)m(een)34 b(the)d(functions)285 -4728 y(of)h Fw(State)h Fo(,)-17 b Ft(!)33 b Fw(State)f -Fu(and)h Fw(PState)f Ft(!)g Fw(PState)p Fu(.)p 3452 4811 -4 370 v 3469 4811 V -2 5220 4 409 v 15 5220 V 66 4896 -a(2:)143 b(Sho)m(w)32 b(that)g(the)f(relation)f(is)h(preserv)m(ed)i(b)m -(y)g(certain)e(pairs)f(of)h(auxiliary)e(functions)285 -5016 y(used)36 b(in)e(the)g(denotational)f(seman)m(tics)h(and)h(the)g -(static)f(analysis)g(\(Lemmas)f(5.32)285 5136 y(and)g(5.33\).)p -3452 5220 V 3469 5220 V -2 5508 4 289 v 15 5508 V 66 -5304 a(3:)143 b(Use)42 b Fs(structur)-5 b(al)44 b(induction)k -Fu(on)40 b(the)i(statemen)m(ts)g Fs(S)52 b Fu(to)41 b(sho)m(w)h(that)f -(the)g(relation)285 5424 y(holds)33 b(b)s(et)m(w)m(een)h(the)f(seman)m -(tics)g(and)g(the)g(analysis)f(of)g Fs(S)12 b Fu(.)p -3452 5508 V 3469 5508 V 0 5511 3470 4 v 0 5528 V eop -%%Page: 160 170 -160 169 bop 251 130 a Fw(160)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a(Exercise)h(5.34)49 -b Fu(Extend)40 b(the)e(pro)s(of)g(of)g(the)h(theorem)f(to)g(incorp)s -(orate)f(the)i(analysis)f(de-)283 636 y(v)m(elop)s(ed)33 -b(for)f Fr(repeat)j Fs(S)44 b Fr(until)34 b Fs(b)k Fu(in)32 -b(Exercise)i(5.25.)1383 b Fh(2)283 906 y Fw(Exercise)37 -b(5.35)49 b Fu(When)35 b(sp)s(ecifying)f Ft(P)8 b(S)42 -b Fu(in)33 b(the)i(previous)g(section)f(w)m(e)h(rejected)h(the)e(p)s -(os-)283 1026 y(sibilit)m(y)d(of)h(using)527 1259 y(cond)727 -1223 y Fi(0)727 1284 y Fn(P)780 1259 y Fu(\()p Fs(f)21 -b Fu(,)32 b Fs(h)985 1274 y Fn(1)1025 1259 y Fu(,)h Fs(h)1142 -1274 y Fn(2)1181 1259 y Fu(\))g Fs(ps)40 b Fu(=)33 b(\()p -Fs(h)1586 1274 y Fn(1)1658 1259 y Fs(ps)8 b Fu(\))32 -b Ft(t)1893 1274 y Fn(PS)2017 1259 y Fu(\()p Fs(h)2112 -1274 y Fn(2)2184 1259 y Fs(ps)8 b Fu(\))283 1492 y(rather)24 -b(than)f(cond)985 1507 y Fn(P)1038 1492 y Fu(.)40 b(F)-8 -b(ormally)20 b(sho)m(w)k(that)f(the)h(analysis)e(obtained)h(b)m(y)h -(using)f(cond)3420 1456 y Fi(0)3420 1517 y Fn(P)3496 -1492 y Fu(rather)283 1613 y(than)38 b(cond)716 1628 y -Fn(P)806 1613 y Fu(cannot)g(b)s(e)g(correct)g(in)f(the)h(sense)h(of)e -(Theorem)h(5.31.)58 b(Hin)m(t:)53 b(Consider)38 b(the)283 -1733 y(statemen)m(t)c Fs(S)804 1748 y Fn(12)911 1733 -y Fu(of)e(Example)g(5.3.)2102 b Fh(2)283 2003 y Fw(Exercise)37 -b(5.36)49 b Fu(In)37 b(the)h(ab)s(o)m(v)m(e)h(exercise)f(w)m(e)h(sa)m -(w)f(that)f(cond)2678 2018 y Fn(P)2768 2003 y Fu(could)g(not)g(b)s(e)h -(simpli\014ed)283 2124 y(so)32 b(as)f(to)g(ignore)g(the)h(test)f(for)g -(whether)i(the)f(condition)e(is)g(dubious)i(or)f(not.)43 -b(No)m(w)32 b(consider)283 2244 y(the)h(follo)m(wing)d(remedy)552 -2412 y(cond)752 2375 y Fi(0)752 2436 y Fn(P)805 2412 -y Fu(\()p Fs(f)21 b Fu(,)32 b Fs(h)1010 2427 y Fn(1)1050 -2412 y Fu(,)h Fs(h)1167 2427 y Fn(2)1206 2412 y Fu(\))g -Fs(ps)552 2745 y Fu(=)660 2496 y Fg(8)660 2570 y(>)660 -2595 y(>)660 2620 y(>)660 2645 y(<)660 2795 y(>)660 2819 -y(>)660 2844 y(>)660 2869 y(:)776 2576 y Fu(\()p Fs(h)871 -2591 y Fn(1)943 2576 y Fs(ps)8 b Fu(\))32 b Ft(t)1178 -2591 y Fn(PS)1302 2576 y Fu(\()p Fs(h)1397 2591 y Fn(2)1469 -2576 y Fs(ps)8 b Fu(\))83 b(if)31 b Fs(f)53 b(ps)41 b -Fu(=)32 b Fb(ok)776 2744 y Fu(\(\()p Fs(h)909 2759 y -Fn(1)981 2744 y Fu(\()p Fs(ps)8 b Fu([on-trac)m(k)p Ft(7!)p -Fb(d)p Fu(?]\)\))43 b Ft(t)1917 2759 y Fn(PS)2041 2744 -y Fu(\()p Fs(h)2136 2759 y Fn(2)2208 2744 y Fu(\()p Fs(ps)8 -b Fu([on-trac)m(k)p Ft(7!)p Fb(d)p Fu(?]\)\)\)[on-trac)m(k)p -Ft(7!)p Fb(ok)p Fu(])1688 2912 y(if)31 b Fs(f)53 b(ps)41 -b Fu(=)32 b Fb(d)p Fu(?)283 3076 y(Giv)m(e)37 b(an)g(example)f -(statemen)m(t)h(where)h(cond)1985 3040 y Fi(0)1985 3101 -y Fn(P)2074 3076 y Fu(is)f(preferable)f(to)h(cond)2957 -3091 y Fn(P)3009 3076 y Fu(.)56 b(Do)s(es)37 b(the)g(safet)m(y)283 -3197 y(pro)s(of)43 b(carry)h(through)f(when)i(cond)1657 -3212 y Fn(P)1753 3197 y Fu(is)e(replaced)h(b)m(y)g(cond)2604 -3160 y Fi(0)2604 3221 y Fn(P)2657 3197 y Fu(?)76 b(If)43 -b(not,)k(suggest)d(ho)m(w)g(to)283 3317 y(w)m(eak)m(en)35 -b(the)e(safet)m(y)h(predicate)f(suc)m(h)h(that)e(another)h(safet)m(y)g -(result)g(ma)m(y)f(b)s(e)h(pro)m(v)m(ed.)194 b Fh(2)283 -3686 y Fj(5.4)161 b(Bounded)52 b(iteration)283 3918 y -Fu(In)32 b(Example)e(5.16)h(w)m(e)h(analysed)f(the)g(factorial)e -(statemen)m(t)i(and)g(sa)m(w)h(that)f(the)h(\014xed)g(p)s(oin)m(t)283 -4038 y(computation)26 b(stabilizes)f(after)i(a)f(\014nite)h(n)m(um)m(b) -s(er)g(of)f(unfoldings,)h(irresp)s(ectiv)m(e)g(of)f(the)h(prop-)283 -4158 y(ert)m(y)32 b(state)e(that)g(is)g(supplied)g(as)h(argumen)m(t.)42 -b(This)31 b(is)e(quite)i(unlik)m(e)f(what)g(w)m(as)h(the)g(case)g(for) -283 4279 y(the)25 b(denotational)d(seman)m(tics)j(of)f(Chapter)h(4,)h -(where)f(the)g(n)m(um)m(b)s(er)f(of)g(unfoldings)f(dep)s(ended)283 -4399 y(on)33 b(the)g(state)g(and)g(w)m(as)h(un)m(b)s(ounded.)45 -b(A)33 b(similar)c(example)k(w)m(as)g(studied)g(in)f(Exercise)i(5.24) -283 4520 y(where)48 b(w)m(e)f(sa)m(w)h(that)e(the)g(analysis)g(w)m -(ould)g(terminate)f(up)s(on)h(a)g(statemen)m(t)h(that)f(nev)m(er)283 -4640 y(terminated)32 b(in)g(the)h(denotational)d(seman)m(tics)j(of)f -(Chapter)i(4.)430 4766 y(This)24 b(is)f(an)h(instance)g(of)f(a)h -(general)f(phenomenon)i(and)e(w)m(e)i(shall)e(sho)m(w)i(t)m(w)m(o)f -(prop)s(ositions)283 4887 y(ab)s(out)32 b(this.)42 b(The)33 -b(\014rst)f(prop)s(osition)e(sa)m(ys)j(that)e(for)h(eac)m(h)g(statemen) -m(t)g Fr(while)h Fs(b)38 b Fr(do)32 b Fs(S)43 b Fu(there)283 -5007 y(is)d(a)f(constan)m(t)h(k)g(suc)m(h)h(that)f(the)g(kth)g -(unfolding)e(will)f(indeed)j(b)s(e)g(the)g(\014xed)g(p)s(oin)m(t.)64 -b(The)283 5127 y(second)35 b(prop)s(osition)c(is)h(considerably)h -(harder)g(and)g(sa)m(ys)h(that)f(it)f(is)g(p)s(ossible)h(to)f(tak)m(e)i -(k)f(to)283 5248 y(b)s(e)g(\(m+1\))699 5212 y Fn(2)770 -5248 y Fu(where)h(m)e(is)g(the)h(n)m(um)m(b)s(er)g(of)f(distinct)g(v)-5 -b(ariables)31 b(in)h Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 -b Fu(.)430 5374 y(T)-8 b(o)35 b(prepare)h(for)f(the)h(\014rst)g(prop)s -(osition)e(w)m(e)i(need)h(an)e(inductiv)m(e)h(de\014nition)e(of)h(the)h -(set)283 5494 y(FV\()p Fs(S)12 b Fu(\))32 b(of)h(free)g(v)-5 -b(ariables)31 b(in)h(the)h(statemen)m(t)g Fs(S)12 b Fu(:)p -eop -%%Page: 161 171 -161 170 bop 0 130 a Fw(5.4)112 b(Bounded)39 b(iteration)2154 -b(161)p 0 193 3473 4 v 294 500 a Fu(FV\()p Fs(x)44 b -Fu(:=)32 b Fs(a)7 b Fu(\))757 b(=)99 b(FV\()p Fs(a)7 -b Fu(\))33 b Ft([)g(f)p Fs(x)12 b Ft(g)294 668 y Fu(FV\()p -Fr(skip)p Fu(\))834 b(=)99 b Ft(;)294 835 y Fu(FV\()p -Fs(S)536 850 y Fn(1)575 835 y Fu(;)p Fs(S)669 850 y Fn(2)708 -835 y Fu(\))799 b(=)99 b(FV\()p Fs(S)1962 850 y Fn(1)2001 -835 y Fu(\))33 b Ft([)g Fu(FV\()p Fs(S)2413 850 y Fn(2)2452 -835 y Fu(\))294 1003 y(FV\()p Fr(if)f Fs(b)39 b Fr(then)33 -b Fs(S)991 1018 y Fn(1)1063 1003 y Fr(else)h Fs(S)1368 -1018 y Fn(2)1407 1003 y Fu(\))100 b(=)f(FV\()p Fs(b)6 -b Fu(\))32 b Ft([)h Fu(FV\()p Fs(S)2357 1018 y Fn(1)2396 -1003 y Fu(\))g Ft([)g Fu(FV\()p Fs(S)2808 1018 y Fn(2)2847 -1003 y Fu(\))294 1171 y(FV\()p Fr(while)g Fs(b)39 b Fr(do)33 -b Fs(S)12 b Fu(\))464 b(=)99 b(FV\()p Fs(b)6 b Fu(\))32 -b Ft([)h Fu(FV\()p Fs(S)12 b Fu(\))0 1355 y(Our)24 b(\014rst)g(observ) --5 b(ation)24 b(is)f(that)h(w)m(e)h(can)f(rep)s(eat)g(the)g(dev)m -(elopmen)m(t)h(of)e(the)h(previous)h(sections)0 1475 -y(if)41 b(w)m(e)i(restrict)f(the)g(prop)s(ert)m(y)h(states)g(to)e -(consider)i(only)e(v)-5 b(ariables)41 b(that)g(are)h(free)h(in)e(the)0 -1596 y(o)m(v)m(erall)33 b(program.)45 b(So)33 b(let)g -Fs(X)49 b Ft(\022)34 b Fw(V)-9 b(ar)33 b Fu(b)s(e)h(a)f(\014nite)h(set) -g(of)f(v)-5 b(ariables)32 b(and)i(de\014ne)g Fw(PState)3405 -1611 y Fc(X)0 1716 y Fu(to)e(b)s(e)244 1907 y Fw(PState)576 -1922 y Fc(X)675 1907 y Fu(=)h(\()p Fs(X)48 b Ft([)33 -b(f)p Fu(on-trac)m(k)p Ft(g)p Fu(\))g Ft(!)f Fw(P)0 2119 -y(Exercise)k(5.37)49 b(\(Essen)m(tial\))24 b Fu(De\014ne)i -Fw(Aexp)1789 2134 y Fc(X)1882 2119 y Fu(to)g(b)s(e)g(the)g(set)h(of)e -(arithmetic)f(expressions)0 2239 y Fs(a)30 b Fu(of)22 -b Fw(Aexp)g Fu(with)g(FV\()p Fs(a)7 b Fu(\))22 b Ft(\022)h -Fs(X)39 b Fu(and)22 b(let)g Fw(Bexp)1737 2254 y Fc(X)1827 -2239 y Fu(and)g Fw(Stm)2206 2254 y Fc(X)2295 2239 y Fu(b)s(e)h -(de\014ned)h(similarly)-8 b(.)36 b(Mo)s(dify)0 2360 y(T)-8 -b(ables)33 b(5.1)f(and)h(5.2)f(to)g(de\014ne)i(analysis)e(functions)269 -2527 y Ft(P)8 b(A)426 2542 y Fc(X)493 2527 y Fu(:)44 -b Fw(Aexp)821 2542 y Fc(X)921 2527 y Ft(!)32 b Fw(PState)1385 -2542 y Fc(X)1484 2527 y Ft(!)g Fw(P)269 2695 y Ft(P)8 -b(B)415 2710 y Fc(X)482 2695 y Fu(:)44 b Fw(Bexp)805 -2710 y Fc(X)905 2695 y Ft(!)32 b Fw(PState)1369 2710 -y Fc(X)1468 2695 y Ft(!)g Fw(P)269 2863 y Ft(P)8 b(S)414 -2878 y Fc(X)481 2863 y Fu(:)44 b Fw(Stm)752 2878 y Fc(X)851 -2863 y Ft(!)32 b Fw(PState)1315 2878 y Fc(X)1415 2863 -y Ft(!)g Fw(PState)1879 2878 y Fc(X)3398 2863 y Fh(2)146 -3074 y Fu(The)g(connection)e(b)s(et)m(w)m(een)j(the)e(analysis)f -(functions)g(of)g(the)h(ab)s(o)m(v)m(e)g(exercise)h(and)f(those)0 -3195 y(of)h(T)-8 b(ables)32 b(5.1)f(and)i(5.2)e(should)h(b)s(e)g(in)m -(tuitiv)m(ely)f(clear.)43 b(F)-8 b(ormally)29 b(the)j(connection)g(ma)m -(y)g(b)s(e)0 3315 y(w)m(ork)m(ed)i(out)f(as)f(follo)m(ws:)0 -3527 y Fw(Exercise)k(5.38)49 b Fu(*)33 b(De\014ne)244 -3718 y(extend)527 3733 y Fc(X)596 3718 y Fu(:)43 b Fw(PState)998 -3733 y Fc(X)1098 3718 y Ft(!)32 b Fw(PState)0 3909 y -Fu(b)m(y)244 4182 y(\(extend)565 4197 y Fc(X)666 4182 -y Fs(ps)8 b Fu(\))33 b Fs(x)44 b Fu(=)1032 4007 y Fg(8)1032 -4082 y(<)1032 4232 y(:)1148 4097 y Fs(ps)c(x)390 b Fu(if)32 -b Fs(x)44 b Ft(2)33 b Fs(X)49 b Ft([)33 b(f)p Fu(on-trac)m(k)p -Ft(g)1148 4265 y Fs(ps)40 b Fu(on-trac)m(k)83 b(otherwise)0 -4455 y(Sho)m(w)33 b(that)294 4618 y Ft(P)8 b(A)p Fu([)-17 -b([)p Fs(a)7 b Fu(])-17 b(])34 b Ft(\016)e Fu(extend)981 -4633 y Fc(X)1150 4618 y Fu(=)99 b Ft(P)8 b(A)1482 4633 -y Fc(X)1549 4618 y Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])294 -4785 y Ft(P)8 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 -b(])33 b Ft(\016)g Fu(extend)964 4800 y Fc(X)1150 4785 -y Fu(=)99 b Ft(P)8 b(B)1471 4800 y Fc(X)1538 4785 y Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(])294 4953 y Ft(P)8 b(S)g Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(])33 b Ft(\016)f Fu(extend)979 -4968 y Fc(X)1150 4953 y Fu(=)99 b(extend)1608 4968 y -Fc(X)1709 4953 y Ft(\016)33 b(P)8 b(S)1937 4968 y Fc(X)2004 -4953 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])0 5143 y(whenev)m(er)35 -b(FV\()p Fs(a)7 b Fu(\))33 b Ft(\022)g Fs(X)16 b Fu(,)32 -b(FV\()p Fs(b)6 b Fu(\))32 b Ft(\022)h Fs(X)49 b Fu(and)33 -b(FV\()p Fs(S)12 b Fu(\))32 b Ft(\022)h Fs(X)16 b Fu(.)1156 -b Fh(2)146 5355 y Fu(The)37 b(prop)s(ert)m(y)f(states)h(of)e -Fw(PState)1478 5370 y Fc(X)1581 5355 y Fu(are)g(only)h(de\014ned)h(on)e -(a)h(\014nite)f(n)m(um)m(b)s(er)h(of)f(argu-)0 5475 y(men)m(ts)e(b)s -(ecause)h Fs(X)49 b Fu(is)32 b(a)g(\014nite)g(set.)45 -b(This)32 b(is)g(the)h(k)m(ey)i(to)d(sho)m(wing:)p eop -%%Page: 162 172 -162 171 bop 251 130 a Fw(162)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 283 515 3473 -5 v 283 665 a(Prop)s(osition)g(5.39)49 b Fu(F)-8 b(or)47 -b(eac)m(h)h(statemen)m(t)g Fr(while)g Fs(b)53 b Fr(do)48 -b Fs(S)59 b Fu(of)47 b Fw(While)f Fu(there)i(exists)g(a)283 -786 y(constan)m(t)34 b(k)f(suc)m(h)h(that)527 965 y Ft(P)8 -b(S)673 980 y Fc(X)740 965 y Fu([)-17 b([)q Fr(while)33 -b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)f -Fs(H)1618 928 y Fn(k)1692 965 y Ft(?)283 1143 y Fu(where)i -Fs(H)49 b(h)40 b Fu(=)32 b(cond)1084 1158 y Fn(P)1137 -1143 y Fu(\()p Ft(P)8 b(B)1321 1158 y Fc(X)1388 1143 -y Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(h)39 -b Ft(\016)33 b(P)8 b(S)1891 1158 y Fc(X)1958 1143 y Fu([)-17 -b([)q Fs(S)12 b Fu(])-17 b(],)33 b(id\))f(and)h(FV\()p -Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(\))32 b -Ft(\022)h Fs(X)16 b Fu(.)p 283 1264 V 283 1443 a(Note)33 -b(that)g(using)f(the)h(result)f(of)g(Exercise)i(5.38)e(w)m(e)i(could)e -(disp)s(ense)i(with)e Fs(X)49 b Fu(altogether.)283 1610 -y Fw(Pro)s(of:)36 b Fu(Let)c(m)e(b)s(e)h(the)h(cardinalit)m(y)d(of)i -Fs(X)16 b Fu(.)31 b(Then)i(there)f(will)d(b)s(e)i(2)2813 -1574 y Fn(m+1)2997 1610 y Fs(di\013er)-5 b(ent)40 b Fu(prop)s(ert)m(y) -283 1731 y(states)34 b(in)e Fw(PState)1007 1746 y Fc(X)1074 -1731 y Fu(.)43 b(This)33 b(means)g(that)f Fw(PState)2209 -1746 y Fc(X)2308 1731 y Ft(!)h Fw(PState)2773 1746 y -Fc(X)2872 1731 y Fu(will)d(con)m(tain)527 1910 y(k)j(=)g(\(2)807 -1874 y Fn(m+1)960 1910 y Fu(\))998 1874 y Fn(2)1033 1850 -y Fd(m+1)283 2089 y Fu(di\013eren)m(t)f(functions.)44 -b(It)31 b(follo)m(ws)g(that)g(there)i(can)e(b)s(e)h(at)g(most)f(k)h -(di\013eren)m(t)g(iterands)f Fs(H)3603 2052 y Fn(n)3678 -2089 y Ft(?)283 2209 y Fu(of)38 b Fs(H)16 b Fu(.)39 b(Since)f -Fs(H)54 b Fu(is)38 b(monotone)g(Exercise)h(5.18)f(giv)m(es)h(that)f -Fs(H)2651 2173 y Fn(k)2731 2209 y Ft(?)g Fu(m)m(ust)h(b)s(e)f(equal)g -(to)g(the)283 2329 y(\014xed)c(p)s(oin)m(t)e(FIX)g Fs(H)16 -b Fu(.)33 b(This)g(concludes)g(the)g(pro)s(of)f(of)g(the)h(prop)s -(osition.)682 b Fh(2)283 2697 y Fp(Making)46 b(it)f(practical)283 -2882 y Fu(The)38 b(constan)m(t)g(k)f(determined)g(ab)s(o)m(v)m(e)g(is)g -(a)f(safe)h(upp)s(er)g(b)s(ound)g(but)g(is)g(rather)g(large)e(ev)m(en) -283 3002 y(for)43 b(small)e(statemen)m(ts.)77 b(As)44 -b(an)f(example)g(it)f(sa)m(ys)i(that)g(the)f(16,777,216th)f(iteration)f -(of)283 3123 y(the)d(functional)e(will)e(su\016ce)39 -b(for)e(the)h(factorial)c(statemen)m(t)k(and)f(this)g(is)g(quite)g -(useless)h(for)283 3243 y(practical)h(purp)s(oses.)69 -b(In)40 b(the)h(remainder)f(of)f(this)i(section)f(w)m(e)h(shall)e(sho)m -(w)j(that)e(a)g(m)m(uc)m(h)283 3363 y(smaller)31 b(constan)m(t)i(can)g -(b)s(e)g(used:)p 283 3484 V 283 3634 a Fw(Prop)s(osition)j(5.40)49 -b Fu(F)-8 b(or)32 b(eac)m(h)h(statemen)m(t)g Fr(while)h -Fs(b)39 b Fr(do)33 b Fs(S)44 b Fu(of)32 b Fw(While)f -Fu(w)m(e)j(ha)m(v)m(e)527 3812 y Ft(P)8 b(S)673 3827 -y Fc(X)740 3812 y Fu([)-17 b([)q Fr(while)33 b Fs(b)39 -b Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)f Fs(H)1618 -3776 y Fn(k)1692 3812 y Ft(?)283 3991 y Fu(where)k Fs(H)50 -b(h)42 b Fu(=)34 b(cond)1091 4006 y Fn(P)1144 3991 y -Fu(\()p Ft(P)8 b(B)1328 4006 y Fc(X)1395 3991 y Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(],)35 b Fs(h)42 b Ft(\016)34 -b(P)8 b(S)1904 4006 y Fc(X)1971 3991 y Fu([)-17 b([)q -Fs(S)12 b Fu(])-17 b(],)35 b(id\),)f(k)h(=)f(\(m+1\))2835 -3955 y Fn(2)2873 3991 y Fu(,)h(and)g(m)e(is)h(the)h(cardi-)283 -4112 y(nalit)m(y)d(of)g(the)h(set)g Fs(X)49 b Fu(=)32 -b(FV\()p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\).)p -283 4232 V 283 4411 a(Note)33 b(that)g(using)f(the)h(result)f(of)g -(Exercise)i(5.38)e(w)m(e)i(could)e(disp)s(ense)i(with)e -Fs(X)49 b Fu(altogether.)430 4531 y(F)-8 b(or)36 b(the)i(factorial)d -(statemen)m(t)j(this)f(will)e(imply)h(that)h(FIX)g Fs(H)54 -b Fu(=)37 b Fs(H)3042 4495 y Fn(9)3119 4531 y Ft(?)h -Fu(so)f(only)g(nine)283 4652 y(iterands)25 b(need)g(to)f(b)s(e)h -(constructed.)42 b(This)25 b(ma)m(y)f(b)s(e)g(compared)h(with)f(the)g -(observ)-5 b(ation)24 b(made)283 4772 y(in)32 b(Example)g(5.16)g(that)h -(already)f Fs(H)1652 4736 y Fn(1)1724 4772 y Ft(?)h Fu(is)f(the)h -(least)f(\014xed)i(p)s(oin)m(t.)430 4893 y(The)i(pro)s(of)e(of)h(Prop)s -(osition)f(5.40)g(requires)j(some)e(preliminary)d(results.)52 -b(T)-8 b(o)36 b(motiv)-5 b(ate)283 5013 y(these)25 b(consider)f(wh)m(y) -i(the)e(upp)s(er)g(b)s(ound)g(determined)f(in)g(Prop)s(osition)f(5.39)h -(is)h(so)g(imprecise.)283 5133 y(The)33 b(reason)g(is)e(that)h(w)m(e)h -(consider)f Fs(al)5 b(l)42 b Fu(functions)32 b(in)g Fw(PState)2630 -5148 y Fc(X)2728 5133 y Ft(!)g Fw(PState)3192 5148 y -Fc(X)3291 5133 y Fu(and)g(do)g(not)283 5254 y(exploit)46 -b(an)m(y)h(sp)s(ecial)f(prop)s(erties)g(of)g(the)h(functions)g -Fs(H)2452 5218 y Fn(n)2542 5254 y Ft(?)p Fu(,)k(suc)m(h)d(as)e -(monotonicit)m(y)f(or)283 5374 y(con)m(tin)m(uit)m(y)-8 -b(.)60 b(T)-8 b(o)38 b(obtain)f(a)h(b)s(etter)g(b)s(ound)h(w)m(e)g -(shall)d(exploit)h(prop)s(erties)h(of)g(the)g Ft(P)8 -b(S)3547 5389 y Fc(X)3614 5374 y Fu([)-17 b([)p Fs(S)12 -b Fu(])-17 b(])283 5494 y(analysis)32 b(functions.)44 -b(Recall)31 b(that)h(a)g(function)p eop -%%Page: 163 173 -163 172 bop 0 130 a Fw(5.4)112 b(Bounded)39 b(iteration)2154 -b(163)p 0 193 3473 4 v 244 515 a Fs(h)7 b Fu(:)44 b Fw(PState)704 -530 y Fc(X)803 515 y Ft(!)32 b Fw(PState)1267 530 y Fc(X)0 -720 y Fu(is)g Fs(strict)43 b Fu(if)31 b(and)i(only)f(if)244 -924 y Fs(h)40 b Fb(init)514 939 y Fc(X)614 924 y Fu(=)32 -b Fb(init)902 939 y Fc(X)0 1128 y Fu(where)c Fb(init)456 -1143 y Fc(X)551 1128 y Fu(is)f(the)g(least)g(elemen)m(t)g(of)g -Fw(PState)1822 1143 y Fc(X)1889 1128 y Fu(.)41 b(It)28 -b(is)e(an)h Fs(additive)34 b Fu(function)27 b(if)f(and)h(only)0 -1249 y(if)244 1453 y Fs(h)40 b Fu(\()p Fs(ps)470 1468 -y Fn(1)541 1453 y Ft(t)608 1468 y Fn(PS)732 1453 y Fs(ps)830 -1468 y Fn(2)869 1453 y Fu(\))33 b(=)f(\()p Fs(h)40 b(ps)1274 -1468 y Fn(1)1313 1453 y Fu(\))32 b Ft(t)1450 1468 y Fn(PS)1574 -1453 y Fu(\()p Fs(h)39 b(ps)1799 1468 y Fn(2)1839 1453 -y Fu(\))0 1657 y(holds)32 b(for)g(all)f(prop)s(ert)m(y)i(states)h -Fs(ps)1314 1672 y Fn(1)1385 1657 y Fu(and)f Fs(ps)1673 -1672 y Fn(2)1745 1657 y Fu(of)f Fw(PState)2188 1672 y -Fc(X)2255 1657 y Fu(.)0 1887 y Fw(Exercise)k(5.41)49 -b(\(Essen)m(tial\))29 b Fu(Giv)m(e)i(a)g(formal)e(de\014nition)h(of)g -(what)i(it)e(means)h(for)g(a)f(func-)0 2007 y(tion)244 -2212 y Fs(h)7 b Fu(:)44 b Fw(PState)704 2227 y Fc(X)803 -2212 y Ft(!)32 b Fw(P)0 2416 y Fu(to)39 b(b)s(e)g(strict)f(and)h -(additiv)m(e.)62 b(Use)40 b(Exercise)h(5.11)d(to)g(sho)m(w)i(that)f -Ft(P)8 b(A)2698 2431 y Fc(X)2766 2416 y Fu([)-17 b([)p -Fs(a)7 b Fu(])-17 b(])40 b(and)f Ft(P)8 b(B)3279 2431 -y Fc(X)3346 2416 y Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])0 -2537 y(are)31 b(strict)f(and)g(additiv)m(e.)43 b(\(W)-8 -b(e)30 b(tacitly)g(assume)h(that)f(FV\()p Fs(a)7 b Fu(\))30 -b Ft(\022)h Fs(X)47 b Fu(and)31 b(FV\()p Fs(b)6 b Fu(\))30 -b Ft(\022)h Fs(X)16 b Fu(.\))63 b Fh(2)146 2766 y Fu(W)-8 -b(e)27 b(shall)d(\014rst)i(sho)m(w)h(that)f(the)g(auxiliary)e -(functions)h(for)h(comp)s(osition)d(and)j(conditional)0 -2886 y(preserv)m(e)f(strictness)g(and)e(additivit)m(y)f(and)h(next)h(w) -m(e)g(shall)e(pro)m(v)m(e)i(that)f(the)g(analysis)g(function)0 -3007 y Ft(P)8 b(S)145 3022 y Fc(X)213 3007 y Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])33 b(is)f(strict)h(and)f(additiv)m(e)g -(for)g(all)f(statemen)m(ts)i Fs(S)12 b Fu(.)0 3237 y -Fw(Exercise)36 b(5.42)49 b(\(Essen)m(tial\))33 b Fu(Sho)m(w)j(that)f -(if)f Fs(h)1869 3252 y Fn(1)1943 3237 y Fu(and)h Fs(h)2192 -3252 y Fn(2)2267 3237 y Fu(are)g(strict)g(and)g(additiv)m(e)f(func-)0 -3357 y(tions)e(in)g Fw(PState)685 3372 y Fc(X)784 3357 -y Ft(!)g Fw(PState)1248 3372 y Fc(X)1348 3357 y Fu(then)h(so)g(is)f -Fs(h)1845 3372 y Fn(1)1917 3357 y Ft(\016)h Fs(h)2057 -3372 y Fn(2)2096 3357 y Fu(.)1275 b Fh(2)0 3587 y Fw(Exercise)36 -b(5.43)49 b(\(Essen)m(tial\))22 b Fu(Assume)i(that)g -Fs(f)44 b Fu(in)23 b Fw(PState)2301 3602 y Fc(X)2392 -3587 y Ft(!)g Fw(P)g Fu(is)g(strict)g(and)h(additiv)m(e)0 -3707 y(and)36 b(that)g Fs(h)465 3722 y Fn(1)541 3707 -y Fu(and)h Fs(h)792 3722 y Fn(2)867 3707 y Fu(in)f Fw(PState)1317 -3722 y Fc(X)1420 3707 y Ft(!)g Fw(PState)1888 3722 y -Fc(X)1991 3707 y Fu(are)g(strict)g(and)h(additiv)m(e.)54 -b(Sho)m(w)37 b(that)0 3827 y(cond)200 3842 y Fn(P)253 -3827 y Fu(\()p Fs(f)21 b Fu(,)37 b Fs(h)463 3842 y Fn(1)503 -3827 y Fu(,)g Fs(h)624 3842 y Fn(2)664 3827 y Fu(\))f(is)g(a)g(strict)g -(and)g(additiv)m(e)g(function.)55 b(Hin)m(t:)50 b(if)35 -b Fs(f)58 b Fu(\()p Fs(ps)2771 3842 y Fn(1)2846 3827 -y Ft(t)2913 3842 y Fn(PS)3040 3827 y Fs(ps)3138 3842 -y Fn(2)3178 3827 y Fu(\))36 b(=)g Fb(d)p Fu(?)0 3948 -y(then)d Fs(f)54 b(ps)404 3963 y Fn(i)460 3948 y Fu(=)32 -b Fb(d)p Fu(?)h(for)f(i)g(=)g(1)g(or)h(i)e(=)i(2.)1927 -b Fh(2)p 0 4177 3473 5 v 0 4353 a Fw(Lemma)37 b(5.44)49 -b Fu(F)-8 b(or)42 b(all)e(statemen)m(ts)k Fs(S)54 b Fu(of)42 -b Fw(While)p Fu(,)h Ft(P)8 b(S)2215 4368 y Fc(X)2283 -4353 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])43 b(is)f(a)g(strict)g -(and)h(additiv)m(e)0 4473 y(function)32 b(whenev)m(er)j(FV\()p -Fs(S)12 b Fu(\))32 b Ft(\022)h Fs(X)16 b Fu(.)p 0 4594 -V 0 4798 a Fw(Pro)s(of:)37 b Fu(W)-8 b(e)33 b(pro)s(ceed)h(b)m(y)f -(structural)f(induction)g(on)h Fs(S)44 b Fu(and)33 b(assume)g(that)f -(FV\()p Fs(S)12 b Fu(\))32 b Ft(\022)h Fs(X)16 b Fu(.)0 -4965 y Fw(The)33 b(case)g Fs(x)44 b Fu(:=)33 b Fs(a)7 -b Fu(:)44 b(W)-8 b(e)33 b(ha)m(v)m(e)244 5170 y Ft(P)8 -b(S)389 5185 y Fc(X)457 5170 y Fu([)-17 b([)p Fs(x)44 -b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])33 b Fb(init)1026 -5185 y Fc(X)1126 5170 y Fu(=)g Fb(init)1415 5185 y Fc(X)0 -5374 y Fu(b)s(ecause)j(Exercise)g(5.41)d(giv)m(es)i(that)f -Ft(P)8 b(A)1568 5389 y Fc(X)1635 5374 y Fu([)-17 b([)p -Fs(a)7 b Fu(])-17 b(])36 b(is)e(strict)g(so)g Ft(P)8 -b(A)2437 5389 y Fc(X)2505 5374 y Fu([)-17 b([)p Fs(a)7 -b Fu(])-17 b(])36 b Fb(init)2852 5389 y Fc(X)2954 5374 -y Fu(=)e Fb(ok)p Fu(.)50 b(Next)0 5494 y(w)m(e)34 b(sho)m(w)f(that)g -Ft(P)8 b(S)742 5509 y Fc(X)809 5494 y Fu([)-17 b([)q -Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])33 b(is)f(additiv)m(e:)p -eop -%%Page: 164 174 -164 173 bop 251 130 a Fw(164)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 527 515 a Ft(P)8 -b(S)673 530 y Fc(X)740 515 y Fu([)-17 b([)q Fs(x)44 b -Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])q(\()p Fs(ps)1233 530 -y Fn(1)1305 515 y Ft(t)1371 530 y Fn(PS)1495 515 y Fs(ps)1593 -530 y Fn(2)1633 515 y Fu(\))778 683 y(=)32 b(\()p Fs(ps)1022 -698 y Fn(1)1094 683 y Ft(t)1160 698 y Fn(PS)1284 683 -y Fs(ps)1382 698 y Fn(2)1421 683 y Fu(\)[)p Fs(x)12 b -Ft(7!)32 b(P)8 b(A)1832 698 y Fc(X)1900 683 y Fu([)-17 -b([)p Fs(a)7 b Fu(])-17 b(])q(\()p Fs(ps)2168 698 y Fn(1)2240 -683 y Ft(t)2306 698 y Fn(PS)2430 683 y Fs(ps)2528 698 -y Fn(2)2568 683 y Fu(\)])778 851 y(=)32 b(\()p Fs(ps)1022 -866 y Fn(1)1094 851 y Ft(t)1160 866 y Fn(PS)1284 851 -y Fs(ps)1382 866 y Fn(2)1421 851 y Fu(\)[)p Fs(x)12 b -Ft(7!)32 b(P)8 b(A)1832 866 y Fc(X)1900 851 y Fu([)-17 -b([)p Fs(a)7 b Fu(])-17 b(])q Fs(ps)2130 866 y Fn(1)2202 -851 y Ft(t)2268 866 y Fn(P)2353 851 y Ft(P)8 b(A)2510 -866 y Fc(X)2578 851 y Fu([)-17 b([)p Fs(a)7 b Fu(])-17 -b(])q Fs(ps)2808 866 y Fn(2)2847 851 y Fu(])778 1018 -y(=)32 b Fs(ps)984 1033 y Fn(1)1023 1018 y Fu([)p Fs(x)12 -b Ft(7!P)c(A)1364 1033 y Fc(X)1431 1018 y Fu([)-17 b([)q -Fs(a)7 b Fu(])-17 b(])q Fs(ps)1662 1033 y Fn(1)1701 1018 -y Fu(])33 b Ft(t)1827 1033 y Fn(PS)1951 1018 y Fs(ps)2049 -1033 y Fn(2)2088 1018 y Fu([)p Fs(x)12 b Ft(7!P)c(A)2429 -1033 y Fc(X)2496 1018 y Fu([)-17 b([)q Fs(a)7 b Fu(])-17 -b(])q Fs(ps)2727 1033 y Fn(2)2766 1018 y Fu(])778 1186 -y(=)32 b Ft(P)8 b(S)1031 1201 y Fc(X)1099 1186 y Fu([)-17 -b([)p Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])q Fs(ps)1554 -1201 y Fn(1)1626 1186 y Ft(t)1692 1201 y Fn(PS)1816 1186 -y Ft(P)8 b(S)1961 1201 y Fc(X)2029 1186 y Fu([)-17 b([)p -Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])q Fs(ps)2484 -1201 y Fn(2)283 1385 y Fu(where)34 b(the)f(second)h(equalit)m(y)e -(follo)m(ws)g(from)f Ft(P)8 b(A)2127 1400 y Fc(X)2194 -1385 y Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])33 b(b)s(eing)f(additiv)m -(e)g(\(Exercise)i(5.41\).)283 1552 y Fw(The)f(case)g -Fr(skip)h Fu(is)e(immediate.)283 1720 y Fw(The)h(case)f -Fs(S)805 1735 y Fn(1)844 1720 y Fu(;)g Fs(S)970 1735 -y Fn(2)1041 1720 y Fu(follo)m(ws)f(from)f(Exercise)j(5.42)e(and)h(the)g -(induction)f(h)m(yp)s(othesis)i(applied)283 1840 y(to)g -Fs(S)470 1855 y Fn(1)541 1840 y Fu(and)g Fs(S)798 1855 -y Fn(2)837 1840 y Fu(.)283 2008 y Fw(The)c(case)g Fr(if)g -Fs(b)34 b Fr(then)c Fs(S)1242 2023 y Fn(1)1309 2008 y -Fr(else)g Fs(S)1610 2023 y Fn(2)1678 2008 y Fu(follo)m(ws)d(from)g -(Exercise)j(5.43,)e(the)h(induction)f(h)m(yp)s(oth-)283 -2128 y(esis)33 b(applied)f(to)g Fs(S)991 2143 y Fn(1)1063 -2128 y Fu(and)h Fs(S)1320 2143 y Fn(2)1391 2128 y Fu(and)g(Exercise)h -(5.41.)283 2296 y Fw(The)f(case)g Fr(while)h Fs(b)39 -b Fr(do)33 b Fs(S)12 b Fu(:)32 b(De\014ne)527 2495 y -Fs(H)49 b(h)40 b Fu(=)32 b(cond)1046 2510 y Fn(P)1099 -2495 y Fu(\()p Ft(P)8 b(B)1283 2510 y Fc(X)1350 2495 -y Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(h)40 -b Ft(\016)32 b(P)8 b(S)1853 2510 y Fc(X)1921 2495 y Fu([)-17 -b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))283 2694 y(Our)h(\014rst)g -(claim)d(is)i(that)527 2893 y Fs(H)615 2857 y Fn(n)691 -2893 y Ft(?)283 3092 y Fu(is)42 b(strict)h(and)f(additiv)m(e)g(for)g -(all)f Fs(n)7 b Fu(.)73 b(This)43 b(is)f(pro)m(v)m(ed)i(b)m(y)f(n)m -(umerical)e(induction)h(and)g(the)283 3212 y(base)h(case,)i(n)d(=)g(0,) -i(is)e(immediate.)69 b(The)42 b(induction)f(step)i(follo)m(ws)e(from)g -(the)h(induction)283 3332 y(h)m(yp)s(othesis)37 b(of)d(the)i -(structural)f(induction,)f(the)i(induction)e(h)m(yp)s(othesis)i(of)f -(the)g(n)m(umerical)283 3453 y(induction,)42 b(Exercises)g(5.42,)f -(5.41)e(and)i(5.43)e(and)h(that)g(id)g(is)f(strict)h(and)g(additiv)m -(e.)66 b(Our)283 3573 y(second)34 b(claim)c(is)j(that)527 -3772 y(FIX)g Fs(H)48 b Fu(=)961 3706 y Fg(F)1030 3787 -y Fn(PS)1154 3772 y Ft(f)32 b Fs(H)1324 3736 y Fn(n)1400 -3772 y Ft(?)h(j)f Fu(n)h Ft(\025)g Fu(0)f Ft(g)283 3971 -y Fu(is)h(strict)f(and)g(additiv)m(e.)43 b(F)-8 b(or)32 -b(strictness)i(w)m(e)g(calculate)577 4142 y(\(FIX)f Fs(H)16 -b Fu(\))32 b Fb(init)1158 4157 y Fc(X)1325 4142 y Fu(=)1434 -4076 y Fg(F)1503 4157 y Fn(PS)1627 4142 y Ft(f)g Fu(\()p -Fs(H)1835 4106 y Fn(n)1911 4142 y Ft(?)q Fu(\))g Fb(init)2239 -4157 y Fc(X)2339 4142 y Ft(j)g Fu(n)h Ft(\025)g Fu(0)f -Ft(g)1325 4310 y Fu(=)h Fb(init)1614 4325 y Fc(X)283 -4502 y Fu(where)g(the)f(last)e(equalit)m(y)h(follo)m(ws)f(from)g -Fs(H)1920 4466 y Fn(n)1995 4502 y Ft(?)i Fu(b)s(eing)e(strict)h(for)g -(all)e(n.)43 b(F)-8 b(or)31 b(additivit)m(y)f(w)m(e)283 -4622 y(calculate)527 4821 y(\(FIX)j Fs(H)16 b Fu(\)\()p -Fs(ps)1032 4836 y Fn(1)1104 4821 y Ft(t)1170 4836 y Fn(PS)1294 -4821 y Fs(ps)1392 4836 y Fn(2)1431 4821 y Fu(\))896 4989 -y(=)1004 4922 y Fg(F)1073 5004 y Fn(PS)1197 4989 y Ft(f)33 -b Fu(\()p Fs(H)1406 4953 y Fn(n)1481 4989 y Ft(?)q Fu(\)\()p -Fs(ps)1733 5004 y Fn(1)1805 4989 y Ft(t)1871 5004 y Fn(PS)1995 -4989 y Fs(ps)2093 5004 y Fn(2)2132 4989 y Fu(\))g Ft(j)f -Fu(n)h Ft(\025)g Fu(0)f Ft(g)896 5156 y Fu(=)1004 5090 -y Fg(F)1073 5171 y Fn(PS)1197 5156 y Ft(f)h Fu(\()p Fs(H)1406 -5120 y Fn(n)1481 5156 y Ft(?)q Fu(\))p Fs(ps)1695 5171 -y Fn(1)1767 5156 y Ft(t)1833 5171 y Fn(PS)1957 5156 y -Fu(\()p Fs(H)2083 5120 y Fn(n)2159 5156 y Ft(?)p Fu(\))p -Fs(ps)2372 5171 y Fn(2)2444 5156 y Ft(j)f Fu(n)h Ft(\025)g -Fu(0)f Ft(g)896 5324 y Fu(=)1004 5258 y Fg(F)1073 5339 -y Fn(PS)1197 5324 y Ft(f)h Fu(\()p Fs(H)1406 5288 y Fn(n)1481 -5324 y Ft(?)q Fu(\))p Fs(ps)1695 5339 y Fn(1)1767 5324 -y Ft(j)f Fu(n)h Ft(\025)g Fu(0)f Ft(g)g(t)2254 5339 y -Fn(PS)2378 5258 y Fg(F)2447 5339 y Fn(PS)2571 5324 y -Ft(f)g Fu(\()p Fs(H)2779 5288 y Fn(n)2855 5324 y Ft(?)p -Fu(\))p Fs(ps)3068 5339 y Fn(2)3140 5324 y Ft(j)g Fu(n)h -Ft(\025)g Fu(0)f Ft(g)896 5492 y Fu(=)g(\(FIX)h Fs(H)16 -b Fu(\))p Fs(ps)1471 5507 y Fn(1)1543 5492 y Ft(t)1609 -5507 y Fn(PS)1733 5492 y Fu(\(FIX)32 b Fs(H)16 b Fu(\))p -Fs(ps)2199 5507 y Fn(2)p eop -%%Page: 165 175 -165 174 bop 0 130 a Fw(5.4)112 b(Bounded)39 b(iteration)2154 -b(165)p 0 193 3473 4 v 0 515 a Fu(The)28 b(second)g(equalit)m(y)e(uses) -i(the)g(additivit)m(y)d(of)h Fs(H)1867 479 y Fn(n)1937 -515 y Ft(?)i Fu(for)e(all)f(n.)41 b(This)27 b(concludes)h(the)f(pro)s -(of)0 636 y(of)32 b(the)h(lemma.)2808 b Fh(2)146 839 -y Fu(Strict)32 b(and)h(additiv)m(e)f(functions)g(ha)m(v)m(e)i(a)f(n)m -(um)m(b)s(er)g(of)f(in)m(teresting)g(prop)s(erties:)0 -1067 y Fw(Exercise)k(5.45)49 b(\(Essen)m(tial\))41 b -Fu(Sho)m(w)k(that)e(if)f Fs(h)7 b Fu(:)65 b Fw(PState)2326 -1082 y Fc(X)2437 1067 y Ft(!)43 b Fw(PState)2912 1082 -y Fc(X)3022 1067 y Fu(is)g(additiv)m(e)0 1187 y(then)33 -b Fs(h)40 b Fu(is)32 b(monotone.)2543 b Fh(2)146 1415 -y Fu(The)34 b(next)g(result)g(expresses)i(that)d(when)h(t)m(w)m(o)g -(distinct)e(analysis)h(functions)g Fs(h)3113 1430 y Fn(1)3185 -1415 y Fu(and)h Fs(h)3433 1430 y Fn(2)0 1536 y Fu(are)g(strict)f(and)h -(additiv)m(e)f(and)h(satis\014es)g Fs(h)1594 1551 y Fn(1)1668 -1536 y Ft(v)g Fs(h)1836 1551 y Fn(2)1909 1536 y Fu(then)g(it)f(will)f -(b)s(e)h(the)i(prop)s(ert)m(y)f(assigned)0 1656 y(to)e(just)h(one)g(of) -f(the)h(\\v)-5 b(ariables")31 b(that)h(accoun)m(ts)i(for)e(the)h -(di\013erence)g(b)s(et)m(w)m(een)i Fs(h)3069 1671 y Fn(1)3141 -1656 y Fu(and)e Fs(h)3388 1671 y Fn(2)3428 1656 y Fu(.)p -0 1776 3473 5 v 0 1950 a Fw(Lemma)k(5.46)49 b Fu(Consider)33 -b(strict)f(and)h(additiv)m(e)f(functions)244 2154 y Fs(h)301 -2169 y Fn(1)341 2154 y Fu(,)g Fs(h)457 2169 y Fn(2)497 -2154 y Fu(:)43 b Fw(PState)899 2169 y Fc(X)999 2154 y -Ft(!)32 b Fw(PState)1463 2169 y Fc(X)0 2357 y Fu(suc)m(h)26 -b(that)f Fs(h)473 2372 y Fn(1)537 2357 y Ft(v)g Fs(h)696 -2372 y Fn(2)761 2357 y Fu(and)g Fs(h)1000 2372 y Fn(1)1064 -2357 y Ft(6)p Fu(=)g Fs(h)1222 2372 y Fn(2)1261 2357 -y Fu(.)41 b(Then)26 b(there)f(exist)h(\\v)-5 b(ariables")23 -b Fs(x)12 b Fu(,)26 b Fs(y)33 b Ft(2)26 b Fs(X)40 b Ft([)26 -b(f)p Fu(on-trac)m(k)p Ft(g)0 2477 y Fu(suc)m(h)34 b(that)269 -2645 y(\()p Fs(h)364 2660 y Fn(1)436 2645 y Fu(\()p Fb(init)654 -2660 y Fc(X)721 2645 y Fu([)p Fs(y)9 b Ft(7!)p Fb(d)p -Fu(?]\)\))44 b Fs(x)g Fu(=)33 b Fb(ok)g Fu(but)269 2812 -y(\()p Fs(h)364 2827 y Fn(2)436 2812 y Fu(\()p Fb(init)654 -2827 y Fc(X)721 2812 y Fu([)p Fs(y)9 b Ft(7!)p Fb(d)p -Fu(?]\)\))44 b Fs(x)g Fu(=)33 b Fb(d)p Fu(?)p 0 2933 -V 0 3136 a Fw(Pro)s(of:)k Fu(Since)c Fs(h)652 3151 y -Fn(1)724 3136 y Ft(v)g Fs(h)891 3151 y Fn(2)963 3136 -y Fu(and)g Fs(h)1210 3151 y Fn(1)1282 3136 y Ft(6)p Fu(=)g -Fs(h)1448 3151 y Fn(2)1520 3136 y Fu(there)g(exists)h(a)e(prop)s(ert)m -(y)h(state)g Fs(ps)41 b Fu(suc)m(h)34 b(that)244 3339 -y Fs(h)301 3354 y Fn(1)373 3339 y Fs(ps)41 b Ft(v)581 -3354 y Fn(PS)705 3339 y Fs(h)762 3354 y Fn(2)834 3339 -y Fs(ps)244 3506 y(h)301 3521 y Fn(1)373 3506 y Fs(ps)g -Ft(6)p Fu(=)32 b Fs(h)669 3521 y Fn(2)741 3506 y Fs(ps)0 -3710 y Fu(It)h(follo)m(ws)e(that)h(there)i(exists)f(a)f(\\v)-5 -b(ariable")31 b Fs(x)44 b Ft(2)33 b Fs(X)49 b Ft([)32 -b(f)p Fu(on-trac)m(k)p Ft(g)h Fu(suc)m(h)h(that)244 3913 -y(\()p Fs(h)339 3928 y Fn(1)411 3913 y Fs(ps)8 b Fu(\))32 -b Fs(x)45 b Fu(=)32 b Fb(ok)244 4080 y Fu(\()p Fs(h)339 -4095 y Fn(2)411 4080 y Fs(ps)8 b Fu(\))32 b Fs(x)45 b -Fu(=)32 b Fb(d)p Fu(?)0 4283 y(Consider)26 b(no)m(w)h(the)g(set)f(OK\() -p Fs(ps)8 b Fu(\).)41 b(It)26 b(is)g(\014nite)f(b)s(ecause)j(OK\()p -Fs(ps)8 b Fu(\))25 b Ft(\022)i Fs(X)42 b Ft([)26 b(f)p -Fu(on-trac)m(k)p Ft(g)p Fu(.)41 b(First)0 4404 y(assume)29 -b(that)f(OK\()p Fs(ps)8 b Fu(\))27 b(=)h Fs(X)44 b Ft([)29 -b(f)p Fu(on-trac)m(k)p Ft(g)p Fu(.)42 b(Then)29 b Fs(ps)36 -b Fu(=)28 b Fb(init)2389 4419 y Fc(X)2484 4404 y Fu(and)h(since)f(w)m -(e)h(kno)m(w)h(that)0 4524 y Fs(h)57 4539 y Fn(1)130 -4524 y Fu(and)j Fs(h)377 4539 y Fn(2)449 4524 y Fu(are)g(strict)f(w)m -(e)i(ha)m(v)m(e)h Fs(h)1294 4539 y Fn(1)1366 4524 y Fb(init)1546 -4539 y Fc(X)1647 4524 y Fu(=)d Fb(init)1935 4539 y Fc(X)2036 -4524 y Fu(and)h Fs(h)2283 4539 y Fn(2)2355 4524 y Fb(init)2535 -4539 y Fc(X)2636 4524 y Fu(=)f Fb(init)2924 4539 y Fc(X)2992 -4524 y Fu(.)44 b(Therefore)0 4644 y Fs(h)57 4659 y Fn(1)129 -4644 y Fs(ps)d Fu(=)32 b Fs(h)425 4659 y Fn(2)497 4644 -y Fs(ps)41 b Fu(whic)m(h)33 b(con)m(tradicts)g(the)g(w)m(a)m(y)g -Fs(ps)41 b Fu(w)m(as)33 b(c)m(hosen.)146 4765 y(Therefore)e(OK\()p -Fs(ps)8 b Fu(\))30 b(is)f(a)h(true)g(subset)i(of)d Fs(X)46 -b Ft([)30 b(f)p Fu(on-trac)m(k)p Ft(g)p Fu(.)43 b(No)m(w)30 -b(let)g Ft(f)p Fs(y)2923 4780 y Fn(1)2962 4765 y Fu(,)g -Ft(\001)17 b(\001)g(\001)o Fu(,)30 b Fs(y)3249 4780 y -Fn(n)3293 4765 y Ft(g)f Fu(b)s(e)0 4885 y(the)k(\\v)-5 -b(ariables")30 b(of)i Fs(X)48 b Ft([)32 b(f)p Fu(on-trac)m(k)p -Ft(g)g Fu(that)g(do)g(not)g(o)s(ccur)h(in)e(OK\()p Fs(ps)8 -b Fu(\).)43 b(This)32 b(means)h(that)244 5088 y Fs(ps)40 -b Fu(=)33 b Fb(init)663 5103 y Fc(X)730 5088 y Fu([)p -Fs(y)813 5103 y Fn(1)853 5088 y Ft(7!)o Fb(d)p Fu(?])p -Ft(\001)17 b(\001)g(\001)o Fu([)p Fs(y)1287 5103 y Fn(n)1331 -5088 y Ft(7!)o Fb(d)p Fu(?])0 5291 y(whic)m(h)33 b(is)f(equiv)-5 -b(alen)m(t)33 b(to)244 5494 y Fs(ps)40 b Fu(=)33 b Fb(init)663 -5509 y Fc(X)730 5494 y Fu([)p Fs(y)813 5509 y Fn(1)853 -5494 y Ft(7!)o Fb(d)p Fu(?])44 b Ft(t)1198 5509 y Fn(PS)1321 -5494 y Ft(\001)17 b(\001)g(\001)31 b(t)1537 5509 y Fn(PS)1661 -5494 y Fb(init)1841 5509 y Fc(X)1908 5494 y Fu([)p Fs(y)1991 -5509 y Fn(n)2035 5494 y Ft(7!)o Fb(d)p Fu(?])p eop -%%Page: 166 176 -166 175 bop 251 130 a Fw(166)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fu(Since)d -Fs(h)595 530 y Fn(2)667 515 y Fu(is)f(additiv)m(e)g(w)m(e)i(ha)m(v)m(e) -527 715 y Fs(h)584 730 y Fn(2)657 715 y Fs(ps)40 b Fu(=)32 -b Fs(h)952 730 y Fn(2)992 715 y Fu(\()p Fb(init)1210 -730 y Fc(X)1278 715 y Fu([)p Fs(y)1361 730 y Fn(1)1400 -715 y Ft(7!)p Fb(d)p Fu(?]\))43 b Ft(t)1783 730 y Fn(PS)1907 -715 y Ft(\001)17 b(\001)g(\001)30 b(t)2122 730 y Fn(PS)2246 -715 y Fs(h)2303 730 y Fn(2)2342 715 y Fu(\()p Fb(init)2560 -730 y Fc(X)2628 715 y Fu([)p Fs(y)2711 730 y Fn(n)2755 -715 y Ft(7!)o Fb(d)p Fu(?]\))283 915 y(W)-8 b(e)31 b(ha)m(v)m(e)h -(assumed)g(that)e(\()p Fs(h)1366 930 y Fn(2)1436 915 -y Fs(ps)8 b Fu(\))31 b Fs(x)42 b Fu(=)31 b Fb(d)p Fu(?)f(and)h(no)m(w)g -(it)f(follo)m(ws)f(that)i(for)f(some)g(i)g(\(1)p Ft(\024)p -Fu(i)p Ft(\024)p Fu(n\))527 1115 y Fs(h)584 1130 y Fn(2)624 -1115 y Fu(\()p Fb(init)842 1130 y Fc(X)910 1115 y Fu([)p -Fs(y)993 1130 y Fn(i)1016 1115 y Ft(7!)p Fb(d)p Fu(?]\))44 -b Fs(x)g Fu(=)32 b Fb(d)p Fu(?)283 1314 y(Since)h Fb(init)718 -1329 y Fc(X)786 1314 y Fu([)p Fs(y)869 1329 y Fn(i)893 -1314 y Ft(7!)o Fb(d)p Fu(?])44 b Ft(v)1249 1329 y Fn(PS)1372 -1314 y Fs(ps)d Fu(and)32 b Fs(h)1749 1329 y Fn(1)1822 -1314 y Fu(is)g(monotone)g(\(Exercise)h(5.45\))f(w)m(e)i(get)f(that)527 -1514 y Fs(h)584 1529 y Fn(1)657 1514 y Fu(\()p Fb(init)875 -1529 y Fc(X)942 1514 y Fu([)p Fs(y)1025 1529 y Fn(i)1049 -1514 y Ft(7!)p Fb(d)p Fu(?]\))43 b Ft(v)1443 1529 y Fn(PS)1567 -1514 y Fs(h)1624 1529 y Fn(1)1696 1514 y Fs(ps)283 1714 -y Fu(and)33 b(thereb)m(y)527 1913 y Fs(h)584 1928 y Fn(1)657 -1913 y Fu(\()p Fb(init)875 1928 y Fc(X)942 1913 y Fu([)p -Fs(y)1025 1928 y Fn(i)1049 1913 y Ft(7!)p Fb(d)p Fu(?]\))43 -b Fs(x)i Fu(=)32 b Fb(ok)283 2113 y Fu(So)h(the)g(lemma)d(follo)m(ws)i -(b)m(y)h(taking)f Fs(y)41 b Fu(to)33 b(b)s(e)f Fs(y)2054 -2128 y Fn(i)2078 2113 y Fu(.)1576 b Fh(2)430 2316 y Fu(The)26 -b(next)f(step)h(will)d(b)s(e)i(to)f(generalize)h(this)f(result)h(to)f -(sequences)29 b(of)24 b(strict)g(and)h(additiv)m(e)283 -2437 y(functions.)p 283 2557 3473 5 v 283 2728 a Fw(Corollary)36 -b(5.47)49 b Fu(Consider)33 b(a)g(sequence)527 2928 y -Fs(h)584 2943 y Fn(0)657 2928 y Ft(v)g Fs(h)824 2943 -y Fn(1)896 2928 y Ft(v)g(\001)17 b(\001)g(\001)31 b(v)i -Fs(h)1322 2943 y Fn(n)283 3127 y Fu(of)g(strict)f(and)g(additiv)m(e)g -(functions)527 3327 y Fs(h)584 3342 y Fn(i)608 3327 y -Fu(:)44 b Fw(PState)1011 3342 y Fc(X)1110 3327 y Ft(!)32 -b Fw(PState)1574 3342 y Fc(X)283 3527 y Fu(that)39 b(are)g(all)e -(distinct,)j(that)f(is)g Fs(h)1580 3542 y Fn(i)1643 3527 -y Ft(6)p Fu(=)g Fs(h)1815 3542 y Fn(j)1880 3527 y Fu(if)e(i)i -Ft(6)p Fu(=)f(j.)63 b(Then)40 b(n)g Ft(\024)f Fu(\(m+1\))3030 -3491 y Fn(2)3107 3527 y Fu(where)i(m)d(is)g(the)283 3647 -y(cardinalit)m(y)31 b(of)h Fs(X)16 b Fu(.)p 283 3767 -V 283 3967 a Fw(Pro)s(of:)32 b Fu(F)-8 b(or)26 b(eac)m(h)j(i)d -Ft(2)i(f)p Fu(0,1,)p Ft(\001)17 b(\001)g(\001)n Fu(,n)p -Ft(\000)p Fu(1)p Ft(g)28 b Fu(the)f(previous)h(lemma)e(applied)g(to)h -Fs(h)3115 3982 y Fn(i)3166 3967 y Fu(and)h Fs(h)3408 -3982 y Fn(i+1)3549 3967 y Fu(giv)m(es)283 4088 y(that)33 -b(there)g(are)g(\\v)-5 b(ariables")527 4287 y Fs(x)584 -4302 y Fn(i)608 4287 y Fu(,)33 b Fs(y)724 4302 y Fn(i)780 -4287 y Ft(2)g Fs(X)48 b Ft([)33 b(f)p Fu(on-trac)m(k)p -Ft(g)283 4487 y Fu(suc)m(h)h(that)527 4687 y Fs(h)584 -4702 y Fn(i)608 4687 y Fu(\()p Fb(init)826 4702 y Fc(X)894 -4687 y Fu([)p Fs(y)977 4702 y Fn(i)1001 4687 y Ft(7!)o -Fb(d)p Fu(?]\))44 b Fs(x)1374 4702 y Fn(i)1430 4687 y -Fu(=)33 b Fb(ok)527 4854 y Fs(h)584 4869 y Fn(i+1)699 -4854 y Fu(\()p Fb(init)917 4869 y Fc(X)984 4854 y Fu([)p -Fs(y)1067 4869 y Fn(i)1091 4854 y Ft(7!)p Fb(d)p Fu(?]\))43 -b Fs(x)1464 4869 y Fn(i)1520 4854 y Fu(=)33 b Fb(d)p -Fu(?)283 5054 y(First)38 b(assume)h(that)f(all)e(\()p -Fs(x)1323 5069 y Fn(i)1346 5054 y Fu(,)k Fs(y)1469 5069 -y Fn(i)1493 5054 y Fu(\))e(are)g(distinct.)60 b(Since)39 -b(the)f(cardinalit)m(y)f(of)g Fs(X)55 b Fu(is)38 b(m)f(there)283 -5174 y(can)c(b)s(e)g(at)f(most)g(\(m+1\))1236 5138 y -Fn(2)1307 5174 y Fu(suc)m(h)i(pairs)e(and)h(w)m(e)g(ha)m(v)m(e)h(sho)m -(wn)g(n)f Ft(\024)g Fu(\(m+1\))3100 5138 y Fn(2)3138 -5174 y Fu(.)430 5295 y(Next)e(assume)g(that)g(there)g(exists)h(i)d -Fo(<)i Fu(j)f(suc)m(h)i(that)f(\()p Fs(x)2473 5310 y -Fn(i)2496 5295 y Fu(,)g Fs(y)2610 5310 y Fn(i)2634 5295 -y Fu(\))g(=)f(\()p Fs(x)2904 5310 y Fn(j)2930 5295 y -Fu(,)h Fs(y)3044 5310 y Fn(j)3069 5295 y Fu(\).)43 b(W)-8 -b(e)31 b(then)h(ha)m(v)m(e)527 5494 y Fs(h)584 5509 y -Fn(i+1)699 5494 y Fu(\()p Fb(init)917 5509 y Fc(X)984 -5494 y Fu([)p Fs(y)1067 5509 y Fn(i)1091 5494 y Ft(7!)p -Fb(d)p Fu(?]\))43 b Fs(x)1464 5509 y Fn(i)1520 5494 y -Fu(=)33 b Fb(d)p Fu(?)p eop -%%Page: 167 177 -167 176 bop 0 130 a Fw(5.4)112 b(Bounded)39 b(iteration)2154 -b(167)p 0 193 3473 4 v 0 515 a Fu(and)244 719 y Fs(h)301 -734 y Fn(j)327 719 y Fu(\()p Fb(init)545 734 y Fc(X)612 -719 y Fu([)p Fs(y)695 734 y Fn(i)719 719 y Ft(7!)p Fb(d)p -Fu(?]\))44 b Fs(x)1093 734 y Fn(i)1149 719 y Fu(=)32 -b Fb(ok)0 922 y Fu(Since)h(i+1)e Ft(\024)i Fu(j)f(w)m(e)i(ha)m(v)m(e)g -Fs(h)1037 937 y Fn(i+1)1184 922 y Ft(v)f Fs(h)1351 937 -y Fn(j)1409 922 y Fu(and)g(therefore)244 1125 y Fs(h)301 -1140 y Fn(i+1)448 1125 y Fu(\()p Fb(init)666 1140 y Fc(X)733 -1125 y Fu([)p Fs(y)816 1140 y Fn(i)840 1125 y Ft(7!)p -Fb(d)p Fu(?]\))43 b Fs(x)1213 1140 y Fn(i)1269 1125 y -Ft(v)1347 1140 y Fn(P)1432 1125 y Fs(h)1489 1140 y Fn(j)1547 -1125 y Fu(\()p Fb(init)1765 1140 y Fc(X)1833 1125 y Fu([)p -Fs(y)1916 1140 y Fn(i)1939 1125 y Ft(7!)p Fb(d)p Fu(?]\))h -Fs(x)2313 1140 y Fn(i)0 1328 y Fu(This)31 b(is)f(a)g(con)m(tradiction)f -(as)i(it)e(is)h Fs(not)40 b Fu(the)31 b(case)h(that)e -Fb(d)p Fu(?)h Ft(v)2269 1343 y Fn(P)2352 1328 y Fb(ok)p -Fu(.)43 b(Th)m(us)32 b(it)e(cannot)g(b)s(e)h(the)0 1449 -y(case)41 b(that)e(some)h(of)f(the)i(pairs)e(\()p Fs(x)1319 -1464 y Fn(i)1342 1449 y Fu(,)j Fs(y)1467 1464 y Fn(i)1491 -1449 y Fu(\))e(obtained)f(from)g(Lemma)f(5.46)h(coincide)g(and)h(w)m(e) -0 1569 y(ha)m(v)m(e)34 b(pro)m(v)m(ed)g(the)f(corollary)-8 -b(.)2296 b Fh(2)146 1772 y Fu(W)-8 b(e)33 b(shall)e(no)m(w)j(turn)e(to) -m(w)m(ards)i(the)f(pro)s(of)f(of)g(the)h(main)e(result:)0 -1940 y Fw(Pro)s(of)i(of)h(Prop)s(osition)d(5.40)p Fu(.)46 -b(Consider)34 b(the)g(construct)h Fr(while)f Fs(b)39 -b Fr(do)34 b Fs(S)46 b Fu(and)33 b(let)g Fs(H)49 b Fu(b)s(e)0 -2060 y(giv)m(en)33 b(b)m(y)244 2264 y Fs(H)48 b(h)40 -b Fu(=)33 b(cond)763 2279 y Fn(P)815 2264 y Fu(\()p Ft(P)8 -b(B)999 2279 y Fc(X)1067 2264 y Fu([)-17 b([)p Fs(b)6 -b Fu(])-17 b(])q(,)32 b Fs(h)40 b Ft(\016)32 b(P)8 b(S)1570 -2279 y Fc(X)1637 2264 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(],)33 b(id\))0 2467 y(W)-8 b(e)33 b(shall)e(then)i(pro)m(v)m(e)h -(that)244 2670 y Ft(P)8 b(S)389 2685 y Fc(X)457 2670 -y Fu([)-17 b([)p Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)12 -b Fu(])-17 b(])33 b(=)g Fs(H)1335 2634 y Fn(k)1409 2670 -y Ft(?)0 2873 y Fu(where)e(k)e(=)h(\(m+1\))748 2837 y -Fn(2)815 2873 y Fu(and)g(m)e(is)h(the)h(cardinalit)m(y)e(of)g -Fs(X)46 b Fu(=)29 b(FV\()p Fr(while)i Fs(b)k Fr(do)30 -b Fs(S)12 b Fu(\).)29 b(T)-8 b(o)29 b(do)h(that)0 2994 -y(consider)j(the)g(sequence)244 3197 y Fs(H)332 3161 -y Fn(0)404 3197 y Ft(?)g(v)g Fs(H)712 3161 y Fn(1)784 -3197 y Ft(?)g(v)g(\001)17 b(\001)g(\001)31 b(v)i Fs(H)1351 -3161 y Fn(k)1425 3197 y Ft(?)g(v)g Fs(H)1733 3161 y Fn(k+1)1897 -3197 y Ft(?)0 3400 y Fu(It)38 b(follo)m(ws)e(from)g(Lemma)h(5.44)g -(that)g(eac)m(h)h Fs(H)1764 3364 y Fn(i)1826 3400 y Ft(?)g -Fu(is)f(a)g(strict)h(and)f(additiv)m(e)g(function.)58 -b(It)0 3520 y(no)m(w)30 b(follo)m(ws)d(from)h(Corollary)f(5.47)h(that)h -(not)g(all)e Fs(H)1970 3484 y Fn(i)2023 3520 y Ft(?)p -Fu(,)j(for)e(i)g Ft(\024)h Fu(k+1,)h(are)f(distinct.)42 -b(If)29 b(i)p Fo(<)p Fu(j)0 3641 y(satis\014es)244 3844 -y Fs(H)332 3808 y Fn(i)388 3844 y Ft(?)k Fu(=)g Fs(H)695 -3808 y Fn(j)753 3844 y Ft(?)0 4047 y Fu(then)g(w)m(e)h(also)d(ha)m(v)m -(e)244 4250 y Fs(H)332 4214 y Fn(i)388 4250 y Ft(?)i -Fu(=)g Fs(H)695 4214 y Fn(n)771 4250 y Ft(?)g Fu(for)f(n)p -Ft(\025)p Fu(i)0 4453 y(and)h(in)e(particular)244 4657 -y Fs(H)332 4621 y Fn(k)406 4657 y Ft(?)i Fu(=)f Fs(H)712 -4621 y Fn(k+1)876 4657 y Ft(?)0 4860 y Fu(Hence)i(FIX)e -Fs(H)49 b Fu(=)32 b Fs(H)811 4824 y Fn(k)885 4860 y Ft(?)h -Fu(as)g(desired)g(b)s(ecause)h(of)e(Exercise)i(5.18.)895 -b Fh(2)0 5171 y Fw(Exercise)36 b(5.48)49 b Fu(*)33 b(Sho)m(w)h(that)e -(the)h(b)s(ound)g(exhibited)g(in)f(Corollary)f(5.47)h(is)h(tigh)m(t.)43 -b(That)0 5291 y(is)32 b(describ)s(e)h(ho)m(w)h(to)e(construct)h(a)g -(sequence)244 5494 y Fs(h)301 5509 y Fn(0)373 5494 y -Ft(v)g Fs(h)540 5509 y Fn(1)612 5494 y Ft(v)g(\001)17 -b(\001)g(\001)31 b(v)i Fs(h)1038 5509 y Fn(n)p eop -%%Page: 168 178 -168 177 bop 251 130 a Fw(168)1937 b(5)112 b(Static)37 -b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fu(of)31 -b(strict)g(and)g(additiv)m(e)g(functions)g Fs(h)1684 -530 y Fn(i)1708 515 y Fu(:)42 b Fw(PState)2109 530 y -Fc(X)2207 515 y Ft(!)31 b Fw(PState)2670 530 y Fc(X)2768 -515 y Fu(suc)m(h)i(that)d(all)f Fs(h)3387 530 y Fn(i)3443 -515 y Fu(are)i(dis-)283 636 y(tinct)e(and)g(n)f(=)h(\(m+1\))1169 -600 y Fn(2)1236 636 y Fu(where)h(m)e(is)g(the)h(cardinalit)m(y)e(of)h -Fs(X)16 b Fu(.)29 b(Hin)m(t:)42 b(Begin)28 b(b)m(y)h(considering)283 -756 y(m)j(=)h(0,)f(m)g(=)g(1,)h(m)e(=)i(2)f(and)h(then)g(try)g(to)f -(generalize.)1297 b Fh(2)430 948 y Fu(T)-8 b(o)31 b(summarize,)g(the)h -(quadratic)f(upp)s(er)h(b)s(ound)g(on)g(the)g(required)g(n)m(um)m(b)s -(er)g(of)f(iterands)283 1068 y(is)i(obtained)f(as)g(follo)m(ws:)p -283 1198 3470 4 v 283 1215 V 281 1422 4 208 v 298 1422 -V 1371 1343 a Fw(Pro)s(of)g(Summary)h(for)f(While)p Fu(:)p -3735 1422 V 3752 1422 V 281 1630 V 298 1630 V 617 1551 -a Fw(Bounding)h(the)f(Num)m(b)s(er)g(of)h(Iterations)e(in)h(the)h -(Static)e(Analysis)p 3735 1630 V 3752 1630 V 283 1633 -3470 4 v 281 2003 4 370 v 298 2003 V 350 1799 a Fu(1:)143 -b(The)48 b(analysis)f(is)g(mo)s(di\014ed)f(to)h(use)h(the)g(set)g -Fw(PState)2691 1814 y Fc(X)2805 1799 y Fu(rather)g(than)f -Fw(PState)569 1919 y Fu(\(Exercise)34 b(5.37\).)p 3735 -2003 V 3752 2003 V 281 2291 4 289 v 298 2291 V 350 2087 -a(2:)143 b(A)28 b(pro)s(of)g(b)m(y)h Fs(structur)-5 b(al)32 -b(induction)j Fu(on)28 b(the)h(statemen)m(ts)h(sho)m(ws)g(that)e(the)g -(analysis)569 2207 y(functions)k Ft(P)8 b(S)1135 2222 -y Fc(X)1202 2207 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(])32 b(are)h(strict)f(and)h(additiv)m(e)f(\(Lemma)f(5.44\).)p -3735 2291 V 3752 2291 V 281 2699 4 409 v 298 2699 V 350 -2375 a(3:)143 b(Sequences)41 b(of)c(strict)h(and)g(additiv)m(e)f -(functions)h(in)f Fw(PState)2861 2390 y Fc(X)2966 2375 -y Ft(!)h Fw(PState)3436 2390 y Fc(X)3541 2375 y Fu(can)569 -2495 y(ha)m(v)m(e)h(length)f(at)f(most)h(\(m+1\))1755 -2459 y Fn(2)1831 2495 y Fu(where)h(m)f(is)f(the)i(cardinalit)m(y)d(of)h -Fs(X)55 b Fu(\(Corollary)569 2616 y(5.47\).)p 3735 2699 -V 3752 2699 V 283 2702 3470 4 v 283 2719 V 283 2914 a(Using)29 -b(the)h(result)f(of)g(Prop)s(osition)f(5.40)h(w)m(e)h(get)f(that)g(at)g -(most)g(9)g(iterations)f(are)h(needed)i(to)283 3035 y(compute)26 -b(the)g(\014xed)h(p)s(oin)m(t)d(presen)m(t)j(in)e(the)h(analysis)f(of)g -(the)h(factorial)d(statemen)m(t.)41 b(Since)26 b(w)m(e)283 -3155 y(kno)m(w)31 b(that)e(already)g(the)h(\014rst)f(iterand)g(will)e -(equal)i(the)h(\014xed)g(p)s(oin)m(t)f(one)g(ma)m(y)h(ask)f(whether)283 -3276 y(one)36 b(can)g(obtain)e(an)h(ev)m(en)i(b)s(etter)f(b)s(ound)f -(on)h(the)f(n)m(um)m(b)s(er)h(of)f(iterations.)50 b(The)37 -b(follo)m(wing)283 3396 y(exercise)e(sho)m(ws)f(that)f(the)h(quadratic) -e(upp)s(er)i(b)s(ound)f(can)g(b)s(e)g(replaced)g(b)m(y)h(a)f(linear)e -(upp)s(er)283 3516 y(b)s(ound:)283 3708 y Fw(Exercise)37 -b(5.49)49 b Fu(**)31 b(Sho)m(w)h(that)f(for)f(eac)m(h)j(statemen)m(t)e -Fr(while)i Fs(b)k Fr(do)32 b Fs(S)43 b Fu(of)31 b Fw(While)e -Fu(w)m(e)k(ha)m(v)m(e)527 3884 y Ft(P)8 b(S)673 3899 -y Fc(X)740 3884 y Fu([)-17 b([)q Fr(while)33 b Fs(b)39 -b Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)f Fs(H)1618 -3848 y Fn(k)1692 3884 y Ft(?)283 4060 y Fu(where)i Fs(H)49 -b(h)39 b Fu(=)33 b(cond)1084 4075 y Fn(P)1136 4060 y -Fu(\()p Ft(P)8 b(B)1320 4075 y Fc(X)1388 4060 y Fu([)-17 -b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Fs(h)7 b Ft(\016)q(P)h(S)1826 -4075 y Fc(X)1893 4060 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 -b(],)33 b(id\),)f(k)g(=)h(m+1,)e(and)i(m)f(is)g(the)h(cardinalit)m(y) -283 4181 y(of)g(the)g(set)g Fs(X)49 b Fu(=)32 b(FV\()p -Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\).)1923 b -Fh(2)430 4373 y Fu(F)-8 b(or)38 b(the)i(factorial)d(statemen)m(t)i -(this)g(result)g(will)e(giv)m(e)j(that)f(at)f(most)h(3)g(iterations)f -(are)283 4493 y(needed)f(to)d(determine)h(the)g(\014xed)h(p)s(oin)m(t.) -49 b(The)36 b(next)g(exercise)g(sho)m(ws)g(that)f(this)f(is)h(almost) -283 4613 y(the)e(b)s(est)h(upp)s(er)f(b)s(ound)g(w)m(e)g(can)g(hop)s(e) -g(for:)283 4805 y Fw(Exercise)k(5.50)49 b Fu(*)31 b(Sho)m(w)i(that)f -(for)f(eac)m(h)i(m)f Ft(\025)g Fu(1)g(there)g(is)g(a)g(statemen)m(t)g -Fr(while)h Fs(b)38 b Fr(do)33 b Fs(S)43 b Fu(of)283 4926 -y Fw(While)31 b Fu(suc)m(h)j(that)527 5102 y Ft(P)8 b(S)673 -5117 y Fc(X)740 5102 y Fu([)-17 b([)q Fr(while)33 b Fs(b)39 -b Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b Ft(6)p Fu(=)f -Fs(H)1618 5066 y Fn(k)1692 5102 y Ft(?)283 5278 y Fu(where)i -Fs(H)49 b(h)39 b Fu(=)32 b(cond)1083 5293 y Fn(P)1136 -5278 y Fu(\()p Ft(P)8 b(B)1320 5293 y Fc(X)1387 5278 -y Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(h)7 b -Ft(\016P)h(S)1825 5293 y Fc(X)1893 5278 y Fu([)-17 b([)p -Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\),)g(k)h(=)f(m)p Ft(\000)p -Fu(1,)g(and)g(m)g(is)g(the)h(cardinalit)m(y)283 5398 -y(of)g(the)g(set)g Fs(X)49 b Fu(=)32 b(FV\()p Fr(while)i -Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\).)1923 b Fh(2)p eop -%%Page: 169 179 -169 178 bop 0 1180 a Fv(Chapter)78 b(6)0 1595 y(Axiomatic)e(Program)h -(V)-19 b(eri\014cation)0 2047 y Fu(The)39 b(kinds)g(of)f(seman)m(tics)h -(w)m(e)g(ha)m(v)m(e)h(seen)g(so)e(far)g(sp)s(ecify)h(the)g(meaning)e -(of)h(programs)f(al-)0 2168 y(though)26 b(they)g(ma)m(y)g(also)f(b)s(e) -h(used)g(to)g(pro)m(v)m(e)h(that)e(giv)m(en)h(programs)f(p)s(ossess)j -(certain)d(prop)s(er-)0 2288 y(ties.)43 b(W)-8 b(e)33 -b(ma)m(y)e(distinguish)g(b)s(et)m(w)m(een)j(sev)m(eral)f(classes)g(of)f -(prop)s(erties:)43 b Fs(p)-5 b(artial)34 b(c)-5 b(orr)g(e)g(ctness)0 -2408 y(pr)g(op)g(erties)36 b Fu(are)29 b(prop)s(erties)f(expressing)i -(that)e Fs(if)49 b Fu(a)28 b(giv)m(en)h(program)e(terminates)h -Fs(then)36 b Fu(there)0 2529 y(will)e(b)s(e)j(a)f(certain)g -(relationship)f(b)s(et)m(w)m(een)j(the)f(initial)c(and)j(the)h(\014nal) -f(v)-5 b(alues)36 b(of)g(the)h(v)-5 b(ari-)0 2649 y(ables.)59 -b(Th)m(us)40 b(a)d(partial)f(correctness)k(prop)s(ert)m(y)f(of)e(a)h -(program)e(need)j Fs(not)47 b Fu(ensure)40 b(that)d(it)0 -2769 y(terminates.)42 b(This)31 b(is)f(con)m(trary)h(to)f -Fs(total)j(c)-5 b(orr)g(e)g(ctness)33 b(pr)-5 b(op)g(erties)38 -b Fu(whic)m(h)31 b(express)i(that)d(the)0 2890 y(program)j -Fs(wil)5 b(l)44 b Fu(terminate)33 b Fs(and)44 b Fu(that)34 -b(there)h(will)d(b)s(e)i(a)g(certain)g(relationship)f(b)s(et)m(w)m(een) -j(the)0 3010 y(initial)29 b(and)j(the)h(\014nal)f(v)-5 -b(alues)33 b(of)f(the)h(v)-5 b(ariables.)42 b(Th)m(us)34 -b(w)m(e)g(ha)m(v)m(e)244 3196 y(partial)c(correctness)35 -b(+)d(termination)e(=)j(total)e(correctness)0 3382 y(Y)-8 -b(et)24 b(another)f(class)g(of)g(prop)s(erties)g(is)g(concerned)i(with) -e(the)h Fs(r)-5 b(esour)g(c)g(es)31 b Fu(used)24 b(when)h(executing)0 -3502 y(the)30 b(program.)41 b(An)30 b(example)e(is)h(the)h -Fs(time)37 b Fu(used)30 b(to)f(execute)j(the)e(program)e(on)h(a)g -(particular)0 3622 y(mac)m(hine.)0 3952 y Fj(6.1)161 -b(Direct)53 b(pro)t(ofs)g(of)h(program)f(correctness)0 -4171 y Fu(In)30 b(this)f(section)g(w)m(e)i(shall)d(giv)m(e)h(some)g -(examples)h(that)f(pro)m(v)m(e)i(partial)c(correctness)k(of)e(state-)0 -4291 y(men)m(ts)45 b(based)h(directly)e(on)h(the)h(op)s(erational)c -(and)j(denotational)e(seman)m(tics.)81 b(W)-8 b(e)45 -b(shall)0 4412 y(pro)m(v)m(e)34 b(that)e(the)h(factorial)d(statemen)m -(t)244 4598 y Fr(y)j Fu(:=)f Fr(1)p Fu(;)h Fr(while)h -Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p -Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g -Fr(x)p Ft(\000)p Fr(1)p Fu(\))0 4783 y(is)38 b(partially)d(correct,)41 -b(that)d(is)g Fs(if)59 b Fu(the)39 b(statemen)m(t)f(terminates)g -Fs(then)45 b Fu(the)39 b(\014nal)f(v)-5 b(alue)37 b(of)h -Fr(y)0 4904 y Fu(will)30 b(b)s(e)j(the)g(factorial)d(of)i(the)h -(initial)c(v)-5 b(alue)32 b(of)g Fr(x)p Fu(.)0 5189 y -Fp(Natural)46 b(seman)l(tics)0 5374 y Fu(Using)35 b Fs(natur)-5 -b(al)38 b(semantics)k Fu(the)36 b(partial)d(correctness)38 -b(of)d(the)h(factorial)d(statemen)m(t)i(can)h(b)s(e)0 -5494 y(formalized)30 b(as)j(follo)m(ws:)1663 5849 y(169)p -eop -%%Page: 170 180 -170 179 bop 251 130 a Fw(170)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527 -515 a Fu(F)h(or)32 b(all)f(states)i Fs(s)41 b Fu(and)32 -b Fs(s)1433 479 y Fi(0)1457 515 y Fu(,)g(if)742 717 y -Ft(h)p Fr(y)g Fu(:=)h Fr(1)p Fu(;)g Fr(while)h Ft(:)p -Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p -Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f -Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)32 b(!)g -Fs(s)3152 681 y Fi(0)527 918 y Fu(then)i Fs(s)798 882 -y Fi(0)853 918 y Fr(y)f Fu(=)g(\()p Fs(s)40 b Fr(x)p -Fu(\)!)k(and)32 b Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)283 -1116 y Fu(This)j(is)f(indeed)h(a)f(partial)e(correctness)k(prop)s(ert)m -(y)g(b)s(ecause)f(the)g(statemen)m(t)g(do)s(es)g(not)f(ter-)283 -1236 y(minate)e(if)f(the)i(initial)c(v)-5 b(alue)32 b -Fs(s)40 b Fr(x)33 b Fu(of)f Fr(x)h Fu(is)f(non-p)s(ositiv)m(e.)430 -1357 y(The)h(pro)s(of)f(pro)s(ceeds)i(in)e(three)h(stages:)283 -1554 y Fw(Stage)38 b(1:)49 b Fu(W)-8 b(e)33 b(pro)m(v)m(e)h(that)e(the) -h(b)s(o)s(dy)g(of)f(the)h Fr(while)h Fu(lo)s(op)d(satis\014es:)569 -1713 y(if)g Ft(h)p Fr(y)i Fu(:=)f Fr(y)p Fo(?)p Fr(x)p -Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(,)i -Fs(s)8 b Ft(i)32 b(!)h Fs(s)1886 1677 y Fi(00)1961 1713 -y Fu(and)f Fs(s)2198 1677 y Fi(00)2273 1713 y Fr(x)h -Fo(>)g Fw(0)569 1881 y Fu(then)g(\()p Fs(s)41 b Fr(y)p -Fu(\))32 b Fo(?)h Fu(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(=)32 -b(\()p Fs(s)1585 1845 y Fi(00)1660 1881 y Fr(y)p Fu(\))h -Fo(?)f Fu(\()p Fs(s)1949 1845 y Fi(00)2024 1881 y Fr(x)p -Fu(\)!)44 b(and)32 b Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)3631 -1798 y Fu(\(*\))283 2076 y Fw(Stage)38 b(2:)49 b Fu(W)-8 -b(e)33 b(pro)m(v)m(e)h(that)e(the)h Fr(while)h Fu(lo)s(op)d -(satis\014es:)569 2235 y(if)g Ft(h)p Fr(while)j Ft(:)p -Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p -Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g -Fr(x)p Ft(\000)p Fr(1)p Fu(\),)g Fs(s)8 b Ft(i)32 b(!)h -Fs(s)2739 2199 y Fi(00)569 2402 y Fu(then)g(\()p Fs(s)41 -b Fr(y)p Fu(\))32 b Fo(?)h Fu(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(=)32 -b Fs(s)1547 2366 y Fi(00)1622 2402 y Fr(y)h Fu(and)g -Fs(s)1944 2366 y Fi(00)2019 2402 y Fr(x)f Fu(=)h Fw(1)f -Fu(and)h Fs(s)41 b Fr(x)32 b Fo(>)h Fw(0)3582 2319 y -Fu(\(**\))283 2597 y Fw(Stage)38 b(3:)49 b Fu(W)-8 b(e)33 -b(pro)m(v)m(e)h(the)f(partial)d(correctness)35 b(prop)s(ert)m(y)e(for)f -(the)h(complete)f(program:)569 2756 y(if)f Ft(h)p Fr(y)i -Fu(:=)f Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p Fr(x)p -Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f -Fr(y)p Fo(?)q Fr(x)p Fu(;)g Fr(x)h Fu(:=)g Fr(x)p Ft(\000)p -Fr(1)p Fu(\),)g Fs(s)8 b Ft(i)33 b(!)f Fs(s)3069 2720 -y Fi(0)569 2924 y Fu(then)h Fs(s)839 2888 y Fi(0)895 -2924 y Fr(y)g Fu(=)f(\()p Fs(s)41 b Fr(x)p Fu(\)!)i(and)33 -b Fs(s)41 b Fr(x)32 b Fo(>)h Fw(0)3534 2841 y Fu(\(***\))283 -3115 y(In)i(eac)m(h)f(of)g(the)g(three)h(stages)f(the)g(deriv)-5 -b(ation)33 b(tree)h(of)f(the)i(giv)m(en)e(transition)g(is)g(insp)s -(ected)283 3235 y(in)f(order)h(to)f(pro)m(v)m(e)i(the)f(prop)s(ert)m(y) --8 b(.)430 3355 y(In)33 b(the)g Fs(\014rst)i(stage)k -Fu(w)m(e)34 b(consider)f(the)g(transition)527 3553 y -Ft(h)p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g -Fu(:=)g Fr(x)p Ft(\000)p Fr(1)p Fu(,)g Fs(s)8 b Ft(i)33 -b(!)f Fs(s)1755 3517 y Fi(00)283 3751 y Fu(According)h(to)f([comp)1121 -3766 y Fn(ns)1192 3751 y Fu(])h(there)g(will)d(b)s(e)j(transitions)527 -3948 y Ft(h)p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(,)h -Fs(s)8 b Ft(i)33 b(!)f Fs(s)1296 3912 y Fi(0)1352 3948 -y Fu(and)g Ft(h)p Fr(x)h Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p -Fu(,)i Fs(s)2087 3912 y Fi(0)2110 3948 y Ft(i)f(!)f Fs(s)2362 -3912 y Fi(00)283 4146 y Fu(for)f(some)g Fs(s)722 4109 -y Fi(0)745 4146 y Fu(.)43 b(F)-8 b(rom)30 b(the)i(axiom)d([ass)1677 -4161 y Fn(ns)1749 4146 y Fu(])i(w)m(e)h(then)g(get)f(that)g -Fs(s)2589 4109 y Fi(0)2644 4146 y Fu(=)f Fs(s)8 b Fu([)p -Fr(y)p Ft(7!)q(A)o Fu([)-17 b([)q Fr(y)p Fo(?)p Fr(x)p -Fu(])g(])q Fs(s)8 b Fu(])31 b(and)g(that)283 4266 y Fs(s)331 -4230 y Fi(00)406 4266 y Fu(=)i Fs(s)563 4230 y Fi(0)586 -4266 y Fu([)p Fr(x)p Ft(7!A)p Fu([)-17 b([)p Fr(x)p Ft(\000)p -Fr(1)p Fu(])g(])r Fs(s)1147 4230 y Fi(0)1170 4266 y Fu(].)44 -b(Com)m(bining)31 b(these)j(results)f(w)m(e)g(ha)m(v)m(e)527 -4464 y Fs(s)575 4427 y Fi(00)650 4464 y Fu(=)g Fs(s)8 -b Fu([)p Fr(y)p Ft(7!)p Fu(\()p Fs(s)40 b Fr(y)p Fu(\))p -Fo(?)p Fu(\()p Fs(s)h Fr(x)p Fu(\)][)p Fr(x)p Ft(7!)p -Fu(\()p Fs(s)g Fr(x)p Fu(\))p Ft(\000)p Fr(1)p Fu(])283 -4661 y(Assuming)33 b(that)f Fs(s)991 4625 y Fi(00)1066 -4661 y Fr(x)h Fo(>)f Fw(0)h Fu(w)m(e)g(can)g(then)g(calculate)527 -4859 y(\()p Fs(s)613 4822 y Fi(00)688 4859 y Fr(y)p Fu(\))g -Fo(?)f Fu(\()p Fs(s)977 4822 y Fi(00)1052 4859 y Fr(x)p -Fu(\)!)44 b(=)32 b(\(\()p Fs(s)41 b Fr(y)p Fu(\))33 b -Fo(?)f Fu(\()p Fs(s)40 b Fr(x)p Fu(\)\))33 b Fo(?)f Fu(\(\()p -Fs(s)41 b Fr(x)p Fu(\))p Ft(\000)p Fr(1)p Fu(\)!)j(=)33 -b(\()p Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 -b Fr(x)p Fu(\)!)283 5056 y(and)33 b(since)g Fs(s)41 b -Fr(x)33 b Fu(=)f(\()p Fs(s)1071 5020 y Fi(00)1146 5056 -y Fr(x)p Fu(\))h(+)f Fw(1)h Fu(this)f(sho)m(ws)i(that)e(\(*\))g(do)s -(es)i(indeed)e(hold.)430 5177 y(In)27 b(the)h Fs(se)-5 -b(c)g(ond)29 b(stage)34 b Fu(w)m(e)28 b(pro)s(ceed)g(b)m(y)h(induction) -d(on)h(the)h(shap)s(e)f(of)g(the)h(deriv)-5 b(ation)25 -b(tree)283 5297 y(for)527 5494 y Ft(h)p Fr(while)34 b -Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p -Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g -Fr(x)p Ft(\000)p Fr(1)p Fu(\),)g Fs(s)8 b Ft(i)32 b(!)h -Fs(s)2608 5458 y Fi(0)p eop -%%Page: 171 181 -171 180 bop 0 130 a Fw(6.1)112 b(Direct)36 b(pro)s(ofs)i(of)g(program)f -(correctness)1242 b(171)p 0 193 3473 4 v 0 515 a Fu(One)40 -b(of)f(t)m(w)m(o)h(axioms)f(and)g(rules)h(could)f(ha)m(v)m(e)i(b)s(een) -f(used)h(to)e(construct)i(this)e(deriv)-5 b(ation.)0 -636 y(If)43 b([while)358 600 y Fn(\013)358 660 y(ns)428 -636 y Fu(])g(has)g(b)s(een)h(used)g(then)f Fs(s)1436 -600 y Fi(0)1502 636 y Fu(=)g Fs(s)51 b Fu(and)43 b Ft(B)s -Fu([)-17 b([)q Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q -Fs(s)51 b Fu(=)42 b Fw(\013)p Fu(.)75 b(This)43 b(means)g(that)0 -756 y Fs(s)48 720 y Fi(0)104 756 y Fr(x)33 b Fu(=)f Fw(1)j -Fu(and)g(since)g Fw(1)p Fu(!)51 b(=)35 b Fw(1)g Fu(w)m(e)h(get)f(the)g -(required)g(\()p Fs(s)43 b Fr(y)p Fu(\))35 b Fo(?)g Fu(\()p -Fs(s)43 b Fr(x)p Fu(\)!)51 b(=)34 b Fs(s)43 b Fr(y)35 -b Fu(and)g Fs(s)43 b Fr(x)36 b Fo(>)e Fw(0)p Fu(.)0 877 -y(This)f(pro)m(v)m(es)h(\(**\).)146 997 y(Next)k(assume)g(that)f -([while)1197 961 y Fn(tt)1197 1022 y(ns)1268 997 y Fu(])g(is)g(used)h -(to)f(construct)h(the)g(deriv)-5 b(ation.)56 b(Then)38 -b(it)e(m)m(ust)0 1117 y(b)s(e)d(the)g(case)g(that)g Ft(B)s -Fu([)-17 b([)q Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q -Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)244 1321 y Ft(h)p -Fr(y)g Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f -Fr(x)p Ft(\000)p Fr(1)p Fu(,)i Fs(s)8 b Ft(i)32 b(!)g -Fs(s)1471 1285 y Fi(00)0 1525 y Fu(and)244 1728 y Ft(h)p -Fr(while)h Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g -Fr(do)g Fu(\()p Fr(y)f Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g -Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)2073 -1692 y Fi(00)2115 1728 y Ft(i)e(!)h Fs(s)2367 1692 y -Fi(0)0 1932 y Fu(for)f(some)h(state)h Fs(s)682 1896 y -Fi(00)724 1932 y Fu(.)45 b(The)34 b(induction)e(h)m(yp)s(othesis)i -(applied)e(to)g(the)i(latter)e(deriv)-5 b(ation)31 b(giv)m(es)0 -2053 y(that)244 2256 y(\()p Fs(s)330 2220 y Fi(00)405 -2256 y Fr(y)p Fu(\))i Fo(?)f Fu(\()p Fs(s)694 2220 y -Fi(00)769 2256 y Fr(x)p Fu(\)!)43 b(=)33 b Fs(s)1085 -2220 y Fi(0)1141 2256 y Fr(y)g Fu(and)f Fs(s)1462 2220 -y Fi(0)1518 2256 y Fr(x)h Fu(=)f Fw(1)h Fu(and)g Fs(s)2037 -2220 y Fi(00)2112 2256 y Fr(x)f Fo(>)h Fw(0)0 2460 y -Fu(F)-8 b(rom)31 b(\(*\))h(w)m(e)i(get)e(that)244 2664 -y(\()p Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 -b Fr(x)p Fu(\)!)j(=)32 b(\()p Fs(s)1038 2628 y Fi(00)1113 -2664 y Fr(y)p Fu(\))h Fo(?)f Fu(\()p Fs(s)1402 2628 y -Fi(00)1477 2664 y Fr(x)p Fu(\)!)44 b(and)32 b Fs(s)41 -b Fr(x)33 b Fo(>)f Fw(0)0 2867 y Fu(Putting)g(these)i(results)f -(together)g(w)m(e)g(get)244 3071 y(\()p Fs(s)40 b Fr(y)p -Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)j(=)32 -b Fs(s)1000 3035 y Fi(0)1056 3071 y Fr(y)h Fu(and)f Fs(s)1377 -3035 y Fi(0)1433 3071 y Fr(x)h Fu(=)f Fw(1)h Fu(and)g -Fs(s)40 b Fr(x)33 b Fo(>)f Fw(0)0 3275 y Fu(This)h(pro)m(v)m(es)h -(\(**\))e(and)h(thereb)m(y)h(the)f(second)h(stage)f(of)f(the)h(pro)s -(of)e(is)i(completed.)146 3395 y(Finally)-8 b(,)30 b(consider)j(the)g -Fs(thir)-5 b(d)35 b(stage)40 b Fu(of)32 b(the)h(pro)s(of)e(and)i(the)g -(deriv)-5 b(ation)244 3599 y Ft(h)p Fr(y)32 b Fu(:=)h -Fr(1)p Fu(;)g Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p -Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p -Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p -Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)32 b(!)g Fs(s)2654 3563 -y Fi(0)0 3803 y Fu(According)g(to)h([comp)838 3818 y -Fn(ns)908 3803 y Fu(])g(there)g(will)e(b)s(e)h(a)h(state)g -Fs(s)1903 3767 y Fi(00)1978 3803 y Fu(suc)m(h)h(that)244 -4006 y Ft(h)p Fr(y)e Fu(:=)h Fw(1)p Fu(,)g Fs(s)8 b Ft(i)32 -b(!)g Fs(s)917 3970 y Fi(00)0 4210 y Fu(and)244 4414 -y Ft(h)p Fr(while)h Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p -Fu(\))g Fr(do)g Fu(\()p Fr(y)f Fu(:=)h Fr(y)p Fo(?)p -Fr(x)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p -Fu(\),)i Fs(s)2073 4378 y Fi(00)2115 4414 y Ft(i)e(!)h -Fs(s)2367 4378 y Fi(0)0 4618 y Fu(F)-8 b(rom)33 b(axiom)h([ass)703 -4633 y Fn(ns)775 4618 y Fu(])h(w)m(e)h(see)g(that)e Fs(s)1404 -4581 y Fi(00)1482 4618 y Fu(=)g Fs(s)8 b Fu([)p Fr(y)p -Ft(7!)q Fw(1)p Fu(])35 b(and)g(from)e(\(**\))i(w)m(e)h(get)e(that)h -Fs(s)3142 4581 y Fi(00)3220 4618 y Fr(x)g Fo(>)f Fw(0)0 -4738 y Fu(and)29 b(therefore)g Fs(s)37 b Fr(x)29 b Fo(>)g -Fw(0)p Fu(.)42 b(Hence)31 b(\()p Fs(s)36 b Fr(x)p Fu(\)!)43 -b(=)29 b(\()p Fs(s)1729 4702 y Fi(00)1800 4738 y Fr(y)p -Fu(\))g Fo(?)f Fu(\()p Fs(s)2081 4702 y Fi(00)2153 4738 -y Fr(x)p Fu(\)!)42 b(holds)29 b(and)g(using)f(\(**\))g(w)m(e)i(get)244 -4942 y(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(=)32 b(\()p Fs(s)716 -4905 y Fi(00)791 4942 y Fr(y)p Fu(\))h Fo(?)f Fu(\()p -Fs(s)1080 4905 y Fi(00)1155 4942 y Fr(x)p Fu(\)!)44 b(=)32 -b Fs(s)1471 4905 y Fi(0)1527 4942 y Fr(y)0 5145 y Fu(as)h(required.)44 -b(This)33 b(pro)m(v)m(es)h(the)f(partial)d(correctness)35 -b(of)d(the)h(factorial)d(statemen)m(t.)0 5374 y Fw(Exercise)36 -b(6.1)49 b Fu(Use)42 b(the)g(natural)e(seman)m(tics)i(to)f(pro)m(v)m(e) -h(the)g(partial)d(correctness)k(of)e(the)0 5494 y(statemen)m(t)p -eop -%%Page: 172 182 -172 181 bop 251 130 a Fw(172)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527 -515 a Fr(z)33 b Fu(:=)g Fr(0)p Fu(;)f Fr(while)i(y)p -Ft(\024)q Fr(x)f(do)g Fu(\()p Fr(z)g Fu(:=)f Fr(z)p Fu(+)p -Fr(1)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(y)p -Fu(\))283 714 y(that)h(is)g(pro)m(v)m(e)h(that)e Fs(if)54 -b Fu(the)33 b(statemen)m(t)h(terminates)e(in)g Fs(s)2449 -677 y Fi(0)2505 714 y Fu(when)i(executed)h(from)d(a)h(state)g -Fs(s)283 834 y Fu(with)27 b Fs(s)41 b Fr(x)33 b Fo(>)f -Fw(0)27 b Fu(and)g Fs(s)35 b Fr(y)28 b Fo(>)f Fw(0)p -Fu(,)h Fs(then)34 b(s)1672 798 y Fi(0)1728 834 y Fr(z)f -Fu(=)f(\()p Fs(s)41 b Fr(x)p Fu(\))32 b Fw(div)h Fu(\()p -Fs(s)40 b Fr(y)p Fu(\))27 b(and)h Fs(s)2813 798 y Fi(0)2868 -834 y Fr(x)33 b Fu(=)g(\()p Fs(s)40 b Fr(x)p Fu(\))33 -b Fw(mo)s(d)f Fu(\()p Fs(s)41 b Fr(y)p Fu(\))283 954 -y(where)34 b Fw(div)e Fu(is)g(in)m(teger)h(division)e(and)i -Fw(mo)s(d)f Fu(is)g(the)h(mo)s(dulo)d(op)s(eration.)665 -b Fh(2)283 1176 y Fw(Exercise)37 b(6.2)49 b Fu(Use)39 -b(the)f(natural)f(seman)m(tics)h(to)g(pro)m(v)m(e)h(the)f(follo)m(wing) -e Fs(total)k(c)-5 b(orr)g(e)g(ctness)283 1296 y Fu(prop)s(ert)m(y)34 -b(for)e(the)h(factorial)d(program:)42 b(for)32 b(all)f(states)i -Fs(s)527 1495 y Fu(if)f Fs(s)40 b Fr(x)33 b Fo(>)g Fw(0)f -Fu(then)h(there)h(exists)f(a)f(state)h Fs(s)2087 1458 -y Fi(0)2143 1495 y Fu(suc)m(h)h(that)742 1696 y Ft(h)p -Fr(y)e Fu(:=)h Fr(1)p Fu(;)g Fr(while)h Ft(:)p Fu(\()p -Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f -Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p -Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)32 b(!)g Fs(s)3152 1660 -y Fi(0)552 1898 y Fu(and)h Fs(s)790 1862 y Fi(0)846 1898 -y Fr(y)g Fu(=)f(\()p Fs(s)40 b Fr(x)p Fu(\)!)2409 b Fh(2)283 -2186 y Fp(Structural)45 b(op)t(erational)i(seman)l(tics)283 -2371 y Fu(The)29 b(partial)d(correctness)k(of)e(the)h(factorial)c -(statemen)m(t)k(can)f(also)f(b)s(e)h(established)h(using)e(the)283 -2491 y Fs(structur)-5 b(al)36 b(op)-5 b(er)g(ational)34 -b(semantics)p Fu(.)43 b(The)33 b(prop)s(ert)m(y)g(is)g(then)g(reform)m -(ulated)e(as:)527 2689 y(F)-8 b(or)32 b(all)f(states)i -Fs(s)41 b Fu(and)32 b Fs(s)1433 2653 y Fi(0)1457 2689 -y Fu(,)g(if)742 2891 y Ft(h)p Fr(y)g Fu(:=)h Fr(1)p Fu(;)g -Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f -Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h -Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)8 -b Ft(i)32 b(\))3072 2855 y Fi(\003)3144 2891 y Fs(s)3192 -2855 y Fi(0)527 3093 y Fu(then)i Fs(s)798 3056 y Fi(0)853 -3093 y Fr(y)f Fu(=)g(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(and)32 -b Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)283 3291 y Fu(Again)g(it)g(is)g(w)m -(orth)m(while)g(to)g(approac)m(h)h(the)g(pro)s(of)f(in)g(stages:)283 -3489 y Fw(Stage)38 b(1:)49 b Fu(W)-8 b(e)33 b(pro)m(v)m(e)h(b)m(y)g -(induction)d(on)i(the)g(length)f(of)g(deriv)-5 b(ation)31 -b(sequences)36 b(that)527 3657 y(if)c Ft(h)p Fr(while)h -Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p -Fr(y)f Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f -Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)32 b(\))2617 -3621 y Fn(k)2690 3657 y Fs(s)2738 3621 y Fi(0)527 3824 -y Fu(then)i Fs(s)798 3788 y Fi(0)853 3824 y Fr(y)f Fu(=)g(\()p -Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b -Fr(x)p Fu(\)!)i(and)33 b Fs(s)1883 3788 y Fi(0)1939 3824 -y Fr(x)g Fu(=)f Fw(1)h Fu(and)f Fs(s)41 b Fr(x)33 b Fo(>)f -Fw(0)283 4026 y(Stage)38 b(2:)49 b Fu(W)-8 b(e)33 b(pro)m(v)m(e)h(that) -527 4194 y(if)e Ft(h)p Fr(y)g Fu(:=)h Fr(1)p Fu(;)g Fr(while)g -Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p -Fr(y)f Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f -Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)32 b(\))2947 -4158 y Fi(\003)3019 4194 y Fs(s)3067 4158 y Fi(0)527 -4361 y Fu(then)i Fs(s)798 4325 y Fi(0)853 4361 y Fr(y)f -Fu(=)g(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(and)32 b Fs(s)41 -b Fr(x)33 b Fo(>)f Fw(0)283 4583 y(Exercise)37 b(6.3)49 -b Fu(Complete)32 b(the)h(pro)s(of)e(of)i(stages)g(1)f(and)h(2.)1154 -b Fh(2)283 4871 y Fp(Denotational)48 b(seman)l(tics)283 -5055 y Fu(W)-8 b(e)25 b(shall)e(no)m(w)i(use)g(the)g(denotational)d -(seman)m(tics)i(to)g(pro)m(v)m(e)i(partial)c(correctness)k(prop)s -(erties)283 5176 y(of)32 b(statemen)m(ts.)44 b(The)34 -b(idea)d(is)h(to)g(form)m(ulate)e(the)j(prop)s(ert)m(y)g(as)f(a)g -Fs(pr)-5 b(e)g(dic)g(ate)39 b Fo( )d Fu(on)c(the)h(ccp)s(o)283 -5296 y(\()p Fw(State)g Fo(,)-17 b Ft(!)33 b Fw(State)p -Fu(,)f Ft(v)q Fu(\),)g(that)h(is)527 5494 y Fo( )t Fu(:)44 -b(\()p Fw(State)32 b Fo(,)-17 b Ft(!)33 b Fw(State)p -Fu(\))f Ft(!)h Fw(T)p eop -%%Page: 173 183 -173 182 bop 0 130 a Fw(6.1)112 b(Direct)36 b(pro)s(ofs)i(of)g(program)f -(correctness)1242 b(173)p 0 193 3473 4 v 0 515 a Fu(As)38 -b(an)g(example,)g(the)g(partial)d(correctness)40 b(of)d(the)h -(factorial)d(statemen)m(t)j(will)e(b)s(e)i(written)0 -636 y(as)244 830 y Fo( )311 845 y Fc(f)7 b(ac)424 830 -y Fu(\()p Ft(S)530 845 y Fn(ds)601 830 y Fu([)-17 b([)q -Fr(y)33 b Fu(:=)f Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p -Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f -Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p -Fr(1)p Fu(\)])-17 b(])r(\))32 b(=)h Fw(tt)0 1025 y Fu(where)h(the)f -(predicate)g Fo( )940 1040 y Fc(f)7 b(ac)1085 1025 y -Fu(is)33 b(de\014ned)h(b)m(y)458 1219 y Fo( )525 1234 -y Fc(f)7 b(ac)639 1219 y Fu(\()p Fs(g)i Fu(\))32 b(=)g -Fw(tt)244 1380 y Fu(if)f(and)i(only)f(if)510 1547 y(for)d(all)f(states) -j Fs(s)38 b Fu(and)30 b Fs(s)1377 1511 y Fi(0)1401 1547 -y Fu(,)g(if)f Fs(g)39 b(s)f Fu(=)29 b Fs(s)1860 1511 -y Fi(0)1914 1547 y Fu(then)k Fs(s)2184 1511 y Fi(0)2240 -1547 y Fr(y)f Fu(=)h(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(and)33 -b Fs(s)40 b Fr(x)33 b Fo(>)g Fw(0)146 1742 y Fu(A)24 -b(predicate)h Fo( )t Fu(:)39 b Fs(D)33 b Ft(!)24 b Fw(T)g -Fu(de\014ned)h(on)f(a)g(ccp)s(o)h(\()p Fs(D)9 b Fu(,)p -Ft(v)p Fu(\))24 b(is)g(called)f(an)h Fs(admissible)h(pr)-5 -b(e)g(dic)g(ate)0 1862 y Fu(if)31 b(and)i(only)f(if)g(w)m(e)h(ha)m(v)m -(e)244 2057 y(if)e Fo( )37 b Fs(d)42 b Fu(=)33 b Fw(tt)f -Fu(for)g(all)e Fs(d)43 b Ft(2)33 b Fs(Y)52 b Fu(then)33 -b Fo( )t Fu(\()1681 1990 y Fg(F)1750 2057 y Fs(Y)20 b -Fu(\))32 b(=)h Fw(tt)0 2251 y Fu(for)j(ev)m(ery)j(c)m(hain)d -Fs(Y)57 b Fu(in)36 b Fs(D)9 b Fu(.)36 b(Th)m(us)j(if)c -Fo( )41 b Fu(holds)36 b(on)h(all)e(the)i(elemen)m(ts)g(of)f(the)h(c)m -(hain)g(then)g(it)0 2372 y(also)32 b(holds)g(on)g(the)h(least)g(upp)s -(er)g(b)s(ound)f(of)h(the)g(c)m(hain.)0 2588 y Fw(Example)k(6.4)48 -b Fu(Consider)33 b(the)g(predicate)g Fo( )1719 2552 y -Fi(0)1719 2613 y Fc(f)7 b(ac)1865 2588 y Fu(de\014ned)34 -b(on)f Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)f Fu(b)m(y)458 -2783 y Fo( )525 2747 y Fi(0)525 2807 y Fc(f)7 b(ac)639 -2783 y Fu(\()p Fs(g)i Fu(\))32 b(=)g Fw(tt)244 2943 y -Fu(if)f(and)i(only)f(if)458 3144 y(for)h(all)d(states)j -Fs(s)41 b Fu(and)33 b Fs(s)1339 3108 y Fi(0)1362 3144 -y Fu(,)g(if)e Fs(g)41 b(s)g Fu(=)32 b Fs(s)1834 3108 -y Fi(0)458 3311 y Fu(then)i Fs(s)729 3275 y Fi(0)785 -3311 y Fr(y)e Fu(=)h(\()p Fs(s)40 b Fr(y)p Fu(\))33 b -Fo(?)f Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)i(and)33 b Fs(s)41 -b Fr(x)33 b Fo(>)f Fw(0)0 3512 y Fu(Then)43 b Fo( )331 -3476 y Fi(0)331 3536 y Fc(f)7 b(ac)486 3512 y Fu(is)41 -b(an)h(admissible)e(predicate.)71 b(T)-8 b(o)42 b(see)g(this)g(assume)g -(that)g Fs(Y)61 b Fu(is)41 b(a)h(c)m(hain)f(in)0 3632 -y Fw(State)34 b Fo(,)-17 b Ft(!)33 b Fw(State)h Fu(and)g(assume)g(that) -g Fo( )1530 3596 y Fi(0)1530 3657 y Fc(f)7 b(ac)1677 -3632 y Fs(g)42 b Fu(=)33 b Fw(tt)g Fu(for)g(all)f Fs(g)42 -b Ft(2)34 b Fs(Y)20 b Fu(.)33 b(W)-8 b(e)35 b(shall)d(then)i(pro)m(v)m -(e)0 3753 y(that)e Fo( )278 3716 y Fi(0)278 3777 y Fc(f)7 -b(ac)392 3753 y Fu(\()430 3686 y Fg(F)499 3753 y Fs(Y)20 -b Fu(\))32 b(=)g Fw(tt)p Fu(,)g(that)h(is)458 3947 y(\()496 -3881 y Fg(F)566 3947 y Fs(Y)19 b Fu(\))33 b Fs(s)40 b -Fu(=)33 b Fs(s)965 3911 y Fi(0)244 4107 y Fu(implies)458 -4308 y Fs(s)506 4272 y Fi(0)562 4308 y Fr(y)g Fu(=)g(\()p -Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b -Fr(x)p Fu(\)!)i(and)33 b Fs(s)41 b Fr(x)32 b Fo(>)h Fw(0)0 -4508 y Fu(F)-8 b(rom)23 b(Lemma)g(4.25)g(w)m(e)j(ha)m(v)m(e)f(graph\() -1419 4442 y Fg(F)1488 4508 y Fs(Y)20 b Fu(\))k(=)1742 -4442 y Fg(S)1812 4508 y Ft(f)g Fu(graph\()p Fs(g)9 b -Fu(\))23 b Ft(j)h Fs(g)33 b Ft(2)25 b Fs(Y)44 b Ft(g)p -Fu(.)c(W)-8 b(e)25 b(ha)m(v)m(e)h(assumed)0 4629 y(that)34 -b(\()251 4562 y Fg(F)320 4629 y Fs(Y)20 b Fu(\))32 b -Fs(s)41 b Fu(=)32 b Fs(s)719 4593 y Fi(0)776 4629 y Fu(so)j -Fs(Y)53 b Fu(cannot)34 b(b)s(e)h(empt)m(y)f(and)g Ft(h)p -Fs(s)8 b Fu(,)35 b Fs(s)2166 4593 y Fi(0)2189 4629 y -Ft(i)f(2)g Fu(graph\()p Fs(g)9 b Fu(\))33 b(for)h(some)g -Fs(g)42 b Ft(2)35 b Fs(Y)19 b Fu(.)0 4749 y(But)33 b(then)244 -4944 y Fs(s)292 4908 y Fi(0)348 4944 y Fr(y)g Fu(=)f(\()p -Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b -Fr(x)p Fu(\)!)j(and)32 b Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)0 -5138 y Fu(as)g Fo( )186 5102 y Fi(0)186 5163 y Fc(f)7 -b(ac)331 5138 y Fs(g)40 b Fu(=)31 b Fw(tt)g Fu(for)g(all)e -Fs(g)40 b Ft(2)32 b Fs(Y)20 b Fu(.)32 b(This)f(pro)m(v)m(es)j(that)d -Fo( )2057 5102 y Fi(0)2057 5163 y Fc(f)7 b(ac)2202 5138 -y Fu(is)31 b(an)h(admissible)d(predicate.)76 b Fh(2)146 -5355 y Fu(F)-8 b(or)29 b(admissible)e(predicates)k(w)m(e)f(ha)m(v)m(e)h -(the)f(follo)m(wing)c(induction)j(principle)f(called)g -Fs(\014xe)-5 b(d)0 5475 y(p)g(oint)35 b(induction)p Fu(:)p -eop -%%Page: 174 184 -174 183 bop 251 130 a Fw(174)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283 -515 3473 5 v 283 684 a(Theorem)38 b(6.5)49 b Fu(Let)34 -b(\()p Fs(D)9 b Fu(,)p Ft(v)q Fu(\))34 b(b)s(e)h(a)f(ccp)s(o)h(and)f -(let)g Fs(f)21 b Fu(:)47 b Fs(D)d Ft(!)34 b Fs(D)43 b -Fu(b)s(e)35 b(a)f(con)m(tin)m(uous)h(function)283 804 -y(and)e(let)f Fo( )37 b Fu(b)s(e)32 b(an)h(admissible)d(predicate)j(on) -g Fs(D)9 b Fu(.)32 b(If)h(for)f(all)e Fs(d)43 b Ft(2)33 -b Fs(D)527 1001 y Fo( )k Fs(d)43 b Fu(=)32 b Fw(tt)g -Fu(implies)e Fo( )t Fu(\()p Fs(f)53 b(d)10 b Fu(\))33 -b(=)f Fw(tt)283 1198 y Fu(then)i Fo( )t Fu(\(FIX)e Fs(f)21 -b Fu(\))32 b(=)h Fw(tt)p Fu(.)p 283 1319 V 283 1516 a -Fw(Pro)s(of:)38 b Fu(W)-8 b(e)33 b(shall)e(\014rst)i(note)g(that)527 -1713 y Fo( )k Ft(?)c Fu(=)f Fw(tt)283 1910 y Fu(holds)k(b)m(y)i -(admissibilit)m(y)32 b(of)k Fo( )k Fu(\(applied)35 b(to)h(the)h(c)m -(hain)f Fs(Y)56 b Fu(=)36 b Ft(;)p Fu(\).)54 b(By)37 -b(induction)e(on)h(n)h(w)m(e)283 2031 y(can)c(then)h(sho)m(w)f(that)527 -2228 y Fo( )t Fu(\()p Fs(f)683 2192 y Fn(n)759 2228 y -Ft(?)q Fu(\))f(=)g Fw(tt)283 2425 y Fu(using)f(the)f(assumptions)h(of)e -(the)i(theorem.)43 b(By)31 b(admissibilit)m(y)c(of)j -Fo( )k Fu(\(applied)29 b(to)h(the)h(c)m(hain)283 2546 -y Fs(Y)53 b Fu(=)32 b Ft(f)g Fs(f)649 2509 y Fn(n)725 -2546 y Ft(?)h(j)f Fu(n)h Ft(\025)g Fu(0)f Ft(g)p Fu(\))h(w)m(e)g(then)g -(ha)m(v)m(e)527 2743 y Fo( )t Fu(\(FIX)g Fs(f)21 b Fu(\))32 -b(=)h Fw(tt)283 2940 y Fu(This)g(completes)g(the)g(pro)s(of.)2306 -b Fh(2)430 3143 y Fu(W)-8 b(e)42 b(are)g(no)m(w)g(in)f(a)h(p)s(osition) -e(where)j(w)m(e)g(can)f(pro)m(v)m(e)h(the)g(partial)c(correctness)44 -b(of)d(the)283 3264 y(factorial)31 b(statemen)m(t.)44 -b(The)33 b(\014rst)g(observ)-5 b(ation)32 b(is)g(that)527 -3461 y Ft(S)595 3476 y Fn(ds)666 3461 y Fu([)-17 b([)q -Fr(y)33 b Fu(:=)f(1;)h Fr(while)g Ft(:)q Fu(\()p Fr(x)p -Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p Fr(y)f Fu(:=)h -Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p -Fr(1)p Fu(\)])-17 b(])r Fs(s)40 b Fu(=)33 b Fs(s)2989 -3425 y Fi(0)283 3658 y Fu(if)f(and)h(only)f(if)527 3856 -y Ft(S)595 3871 y Fn(ds)666 3856 y Fu([)-17 b([)q Fr(while)34 -b Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g -Fu(\()p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g -Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(\)])-17 b(])r(\()p -Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(]\))33 b(=)f -Fs(s)2998 3819 y Fi(0)283 4053 y Fu(Th)m(us)j(it)c(is)h(su\016cien)m(t) -i(to)e(pro)m(v)m(e)i(that)552 4220 y Fo( )619 4184 y -Fi(0)619 4245 y Fc(f)7 b(ac)733 4220 y Fu(\()p Ft(S)838 -4235 y Fn(ds)910 4220 y Fu([)-17 b([)p Fr(while)34 b -Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p -Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g -Fr(x)p Ft(\000)p Fr(1)p Fu(\)])-17 b(])q(\))33 b(=)f -Fw(tt)697 b Fu(\(*\))283 4388 y(\(where)34 b Fo( )670 -4352 y Fi(0)670 4413 y Fc(f)7 b(ac)816 4388 y Fu(is)32 -b(de\014ned)i(in)e(Example)g(6.4\))g(as)h(this)f(will)e(imply)h(that) -527 4585 y Fo( )594 4600 y Fc(f)7 b(ac)708 4585 y Fu(\()p -Ft(S)813 4600 y Fn(ds)885 4585 y Fu([)-17 b([)p Fr(y)33 -b Fu(:=)g Fr(1)p Fu(;)f Fr(while)i Ft(:)q Fu(\()p Fr(x)p -Fu(=)p Fr(1)p Fu(\))e Fr(do)i Fu(\()p Fr(y)e Fu(:=)h -Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)f Fu(:=)h Fr(x)p Ft(\000)p -Fr(1)p Fu(\)])-17 b(])q(\))33 b(=)f Fw(tt)430 4782 y -Fu(W)-8 b(e)30 b(shall)e(no)m(w)i(reform)m(ulate)e(\(*\))h(sligh)m(tly) -f(to)i(bring)e(ourselv)m(es)j(in)e(a)g(p)s(osition)f(where)j(w)m(e)283 -4903 y(can)i(use)h(\014xed)g(p)s(oin)m(t)d(induction.)43 -b(Using)32 b(the)h(de\014nition)f(of)g Ft(S)2647 4918 -y Fn(ds)2751 4903 y Fu(in)g(T)-8 b(able)32 b(4.1)g(w)m(e)i(ha)m(v)m(e) -527 5100 y Ft(S)595 5115 y Fn(ds)666 5100 y Fu([)-17 -b([)q Fr(while)34 b Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p -Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p -Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p -Fu(\)])-17 b(])34 b(=)f(FIX)f Fs(F)283 5297 y Fu(where)i(the)f -(functional)e Fs(F)46 b Fu(is)32 b(de\014ned)i(b)m(y)527 -5494 y Fs(F)46 b(g)41 b Fu(=)32 b(cond\()p Ft(B)t Fu([)-17 -b([)q Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q(,)33 -b Fs(g)41 b Ft(\016)32 b(S)1830 5509 y Fn(ds)1901 5494 -y Fu([)-17 b([)q Fr(y)33 b Fu(:=)f Fr(y)p Fo(?)p Fr(x)p -Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(])-17 -b(])r(,)32 b(id\))p eop -%%Page: 175 185 -175 184 bop 0 130 a Fw(6.2)112 b(P)m(artial)36 b(correctness)h -(assertions)1619 b(175)p 0 193 3473 4 v 0 515 a Fu(Using)32 -b(the)h(seman)m(tic)f(equations)h(de\014ning)g Ft(S)1720 -530 y Fn(ds)1823 515 y Fu(w)m(e)h(can)f(rewrite)f(this)h(de\014nition)e -(as)244 776 y(\()p Fs(F)45 b(g)9 b Fu(\))32 b Fs(s)41 -b Fu(=)704 601 y Fg(8)704 676 y(<)704 826 y(:)820 691 -y Fs(s)1431 b Fu(if)32 b Fs(s)40 b(x)k Fu(=)33 b Fw(1)820 -859 y Fs(g)9 b Fu(\()p Fs(s)f Fu([)p Fr(y)p Ft(7!)o Fu(\()p -Fs(s)41 b Fr(y)p Fu(\))p Fo(?)p Fu(\()p Fs(s)f Fr(x)p -Fu(\)][)p Fr(x)p Ft(7!)q Fu(\()p Fs(s)g Fr(x)p Fu(\))p -Ft(\000)p Fr(1)p Fu(]\))84 b(otherwise)146 1042 y(W)-8 -b(e)29 b(ha)m(v)m(e)g(already)e(seen)i(that)f Fs(F)41 -b Fu(is)27 b(a)h(con)m(tin)m(uous)g(function)f(\(for)h(example)f(in)g -(the)h(pro)s(of)0 1162 y(of)43 b(Prop)s(osition)f(4.47\))h(and)h(from)e -(Example)h(6.4)h(w)m(e)g(ha)m(v)m(e)h(that)f Fo( )2620 -1126 y Fi(0)2620 1187 y Fc(f)7 b(ac)2777 1162 y Fu(is)43 -b(an)g(admissible)0 1282 y(predicate.)h(Th)m(us)34 b(w)m(e)f(see)h -(from)d(Theorem)i(6.5)f(that)h(\(*\))f(follo)m(ws)f(if)h(w)m(e)h(sho)m -(w)h(that)244 1461 y Fo( )311 1425 y Fi(0)311 1486 y -Fc(f)7 b(ac)457 1461 y Fs(g)41 b Fu(=)32 b Fw(tt)g Fu(implies)e -Fo( )1169 1425 y Fi(0)1169 1486 y Fc(f)7 b(ac)1283 1461 -y Fu(\()p Fs(F)45 b(g)9 b Fu(\))32 b(=)g Fw(tt)0 1640 -y Fu(T)-8 b(o)33 b(pro)m(v)m(e)g(this)g(implication)28 -b(assume)33 b(that)g Fo( )1722 1604 y Fi(0)1722 1665 -y Fc(f)7 b(ac)1867 1640 y Fs(g)42 b Fu(=)32 b Fw(tt)p -Fu(,)g(that)g(is)g(for)g(all)f(states)i Fs(s)41 b Fu(and)32 -b Fs(s)3398 1604 y Fi(0)244 1819 y Fu(if)f Fs(g)41 b(s)g -Fu(=)32 b Fs(s)656 1782 y Fi(0)712 1819 y Fu(then)h Fs(s)982 -1782 y Fi(0)1038 1819 y Fr(y)g Fu(=)g(\()p Fs(s)40 b -Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)i(and)33 -b Fs(s)41 b Fr(x)32 b Fo(>)h Fw(0)0 1997 y Fu(W)-8 b(e)33 -b(shall)e(pro)m(v)m(e)j(that)e Fo( )937 1961 y Fi(0)937 -2022 y Fc(f)7 b(ac)1051 1997 y Fu(\()p Fs(F)45 b(g)9 -b Fu(\))32 b(=)h Fw(tt)p Fu(,)e(that)i(is)f(for)g(all)e(states)k -Fs(s)40 b Fu(and)33 b Fs(s)2767 1961 y Fi(0)244 2176 -y Fu(if)e(\()p Fs(F)46 b(g)9 b Fu(\))32 b Fs(s)40 b Fu(=)33 -b Fs(s)842 2140 y Fi(0)898 2176 y Fu(then)g Fs(s)1168 -2140 y Fi(0)1224 2176 y Fr(y)g Fu(=)f(\()p Fs(s)40 b -Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)j(and)32 -b Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)0 2355 y Fu(Insp)s(ecting)j(the)g -(de\014nition)f(of)g Fs(F)47 b Fu(w)m(e)36 b(see)g(that)e(there)i(are)e -(t)m(w)m(o)i(cases.)51 b(First)33 b(assume)j(that)0 2475 -y Fs(s)45 b Fr(x)36 b Fu(=)h Fw(1)p Fu(.)55 b(Then)38 -b(\()p Fs(F)46 b(g)9 b Fu(\))32 b Fs(s)40 b Fu(=)33 b -Fs(s)44 b Fu(and)37 b(clearly)f Fs(s)44 b Fr(y)37 b Fu(=)f(\()p -Fs(s)45 b Fr(y)p Fu(\))37 b Fo(?)f Fu(\()p Fs(s)45 b -Fr(x)p Fu(\)!)55 b(and)37 b Fs(s)45 b Fr(x)37 b Fo(>)f -Fw(0)p Fu(.)56 b(Next)0 2596 y(assume)33 b(that)f Fs(s)41 -b Fr(x)33 b Ft(6)p Fu(=)f Fw(1)p Fu(.)44 b(Then)244 2774 -y(\()p Fs(F)h(g)9 b Fu(\))32 b Fs(s)41 b Fu(=)32 b Fs(g)9 -b Fu(\()p Fs(s)f Fu([)p Fr(y)p Ft(7!)p Fu(\()p Fs(s)40 -b Fr(y)p Fu(\))p Fo(?)p Fu(\()p Fs(s)h Fr(x)p Fu(\)][)p -Fr(x)p Ft(7!)p Fu(\()p Fs(s)g Fr(x)p Fu(\))p Ft(\000)p -Fw(1)p Fu(]\))0 2953 y(F)-8 b(rom)31 b(the)i(assumptions)f(ab)s(out)h -Fs(g)41 b Fu(w)m(e)33 b(then)g(get)g(that)244 3132 y -Fs(s)292 3096 y Fi(0)348 3132 y Fr(y)g Fu(=)f(\(\()p -Fs(s)40 b Fr(y)p Fu(\))p Fo(?)p Fu(\()p Fs(s)h Fr(x)p -Fu(\)\))33 b Fo(?)f Fu(\(\()p Fs(s)40 b Fr(x)p Fu(\))p -Ft(\000)p Fw(1)p Fu(\)!)k(and)33 b(\()p Fs(s)41 b Fr(x)p -Fu(\))p Ft(\000)p Fw(1)33 b Fo(>)f Fw(0)0 3311 y Fu(so)h(that)f(the)h -(desired)g(result)244 3489 y Fs(s)292 3453 y Fi(0)348 -3489 y Fr(y)g Fu(=)f(\()p Fs(s)40 b Fr(y)p Fu(\))33 b -Fo(?)f Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)j(and)32 b Fs(s)41 -b Fr(x)33 b Fo(>)f Fw(0)0 3668 y Fu(follo)m(ws.)0 3863 -y Fw(Exercise)k(6.6)49 b Fu(Rep)s(eat)33 b(Exercise)h(6.1)e(using)g -(the)h(denotational)e(seman)m(tics.)463 b Fh(2)0 4192 -y Fj(6.2)161 b(P)l(artial)55 b(correctness)c(assertions)0 -4411 y Fu(One)30 b(ma)m(y)g(argue)g(that)g(the)g(ab)s(o)m(v)m(e)h(pro)s -(ofs)f(are)g(to)s(o)f(detailed)g(to)h(b)s(e)g(practically)e(useful;)j -(the)0 4531 y(reason)36 b(is)f(that)g(they)h(are)g(to)s(o)e(closely)h -(connected)i(with)e(the)h(seman)m(tics)g(of)e(the)i(program-)0 -4652 y(ming)29 b(language.)42 b(One)32 b(ma)m(y)f(therefore)g(w)m(an)m -(t)h(to)f(capture)h(the)f Fs(essential)i(pr)-5 b(op)g(erties)38 -b Fu(of)31 b(the)0 4772 y(v)-5 b(arious)42 b(constructs)i(so)f(that)f -(it)f(w)m(ould)i(b)s(e)g(less)g(demanding)e(to)h(conduct)i(pro)s(ofs)e -(ab)s(out)0 4893 y(giv)m(en)35 b(programs.)48 b(Of)34 -b(course)i(the)f(c)m(hoice)g(of)f(\\essen)m(tial)g(prop)s(erties")h -(will)d(determine)i(the)0 5013 y(sort)42 b(of)g(prop)s(erties)g(that)f -(w)m(e)i(ma)m(y)f(accomplish)f(pro)m(ving.)71 b(In)43 -b(this)e(section)i(w)m(e)g(shall)d(b)s(e)0 5133 y(in)m(terested)29 -b(in)e(partial)f(correctness)k(prop)s(erties)e(and)h(therefore)f(the)h -(\\essen)m(tial)f(prop)s(erties")0 5254 y(of)k(the)h(v)-5 -b(arious)32 b(constructs)i(will)c(not)j(include)f(termination.)146 -5374 y(The)41 b(idea)e(is)g(to)g(sp)s(ecify)h(prop)s(erties)g(of)f -(programs)g(as)g Fs(assertions)p Fu(,)i(or)e(claims,)h(ab)s(out)0 -5494 y(them.)j(An)33 b(assertion)g(is)f(a)g(triple)f(of)h(the)h(form)p -eop -%%Page: 176 186 -176 185 bop 251 130 a Fw(176)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527 -515 a Ft(f)33 b Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 -b Fs(Q)41 b Ft(g)283 761 y Fu(where)29 b Fs(S)40 b Fu(is)27 -b(a)h(statemen)m(t)g(and)g Fs(P)38 b Fu(and)28 b Fs(Q)36 -b Fu(are)28 b(predicates.)43 b(Here)28 b Fs(P)38 b Fu(is)27 -b(called)g(the)h Fs(pr)-5 b(e)g(c)g(ondi-)283 881 y(tion)37 -b Fu(and)29 b Fs(Q)37 b Fu(is)29 b(called)e(the)j Fs(p)-5 -b(ostc)g(ondition)p Fu(.)83 b(In)m(tuitiv)m(ely)-8 b(,)29 -b(the)g(meaning)f(of)g Ft(f)33 b Fs(P)42 b Ft(g)33 b -Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)283 1001 y Fu(is)33 -b(that)527 1246 y Fs(if)54 b(P)43 b Fu(holds)32 b(in)g(the)h(initial)28 -b(state,)34 b(and)527 1414 y Fs(if)54 b Fu(the)33 b(execution)g(of)f -Fs(S)44 b Fu(terminates)32 b(when)i(started)f(in)f(that)g(state,)527 -1582 y Fs(then)40 b(Q)i Fu(will)30 b(hold)i(in)g(the)h(state)g(in)e -(whic)m(h)j Fs(S)44 b Fu(halts)283 1827 y(Note)33 b(that)f(for)g -Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b Fs(Q)41 -b Ft(g)32 b Fu(to)g(hold)g(w)m(e)i(do)e Fs(not)42 b Fu(require)32 -b(that)h Fs(S)44 b Fu(halts)32 b(when)h(started)283 1947 -y(in)28 b(states)h(satisfying)e Fs(P)38 b Fu(|)27 b(merely)h(that)g -Fs(if)48 b Fu(it)27 b(do)s(es)i(halt)e Fs(then)35 b(Q)i -Fu(holds)28 b(in)f(the)h(\014nal)f(state.)283 2288 y -Fp(Logical)46 b(v)-7 b(ariables)283 2489 y Fu(As)34 b(an)e(example)g(w) -m(e)i(ma)m(y)e(write)552 2657 y Ft(f)h Fr(x)p Fu(=)p -Fr(n)f Ft(g)h Fr(y)g Fu(:=)f Fr(1)p Fu(;)h Fr(while)h -Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p -Fr(y)g Fu(:=)f Fr(x)p Fo(?)p Fr(y)p Fu(;)h Fr(x)g Fu(:=)f -Fr(x)p Ft(\000)p Fr(1)p Fu(\))i Ft(f)e Fr(y)p Fu(=)p -Fr(n)p Fu(!)44 b Ft(^)33 b Fr(n)p Fo(>)p Fu(0)f Ft(g)283 -2825 y Fu(to)45 b(express)i(that)d(if)g(the)h(v)-5 b(alue)44 -b(of)g Fr(x)h Fu(is)f(equal)g(to)h(the)g(v)-5 b(alue)44 -b(of)g Fr(n)h Fs(b)-5 b(efor)g(e)51 b Fu(the)45 b(factorial)283 -2945 y(program)32 b(is)g(executed)j(then)e(the)g(v)-5 -b(alue)32 b(of)g Fr(y)h Fu(will)d(b)s(e)j(equal)g(to)f(the)h(factorial) -d(of)i(the)h(v)-5 b(alue)283 3065 y(of)36 b Fr(n)g Fs(after)46 -b Fu(the)36 b(execution)h(of)e(the)h(program)e(has)j(terminated)d(\(if) -h(indeed)h(it)f(terminates\).)283 3186 y(Here)46 b Fr(n)e -Fu(is)h(a)f(sp)s(ecial)f(v)-5 b(ariable)43 b(called)g(a)i -Fs(lo)-5 b(gic)g(al)53 b Fu(v)-5 b(ariable)43 b(and)i(these)h(logical) -41 b(v)-5 b(ariables)283 3306 y(m)m(ust)42 b(not)f(app)s(ear)g(in)f(an) -m(y)i(statemen)m(t)f(considered.)70 b(The)42 b(role)f(of)f(these)j(v)-5 -b(ariables)40 b(is)g(to)283 3426 y(\\remem)m(b)s(er")f(the)g(initial)c -(v)-5 b(alues)39 b(of)g(the)g(program)f(v)-5 b(ariables.)61 -b(Note)39 b(that)g(if)f(w)m(e)i(replace)283 3547 y(the)g(p)s -(ostcondition)e Fr(y)p Fu(=)p Fr(n)p Fu(!)63 b Ft(^)39 -b Fr(n)p Fo(>)p Fu(0)g(b)m(y)h(the)g(new)g(p)s(ostcondition)d -Fr(y)p Fu(=)p Fr(x)p Fu(!)63 b Ft(^)40 b Fr(x)p Fo(>)p -Fu(0)f(then)g(the)283 3667 y(assertion)j(ab)s(o)m(v)m(e)h(will)c -(express)44 b(a)d(relationship)f(b)s(et)m(w)m(een)k(the)e(\014nal)f(v) --5 b(alue)41 b(of)g Fr(y)h Fu(and)f(the)283 3788 y(\014nal)36 -b(v)-5 b(alue)35 b(of)g Fr(x)i Fu(and)f(this)f(is)h(not)f(what)i(w)m(e) -g(w)m(an)m(t.)54 b(The)37 b(use)g(of)e(logical)e(v)-5 -b(ariables)35 b(solv)m(es)283 3908 y(the)e(problem)f(b)s(ecause)i(it)d -(allo)m(ws)h(us)h(to)f(refer)h(to)f(initial)d(v)-5 b(alues)33 -b(of)f(v)-5 b(ariables.)430 4037 y(W)d(e)33 b(shall)e(th)m(us)j -(distinguish)d(b)s(et)m(w)m(een)j(t)m(w)m(o)g(kinds)f(of)f(v)-5 -b(ariables:)429 4282 y Ft(\017)48 b Fu(program)32 b(v)-5 -b(ariables,)31 b(and)429 4527 y Ft(\017)48 b Fu(logical)30 -b(v)-5 b(ariables.)283 4772 y(The)40 b(states)g(will)d(determine)h(the) -i(v)-5 b(alues)38 b(of)h(b)s(oth)f(kinds)i(of)e(v)-5 -b(ariables)38 b(and)h(since)g(logical)283 4893 y(v)-5 -b(ariables)35 b(do)h(not)g(o)s(ccur)g(in)f(programs)h(their)f(v)-5 -b(alues)36 b(will)e(alw)m(a)m(ys)i(b)s(e)h(the)f(same.)54 -b(In)36 b(case)283 5013 y(of)42 b(the)h(factorial)d(program)h(w)m(e)i -(kno)m(w)g(that)f(the)h(v)-5 b(alue)42 b(of)f Fr(n)i -Fu(is)f(the)g(same)g(in)g(the)h(initial)283 5133 y(state)30 -b(and)g(in)e(the)i(\014nal)f(state.)43 b(The)30 b(precondition)e -Fr(x)33 b Fu(=)g Fr(n)c Fu(expresses)k(that)c Fr(n)g -Fu(has)h(the)g(same)283 5254 y(v)-5 b(alue)28 b(as)h -Fr(x)g Fu(in)e(the)i(initial)c(state.)43 b(Since)28 b(the)h(program)e -(will)f(not)j(c)m(hange)g(the)g(v)-5 b(alue)28 b(of)g -Fr(n)g Fu(the)283 5374 y(p)s(ostcondition)j Fr(y)h Fu(=)g -Fr(n)p Fu(!)43 b(will)30 b(express)k(that)d(the)i(\014nal)e(v)-5 -b(alue)31 b(of)g Fr(y)h Fu(is)g(equal)g(to)f(the)h(factorial)283 -5494 y(of)h(the)g(initial)28 b(v)-5 b(alue)32 b(of)g -Fr(x)p Fu(.)p eop -%%Page: 177 187 -177 186 bop 0 130 a Fw(6.2)112 b(P)m(artial)36 b(correctness)h -(assertions)1619 b(177)p 0 193 3473 4 v 0 515 a Fp(The)44 -b(assertion)j(language)0 704 y Fu(There)37 b(are)f(t)m(w)m(o)g(approac) -m(hes)h(concerning)f(ho)m(w)g(to)g(sp)s(ecify)g(the)g(preconditions)f -(and)h(p)s(ost-)0 824 y(conditions)c(of)g(the)h(assertions:)145 -1037 y Ft(\017)49 b Fu(the)33 b(in)m(tensional)e(approac)m(h,)i(v)m -(ersus)145 1249 y Ft(\017)49 b Fu(the)33 b(extensional)f(approac)m(h.)0 -1461 y(In)f(the)g Fs(intensional)h(appr)-5 b(o)g(ach)37 -b Fu(the)32 b(idea)e(is)g(to)g(in)m(tro)s(duce)h(an)g(explicit)e -(language)h(called)f(an)0 1582 y Fs(assertion)f(language)33 -b Fu(and)26 b(then)h(the)f(conditions)g(will)d(b)s(e)k(form)m(ulae)d -(of)i(that)g(language.)40 b(This)0 1702 y(assertion)28 -b(language)f(is)g(in)g(general)h(m)m(uc)m(h)g(more)g(p)s(o)m(w)m(erful) -g(than)g(the)g(b)s(o)s(olean)f(expressions,)0 1822 y -Fw(Bexp)p Fu(,)46 b(in)m(tro)s(duced)d(in)f(Chapter)h(1.)74 -b(In)44 b(fact)e(the)i(assertion)e(language)g(has)h(to)g(b)s(e)g(v)m -(ery)0 1943 y(p)s(o)m(w)m(erful)35 b(indeed)g(in)e(order)i(to)f(b)s(e)h -(able)f(to)g(express)j(all)c(the)i(preconditions)f(and)h(p)s(ostcon-)0 -2063 y(ditions)g(w)m(e)i(ma)m(y)f(b)s(e)h(in)m(terested)g(in;)g(w)m(e)g -(shall)e(return)i(to)f(this)g(in)f(the)i(next)g(section.)54 -b(The)0 2184 y(approac)m(h)36 b(w)m(e)g(shall)d(follo)m(w)h(is)g(the)i -Fs(extensional)g(appr)-5 b(o)g(ach)41 b Fu(and)35 b(it)f(is)h(a)g(kind) -g(of)g(shortcut.)0 2304 y(The)41 b(idea)e(is)g(that)h(the)g(conditions) -f(are)g(predicates,)k(that)c(is)h(functions)f(in)g Fw(State)h -Ft(!)f Fw(T)p Fu(.)0 2424 y(Th)m(us)31 b(the)e(meaning)f(of)g -Ft(f)h Fs(P)39 b Ft(g)29 b Fs(S)41 b Ft(f)29 b Fs(Q)38 -b Ft(g)29 b Fu(ma)m(y)f(b)s(e)i(reform)m(ulated)d(as)j(sa)m(ying)f -(that)g(if)e Fs(P)40 b Fu(holds)0 2545 y(on)31 b(a)g(state)g -Fs(s)40 b Fu(and)31 b(if)f Fs(S)43 b Fu(executed)33 b(from)d(state)h -Fs(s)39 b Fu(results)32 b(in)e(the)i(state)f Fs(s)2725 -2509 y Fi(0)2780 2545 y Fu(then)g Fs(Q)41 b Fu(holds)30 -b(on)0 2665 y Fs(s)48 2629 y Fi(0)71 2665 y Fu(.)48 b(W)-8 -b(e)34 b(can)h(write)e(an)m(y)i(predicates)f(w)m(e)h(lik)m(e)f(and)g -(therefore)g(the)h(expressiv)m(eness)j(problem)0 2786 -y(men)m(tioned)32 b(ab)s(o)m(v)m(e)i(do)s(es)f(not)f(arise.)146 -2908 y(Eac)m(h)40 b(b)s(o)s(olean)d(expression)j Fs(b)45 -b Fu(de\014nes)40 b(a)e(predicate)h Ft(B)s Fu([)-17 b([)q -Fs(b)6 b Fu(])-17 b(])q(.)61 b(W)-8 b(e)39 b(shall)f(feel)g(free)h(to)f -(let)0 3028 y Fs(b)i Fu(include)34 b(logical)d(v)-5 b(ariables)32 -b(as)j(w)m(ell)e(as)h(program)f(v)-5 b(ariables)33 b(so)h(the)h -(precondition)e Fr(x)g Fu(=)f Fr(n)0 3148 y Fu(used)44 -b(ab)s(o)m(v)m(e)g(is)e(an)h(example)g(of)f(a)h(b)s(o)s(olean)e -(expression.)76 b(T)-8 b(o)43 b(ease)h(the)g(readabilit)m(y)-8 -b(,)43 b(w)m(e)0 3269 y(in)m(tro)s(duce)33 b(the)g(follo)m(wing)c -(notation)294 3473 y Fs(P)370 3488 y Fn(1)442 3473 y -Ft(^)k Fs(P)617 3488 y Fn(2)892 3473 y Fu(for)99 b Fs(P)43 -b Fu(where)34 b Fs(P)43 b(s)e Fu(=)32 b(\()p Fs(P)1911 -3488 y Fn(1)1983 3473 y Fs(s)8 b Fu(\))33 b(and)f(\()p -Fs(P)2405 3488 y Fn(2)2478 3473 y Fs(s)8 b Fu(\))294 -3640 y Fs(P)370 3655 y Fn(1)442 3640 y Ft(_)33 b Fs(P)617 -3655 y Fn(2)892 3640 y Fu(for)99 b Fs(P)43 b Fu(where)34 -b Fs(P)43 b(s)e Fu(=)32 b(\()p Fs(P)1911 3655 y Fn(1)1983 -3640 y Fs(s)8 b Fu(\))33 b(or)f(\()p Fs(P)2335 3655 y -Fn(2)2407 3640 y Fs(s)8 b Fu(\))294 3808 y Ft(:)p Fs(P)466 -b Fu(for)99 b Fs(P)1184 3772 y Fi(0)1241 3808 y Fu(where)33 -b Fs(P)1598 3772 y Fi(0)1655 3808 y Fs(s)40 b Fu(=)33 -b Ft(:)p Fu(\()p Fs(P)43 b(s)8 b Fu(\))294 3976 y Fs(P)i -Fu([)p Fs(x)i Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 -b(])q(])99 b(for)g Fs(P)1184 3940 y Fi(0)1241 3976 y -Fu(where)33 b Fs(P)1598 3940 y Fi(0)1655 3976 y Fs(s)40 -b Fu(=)33 b Fs(P)42 b Fu(\()p Fs(s)8 b Fu([)p Fs(x)k -Ft(7!A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 -b Fu(]\))294 4143 y Fs(P)370 4158 y Fn(1)442 4143 y Ft(\))32 -b Fs(P)650 4158 y Fn(2)892 4143 y Fu(for)99 b Ft(8)q -Fs(s)40 b Ft(2)33 b Fw(State)p Fu(:)44 b Fs(P)1745 4158 -y Fn(1)1817 4143 y Fs(s)d Fu(implies)30 b Fs(P)2305 4158 -y Fn(2)2377 4143 y Fs(s)0 4349 y Fu(When)49 b(it)e(is)g(con)m(v)m -(enien)m(t,)54 b(but)48 b(not)g(when)h(de\014ning)f(formal)d(inference) -k(rules,)j(w)m(e)d(shall)0 4469 y(allo)m(w)33 b(to)i(disp)s(ense)h -(with)e Ft(B)t Fu([)-17 b([)p Ft(\001)17 b(\001)g(\001)o -Fu(])-17 b(])35 b(and)g Ft(A)p Fu([)-17 b([)p Ft(\001)17 -b(\001)g(\001)n Fu(])-17 b(])36 b(inside)e(square)i(brac)m(k)m(ets)h -(as)e(w)m(ell)f(as)h(within)0 4590 y(preconditions)d(and)h(p)s -(ostconditions.)0 4832 y Fw(Exercise)j(6.7)49 b Fu(Sho)m(w)34 -b(that)145 5045 y Ft(\017)49 b(B)s Fu([)-17 b([)q Fs(b)6 -b Fu([)p Fs(x)12 b Ft(7!)o Fs(a)7 b Fu(]])-17 b(])34 -b(=)e Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q([)p -Fs(x)12 b Ft(7!)o(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 -b(])q(])33 b(for)f(all)e Fs(b)39 b Fu(and)33 b Fs(a)7 -b Fu(,)145 5257 y Ft(\017)49 b(B)s Fu([)-17 b([)q Fs(b)401 -5272 y Fn(1)473 5257 y Ft(^)33 b Fs(b)623 5272 y Fn(2)662 -5257 y Fu(])-17 b(])33 b(=)g Ft(B)s Fu([)-17 b([)q Fs(b)998 -5272 y Fn(1)1037 5257 y Fu(])g(])33 b Ft(^)g(B)t Fu([)-17 -b([)p Fs(b)1363 5272 y Fn(2)1403 5257 y Fu(])g(])33 b(for)f(all)e -Fs(b)1808 5272 y Fn(1)1880 5257 y Fu(and)j Fs(b)2121 -5272 y Fn(2)2160 5257 y Fu(,)g(and)145 5470 y Ft(\017)49 -b(B)s Fu([)-17 b([)q Ft(:)p Fs(b)6 b Fu(])-17 b(])33 -b(=)g Ft(:B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 -b(for)f(all)f Fs(b)6 b Fu(.)2096 b Fh(2)p eop -%%Page: 178 188 -178 187 bop 251 130 a Fw(178)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283 -419 V 283 2136 4 1717 v 715 528 a Fu([ass)867 543 y Fn(p)912 -528 y Fu(])201 b Ft(f)32 b Fs(P)10 b Fu([)p Fs(x)i Ft(7!A)p -Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(]])33 b Ft(g)f Fs(x)45 -b Fu(:=)32 b Fs(a)40 b Ft(f)32 b Fs(P)43 b Ft(g)715 696 -y Fu([skip)913 711 y Fn(p)957 696 y Fu(])156 b Ft(f)32 -b Fs(P)43 b Ft(g)33 b Fr(skip)g Ft(f)g Fs(P)42 b Ft(g)715 -988 y Fu([comp)970 1003 y Fn(p)1013 988 y Fu(])1150 901 -y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)1491 916 y Fn(1)1562 -901 y Ft(f)g Fs(Q)41 b Ft(g)p Fu(,)98 b Ft(f)32 b Fs(Q)42 -b Ft(g)32 b Fs(S)2284 916 y Fn(2)2356 901 y Ft(f)g Fs(R)37 -b Ft(g)p 1150 964 1479 4 v 1480 1069 a(f)c Fs(P)42 b -Ft(g)33 b Fs(S)1821 1084 y Fn(1)1860 1069 y Fu(;)g Fs(S)1987 -1084 y Fn(2)2058 1069 y Ft(f)g Fs(R)j Ft(g)715 1327 y -Fu([if)800 1342 y Fn(p)843 1327 y Fu(])1150 1240 y Ft(f)c(B)t -Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])34 b Ft(^)e Fs(P)43 -b Ft(g)33 b Fs(S)1817 1255 y Fn(1)1888 1240 y Ft(f)g -Fs(Q)41 b Ft(g)p Fu(,)98 b Ft(f)32 b(:)q(B)s Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 -b Fs(S)2995 1255 y Fn(2)3067 1240 y Ft(f)g Fs(Q)42 b -Ft(g)p 1150 1303 2166 4 v 1486 1408 a(f)32 b Fs(P)43 -b Ft(g)33 b Fr(if)g Fs(b)38 b Fr(then)c Fs(S)2283 1423 -y Fn(1)2354 1408 y Fr(else)g Fs(S)2659 1423 y Fn(2)2731 -1408 y Ft(f)e Fs(Q)42 b Ft(g)715 1666 y Fu([while)965 -1681 y Fn(p)1008 1666 y Fu(])1437 1579 y Ft(f)32 b(B)t -Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 -b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(P)43 b Ft(g)p 1150 -1642 1514 4 v 1150 1747 a(f)32 b Fs(P)43 b Ft(g)33 b -Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)44 b Ft(f)33 b(:B)t -Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 -b Ft(g)715 2005 y Fu([cons)926 2020 y Fn(p)971 2005 y -Fu(])1183 1918 y Ft(f)32 b Fs(P)1341 1882 y Fi(0)1397 -1918 y Ft(g)g Fs(S)45 b Ft(f)32 b Fs(Q)1745 1882 y Fi(0)1801 -1918 y Ft(g)p 1150 1981 701 4 v 1190 2086 a(f)g Fs(P)43 -b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)1958 2005 -y Fu(if)32 b Fs(P)43 b Ft(\))32 b Fs(P)2365 1968 y Fi(0)2421 -2005 y Fu(and)h Fs(Q)2695 1968 y Fi(0)2751 2005 y Ft(\))f -Fs(Q)p 3753 2136 4 1717 v 283 2139 3473 4 v 925 2300 -a Fu(T)-8 b(able)33 b(6.1:)43 b(Axiomatic)30 b(system)k(for)e(partial)e -(correctness)283 2588 y Fp(The)45 b(inference)g(system)283 -2776 y Fu(The)32 b(partial)c(correctness)33 b(assertions)e(will)d(b)s -(e)i(sp)s(eci\014ed)i(b)m(y)f(an)g(inference)g(system)g(consist-)283 -2897 y(ing)37 b(of)h(a)f(set)i(of)f(axioms)e(and)i(rules.)60 -b(The)39 b(form)m(ulae)d(of)h(the)i(inference)f(system)h(ha)m(v)m(e)g -(the)283 3017 y(form)527 3229 y Ft(f)33 b Fs(P)43 b Ft(g)32 -b Fs(S)44 b Ft(f)33 b Fs(Q)41 b Ft(g)283 3440 y Fu(where)35 -b Fs(S)45 b Fu(is)33 b(a)g(statemen)m(t)h(in)e(the)i(language)e -Fw(While)g Fu(and)h Fs(P)44 b Fu(and)33 b Fs(Q)42 b Fu(are)34 -b(predicates.)46 b(The)283 3561 y(axioms)35 b(and)h(rules)g(are)g -(summarized)f(in)g(T)-8 b(able)36 b(6.1)g(and)g(will)d(b)s(e)k -(explained)e(b)s(elo)m(w.)54 b(The)283 3681 y(inference)34 -b(system)f(sp)s(eci\014es)h(an)e Fs(axiomatic)i(semantics)40 -b Fu(for)32 b Fw(While)p Fu(.)430 3803 y(The)h(axiom)e(for)h(assignmen) -m(t)h(statemen)m(ts)g(is)527 4015 y Ft(f)g Fs(P)10 b -Fu([)p Fs(x)i Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 -b(])q(])32 b Ft(g)g Fs(x)45 b Fu(:=)32 b Fs(a)40 b Ft(f)32 -b Fs(P)43 b Ft(g)283 4227 y Fu(This)34 b(axiom)e(assumes)j(that)f(the)g -(execution)g(of)f Fs(x)46 b Fu(:=)33 b Fs(a)41 b Fu(starts)34 -b(in)f(a)h(state)g Fs(s)42 b Fu(that)33 b(satis\014es)283 -4347 y Fs(P)10 b Fu([)p Fs(x)i Ft(7!A)p Fu([)-17 b([)p -Fs(a)7 b Fu(])-17 b(])q(],)26 b(that)d(is)g(in)f(a)h(state)h -Fs(s)31 b Fu(where)25 b Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o -Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])23 -b(satis\014es)h Fs(P)10 b Fu(.)24 b(The)g(axiom)e(expresses)283 -4467 y(that)29 b(if)f(the)h(execution)h(of)f Fs(x)40 -b Fu(:=)29 b Fs(a)36 b Fu(terminates)29 b(\(whic)m(h)g(will)e(alw)m(a)m -(ys)i(b)s(e)h(the)f(case\))h(then)f(the)283 4588 y(\014nal)38 -b(state)h(will)c(satisfy)k Fs(P)10 b Fu(.)38 b(F)-8 b(rom)37 -b(the)i(earlier)d(de\014nitions)i(of)g(the)g(seman)m(tics)h(of)e -Fw(While)283 4708 y Fu(w)m(e)30 b(kno)m(w)f(that)f(the)h(\014nal)e -(state)i(will)d(b)s(e)j Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p -Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])29 -b(so)f(it)f(is)h(easy)h(to)f(see)i(that)e(the)g(axiom)283 -4829 y(is)33 b(plausible.)430 4951 y(F)-8 b(or)32 b Fr(skip)h -Fu(the)g(axiom)e(is)527 5162 y Ft(f)i Fs(P)43 b Ft(g)32 -b Fr(skip)h Ft(f)g Fs(P)43 b Ft(g)283 5374 y Fu(Th)m(us)i(if)d -Fs(P)53 b Fu(holds)42 b(b)s(efore)h Fr(skip)h Fu(is)f(executed)i(then)e -(it)f(also)g(holds)h(afterw)m(ards.)75 b(This)43 b(is)283 -5494 y(clearly)32 b(plausible)f(as)i Fr(skip)g Fu(do)s(es)g(nothing.)p -eop -%%Page: 179 189 -179 188 bop 0 130 a Fw(6.2)112 b(P)m(artial)36 b(correctness)h -(assertions)1619 b(179)p 0 193 3473 4 v 146 515 a Fu(Axioms)28 -b([ass)647 530 y Fn(p)692 515 y Fu(])h(and)g([skip)1132 -530 y Fn(p)1175 515 y Fu(])g(are)g(really)f Fs(axiom)j(schemes)36 -b Fu(generating)28 b(separate)i(axioms)0 636 y(for)g(eac)m(h)g(c)m -(hoice)h(of)e(predicate)i Fs(P)10 b Fu(.)30 b(The)h(meaning)e(of)g(the) -i(remaining)d(constructs)j(are)f(giv)m(en)0 756 y(b)m(y)39 -b(rules)f(of)f(inference)i(rather)f(than)g(axiom)e(sc)m(hemes.)62 -b(Eac)m(h)38 b(suc)m(h)i(rule)d(sp)s(eci\014es)i(a)f(w)m(a)m(y)0 -877 y(of)i(deducing)g(an)g(assertion)h(ab)s(out)e(a)h(comp)s(ound)g -(construct)i(from)c(assertions)j(ab)s(out)f(its)0 997 -y(constituen)m(ts.)45 b(F)-8 b(or)31 b(comp)s(osition)g(the)i(rule)f -(is:)254 1175 y Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)594 1190 -y Fn(1)666 1175 y Ft(f)g Fs(Q)42 b Ft(g)p Fu(,)98 b Ft(f)32 -b Fs(Q)42 b Ft(g)32 b Fs(S)1388 1190 y Fn(2)1460 1175 -y Ft(f)g Fs(R)37 b Ft(g)p 254 1238 1479 4 v 584 1343 -a(f)32 b Fs(P)43 b Ft(g)32 b Fs(S)924 1358 y Fn(1)964 -1343 y Fu(;)g Fs(S)1090 1358 y Fn(2)1162 1343 y Ft(f)g -Fs(R)37 b Ft(g)0 1520 y Fu(This)42 b(sa)m(ys)h(that)e(if)g -Fs(P)52 b Fu(holds)41 b(prior)f(to)i(the)g(execution)g(of)f -Fs(S)2334 1535 y Fn(1)2373 1520 y Fu(;)47 b Fs(S)2514 -1535 y Fn(2)2594 1520 y Fu(and)42 b(if)f(the)h(execution)0 -1641 y(terminates)i(then)g(w)m(e)i(can)e(conclude)h(that)f -Fs(R)k Fu(holds)c(in)g(the)h(\014nal)e(state)i(pro)m(vided)g(that)0 -1761 y(there)33 b(is)f(a)h(predicate)f Fs(Q)42 b Fu(for)32 -b(whic)m(h)h(w)m(e)h(can)f(deduce)h(that)145 1957 y Ft(\017)49 -b Fu(if)28 b Fs(S)397 1972 y Fn(1)466 1957 y Fu(is)h(executed)j(from)c -(a)h(state)h(where)h Fs(P)40 b Fu(holds)29 b(and)h(if)e(it)h -(terminates)g(then)h Fs(Q)39 b Fu(will)244 2077 y(hold)32 -b(for)g(the)h(\014nal)e(state,)j(and)e(that)145 2278 -y Ft(\017)49 b Fu(if)28 b Fs(S)397 2293 y Fn(2)466 2278 -y Fu(is)h(executed)j(from)d(a)g(state)h(where)h Fs(Q)39 -b Fu(holds)29 b(and)h(if)e(it)h(terminates)g(then)h Fs(R)k -Fu(will)244 2398 y(hold)e(for)g(the)h(\014nal)e(state.)0 -2594 y(The)j(rule)e(for)g(the)h(conditional)d(is)254 -2752 y Ft(f)i(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 -b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)920 2767 y Fn(1)992 -2752 y Ft(f)h Fs(Q)41 b Ft(g)p Fu(,)98 b Ft(f)32 b(:B)t -Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 -b Ft(g)33 b Fs(S)2099 2767 y Fn(2)2170 2752 y Ft(f)g -Fs(Q)41 b Ft(g)p 254 2815 2166 4 v 590 2920 a(f)32 b -Fs(P)43 b Ft(g)32 b Fr(if)h Fs(b)39 b Fr(then)33 b Fs(S)1386 -2935 y Fn(1)1458 2920 y Fr(else)h Fs(S)1763 2935 y Fn(2)1835 -2920 y Ft(f)e Fs(Q)42 b Ft(g)0 3098 y Fu(The)30 b(rule)e(sa)m(ys)i -(that)f(if)f Fr(if)h Fs(b)34 b Fr(then)c Fs(S)1396 3113 -y Fn(1)1464 3098 y Fr(else)g Fs(S)1765 3113 y Fn(2)1833 -3098 y Fu(is)e(executed)j(from)d(a)g(state)i(where)g -Fs(P)39 b Fu(holds)0 3218 y(and)44 b(if)e(it)h(terminates,)j(then)f -Fs(Q)52 b Fu(will)42 b(hold)h(for)g(the)h(\014nal)f(state)i(pro)m -(vided)f(that)f(w)m(e)i(can)0 3339 y(deduce)34 b(that)145 -3534 y Ft(\017)49 b Fu(if)32 b Fs(S)401 3549 y Fn(1)474 -3534 y Fu(is)i(executed)h(from)e(a)g(state)h(where)h -Fs(P)44 b Fu(and)34 b Fs(b)40 b Fu(hold)33 b(and)h(if)e(it)h -(terminates)g(then)244 3655 y Fs(Q)42 b Fu(holds)32 b(on)g(the)h -(\014nal)f(state,)h(and)g(that)145 3856 y Ft(\017)49 -b Fu(if)28 b Fs(S)397 3871 y Fn(2)466 3856 y Fu(is)h(executed)j(from)c -(a)h(state)h(where)h Fs(P)40 b Fu(and)30 b Ft(:)p Fs(b)36 -b Fu(hold)28 b(and)i(if)e(it)h(terminates)g(then)244 -3976 y Fs(Q)42 b Fu(holds)32 b(on)g(the)h(\014nal)f(state.)0 -4172 y(The)i(rule)e(for)g(the)h(iterativ)m(e)e(statemen)m(t)j(is)557 -4330 y Ft(f)e(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 -b Ft(^)g Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(P)43 -b Ft(g)p 254 4393 1514 4 v 254 4498 a(f)32 b Fs(P)43 -b Ft(g)32 b Fr(while)i Fs(b)39 b Fr(do)33 b Fs(S)44 b -Ft(f)32 b(:)q(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 -b Ft(^)g Fs(P)43 b Ft(g)0 4676 y Fu(The)36 b(predicate)g -Fs(P)46 b Fu(is)35 b(called)f(an)h Fs(invariant)44 b -Fu(for)35 b(the)h Fr(while)p Fu(-lo)s(op)f(and)h(the)f(idea)g(is)g -(that)g(it)0 4796 y(will)29 b(hold)h Fs(b)-5 b(efor)g(e)37 -b Fu(and)31 b Fs(after)42 b Fu(eac)m(h)31 b(execution)h(of)e(the)h(b)s -(o)s(dy)g Fs(S)43 b Fu(of)30 b(the)h(lo)s(op.)42 b(The)32 -b(rule)e(sa)m(ys)0 4916 y(that)f(if)f(additionally)e -Fs(b)35 b Fu(is)28 b(true)i(b)s(efore)f(eac)m(h)h(execution)g(of)e(the) -i(b)s(o)s(dy)f(of)f(the)i(lo)s(op)d(then)j Ft(:)q Fs(b)0 -5037 y Fu(will)g(b)s(e)j(true)g(when)h(the)f(execution)g(of)f(the)h -Fr(while)p Fu(-lo)s(op)f(has)h(terminated.)146 5157 y(T)-8 -b(o)33 b(complete)f(the)h(inference)g(system)h(w)m(e)f(need)h(one)f -(more)e(rule)i(of)f(inference)286 5335 y Ft(f)h Fs(P)445 -5299 y Fi(0)501 5335 y Ft(g)f Fs(S)45 b Ft(f)32 b Fs(Q)849 -5299 y Fi(0)905 5335 y Ft(g)p 254 5398 701 4 v 293 5503 -a(f)h Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b Fs(Q)41 -b Ft(g)1062 5421 y Fu(if)32 b Fs(P)42 b Ft(\))33 b Fs(P)1469 -5385 y Fi(0)1525 5421 y Fu(and)f Fs(Q)1798 5385 y Fi(0)1854 -5421 y Ft(\))h Fs(Q)p eop -%%Page: 180 190 -180 189 bop 251 130 a Fw(180)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283 -515 a Fu(This)38 b(rule)e(sa)m(ys)i(that)f(w)m(e)h(can)f(strengthen)h -(the)g(precondition)d Fs(P)2771 479 y Fi(0)2832 515 y -Fu(and)i(w)m(eak)m(en)i(the)e(p)s(ost-)283 636 y(condition)32 -b Fs(Q)796 600 y Fi(0)819 636 y Fu(.)43 b(This)33 b(rule)f(is)g(often)h -(called)e(the)i Fs(rule)i(of)g(c)-5 b(onse)g(quenc)g(e)p -Fu(.)430 756 y(Note)25 b(that)f(T)-8 b(able)24 b(6.1)g(sp)s(eci\014es)i -(a)e(set)i(of)e(axioms)f(and)i(rules)g(just)g(as)f(the)i(tables)e -(de\014ning)283 877 y(the)k(op)s(erational)c(seman)m(tics)j(in)f -(Chapter)i(2.)41 b(The)28 b(analogue)e(of)g(a)h(deriv)-5 -b(ation)25 b(tree)j(will)c(no)m(w)283 997 y(b)s(e)i(called)e(an)h -Fs(infer)-5 b(enc)g(e)27 b(tr)-5 b(e)g(e)33 b Fu(since)25 -b(it)f(sho)m(ws)j(ho)m(w)f(to)f(infer)f(that)h(a)g(certain)g(prop)s -(ert)m(y)h(holds.)283 1117 y(Th)m(us)39 b(the)f(lea)m(v)m(es)g(of)f(an) -h(inference)f(tree)h(will)d(b)s(e)j(instances)g(of)f(axioms)f(and)h -(the)h(in)m(ternal)283 1238 y(no)s(des)h(will)d(corresp)s(ond)j(to)e -(instances)i(of)f(rules.)60 b(W)-8 b(e)38 b(shall)f(sa)m(y)h(that)g -(the)h(inference)f(tree)283 1358 y(giv)m(es)33 b(a)g -Fs(pr)-5 b(o)g(of)53 b Fu(of)32 b(the)h(prop)s(ert)m(y)g(expressed)j(b) -m(y)d(its)f(ro)s(ot.)43 b(W)-8 b(e)33 b(shall)e(write)527 -1560 y Ft(`)588 1575 y Fn(p)664 1560 y Ft(f)h Fs(P)43 -b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)283 1762 -y Fu(for)g(the)h(pro)m(v)-5 b(abilit)m(y)40 b(of)i(the)g(assertion)h -Ft(f)f Fs(P)52 b Ft(g)42 b Fs(S)54 b Ft(f)42 b Fs(Q)51 -b Ft(g)p Fu(.)72 b(An)43 b(inference)g(tree)f(is)g(called)283 -1882 y Fs(simple)35 b Fu(if)27 b(it)h(is)f(an)i(instance)f(of)g(one)h -(of)e(the)i(axioms)e(and)i(otherwise)g(it)e(is)h(called)f -Fs(c)-5 b(omp)g(osite)p Fu(.)283 2109 y Fw(Example)37 -b(6.8)49 b Fu(Consider)29 b(the)f(statemen)m(t)h Fr(while)h(true)f(do)f -(skip)p Fu(.)44 b(F)-8 b(rom)26 b([skip)3325 2124 y Fn(p)3369 -2109 y Fu(])i(w)m(e)i(ha)m(v)m(e)283 2229 y(\(omitting)g(the)j -Ft(B)s Fu([)-17 b([)q Ft(\001)17 b(\001)g(\001)n Fu(])-17 -b(])q(\))527 2431 y Ft(`)588 2446 y Fn(p)664 2431 y Ft(f)32 -b Fr(true)i Ft(g)e Fr(skip)i Ft(f)e Fr(true)i Ft(g)283 -2633 y Fu(Since)c(\()p Fr(true)g Ft(^)f Fr(true)p Fu(\))h -Ft(\))f Fr(true)h Fu(w)m(e)g(can)g(apply)e(the)i(rule)e(of)h -(consequence)j([cons)3339 2648 y Fn(p)3383 2633 y Fu(])e(and)f(get)527 -2835 y Ft(`)588 2850 y Fn(p)664 2835 y Ft(f)j Fr(true)i -Ft(^)f Fr(true)h Ft(g)e Fr(skip)h Ft(f)g Fr(true)g Ft(g)283 -3037 y Fu(Hence)h(b)m(y)g(the)f(rule)f([while)1322 3052 -y Fn(p)1365 3037 y Fu(])g(w)m(e)i(get)527 3240 y Ft(`)588 -3255 y Fn(p)664 3240 y Ft(f)e Fr(true)i Ft(g)e Fr(while)i(true)g(do)f -(skip)g Ft(f)g(:)p Fr(true)h Ft(^)f Fr(true)g Ft(g)283 -3442 y Fu(W)-8 b(e)33 b(ha)m(v)m(e)h(that)f Ft(:)p Fr(true)h -Ft(^)f Fr(true)g Ft(\))f Fr(true)i Fu(so)f(b)m(y)g(applying)f([cons) -2763 3457 y Fn(p)2807 3442 y Fu(])g(once)i(more)d(w)m(e)j(get)527 -3644 y Ft(`)588 3659 y Fn(p)664 3644 y Ft(f)e Fr(true)i -Ft(g)e Fr(while)i(true)g(do)f(skip)g Ft(f)g Fr(true)g -Ft(g)283 3846 y Fu(The)h(inference)f(ab)s(o)m(v)m(e)h(can)e(b)s(e)h -(summarized)f(b)m(y)h(the)g(follo)m(wing)d(inference)j(tree:)1109 -4039 y Ft(f)g Fr(true)g Ft(g)g Fr(skip)g Ft(f)g Fr(true)g -Ft(g)p 527 4126 2174 4 v 941 4331 a(f)f Fr(true)i Ft(^)f -Fr(true)h Ft(g)e Fr(skip)h Ft(f)g Fr(true)g Ft(g)p 527 -4417 V 577 4622 a(f)f Fr(true)i Ft(g)e Fr(while)i(true)g(do)f(skip)g -Ft(f)g(:)p Fr(true)h Ft(^)f Fr(true)g Ft(g)p 527 4709 -V 779 4913 a(f)f Fr(true)i Ft(g)e Fr(while)i(true)f(do)g(skip)h -Ft(f)e Fr(true)i Ft(g)283 5114 y Fu(It)44 b(is)e(no)m(w)i(easy)g(to)e -(see)j(that)d(w)m(e)i(cannot)g(claim)c(that)j Ft(f)g -Fs(P)53 b Ft(g)43 b Fs(S)55 b Ft(f)42 b Fs(Q)52 b Ft(g)43 -b Fu(means)g(that)g Fs(S)283 5234 y Fu(will)38 b(terminate)g(in)h(a)g -(state)h(satisfying)f Fs(Q)48 b Fu(when)41 b(it)e(is)g(started)h(in)f -(a)g(state)h(satisfying)e Fs(P)10 b Fu(.)283 5355 y(F)-8 -b(or)28 b(the)g(assertion)h Ft(f)j Fr(true)i Ft(g)e Fr(while)i(true)f -(do)g(skip)h Ft(f)e Fr(true)i Ft(g)28 b Fu(this)g(reading)f(w)m(ould)h -(mean)283 5475 y(that)33 b(the)g(program)e(w)m(ould)i(alw)m(a)m(ys)g -(terminate)e(and)i(clearly)e(this)i(is)f(not)g(the)h(case.)256 -b Fh(2)p eop -%%Page: 181 191 -181 190 bop 0 130 a Fw(6.2)112 b(P)m(artial)36 b(correctness)h -(assertions)1619 b(181)p 0 193 3473 4 v 0 515 a(Example)37 -b(6.9)48 b Fu(T)-8 b(o)32 b(illustrate)e(the)i(use)h(of)e(the)i -(axiomatic)c(seman)m(tics)j(for)f(v)m(eri\014cation)g(w)m(e)0 -636 y(shall)g(pro)m(v)m(e)j(the)f(assertion)244 850 y -Ft(f)f Fr(x)h Fu(=)f Fr(n)h Ft(g)244 1017 y Fr(y)g Fu(:=)f -Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p -Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p -Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g Fr(x)p Ft(\000)p -Fr(1)p Fu(\))244 1185 y Ft(f)f Fr(y)h Fu(=)f Fr(n)p Fu(!)44 -b Ft(^)33 b Fr(n)g Fo(>)f Fr(0)h Ft(g)0 1399 y Fu(where,)h(for)e(the)h -(sak)m(e)h(of)e(readabilit)m(y)-8 b(,)31 b(w)m(e)i(write)g -Fr(y)f Fu(=)h Fr(n)p Fu(!)43 b Ft(^)33 b Fr(n)g Fo(>)g -Fr(0)f Fu(for)g(the)h(predicate)244 1613 y Fs(P)43 b -Fu(where)34 b Fs(P)42 b(s)f Fu(=)32 b(\()p Fs(s)41 b -Fr(y)33 b Fu(=)f(\()p Fs(s)41 b Fr(n)p Fu(\)!)i Ft(^)33 -b Fs(s)41 b Fr(n)33 b Fo(>)f Fw(0)p Fu(\))0 1827 y(The)f(inference)g -(of)f(this)g(assertion)g(pro)s(ceeds)h(in)f(a)g(n)m(um)m(b)s(er)h(of)e -(stages.)44 b(First)29 b(w)m(e)i(de\014ne)h(the)0 1948 -y(predicate)h Fs(INV)51 b Fu(that)32 b(is)g(going)f(to)i(b)s(e)f(the)h -(in)m(v)-5 b(arian)m(t)32 b(of)g(the)h Fr(while)p Fu(-lo)s(op:)244 -2162 y Fs(INV)51 b(s)41 b Fu(=)32 b(\()p Fs(s)41 b Fr(x)32 -b Fo(>)h Fw(0)f Fu(implies)e(\(\()p Fs(s)41 b Fr(y)p -Fu(\))33 b Fo(?)f Fu(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(=)32 -b(\()p Fs(s)41 b Fr(n)p Fu(\)!)j(and)32 b Fs(s)41 b Fr(n)33 -b Ft(\025)g Fs(s)40 b Fr(x)p Fu(\)\))0 2376 y(W)-8 b(e)33 -b(shall)e(then)i(consider)g(the)g(b)s(o)s(dy)g(of)f(the)h(lo)s(op.)42 -b(Using)32 b([ass)2370 2391 y Fn(p)2414 2376 y Fu(])h(w)m(e)h(get)244 -2590 y Ft(`)305 2605 y Fn(p)381 2590 y Ft(f)e Fs(INV)19 -b Fu([)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(])33 -b Ft(g)g Fr(x)f Fu(:=)h Fr(x)p Ft(\000)p Fr(1)g Ft(f)g -Fs(INV)51 b Ft(g)0 2804 y Fu(Similarly)-8 b(,)29 b(w)m(e)k(get)244 -3018 y Ft(`)305 3033 y Fn(p)381 3018 y Ft(f)f Fu(\()p -Fs(INV)19 b Fu([)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p -Fu(]\)[)p Fr(y)p Ft(7!)q Fr(y)p Fo(?)p Fr(x)p Fu(])32 -b Ft(g)h Fr(y)g Fu(:=)f Fr(y)h Fo(?)f Fr(x)h Ft(f)f Fs(INV)19 -b Fu([)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(])34 -b Ft(g)0 3232 y Fu(W)-8 b(e)33 b(can)g(no)m(w)g(apply)f(the)h(rule)f -([comp)1436 3247 y Fn(p)1479 3232 y Fu(])h(to)f(the)h(t)m(w)m(o)h -(assertions)f(ab)s(o)m(v)m(e)g(and)g(get)244 3446 y Ft(`)305 -3461 y Fn(p)381 3446 y Ft(f)f Fu(\()p Fs(INV)19 b Fu([)p -Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p -Ft(7!)q Fr(y)p Fo(?)p Fr(x)p Fu(])32 b Ft(g)h Fr(y)g -Fu(:=)f Fr(y)h Fo(?)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p -Ft(\000)p Fr(1)i Ft(f)e Fs(INV)51 b Ft(g)0 3661 y Fu(It)33 -b(is)f(easy)h(to)g(v)m(erify)g(that)244 3875 y(\()p Ft(:)p -Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Ft(^)g Fs(INV)19 -b Fu(\))32 b Ft(\))g Fu(\()p Fs(INV)19 b Fu([)p Fr(x)p -Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p Ft(7!)q -Fr(y)p Fo(?)p Fr(x)p Fu(])0 4089 y(so)33 b(using)f(the)h(rule)f([cons) -949 4104 y Fn(p)993 4089 y Fu(])h(w)m(e)h(get)244 4303 -y Ft(`)305 4318 y Fn(p)381 4303 y Ft(f)e(:)p Fu(\()p -Fr(x)h Fu(=)f Fr(1)p Fu(\))h Ft(^)g Fs(INV)51 b Ft(g)33 -b Fr(y)f Fu(:=)h Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f -Fr(x)p Ft(\000)p Fr(1)i Ft(f)e Fs(INV)51 b Ft(g)0 4517 -y Fu(W)-8 b(e)33 b(are)g(no)m(w)g(in)f(a)g(p)s(osition)f(to)h(use)h -(the)g(rule)g([while)2002 4532 y Fn(p)2044 4517 y Fu(])g(and)f(get)244 -4731 y Ft(`)305 4746 y Fn(p)381 4731 y Ft(f)g Fs(INV)51 -b Ft(g)381 4899 y Fr(while)33 b Ft(:)q Fu(\()p Fr(x)p -Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p Fr(y)f Fu(:=)h -Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p -Fr(1)p Fu(\))381 5066 y Ft(f:)p Fu(\()p Ft(:)p Fu(\()p -Fr(x)h Fu(=)f Fr(1)p Fu(\)\))h Ft(^)g Fs(INV)51 b Ft(g)0 -5280 y Fu(Clearly)32 b(w)m(e)h(ha)m(v)m(e)244 5494 y -Ft(:)p Fu(\()p Ft(:)q Fu(\()p Fr(x)f Fu(=)h Fr(1)p Fu(\)\))f -Ft(^)h Fs(INV)51 b Ft(\))33 b Fr(y)f Fu(=)h Fr(n)p Fu(!)44 -b Ft(^)32 b Fr(n)h Fo(>)g Fr(0)p eop -%%Page: 182 192 -182 191 bop 251 130 a Fw(182)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283 -515 a Fu(so)33 b(applying)f(rule)g([cons)1208 530 y Fn(p)1252 -515 y Fu(])h(w)m(e)g(get)552 683 y Ft(`)613 698 y Fn(p)689 -683 y Ft(f)f Fs(INV)51 b Ft(g)33 b Fr(while)h Ft(:)p -Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p -Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f -Fr(x)p Ft(\000)p Fr(1)p Fu(\))i Ft(f)e Fr(y)h Fu(=)f -Fr(n)p Fu(!)44 b Ft(^)33 b Fr(n)g Fo(>)f Fr(0)h Ft(g)283 -851 y Fu(W)-8 b(e)33 b(shall)f(no)m(w)h(apply)f(the)h(axiom)e([ass)1761 -866 y Fn(p)1805 851 y Fu(])i(to)f(the)h(statemen)m(t)g -Fr(y)g Fu(:=)f Fr(1)h Fu(and)g(get)527 1054 y Ft(`)588 -1069 y Fn(p)664 1054 y Ft(f)f Fs(INV)19 b Fu([)p Fr(y)p -Ft(7!)p Fr(1)p Fu(])33 b Ft(g)f Fr(y)h Fu(:=)g Fr(1)f -Ft(f)h Fs(INV)51 b Ft(g)283 1258 y Fu(Using)33 b(that)527 -1462 y Fr(x)g Fu(=)g Fr(n)f Ft(\))g Fs(INV)19 b Fu([)p -Fr(y)p Ft(7!)p Fr(1)p Fu(])283 1666 y(together)33 b(with)f([cons)1101 -1681 y Fn(p)1146 1666 y Fu(])g(w)m(e)i(get)527 1870 y -Ft(`)588 1885 y Fn(p)664 1870 y Ft(f)e Fr(x)h Fu(=)g -Fr(n)f Ft(g)h Fr(y)f Fu(:=)h Fr(1)g Ft(f)f Fs(INV)51 -b Ft(g)283 2074 y Fu(Finally)-8 b(,)30 b(w)m(e)k(can)f(use)g(the)g -(rule)f([comp)1743 2089 y Fn(p)1787 2074 y Fu(])g(and)h(get)527 -2278 y Ft(`)588 2293 y Fn(p)664 2278 y Ft(f)f Fr(x)h -Fu(=)g Fr(n)f Ft(g)664 2445 y Fr(y)h Fu(:=)f Fr(1)p Fu(;)h -Fr(while)h Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))e -Fr(do)h Fu(\()p Fr(y)g Fu(:=)g Fr(y)p Fo(?)p Fr(x)p Fu(;)f -Fr(x)h Fu(:=)g Fr(x)p Ft(\000)p Fr(1)p Fu(\))664 2613 -y Ft(f)f Fr(y)h Fu(=)g Fr(n)p Fu(!)43 b Ft(^)33 b Fr(n)g -Fo(>)f Fr(0)h Ft(g)283 2817 y Fu(as)g(required.)2902 -b Fh(2)283 3046 y Fw(Exercise)37 b(6.10)49 b Fu(Sp)s(ecify)42 -b(a)f(form)m(ula)f(expressing)k(the)e(partial)e(correctness)k(prop)s -(ert)m(y)e(of)283 3166 y(the)g(program)f(of)g(Exercise)h(6.1.)70 -b(Construct)43 b(an)e(inference)h(tree)g(giving)e(a)i(pro)s(of)e(of)h -(this)283 3287 y(prop)s(ert)m(y)34 b(using)e(the)h(inference)g(system)h -(of)e(T)-8 b(able)32 b(6.1.)1312 b Fh(2)283 3516 y Fw(Exercise)37 -b(6.11)49 b Fu(Suggest)e(an)f(inference)h(rule)f(for)g -Fr(repeat)i Fs(S)58 b Fr(until)48 b Fs(b)6 b Fu(.)85 -b(Y)-8 b(ou)47 b(are)f(not)283 3636 y(allo)m(w)m(ed)32 -b(to)h(rely)f(on)g(the)h(existence)i(of)d(a)g Fr(while)p -Fu(-construct)i(in)e(the)h(language.)427 b Fh(2)283 3865 -y Fw(Exercise)37 b(6.12)49 b Fu(Suggest)31 b(an)f(inference)g(rule)g -(for)g Fr(for)h Fs(x)42 b Fu(:=)30 b Fs(a)2671 3880 y -Fn(1)2741 3865 y Fr(to)g Fs(a)2930 3880 y Fn(2)3000 3865 -y Fr(do)h Fs(S)12 b Fu(.)30 b(Y)-8 b(ou)30 b(are)g(not)283 -3985 y(allo)m(w)m(ed)i(to)h(rely)f(on)g(the)h(existence)i(of)d(a)g -Fr(while)p Fu(-construct)i(in)e(the)h(language.)427 b -Fh(2)283 4275 y Fp(Prop)t(erties)46 b(of)f(the)h(seman)l(tics)283 -4460 y Fu(In)27 b(the)f(op)s(erational)d(and)j(denotational)e(seman)m -(tics)i(w)m(e)h(de\014ned)g(a)e(notion)g(of)g(t)m(w)m(o)i(programs)283 -4580 y(b)s(eing)39 b(seman)m(tically)e(equiv)-5 b(alen)m(t.)63 -b(W)-8 b(e)39 b(can)h(de\014ne)g(a)f(similar)c(notion)j(for)h(the)g -(axiomatic)283 4700 y(seman)m(tics:)74 b(Tw)m(o)48 b(programs)f -Fs(S)1539 4715 y Fn(1)1625 4700 y Fu(and)h Fs(S)1897 -4715 y Fn(2)1984 4700 y Fu(are)f Fs(pr)-5 b(ovably)48 -b(e)-5 b(quivalent)56 b Fu(according)47 b(to)g(the)283 -4821 y(axiomatic)35 b(seman)m(tics)h(of)g(T)-8 b(able)37 -b(6.1)f(if)f(for)h(all)f(preconditions)h Fs(P)47 b Fu(and)36 -b(p)s(ostconditions)g Fs(Q)283 4941 y Fu(w)m(e)e(ha)m(v)m(e)527 -5145 y Ft(`)588 5160 y Fn(p)664 5145 y Ft(f)e Fs(P)43 -b Ft(g)33 b Fs(S)1005 5160 y Fn(1)1076 5145 y Ft(f)g -Fs(Q)41 b Ft(g)98 b Fu(if)31 b(and)i(only)f(if)96 b Ft(`)2131 -5160 y Fn(p)2207 5145 y Ft(f)32 b Fs(P)43 b Ft(g)33 b -Fs(S)2548 5160 y Fn(2)2619 5145 y Ft(f)g Fs(Q)41 b Ft(g)283 -5374 y Fw(Exercise)c(6.13)49 b Fu(Sho)m(w)32 b(that)e(the)i(follo)m -(wing)c(statemen)m(ts)k(of)e Fw(While)f Fu(are)i(pro)m(v)-5 -b(ably)31 b(equiv-)283 5494 y(alen)m(t)i(in)e(the)i(ab)s(o)m(v)m(e)h -(sense:)p eop -%%Page: 183 193 -183 192 bop 0 130 a Fw(6.3)112 b(Soundness)40 b(and)e(completeness)1647 -b(183)p 0 193 3473 4 v 145 515 a Ft(\017)49 b Fs(S)12 -b Fu(;)32 b Fr(skip)i Fu(and)f Fs(S)145 718 y Ft(\017)49 -b Fs(S)311 733 y Fn(1)350 718 y Fu(;)33 b(\()p Fs(S)515 -733 y Fn(2)554 718 y Fu(;)g Fs(S)681 733 y Fn(3)720 718 -y Fu(\))f(and)h(\()p Fs(S)1085 733 y Fn(1)1124 718 y -Fu(;)g Fs(S)1251 733 y Fn(2)1290 718 y Fu(\);)g Fs(S)1455 -733 y Fn(3)3398 718 y Fh(2)146 944 y Fu(Pro)s(ofs)c(of)f(prop)s(erties) -h(of)f(the)h(axiomatic)d(seman)m(tics)j(will)d(often)j(pro)s(ceed)g(b)m -(y)h Fs(induction)0 1064 y(on)k(the)h(shap)-5 b(e)34 -b(of)h(the)g(infer)-5 b(enc)g(e)34 b(tr)-5 b(e)g(e)p -Fu(:)p 0 1213 3470 4 v 0 1230 V -2 1438 4 208 v 15 1438 -V 716 1359 a Fw(Induction)32 b(on)h(the)f(Shap)s(e)i(of)f(Inference)g -(T)-9 b(rees)p 3452 1438 V 3469 1438 V 0 1441 3470 4 -v -2 1810 4 370 v 15 1810 V 66 1606 a Fu(1:)143 b(Pro)m(v)m(e)29 -b(that)e(the)h(prop)s(ert)m(y)g(holds)f(for)f(all)f(the)j(simple)e -(inference)i(trees)g(b)m(y)g(sho)m(wing)285 1727 y(that)33 -b(it)e(holds)h(for)g(the)h Fs(axioms)40 b Fu(of)32 b(the)h(inference)g -(system.)p 3452 1810 V 3469 1810 V -2 2339 4 529 v 15 -2339 V 66 1894 a(2:)143 b(Pro)m(v)m(e)36 b(that)f(the)g(prop)s(ert)m(y) -g(holds)g(for)f(all)e(comp)s(osite)i(inference)h(trees:)49 -b(F)-8 b(or)33 b(eac)m(h)285 2015 y Fs(rule)51 b Fu(assume)43 -b(that)g(the)h(prop)s(ert)m(y)f(holds)g(for)f(its)h(premises)g(\(this)g -(is)f(called)g(the)285 2135 y Fs(induction)33 b(hyp)-5 -b(othesis)p Fu(\))30 b(and)h(that)g(the)g(conditions)f(of)g(the)i(rule) -e(are)h(satis\014ed)g(and)285 2255 y(then)i(pro)m(v)m(e)h(that)f(it)e -(also)h(holds)g(for)g(the)h(conclusion)f(of)g(the)h(rule.)p -3452 2339 V 3469 2339 V 0 2342 3470 4 v 0 2359 V 0 2547 -a Fw(Exercise)j(6.14)49 b Fu(**)26 b(Using)g(the)h(inference)f(rule)g -(for)g Fr(repeat)i Fs(S)38 b Fr(until)27 b Fs(b)32 b -Fu(giv)m(en)27 b(in)e(Exercise)0 2667 y(6.11)f(sho)m(w)j(that)d -Fr(repeat)j Fs(S)37 b Fr(until)26 b Fs(b)31 b Fu(is)24 -b(pro)m(v)-5 b(ably)25 b(equiv)-5 b(alen)m(t)25 b(to)g -Fs(S)12 b Fu(;)25 b Fr(while)h Ft(:)p Fs(b)31 b Fr(do)26 -b Fs(S)12 b Fu(.)25 b(Hin)m(t:)0 2788 y(it)34 b(is)h(not)h(to)s(o)e -(hard)i(to)f(sho)m(w)h(that)g(what)f(is)g(pro)m(v)-5 -b(able)35 b(ab)s(out)g Fr(repeat)i Fs(S)47 b Fr(until)37 -b Fs(b)k Fu(is)35 b(also)0 2908 y(pro)m(v)-5 b(able)32 -b(ab)s(out)g Fs(S)12 b Fu(;)33 b Fr(while)h Ft(:)p Fs(b)k -Fr(do)c Fs(S)12 b Fu(.)1934 b Fh(2)0 3134 y Fw(Exercise)36 -b(6.15)49 b Fu(Sho)m(w)28 b(that)e Ft(`)1209 3149 y Fn(p)1279 -3134 y Ft(f)g Fs(P)37 b Ft(g)26 b Fs(S)38 b Ft(f)27 b -Fr(true)g Ft(g)g Fu(for)f(all)e(statemen)m(ts)k Fs(S)38 -b Fu(and)26 b(prop)s(erties)0 3254 y Fs(P)10 b Fu(.)3295 -b Fh(2)0 3586 y Fj(6.3)161 b(Soundness)50 b(and)k(completeness)0 -3806 y Fu(W)-8 b(e)37 b(shall)d(no)m(w)j(address)h(the)f(relationship)d -(b)s(et)m(w)m(een)k(the)f(inference)g(system)g(of)f(T)-8 -b(able)36 b(6.1)0 3926 y(and)28 b(the)g(op)s(erational)d(and)j -(denotational)e(seman)m(tics)i(of)f(the)h(previous)g(c)m(hapters.)44 -b(W)-8 b(e)28 b(shall)0 4046 y(pro)m(v)m(e)34 b(that)145 -4248 y Ft(\017)49 b Fu(the)40 b(inference)h(system)f(is)g -Fs(sound)p Fu(:)57 b(if)39 b(some)h(partial)d(correctness)42 -b(prop)s(ert)m(y)f(can)f(b)s(e)244 4368 y(pro)m(v)m(ed)34 -b(using)e(the)g(inference)h(system)g(then)g(it)f(do)s(es)g(indeed)h -(hold)e(according)h(to)g(the)244 4488 y(seman)m(tics,)h(and)145 -4691 y Ft(\017)49 b Fu(the)38 b(inference)h(system)g(is)e -Fs(c)-5 b(omplete)p Fu(:)54 b(if)37 b(some)g(partial)f(correctness)k -(prop)s(ert)m(y)f(do)s(es)244 4812 y(hold)27 b(according)h(to)g(the)g -(seman)m(tics)h(then)f(w)m(e)i(can)e(also)f(\014nd)i(a)f(pro)s(of)f -(for)h(it)f(using)h(the)244 4932 y(inference)33 b(system.)0 -5133 y(The)41 b(completeness)f(result)g(can)g(only)g(b)s(e)g(pro)m(v)m -(ed)h(b)s(ecause)g(w)m(e)g(use)g(the)f(extensional)g(ap-)0 -5254 y(proac)m(h)i(where)h(preconditions)e(and)h(p)s(ostconditions)f -(are)g(arbitrary)g(predicates.)71 b(In)42 b(the)0 5374 -y(in)m(tensional)30 b(approac)m(h)i(w)m(e)h(only)e(ha)m(v)m(e)i(a)f(w)m -(eak)m(er)h(result;)f(w)m(e)h(shall)d(return)j(to)e(this)g(later)g(in)0 -5494 y(this)h(section.)p eop -%%Page: 184 194 -184 193 bop 251 130 a Fw(184)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 430 -515 a Fu(As)34 b(the)f(op)s(erational)e(and)j(denotational)d(seman)m -(tics)i(are)h(equiv)-5 b(alen)m(t)33 b(w)m(e)h(only)f(need)h(to)283 -636 y(consider)f(one)g(of)f(them)g(here)h(and)g(w)m(e)g(shall)e(c)m(ho) -s(ose)j(the)f(natural)e(seman)m(tics.)44 b(The)33 b(partial)283 -756 y(correctness)i(assertion)e Ft(f)f Fs(P)43 b Ft(g)32 -b Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(is)g(said)g(to)g(b)s(e)h -Fs(valid)42 b Fu(if)32 b(and)g(only)g(if)527 981 y(for)g(all)e(states)k -Fs(s)8 b Fu(,)32 b(if)f Fs(P)43 b(s)d Fu(=)32 b Fw(tt)g -Fu(and)g Ft(h)p Fs(S)12 b Fu(,)p Fs(s)c Ft(i)32 b(!)g -Fs(s)2323 945 y Fi(0)2378 981 y Fu(for)g(some)g Fs(s)2819 -945 y Fi(0)2875 981 y Fu(then)h Fs(Q)41 b(s)3261 945 -y Fi(0)3317 981 y Fu(=)32 b Fw(tt)283 1206 y Fu(and)h(w)m(e)h(shall)d -(write)h(this)g(as)527 1431 y Ft(j)-17 b Fu(=)614 1446 -y Fn(p)690 1431 y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)44 -b Ft(f)32 b Fs(Q)42 b Ft(g)283 1656 y Fu(The)34 b(soundness)h(prop)s -(ert)m(y)e(is)f(then)h(expressed)j(b)m(y)527 1881 y Ft(`)588 -1896 y Fn(p)664 1881 y Ft(f)c Fs(P)43 b Ft(g)33 b Fs(S)44 -b Ft(f)32 b Fs(Q)42 b Ft(g)65 b Fu(implies)d Ft(j)-17 -b Fu(=)1801 1896 y Fn(p)1877 1881 y Ft(f)33 b Fs(P)43 -b Ft(g)32 b Fs(S)44 b Ft(f)33 b Fs(Q)41 b Ft(g)283 2106 -y Fu(and)33 b(the)g(completeness)h(prop)s(ert)m(y)f(is)f(expressed)j(b) -m(y)527 2331 y Ft(j)-17 b Fu(=)614 2346 y Fn(p)690 2331 -y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 -b Ft(g)65 b Fu(implies)e Ft(`)1801 2346 y Fn(p)1877 2331 -y Ft(f)33 b Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b Fs(Q)41 -b Ft(g)283 2556 y Fu(W)-8 b(e)33 b(ha)m(v)m(e)p 283 2681 -3473 5 v 283 2881 a Fw(Theorem)38 b(6.16)49 b Fu(F)-8 -b(or)31 b(all)g(partial)f(correctness)35 b(assertions)e -Ft(f)f Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(Q)42 -b Ft(g)32 b Fu(w)m(e)i(ha)m(v)m(e)552 3049 y Ft(j)-17 -b Fu(=)639 3064 y Fn(p)715 3049 y Ft(f)32 b Fs(P)43 b -Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)65 b Fu(if)31 -b(and)i(only)f(if)64 b Ft(`)2078 3064 y Fn(p)2154 3049 -y Ft(f)32 b Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(Q)41 -b Ft(g)p 283 3169 V 283 3394 a Fu(It)33 b(is)f(customary)h(to)f(pro)m -(v)m(e)i(the)f(soundness)i(and)e(completeness)g(results)g(separately)-8 -b(.)283 3709 y Fp(Soundness)283 3903 y Fu(W)g(e)33 b(shall)f(\014rst)h -(pro)m(v)m(e:)p 283 4028 V 283 4228 a Fw(Lemma)38 b(6.17)49 -b Fu(The)29 b(inference)g(system)h(of)e(T)-8 b(able)28 -b(6.1)g(is)g(sound,)i(that)f(is)f(for)g(ev)m(ery)i(partial)283 -4348 y(correctness)35 b(form)m(ula)c Ft(f)h Fs(P)43 b -Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(w)m(e)i(ha)m(v)m -(e)552 4516 y Ft(`)613 4531 y Fn(p)689 4516 y Ft(f)e -Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)32 -b Fu(implies)e Ft(j)-17 b Fu(=)1761 4531 y Fn(p)1837 -4516 y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 -b Fs(Q)42 b Ft(g)p 283 4636 V 283 4861 a Fw(Pro)s(of:)d -Fu(The)34 b(pro)s(of)f(is)g(b)m(y)h(induction)f(on)g(the)h(shap)s(e)g -(of)g(the)f(inference)i(tree)f(used)g(to)g(infer)283 -4982 y Ft(`)344 4997 y Fn(p)420 4982 y Ft(f)f Fs(P)42 -b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)p Fu(.)47 -b(This)34 b(amoun)m(ts)f(to)h(nothing)e(but)i(a)g(formalization)29 -b(of)k(the)i(in)m(tuitions)283 5102 y(w)m(e)f(ga)m(v)m(e)g(when)f(in)m -(tro)s(ducing)f(the)h(axioms)e(and)i(rules.)283 5270 -y Fw(The)g(case)g Fu([ass)891 5285 y Fn(p)936 5270 y -Fu(]:)43 b(W)-8 b(e)33 b(shall)e(pro)m(v)m(e)j(that)f(the)g(axiom)d(is) -j(v)-5 b(alid,)30 b(so)j(supp)s(ose)h(that)527 5494 y -Ft(h)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33 b Fs(s)8 -b Ft(i)32 b(!)g Fs(s)1207 5458 y Fi(0)p eop -%%Page: 185 195 -185 194 bop 0 130 a Fw(6.3)112 b(Soundness)40 b(and)e(completeness)1647 -b(185)p 0 193 3473 4 v 0 515 a Fu(and)29 b(\()p Fs(P)10 -b Fu([)p Fs(x)i Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 -b(])q(]\))29 b Fs(s)37 b Fu(=)29 b Fw(tt)p Fu(.)41 b(W)-8 -b(e)30 b(shall)d(then)j(pro)m(v)m(e)g(that)f Fs(P)39 -b(s)2356 479 y Fi(0)2409 515 y Fu(=)28 b Fw(tt)p Fu(.)42 -b(F)-8 b(rom)27 b([ass)3074 530 y Fn(ns)3146 515 y Fu(])i(w)m(e)h(get)0 -636 y(that)d Fs(s)254 600 y Fi(0)304 636 y Fu(=)g Fs(s)8 -b Fu([)p Fs(x)k Ft(7!A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 -b(])q Fs(s)8 b Fu(])27 b(and)h(from)d(\()p Fs(P)10 b -Fu([)p Fs(x)i Ft(7!A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 -b(])q(]\))33 b Fs(s)40 b Fu(=)33 b Fw(tt)26 b Fu(w)m(e)i(get)f(that)g -Fs(P)38 b Fu(\()p Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p -Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(]\))0 -756 y(=)32 b Fw(tt)p Fu(.)43 b(Th)m(us)34 b Fs(P)43 b(s)670 -720 y Fi(0)726 756 y Fu(=)32 b Fw(tt)g Fu(as)h(w)m(as)g(to)g(b)s(e)f -(sho)m(wn.)0 924 y Fw(The)h(case)g Fu([skip)654 939 y -Fn(p)698 924 y Fu(]:)43 b(This)33 b(case)h(is)e(immediate)e(using)i -(the)h(clause)g([skip)2709 939 y Fn(ns)2780 924 y Fu(].)0 -1091 y Fw(The)g(case)g Fu([comp)711 1106 y Fn(p)754 1091 -y Fu(]:)44 b(W)-8 b(e)33 b(assume)g(that)244 1306 y Ft(j)-17 -b Fu(=)331 1321 y Fn(p)407 1306 y Ft(f)32 b Fs(P)43 b -Ft(g)32 b Fs(S)747 1321 y Fn(1)819 1306 y Ft(f)g Fs(Q)42 -b Ft(g)32 b Fu(and)h Ft(j)-17 b Fu(=)1377 1321 y Fn(p)1453 -1306 y Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fs(S)1801 1321 y -Fn(2)1873 1306 y Ft(f)g Fs(R)37 b Ft(g)0 1521 y Fu(and)d(w)m(e)g(ha)m -(v)m(e)h(to)f(pro)m(v)m(e)g(that)g Ft(j)-17 b Fu(=)1245 -1536 y Fn(p)1322 1521 y Ft(f)33 b Fs(P)44 b Ft(g)33 b -Fs(S)1665 1536 y Fn(1)1705 1521 y Fu(;)h Fs(S)1833 1536 -y Fn(2)1906 1521 y Ft(f)f Fs(R)38 b Ft(g)p Fu(.)46 b(So)34 -b(consider)f(arbitrary)g(states)i Fs(s)0 1642 y Fu(and)e -Fs(s)238 1606 y Fi(00)313 1642 y Fu(suc)m(h)h(that)e -Fs(P)43 b(s)e Fu(=)32 b Fw(tt)g Fu(and)244 1857 y Ft(h)p -Fs(S)350 1872 y Fn(1)389 1857 y Fu(;)p Fs(S)483 1872 -y Fn(2)522 1857 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)881 -1821 y Fi(00)0 2072 y Fu(F)-8 b(rom)31 b([comp)511 2087 -y Fn(ns)582 2072 y Fu(])i(w)m(e)g(get)g(that)f(there)h(is)g(a)f(state)h -Fs(s)1875 2036 y Fi(0)1931 2072 y Fu(suc)m(h)h(that)244 -2287 y Ft(h)p Fs(S)350 2302 y Fn(1)389 2287 y Fu(,)f -Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 2251 y Fi(0)869 2287 -y Fu(and)98 b Ft(h)o Fs(S)1229 2302 y Fn(2)1269 2287 -y Fu(,)32 b Fs(s)1376 2251 y Fi(0)1400 2287 y Ft(i)g(!)g -Fs(s)1651 2251 y Fi(00)0 2502 y Fu(F)-8 b(rom)37 b Ft(h)o -Fs(S)367 2517 y Fn(1)407 2502 y Fu(,)i Fs(s)8 b Ft(i)38 -b(!)g Fs(s)784 2466 y Fi(0)807 2502 y Fu(,)i Fs(P)49 -b(s)d Fu(=)38 b Fw(tt)f Fu(and)i Ft(j)-17 b Fu(=)1596 -2517 y Fn(p)1678 2502 y Ft(f)38 b Fs(P)48 b Ft(g)38 b -Fs(S)2035 2517 y Fn(1)2113 2502 y Ft(f)g Fs(Q)47 b Ft(g)38 -b Fu(w)m(e)h(get)g Fs(Q)47 b(s)2899 2466 y Fi(0)2960 -2502 y Fu(=)38 b Fw(tt)p Fu(.)60 b(F)-8 b(rom)0 2622 -y Ft(h)p Fs(S)106 2637 y Fn(2)145 2622 y Fu(,)33 b Fs(s)253 -2586 y Fi(0)276 2622 y Ft(i)f(!)g Fs(s)527 2586 y Fi(00)570 -2622 y Fu(,)g Fs(Q)41 b(s)793 2586 y Fi(0)848 2622 y -Fu(=)32 b Fw(tt)f Fu(and)h Ft(j)-17 b Fu(=)1351 2637 -y Fn(p)1427 2622 y Ft(f)31 b Fs(Q)41 b Ft(g)32 b Fs(S)1773 -2637 y Fn(2)1844 2622 y Ft(f)g Fs(R)k Ft(g)c Fu(it)f(follo)m(ws)f(that) -i Fs(R)k(s)2897 2586 y Fi(00)2971 2622 y Fu(=)c Fw(tt)f -Fu(as)h(w)m(as)0 2743 y(to)g(b)s(e)h(sho)m(wn.)0 2910 -y Fw(The)g(case)g Fu([if)541 2925 y Fn(p)583 2910 y Fu(]:)44 -b(Assume)33 b(that)244 3125 y Ft(j)-17 b Fu(=)331 3140 -y Fn(p)407 3125 y Ft(f)32 b(B)s Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)1073 -3140 y Fn(1)1145 3125 y Ft(f)g Fs(Q)42 b Ft(g)32 b Fu(and)h -Ft(j)-17 b Fu(=)1703 3140 y Fn(p)1779 3125 y Ft(f)32 -b(:)q(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g -Fs(P)43 b Ft(g)32 b Fs(S)2512 3140 y Fn(2)2584 3125 y -Ft(f)g Fs(Q)42 b Ft(g)0 3340 y Fu(T)-8 b(o)31 b(pro)m(v)m(e)h -Ft(j)-17 b Fu(=)490 3355 y Fn(p)564 3340 y Ft(f)30 b -Fs(P)41 b Ft(g)31 b Fr(if)g Fs(b)37 b Fr(then)31 b Fs(S)1349 -3355 y Fn(1)1419 3340 y Fr(else)h Fs(S)1722 3355 y Fn(2)1792 -3340 y Ft(f)f Fs(Q)39 b Ft(g)31 b Fu(consider)g(arbitrary)f(states)h -Fs(s)39 b Fu(and)31 b Fs(s)3449 3304 y Fi(0)0 3461 y -Fu(suc)m(h)j(that)e Fs(P)43 b(s)e Fu(=)32 b Fw(tt)g Fu(and)244 -3676 y Ft(h)p Fr(if)h Fs(b)38 b Fr(then)c Fs(S)806 3691 -y Fn(1)877 3676 y Fr(else)g Fs(S)1182 3691 y Fn(2)1221 -3676 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)g Fs(s)1580 3639 y -Fi(0)0 3891 y Fu(There)i(are)f(t)m(w)m(o)h(cases.)46 -b(If)33 b Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q -Fs(s)41 b Fu(=)33 b Fw(tt)f Fu(then)i(w)m(e)g(get)f(\()p -Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)h -Fs(P)10 b Fu(\))33 b Fs(s)41 b Fu(=)33 b Fw(tt)f Fu(and)h(from)f([if) -3375 3906 y Fn(ns)3445 3891 y Fu(])0 4011 y(w)m(e)i(ha)m(v)m(e)244 -4226 y Ft(h)p Fs(S)350 4241 y Fn(1)389 4226 y Fu(,)f -Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 4190 y Fi(0)0 4441 y -Fu(F)-8 b(rom)39 b(the)i(\014rst)g(assumption)f(w)m(e)i(therefore)f -(get)f Fs(Q)50 b(s)2085 4405 y Fi(0)2149 4441 y Fu(=)40 -b Fw(tt)p Fu(.)67 b(If)40 b Ft(B)t Fu([)-17 b([)p Fs(b)6 -b Fu(])-17 b(])q Fs(s)48 b Fu(=)41 b Fw(\013)f Fu(the)h(result)0 -4561 y(follo)m(ws)31 b(in)h(a)g(similar)e(w)m(a)m(y)j(from)f(the)h -(second)h(assumption.)0 4729 y Fw(The)f(case)g Fu([while)706 -4744 y Fn(p)749 4729 y Fu(]:)43 b(Assume)34 b(that)244 -4944 y Ft(j)-17 b Fu(=)331 4959 y Fn(p)407 4944 y Ft(f)32 -b(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g -Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(P)43 b Ft(g)0 -5159 y Fu(T)-8 b(o)35 b(pro)m(v)m(e)h Ft(j)-17 b Fu(=)498 -5174 y Fn(p)577 5159 y Ft(f)35 b Fs(P)45 b Ft(g)35 b -Fr(while)h Fs(b)41 b Fr(do)36 b Fs(S)46 b Ft(f)35 b(:)q(B)s -Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])35 b Ft(^)h Fs(P)45 -b Ft(g)35 b Fu(consider)g(arbitrary)f(states)i Fs(s)43 -b Fu(and)0 5279 y Fs(s)48 5243 y Fi(00)123 5279 y Fu(suc)m(h)34 -b(that)e Fs(P)43 b(s)e Fu(=)32 b Fw(tt)g Fu(and)244 5494 -y Ft(h)p Fr(while)h Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 -b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1216 5458 y Fi(00)p eop -%%Page: 186 196 -186 195 bop 251 130 a Fw(186)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283 -515 a Fu(and)28 b(w)m(e)g(shall)e(sho)m(w)j(that)e(\()p -Ft(:B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Ft(^)p -Fs(P)10 b Fu(\))28 b Fs(s)1827 479 y Fi(00)1897 515 y -Fu(=)f Fw(tt)p Fu(.)41 b(W)-8 b(e)27 b(shall)f(no)m(w)i(pro)s(ceed)g(b) -m(y)h(induction)d(on)283 636 y(the)33 b(shap)s(e)g(of)e(the)i(deriv)-5 -b(ation)30 b(tree)j(in)e(the)i(natural)d(seman)m(tics.)44 -b(One)32 b(of)g(t)m(w)m(o)h(cases)g(apply)-8 b(.)283 -756 y(If)34 b Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(])p Fs(s)41 b Fu(=)32 b Fw(\013)i Fu(then)h Fs(s)1137 -720 y Fi(00)1214 756 y Fu(=)f Fs(s)42 b Fu(according)33 -b(to)h([while)2217 720 y Fn(\013)2217 781 y(ns)2287 756 -y Fu(])g(and)h(clearly)e(\()p Ft(:B)s Fu([)-17 b([)q -Fs(b)6 b Fu(])-17 b(])35 b Ft(^)f Fs(P)10 b Fu(\))34 -b Fs(s)3482 720 y Fi(00)3559 756 y Fu(=)g Fw(tt)283 877 -y Fu(as)f(required.)44 b(Next)34 b(consider)f(the)g(case)g(where)h -Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 -b Fu(=)32 b Fw(tt)g Fu(and)527 1085 y Ft(h)p Fs(S)12 -b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)992 1049 y Fi(0)1113 -1085 y Fu(and)130 b Ft(h)p Fr(while)34 b Fs(b)k Fr(do)33 -b Fs(S)12 b Fu(,)33 b Fs(s)2121 1049 y Fi(0)2144 1085 -y Ft(i)f(!)g Fs(s)2395 1049 y Fi(00)283 1294 y Fu(for)38 -b(some)h(state)g Fs(s)982 1258 y Fi(0)1005 1294 y Fu(.)61 -b(Th)m(us)41 b(\()p Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(])38 b Ft(^)h Fs(P)10 b Fu(\))39 b Fs(s)47 b Fu(=)38 -b Fw(tt)g Fu(and)g(w)m(e)i(can)f(then)g(apply)f(the)h(assump-)283 -1414 y(tion)f Ft(j)-17 b Fu(=)577 1429 y Fn(p)653 1414 -y Ft(f)33 b(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 -b Ft(^)g Fs(P)42 b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(P)43 -b Ft(g)c Fu(and)g(get)g(that)g Fs(P)49 b(s)2378 1378 -y Fi(0)2441 1414 y Fu(=)38 b Fw(tt)p Fu(.)62 b(The)40 -b(induction)e(h)m(yp)s(othe-)283 1535 y(sis)g(can)g(no)m(w)h(b)s(e)e -(applied)g(to)g(the)i(deriv)-5 b(ation)36 b Ft(h)o Fr(while)e -Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)2783 1499 -y Fi(0)2807 1535 y Ft(i)g(!)g Fs(s)3058 1499 y Fi(00)3138 -1535 y Fu(and)38 b(giv)m(es)g(that)283 1655 y(\()p Ft(:)q(B)s -Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)10 -b Fu(\))33 b Fs(s)909 1619 y Fi(00)984 1655 y Fu(=)f -Fw(tt)o Fu(.)44 b(This)32 b(completes)h(the)g(pro)s(of)f(of)g(this)g -(case.)283 1823 y Fw(The)h(case)g Fu([cons)950 1838 y -Fn(p)995 1823 y Fu(]:)43 b(Supp)s(ose)34 b(that)527 2032 -y Ft(j)-17 b Fu(=)614 2047 y Fn(p)690 2032 y Ft(f)32 -b Fs(P)848 1996 y Fi(0)905 2032 y Ft(g)g Fs(S)44 b Ft(f)33 -b Fs(Q)1253 1996 y Fi(0)1309 2032 y Ft(g)f Fu(and)h Fs(P)43 -b Ft(\))32 b Fs(P)1898 1996 y Fi(0)1986 2032 y Fu(and)h -Fs(Q)2260 1996 y Fi(0)2316 2032 y Ft(\))f Fs(Q)283 2240 -y Fu(T)-8 b(o)33 b(pro)m(v)m(e)h Ft(j)-17 b Fu(=)777 -2255 y Fn(p)853 2240 y Ft(f)32 b Fs(P)43 b Ft(g)32 b -Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(consider)h(states)g -Fs(s)41 b Fu(and)33 b Fs(s)2483 2204 y Fi(0)2539 2240 -y Fu(suc)m(h)h(that)e Fs(P)43 b(s)d Fu(=)33 b Fw(tt)e -Fu(and)527 2449 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b -Ft(i)32 b(!)g Fs(s)992 2413 y Fi(0)283 2658 y Fu(Since)e -Fs(P)39 b(s)e Fu(=)29 b Fw(tt)f Fu(and)h Fs(P)40 b Ft(\))28 -b Fs(P)1434 2622 y Fi(0)1487 2658 y Fu(w)m(e)i(also)e(ha)m(v)m(e)j -Fs(P)2117 2622 y Fi(0)2169 2658 y Fs(s)38 b Fu(=)28 b -Fw(tt)h Fu(and)g(the)g(assumption)g(then)g(giv)m(es)283 -2778 y(us)34 b(that)e Fs(Q)704 2742 y Fi(0)760 2778 y -Fs(s)808 2742 y Fi(0)864 2778 y Fu(=)g Fw(tt)p Fu(.)43 -b(F)-8 b(rom)31 b Fs(Q)1470 2742 y Fi(0)1526 2778 y Ft(\))h -Fs(Q)42 b Fu(w)m(e)33 b(therefore)g(get)g Fs(Q)42 b(s)2655 -2742 y Fi(0)2711 2778 y Fu(=)32 b Fw(tt)g Fu(as)g(required.)247 -b Fh(2)283 3098 y Fw(Exercise)37 b(6.18)49 b Fu(Sho)m(w)38 -b(that)g(the)g(inference)h(rule)e(for)g Fr(repeat)j Fs(S)49 -b Fr(until)40 b Fs(b)j Fu(suggested)d(in)283 3219 y(Exercise)25 -b(6.11)e(preserv)m(es)j(v)-5 b(alidit)m(y)d(.)38 b(Argue)24 -b(that)f(this)g(means)h(that)f(the)h(en)m(tire)f(pro)s(of)g(system)283 -3339 y(consisting)34 b(of)g(the)g(axioms)f(and)h(rules)g(of)g(T)-8 -b(able)34 b(6.1)g(together)g(with)g(the)g(rule)g(of)f(Exercise)283 -3460 y(6.11)f(is)g(sound.)2818 b Fh(2)283 3695 y Fw(Exercise)37 -b(6.19)49 b Fu(De\014ne)33 b Ft(j)-17 b Fu(=)1364 3659 -y Fi(0)1420 3695 y Ft(f)32 b Fs(P)43 b Ft(g)32 b Fs(S)45 -b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(to)g(mean)g(that)527 -3904 y(for)42 b(all)e(states)j Fs(s)50 b Fu(suc)m(h)43 -b(that)f Fs(P)52 b(s)f Fu(=)41 b Fw(tt)h Fu(there)g(exists)h(a)f(state) -g Fs(s)3038 3868 y Fi(0)3104 3904 y Fu(suc)m(h)h(that)527 -4025 y Fs(Q)f(s)692 3988 y Fi(0)748 4025 y Fu(=)32 b -Fw(tt)g Fu(and)h Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8 b -Ft(i)32 b(!)g Fs(s)1630 3988 y Fi(0)283 4233 y Fu(Sho)m(w)h(that)e(it)f -(is)h Fs(not)40 b Fu(the)32 b(case)g(that)f Ft(`)1763 -4248 y Fn(p)1838 4233 y Ft(f)g Fs(P)41 b Ft(g)31 b Fs(S)43 -b Ft(f)31 b Fs(Q)41 b Ft(g)31 b Fu(implies)d Ft(j)-17 -b Fu(=)2899 4197 y Fi(0)2954 4233 y Ft(f)31 b Fs(P)41 -b Ft(g)31 b Fs(S)43 b Ft(f)31 b Fs(Q)41 b Ft(g)31 b Fu(and)283 -4354 y(conclude)j(that)f(the)h(pro)s(of)e(system)i(of)f(T)-8 -b(able)33 b(6.1)g(cannot)g(b)s(e)h(sound)g(with)f(resp)s(ect)h(to)f -(this)283 4474 y(de\014nition)f(of)g(v)-5 b(alidit)m(y)d(.)2515 -b Fh(2)283 4770 y Fp(Completeness)47 b(\(in)e(the)h(extensional)g -(approac)l(h\))283 4957 y Fu(Before)35 b(turning)f(to)g(the)h(pro)s(of) -e(of)h(the)h(completeness)g(result)g(w)m(e)g(shall)e(consider)i(a)f(sp) -s(ecial)283 5077 y(predicate)f(wlp\()p Fs(S)12 b Fu(,)32 -b Fs(Q)9 b Fu(\))33 b(de\014ned)h(for)e(eac)m(h)h(statemen)m(t)g -Fs(S)45 b Fu(and)33 b(predicate)f Fs(Q)9 b Fu(:)527 5286 -y(wlp\()p Fs(S)j Fu(,)32 b Fs(Q)9 b Fu(\))33 b Fs(s)41 -b Fu(=)32 b Fw(tt)283 5494 y Fu(if)g(and)h(only)f(if)f(for)h(all)f -(states)i Fs(s)1476 5458 y Fi(0)1499 5494 y Fu(,)p eop -%%Page: 187 197 -187 196 bop 0 130 a Fw(6.3)112 b(Soundness)40 b(and)e(completeness)1647 -b(187)p 0 193 3473 4 v 244 515 a Fu(if)31 b Ft(h)p Fs(S)12 -b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)798 479 y Fi(0)854 -515 y Fu(then)h Fs(Q)42 b(s)1241 479 y Fi(0)1297 515 -y Fu(=)32 b Fw(tt)0 719 y Fu(The)i(predicate)e(is)g(called)g(the)h -Fs(we)-5 b(akest)34 b(lib)-5 b(er)g(al)34 b(pr)-5 b(e)g(c)g(ondition)39 -b Fu(for)32 b Fs(Q)42 b Fu(and)32 b(it)g(satis\014es:)p -0 839 3473 5 v 0 1014 a Fw(F)-9 b(act)37 b(6.20)49 b -Fu(F)-8 b(or)32 b(ev)m(ery)j(statemen)m(t)e Fs(S)44 b -Fu(and)33 b(predicate)f Fs(Q)42 b Fu(w)m(e)34 b(ha)m(v)m(e)145 -1217 y Ft(\017)49 b(j)-17 b Fu(=)331 1232 y Fn(p)407 -1217 y Ft(f)32 b Fu(wlp\()p Fs(S)12 b Fu(,)32 b Fs(Q)9 -b Fu(\))33 b Ft(g)f Fs(S)44 b Ft(f)33 b Fs(Q)41 b Ft(g)1958 -b Fu(\(*\))145 1421 y Ft(\017)49 b Fu(if)31 b Ft(j)-17 -b Fu(=)420 1436 y Fn(p)496 1421 y Ft(f)32 b Fs(P)43 b -Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(then)i -Fs(P)42 b Ft(\))33 b Fu(wlp\()p Fs(S)12 b Fu(,)32 b Fs(Q)9 -b Fu(\))1247 b(\(**\))0 1625 y(meaning)31 b(that)i(wlp\()p -Fs(S)12 b Fu(,)32 b Fs(Q)9 b Fu(\))32 b(is)g(the)h(w)m(eak)m(est)i(p)s -(ossible)d(precondition)g(for)g Fs(S)44 b Fu(and)33 b -Fs(Q)9 b Fu(.)p 0 1745 V 0 1948 a Fw(Pro)s(of:)54 b Fu(T)-8 -b(o)47 b(v)m(erify)h(that)e(\(*\))h(holds)g(let)f Fs(s)55 -b Fu(and)48 b Fs(s)1971 1912 y Fi(0)2041 1948 y Fu(b)s(e)f(states)h -(suc)m(h)h(that)e Ft(h)p Fs(S)12 b Fu(,)47 b Fs(s)8 b -Ft(i)46 b(!)h Fs(s)3449 1912 y Fi(0)0 2069 y Fu(and)38 -b(wlp\()p Fs(S)12 b Fu(,)33 b Fs(Q)9 b Fu(\))32 b Fs(s)41 -b Fu(=)32 b Fw(tt)o Fu(.)61 b(F)-8 b(rom)37 b(the)i(de\014nition)e(of)h -(wlp\()p Fs(S)12 b Fu(,)38 b Fs(Q)9 b Fu(\))38 b(w)m(e)i(get)e(that)g -Fs(Q)47 b(s)3209 2033 y Fi(0)3271 2069 y Fu(=)38 b Fw(tt)0 -2189 y Fu(as)k(required.)71 b(T)-8 b(o)42 b(v)m(erify)g(that)f(\(**\))g -(holds)h(assume)g(that)f Ft(j)-17 b Fu(=)2362 2204 y -Fn(p)2447 2189 y Ft(f)42 b Fs(P)52 b Ft(g)41 b Fs(S)54 -b Ft(f)41 b Fs(Q)51 b Ft(g)41 b Fu(and)h(let)0 2310 y -Fs(P)h(s)d Fu(=)33 b Fw(tt)o Fu(.)55 b(If)36 b Ft(h)p -Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1033 -2273 y Fi(0)1092 2310 y Fu(then)37 b Fs(Q)46 b(s)1487 -2273 y Fi(0)1546 2310 y Fu(=)37 b Fw(tt)e Fu(\(b)s(ecause)j -Ft(j)-17 b Fu(=)2272 2325 y Fn(p)2351 2310 y Ft(f)36 -b Fs(P)47 b Ft(g)36 b Fs(S)48 b Ft(f)36 b Fs(Q)46 b Ft(g)p -Fu(\))36 b(so)g(clearly)0 2430 y(wlp\()p Fs(S)12 b Fu(,)p -Fs(Q)d Fu(\))32 b Fs(s)41 b Fu(=)32 b Fw(tt)o Fu(.)2657 -b Fh(2)0 2742 y Fw(Exercise)36 b(6.21)49 b Fu(Pro)m(v)m(e)34 -b(that)f(the)g(predicate)f Fs(INV)52 b Fu(of)32 b(Example)g(6.9)g -(satis\014es)269 2909 y Fs(INV)51 b Fu(=)32 b(wlp\()p -Fr(while)i Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f -Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h -Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fu(1\),)i Fr(y)e Fu(=)h -Fr(n)p Fu(!)43 b Ft(^)33 b Fr(n)g Fo(>)g Fr(0)p Fu(\))164 -b Fh(2)0 3138 y Fw(Exercise)36 b(6.22)49 b Fu(Another)f(in)m(teresting) -e(predicate)h(called)f(the)h Fs(str)-5 b(ongest)48 b(p)-5 -b(ostc)g(ondition)0 3258 y Fu(for)32 b Fs(S)44 b Fu(and)33 -b Fs(P)43 b Fu(can)33 b(b)s(e)g(de\014ned)h(b)m(y)244 -3462 y(sp\()p Fs(P)10 b Fu(,)33 b Fs(S)12 b Fu(\))33 -b Fs(s)696 3426 y Fi(0)752 3462 y Fu(=)f Fw(tt)0 3665 -y Fu(if)f(and)i(only)f(if)244 3869 y(there)h(exists)h -Fs(s)40 b Fu(suc)m(h)34 b(that)f Ft(h)o Fs(S)12 b Fu(,)33 -b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1739 3833 y Fi(0)1795 3869 -y Fu(and)h Fs(P)43 b(s)d Fu(=)33 b Fw(tt)0 4072 y Fu(Pro)m(v)m(e)h -(that)145 4276 y Ft(\017)49 b(j)-17 b Fu(=)331 4291 y -Fn(p)407 4276 y Ft(f)32 b Fs(P)43 b Ft(g)32 b Fs(S)45 -b Ft(f)32 b Fu(sp\()p Fs(P)10 b Fu(,)34 b Fs(S)12 b Fu(\))32 -b Ft(g)145 4479 y(\017)49 b Fu(if)31 b Ft(j)-17 b Fu(=)420 -4494 y Fn(p)496 4479 y Ft(f)32 b Fs(P)43 b Ft(g)33 b -Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(then)i(sp\()p -Fs(P)10 b Fu(,)33 b Fs(S)12 b Fu(\))32 b Ft(\))h Fs(Q)0 -4683 y Fu(Th)m(us)h(sp\()p Fs(P)10 b Fu(,)34 b Fs(S)12 -b Fu(\))32 b(is)g(the)h(strongest)g(p)s(ossible)f(p)s(ostcondition)g -(for)g Fs(P)43 b Fu(and)32 b Fs(S)12 b Fu(.)544 b Fh(2)p -0 4912 V 0 5086 a Fw(Lemma)37 b(6.23)49 b Fu(The)d(inference)f(system)h -(of)e(T)-8 b(able)45 b(6.1)f(is)g(complete,)j(that)e(is)f(for)h(ev)m -(ery)0 5206 y(partial)30 b(correctness)35 b(form)m(ula)c -Ft(f)h Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(Q)42 -b Ft(g)32 b Fu(w)m(e)i(ha)m(v)m(e)269 5374 y Ft(j)-17 -b Fu(=)356 5389 y Fn(p)432 5374 y Ft(f)32 b Fs(P)43 b -Ft(g)32 b Fs(S)44 b Ft(f)33 b Fs(Q)41 b Ft(g)33 b Fu(implies)d -Ft(`)1478 5389 y Fn(p)1554 5374 y Ft(f)i Fs(P)43 b Ft(g)32 -b Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)p 0 5494 V eop -%%Page: 188 198 -188 197 bop 251 130 a Fw(188)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283 -515 a(Pro)s(of:)38 b Fu(The)33 b(completeness)h(result)e(follo)m(ws)f -(if)h(w)m(e)h(can)g(infer)552 683 y Ft(`)613 698 y Fn(p)689 -683 y Ft(f)f Fu(wlp\()p Fs(S)12 b Fu(,)32 b Fs(Q)9 b -Fu(\))33 b Ft(g)f Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)1958 -b Fu(\(*\))283 851 y(for)32 b(all)f(statemen)m(ts)j Fs(S)44 -b Fu(and)33 b(predicates)g Fs(Q)9 b Fu(.)33 b(T)-8 b(o)32 -b(see)i(this)e(supp)s(ose)i(that)527 1046 y Ft(j)-17 -b Fu(=)614 1061 y Fn(p)690 1046 y Ft(f)32 b Fs(P)43 b -Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)283 1242 -y Fu(Then)34 b(F)-8 b(act)32 b(6.20)g(giv)m(es)h(that)527 -1438 y Fs(P)43 b Ft(\))32 b Fu(wlp\()p Fs(S)12 b Fu(,)p -Fs(Q)d Fu(\))283 1633 y(so)33 b(that)g(\(*\))f(and)g([cons)1172 -1648 y Fn(p)1217 1633 y Fu(])g(giv)m(e)527 1829 y Ft(`)588 -1844 y Fn(p)664 1829 y Ft(f)g Fs(P)43 b Ft(g)33 b Fs(S)44 -b Ft(f)32 b Fs(Q)42 b Ft(g)283 2025 y Fu(as)33 b(required.)430 -2145 y(T)-8 b(o)32 b(pro)m(v)m(e)i(\(*\))e(w)m(e)i(pro)s(ceed)f(b)m(y)h -(structural)e(induction)g(on)g(the)h(statemen)m(t)g Fs(S)12 -b Fu(.)283 2313 y Fw(The)33 b(case)g Fs(x)45 b Fu(:=)32 -b Fs(a)7 b Fu(:)44 b(Based)33 b(on)g(the)g(natural)e(seman)m(tics)i(it) -f(is)g(easy)h(to)g(v)m(erify)g(that)527 2508 y(wlp\()p -Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33 b Fs(Q)9 b Fu(\))32 -b(=)h Fs(Q)9 b Fu([)p Fs(x)j Ft(7!)o(A)p Fu([)-17 b([)p -Fs(a)7 b Fu(])-17 b(])q(])283 2704 y(so)33 b(the)g(result)g(follo)m(ws) -e(directly)h(from)f([ass)1900 2719 y Fn(p)1945 2704 y -Fu(].)283 2872 y Fw(The)i(case)g Fr(skip)p Fu(:)45 b(Since)33 -b(wlp\()p Fr(skip)p Fu(,)g Fs(Q)9 b Fu(\))33 b(=)f Fs(Q)42 -b Fu(the)33 b(result)f(follo)m(ws)g(from)f([skip)3292 -2887 y Fn(p)3336 2872 y Fu(].)283 3039 y Fw(The)i(case)g -Fs(S)806 3054 y Fn(1)846 3039 y Fu(;)p Fs(S)940 3054 -y Fn(2)979 3039 y Fu(:)44 b(The)33 b(induction)f(h)m(yp)s(othesis)h -(applied)f(to)g Fs(S)2692 3054 y Fn(1)2764 3039 y Fu(and)g -Fs(S)3020 3054 y Fn(2)3092 3039 y Fu(giv)m(es)527 3235 -y Ft(`)588 3250 y Fn(p)664 3235 y Ft(f)g Fu(wlp\()p Fs(S)1003 -3250 y Fn(2)1042 3235 y Fu(,)h Fs(Q)9 b Fu(\))33 b Ft(g)f -Fs(S)1406 3250 y Fn(2)1478 3235 y Ft(f)g Fs(Q)42 b Ft(g)283 -3431 y Fu(and)527 3626 y Ft(`)588 3641 y Fn(p)664 3626 -y Ft(f)32 b Fu(wlp\()p Fs(S)1003 3641 y Fn(1)1042 3626 -y Fu(,)h(wlp\()p Fs(S)1359 3641 y Fn(2)1398 3626 y Fu(,)g -Fs(Q)9 b Fu(\)\))32 b Ft(g)g Fs(S)1799 3641 y Fn(1)1871 -3626 y Ft(f)h Fu(wlp\()p Fs(S)2211 3641 y Fn(2)2249 3626 -y Fu(,)g Fs(Q)9 b Fu(\))33 b Ft(g)283 3822 y Fu(so)g(that)g([comp)870 -3837 y Fn(p)913 3822 y Fu(])f(giv)m(es)527 4018 y Ft(`)588 -4033 y Fn(p)664 4018 y Ft(f)g Fu(wlp\()p Fs(S)1003 4033 -y Fn(1)1042 4018 y Fu(,)h(wlp\()p Fs(S)1359 4033 y Fn(2)1398 -4018 y Fu(,)g Fs(Q)9 b Fu(\)\))32 b Ft(g)g Fs(S)1799 -4033 y Fn(1)1839 4018 y Fu(;)p Fs(S)1933 4033 y Fn(2)2005 -4018 y Ft(f)g Fs(Q)42 b Ft(g)283 4213 y Fu(W)-8 b(e)33 -b(shall)f(no)m(w)h(pro)m(v)m(e)h(that)527 4409 y(wlp\()p -Fs(S)784 4424 y Fn(1)823 4409 y Fu(;)p Fs(S)917 4424 -y Fn(2)957 4409 y Fu(,)e Fs(Q)9 b Fu(\))33 b Ft(\))f -Fu(wlp\()p Fs(S)1560 4424 y Fn(1)1599 4409 y Fu(,)h(wlp\()p -Fs(S)1916 4424 y Fn(2)1955 4409 y Fu(,)f Fs(Q)9 b Fu(\)\))283 -4605 y(as)27 b(then)h([cons)825 4620 y Fn(p)869 4605 -y Fu(])f(will)d(giv)m(e)j(the)g(required)g(pro)s(of)f(in)g(the)h -(inference)h(system.)42 b(So)27 b(assume)g(that)283 4725 -y(wlp\()p Fs(S)540 4740 y Fn(1)579 4725 y Fu(;)p Fs(S)673 -4740 y Fn(2)713 4725 y Fu(,)j Fs(Q)9 b Fu(\))30 b Fs(s)37 -b Fu(=)30 b Fw(tt)e Fu(and)i(w)m(e)h(shall)d(sho)m(w)j(that)e(wlp\()p -Fs(S)2478 4740 y Fn(1)2517 4725 y Fu(,)k(wlp\()p Fs(S)2834 -4740 y Fn(2)2873 4725 y Fu(,)f Fs(Q)9 b Fu(\)\))33 b -Fs(s)41 b Fu(=)32 b Fw(tt)o Fu(.)43 b(This)29 b(is)283 -4845 y(ob)m(vious)36 b(unless)f(there)h(is)e(a)h(state)g -Fs(s)1654 4809 y Fi(0)1713 4845 y Fu(suc)m(h)h(that)f -Ft(h)p Fs(S)2255 4860 y Fn(1)2294 4845 y Fu(,)g Fs(s)8 -b Ft(i)35 b(!)g Fs(s)2661 4809 y Fi(0)2719 4845 y Fu(and)g(then)h(w)m -(e)g(m)m(ust)f(pro)m(v)m(e)283 4966 y(that)j(wlp\()p -Fs(S)757 4981 y Fn(2)796 4966 y Fu(,)i Fs(Q)9 b Fu(\))38 -b Fs(s)1071 4930 y Fi(0)1132 4966 y Fu(=)g Fw(tt)p Fu(.)60 -b(Ho)m(w)m(ev)m(er,)42 b(this)37 b(is)h(ob)m(vious)g(to)s(o)g(unless)h -(there)f(is)g(a)g(state)g Fs(s)3713 4930 y Fi(00)283 -5086 y Fu(suc)m(h)33 b(that)e Ft(h)p Fs(S)818 5101 y -Fn(2)857 5086 y Fu(,)i Fs(s)965 5050 y Fi(0)988 5086 -y Ft(i)f(!)g Fs(s)1239 5050 y Fi(00)1313 5086 y Fu(and)f(then)h(w)m(e)g -(m)m(ust)f(pro)m(v)m(e)i(that)e Fs(Q)40 b(s)2739 5050 -y Fi(00)2812 5086 y Fu(=)31 b Fw(tt)p Fu(.)43 b(But)31 -b(b)m(y)h([comp)3658 5101 y Fn(ns)3729 5086 y Fu(])283 -5206 y(w)m(e)i(ha)m(v)m(e)g Ft(h)p Fs(S)758 5221 y Fn(1)797 -5206 y Fu(;)p Fs(S)891 5221 y Fn(2)930 5206 y Fu(,)f -Fs(s)8 b Ft(i)32 b(!)g Fs(s)1289 5170 y Fi(00)1365 5206 -y Fu(so)g(that)h Fs(Q)41 b(s)1860 5170 y Fi(00)1935 5206 -y Fu(=)33 b Fw(tt)e Fu(follo)m(ws)h(from)f(wlp\()p Fs(S)2971 -5221 y Fn(1)3010 5206 y Fu(;)p Fs(S)3104 5221 y Fn(2)3143 -5206 y Fu(,)i Fs(Q)9 b Fu(\))33 b Fs(s)40 b Fu(=)33 b -Fw(tt)o Fu(.)283 5374 y Fw(The)g(case)g Fr(if)g Fs(b)38 -b Fr(then)c Fs(S)1262 5389 y Fn(1)1333 5374 y Fr(else)g -Fs(S)1638 5389 y Fn(2)1677 5374 y Fu(:)43 b(The)33 b(induction)f(h)m -(yp)s(othesis)h(applied)f(to)g Fs(S)3389 5389 y Fn(1)3460 -5374 y Fu(and)h Fs(S)3717 5389 y Fn(2)283 5494 y Fu(giv)m(es)p -eop -%%Page: 189 199 -189 198 bop 0 130 a Fw(6.3)112 b(Soundness)40 b(and)e(completeness)1647 -b(189)p 0 193 3473 4 v 244 515 a Ft(`)305 530 y Fn(p)381 -515 y Ft(f)32 b Fu(wlp\()p Fs(S)720 530 y Fn(1)759 515 -y Fu(,)h Fs(Q)9 b Fu(\))32 b Ft(g)g Fs(S)1122 530 y Fn(1)1194 -515 y Ft(f)h Fs(Q)41 b Ft(g)33 b Fu(and)f Ft(`)1726 530 -y Fn(p)1802 515 y Ft(f)g Fu(wlp\()p Fs(S)2141 530 y Fn(2)2180 -515 y Fu(,)h Fs(Q)9 b Fu(\))32 b Ft(g)h Fs(S)2544 530 -y Fn(2)2616 515 y Ft(f)f Fs(Q)42 b Ft(g)0 722 y Fu(De\014ne)33 -b(the)g(predicate)g Fs(P)43 b Fu(b)m(y)244 929 y Fs(P)g -Fu(=)32 b(\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 -b(])33 b Ft(^)g Fu(wlp\()p Fs(S)1082 944 y Fn(1)1121 -929 y Fu(,)g Fs(Q)9 b Fu(\)\))32 b Ft(_)h Fu(\()p Ft(:B)t -Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fu(wlp\()p -Fs(S)2160 944 y Fn(2)2198 929 y Fu(,)g Fs(Q)9 b Fu(\)\))0 -1136 y(Then)34 b(w)m(e)f(ha)m(v)m(e)244 1343 y(\()p Ft(B)s -Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)10 -b Fu(\))33 b Ft(\))f Fu(wlp\()p Fs(S)1144 1358 y Fn(1)1183 -1343 y Fu(,)g Fs(Q)9 b Fu(\))33 b(and)g(\()p Ft(:B)s -Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)10 -b Fu(\))33 b Ft(\))f Fu(wlp\()p Fs(S)2553 1358 y Fn(2)2592 -1343 y Fu(,)h Fs(Q)9 b Fu(\))0 1550 y(so)33 b([cons)331 -1565 y Fn(p)375 1550 y Fu(])g(can)f(b)s(e)h(applied)f(t)m(wice)h(and)f -(giv)m(es)244 1757 y Ft(`)305 1772 y Fn(p)381 1757 y -Ft(f)g(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b -Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)1047 1772 y Fn(1)1119 -1757 y Ft(f)g Fs(Q)42 b Ft(g)32 b Fu(and)h Ft(`)1651 -1772 y Fn(p)1727 1757 y Ft(f)f(:B)t Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(])33 b Ft(^)g Fs(P)42 b Ft(g)33 b Fs(S)2460 -1772 y Fn(2)2532 1757 y Ft(f)f Fs(Q)42 b Ft(g)0 1964 -y Fu(Using)32 b([if)359 1979 y Fn(p)402 1964 y Fu(])g(w)m(e)i -(therefore)f(get)244 2171 y Ft(`)305 2186 y Fn(p)381 -2171 y Ft(f)f Fs(P)43 b Ft(g)32 b Fr(if)h Fs(b)39 b Fr(then)33 -b Fs(S)1177 2186 y Fn(1)1249 2171 y Fr(else)h Fs(S)1554 -2186 y Fn(2)1625 2171 y Ft(f)f Fs(Q)41 b Ft(g)0 2378 -y Fu(T)-8 b(o)33 b(see)g(that)g(this)f(is)g(the)h(desired)g(result)g -(it)e(su\016ces)k(to)d(sho)m(w)i(that)244 2585 y(wlp\()p -Fr(if)f Fs(b)38 b Fr(then)c Fs(S)957 2600 y Fn(1)1028 -2585 y Fr(else)g Fs(S)1333 2600 y Fn(2)1372 2585 y Fu(,)f -Fs(Q)9 b Fu(\))32 b Ft(\))h Fs(P)0 2792 y Fu(and)g(this)f(is)g(straigh) -m(tforw)m(ard)g(b)m(y)i(cases)g(on)e(the)h(v)-5 b(alue)32 -b(of)g Fs(b)6 b Fu(.)0 2959 y Fw(The)33 b(case)g Fr(while)h -Fs(b)k Fr(do)33 b Fs(S)12 b Fu(:)33 b(De\014ne)g(the)g(predicate)g -Fs(P)43 b Fu(b)m(y)244 3166 y Fs(P)g Fu(=)32 b(wlp\()p -Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(Q)9 -b Fu(\))0 3373 y(W)-8 b(e)33 b(\014rst)g(sho)m(w)h(that)269 -3541 y(\()p Ft(:B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 -b(])33 b Ft(^)g Fs(P)10 b Fu(\))33 b Ft(\))f Fs(Q)2246 -b Fu(\(**\))269 3708 y(\()p Ft(B)s Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(])33 b Ft(^)g Fs(P)10 b Fu(\))33 b Ft(\))f -Fu(wlp\()p Fs(S)12 b Fu(,)p Fs(P)e Fu(\))1940 b(\(***\))0 -3876 y(T)-8 b(o)36 b(v)m(erify)h(\(**\))e(let)g Fs(s)45 -b Fu(b)s(e)36 b(suc)m(h)h(that)f(\()p Ft(:)q(B)s Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(])36 b Ft(^)h Fs(P)10 b Fu(\))36 -b Fs(s)44 b Fu(=)36 b Fw(tt)p Fu(.)53 b(Then)37 b(it)e(m)m(ust)i(b)s(e) -f(the)g(case)0 3996 y(that)i Ft(h)p Fr(while)33 b Fs(b)39 -b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f -Fs(s)46 b Fu(so)38 b(w)m(e)h(ha)m(v)m(e)h Fs(Q)47 b(s)f -Fu(=)38 b Fw(tt)p Fu(.)59 b(T)-8 b(o)38 b(v)m(erify)h(\(***\))e(let)h -Fs(s)46 b Fu(b)s(e)38 b(suc)m(h)0 4117 y(that)33 b(\()p -Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g -Fs(P)10 b Fu(\))33 b Fs(s)40 b Fu(=)33 b Fw(tt)f Fu(and)h(w)m(e)i -(shall)c(sho)m(w)k(that)e(wlp\()p Fs(S)12 b Fu(,)p Fs(P)e -Fu(\))33 b Fs(s)41 b Fu(=)33 b Fw(tt)p Fu(.)44 b(This)33 -b(is)g(ob)m(vious)0 4237 y(unless)j(there)h(is)e(a)h(state)g -Fs(s)1020 4201 y Fi(0)1079 4237 y Fu(suc)m(h)h(that)f -Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1981 -4201 y Fi(0)2040 4237 y Fu(in)j(whic)m(h)i(case)f(w)m(e)h(shall)e(pro)m -(v)m(e)i(that)0 4358 y Fs(P)44 b(s)158 4321 y Fi(0)215 -4358 y Fu(=)33 b Fw(tt)p Fu(.)46 b(W)-8 b(e)34 b(ha)m(v)m(e)h(t)m(w)m -(o)f(cases.)48 b(First)32 b(w)m(e)j(assume)f(that)g Ft(h)o -Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)3005 -4321 y Fi(0)3028 4358 y Ft(i)h(!)f Fs(s)3280 4321 y Fi(00)3356 -4358 y Fu(for)0 4478 y(some)38 b Fs(s)298 4442 y Fi(00)341 -4478 y Fu(.)61 b(Then)39 b([while)939 4442 y Fn(tt)939 -4503 y(ns)1009 4478 y Fu(])g(giv)m(es)g(us)g(that)f Ft(h)p -Fr(while)h Fs(b)44 b Fr(do)39 b Fs(S)12 b Fu(,)38 b Fs(s)8 -b Ft(i)39 b(!)e Fs(s)2674 4442 y Fi(00)2755 4478 y Fu(and)i(since)g -Fs(P)48 b(s)f Fu(=)0 4598 y Fw(tt)34 b Fu(w)m(e)h(get)f(that)h -Fs(Q)43 b(s)811 4562 y Fi(00)888 4598 y Fu(=)34 b Fw(tt)g -Fu(using)g(F)-8 b(act)34 b(6.20.)48 b(But)35 b(this)f(means)g(that)h -Fs(P)44 b(s)2906 4562 y Fi(0)2964 4598 y Fu(=)34 b Fw(tt)g -Fu(as)g(w)m(as)0 4719 y(required.)74 b(In)43 b(the)h(second)g(case)f(w) -m(e)h(assume)f(that)g Ft(h)p Fr(while)33 b Fs(b)39 b -Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)2745 4683 y Fi(0)2769 -4719 y Ft(i)g(!)g Fs(s)3020 4683 y Fi(00)3105 4719 y -Fu(do)s(es)43 b Fs(not)0 4839 y Fu(hold)29 b(for)g(an)m(y)h(state)h -Fs(s)826 4803 y Fi(00)868 4839 y Fu(.)43 b(But)29 b(this)h(means)g -(that)f Fs(P)43 b(s)1977 4803 y Fi(0)2033 4839 y Fu(=)32 -b Fw(tt)d Fu(holds)g(v)-5 b(acuously)30 b(and)g(w)m(e)h(ha)m(v)m(e)0 -4960 y(\014nished)i(the)g(pro)s(of)f(of)g(\(***\).)146 -5081 y(The)i(induction)d(h)m(yp)s(othesis)j(applied)e(to)g(the)h(b)s(o) -s(dy)f Fs(S)45 b Fu(of)32 b(the)h Fr(while)p Fu(-lo)s(op)f(giv)m(es)244 -5288 y Ft(`)305 5303 y Fn(p)381 5288 y Ft(f)g Fu(wlp\()p -Fs(S)12 b Fu(,)p Fs(P)e Fu(\))32 b Ft(g)h Fs(S)44 b Ft(f)32 -b Fs(P)43 b Ft(g)0 5494 y Fu(and)33 b(using)f(\(***\))g(together)g -(with)h([cons)1518 5509 y Fn(p)1562 5494 y Fu(])f(w)m(e)i(get)p -eop -%%Page: 190 200 -190 199 bop 251 130 a Fw(190)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527 -515 a Ft(`)588 530 y Fn(p)664 515 y Ft(f)32 b(B)t Fu([)-17 -b([)p Fs(b)6 b Fu(])-17 b(])34 b Ft(^)e Fs(P)43 b Ft(g)33 -b Fs(S)44 b Ft(f)32 b Fs(P)43 b Ft(g)283 704 y Fu(W)-8 -b(e)33 b(can)g(no)m(w)h(apply)e(the)h(rule)f([while)1715 -719 y Fn(p)1758 704 y Fu(])g(and)h(get)527 892 y Ft(`)588 -907 y Fn(p)664 892 y Ft(f)f Fs(P)43 b Ft(g)33 b Fr(while)g -Fs(b)39 b Fr(do)33 b Fs(S)44 b Ft(f)33 b(:B)t Fu([)-17 -b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)283 -1081 y Fu(Finally)-8 b(,)30 b(w)m(e)k(use)g(\(**\))d(together)i(with)f -([cons)1970 1096 y Fn(p)2015 1081 y Fu(])g(and)h(get)527 -1270 y Ft(`)588 1285 y Fn(p)664 1270 y Ft(f)f Fs(P)43 -b Ft(g)33 b Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)44 b -Ft(f)33 b Fs(Q)41 b Ft(g)283 1458 y Fu(as)33 b(required.)2902 -b Fh(2)283 1750 y Fw(Exercise)37 b(6.24)49 b Fu(Pro)m(v)m(e)34 -b(that)e(the)h(inference)g(system)h(for)e(the)h Fr(while)p -Fu(-language)f(extended)283 1870 y(with)27 b Fr(repeat)i -Fs(S)40 b Fr(until)28 b Fs(b)34 b Fu(as)27 b(in)g(Exercise)i(6.11)d(is) -h(complete.)41 b(\(If)28 b(not)f(y)m(ou)h(should)f(impro)m(v)m(e)283 -1990 y(y)m(our)34 b(rule)e(for)g Fr(repeat)i Fs(S)44 -b Fr(until)34 b Fs(b)6 b Fu(.\))1987 b Fh(2)283 2199 -y Fw(Exercise)37 b(6.25)49 b Fu(*)f(Pro)m(v)m(e)h(the)f(completeness)h -(of)f(the)g(inference)h(system)g(of)f(T)-8 b(able)47 -b(6.1)283 2319 y(using)31 b(the)h Fs(str)-5 b(ongest)33 -b(p)-5 b(ostc)g(onditions)38 b Fu(of)30 b(Exercise)j(6.22)d(rather)h -(than)g(the)g(w)m(eak)m(est)j(lib)s(eral)283 2440 y(preconditions)f(as) -f(used)i(in)e(the)h(pro)s(of)f(of)g(Lemma)f(6.23.)1256 -b Fh(2)283 2648 y Fw(Exercise)37 b(6.26)49 b Fu(De\014ne)42 -b(a)g(notion)f(of)g(v)-5 b(alidit)m(y)40 b(based)j(on)f(the)h -(denotational)d(seman)m(tics)283 2768 y(of)c(Chapter)h(4)f(and)h(pro)m -(v)m(e)g(the)g(soundness)i(of)d(the)g(inference)h(system)g(of)f(T)-8 -b(able)36 b(6.1)g(using)283 2889 y(this)46 b(de\014nition,)i(that)e(is) -f(without)g(using)h(the)g(equiv)-5 b(alence)46 b(b)s(et)m(w)m(een)i -(the)e(denotational)283 3009 y(seman)m(tics)33 b(and)g(the)g(op)s -(erational)d(seman)m(tics.)1648 b Fh(2)283 3218 y Fw(Exercise)37 -b(6.27)49 b Fu(Use)34 b(the)f(de\014nition)f(of)g(v)-5 -b(alidit)m(y)31 b(of)i(Exercise)h(6.26)e(and)h(pro)m(v)m(e)i(the)e -(com-)283 3338 y(pleteness)h(of)f(the)g(inference)g(system)g(of)f(T)-8 -b(able)33 b(6.1.)1441 b Fh(2)283 3624 y Fp(Expressiv)l(eness)47 -b(problems)e(\(in)g(the)h(in)l(tensional)g(approac)l(h\))283 -3809 y Fu(So)34 b(far)f(w)m(e)i(ha)m(v)m(e)g(only)f(considered)g(the)g -(extensional)g(approac)m(h)g(where)h(the)f(preconditions)283 -3930 y(and)23 b(p)s(ostconditions)f(of)h(the)g(form)m(ulae)e(are)i -(predicates.)41 b(In)23 b(the)g Fs(intensional)i(appr)-5 -b(o)g(ach)29 b Fu(they)283 4050 y(are)j(form)m(ulae)f(of)g(some)h -(assertion)g(language)f Ft(L)p Fu(.)43 b(The)33 b(axioms)d(and)i(rules) -g(of)g(the)g(inference)283 4170 y(system)43 b(will)c(b)s(e)i(as)h(in)e -(T)-8 b(able)41 b(6.1,)i(the)f(only)f(di\013erence)h(b)s(eing)f(that)g -(the)g(preconditions)283 4291 y(and)j(p)s(ostconditions)e(are)h(form)m -(ulae)f(of)g Ft(L)h Fu(and)h(that)f(op)s(erations)f(suc)m(h)i(as)g -Fs(P)10 b Fu([)p Fs(x)i Ft(7!A)o Fu([)-17 b([)q Fs(a)7 -b Fu(])-17 b(])q(],)283 4411 y Fs(P)359 4426 y Fn(1)432 -4411 y Ft(^)33 b Fs(P)607 4426 y Fn(2)679 4411 y Fu(and)g -Fs(P)945 4426 y Fn(1)1017 4411 y Ft(\))f Fs(P)1225 4426 -y Fn(2)1298 4411 y Fu(are)g(op)s(erations)g(on)g(form)m(ulae)f(of)h -Ft(L)p Fu(.)430 4531 y(It)45 b(will)d(b)s(e)j(natural)f(to)h(let)f -Ft(L)g Fu(include)h(the)g(b)s(o)s(olean)e(expressions)k(of)d -Fw(While)p Fu(.)79 b(The)283 4652 y(soundness)43 b(pro)s(of)38 -b(of)i(Lemma)e(6.17)h(then)i(carries)e(directly)h(o)m(v)m(er)h(to)e -(the)h(in)m(tensional)e(ap-)283 4772 y(proac)m(h.)54 -b(Unfortunately)-8 b(,)36 b(this)g(is)f(not)h(the)g(case)h(for)e(the)h -(completeness)h(pro)s(of)e(of)g(Lemma)283 4893 y(6.23.)43 -b(The)31 b(reason)g(is)f(that)g(the)h(predicates)g(wlp\()p -Fs(S)12 b Fu(,)30 b Fs(Q)9 b Fu(\))31 b(used)h(as)e(preconditions)g(no) -m(w)i(ha)m(v)m(e)283 5013 y(to)h(b)s(e)f(represen)m(ted)k(as)c(form)m -(ulae)f(of)h Ft(L)h Fu(and)f(that)h(this)f(ma)m(y)g(not)h(b)s(e)g(p)s -(ossible.)430 5133 y(T)-8 b(o)22 b(illustrate)e(the)j(problems)e(let)h -Fs(S)34 b Fu(b)s(e)22 b(a)g(statemen)m(t,)j(for)d(example)f(a)h(univ)m -(ersal)g(program)283 5254 y(in)j(the)g(sense)h(of)f(recursion)g(theory) --8 b(,)27 b(that)d(has)i(an)e(undecidable)h(Halting)e(problem.)40 -b(F)-8 b(urther,)283 5374 y(supp)s(ose)37 b(that)d Ft(L)g -Fu(only)h(con)m(tains)f(the)h(b)s(o)s(olean)f(expressions)i(of)e -Fw(While)p Fu(.)49 b(Finally)-8 b(,)32 b(assume)283 5494 -y(that)h(there)g(is)f(a)g(form)m(ula)f Fs(b)1332 5509 -y Fc(S)1415 5494 y Fu(of)i Ft(L)f Fu(suc)m(h)i(that)e(for)g(all)f -(states)i Fs(s)p eop -%%Page: 191 201 -191 200 bop 0 130 a Fw(6.4)112 b(Extensions)37 b(of)h(the)f(axiomatic)f -(system)1315 b(191)p 0 193 3473 4 v 244 515 a Ft(B)s -Fu([)-17 b([)q Fs(b)401 530 y Fc(S)452 515 y Fu(])g(])33 -b Fs(s)40 b Fu(=)33 b Fw(tt)e Fu(if)h(and)h(only)f(if)f(wlp\()p -Fs(S)12 b Fu(,)32 b Fr(false)p Fu(\))i Fs(s)41 b Fu(=)32 -b Fw(tt)0 720 y Fu(Then)i(also)d Ft(:)q Fs(b)568 735 -y Fc(S)651 720 y Fu(is)h(a)g(form)m(ula)f(of)h Ft(L)p -Fu(.)43 b(W)-8 b(e)33 b(ha)m(v)m(e)244 925 y Ft(B)s Fu([)-17 -b([)q Fs(b)401 940 y Fc(S)452 925 y Fu(])g(])33 b Fs(s)40 -b Fu(=)33 b Fw(tt)e Fu(if)h(and)h(only)f(if)f(the)i(computation)e(of)h -Fs(S)45 b Fu(on)32 b Fs(s)41 b Fu(lo)s(ops)0 1130 y(and)33 -b(hence)244 1335 y Ft(B)s Fu([)-17 b([)q Ft(:)p Fs(b)467 -1350 y Fc(S)518 1335 y Fu(])g(])33 b Fs(s)41 b Fu(=)32 -b Fw(tt)g Fu(if)f(and)i(only)f(if)f(the)i(computation)e(of)i -Fs(S)44 b Fu(on)32 b Fs(s)41 b Fu(terminates)0 1540 y(W)-8 -b(e)32 b(no)m(w)h(ha)m(v)m(e)h(a)d(con)m(tradiction:)42 -b(the)33 b(assumptions)f(ab)s(out)f Fs(S)44 b Fu(ensure)34 -b(that)d Ft(B)t Fu([)-17 b([)q Ft(:)p Fs(b)3143 1555 -y Fc(S)3194 1540 y Fu(])g(])32 b(m)m(ust)0 1660 y(b)s(e)48 -b(an)g(undecidable)g(function;)56 b(on)48 b(the)g(other)h(hand)f(T)-8 -b(able)48 b(1.2)g(suggests)h(an)f(ob)m(vious)0 1780 y(algorithm)27 -b(for)i(ev)-5 b(aluating)29 b Ft(B)s Fu([)-17 b([)q Ft(:)p -Fs(b)1278 1795 y Fc(S)1329 1780 y Fu(])g(].)43 b(Hence)31 -b(our)f(assumption)g(ab)s(out)f(the)i(existence)g(of)f -Fs(b)3422 1795 y Fc(S)0 1901 y Fu(m)m(ust)j(b)s(e)f(mistak)m(en.)44 -b(Consequen)m(tly)35 b(w)m(e)e(cannot)g(mimic)d(the)j(pro)s(of)e(of)h -(Lemma)g(6.23.)146 2021 y(The)g(ob)m(vious)f(remedy)g(is)g(to)f(extend) -i Ft(L)f Fu(to)f(b)s(e)h(a)g(m)m(uc)m(h)g(more)f(p)s(o)m(w)m(erful)h -(language)f(that)0 2142 y(allo)m(ws)h(quan)m(ti\014cation)f(as)i(w)m -(ell.)43 b(A)31 b(cen)m(tral)h(concept)h(is)e(that)g -Ft(L)g Fu(m)m(ust)h(b)s(e)g Fs(expr)-5 b(essive)38 b -Fu(with)0 2262 y(resp)s(ect)28 b(to)e Fw(While)e Fu(and)j(its)f(seman)m -(tics,)i(and)e(one)h(then)g(sho)m(ws)h(that)e(T)-8 b(able)26 -b(6.1)g(is)g Fs(r)-5 b(elatively)0 2383 y(c)g(omplete)40 -b Fu(\(in)32 b(the)h(sense)i(of)e(Co)s(ok\).)45 b(It)33 -b(is)g(b)s(ey)m(ond)h(the)g(scop)s(e)g(of)e(this)h(b)s(o)s(ok)g(to)g -(go)f(deep)s(er)0 2503 y(in)m(to)g(these)i(matters)e(but)h(w)m(e)g(pro) -m(vide)g(references)i(in)d(Chapter)h(7.)0 2838 y Fj(6.4)161 -b(Extensions)52 b(of)i(the)f(axiomatic)i(system)0 3057 -y Fu(In)40 b(this)g(section)g(w)m(e)h(shall)d(consider)i(t)m(w)m(o)h -(extensions)g(of)e(the)h(inference)h(system)g(for)e(par-)0 -3178 y(tial)i(correctness)j(assertions.)75 b(The)43 b(\014rst)h -(extension)f(sho)m(ws)i(ho)m(w)e(the)g(approac)m(h)g(can)g(b)s(e)0 -3298 y(mo)s(di\014ed)29 b(to)h(pro)m(v)m(e)i Fs(total)h(c)-5 -b(orr)g(e)g(ctness)33 b(assertions)k Fu(thereb)m(y)c(allo)m(wing)28 -b(us)j(to)f(reason)h(ab)s(out)0 3418 y(termination)39 -b(prop)s(erties.)68 b(In)42 b(the)f(second)i(extension)f(w)m(e)g -(consider)f(ho)m(w)h(to)e(extend)j(the)0 3539 y(inference)31 -b(systems)h(to)e(more)g(language)f(constructs,)k(in)c(particular)g -(recursiv)m(e)j(pro)s(cedures.)0 3950 y Fp(T)-11 b(otal)45 -b(correctness)h(assertions)0 4135 y Fu(W)-8 b(e)33 b(shall)e(no)m(w)i -(consider)g(form)m(ulae)e(of)h(the)h(form)244 4340 y -Ft(f)f Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b(+)g Fs(Q)42 -b Ft(g)0 4545 y Fu(The)34 b(idea)d(is)i(that)244 4750 -y Fs(if)53 b Fu(the)33 b(precondition)f Fs(P)43 b Fu(is)32 -b(ful\014lled)244 4917 y Fs(then)40 b(S)k Fu(is)32 b(guaran)m(teed)h -(to)g(terminate)e(\(as)i(recorded)g(b)m(y)h(the)f(sym)m(b)s(ol)f -Ft(+)p Fu(\))244 5085 y Fs(and)42 b Fu(the)33 b(\014nal)f(state)h(will) -d(satisfy)j(the)g(p)s(ostcondition)e Fs(Q)9 b Fu(.)0 -5290 y(This)33 b(is)f(formalized)e(b)m(y)k(de\014ning)e(v)-5 -b(alidit)m(y)31 b(of)h Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)45 -b Ft(f)32 b(+)g Fs(Q)42 b Ft(g)32 b Fu(b)m(y)244 5494 -y Ft(j)-17 b Fu(=)331 5509 y Fn(t)395 5494 y Ft(f)32 -b Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b(+)h Fs(Q)41 -b Ft(g)p eop -%%Page: 192 202 -192 201 bop 251 130 a Fw(192)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283 -419 V 283 2471 4 2053 v 715 528 a Fu([ass)867 543 y Fn(t)900 -528 y Fu(])201 b Ft(f)33 b Fs(P)10 b Fu([)p Fs(x)i Ft(7!A)o -Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q(])32 b Ft(g)h -Fs(x)44 b Fu(:=)32 b Fs(a)40 b Ft(f)32 b(+)h Fs(P)43 -b Ft(g)715 696 y Fu([skip)913 711 y Fn(t)945 696 y Fu(])156 -b Ft(f)33 b Fs(P)43 b Ft(g)32 b Fr(skip)i Ft(f)e(+)g -Fs(P)43 b Ft(g)715 988 y Fu([comp)970 1003 y Fn(t)1002 -988 y Fu(])1138 901 y Ft(f)33 b Fs(P)43 b Ft(g)32 b Fs(S)1479 -916 y Fn(1)1551 901 y Ft(f)g(+)g Fs(Q)42 b Ft(g)p Fu(,)98 -b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fs(S)2366 916 y Fn(2)2438 -901 y Ft(f)g(+)g Fs(R)37 b Ft(g)p 1138 964 1633 4 v 1499 -1069 a(f)32 b Fs(P)43 b Ft(g)32 b Fs(S)1839 1084 y Fn(1)1879 -1069 y Fu(;)g Fs(S)2005 1084 y Fn(2)2077 1069 y Ft(f)g(+)h -Fs(R)j Ft(g)715 1327 y Fu([if)800 1342 y Fn(t)831 1327 -y Fu(])1138 1240 y Ft(f)d(B)s Fu([)-17 b([)q Fs(b)6 b -Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)1805 -1255 y Fn(1)1877 1240 y Ft(f)g(+)g Fs(Q)42 b Ft(g)p Fu(,)130 -b Ft(f)32 b(:)q(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)3109 1255 y -Fn(2)3181 1240 y Ft(f)g(+)h Fs(Q)41 b Ft(g)p 1138 1303 -2385 4 v 1537 1408 a(f)33 b Fs(P)42 b Ft(g)33 b Fr(if)g -Fs(b)38 b Fr(then)c Fs(S)2334 1423 y Fn(1)2406 1408 y -Fr(else)f Fs(S)2710 1423 y Fn(2)2782 1408 y Ft(f)f(+)h -Fs(Q)41 b Ft(g)715 1666 y Fu([while)965 1681 y Fn(t)996 -1666 y Fu(])1412 1579 y Ft(f)32 b Fs(P)10 b Fu(\()p Fw(z)p -Fu(+)p Fw(1)p Fu(\))32 b Ft(g)h Fs(S)44 b Ft(f)32 b(+)h -Fs(P)10 b Fu(\()p Fw(z)p Fu(\))32 b Ft(g)p 1138 1642 -1605 4 v 1138 1747 a(f)h(9)p Fw(z)p Fu(.)p Fs(P)10 b -Fu(\()p Fw(z)p Fu(\))33 b Ft(g)f Fr(while)i Fs(b)k Fr(do)33 -b Fs(S)45 b Ft(f)32 b(+)g Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33 -b Ft(g)1128 1880 y Fu(where)h Fs(P)10 b Fu(\()p Fw(z)p -Fu(+)p Fw(1)p Fu(\))33 b Ft(\))f(B)s Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(],)33 b Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33 -b Ft(\))f(:B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])1128 -2048 y(and)33 b Fw(z)f Fu(ranges)h(o)m(v)m(er)h(natural)d(n)m(um)m(b)s -(ers)j(\(that)e(is)g Fw(z)p Ft(\025)q Fw(0)p Fu(\))715 -2340 y([cons)926 2355 y Fn(t)959 2340 y Fu(])1171 2253 -y Ft(f)g Fs(P)1329 2217 y Fi(0)1385 2253 y Ft(g)h Fs(S)44 -b Ft(f)32 b(+)h Fs(Q)1827 2217 y Fi(0)1883 2253 y Ft(g)p -1138 2317 795 4 v 1178 2421 a(f)f Fs(P)43 b Ft(g)32 b -Fs(S)45 b Ft(f)32 b(+)h Fs(Q)41 b Ft(g)2040 2340 y Fu(where)34 -b Fs(P)43 b Ft(\))32 b Fs(P)2639 2304 y Fi(0)2695 2340 -y Fu(and)h Fs(Q)2969 2304 y Fi(0)3025 2340 y Ft(\))f -Fs(Q)p 3753 2471 4 2053 v 283 2474 3473 4 v 966 2635 -a Fu(T)-8 b(able)32 b(6.2:)43 b(Axiomatic)31 b(system)i(for)f(total)f -(correctness)283 2900 y(if)h(and)h(only)f(if)527 3074 -y(for)g(all)f(states)i Fs(s)8 b Fu(,)33 b(if)e Fs(P)43 -b(s)e Fu(=)32 b Fw(tt)g Fu(then)h(there)h(exists)f Fs(s)2493 -3038 y Fi(0)2549 3074 y Fu(suc)m(h)h(that)742 3268 y -Fs(Q)42 b(s)907 3232 y Fi(0)963 3268 y Fu(=)32 b Fw(tt)g -Fu(and)g Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 -b(!)f Fs(s)1845 3232 y Fi(0)283 3461 y Fu(The)45 b(inference)f(system)h -(for)e(total)f(correctness)j(assertions)f(is)f(v)m(ery)j(similar)40 -b(to)j(that)g(for)283 3582 y(partial)24 b(correctness)29 -b(assertions,)e(the)g(only)f(di\013erence)g(b)s(eing)g(that)g(the)g -(rule)g(for)g(the)g Fr(while)p Fu(-)283 3702 y(construct)k(has)e(c)m -(hanged.)43 b(The)29 b(complete)f(set)h(of)f(axioms)f(and)h(rules)g(is) -g(giv)m(en)g(in)f(T)-8 b(able)28 b(6.2.)283 3823 y(W)-8 -b(e)33 b(shall)f(write)527 3996 y Ft(`)588 4011 y Fn(t)652 -3996 y Ft(f)h Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b(+)f -Fs(Q)42 b Ft(g)283 4170 y Fu(if)32 b(there)h(exists)g(an)f(inference)h -(tree)g(with)f(the)h(form)m(ula)e Ft(f)h Fs(P)43 b Ft(g)32 -b Fs(S)44 b Ft(f)32 b(+)g Fs(Q)42 b Ft(g)32 b Fu(as)h(ro)s(ot,)e(that)h -(is)283 4291 y(if)g(the)h(form)m(ula)e(is)h(pro)m(v)-5 -b(ably)32 b(in)g(the)h(inference)g(system.)430 4411 y(In)39 -b(the)h(rule)e([while)1184 4426 y Fn(t)1215 4411 y Fu(])h(w)m(e)h(use)g -(a)f(parameterized)f(family)f Fs(P)10 b Fu(\()p Fw(z)p -Fu(\))39 b(of)f(predicates)i(for)e(the)283 4531 y(in)m(v)-5 -b(arian)m(t.)40 b(The)25 b(idea)f(is)f(that)h Fw(z)g -Fu(is)g(the)h(n)m(um)m(b)s(er)f(of)g(unfoldings)f(of)h(the)h -Fr(while)p Fu(-lo)s(op)e(that)h(will)283 4652 y(b)s(e)35 -b(necessary)-8 b(.)51 b(So)34 b(if)f(the)i Fr(while)p -Fu(-lo)s(op)e(do)s(es)i(not)f(ha)m(v)m(e)h(to)f(b)s(e)h(unfolded)f(at)g -(all)e(then)j Fs(P)10 b Fu(\()p Fw(0)p Fu(\))283 4772 -y(holds)32 b(and)g(it)f(m)m(ust)h(imply)e(that)h Fs(b)38 -b Fu(is)32 b(false.)42 b(If)32 b(the)g Fr(while)p Fu(-lo)s(op)g(has)g -(to)f(b)s(e)i(unfolded)e Fw(z)p Fu(+)p Fw(1)283 4893 -y Fu(times)e(then)g Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p -Fu(\))29 b(holds)g(and)g Fs(b)35 b Fu(m)m(ust)29 b(hold)f -Fs(b)-5 b(efor)g(e)36 b Fu(the)29 b(b)s(o)s(dy)h(of)e(the)i(lo)s(op)d -(is)i(executed;)283 5013 y(then)46 b Fs(P)10 b Fu(\()p -Fw(z)p Fu(\))45 b(will)e(hold)h Fs(afterwar)-5 b(ds)53 -b Fu(so)45 b(that)g(w)m(e)h(ha)m(v)m(e)g(decreased)h(the)e(total)f(n)m -(um)m(b)s(er)h(of)283 5133 y(times)33 b(the)h(lo)s(op)e(remains)h(to)g -(b)s(e)h(unfolded.)47 b(The)34 b(precondition)f(of)g(the)h(conclusion)f -(of)g(the)283 5254 y(rule)c(expresses)i(that)e(there)g(exists)h(a)e(b)s -(ound)h(on)g(the)g(n)m(um)m(b)s(er)g(of)f(times)g(the)h(lo)s(op)e(has)i -(to)g(b)s(e)283 5374 y(unfolded)24 b(and)f(the)h(p)s(ostcondition)e -(expresses)k(that)d(when)i(the)e Fr(while)p Fu(-lo)s(op)g(has)h -(terminated)283 5494 y(then)34 b(no)e(more)g(unfoldings)f(are)i -(necessary)-8 b(.)p eop -%%Page: 193 203 -193 202 bop 0 130 a Fw(6.4)112 b(Extensions)37 b(of)h(the)f(axiomatic)f -(system)1315 b(193)p 0 193 3473 4 v 0 515 a(Example)37 -b(6.28)49 b Fu(The)33 b(total)e(correctness)j(of)e(the)h(factorial)d -(statemen)m(t)i(can)h(b)s(e)g(expressed)0 636 y(b)m(y)g(the)g(follo)m -(wing)d(assertion:)244 832 y Ft(f)i Fr(x)h Fo(>)f Fr(0)h -Ft(^)g Fr(x)g Fu(=)f Fr(n)h Ft(g)244 1000 y Fr(y)g Fu(:=)f -Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p -Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p -Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g Fr(x)p Ft(\000)p -Fr(1)p Fu(\))244 1168 y Ft(f)f(+)h Fr(y)f Fu(=)h Fr(n)p -Fu(!)43 b Ft(g)0 1364 y Fu(where)34 b Fr(y)f Fu(=)f Fr(n)p -Fu(!)44 b(is)32 b(an)g(abbreviation)g(for)g(the)h(predicate)244 -1561 y Fs(P)43 b Fu(where)34 b Fs(P)42 b(s)f Fu(=)32 -b(\()p Fs(s)41 b Fr(y)33 b Fu(=)f(\()p Fs(s)41 b Fr(n)p -Fu(\)!\))0 1757 y(In)i(addition)f(to)g(expressing)j(that)d(the)i -(\014nal)e(v)-5 b(alue)43 b(of)f Fr(y)i Fu(is)e(the)i(factorial)c(of)j -(the)g(initial)0 1878 y(v)-5 b(alue)31 b(of)g Fr(x)h -Fu(the)g(assertion)f(also)g(expresses)k(that)c(the)h(program)e(do)s(es) -i(indeed)g(terminate)e(on)0 1998 y(all)35 b(states)j(satisfying)e(the)h -(precondition.)56 b(The)37 b(inference)h(of)e(this)h(assertion)g(pro)s -(ceeds)h(in)0 2119 y(a)c(n)m(um)m(b)s(er)h(of)f(stages.)49 -b(First)33 b(w)m(e)j(de\014ne)f(the)g(predicate)f Fs(INV)19 -b Fu(\()p Fw(z)p Fu(\))34 b(that)g(is)g(going)f(to)g(b)s(e)i(the)0 -2239 y(in)m(v)-5 b(arian)m(t)31 b(of)h(the)h Fr(while)p -Fu(-lo)s(op)244 2436 y Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 -b Fs(s)40 b Fu(=)33 b(\()p Fs(s)40 b Fr(x)33 b Fo(>)f -Fw(0)h Fu(and)g(\()p Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f -Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)i(=)33 b(\()p Fs(s)40 -b Fr(n)p Fu(\)!)k(and)33 b Fs(s)40 b Fr(x)33 b Fu(=)f -Fw(z)h Fu(+)f Fw(1)p Fu(\))0 2632 y(W)-8 b(e)33 b(shall)e(\014rst)i -(consider)g(the)g(b)s(o)s(dy)g(of)f(the)h(lo)s(op.)42 -b(Using)32 b([ass)2349 2647 y Fn(t)2381 2632 y Fu(])h(w)m(e)h(get)244 -2829 y Ft(`)305 2844 y Fn(t)369 2829 y Ft(f)e Fs(INV)19 -b Fu(\()p Fw(z)p Fu(\)[)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p -Fr(1)p Fu(])33 b Ft(g)f Fr(x)h Fu(:=)g Fr(x)p Ft(\000)p -Fr(1)g Ft(f)g(+)f Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 -b Ft(g)0 3025 y Fu(Similarly)-8 b(,)29 b(w)m(e)k(get)244 -3222 y Ft(`)305 3237 y Fn(t)369 3222 y Ft(f)f Fu(\()p -Fs(INV)19 b Fu(\()p Fw(z)p Fu(\)[)p Fr(x)p Ft(7!)o Fr(x)p -Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p Ft(7!)q Fr(y)p Fo(?)q -Fr(x)p Fu(])32 b Ft(g)h Fr(y)g Fu(:=)f Fr(y)h Fo(?)f -Fr(x)h Ft(f)f(+)h Fs(INV)18 b Fu(\()p Fw(z)p Fu(\)[)p -Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(])34 b Ft(g)0 -3419 y Fu(W)-8 b(e)33 b(can)g(no)m(w)g(apply)f(the)h(rule)f([comp)1436 -3434 y Fn(t)1468 3419 y Fu(])g(to)h(the)g(t)m(w)m(o)g(assertions)g(ab)s -(o)m(v)m(e)g(and)g(get)244 3615 y Ft(`)305 3630 y Fn(t)369 -3615 y Ft(f)f Fu(\()p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\)[)p -Fr(x)p Ft(7!)o Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p -Ft(7!)q Fr(y)p Fo(?)q Fr(x)p Fu(])32 b Ft(g)h Fr(y)g -Fu(:=)f Fr(y)h Fo(?)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p -Ft(\000)p Fr(1)i Ft(f)e(+)g Fs(INV)19 b Fu(\()p Fw(z)p -Fu(\))32 b Ft(g)0 3812 y Fu(It)h(is)f(easy)h(to)g(v)m(erify)g(that)244 -4009 y Fs(INV)19 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 -b Ft(\))g Fu(\()p Fs(INV)18 b Fu(\()p Fw(z)p Fu(\)[)p -Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p -Ft(7!)q Fr(y)p Fo(?)p Fr(x)p Fu(])0 4205 y(so)33 b(using)f(the)h(rule)f -([cons)949 4220 y Fn(t)982 4205 y Fu(])g(w)m(e)i(get)244 -4402 y Ft(`)305 4417 y Fn(t)369 4402 y Ft(f)e Fs(INV)19 -b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Ft(g)g Fr(y)h -Fu(:=)g Fr(y)f Fo(?)h Fr(x)p Fu(;)g Fr(x)f Fu(:=)h Fr(x)p -Ft(\000)p Fr(1)g Ft(f)g(+)f Fs(INV)19 b Fu(\()p Fw(z)p -Fu(\))32 b Ft(g)0 4598 y Fu(It)h(is)f(straigh)m(tforw)m(ard)g(to)g(v)m -(erify)h(that)244 4795 y Fs(INV)19 b Fu(\()p Fw(0)p Fu(\))32 -b Ft(\))g(:)q Fu(\()p Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p -Fu(\)\),)h(and)244 4963 y Fs(INV)19 b Fu(\()p Fw(z)p -Fu(+)p Fw(1)p Fu(\))32 b Ft(\))g(:)p Fu(\()p Fr(x)p Fu(=)p -Fr(1)p Fu(\))0 5159 y(Therefore)i(w)m(e)f(can)g(use)h(the)f(rule)f -([while)1546 5174 y Fn(t)1577 5159 y Fu(])g(and)h(get)269 -5327 y Ft(`)330 5342 y Fn(t)394 5327 y Ft(f)f(9)p Fw(z)p -Fu(.)p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(g)g Fr(while)i -Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p -Fr(y)f Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f -Fr(x)p Ft(\000)p Fr(1)p Fu(\))h Ft(f)g(+)f Fs(INV)19 -b Fu(\()p Fw(0)p Fu(\))32 b Ft(g)0 5494 y Fu(W)-8 b(e)33 -b(shall)e(no)m(w)i(apply)g(the)g(axiom)e([ass)1478 5509 -y Fn(t)1510 5494 y Fu(])i(to)f(the)h(statemen)m(t)g Fr(y)g -Fu(:=)f Fr(1)h Fu(and)g(get)p eop -%%Page: 194 204 -194 203 bop 251 130 a Fw(194)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527 -515 a Ft(`)588 530 y Fn(t)652 515 y Ft(f)33 b Fu(\()p -Ft(9)p Fw(z)p Fu(.)p Fs(INV)18 b Fu(\()p Fw(z)p Fu(\)\)[)p -Fr(y)p Ft(7!)p Fr(1)p Fu(])33 b Ft(g)f Fr(y)h Fu(:=)g -Fr(1)f Ft(f)h(+)f(9)p Fw(z)p Fu(.)p Fs(INV)19 b Fu(\()p -Fw(z)p Fu(\))32 b Ft(g)283 679 y Fu(so)h(using)f([comp)913 -694 y Fn(t)945 679 y Fu(])g(w)m(e)i(get)527 843 y Ft(`)588 -858 y Fn(t)652 843 y Ft(f)f Fu(\()p Ft(9)p Fw(z)p Fu(.)p -Fs(INV)18 b Fu(\()p Fw(z)p Fu(\)\)[)p Fr(y)p Ft(7!)p -Fr(1)p Fu(])33 b Ft(g)652 1011 y Fr(y)g Fu(:=)g Fr(1)p -Fu(;)f Fr(while)i Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p -Fu(\))f Fr(do)g Fu(\()p Fr(y)f Fu(:=)h Fr(y)p Fo(?)p -Fr(x)p Fu(;)g Fr(x)f Fu(:=)h Fr(x)p Ft(\000)p Fr(1)p -Fu(\))652 1178 y Ft(f)g(+)f Fs(INV)19 b Fu(\()p Fw(0)p -Fu(\))32 b Ft(g)283 1342 y Fu(Clearly)g(w)m(e)i(ha)m(v)m(e)527 -1506 y Fr(x)f Fo(>)g Fr(0)f Ft(^)h Fr(x)g Fu(=)f Fr(n)h -Ft(\))f Fu(\()p Ft(9)q Fw(z)p Fu(.)p Fs(INV)18 b Fu(\()p -Fw(z)p Fu(\)\)[)p Fr(y)p Ft(7!)p Fw(1)p Fu(],)33 b(and)527 -1674 y Fs(INV)19 b Fu(\()p Fw(0)p Fu(\))32 b Ft(\))h -Fr(y)f Fu(=)h Fr(n)p Fu(!)283 1838 y(so)g(applying)f(rule)g([cons)1208 -1853 y Fn(t)1240 1838 y Fu(])h(w)m(e)g(get)527 2002 y -Ft(`)588 2017 y Fn(t)652 2002 y Ft(f)g Fr(x)f Fo(>)h -Fr(0)g Ft(^)g Fr(x)f Fu(=)h Fr(n)g Ft(g)652 2169 y Fr(y)g -Fu(:=)g(1;)f Fr(while)i Ft(:)p Fu(\()p Fr(x)p Fu(=)p -Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p -Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p -Fr(1)p Fu(\))652 2337 y Ft(f)h(+)f Fr(y)h Fu(=)f Fr(n)p -Fu(!)44 b Ft(g)283 2501 y Fu(as)33 b(required.)2902 b -Fh(2)283 2676 y Fw(Exercise)37 b(6.29)49 b Fu(Suggest)38 -b(a)f(total)f(correctness)k(inference)e(rule)f(for)g -Fr(repeat)i Fs(S)49 b Fr(until)39 b Fs(b)6 b Fu(.)283 -2797 y(Y)-8 b(ou)31 b(are)g(not)g(allo)m(w)m(ed)f(to)h(rely)g(on)f(the) -i(existence)g(of)f(a)f Fr(while)p Fu(-construct)j(in)d(the)i(program-) -283 2917 y(ming)f(language.)2752 b Fh(2)p 283 3093 3473 -5 v 283 3227 a Fw(Lemma)38 b(6.30)49 b Fu(The)28 b(total)f(correctness) -i(system)g(of)e(T)-8 b(able)28 b(6.2)f(is)g(sound,)j(that)e(is)f(for)g -(ev)m(ery)283 3348 y(total)32 b(correctness)i(form)m(ula)d -Ft(f)h Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b(+)g Fs(Q)42 -b Ft(g)32 b Fu(w)m(e)i(ha)m(v)m(e)552 3516 y Ft(`)613 -3531 y Fn(t)677 3516 y Ft(f)f Fs(P)42 b Ft(g)33 b Fs(S)44 -b Ft(f)32 b(+)h Fs(Q)41 b Ft(g)33 b Fu(implies)d Ft(j)-17 -b Fu(=)1843 3531 y Fn(t)1907 3516 y Ft(f)32 b Fs(P)43 -b Ft(g)33 b Fs(S)44 b Ft(f)32 b(+)h Fs(Q)41 b Ft(g)p -283 3636 V 283 3800 a Fw(Pro)s(of:)35 b Fu(The)c(pro)s(of)f(pro)s -(ceeds)h(b)m(y)h(induction)d(on)h(the)h(shap)s(e)g(of)f(the)g -(inference)h(tree)g(just)g(as)283 3920 y(in)h(the)h(pro)s(of)f(of)g -(Lemma)f(6.17.)283 4088 y Fw(The)j(case)g Fu([ass)893 -4103 y Fn(t)925 4088 y Fu(]:)45 b(W)-8 b(e)34 b(shall)d(pro)m(v)m(e)k -(that)e(the)g(axiom)f(is)h(v)-5 b(alid,)31 b(so)j(assume)f(that)g -Fs(s)42 b Fu(is)32 b(suc)m(h)283 4208 y(that)h(\()p Fs(P)10 -b Fu([)p Fs(x)i Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 -b(])q(]\))32 b Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)h(let)e -Fs(s)1789 4172 y Fi(0)1845 4208 y Fu(=)i Fs(s)8 b Fu([)p -Fs(x)k Ft(7!)o(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q -Fs(s)8 b Fu(].)44 b(Then)34 b([ass)2950 4223 y Fn(ns)3022 -4208 y Fu(])e(giv)m(es)527 4372 y Ft(h)p Fs(x)44 b Fu(:=)33 -b Fs(a)7 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1207 -4336 y Fi(0)283 4536 y Fu(and)h(from)e(\()p Fs(P)10 b -Fu([)p Fs(x)i Ft(7!A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 -b(])q(]\))33 b Fs(s)40 b Fu(=)33 b Fw(tt)f Fu(w)m(e)h(get)g -Fs(P)43 b(s)2083 4500 y Fi(0)2138 4536 y Fu(=)33 b Fw(tt)f -Fu(as)g(w)m(as)i(to)e(b)s(e)h(sho)m(wn.)283 4704 y Fw(The)g(case)g -Fu([skip)937 4719 y Fn(t)969 4704 y Fu(]:)44 b(This)33 -b(case)g(is)f(immediate.)283 4871 y Fw(The)h(case)g Fu([comp)994 -4886 y Fn(t)1026 4871 y Fu(]:)43 b(W)-8 b(e)33 b(assume)g(that)552 -5039 y Ft(j)-17 b Fu(=)639 5054 y Fn(t)703 5039 y Ft(f)33 -b Fs(P)42 b Ft(g)33 b Fs(S)1044 5054 y Fn(1)1116 5039 -y Ft(f)f(+)g Fs(Q)42 b Ft(g)p Fu(,)32 b(and)1957 b(\(*\))552 -5206 y Ft(j)-17 b Fu(=)639 5221 y Fn(t)703 5206 y Ft(f)33 -b Fs(Q)41 b Ft(g)33 b Fs(S)1052 5221 y Fn(2)1123 5206 -y Ft(f)g(+)f Fs(R)37 b Ft(g)2125 b Fu(\(**\))283 5374 -y(and)26 b(w)m(e)h(ha)m(v)m(e)g(to)e(pro)m(v)m(e)i(that)f -Ft(j)-17 b Fu(=)1480 5389 y Fn(t)1538 5374 y Ft(f)25 -b Fs(P)36 b Ft(g)25 b Fs(S)1857 5389 y Fn(1)1897 5374 -y Fu(;)j Fs(S)2019 5389 y Fn(2)2084 5374 y Ft(f)d(+)g -Fs(R)30 b Ft(g)p Fu(.)41 b(So)26 b(let)f Fs(s)33 b Fu(b)s(e)26 -b(suc)m(h)h(that)f Fs(P)43 b(s)d Fu(=)33 b Fw(tt)o Fu(.)283 -5494 y(F)-8 b(rom)32 b(\(*\))g(w)m(e)h(get)g(that)f(there)i(exists)f(a) -f(state)h Fs(s)2101 5458 y Fi(0)2157 5494 y Fu(suc)m(h)h(that)e -Fs(Q)42 b(s)2753 5458 y Fi(0)2809 5494 y Fu(=)32 b Fw(tt)g -Fu(and)p eop -%%Page: 195 205 -195 204 bop 0 130 a Fw(6.4)112 b(Extensions)37 b(of)h(the)f(axiomatic)f -(system)1315 b(195)p 0 193 3473 4 v 244 515 a Ft(h)p -Fs(S)350 530 y Fn(1)389 515 y Fu(,)33 b Fs(s)8 b Ft(i)32 -b(!)g Fs(s)748 479 y Fi(0)0 719 y Fu(Since)g Fs(Q)42 -b(s)419 683 y Fi(0)475 719 y Fu(=)32 b Fw(tt)f Fu(w)m(e)j(get)e(from)f -(\(**\))h(that)g(there)h(exists)g(a)f(state)h Fs(s)2541 -683 y Fi(00)2616 719 y Fu(suc)m(h)h(that)e Fs(R)k(s)3202 -683 y Fi(00)3277 719 y Fu(=)c Fw(tt)0 839 y Fu(and)244 -1042 y Ft(h)p Fs(S)350 1057 y Fn(2)389 1042 y Fu(,)h -Fs(s)497 1006 y Fi(0)520 1042 y Ft(i)f(!)g Fs(s)771 1006 -y Fi(00)0 1246 y Fu(Using)g([comp)529 1261 y Fn(ns)600 -1246 y Fu(])h(w)m(e)g(therefore)g(get)244 1449 y Ft(h)p -Fs(S)350 1464 y Fn(1)389 1449 y Fu(;)g Fs(S)516 1464 -y Fn(2)555 1449 y Fu(,)f Fs(s)8 b Ft(i)33 b(!)f Fs(s)914 -1413 y Fi(00)0 1653 y Fu(and)h(since)g Fs(R)j(s)584 1616 -y Fi(00)659 1653 y Fu(=)d Fw(tt)e Fu(w)m(e)j(ha)m(v)m(e)g(\014nished)f -(this)f(case.)0 1820 y Fw(The)h(case)g Fu([if)541 1835 -y Fn(t)572 1820 y Fu(]:)43 b(Assume)34 b(that)269 1988 -y Ft(j)-17 b Fu(=)356 2003 y Fn(t)420 1988 y Ft(f)32 -b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g -Fs(P)43 b Ft(g)32 b Fs(S)1086 2003 y Fn(1)1158 1988 y -Ft(f)g(+)h Fs(Q)42 b Ft(g)p Fu(,)32 b(and)1631 b(\(*\))269 -2155 y Ft(j)-17 b Fu(=)356 2170 y Fn(t)420 2155 y Ft(f)32 -b(:)q(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g -Fs(P)42 b Ft(g)33 b Fs(S)1153 2170 y Fn(2)1225 2155 y -Ft(f)f(+)g Fs(Q)42 b Ft(g)0 2323 y Fu(T)-8 b(o)38 b(pro)m(v)m(e)h -Ft(j)-17 b Fu(=)504 2338 y Fn(t)574 2323 y Ft(f)38 b -Fs(P)48 b Ft(g)38 b Fr(if)h Fs(b)44 b Fr(then)39 b Fs(S)1404 -2338 y Fn(1)1481 2323 y Fr(else)g Fs(S)1791 2338 y Fn(2)1868 -2323 y Ft(f)f(+)g Fs(Q)47 b Ft(g)38 b Fu(consider)h(a)e(state)i -Fs(s)46 b Fu(suc)m(h)40 b(that)0 2443 y Fs(P)j(s)d Fu(=)33 -b Fw(tt)o Fu(.)43 b(W)-8 b(e)31 b(ha)m(v)m(e)h(t)m(w)m(o)g(cases.)44 -b(If)31 b Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p -Fs(s)39 b Fu(=)31 b Fw(tt)e Fu(then)j(\()p Ft(B)s Fu([)-17 -b([)q Fs(b)6 b Fu(])-17 b(])31 b Ft(^)g Fs(P)10 b Fu(\))31 -b Fs(s)39 b Fu(=)31 b Fw(tt)e Fu(and)i(from)f(\(*\))0 -2564 y(w)m(e)k(get)e(that)h(there)g(is)f(a)g(state)h -Fs(s)1233 2528 y Fi(0)1289 2564 y Fu(suc)m(h)h(that)f -Fs(Q)41 b(s)1885 2528 y Fi(0)1941 2564 y Fu(=)32 b Fw(tt)g -Fu(and)244 2767 y Ft(h)p Fs(S)350 2782 y Fn(1)389 2767 -y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 2731 y Fi(0)0 -2971 y Fu(F)-8 b(rom)31 b([if)341 2986 y Fn(ns)411 2971 -y Fu(])i(w)m(e)g(then)h(get)244 3174 y Ft(h)p Fr(if)f -Fs(b)38 b Fr(then)c Fs(S)806 3189 y Fn(1)877 3174 y Fr(else)g -Fs(S)1182 3189 y Fn(2)1221 3174 y Fu(,)f Fs(s)8 b Ft(i)32 -b(!)g Fs(s)1580 3138 y Fi(0)0 3377 y Fu(as)40 b(w)m(as)h(to)f(b)s(e)g -(pro)m(v)m(ed.)67 b(If)40 b Ft(B)s Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(])p Fs(s)48 b Fu(=)40 b Fw(\013)h Fu(the)f(result)g(follo) -m(ws)e(in)i(a)f(similar)e(w)m(a)m(y)k(from)e(the)0 3498 -y(second)34 b(assumption.)0 3665 y Fw(The)f(case)g Fu([while)706 -3680 y Fn(t)737 3665 y Fu(]:)43 b(Assume)34 b(that)269 -3833 y Ft(j)-17 b Fu(=)356 3848 y Fn(t)420 3833 y Ft(f)32 -b Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))33 b Ft(g)f -Fs(S)44 b Ft(f)33 b(+)f Fs(P)10 b Fu(\()p Fw(z)p Fu(\))33 -b Ft(g)p Fu(,)1810 b(\(*\))269 4001 y Fs(P)10 b Fu(\()p -Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Ft(\))g(B)t Fu([)-17 -b([)p Fs(b)6 b Fu(])-17 b(])q(,)33 b(and)269 4168 y Fs(P)10 -b Fu(\()p Fw(0)p Fu(\))33 b Ft(\))f(:B)t Fu([)-17 b([)p -Fs(b)6 b Fu(])-17 b(])0 4336 y(T)-8 b(o)31 b(pro)m(v)m(e)h -Ft(j)-17 b Fu(=)490 4351 y Fn(t)552 4336 y Ft(f)30 b(9)q -Fw(z)p Fu(.)p Fs(P)10 b Fu(\()p Fw(z)p Fu(\))30 b Ft(g)h -Fr(while)h Fs(b)k Fr(do)c Fs(S)42 b Ft(f)30 b(+)h Fs(P)10 -b Fu(\()p Fw(0)p Fu(\))31 b Ft(g)f Fu(it)g(is)g(su\016cien)m(t)i(to)e -(pro)m(v)m(e)i(that)f(for)0 4456 y(all)f(natural)i(n)m(um)m(b)s(ers)h -Fw(z)319 4596 y Fu(if)e Fs(P)10 b Fu(\()p Fw(z)p Fu(\))33 -b Fs(s)40 b Fu(=)33 b Fw(tt)e Fu(then)i(there)h(exists)f(a)f(state)h -Fs(s)2060 4560 y Fi(0)2116 4596 y Fu(suc)m(h)h(that)319 -4764 y Fs(P)10 b Fu(\()p Fw(0)p Fu(\))32 b Fs(s)607 4727 -y Fi(0)663 4764 y Fu(=)h Fw(tt)e Fu(and)i Ft(h)p Fr(while)h -Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 -b(!)g Fs(s)2053 4727 y Fi(0)3299 4681 y Fu(\(**\))0 4930 -y(So)46 b(consider)g(a)f(state)h Fs(s)54 b Fu(suc)m(h)47 -b(that)f Fs(P)10 b Fu(\()p Fw(z)p Fu(\))46 b Fs(s)53 -b Fu(=)46 b Fw(tt)p Fu(.)82 b(The)47 b(pro)s(of)e(is)g(no)m(w)h(b)m(y)h -(n)m(umerical)0 5050 y(induction)32 b(on)g Fw(z)p Fu(.)146 -5171 y(First)i(assume)i(that)f Fw(z)f Fu(=)h Fw(0)p Fu(.)51 -b(The)36 b(assumption)e Fs(P)10 b Fu(\()p Fw(0)p Fu(\))35 -b Ft(\))g(:B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])36 -b(giv)m(es)f(that)g Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(])q Fs(s)43 b Fu(=)0 5291 y Fw(\013)33 b Fu(and)g(from)e([while)768 -5255 y Fn(\013)768 5316 y(ns)838 5291 y Fu(])i(w)m(e)h(get)244 -5494 y Ft(h)p Fr(while)f Fs(b)39 b Fr(do)33 b Fs(S)12 -b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)p eop -%%Page: 196 206 -196 205 bop 251 130 a Fw(196)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283 -515 a Fu(Since)33 b Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33 -b Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(this)g(pro)m(v)m(es)i(the)f(base)h -(case.)430 636 y(F)-8 b(or)27 b(the)i(induction)e(step)j(assume)f(that) -f(\(**\))g(holds)g(for)f(all)g(states)i(satisfying)e -Fs(P)10 b Fu(\()p Fw(z)p Fu(\))29 b(and)283 756 y(that)k -Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Fs(s)41 -b Fu(=)32 b Fw(tt)o Fu(.)44 b(F)-8 b(rom)31 b(\(*\))h(w)m(e)i(get)e -(that)h(there)g(is)f(a)g(state)h Fs(s)2854 720 y Fi(0)2910 -756 y Fu(suc)m(h)h(that)f Fs(P)10 b Fu(\()p Fw(z)p Fu(\))32 -b Fs(s)3624 720 y Fi(0)3680 756 y Fu(=)283 877 y Fw(tt)g -Fu(and)527 1081 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b -Ft(i)32 b(!)g Fs(s)992 1045 y Fi(0)283 1285 y Fu(The)g(n)m(umerical)d -(induction)h(h)m(yp)s(othesis)h(applied)f(to)g Fs(s)2342 -1249 y Fi(0)2396 1285 y Fu(giv)m(es)h(that)f(there)i(is)e(some)g(state) -h Fs(s)3713 1249 y Fi(00)283 1406 y Fu(suc)m(h)j(that)f -Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33 b Fs(s)1004 1370 y -Fi(00)1079 1406 y Fu(=)f Fw(tt)g Fu(and)527 1610 y Ft(h)p -Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)1248 -1574 y Fi(0)1271 1610 y Ft(i)g(!)f Fs(s)1523 1574 y Fi(00)283 -1815 y Fu(F)-8 b(urthermore,)30 b(the)g(assumption)f -Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))30 b Ft(\))f(B)s -Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])30 b(giv)m(es)g -Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)37 -b Fu(=)30 b Fw(tt)p Fu(.)41 b(W)-8 b(e)30 b(can)g(therefore)283 -1935 y(apply)j([while)802 1899 y Fn(tt)802 1960 y(ns)872 -1935 y Fu(])g(and)g(get)f(that)527 2139 y Ft(h)p Fr(while)i -Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 -b(!)g Fs(s)1499 2103 y Fi(00)283 2344 y Fu(Since)h Fs(P)10 -b Fu(\()p Fw(0)p Fu(\))33 b Fs(s)827 2308 y Fi(00)902 -2344 y Fu(=)f Fw(tt)g Fu(this)g(completes)h(the)g(pro)s(of)e(of)h -(\(**\).)283 2511 y Fw(The)h(case)g Fu([cons)950 2526 -y Fn(t)983 2511 y Fu(]:)44 b(Supp)s(ose)33 b(that)527 -2716 y Ft(j)-17 b Fu(=)614 2731 y Fn(t)678 2716 y Ft(f)33 -b Fs(P)837 2680 y Fi(0)893 2716 y Ft(g)f Fs(S)45 b Ft(f)32 -b(+)g Fs(Q)1334 2680 y Fi(0)1390 2716 y Ft(g)p Fu(,)527 -2883 y Fs(P)43 b Ft(\))32 b Fs(P)844 2847 y Fi(0)868 -2883 y Fu(,)h(and)527 3051 y Fs(Q)611 3015 y Fi(0)667 -3051 y Ft(\))f Fs(Q)283 3255 y Fu(T)-8 b(o)31 b(pro)m(v)m(e)h -Ft(j)-17 b Fu(=)773 3270 y Fn(t)835 3255 y Ft(f)31 b -Fs(P)41 b Ft(g)30 b Fs(S)43 b Ft(f)30 b(+)h Fs(Q)40 b -Ft(g)30 b Fu(consider)h(a)f(state)i Fs(s)38 b Fu(suc)m(h)32 -b(that)f Fs(P)41 b(s)e Fu(=)30 b Fw(tt)p Fu(.)42 b(Then)32 -b Fs(P)3547 3219 y Fi(0)3601 3255 y Fs(s)39 b Fu(=)283 -3376 y Fw(tt)32 b Fu(and)h(there)g(is)f(a)h(state)g Fs(s)1309 -3340 y Fi(0)1364 3376 y Fu(suc)m(h)h(that)f Fs(Q)1880 -3340 y Fi(0)1936 3376 y Fs(s)1984 3340 y Fi(0)2040 3376 -y Fu(=)f Fw(tt)g Fu(and)527 3580 y Ft(h)p Fs(S)12 b Fu(,)33 -b Fs(s)8 b Ft(i)32 b(!)g Fs(s)992 3544 y Fi(0)283 3785 -y Fu(Ho)m(w)m(ev)m(er,)j(w)m(e)f(also)e(ha)m(v)m(e)i(that)e -Fs(Q)42 b(s)1644 3748 y Fi(0)1700 3785 y Fu(=)32 b Fw(tt)g -Fu(and)g(this)g(pro)m(v)m(es)j(the)e(result.)638 b Fh(2)283 -4098 y Fw(Exercise)37 b(6.31)49 b Fu(Sho)m(w)38 b(that)g(the)g -(inference)h(rule)e(for)g Fr(repeat)j Fs(S)49 b Fr(until)40 -b Fs(b)j Fu(suggested)d(in)283 4218 y(Exercise)25 b(6.29)e(preserv)m -(es)j(v)-5 b(alidit)m(y)d(.)38 b(Argue)24 b(that)f(this)g(means)h(that) -f(the)h(en)m(tire)f(pro)s(of)g(system)283 4338 y(consisting)34 -b(of)g(the)g(axioms)f(and)h(rules)g(of)g(T)-8 b(able)34 -b(6.2)g(together)g(with)g(the)g(rule)g(of)f(Exercise)283 -4459 y(6.29)f(is)g(sound.)2818 b Fh(2)283 4688 y Fw(Exercise)37 -b(6.32)49 b Fu(*)29 b(Pro)m(v)m(e)i(that)e(the)h(inference)g(system)g -(of)f(T)-8 b(able)29 b(6.2)g(is)g(complete,)g(that)g(is)552 -4856 y Ft(j)-17 b Fu(=)639 4871 y Fn(t)703 4856 y Ft(f)33 -b Fs(P)42 b Ft(g)33 b Fs(S)44 b Ft(f)32 b(+)h Fs(Q)42 -b Ft(g)32 b Fu(implies)e Ft(`)1843 4871 y Fn(t)1907 4856 -y Ft(f)i Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b(+)h -Fs(Q)41 b Ft(g)1059 b Fh(2)283 5086 y Fw(Exercise)37 -b(6.33)49 b Fu(*)32 b(Pro)m(v)m(e)i(that)527 5290 y(if)e -Ft(`)678 5305 y Fn(t)742 5290 y Ft(f)g Fs(P)43 b Ft(g)32 -b Fs(S)45 b Ft(f)32 b(+)g Fs(Q)42 b Ft(g)32 b Fu(then)i -Ft(`)1772 5305 y Fn(p)1848 5290 y Ft(f)f Fs(P)43 b Ft(g)32 -b Fs(S)44 b Ft(f)33 b Fs(Q)41 b Ft(g)283 5494 y Fu(Do)s(es)33 -b(the)g(con)m(v)m(erse)i(result)d(hold?)2099 b Fh(2)p -eop -%%Page: 197 207 -197 206 bop 0 130 a Fw(6.4)112 b(Extensions)37 b(of)h(the)f(axiomatic)f -(system)1315 b(197)p 0 193 3473 4 v 0 515 a Fp(Extensions)46 -b(of)f(While)0 703 y Fu(W)-8 b(e)46 b(conclude)g(b)m(y)g(considering)f -(an)g(extension)h(of)f Fw(While)f Fu(with)h(non-determinism)e(and)0 -823 y(\(parameterless\))32 b(pro)s(cedures.)45 b(The)34 -b(syn)m(tax)g(of)e(the)h(extended)i(language)c(is)h(giv)m(en)h(b)m(y) -294 1031 y Fs(S)111 b Fu(::=)100 b Fs(x)44 b Fu(:=)33 -b Fs(a)39 b Ft(j)33 b Fr(skip)g Ft(j)f Fs(S)1429 1046 -y Fn(1)1501 1031 y Fu(;)h Fs(S)1628 1046 y Fn(2)1700 -1031 y Ft(j)f Fr(if)h Fs(b)38 b Fr(then)c Fs(S)2283 1046 -y Fn(1)2355 1031 y Fr(else)f Fs(S)2659 1046 y Fn(2)511 -1199 y Ft(j)151 b Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)45 -b Ft(j)32 b Fs(S)1424 1214 y Fn(1)1496 1199 y Fr(or)h -Fs(S)1698 1214 y Fn(2)511 1366 y Ft(j)151 b Fr(begin)34 -b(proc)f Fs(p)39 b Fr(is)33 b Fs(S)1507 1381 y Fn(1)1546 -1366 y Fu(;)g Fs(S)1673 1381 y Fn(2)1744 1366 y Fr(end)h -Ft(j)e Fr(call)i Fs(p)0 1570 y Fu(Note)h(that)f(in)f -Fr(begin)j(proc)f Fs(p)41 b Fr(is)35 b Fs(S)1391 1585 -y Fn(1)1430 1570 y Fu(;)g Fs(S)1559 1585 y Fn(2)1633 -1570 y Fr(end)g Fu(the)g(b)s(o)s(dy)f(of)g Fs(p)40 b -Fu(is)34 b Fs(S)2609 1585 y Fn(1)2683 1570 y Fu(and)g(the)h(remainder)0 -1690 y(of)d(the)h(program)e(is)h Fs(S)834 1705 y Fn(2)874 -1690 y Fu(.)0 1959 y Fw(Non-determinism)0 2146 y Fu(It)41 -b(is)g(straigh)m(tforw)m(ard)f(to)h(handle)g(non-determinism)e(\(in)h -(the)h(sense)i(of)e(Section)g(2.4\))f(in)0 2267 y(the)f(axiomatic)d -(approac)m(h.)61 b(The)39 b(idea)f(is)g(that)g(an)g(assertion)h(holds)f -(for)g Fs(S)2879 2282 y Fn(1)2956 2267 y Fr(or)h Fs(S)3164 -2282 y Fn(2)3242 2267 y Fu(if)e(the)0 2387 y(similar)g(assertion)j -(holds)g(for)g Fs(S)1230 2402 y Fn(1)1310 2387 y Fu(as)g(w)m(ell)g(as)g -(for)g Fs(S)1994 2402 y Fn(2)2033 2387 y Fu(.)67 b(The)41 -b(motiv)-5 b(ation)37 b(for)j(this)g(is)g(that)0 2507 -y(when)32 b(reasoning)e(ab)s(out)h(the)g(statemen)m(t)g(w)m(e)h(ha)m(v) -m(e)h(no)d(w)m(a)m(y)j(of)d(in\015uencing)g(whether)j -Fs(S)3316 2522 y Fn(1)3386 2507 y Fu(or)0 2628 y Fs(S)67 -2643 y Fn(2)139 2628 y Fu(is)f(c)m(hosen.)45 b(F)-8 b(or)32 -b(partial)e(correctness)35 b(w)m(e)e(th)m(us)h(extend)g(T)-8 -b(able)32 b(6.1)g(with)h(the)g(rule)244 2907 y([or)358 -2922 y Fn(p)401 2907 y Fu(])536 2820 y Ft(f)f Fs(P)43 -b Ft(g)32 b Fs(S)876 2835 y Fn(1)948 2820 y Ft(f)g Fs(Q)42 -b Ft(g)p Fu(,)32 b Ft(f)h Fs(P)43 b Ft(g)32 b Fs(S)1597 -2835 y Fn(2)1669 2820 y Ft(f)g Fs(Q)42 b Ft(g)p 536 2883 -1382 4 v 759 2988 a(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)1100 -3003 y Fn(1)1171 2988 y Fr(or)g Fs(S)1373 3003 y Fn(2)1445 -2988 y Ft(f)g Fs(Q)41 b Ft(g)0 3181 y Fu(F)-8 b(or)32 -b(total)f(correctness)j(w)m(e)g(extend)g(T)-8 b(able)32 -b(6.2)h(with)f(the)h(rule)244 3440 y([or)358 3455 y Fn(t)389 -3440 y Fu(])524 3354 y Ft(f)f Fs(P)43 b Ft(g)32 b Fs(S)864 -3369 y Fn(1)936 3354 y Ft(f)h(+)f Fs(Q)42 b Ft(g)p Fu(,)32 -b Ft(f)g Fs(P)43 b Ft(g)33 b Fs(S)1679 3369 y Fn(2)1750 -3354 y Ft(f)g(+)f Fs(Q)42 b Ft(g)p 524 3417 1569 4 v -794 3522 a(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)1135 3537 -y Fn(1)1206 3522 y Fr(or)g Fs(S)1408 3537 y Fn(2)1480 -3522 y Ft(f)g(+)f Fs(Q)42 b Ft(g)0 3714 y Fu(When)31 -b(dealing)d(with)h(soundness)j(and)d(completeness)i(of)e(these)i(rules) -e(one)h(m)m(ust)g(b)s(e)g(careful)0 3835 y(in)c(using)g(a)h(seman)m -(tics)g(that)g(mo)s(dels)e(\\non-deterministic)g(c)m(hoice")i(in)f(the) -h(prop)s(er)g(manner.)0 3955 y(W)-8 b(e)28 b(sa)m(w)g(in)f(Section)h -(2.4)f(that)g(this)g(is)g(the)h(case)h(for)e(structural)g(op)s -(erational)e(seman)m(tics)j(but)0 4075 y(not)23 b(for)g(natural)f -(seman)m(tics.)40 b(With)23 b(resp)s(ect)h(to)f(the)h(structural)f(op)s -(erational)e(seman)m(tics)i(one)0 4196 y(can)33 b(sho)m(w)i(that)e(the) -g(ab)s(o)m(v)m(e)i(rules)e(are)g(sound)h(and)f(that)g(the)h(resulting)e -(inference)i(systems)0 4316 y(are)29 b(complete.)42 b(If)29 -b(one)h(insists)f(on)g(using)g(the)h(natural)e(seman)m(tics)h(the)h -Fr(or)p Fu(-construct)g(w)m(ould)0 4437 y(mo)s(del)35 -b(a)i(kind)g(of)f(\\angelic)f(c)m(hoice")i(and)g(b)s(oth)g(rules)g(w)m -(ould)f(b)s(e)h(sound.)58 b(Ho)m(w)m(ev)m(er,)40 b(only)0 -4557 y(the)33 b(partial)d(correctness)35 b(inference)e(system)h(will)c -(b)s(e)j(complete.)0 4825 y Fw(Non-recursiv)m(e)k(pro)s(cedures)0 -5013 y Fu(F)-8 b(or)43 b(the)g(sak)m(e)i(of)e(simplicit)m(y)e(w)m(e)j -(shall)e(restrict)h(our)h(atten)m(tion)e(to)h(statemen)m(ts)i(with)e -(at)0 5133 y(most)33 b(one)h(pro)s(cedure)g(declaration.)45 -b(F)-8 b(or)32 b(non-recursiv)m(e)j(pro)s(cedures)g(the)e(idea)g(is)g -(that)g(an)0 5254 y(assertion)k(that)g(holds)g(for)g(the)h(b)s(o)s(dy)f -(of)g(the)h(pro)s(cedure)g(also)f(holds)g(for)f(the)i(calls)e(of)h(the) -0 5374 y(pro)s(cedure.)65 b(This)40 b(motiv)-5 b(ates)38 -b(extending)i(the)g(partial)e(correctness)j(inference)f(system)h(of)0 -5494 y(T)-8 b(able)32 b(6.1)g(with)h(the)g(rule)p eop -%%Page: 198 208 -198 207 bop 251 130 a Fw(198)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527 -577 a Fu([call)702 592 y Fn(p)744 577 y Fu(])992 490 -y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 -b Ft(g)p 879 554 849 4 v 879 658 a(f)32 b Fs(P)43 b Ft(g)32 -b Fr(call)i Fs(p)k Ft(f)33 b Fs(Q)41 b Ft(g)1802 577 -y Fu(where)34 b Fs(p)k Fu(is)32 b(de\014ned)i(b)m(y)g -Fr(proc)f Fs(p)39 b Fr(is)33 b Fs(S)283 837 y Fu(Similarly)g(the)j -(inference)h(system)g(for)e(total)g(correctness)j(in)e(T)-8 -b(able)35 b(6.2)h(can)h(b)s(e)f(extended)283 957 y(with)d(the)g(rule) -527 1194 y([call)702 1209 y Fn(t)732 1194 y Fu(])980 -1108 y Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b(+)f -Fs(Q)42 b Ft(g)p 867 1171 942 4 v 867 1276 a(f)32 b Fs(P)43 -b Ft(g)33 b Fr(call)g Fs(p)39 b Ft(f)32 b(+)g Fs(Q)42 -b Ft(g)1884 1194 y Fu(where)34 b Fs(p)k Fu(is)32 b(de\014ned)i(b)m(y)g -Fr(proc)f Fs(p)39 b Fr(is)33 b Fs(S)283 1454 y Fu(In)g(b)s(oth)g(cases) -h(the)f(resulting)e(inference)i(system)h(can)f(b)s(e)g(pro)m(v)m(ed)h -(sound)f(and)g(complete.)283 1712 y Fw(Recursiv)m(e)k(pro)s(cedures)283 -1897 y Fu(The)46 b(ab)s(o)m(v)m(e)f(rules)g(turn)f(out)g(to)h(b)s(e)f -(insu\016cien)m(t)h(when)h(pro)s(cedures)f(are)g(allo)m(w)m(ed)f(to)g -(b)s(e)283 2018 y(recursiv)m(e:)h(in)30 b(order)i(to)f(pro)m(v)m(e)h -(an)f(assertion)g(for)g Fr(call)h Fs(p)38 b Fu(one)31 -b(has)h(to)f(pro)m(v)m(e)h(the)g(assertion)283 2138 y(for)h(the)h(b)s -(o)s(dy)f(of)g(the)g(pro)s(cedure)h(and)g(this)f(implies)d(that)j(one)h -(has)f(to)g(pro)m(v)m(e)i(an)e(assertion)283 2258 y(ab)s(out)g(eac)m(h) -g(o)s(ccurrence)h(of)e Fr(call)i Fs(p)k Fu(inside)32 -b(the)h(b)s(o)s(dy)g(and)f(so)h(on.)430 2379 y(Consider)d(\014rst)g -(the)g(case)g(of)f Fs(p)-5 b(artial)32 b(c)-5 b(orr)g(e)g(ctness)37 -b Fu(assertions.)43 b(In)30 b(order)g(to)f(pro)m(v)m(e)i(some)283 -2499 y(prop)s(ert)m(y)k Ft(f)f Fs(P)45 b Ft(g)34 b Fr(call)h -Fs(p)40 b Ft(f)34 b Fs(Q)44 b Ft(g)34 b Fu(w)m(e)h(shall)e(pro)m(v)m(e) -i(the)g(similar)c(prop)s(ert)m(y)k(for)e(the)i(b)s(o)s(dy)f(of)283 -2619 y(the)39 b(pro)s(cedure)g(but)g Fs(under)g(the)h(assumption)g -(that)48 b Ft(f)37 b Fs(P)49 b Ft(g)38 b Fr(call)h Fs(p)44 -b Ft(f)38 b Fs(Q)47 b Ft(g)38 b Fu(holds)g(for)f(the)283 -2740 y(recursiv)m(e)d(calls)e(of)g Fs(p)6 b Fu(.)43 b(Often)33 -b(this)f(is)g(expressed)k(b)m(y)d(a)f(rule)g(of)h(the)g(form)527 -2996 y([call)702 2960 y Fn(rec)702 3021 y(p)795 2996 -y Fu(])930 2910 y Ft(f)f Fs(P)43 b Ft(g)32 b Fr(call)i -Fs(p)k Ft(f)33 b Fs(Q)41 b Ft(g)33 b(`)1872 2925 y Fn(p)1947 -2910 y Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b -Fs(Q)41 b Ft(g)p 930 2973 1640 4 v 1325 3078 a(f)33 b -Fs(P)42 b Ft(g)33 b Fr(call)g Fs(p)39 b Ft(f)32 b Fs(Q)42 -b Ft(g)920 3234 y Fu(where)34 b Fs(p)k Fu(is)32 b(de\014ned)i(b)m(y)g -Fr(proc)f Fs(p)39 b Fr(is)33 b Fs(S)283 3430 y Fu(The)49 -b(premise)e(of)g(the)h(rule)f(expresses)j(that)d Ft(f)g -Fs(P)58 b Ft(g)47 b Fs(S)59 b Ft(f)48 b Fs(Q)56 b Ft(g)47 -b Fu(is)g(pro)m(v)-5 b(able)47 b(under)h(the)283 3551 -y(assumption)32 b(that)f Ft(f)h Fs(P)42 b Ft(g)32 b Fr(call)g -Fs(p)38 b Ft(f)32 b Fs(Q)41 b Ft(g)31 b Fu(can)h(b)s(e)g(pro)m(v)m(ed)i -(for)d(the)h(recursiv)m(e)i(calls)c(presen)m(t)283 3671 -y(in)i Fs(S)12 b Fu(.)33 b(The)g(conclusion)f(expresses)k(that)c -Ft(f)h Fs(P)42 b Ft(g)33 b Fr(call)g Fs(p)39 b Ft(f)32 -b Fs(Q)42 b Ft(g)32 b Fu(holds)g(for)g(all)f(calls)g(of)h -Fs(p)6 b Fu(.)283 3890 y Fw(Example)37 b(6.34)49 b Fu(Consider)33 -b(the)g(follo)m(wing)d(statemen)m(t)527 4086 y Fr(begin)k(proc)g(fac)f -(is)g Fu(\()p Fr(if)g(x)g Fu(=)f Fr(1)h(then)h(skip)1413 -4254 y(else)g Fu(\()p Fr(y)e Fu(:=)h Fr(x)p Fo(?)p Fr(y)p -Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(;)i -Fr(call)f(fac)p Fu(\)\);)816 4421 y Fr(y)g Fu(:=)f Fr(1)p -Fu(;)h Fr(call)h(fac)527 4589 y(end)283 4785 y Fu(W)-8 -b(e)33 b(w)m(an)m(t)g(to)f(pro)m(v)m(e)h(that)f(the)g(\014nal)f(v)-5 -b(alue)32 b(of)f Fr(y)i Fu(is)e(the)i(factorial)c(of)j(the)g(initial)d -(v)-5 b(alue)31 b(of)h Fr(x)p Fu(.)283 4906 y(W)-8 b(e)33 -b(shall)f(pro)m(v)m(e)h(that)527 5102 y Ft(f)g Fr(x)f -Fo(>)h Fr(0)g Ft(^)g Fr(n)f Fu(=)h Fr(y)g Fo(?)f Fr(x)p -Fu(!)44 b Ft(g)32 b Fr(call)h(fac)h Ft(f)e Fr(y)h Fu(=)f -Fr(n)h Ft(g)283 5298 y Fu(where)h Fr(x)f Fo(>)f Fr(0)h -Ft(^)g Fr(n)g Fu(=)f Fr(y)h Fo(?)f Fr(x)p Fu(!)44 b(is)32 -b(an)h(abbreviation)e(for)h(the)h(predicate)g Fs(P)43 -b Fu(de\014ned)34 b(b)m(y)527 5494 y Fs(P)43 b(s)e Fu(=)32 -b(\()p Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)g Fu(and)h Fs(s)41 -b Fr(n)33 b Fu(=)f Fs(s)41 b Fr(y)32 b Fo(?)h Fu(\()p -Fs(s)40 b Fr(x)p Fu(\)!\))p eop -%%Page: 199 209 -199 208 bop 0 130 a Fw(6.4)112 b(Extensions)37 b(of)h(the)f(axiomatic)f -(system)1315 b(199)p 0 193 3473 4 v 0 515 a Fu(W)-8 b(e)33 -b(assume)g(that)269 683 y Ft(`)330 698 y Fn(p)405 683 -y Ft(f)g Fr(x)g Fo(>)f Fr(0)h Ft(^)g Fr(n)f Fu(=)h Fr(y)g -Fo(?)f Fr(x)p Fu(!)44 b Ft(g)32 b Fr(call)i(fac)f Ft(f)f -Fr(y)h Fu(=)f Fr(n)h Ft(g)1092 b Fu(\(*\))0 851 y(holds)32 -b(for)g(the)h(recursiv)m(e)h(calls)e(of)g Fr(fac)p Fu(.)44 -b(W)-8 b(e)33 b(shall)e(then)i(construct)h(a)e(pro)s(of)g(of)319 -1010 y Ft(f)g Fr(x)h Fo(>)f Fr(0)h Ft(^)g Fr(n)g Fu(=)f -Fr(y)h Fo(?)f Fr(x)p Fu(!)44 b Ft(g)319 1177 y Fr(if)33 -b(x)f Fu(=)h Fr(1)g(then)g(skip)h(else)f Fu(\()p Fr(y)g -Fu(:=)g Fr(x)p Fo(?)p Fr(y)p Fu(;)f Fr(x)h Fu(:=)g Fr(x)p -Ft(\000)p Fr(1)p Fu(;)g Fr(call)h(fac)p Fu(\))319 1345 -y Ft(f)e Fr(y)h Fu(=)f Fr(n)h Ft(g)3299 1178 y Fu(\(**\))0 -1511 y(and,)42 b(using)e([call)664 1475 y Fn(rec)664 -1536 y(p)757 1511 y Fu(])g(w)m(e)h(obtain)e(a)h(pro)s(of)f(of)h(\(*\))f -(for)h(all)e(o)s(ccurrences)k(of)d Fr(call)j(fac)p Fu(.)66 -b(T)-8 b(o)0 1632 y(pro)m(v)m(e)34 b(\(**\))e(w)m(e)h(\014rst)g(use)h -(the)f(assumption)f(\(*\))g(to)g(get)244 1856 y Ft(`)305 -1871 y Fn(p)381 1856 y Ft(f)g Fr(x)h Fo(>)f Fr(0)h Ft(^)g -Fr(n)g Fu(=)f Fr(y)h Fo(?)f Fr(x)p Fu(!)44 b Ft(g)32 -b Fr(call)i(fac)f Ft(f)f Fr(y)h Fu(=)g Fr(n)f Ft(g)0 -2080 y Fu(Then)i(w)m(e)f(apply)g([ass)819 2095 y Fn(p)863 -2080 y Fu(])f(and)h([comp)1367 2095 y Fn(p)1410 2080 -y Fu(])g(t)m(wice)g(and)f(get)244 2303 y Ft(`)305 2318 -y Fn(p)381 2303 y Ft(f)g Fu(\(\()p Fr(x)h Fo(>)f Fr(0)h -Ft(^)g Fr(n)g Fu(=)f Fr(y)h Fo(?)f Fr(x)p Fu(!\)[)p Fr(x)p -Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p Ft(7!)q -Fr(x)p Fo(?)p Fr(y)p Fu(])h Ft(g)381 2471 y Fr(y)f Fu(:=)h -Fr(x)p Fo(?)p Fr(y)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p -Fr(1)p Fu(;)i Fr(call)f(fac)381 2639 y Ft(f)f Fr(y)h -Fu(=)f Fr(n)h Ft(g)0 2863 y Fu(W)-8 b(e)33 b(ha)m(v)m(e)268 -3030 y Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Ft(^)f -Fu(\()p Fr(x)g Fo(>)g Fr(0)g Ft(^)g Fr(n)g Fu(=)g Fr(y)g -Fo(?)f Fr(x)p Fu(!\))44 b Ft(\))31 b Fu(\(\()p Fr(x)h -Fo(>)g Fr(0)g Ft(^)g Fr(n)g Fu(=)g Fr(y)g Fo(?)g Fr(x)p -Fu(!\)[)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p -Fr(y)p Ft(7!)q Fr(x)p Fo(?)p Fr(y)p Fu(])0 3198 y(so)h(using)f([cons) -586 3213 y Fn(p)630 3198 y Fu(])h(w)m(e)h(get)244 3422 -y Ft(`)305 3437 y Fn(p)381 3422 y Ft(f)e(:)p Fu(\()p -Fr(x)p Fu(=)p Fr(1)p Fu(\))h Ft(^)g Fu(\()p Fr(x)g Fo(>)f -Fr(0)h Ft(^)g Fr(n)g Fu(=)f Fr(y)h Fo(?)f Fr(x)p Fu(!\))44 -b Ft(g)381 3589 y Fr(y)32 b Fu(:=)h Fr(x)p Fo(?)p Fr(y)p -Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(;)i -Fr(call)f(fac)381 3757 y Ft(f)f Fr(y)h Fu(=)f Fr(n)h -Ft(g)0 3981 y Fu(Using)f(that)244 4205 y Fr(x)p Fu(=)p -Fr(1)h Ft(^)g Fr(x)g Fo(>)f Fr(0)h Ft(^)g Fr(n)f Fu(=)h -Fr(y)g Fo(?)f Fr(x)p Fu(!)44 b Ft(\))32 b Fr(y)h Fu(=)f -Fr(n)0 4429 y Fu(it)g(is)g(easy)h(to)f(pro)m(v)m(e)244 -4652 y Ft(`)305 4667 y Fn(p)381 4652 y Ft(f)g Fr(x)p -Fu(=)p Fr(1)h Ft(^)g Fr(x)g Fo(>)f Fr(0)h Ft(^)g Fr(n)f -Fu(=)h Fr(y)g Fo(?)f Fr(x)p Fu(!)44 b Ft(g)32 b Fr(skip)i -Ft(f)e Fr(y)h Fu(=)f Fr(n)h Ft(g)0 4876 y Fu(so)g([if)205 -4891 y Fn(p)247 4876 y Fu(])g(can)g(b)s(e)f(applied)g(and)g(giv)m(es)h -(a)g(pro)s(of)e(of)i(\(**\).)1361 b Fh(2)146 5133 y Fu(T)-8 -b(able)31 b(6.1)g(extended)j(with)d(the)g(rule)g([call)1739 -5097 y Fn(rec)1739 5158 y(p)1832 5133 y Fu(])h(can)f(b)s(e)h(pro)m(v)m -(ed)h(to)e(b)s(e)g(sound.)44 b(Ho)m(w)m(ev)m(er,)0 5254 -y(in)28 b(order)i(to)e(get)i(a)e(completeness)i(result)g(the)f -(inference)h(system)g(has)f(to)g(b)s(e)h(extended)h(with)0 -5374 y(additional)f(rules.)43 b(T)-8 b(o)33 b(illustrate)d(wh)m(y)k -(this)e(is)g(necessary)j(consider)e(the)g(follo)m(wing)d(v)m(ersion)0 -5494 y(of)i(the)h(factorial)d(program:)p eop -%%Page: 200 210 -200 209 bop 251 130 a Fw(200)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527 -515 a Fr(begin)34 b(proc)g(fac)f(is)g(if)g(x)p Fu(=)p -Fr(1)g(then)h(y)e Fu(:=)h Fr(1)1375 683 y(else)h Fu(\()p -Fr(x)e Fu(:=)h Fr(x)p Ft(\000)p Fr(1)p Fu(;)h Fr(call)f(fac)p -Fu(;)h Fr(x)e Fu(:=)h Fr(x)p Fu(+)p Fr(1)p Fu(;)g Fr(y)g -Fu(:=)f Fr(x)p Fo(?)p Fr(y)p Fu(\);)816 851 y Fr(call)i(fac)527 -1018 y(end)283 1223 y Fu(Assume)h(that)f(w)m(e)h(w)m(an)m(t)f(to)g(pro) -m(v)m(e)h(that)e(this)h(program)e(do)s(es)i(not)g(c)m(hange)h(the)f(v) --5 b(alue)33 b(of)h Fr(x)p Fu(,)283 1344 y(that)f(is)552 -1511 y Ft(f)g Fr(x)f Fu(=)h Fr(n)f Ft(g)h Fr(call)g(fac)h -Ft(f)e Fr(x)h Fu(=)f Fr(n)h Ft(g)1806 b Fu(\(*\))283 -1679 y(In)32 b(order)g(to)g(do)f(that)h(w)m(e)g(assume)g(that)g(w)m(e)h -(ha)m(v)m(e)g(a)e(pro)s(of)g(of)g(\(*\))g(for)g(the)h(recursiv)m(e)h -(call)d(of)283 1799 y Fr(fac)c Fu(and)f(w)m(e)h(ha)m(v)m(e)g(to)f -(construct)h(a)e(pro)s(of)g(of)h(the)g(prop)s(ert)m(y)h(for)e(the)h(b)s -(o)s(dy)g(of)g(the)g(pro)s(cedure.)283 1920 y(It)33 b(seems)h(that)e -(in)g(order)g(to)h(do)f(so)h(w)m(e)h(m)m(ust)e(construct)i(a)e(pro)s -(of)g(of)527 2125 y Ft(f)h Fr(x)f Fu(=)h Fr(n)p Ft(\000)p -Fr(1)g Ft(g)g Fr(call)g(fac)h Ft(f)e Fr(x)h Fu(=)f Fr(n)p -Ft(\000)p Fr(1)i Ft(g)283 2330 y Fu(and)h(there)h(are)e(no)h(axioms)f -(and)g(rules)h(that)g(allo)m(w)e(us)i(to)g(obtain)e(suc)m(h)j(a)f(pro)s -(of)f(from)f(\(*\).)283 2451 y(Ho)m(w)m(ev)m(er,)h(w)m(e)d(shall)e(not) -h(go)f(further)i(in)m(to)e(this,)i(but)f(Chapter)h(7)f(will)e(pro)m -(vide)j(appropriate)283 2571 y(references.)430 2692 y(The)36 -b(case)h(of)e Fs(total)j(c)-5 b(orr)g(e)g(ctness)44 b -Fu(is)35 b(sligh)m(tly)f(more)h(complicated)f(b)s(ecause)j(w)m(e)g(ha)m -(v)m(e)g(to)283 2812 y(b)s(ound)c(the)g(n)m(um)m(b)s(er)g(of)f -(recursiv)m(e)i(calls.)43 b(The)33 b(rule)f(adopted)h(is)527 -3077 y([call)702 3041 y Fn(rec)702 3102 y(t)795 3077 -y Fu(])930 2991 y Ft(f)f Fs(P)10 b Fu(\()p Fw(z)p Fu(\))33 -b Ft(g)f Fr(call)i Fs(p)k Ft(f)32 b(+)h Fs(Q)41 b Ft(g)33 -b(`)2091 3006 y Fn(t)2155 2991 y Ft(f)f Fs(P)10 b Fu(\()p -Fw(z)p Fu(+)p Fw(1)p Fu(\))33 b Ft(g)f Fs(S)44 b Ft(f)33 -b(+)f Fs(Q)42 b Ft(g)p 930 3054 2198 4 v 1429 3159 a(f)32 -b(9)p Fw(z)p Fu(.)p Fs(P)10 b Fu(\()p Fw(z)p Fu(\))33 -b Ft(g)f Fr(call)i Fs(p)k Ft(f)33 b(+)f Fs(Q)42 b Ft(g)920 -3315 y Fu(where)34 b Ft(:)p Fs(P)10 b Fu(\()p Fw(0)p -Fu(\))33 b(holds)920 3483 y(and)f Fw(z)h Fu(ranges)g(o)m(v)m(er)g(the)g -(natural)f(n)m(um)m(b)s(ers)h(\(that)g(is)f Fw(z)p Ft(\025)p -Fw(0)p Fu(\))920 3651 y(and)g(where)i Fs(p)39 b Fu(is)32 -b(de\014ned)i(b)m(y)f Fr(proc)h Fs(p)k Fr(is)33 b Fs(S)283 -3856 y Fu(The)49 b(premise)e(of)f(this)h(rule)g(expresses)j(that)d(if)f -(w)m(e)i(assume)g(that)f(w)m(e)h(ha)m(v)m(e)h(a)e(pro)s(of)f(of)283 -3976 y Ft(f)33 b Fs(P)10 b Fu(\()p Fw(z)p Fu(\))32 b -Ft(g)h Fr(call)g Fs(p)39 b Ft(f)32 b(+)g Fs(Q)42 b Ft(g)e -Fu(for)g(all)f(recursiv)m(e)j(calls)d(of)h Fs(p)46 b -Fu(of)40 b(depth)h(at)g(most)e Fw(z)i Fu(then)g(w)m(e)283 -4097 y(can)33 b(pro)m(v)m(e)g Ft(f)f Fs(P)10 b Fu(\()p -Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Ft(g)g Fs(S)44 b Ft(f)32 -b(+)g Fs(Q)42 b Ft(g)p Fu(.)h(The)33 b(conclusion)f(expresses)j(that)d -(for)f(an)m(y)i(depth)g(of)283 4217 y(recursiv)m(e)h(calls)e(w)m(e)h -(ha)m(v)m(e)h(a)f(pro)s(of)e(of)h Ft(f)h(9)p Fw(z)p Fu(.)p -Fs(P)10 b Fu(\()p Fw(z)p Fu(\))33 b Ft(g)f Fr(call)h -Fs(p)39 b Ft(f)32 b(+)h Fs(Q)41 b Ft(g)p Fu(.)430 4338 -y(The)28 b(inference)g(system)h(of)d(T)-8 b(able)28 b(6.2)f(extended)i -(with)e(the)h(rule)f([call)3023 4302 y Fn(rec)3023 4362 -y(t)3116 4338 y Fu(])g(can)h(b)s(e)f(pro)m(v)m(ed)283 -4458 y(to)i(b)s(e)f(sound.)43 b(If)28 b(it)g(is)g(extended)i(with)e -(additional)e(rules)i(\(as)g(discussed)j(ab)s(o)m(v)m(e\))e(it)e(can)i -(also)283 4579 y(b)s(e)k(pro)m(v)m(ed)h(to)f(b)s(e)f(complete.)283 -4914 y Fj(6.5)161 b(Assertions)52 b(for)i(execution)f(time)283 -5133 y Fu(A)42 b(pro)s(of)e(system)i(for)f(total)e(correctness)44 -b(can)d(b)s(e)g(used)i(to)d(pro)m(v)m(e)j(that)e(a)g(program)e(do)s(es) -283 5254 y(indeed)46 b(terminate)e(but)h(it)f(do)s(es)i(not)e(sa)m(y)j -(ho)m(w)e(man)m(y)g(resources)i(it)d(needs)j(in)d(order)h(to)283 -5374 y(terminate.)c(W)-8 b(e)30 b(shall)d(no)m(w)i(sho)m(w)h(ho)m(w)f -(to)g(extend)h(the)f(total)e(correctness)k(pro)s(of)d(system)h(of)283 -5494 y(T)-8 b(able)33 b(6.2)f(to)g(pro)m(v)m(e)i Fs(the)h(or)-5 -b(der)34 b(of)h(magnitude)f(of)h(the)g(exe)-5 b(cution)34 -b(time)40 b Fu(of)32 b(a)g(statemen)m(t.)p eop -%%Page: 201 211 -201 210 bop 0 130 a Fw(6.5)112 b(Assertions)37 b(for)g(execution)g -(time)1606 b(201)p 0 193 3473 4 v 146 515 a Fu(It)39 -b(is)e(easy)i(to)f(giv)m(e)g(some)g(informal)d(guidelines)i(for)h(ho)m -(w)g(to)g(determine)g(the)h(order)f(of)0 636 y(magnitude)31 -b(of)h(execution)i(time:)0 813 y Fw(assignmen)m(t:)49 -b Fu(the)33 b(execution)g(time)e(is)h Ft(O)s Fu(\()p -Fw(1)p Fu(\),)h(that)f(is,)g(it)g(is)g(b)s(ounded)h(b)m(y)h(a)e -(constan)m(t,)0 1007 y Fw(skip:)49 b Fu(the)33 b(execution)g(time)e(is) -h Ft(O)s Fu(\()p Fw(1)p Fu(\),)0 1202 y Fw(comp)s(osition:)47 -b Fu(the)35 b(execution)h(time)d(is,)i(to)f(within)g(a)g(constan)m(t)i -(factor,)f(the)g(sum)g(of)f(the)244 1322 y(execution)f(times)f(of)g -(eac)m(h)h(of)f(the)i(statemen)m(ts,)0 1517 y Fw(conditional:)47 -b Fu(the)30 b(execution)h(time)d(is,)i(to)g(within)e(a)i(constan)m(t)g -(factor,)g(the)h(largest)e(of)g(the)244 1637 y(execution)k(times)f(of)g -(the)h(t)m(w)m(o)g(branc)m(hes,)i(and)0 1832 y Fw(iteration:)47 -b Fu(the)30 b(execution)f(time)f(of)h(the)g(lo)s(op)f(is,)h(to)g -(within)f(a)h(constan)m(t)g(factor,)h(the)f(sum,)244 -1952 y(o)m(v)m(er)34 b(all)c(iterations)h(round)i(the)g(lo)s(op,)e(of)h -(the)h(time)e(to)i(execute)h(the)f(b)s(o)s(dy)-8 b(.)0 -2129 y(The)26 b(idea)f(no)m(w)h(is)f(to)f(formalize)f(these)k(rules)e -(b)m(y)h(giving)e(an)h(inference)h(system)g(for)f(reasoning)0 -2250 y(ab)s(out)32 b(execution)h(times.)43 b(T)-8 b(o)33 -b(do)f(so)h(w)m(e)g(shall)f(pro)s(ceed)h(in)f(three)h(stages:)145 -2427 y Ft(\017)49 b Fu(\014rst)42 b(w)m(e)g(sp)s(ecify)f(the)h(exact)g -(time)e(needed)j(to)e(ev)-5 b(aluate)40 b(arithmetic)g(and)h(b)s(o)s -(olean)244 2547 y(expressions,)145 2742 y Ft(\017)49 -b Fu(next)37 b(w)m(e)f(extend)h(the)g(natural)d(seman)m(tics)i(of)f -(Chapter)i(2)e(to)h(coun)m(t)g(the)g(exact)h(exe-)244 -2862 y(cution)32 b(time,)f(and)145 3057 y Ft(\017)49 -b Fu(\014nally)40 b(w)m(e)j(extend)g(the)g(total)d(correctness)k(pro)s -(of)d(system)h(to)g(pro)m(v)m(e)h(the)f(order)g(of)244 -3177 y(magnitude)31 b(of)h(the)h(execution)h(time)d(of)h(statemen)m -(ts.)0 3354 y(Ho)m(w)m(ev)m(er,)f(b)s(efore)c(addressing)h(these)g -(issues)h(w)m(e)f(ha)m(v)m(e)h(to)e(\014x)h(a)f Fs(c)-5 -b(omputational)29 b(mo)-5 b(del)p Fu(,)28 b(that)0 3475 -y(is)43 b(w)m(e)i(ha)m(v)m(e)g(to)e(determine)h(ho)m(w)g(to)f(coun)m(t) -i(the)f(cost)g(of)f(the)h(v)-5 b(arious)43 b(op)s(erations.)76 -b(The)0 3595 y(actual)36 b(c)m(hoice)i(is)e(not)i(so)f(imp)s(ortan)m(t) -e(but)j(for)e(the)i(sak)m(e)g(of)f(simplicit)m(y)e(w)m(e)j(ha)m(v)m(e)g -(based)g(it)0 3715 y(up)s(on)44 b(the)h(abstract)g(mac)m(hine)f(of)g -(Chapter)h(3.)79 b(The)46 b(idea)e(is)g(that)g(eac)m(h)h(instruction)f -(of)0 3836 y(the)38 b(mac)m(hine)e(tak)m(es)j(one)e(time)f(unit)h(and)g -(the)h(time)e(required)h(to)g(execute)i(an)e(arithmetic)0 -3956 y(expression,)27 b(a)c(b)s(o)s(olean)f(expression)i(or)f(a)g -(statemen)m(t)h(will)d(b)s(e)j(the)g(time)e(required)h(to)g(execute)0 -4077 y(the)29 b(generated)g(co)s(de.)43 b(Ho)m(w)m(ev)m(er,)32 -b(no)c(kno)m(wledge)i(of)e(Chapter)h(3)f(is)g(required)i(in)d(the)i -(sequel.)0 4361 y Fp(Exact)46 b(execution)f(times)h(for)f(expressions)0 -4546 y Fu(The)34 b(time)d(needed)j(to)e(ev)-5 b(aluate)32 -b(an)h(arithmetic)d(expression)k(is)e(giv)m(en)h(b)m(y)g(a)g(function) -244 4723 y Ft(T)25 b(A)p Fu(:)43 b Fw(Aexp)33 b Ft(!)f -Fw(Z)0 4900 y Fu(so)24 b Ft(T)i(A)p Fu([)-17 b([)p Fs(a)7 -b Fu(])-17 b(])25 b(is)f(the)h(n)m(um)m(b)s(er)f(of)g(time)f(units)h -(required)h(to)f(ev)-5 b(aluate)23 b Fs(a)32 b Fu(in)23 -b(an)m(y)i(state.)41 b(Similarly)-8 b(,)0 5020 y(the)33 -b(function)244 5197 y Ft(T)25 b(B)t Fu(:)43 b Fw(Bexp)33 -b Ft(!)f Fw(Z)0 5374 y Fu(determines)41 b(the)f(n)m(um)m(b)s(er)h(of)f -(time)f(units)h(required)h(to)f(ev)-5 b(aluate)40 b(a)g(b)s(o)s(olean)f -(expression.)0 5494 y(These)34 b(functions)f(are)f(de\014ned)i(in)e(T) --8 b(able)33 b(6.3.)p eop -%%Page: 202 212 -202 211 bop 251 130 a Fw(202)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283 -419 V 283 2313 4 1894 v 715 528 a Ft(T)26 b(A)o Fu([)-17 -b([)q Fs(n)7 b Fu(])-17 b(])374 b(=)100 b Fw(1)715 696 -y Ft(T)26 b(A)o Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])379 -b(=)100 b Fw(1)715 863 y Ft(T)26 b(A)o Fu([)-17 b([)q -Fs(a)969 878 y Fn(1)1041 863 y Fu(+)33 b Fs(a)1207 878 -y Fn(2)1246 863 y Fu(])-17 b(])102 b(=)e Ft(T)25 b(A)p -Fu([)-17 b([)p Fs(a)1814 878 y Fn(1)1854 863 y Fu(])g(])33 -b(+)g Ft(T)25 b(A)p Fu([)-17 b([)p Fs(a)2286 878 y Fn(2)2326 -863 y Fu(])g(])33 b(+)g Fw(1)715 1031 y Ft(T)26 b(A)o -Fu([)-17 b([)q Fs(a)969 1046 y Fn(1)1041 1031 y Fo(?)33 -b Fs(a)1180 1046 y Fn(2)1219 1031 y Fu(])-17 b(])129 -b(=)100 b Ft(T)25 b(A)p Fu([)-17 b([)p Fs(a)1814 1046 -y Fn(1)1854 1031 y Fu(])g(])33 b(+)g Ft(T)25 b(A)p Fu([)-17 -b([)p Fs(a)2286 1046 y Fn(2)2326 1031 y Fu(])g(])33 b(+)g -Fw(1)715 1199 y Ft(T)26 b(A)o Fu([)-17 b([)q Fs(a)969 -1214 y Fn(1)1041 1199 y Ft(\000)33 b Fs(a)1208 1214 y -Fn(2)1248 1199 y Fu(])-17 b(])100 b(=)g Ft(T)25 b(A)p -Fu([)-17 b([)p Fs(a)1814 1214 y Fn(1)1854 1199 y Fu(])g(])33 -b(+)g Ft(T)25 b(A)p Fu([)-17 b([)p Fs(a)2286 1214 y Fn(2)2326 -1199 y Fu(])g(])33 b(+)g Fw(1)715 1414 y Ft(T)26 b(B)s -Fu([)-17 b([)q Fr(true)p Fu(])g(])243 b(=)100 b Fw(1)715 -1581 y Ft(T)26 b(B)s Fu([)-17 b([)q Fr(false)p Fu(])g(])192 -b(=)100 b Fw(1)715 1749 y Ft(T)26 b(B)s Fu([)-17 b([)q -Fs(a)958 1764 y Fn(1)1030 1749 y Fu(=)33 b Fs(a)1196 -1764 y Fn(2)1235 1749 y Fu(])-17 b(])113 b(=)100 b Ft(T)25 -b(A)p Fu([)-17 b([)p Fs(a)1814 1764 y Fn(1)1854 1749 -y Fu(])g(])33 b(+)g Ft(T)25 b(A)p Fu([)-17 b([)p Fs(a)2286 -1764 y Fn(2)2326 1749 y Fu(])g(])33 b(+)g Fw(1)715 1916 -y Ft(T)26 b(B)s Fu([)-17 b([)q Fs(a)958 1931 y Fn(1)1030 -1916 y Ft(\024)33 b Fs(a)1197 1931 y Fn(2)1237 1916 y -Fu(])-17 b(])111 b(=)100 b Ft(T)25 b(A)p Fu([)-17 b([)p -Fs(a)1814 1931 y Fn(1)1854 1916 y Fu(])g(])33 b(+)g Ft(T)25 -b(A)p Fu([)-17 b([)p Fs(a)2286 1931 y Fn(2)2326 1916 -y Fu(])g(])33 b(+)g Fw(1)715 2084 y Ft(T)26 b(B)s Fu([)-17 -b([)q Ft(:)p Fs(b)6 b Fu(])-17 b(])330 b(=)100 b Ft(T)25 -b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b(+)g Fw(1)715 -2252 y Ft(T)26 b(B)s Fu([)-17 b([)q Fs(b)952 2267 y Fn(1)1024 -2252 y Ft(^)33 b Fs(b)1174 2267 y Fn(2)1213 2252 y Fu(])-17 -b(])135 b(=)100 b Ft(T)25 b(B)t Fu([)-17 b([)p Fs(b)1797 -2267 y Fn(1)1837 2252 y Fu(])g(])33 b(+)f Ft(T)26 b(B)s -Fu([)-17 b([)q Fs(b)2252 2267 y Fn(2)2291 2252 y Fu(])g(])33 -b(+)g Fw(1)p 3753 2313 V 283 2316 3473 4 v 987 2477 a -Fu(T)-8 b(able)32 b(6.3:)43 b(Exact)34 b(execution)f(times)f(for)g -(expressions)283 2743 y Fp(Exact)46 b(execution)g(times)g(for)f -(statemen)l(ts)283 2928 y Fu(T)-8 b(urning)25 b(to)f(the)i(execution)f -(time)e(for)i(statemen)m(ts)g(w)m(e)h(shall)e(extend)i(the)f(natural)f -(seman)m(tics)283 3049 y(of)47 b(T)-8 b(able)46 b(2.1)h(to)f(sp)s -(ecify)h(the)g(time)f(requiremen)m(ts.)87 b(This)47 b(is)f(done)h(b)m -(y)h(extending)f(the)283 3169 y(transitions)32 b(to)g(ha)m(v)m(e)i(the) -f(form)527 3345 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b -Ft(i)32 b(!)912 3309 y Fc(t)974 3345 y Fs(s)1022 3309 -y Fi(0)283 3521 y Fu(meaning)k(that)h(if)e Fs(S)49 b -Fu(is)36 b(executed)j(from)d(state)h Fs(s)45 b Fu(then)37 -b(it)f(will)f(terminate)g(in)h(state)i Fs(s)3539 3485 -y Fi(0)3599 3521 y Fu(and)283 3642 y(exactly)d Fs(t)44 -b Fu(time)33 b(units)i(will)d(b)s(e)i(required)h(for)f(this.)48 -b(The)36 b(extension)f(of)f(T)-8 b(able)34 b(2.1)g(is)g(fairly)283 -3762 y(straigh)m(tforw)m(ard)f(and)f(is)g(giv)m(en)h(in)f(T)-8 -b(able)32 b(6.4.)283 4046 y Fp(The)45 b(inference)g(system)283 -4231 y Fu(The)34 b(inference)g(system)g(for)e(pro)m(ving)h(the)h(order) -f(of)f(magnitude)g(of)h(the)g(execution)h(time)d(of)283 -4351 y(statemen)m(ts)j(will)c(ha)m(v)m(e)k(assertions)f(of)f(the)h -(form)527 4527 y Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)44 b -Ft(f)33 b Fs(e)39 b Ft(+)33 b Fs(Q)41 b Ft(g)283 4704 -y Fu(where)h Fs(P)51 b Fu(and)40 b Fs(Q)49 b Fu(are)41 -b(predicates)f(as)h(in)e(the)i(previous)g(inference)g(systems)g(and)g -Fs(e)47 b Fu(is)40 b(an)283 4824 y(arithmetic)31 b(expression)j(\(that) -e(is)g Fs(e)40 b Ft(2)33 b Fw(Aexp)p Fu(\).)44 b(The)33 -b(idea)f(is)g(that)552 4992 y Fs(if)54 b Fu(the)33 b(execution)g(of)f -Fs(S)44 b Fu(is)32 b(started)h(in)f(a)h(state)g(satisfying)e -Fs(P)552 5159 y(then)40 b Fu(it)32 b(terminates)f(in)h(a)h(state)g -(satisfying)e Fs(Q)552 5327 y(and)42 b Fu(the)33 b(required)h -(execution)f(time)e(is)h Ft(O)s Fu(\()p Fs(e)7 b Fu(\),)33 -b(that)f(is)g(has)h(order)g(of)f(magnitude)g Fs(e)7 b -Fu(.)283 5494 y(So)33 b(for)f(example)p eop -%%Page: 203 213 -203 212 bop 0 130 a Fw(6.5)112 b(Assertions)37 b(for)g(execution)g -(time)1606 b(203)p 0 193 3473 4 v 0 419 V 0 2490 4 2071 -v 256 530 a Fu([ass)408 545 y Fn(tns)508 530 y Fu(])345 -b Ft(h)o Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(,)33 b Fs(s)8 -b Ft(i)32 b(!)1479 494 y Fi(T)17 b(A)q Fn([)-12 b([)o -Fc(a)p Fn(])g(]+1)1811 530 y Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p -Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])256 -745 y([skip)454 760 y Fn(tns)553 745 y Fu(])300 b Ft(h)o -Fr(skip)p Fu(,)34 b Fs(s)8 b Ft(i)32 b(!)1402 709 y Fn(1)1474 -745 y Fs(s)256 1039 y Fu([comp)511 1054 y Fn(tns)610 -1039 y Fu(])890 952 y Ft(h)o Fs(S)995 967 y Fn(1)1035 -952 y Fu(,)p Fs(s)8 b Ft(i)32 b(!)1281 916 y Fc(t)1306 -925 y Fd(1)1377 952 y Fs(s)1425 916 y Fi(0)1449 952 y -Fu(,)g Ft(h)p Fs(S)1614 967 y Fn(2)1653 952 y Fu(,)p -Fs(s)1728 916 y Fi(0)1752 952 y Ft(i)g(!)1923 916 y Fc(t)1948 -925 y Fd(2)2019 952 y Fs(s)2067 916 y Fi(00)p 890 1016 -1221 4 v 1070 1120 a Ft(h)p Fs(S)1176 1135 y Fn(1)1215 -1120 y Fu(;)p Fs(S)1309 1135 y Fn(2)1349 1120 y Fu(,)g -Fs(s)8 b Ft(i)32 b(!)1627 1084 y Fc(t)1652 1093 y Fd(1)1687 -1084 y Fn(+)p Fc(t)1767 1093 y Fd(2)1839 1120 y Fs(s)1887 -1084 y Fi(00)256 1403 y Fu([if)353 1367 y Fn(tt)341 1428 -y(tns)439 1403 y Fu(])1489 1317 y Ft(h)p Fs(S)1595 1332 -y Fn(1)1634 1317 y Fu(,)p Fs(s)8 b Ft(i)33 b(!)1880 1281 -y Fc(t)1942 1317 y Fs(s)1990 1281 y Fi(0)p 890 1380 1724 -4 v 890 1485 a Ft(h)o Fr(if)g Fs(b)39 b Fr(then)33 b -Fs(S)1451 1500 y Fn(1)1523 1485 y Fr(else)h Fs(S)1828 -1500 y Fn(2)1867 1485 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)2146 -1449 y Fi(T)17 b(B)r Fn([)-12 b([)o Fc(b)p Fn(])g(]+)p -Fc(t)p Fn(+1)2542 1485 y Fs(s)2590 1449 y Fi(0)2688 1403 -y Fu(if)32 b Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(])p Fs(s)41 b Fu(=)32 b Fw(tt)256 1768 y Fu([if)353 -1731 y Fn(\013)341 1792 y(tns)439 1768 y Fu(])1489 1681 -y Ft(h)p Fs(S)1595 1696 y Fn(2)1634 1681 y Fu(,)p Fs(s)8 -b Ft(i)33 b(!)1880 1645 y Fc(t)1942 1681 y Fs(s)1990 -1645 y Fi(0)p 890 1744 V 890 1849 a Ft(h)o Fr(if)g Fs(b)39 -b Fr(then)33 b Fs(S)1451 1864 y Fn(1)1523 1849 y Fr(else)h -Fs(S)1828 1864 y Fn(2)1867 1849 y Fu(,)f Fs(s)8 b Ft(i)32 -b(!)2146 1813 y Fi(T)17 b(B)r Fn([)-12 b([)o Fc(b)p Fn(])g(]+)p -Fc(t)p Fn(+1)2542 1849 y Fs(s)2590 1813 y Fi(0)2688 1768 -y Fu(if)32 b Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 -b(])p Fs(s)41 b Fu(=)32 b Fw(\013)256 2142 y Fu([while)518 -2106 y Fn(tt)506 2167 y(tns)604 2142 y Fu(])890 2056 -y Ft(h)o Fs(S)12 b Fu(,)p Fs(s)c Ft(i)33 b(!)1241 2020 -y Fc(t)1303 2056 y Fs(s)1351 2020 y Fi(0)1375 2056 y -Fu(,)f Ft(h)p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b -Fu(,)33 b Fs(s)2155 2020 y Fi(0)2178 2056 y Ft(i)f(!)2349 -2020 y Fc(t)2374 1996 y Fa(0)2434 2056 y Fs(s)2482 2020 -y Fi(00)p 890 2119 1635 4 v 966 2224 a Ft(h)p Fr(while)i -Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 -b(!)1858 2188 y Fi(T)17 b(B)r Fn([)-12 b([)o Fc(b)p Fn(])g(]+)p -Fc(t)p Fn(+)p Fc(t)2207 2164 y Fa(0)2230 2188 y Fn(+2)2357 -2224 y Fs(s)2405 2188 y Fi(00)2599 2142 y Fu(if)32 b -Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 -b Fu(=)32 b Fw(tt)256 2429 y Fu([while)518 2393 y Fn(\013)506 -2454 y(tns)604 2429 y Fu(])249 b Ft(h)o Fr(while)34 b -Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 -b(!)1771 2393 y Fi(T)17 b(B)r Fn([)-12 b([)p Fc(b)p Fn(])g(])o(+3)2087 -2429 y Fs(s)41 b Fu(if)31 b Ft(B)t Fu([)-17 b([)p Fs(b)6 -b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 b Fw(\013)p 3469 2490 -4 2071 v 0 2493 3473 4 v 294 2654 a Fu(T)-8 b(able)33 -b(6.4:)43 b(Natural)31 b(seman)m(tics)i(for)f Fw(While)f -Fu(with)h(exact)i(execution)f(times)244 2911 y Ft(f)d -Fr(x)g Fu(=)g Fr(3)h Ft(g)f Fr(y)g Fu(:=)g Fr(1)p Fu(;)i -Fr(while)f Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g -Fr(do)g Fu(\()p Fr(y)f Fu(:=)g Fr(y)p Fo(?)p Fr(x)p Fu(;)h -Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(\))h Ft(f)f -Fr(1)g Ft(+)h Fr(true)g Ft(g)0 3102 y Fu(expresses)d(that)d(the)h -(execution)f(of)g(the)g(factorial)e(statemen)m(t)j(from)e(a)g(state)i -(where)g Fr(x)f Fu(has)h(the)0 3222 y(v)-5 b(alue)32 -b Fw(3)h Fu(has)g(order)f(of)g(magnitude)g Fr(1)p Fu(,)h(that)f(is)g -(it)g(is)g(b)s(ounded)h(b)m(y)g(a)g(constan)m(t.)44 b(Similarly)-8 -b(,)244 3413 y Ft(f)30 b Fr(x)h Fo(>)f Fu(0)g Ft(g)g -Fr(y)g Fu(:=)h Fr(1)p Fu(;)g Fr(while)h Ft(:)p Fu(\()p -Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)f Fu(\()p Fr(y)h Fu(:=)f -Fr(y)p Fo(?)p Fr(x)p Fu(;)i Fr(x)e Fu(:=)g Fr(x)p Ft(\000)p -Fr(1)p Fu(\))i Ft(f)e Fr(x)g Ft(+)g Fr(true)i Ft(g)0 -3604 y Fu(expresses)27 b(that)c(the)h(execution)g(of)f(the)h(factorial) -d(statemen)m(t)j(on)f(a)h(state)g(where)g Fr(x)g Fu(is)f(p)s(ositiv)m -(e)0 3724 y(has)33 b(order)g(of)f(magnitude)f Fr(x)p -Fu(.)146 3844 y(F)-8 b(ormally)g(,)30 b Fs(validity)41 -b Fu(of)32 b(the)h(form)m(ula)e Ft(f)h Fs(P)43 b Ft(g)32 -b Fs(S)45 b Ft(f)32 b Fs(e)40 b Ft(+)32 b Fs(Q)42 b Ft(g)32 -b Fu(is)g(de\014ned)i(b)m(y)244 4035 y Ft(j)-17 b Fu(=)331 -4050 y Fn(e)399 4035 y Ft(f)32 b Fs(P)43 b Ft(g)32 b -Fs(S)45 b Ft(f)32 b Fs(e)40 b Ft(+)32 b Fs(Q)42 b Ft(g)0 -4226 y Fu(if)31 b(and)i(only)f(if)244 4417 y(there)h(exists)h(a)e -(natural)f(n)m(um)m(b)s(er)i Fw(k)g Fu(suc)m(h)h(that)e(for)g(all)f -(states)i Fs(s)8 b Fu(,)244 4584 y(if)31 b Fs(P)43 b(s)e -Fu(=)32 b Fw(tt)g Fu(then)h(there)g(exists)h(a)e(state)h -Fs(s)1860 4548 y Fi(0)1916 4584 y Fu(and)g(a)f(n)m(um)m(b)s(er)h -Fs(t)42 b Fu(suc)m(h)34 b(that)244 4752 y Fs(Q)42 b(s)409 -4716 y Fi(0)464 4752 y Fu(=)33 b Fw(tt)p Fu(,)f Ft(h)o -Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)1104 4716 y -Fc(t)1166 4752 y Fs(s)1214 4716 y Fi(0)1237 4752 y Fu(,)h(and)g -Fs(t)42 b Ft(\024)33 b Fw(k)g Fo(?)f Fu(\()p Ft(A)o Fu([)-17 -b([)q Fs(e)7 b Fu(])-17 b(])q Fs(s)8 b Fu(\))0 4943 y(Note)39 -b(that)g(the)h(expression)h Fs(e)46 b Fu(is)39 b(ev)-5 -b(aluated)39 b(in)f(the)i(initial)35 b(state)40 b(rather)f(than)h(the)f -(\014nal)0 5063 y(state.)146 5183 y(The)26 b(axioms)d(and)i(rules)f(of) -g(the)h(inference)g(system)h(are)e(giv)m(en)h(in)e(T)-8 -b(able)25 b(6.5.)40 b(Pro)m(v)-5 b(abilit)m(y)0 5304 -y(of)32 b(the)h(assertion)g Ft(f)f Fs(P)43 b Ft(g)32 -b Fs(S)45 b Ft(f)32 b Fs(e)40 b Ft(+)32 b Fs(Q)42 b Ft(g)32 -b Fu(in)g(the)h(inference)g(system)h(is)e(written)244 -5494 y Ft(`)305 5509 y Fn(e)373 5494 y Ft(f)g Fs(P)43 -b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(e)40 b Ft(+)32 b Fs(Q)42 -b Ft(g)p eop -%%Page: 204 214 -204 213 bop 251 130 a Fw(204)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283 -419 V 283 3119 4 2700 v 350 528 a Fu([ass)502 543 y Fn(e)538 -528 y Fu(])201 b Ft(f)33 b Fs(P)10 b Fu([)p Fs(x)i Ft(7!A)o -Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q(])32 b Ft(g)h -Fs(x)44 b Fu(:=)32 b Fs(a)40 b Ft(f)33 b Fr(1)f Ft(+)h -Fs(P)43 b Ft(g)350 696 y Fu([skip)548 711 y Fn(e)583 -696 y Fu(])156 b Ft(f)33 b Fs(P)43 b Ft(g)32 b Fr(skip)i -Ft(f)e Fr(1)h Ft(+)f Fs(P)43 b Ft(g)350 988 y Fu([comp)605 -1003 y Fn(e)640 988 y Fu(])776 901 y Ft(f)33 b Fs(P)43 -b Ft(^)33 b(B)s Fu([)-17 b([)q Fs(e)1225 865 y Fi(0)1225 -926 y Fn(2)1264 901 y Fu(=)p Fr(u)p Fu(])g(])34 b Ft(g)e -Fs(S)1611 916 y Fn(1)1683 901 y Ft(f)g Fs(e)1817 916 -y Fn(1)1889 901 y Ft(+)h Fs(Q)41 b Ft(^)33 b(B)t Fu([)-17 -b([)p Fs(e)2356 916 y Fn(2)2396 901 y Ft(\024)q Fr(u)p -Fu(])g(])33 b Ft(g)p Fu(,)65 b Ft(f)32 b Fs(Q)42 b Ft(g)32 -b Fs(S)3085 916 y Fn(2)3157 901 y Ft(f)g Fs(e)3291 916 -y Fn(2)3364 901 y Ft(+)g Fs(R)37 b Ft(g)p 776 964 2871 -4 v 1610 1069 a(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)1951 -1084 y Fn(1)1990 1069 y Fu(;)f Fs(S)2116 1084 y Fn(2)2188 -1069 y Ft(f)h Fs(e)2323 1084 y Fn(1)2362 1069 y Fu(+)p -Fs(e)2490 1033 y Fi(0)2490 1094 y Fn(2)2562 1069 y Ft(+)g -Fs(R)j Ft(g)766 1202 y Fu(where)e Fr(u)f Fu(is)f(an)h(un)m(used)h -(logical)c(v)-5 b(ariable)350 1494 y([if)435 1509 y Fn(e)469 -1494 y Fu(])776 1408 y Ft(f)33 b(B)s Fu([)-17 b([)q Fs(b)6 -b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)1443 -1423 y Fn(1)1515 1408 y Ft(f)g Fs(e)40 b Ft(+)32 b Fs(Q)42 -b Ft(g)p Fu(,)97 b Ft(f)33 b(:B)t Fu([)-17 b([)p Fs(b)6 -b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)2799 -1423 y Fn(2)2871 1408 y Ft(f)h Fs(e)39 b Ft(+)33 b Fs(Q)41 -b Ft(g)p 776 1471 2522 4 v 1201 1576 a(f)33 b Fs(P)43 -b Ft(g)32 b Fr(if)h Fs(b)38 b Fr(then)c Fs(S)1998 1591 -y Fn(1)2070 1576 y Fr(else)f Fs(S)2374 1591 y Fn(2)2446 -1576 y Ft(f)g Fs(e)39 b Ft(+)33 b Fs(Q)41 b Ft(g)350 -1833 y Fu([while)600 1848 y Fn(e)634 1833 y Fu(])776 -1747 y Ft(f)33 b Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p -Fu(\))32 b Ft(^)h(B)t Fu([)-17 b([)p Fs(e)1482 1711 y -Fi(0)1534 1747 y Fu(=)p Fr(u)p Fu(])g(])33 b Ft(g)f Fs(S)44 -b Ft(f)33 b Fs(e)2047 1762 y Fn(1)2119 1747 y Ft(+)f -Fs(P)10 b Fu(\()p Fr(z)p Fu(\))33 b Ft(^)g(B)t Fu([)-17 -b([)p Fs(e)7 b Ft(\024)q Fr(u)p Fu(])-17 b(])34 b Ft(g)p -776 1810 2178 4 v 1021 1915 a(f)e(9)p Fw(z)p Fu(.)p Fs(P)10 -b Fu(\()p Fw(z)p Fu(\))33 b Ft(g)f Fr(while)i Fs(b)39 -b Fr(do)33 b Fs(S)44 b Ft(f)32 b Fs(e)40 b Ft(+)32 b -Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33 b Ft(g)766 2048 y Fu(where)h -Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))33 b Ft(\))f(B)s -Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g(B)s -Fu([)-17 b([)q Fs(e)7 b Ft(\025)q Fs(e)2161 2063 y Fn(1)2200 -2048 y Fu(+)p Fs(e)2328 2012 y Fi(0)2352 2048 y Fu(])-17 -b(])q(,)32 b Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33 b Ft(\))f(:)q(B)s -Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g(B)s -Fu([)-17 b([)q Fr(1)p Ft(\024)p Fs(e)7 b Fu(])-17 b(])766 -2216 y(and)33 b Fr(u)g Fu(is)f(an)h(un)m(used)h(logical)29 -b(v)-5 b(ariable)766 2383 y(and)33 b Fw(z)f Fu(ranges)i(o)m(v)m(er)f -(natural)f(n)m(um)m(b)s(ers)h(\(that)f(is)g Fw(z)p Ft(\025)q -Fw(0)p Fu(\))350 2675 y([cons)561 2690 y Fn(e)597 2675 -y Fu(])809 2589 y Ft(f)g Fs(P)967 2552 y Fi(0)1023 2589 -y Ft(g)h Fs(S)44 b Ft(f)32 b Fs(e)1339 2552 y Fi(0)1396 -2589 y Ft(+)g Fs(Q)1573 2552 y Fi(0)1629 2589 y Ft(g)p -776 2652 903 4 v 811 2757 a(f)h Fs(P)43 b Ft(g)32 b Fs(S)44 -b Ft(f)33 b Fs(e)39 b Ft(+)33 b Fs(Q)41 b Ft(g)766 2890 -y Fu(where)34 b(\(for)e(some)h(natural)e(n)m(um)m(b)s(er)i -Fr(k)p Fu(\))g Fs(P)43 b Ft(\))32 b Fs(P)2615 2854 y -Fi(0)2671 2890 y Ft(^)h(B)s Fu([)-17 b([)q Fs(e)2928 -2854 y Fi(0)2952 2890 y Ft(\024)p Fr(k)p Fo(?)p Fs(e)7 -b Fu(])-17 b(])766 3058 y(and)33 b Fs(Q)1040 3021 y Fi(0)1096 -3058 y Ft(\))f Fs(Q)p 3753 3119 4 2700 v 283 3122 3473 -4 v 523 3282 a Fu(T)-8 b(able)33 b(6.5:)43 b(Axiomatic)30 -b(system)k(for)e(order)h(of)f(magnitude)f(of)h(execution)h(time)283 -3568 y(The)41 b(assignmen)m(t)f(statemen)m(t)g(and)f(the)i -Fr(skip)f Fu(statemen)m(t)g(can)g(b)s(e)g(executed)i(in)d(constan)m(t) -283 3688 y(time)32 b(and)g(therefore)i(w)m(e)f(use)h(the)f(arithmetic)d -(expression)k Fr(1)p Fu(.)430 3809 y(The)g(rule)f([comp)1082 -3824 y Fn(e)1117 3809 y Fu(])h(assumes)g(that)g(w)m(e)g(ha)m(v)m(e)h -(pro)s(ofs)e(sho)m(wing)h(that)f Fs(e)3068 3824 y Fn(1)3141 -3809 y Fu(and)h Fs(e)3384 3824 y Fn(2)3457 3809 y Fu(are)f(the)283 -3929 y(order)38 b(of)f(magnitudes)f(of)h(the)h(execution)g(times)e(for) -h(the)h(t)m(w)m(o)g(statemen)m(ts.)58 b(Ho)m(w)m(ev)m(er,)41 -b Fs(e)3716 3944 y Fn(1)283 4050 y Fu(expresses)46 b(the)e(time)d -(requiremen)m(ts)j(of)e Fs(S)1905 4065 y Fn(1)1987 4050 -y Fu(relativ)m(e)h(to)f(the)h(initial)c(state)44 b(of)e -Fs(S)3382 4065 y Fn(1)3464 4050 y Fu(and)h Fs(e)3716 -4065 y Fn(2)283 4170 y Fu(expresses)31 b(the)d(time)e(requiremen)m(ts)i -(relativ)m(e)f(to)g(the)h(initial)c(state)k(of)f Fs(S)2958 -4185 y Fn(2)2997 4170 y Fu(.)42 b(This)28 b(means)f(that)283 -4290 y(w)m(e)42 b(cannot)f(simply)e(use)j Fs(e)1312 4305 -y Fn(1)1392 4290 y Fu(+)e Fs(e)1560 4305 y Fn(2)1641 -4290 y Fu(as)g(the)h(time)f(requiremen)m(t)h(for)f Fs(S)2949 -4305 y Fn(1)2988 4290 y Fu(;)k Fs(S)3126 4305 y Fn(2)3166 -4290 y Fu(.)67 b(W)-8 b(e)41 b(ha)m(v)m(e)h(to)283 4411 -y(replace)37 b Fs(e)670 4426 y Fn(2)745 4411 y Fu(with)f(an)g -(expression)i Fs(e)1636 4375 y Fi(0)1636 4435 y Fn(2)1712 -4411 y Fu(suc)m(h)f(that)f Fs(e)2202 4375 y Fi(0)2202 -4435 y Fn(2)2278 4411 y Fu(ev)-5 b(aluated)36 b(in)f(the)i(initial)32 -b(state)37 b(of)f Fs(S)3717 4426 y Fn(1)283 4531 y Fu(will)28 -b(b)s(ound)j(the)g(v)-5 b(alue)29 b(of)h Fs(e)1340 4546 -y Fn(2)1410 4531 y Fu(in)f(the)i(initial)c(state)j(of)g -Fs(S)2379 4546 y Fn(2)2449 4531 y Fu(\(whic)m(h)g(is)g(the)h(\014nal)e -(state)i(of)f Fs(S)3652 4546 y Fn(1)3691 4531 y Fu(\).)283 -4651 y(This)j(is)e(expressed)k(b)m(y)d(the)h(extended)h(precondition)d -(and)h(p)s(ostcondition)e(of)i Fs(S)3295 4666 y Fn(1)3366 -4651 y Fu(using)f(the)283 4772 y(logical)f(v)-5 b(ariable)31 -b Fr(u)p Fu(.)430 4892 y(The)43 b(rule)f([if)930 4907 -y Fn(e)965 4892 y Fu(])g(is)g(fairly)f(straigh)m(tforw)m(ard)h(since)h -(the)f(time)g(required)g(for)g(the)h(test)g(is)283 5013 -y(constan)m(t.)430 5133 y(In)29 b(the)g(rule)g(for)f(the)i -Fr(while)p Fu(-construct)h(w)m(e)f(assume)f(that)g(the)g(execution)h -(time)d(is)i Fs(e)3571 5148 y Fn(1)3639 5133 y Fu(for)283 -5254 y(the)40 b(b)s(o)s(dy)e(and)h(is)f Fs(e)46 b Fu(for)39 -b(the)g(lo)s(op)e(itself.)61 b(As)39 b(in)f(the)h(rule)f([comp)2844 -5269 y Fn(e)2879 5254 y Fu(])h(w)m(e)h(cannot)f(just)g(use)283 -5374 y Fs(e)335 5389 y Fn(1)413 5374 y Fu(+)e Fs(e)45 -b Fu(as)38 b(the)g(total)e(time)g(required)i(b)s(ecause)h -Fs(e)2184 5389 y Fn(1)2261 5374 y Fu(refers)g(to)e(the)h(state)g(b)s -(efore)g(the)g(b)s(o)s(dy)283 5494 y(of)i(the)g(lo)s(op)f(is)h -(executed)i(and)e Fs(e)47 b Fu(to)40 b(the)g(state)h(after)f(the)g(b)s -(o)s(dy)g(is)g(executed)i(once.)66 b(W)-8 b(e)p eop -%%Page: 205 215 -205 214 bop 0 130 a Fw(6.5)112 b(Assertions)37 b(for)g(execution)g -(time)1606 b(205)p 0 193 3473 4 v 0 515 a Fu(shall)31 -b(therefore)i(require)g(that)f(there)i(is)e(an)g(expression)i -Fs(e)2181 479 y Fi(0)2237 515 y Fu(suc)m(h)g(that)e Fs(e)2720 -479 y Fi(0)2776 515 y Fu(ev)-5 b(aluated)32 b(b)s(efore)0 -636 y(the)i(b)s(o)s(dy)g(will)d(b)s(ound)j Fs(e)41 b -Fu(ev)-5 b(aluated)33 b(after)h(the)g(b)s(o)s(dy)-8 b(.)46 -b(Then)35 b(it)e(m)m(ust)h(b)s(e)f(the)i(case)f(that)g -Fs(e)0 756 y Fu(satis\014es)29 b Fs(e)35 b Ft(\025)28 -b Fs(e)592 771 y Fn(1)659 756 y Fu(+)g Fs(e)815 720 y -Fi(0)866 756 y Fu(b)s(ecause)i Fs(e)35 b Fu(has)28 b(to)f(b)s(ound)h -(the)h(time)d(for)h(executing)i(the)f Fr(while)p Fu(-lo)s(op)0 -877 y(indep)s(enden)m(tly)36 b(of)f(the)h(n)m(um)m(b)s(er)f(of)g(times) -f(it)h(is)g(unfolded.)51 b(As)36 b(w)m(e)g(shall)e(see)i(in)f(Example)0 -997 y(6.36,)45 b(this)e(corresp)s(onds)h(to)f(the)h Fs(r)-5 -b(e)g(curr)g(enc)g(e)44 b(e)-5 b(quations)50 b Fu(that)43 -b(often)g(ha)m(v)m(e)i(to)d(b)s(e)i(solv)m(ed)0 1117 -y(when)29 b(analysing)e(the)i(execution)g(time)e(of)g(programs.)42 -b(Finally)-8 b(,)26 b(the)j(rule)e([cons)2975 1132 y -Fn(e)3012 1117 y Fu(])h(should)g(b)s(e)0 1238 y(straigh)m(tforw)m(ard.) -0 1483 y Fw(Example)37 b(6.35)49 b Fu(W)-8 b(e)29 b(shall)f(no)m(w)h -(pro)m(v)m(e)i(that)e(the)g(execution)h(time)e(of)g(the)i(factorial)c -(state-)0 1604 y(men)m(t)32 b(has)g(order)h(of)e(magnitude)g -Fr(x)p Fu(.)43 b(This)32 b(can)h(b)s(e)f(expressed)j(b)m(y)e(the)f -(follo)m(wing)d(assertion:)244 1818 y Ft(f)h Fr(x)g Fo(>)g -Fr(0)h Ft(g)f Fr(y)g Fu(:=)g Fr(1)p Fu(;)i Fr(while)f -Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p -Fr(y)f Fu(:=)g Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f -Fr(x)p Ft(\000)p Fr(1)p Fu(\))h Ft(f)f Fr(x)g Ft(+)h -Fr(true)g Ft(g)0 2032 y Fu(The)g(inference)g(of)f(this)g(assertion)g -(pro)s(ceeds)h(in)f(a)g(n)m(um)m(b)s(er)h(of)e(stages.)44 -b(First)29 b(w)m(e)i(de\014ne)h(the)0 2153 y(predicate)h -Fs(INV)18 b Fu(\()p Fw(z)p Fu(\))33 b(that)f(is)g(to)g(b)s(e)h(the)g -(in)m(v)-5 b(arian)m(t)31 b(of)h(the)h Fr(while)p Fu(-lo)s(op)244 -2367 y Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Fs(s)40 -b Fu(=)33 b(\()p Fs(s)40 b Fr(x)33 b Fo(>)f Fw(0)h Fu(and)g -Fs(s)40 b Fr(x)33 b Fu(=)f Fw(z)h Fu(+)f Fw(1)p Fu(\))0 -2581 y(The)38 b(logical)d(v)-5 b(ariables)36 b Fr(u)974 -2596 y Fn(1)1051 2581 y Fu(and)h Fr(u)1296 2596 y Fn(2)1373 -2581 y Fu(are)h(used)g(for)f(the)h Fr(while)p Fu(-lo)s(op)e(and)i(the)g -(b)s(o)s(dy)f(of)g(the)0 2702 y Fr(while)p Fu(-lo)s(op,)30 -b(resp)s(ectiv)m(ely)-8 b(.)43 b(W)-8 b(e)30 b(shall)e(\014rst)i -(consider)g(the)g(b)s(o)s(dy)g(of)f(the)h(lo)s(op.)41 -b(Using)29 b([ass)3409 2717 y Fn(e)3445 2702 y Fu(])0 -2822 y(w)m(e)34 b(get)244 3036 y Ft(`)305 3051 y Fn(e)373 -3036 y Ft(f)e Fu(\()p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 -b Ft(^)h Fr(x)p Ft(\024)q Fr(u)1131 3051 y Fn(1)1170 -3036 y Fu(\)[)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p -Fu(])h Ft(g)e Fr(x)h Fu(:=)f Fr(x)h Ft(\000)g Fr(1)g -Ft(f)f Fr(1)h Ft(+)g Fs(INV)18 b Fu(\()p Fw(z)p Fu(\))32 -b Ft(^)h Fr(x)p Ft(\024)q Fr(u)3102 3051 y Fn(1)3174 -3036 y Ft(g)0 3250 y Fu(Similarly)-8 b(,)29 b(w)m(e)k(get)244 -3465 y Ft(`)305 3480 y Fn(e)373 3465 y Ft(f)f Fu(\(\()p -Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\024)q -Fr(u)1169 3480 y Fn(1)1208 3465 y Fu(\)[)p Fr(x)p Ft(7!)p -Fr(x)p Ft(\000)p Fr(1)p Fu(])h Ft(^)f Fr(1)p Ft(\024)p -Fr(u)1942 3480 y Fn(2)1982 3465 y Fu(\)[)p Fr(y)p Ft(7!)p -Fr(y)p Fo(?)p Fr(x)p Fu(])g Ft(g)373 3632 y Fr(y)g Fu(:=)f -Fr(y)h Fo(?)f Fr(x)373 3800 y Ft(f)g Fr(1)h Ft(+)f Fu(\()p -Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\024)q -Fr(u)1308 3815 y Fn(1)1347 3800 y Fu(\)[)p Fr(x)p Ft(7!)p -Fr(x)p Ft(\000)p Fr(1)p Fu(])h Ft(^)f Fr(1)p Ft(\024)q -Fr(u)2082 3815 y Fn(2)2154 3800 y Ft(g)0 4014 y Fu(Before)f(applying)e -(the)i(rule)f([comp)1317 4029 y Fn(e)1352 4014 y Fu(])h(w)m(e)g(ha)m(v) -m(e)h(to)e(mo)s(dify)f(the)i(precondition)f(of)g(the)h(ab)s(o)m(v)m(e)0 -4135 y(assertion.)43 b(W)-8 b(e)33 b(ha)m(v)m(e)244 4349 -y Fs(INV)19 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b -Ft(^)h Fr(x)p Ft(\000)p Fr(1)p Fu(=)p Fr(u)1140 4364 -y Fn(1)1213 4349 y Ft(^)g Fr(1)p Fu(=)p Fr(u)1490 4364 -y Fn(2)244 4516 y Ft(\))f Fu(\(\()p Fs(INV)19 b Fu(\()p -Fw(z)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\024)p Fr(u)1089 4531 -y Fn(1)1129 4516 y Fu(\)[)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p -Fr(1)p Fu(])h Ft(^)f Fr(1)p Ft(\024)p Fr(u)1863 4531 -y Fn(2)1903 4516 y Fu(\)[)p Fr(y)p Ft(7!)p Fr(y)p Fo(?)p -Fr(x)p Fu(])0 4731 y(so)g(using)f([cons)586 4746 y Fn(e)622 -4731 y Fu(])h(w)m(e)h(get)244 4945 y Ft(`)305 4960 y -Fn(e)373 4945 y Ft(f)e Fs(INV)19 b Fu(\()p Fw(z)p Fu(+)p -Fw(1)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\000)p Fr(1)p Fu(=)p -Fr(u)1351 4960 y Fn(1)1424 4945 y Ft(^)g Fr(1)p Fu(=)p -Fr(u)1701 4960 y Fn(2)1773 4945 y Ft(g)373 5113 y Fr(y)g -Fu(:=)f Fr(y)h Fo(?)f Fr(x)373 5280 y Ft(f)g Fr(1)h Ft(+)f -Fu(\()p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h -Fr(x)p Ft(\024)q Fr(u)1308 5295 y Fn(1)1347 5280 y Fu(\)[)p -Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(])h Ft(^)f -Fr(1)p Ft(\024)q Fr(u)2082 5295 y Fn(2)2154 5280 y Ft(g)0 -5494 y Fu(W)-8 b(e)33 b(can)g(no)m(w)g(apply)f([comp)1073 -5509 y Fn(e)1109 5494 y Fu(])g(and)h(get)p eop -%%Page: 206 216 -206 215 bop 251 130 a Fw(206)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527 -515 a Ft(`)588 530 y Fn(e)656 515 y Ft(f)33 b Fs(INV)18 -b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Ft(^)h Fr(x)p -Ft(\000)p Fr(1)p Fu(=)p Fr(u)1634 530 y Fn(1)1707 515 -y Ft(g)656 683 y Fr(y)g Fu(:=)g Fr(y)f Fo(?)h Fr(x)p -Fu(;)f Fr(x)h Fu(:=)g Fr(x)p Ft(\000)p Fr(1)656 851 y -Ft(f)g Fr(1)p Fu(+)p Fr(1)g Ft(+)f Fs(INV)19 b Fu(\()p -Fw(z)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\024)p Fr(u)1680 866 -y Fn(1)1753 851 y Ft(g)283 1036 y Fu(and)g(using)f([cons)939 -1051 y Fn(e)976 1036 y Fu(])g(w)m(e)i(get)527 1221 y -Ft(`)588 1236 y Fn(e)656 1221 y Ft(f)f Fs(INV)18 b Fu(\()p -Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\000)p -Fr(1)p Fu(=)p Fr(u)1634 1236 y Fn(1)1707 1221 y Ft(g)656 -1389 y Fr(y)g Fu(:=)g Fr(y)f Fo(?)h Fr(x)p Fu(;)f Fr(x)h -Fu(:=)g Fr(x)p Ft(\000)p Fr(1)656 1556 y Ft(f)g Fr(1)f -Ft(+)h Fs(INV)18 b Fu(\()p Fw(z)p Fu(\))33 b Ft(^)g Fr(x)p -Ft(\024)p Fr(u)1553 1571 y Fn(1)1626 1556 y Ft(g)283 -1742 y Fu(It)g(is)f(easy)i(to)e(v)m(erify)h(that)527 -1927 y Fs(INV)19 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 -b Ft(\))g(:)q Fu(\()p Fr(x)g Fu(=)h Fr(1)p Fu(\))f Ft(^)h -Fr(x)p Ft(\025)q Fr(1)p Fu(+\()p Fr(x)p Ft(\000)p Fr(1)p -Fu(\),)h(and)527 2095 y Fs(INV)19 b Fu(\()p Fw(0)p Fu(\))32 -b Ft(\))h(:)p Fu(\()p Ft(:)p Fu(\()p Fr(x)g Fu(=)f Fr(1)p -Fu(\)\))h Ft(^)g Fr(1)p Ft(\024)q Fr(x)283 2280 y Fu(Therefore)h(w)m(e) -g(can)f(use)g(the)g(rule)f([while)1829 2295 y Fn(e)1864 -2280 y Fu(])h(and)f(get)582 2448 y Ft(`)643 2463 y Fn(e)711 -2448 y Ft(f)g(9)p Fw(z)p Fu(.)p Fs(INV)19 b Fu(\()p Fw(z)p -Fu(\))32 b Ft(g)h Fr(while)g Ft(:)q Fu(\()p Fr(x)p Fu(=)p -Fr(1)p Fu(\))g Fr(do)g Fu(\()p Fr(y)f Fu(:=)h Fr(y)p -Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p -Fr(1)p Fu(\))i Ft(f)e Fr(x)h Ft(+)f Fs(INV)19 b Fu(\()p -Fw(0)p Fu(\))32 b Ft(g)283 2615 y Fu(W)-8 b(e)33 b(shall)f(no)m(w)h -(apply)f(the)h(axiom)e([ass)1761 2630 y Fn(e)1797 2615 -y Fu(])i(to)f(the)h(statemen)m(t)g Fr(y)g Fu(:=)g Fr(1)f -Fu(and)h(get)527 2801 y Ft(`)588 2816 y Fn(e)656 2801 -y Ft(f)g Fu(\()p Ft(9)p Fw(z)p Fu(.)p Fs(INV)18 b Fu(\()p -Fw(z)p Fu(\))33 b Ft(^)g Fr(1)p Ft(\024)p Fr(u)1546 2816 -y Fn(3)1586 2801 y Fu(\)[)p Fr(y)p Ft(7!)p Fr(1)p Fu(])g -Ft(g)f Fr(y)h Fu(:=)f Fr(1)h Ft(f)g Fr(1)f Ft(+)h(9)p -Fw(z)p Fu(.)p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h -Fr(1)p Ft(\024)p Fr(u)3327 2816 y Fn(3)3400 2801 y Ft(g)283 -2986 y Fu(W)-8 b(e)33 b(ha)m(v)m(e)527 3171 y Fr(x)p -Fo(>)p Fr(0)g Ft(^)g Fr(1)p Fu(=)p Fr(u)1015 3186 y Fn(3)1088 -3171 y Ft(\))f Fu(\()p Ft(9)p Fw(z)p Fu(.)p Fs(INV)19 -b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h Fr(1)p Ft(\024)p Fr(u)2027 -3186 y Fn(3)2067 3171 y Fu(\)[)p Fr(y)p Ft(7!)p Fr(1)p -Fu(])283 3356 y(so)g(using)f([cons)869 3371 y Fn(e)906 -3356 y Fu(])h(w)m(e)g(get)527 3542 y Ft(`)588 3557 y -Fn(e)656 3542 y Ft(f)g Fr(x)p Fo(>)p Fr(0)g Ft(^)f Fr(1)p -Fu(=)p Fr(u)1226 3557 y Fn(3)1299 3542 y Ft(g)g Fr(y)h -Fu(:=)f Fr(1)h Ft(f)g Fr(1)f Ft(+)h(9)p Fw(z)p Fu(.)p -Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h Fr(1)p Ft(\024)p -Fr(u)2713 3557 y Fn(3)2786 3542 y Ft(g)283 3727 y Fu(The)h(rule)e -([comp)934 3742 y Fn(e)969 3727 y Fu(])h(no)m(w)g(giv)m(es)527 -3912 y Ft(`)588 3927 y Fn(e)656 3912 y Ft(f)g Fr(x)p -Fo(>)p Fr(0)g Ft(g)656 4080 y Fr(y)g Fu(:=)g Fr(1)p Fu(;)f -Fr(while)i Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))e -Fr(do)i Fu(\()p Fr(y)e Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g -Fr(x)f Fu(:=)h Fr(x)p Ft(\000)p Fr(1)p Fu(\))656 4248 -y Ft(f)g Fr(1)p Fu(+)p Fr(x)g Ft(+)f Fs(INV)19 b Fu(\()p -Fw(0)p Fu(\))32 b Ft(g)283 4433 y Fu(Clearly)g(w)m(e)i(ha)m(v)m(e)527 -4618 y Fr(x)p Fo(>)p Fu(0)f Ft(\))f Fr(1)p Fu(+)p Fr(x)h -Ft(\024)g Fw(2)p Fo(?)p Fr(x)p Fu(,)g(and)527 4786 y -Fs(INV)19 b Fu(\()p Fw(0)p Fu(\))32 b Ft(\))h Fr(true)283 -4971 y Fu(so)g(applying)f(rule)g([cons)1208 4986 y Fn(e)1244 -4971 y Fu(])h(w)m(e)g(get)527 5156 y Ft(`)588 5171 y -Fn(e)656 5156 y Ft(f)g Fr(x)f Fo(>)h Fu(0)f Ft(g)656 -5324 y Fr(y)h Fu(:=)g Fr(1)p Fu(;)f Fr(while)i Ft(:)q -Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))e Fr(do)i Fu(\()p -Fr(y)e Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)f Fu(:=)h -Fr(x)p Ft(\000)p Fr(1)p Fu(\))656 5492 y Ft(f)g Fr(x)f -Ft(+)h Fr(true)g Ft(g)p eop -%%Page: 207 217 -207 216 bop 0 130 a Fw(6.5)112 b(Assertions)37 b(for)g(execution)g -(time)1606 b(207)p 0 193 3473 4 v 0 515 a Fu(as)33 b(required.)2902 -b Fh(2)0 760 y Fw(Example)37 b(6.36)49 b Fu(Assume)31 -b(no)m(w)h(that)f(w)m(e)h(w)m(an)m(t)f(to)g(determine)f(an)h -(arithmetic)e(expression)0 881 y Fs(e)52 896 y Fn(fac)177 -881 y Fu(suc)m(h)34 b(that)244 1096 y Ft(`)305 1111 y -Fn(e)373 1096 y Ft(f)e Fr(x)h Fo(>)f Fu(0)h Ft(g)373 -1263 y Fr(y)g Fu(:=)f Fr(1)p Fu(;)h Fr(while)h Ft(:)p -Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p -Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f -Fr(x)p Ft(\000)p Fr(1)p Fu(\))373 1431 y Ft(f)g Fs(e)507 -1446 y Fn(fac)632 1431 y Ft(+)h Fr(true)g Ft(g)0 1646 -y Fu(In)f(other)h(w)m(ords)g(w)m(e)g(w)m(an)m(t)g(to)e(determine)h(the) -h(order)f(of)f(magnitude)g(of)h(the)g(time)f(required)0 -1767 y(to)44 b(execute)j(the)e(factorial)d(statemen)m(t.)81 -b(W)-8 b(e)45 b(can)g(then)g(attempt)f(constructing)h(a)f(pro)s(of)0 -1887 y(of)36 b(the)g(ab)s(o)m(v)m(e)i(assertion)e(using)g(the)g -(inference)h(system)h(of)d(T)-8 b(able)36 b(6.5)g(with)g -Fs(e)2974 1902 y Fn(fac)3103 1887 y Fu(b)s(eing)f(an)0 -2007 y(unsp)s(eci\014ed)45 b(arithmetic)c(expression.)77 -b(The)45 b(v)-5 b(arious)42 b(side)i(conditions)e(of)h(the)h(rules)g -(will)0 2128 y(then)32 b(sp)s(ecify)g(a)g(set)g(of)f(\(in\)equations)g -(that)h(ha)m(v)m(e)h(to)e(b)s(e)h(ful\014lled)d(b)m(y)k -Fs(e)2698 2143 y Fn(fac)2822 2128 y Fu(in)e(order)h(for)f(the)0 -2248 y(pro)s(of)h(to)g(exist.)146 2371 y(W)-8 b(e)43 -b(shall)e(\014rst)i(consider)f(the)h(b)s(o)s(dy)f(of)g(the)h(lo)s(op.) -71 b(V)-8 b(ery)43 b(m)m(uc)m(h)g(as)g(in)e(the)i(previous)0 -2491 y(example)32 b(w)m(e)i(get)244 2707 y Ft(`)305 2722 -y Fn(e)373 2707 y Ft(f)e Fs(INV)19 b Fu(\()p Fw(z)p Fu(+)p -Fw(1)p Fu(\))32 b Ft(^)h Fs(e)7 b Fu([)p Fr(x)p Ft(7!)p -Fr(x)p Ft(\000)p Fr(1)p Fu(]=)p Fr(u)1608 2722 y Fn(1)1681 -2707 y Ft(g)373 2874 y Fr(y)33 b Fu(:=)f Fr(y)h Fo(?)f -Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)373 -3042 y Ft(f)g Fr(1)h Ft(+)f Fs(INV)19 b Fu(\()p Fw(z)p -Fu(\))32 b Ft(^)h Fs(e)7 b Ft(\024)q Fr(u)1271 3057 y -Fn(1)1343 3042 y Ft(g)0 3257 y Fu(where)34 b Fs(e)39 -b Fu(is)32 b(the)h(execution)g(time)e(of)h(the)h Fr(while)p -Fu(-construct.)45 b(W)-8 b(e)33 b(can)g(no)m(w)g(apply)f(the)h(rule)0 -3377 y([while)250 3392 y Fn(e)285 3377 y Fu(])f(if)g -Fs(e)40 b Fu(ful\014ls)31 b(the)i(conditions)319 3542 -y Fs(INV)18 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b -Ft(\))g Fs(e)7 b Ft(\025)q Fr(1)p Fu(+)p Fs(e)g Fu([)p -Fr(x)p Ft(7!)q Fr(x)p Ft(\000)p Fr(1)p Fu(])319 3710 -y Fs(INV)18 b Fu(\()p Fw(0)p Fu(\))33 b Ft(\))f Fr(1)p -Ft(\024)q Fs(e)3348 3627 y Fu(\(*\))0 3871 y(and)h(w)m(e)g(will)e(get) -297 4038 y Ft(`)358 4053 y Fn(e)426 4038 y Ft(f)i(9)p -Fw(z)p Fu(.)p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(g)g -Fr(while)i Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f -Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h -Fr(x)g Fu(:=)g Fr(x)p Ft(\000)p Fr(1)p Fu(\))g Ft(f)f -Fs(e)40 b Ft(+)33 b Fs(INV)18 b Fu(\()p Fw(0)p Fu(\))33 -b Ft(g)0 4206 y Fu(The)h(requiremen)m(t)e(\(*\))h(corresp)s(onds)h(to)e -(the)h(recurrence)h(equation)244 4421 y Fs(T)13 b Fu(\()p -Fr(x)p Fu(\))33 b(=)f Fr(1)h Fu(+)f Fs(T)13 b Fu(\()p -Fr(x)p Ft(\000)p Fr(1)p Fu(\))244 4589 y Fs(T)g Fu(\()p -Fr(1)p Fu(\))33 b(=)f Fr(1)0 4804 y Fu(obtained)d(b)m(y)i(the)f -(standard)g(tec)m(hniques)i(from)d(execution)h(time)f(analysis.)42 -b(If)29 b(w)m(e)i(tak)m(e)g Fs(e)37 b Fu(to)0 4924 y(b)s(e)e -Fr(x)g Fu(then)g(\(*\))g(is)f(ful\014lled.)48 b(The)35 -b(remainder)f(of)g(the)i(pro)s(of)d(is)i(v)m(ery)h(m)m(uc)m(h)f(as)g -(in)f(Exercise)0 5045 y(6.35)e(and)h(w)m(e)g(get)g(that)f -Fs(e)965 5060 y Fn(fac)1090 5045 y Fu(m)m(ust)h(satisfy)244 -5260 y Fr(x)g Fo(>)f Fr(0)h Ft(\))f Fr(x)p Fu(+)p Fr(1)h -Ft(\024)g Fw(k)p Fo(?)p Fs(e)1133 5275 y Fn(fac)1258 -5260 y Fu(for)f(some)g(constan)m(t)i Fw(k)0 5475 y Fu(so)f -Fs(e)172 5490 y Fn(fac)297 5475 y Fu(ma)m(y)f(b)s(e)h(tak)m(en)h(to)e -(b)s(e)h Fr(x)p Fu(.)2161 b Fh(2)p eop -%%Page: 208 218 -208 217 bop 251 130 a Fw(208)1567 b(6)112 b(Axiomatic)35 -b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283 -515 a(Exercise)37 b(6.37)49 b Fu(Mo)s(dify)24 b(the)i(pro)s(of)e(of)g -(Lemma)g(6.30)g(to)h(sho)m(w)h(that)f(the)g(inference)h(system)283 -636 y(of)33 b(T)-8 b(able)32 b(6.5)g(is)g(sound.)2487 -b Fh(2)283 864 y Fw(Exercise)37 b(6.38)49 b Fu(**)43 -b(Suggest)h(an)f(alternativ)m(e)f(rule)h(for)g Fr(while)i -Fs(b)k Fr(do)44 b Fs(S)55 b Fu(that)43 b(expresses)283 -984 y(that)33 b(its)g(execution)h(time,)e(neglecting)g(constan)m(t)i -(factors,)g(is)e(the)i(pro)s(duct)f(of)g(the)g(n)m(um)m(b)s(er)283 -1105 y(of)f(times)f(the)i(lo)s(op)d(is)i(executed)i(and)e(the)h -(maximal)28 b(execution)33 b(time)e(for)g(the)i(b)s(o)s(dy)f(of)f(the) -283 1225 y(lo)s(op.)3188 b Fh(2)283 1454 y Fw(Exercise)37 -b(6.39)49 b Fu(Suggest)e(an)f(inference)h(rule)f(for)g -Fr(repeat)i Fs(S)58 b Fr(until)48 b Fs(b)6 b Fu(.)85 -b(Y)-8 b(ou)47 b(are)f(not)283 1574 y(allo)m(w)m(ed)32 -b(to)h(rely)f(on)g(the)h(existence)i(of)d(a)g Fr(while)p -Fu(-construct)i(in)e(the)h(language.)427 b Fh(2)p eop -%%Page: 209 219 -209 218 bop 0 1180 a Fv(Chapter)78 b(7)0 1595 y(F)-19 -b(urther)78 b(Reading)0 2047 y Fu(In)23 b(this)f(b)s(o)s(ok)g(w)m(e)i -(ha)m(v)m(e)g(co)m(v)m(ered)h(the)e(basic)f(ingredien)m(ts)h(in)f -(three)h(approac)m(hes)h(to)e(seman)m(tics:)145 2233 -y Ft(\017)49 b Fu(op)s(erational)30 b(seman)m(tics,)145 -2430 y Ft(\017)49 b Fu(denotational)30 b(seman)m(tics,)j(and)145 -2628 y Ft(\017)49 b Fu(axiomatic)30 b(seman)m(tics.)0 -2813 y(W)-8 b(e)39 b(ha)m(v)m(e)i(concen)m(trated)g(on)e(a)f(rather)i -(simple)d(language)h(of)h Fr(while)p Fu(-programs)g(and)g(ha)m(v)m(e)0 -2934 y(studied)d(the)h(underlying)e(theories)h(and)g(the)h(formal)c -(relationships)i(b)s(et)m(w)m(een)j(the)e(v)-5 b(arious)0 -3054 y(approac)m(hes.)83 b(The)47 b(p)s(o)m(w)m(er)f(of)f(the)h(three)g -(approac)m(hes)h(ha)m(v)m(e)g(b)s(een)f(illustrated)e(b)m(y)i(v)-5 -b(ari-)0 3174 y(ous)33 b(extensions)i(of)d Fw(While)p -Fu(:)43 b(non-determinism,)31 b(parallelism,)e(recursiv)m(e)35 -b(pro)s(cedures)f(and)0 3295 y(exceptions.)146 3415 y(W)-8 -b(e)24 b(b)s(eliev)m(e)f(that)g(formal)e(seman)m(tics)i(is)g(an)g(imp)s -(ortan)m(t)f(to)s(ol)f(for)i(reasoning)g(ab)s(out)f(man)m(y)0 -3536 y(asp)s(ects)27 b(of)d(the)i(b)s(eha)m(viour)f(of)g(programs)g -(and)g(programming)d(languages.)41 b(T)-8 b(o)25 b(supp)s(ort)h(this)0 -3656 y(b)s(elief)31 b(w)m(e)j(ha)m(v)m(e)g(giv)m(en)e(three)i -(examples,)e(one)h(for)f(eac)m(h)i(approac)m(h)f(to)f(seman)m(tics:)145 -3842 y Ft(\017)49 b Fu(a)32 b(simple)f(compiler,)145 -4039 y Ft(\017)49 b Fu(a)32 b(static)g(program)f(analysis,)h(and)145 -4236 y Ft(\017)49 b Fu(an)32 b(inference)i(system)f(for)f(execution)h -(time.)0 4422 y(In)g(conclusion)e(w)m(e)j(shall)d(pro)m(vide)h(a)g(few) -h(p)s(oin)m(ters)f(to)g(the)h(literature)e(\(mainly)f(textb)s(o)s -(oks\))0 4542 y(where)h(a)e(more)g(comprehensiv)m(e)i(treatmen)m(t)e -(of)g(language)f(features)j(or)e(theoretical)f(asp)s(ects)0 -4663 y(ma)m(y)38 b(b)s(e)h(found.)61 b(W)-8 b(e)38 b(do)h(not)f -(reference)i(the)e(v)-5 b(ast)39 b(n)m(um)m(b)s(er)g(of)f(researc)m(h)h -(publications)e(in)0 4783 y(the)c(area)f(but)h(rely)g(on)f(the)h -(references)i(in)d(the)h(b)s(o)s(oks)f(men)m(tioned.)0 -5069 y Fp(Op)t(erational)46 b(seman)l(tics)0 5254 y Fs(Structur)-5 -b(al)38 b(op)-5 b(er)g(ational)35 b(semantics)42 b Fu(w)m(as)35 -b(in)m(tro)s(duced)g(b)m(y)g(Gordon)f(Plotkin)g(in)f([14].)49 -b(This)0 5374 y(is)29 b(a)h(standard)g(reference)h(and)f(co)m(v)m(ers)i -(a)e(n)m(um)m(b)s(er)g(of)f(features)i(from)d(imp)s(erativ)m(e)g(and)i -(func-)0 5494 y(tional)36 b(languages)h(whereas)j(features)f(from)e -(parallel)e(languages)j(are)g(co)m(v)m(ered)i(in)d([15].)60 -b(A)1663 5849 y(209)p eop -%%Page: 210 220 -210 219 bop 251 130 a Fw(210)2326 b(7)112 b(F)-9 b(urther)37 -b(Reading)p 251 193 3473 4 v 283 515 a Fu(more)42 b(in)m(tro)s(ductory) -g(treatmen)m(t)g(of)g(structural)g(op)s(erational)e(seman)m(tics)i(is)g -(giv)m(en)g(in)g([9].)283 636 y Fs(Natur)-5 b(al)38 b(semantics)j -Fu(is)34 b(deriv)m(ed)i(from)d(structural)h(op)s(erational)e(seman)m -(tics)j(and)f(the)h(basic)283 756 y(ideas)e(are)f(presen)m(ted)j(in)d -([6])h(for)f(a)g(functional)f(language.)430 879 y(Although)36 -b(w)m(e)i(ha)m(v)m(e)h(co)m(v)m(ered)g(man)m(y)e(of)g(the)h(essen)m -(tial)f(ideas)g(b)s(ehind)g(op)s(erational)e(se-)283 -1000 y(man)m(tics)d(w)m(e)i(should)e(lik)m(e)g(to)h(men)m(tion)e(three) -i(tec)m(hniques)i(that)d(ha)m(v)m(e)i(had)f(to)f(b)s(e)h(omitted.)430 -1123 y(A)45 b(tec)m(hnique)h(that)f(is)g(often)g(used)h(when)g(sp)s -(ecifying)e(a)h(structural)g(op)s(erational)e(se-)283 -1243 y(man)m(tics)d(is)g(to)f(extend)j(the)e(syn)m(tactic)h(comp)s -(onen)m(t)f(of)g(the)g(con\014gurations)g(with)g(sp)s(ecial)283 -1364 y(notation)j(for)f(recording)h Fs(p)-5 b(artial)5 -b(ly)45 b(pr)-5 b(o)g(c)g(esse)g(d)44 b(c)-5 b(onstructs)p -Fu(.)76 b(The)45 b(inference)f(system)g(will)283 1484 -y(then)34 b(con)m(tain)f(axioms)g(and)g(rules)g(that)h(handle)f(these)h -(\\extended")h(con\014gurations.)46 b(This)283 1604 y(tec)m(hnique)c -(ma)m(y)f(b)s(e)g(used)g(to)g(sp)s(ecify)g(a)f(structural)g(op)s -(erational)e(seman)m(tics)j(of)f(the)h(lan-)283 1725 -y(guages)k Fw(Blo)s(c)m(k)e Fu(and)h Fw(Pro)s(c)g Fu(in)f(Section)h -(2.5)g(and)h(to)f(sp)s(ecify)g(a)g(structural)g(op)s(erational)283 -1845 y(seman)m(tics)33 b(of)f(expressions.)430 1968 y(Both)j(kinds)h -(of)f(op)s(erational)e(seman)m(tics)i(can)h(easily)e(b)s(e)i(extended)h -(to)e(cop)s(e)h(explicitly)283 2089 y(with)i Fs(dynamic)h(err)-5 -b(ors)46 b Fu(\(as)38 b(e.g.)59 b(division)37 b(b)m(y)h(zero\).)60 -b(The)39 b(idea)e(is)h(to)f(extend)i(the)g(set)f(of)283 -2209 y(con\014gurations)43 b(with)f(sp)s(ecial)g -(error-con\014gurations)g(and)g(then)i(augmen)m(t)e(the)h(inference)283 -2329 y(system)34 b(with)e(extra)h(axioms)f(and)g(rules)h(for)f(ho)m(w)h -(to)f(handle)h(these)h(con\014gurations.)430 2453 y(Often)h(programs)g -(ha)m(v)m(e)h(to)f(ful\014l)f(certain)h(conditions)f(in)g(order)i(to)f -(b)s(e)g Fs(static)-5 b(al)5 b(ly)38 b(wel)5 b(l-)283 -2573 y(forme)-5 b(d)61 b Fu(and)52 b(hence)h(preclude)f(certain)f -(dynamic)g(errors.)101 b(These)53 b(conditions)e(can)h(b)s(e)283 -2693 y(form)m(ulated)39 b(using)g(inductiv)m(ely)g(de\014ned)i -(predicates)g(and)e(ma)m(y)h(b)s(e)g(in)m(tegrated)f(with)g(the)283 -2814 y(op)s(erational)31 b(seman)m(tics.)283 3120 y Fp(Pro)l(v)-7 -b(ably)46 b(correct)f(implemen)l(tation)283 3310 y Fu(The)35 -b Fs(c)-5 b(orr)g(e)g(ctness)34 b(of)i(the)f(implementation)k -Fu(of)33 b(Chapter)h(3)f(w)m(as)h(a)f(relativ)m(ely)f(simple)g(pro)s -(of)283 3430 y(b)s(ecause)f(it)c(w)m(as)j(based)f(on)g(an)g(abstract)g -(mac)m(hine)f(designed)h(for)f(the)h(purp)s(ose.)43 b(In)29 -b(general,)283 3551 y(when)49 b(more)e(realistic)e(mac)m(hines)j(or)f -(larger)f(languages)h(are)g(considered,)53 b(pro)s(ofs)47 -b(easily)283 3671 y(b)s(ecome)42 b(un)m(wieldy)f(and)h(p)s(erhaps)g -(for)e(this)h(reason)h(there)g(is)e(no)i(ideal)d(textb)s(o)s(ok)j(in)e -(this)283 3792 y(area.)50 b(W)-8 b(e)35 b(therefore)h(only)e(reference) -i(t)m(w)m(o)g(researc)m(h)g(pap)s(ers:)48 b([7])35 b(for)f(an)h -(approac)m(h)g(based)283 3912 y(on)e(natural)e(seman)m(tics)i(and)g -([13)o(])g(for)f(an)h(approac)m(h)g(based)g(on)g(denotational)d(seman)m -(tics.)283 4218 y Fp(Denotational)48 b(seman)l(tics)283 -4408 y Fu(A)43 b(general)e(in)m(tro)s(duction)g(to)h -Fs(denotational)g(semantics)50 b Fu(\(as)42 b(dev)m(elop)s(ed)h(b)m(y)g -(C.)f(Strac)m(hey)283 4529 y(and)32 b(D.)f(Scott\))g(ma)m(y)g(b)s(e)h -(found)f(in)g([16].)43 b(It)31 b(co)m(v)m(ers)i(denotational)d(seman)m -(tics)h(for)g(\(mainly\))283 4649 y(imp)s(erativ)m(e)43 -b(languages)g(and)g(co)m(v)m(ers)j(the)e(fundamen)m(tals)f(of)h(domain) -d(theory)k(\(including)283 4769 y(re\015exiv)m(e)38 b(domains\).)52 -b(Another)36 b(go)s(o)s(d)f(reference)j(for)d(imp)s(erativ)m(e)f -(languages)i(is)f([8])h(but)g(it)283 4890 y(do)s(es)j(not)f(co)m(v)m -(er)h(the)f(domain)e(theory)-8 b(.)60 b(W)-8 b(e)39 b(should)f(also)e -(men)m(tion)h(a)h(classic)g(in)f(the)h(\014eld)283 5010 -y([17])29 b(ev)m(en)i(though)f(the)f(domain)f(theory)i(is)e(based)j(on) -e(the)h(\(b)m(y)g(no)m(w)g(obsolete\))f(approac)m(h)g(of)283 -5131 y(complete)j(lattices.)430 5254 y(W)-8 b(e)28 b(ha)m(v)m(e)h -(restricted)f(the)g(treatmen)m(t)g(of)f(domain)g(theory)h(to)f(what)h -(is)g(needed)h(for)e(sp)s(eci-)283 5374 y(fying)g(the)h(denotational)d -(seman)m(tics)j(of)f(the)g Fr(while)p Fu(-language.)42 -b(The)28 b(b)s(ene\014t)g(of)f(this)g(is)g(that)283 5494 -y(w)m(e)34 b(can)f(restrict)f(ourselv)m(es)i(to)e(partial)e(functions)i -(b)s(et)m(w)m(een)j(states)e(and)g(thereb)m(y)h(obtain)d(a)p -eop -%%Page: 211 221 -211 220 bop 3304 130 a Fw(211)p 0 193 3473 4 v 0 515 -a Fu(relativ)m(ely)28 b(simple)f(theoretical)g(dev)m(elopmen)m(t.)43 -b(The)30 b(dra)m(wbac)m(k)h(is)d(that)g(it)g(b)s(ecomes)h(rather)0 -636 y(cum)m(b)s(ersome)34 b(to)g(v)m(erify)g(the)h(existence)g(of)f -(seman)m(tic)f(sp)s(eci\014cations)h(for)g(other)g(languages)0 -756 y(\(as)f(evidenced)h(in)e(Section)g(4.5\).)146 877 -y(The)38 b(traditional)33 b(solution)h(is)i(to)g(dev)m(elop)h(a)f -Fs(meta-language)42 b Fu(for)36 b(expressing)i(denota-)0 -997 y(tional)22 b(de\014nitions.)40 b(The)26 b(theoretical)d -(foundation)g(of)h(this)g(language)g(will)e(then)j(ensure)h(that)0 -1117 y(the)36 b(seman)m(tic)g(functions)g(do)g(exist)h(as)f(long)f(as)h -(one)g(only)g(uses)h(domains)e(and)h(op)s(erations)0 -1238 y(from)d(the)h(meta-language.)46 b(The)35 b(b)s(ene\014t)g(of)f -(this)g(is)f(ob)m(vious;)i(the)g(dra)m(wbac)m(k)h(is)d(that)h(one)0 -1358 y(has)k(to)g(pro)m(v)m(e)h(a)f(fair)e(amoun)m(t)i(of)f(results)h -(but)h(the)f(e\013orts)g(are)g(greatly)f(rew)m(arded)j(in)d(the)0 -1478 y(long)31 b(run.)44 b(Both)33 b([16)o(])g(and)g([17)o(])g(con)m -(tain)f(suc)m(h)i(a)e(dev)m(elopmen)m(t.)146 1599 y(The)45 -b(denotational)c(approac)m(h)j(can)g(handle)g Fs(ab)-5 -b(ortion)50 b Fu(and)44 b Fs(non-determinism)49 b Fu(using)0 -1719 y(a)43 b(kind)g(of)g(p)s(o)m(w)m(ersets)i(called)d(p)s(o)m(w)m -(er-domains.)75 b(Certain)43 b(kinds)h(of)e Fs(p)-5 b(ar)g(al)5 -b(lelism)50 b Fu(can)43 b(b)s(e)0 1840 y(handled)33 b(as)g(w)m(ell)f -(but)h(for)f(man)m(y)h(purp)s(oses)h(it)e(is)g(b)s(etter)h(to)g(use)h -(a)e(structural)h(op)s(erational)0 1960 y(seman)m(tics)g(instead.)0 -2249 y Fp(Static)46 b(program)f(analysis)0 2434 y Fu(A)29 -b(selection)g(of)g Fs(static)j(pr)-5 b(o)g(gr)g(am)30 -b(analysis)37 b Fu(tec)m(hniques)31 b(for)e(imp)s(erativ)m(e)e -(languages)i(\(as)g(w)m(ell)0 2554 y(as)h(tec)m(hniques)i(for)d -(implemen)m(tations)e(on)j(realistic)e(mac)m(hines\))i(is)f(giv)m(en)h -(in)f([3];)i(but)f(unfor-)0 2674 y(tunately)-8 b(,)30 -b(no)g(considerations)f(of)g(correctness)j(are)d(giv)m(en.)43 -b(T)-8 b(reatmen)m(ts)30 b(of)g(correctness)h(are)0 2795 -y(often)i(based)g(on)g(abstract)f(in)m(terpretation)g(and)h([1])f(surv) -m(eys)j(a)e(n)m(um)m(b)s(er)g(of)f(approac)m(hes.)0 3084 -y Fp(Axiomatic)46 b(program)f(v)l(eri\014cation)0 3268 -y Fu(A)g(general)g(in)m(tro)s(duction)f(to)g Fs(pr)-5 -b(o)g(gr)g(am)46 b(veri\014c)-5 b(ation)p Fu(,)47 b(and)f(in)e -(particular)f Fs(axiomatic)j(se-)0 3389 y(mantics)i Fu(ma)m(y)41 -b(b)s(e)g(found)f(in)g([11].)68 b(The)42 b(presen)m(tation)f(co)m(v)m -(ers)h(a)f(\015o)m(w)m(c)m(hart)h(language,)g(a)0 3509 -y Fr(while)p Fu(-language)35 b(and)h(a)f(\(\014rst)h(order\))g -(functional)e(language)g(and)i(also)e(includes)i(a)f(study)0 -3629 y(of)30 b(expressiv)m(eness)k(\(as)c(needed)i(for)d(the)i(in)m -(tensional)d(approac)m(h)j(to)f(axiomatic)d(seman)m(tics\).)0 -3750 y(Man)m(y)32 b(b)s(o)s(oks,)g(including)e([10)o(],)i(dev)m(elop)g -(axiomatic)d(program)h(v)m(eri\014cation)h(together)h(with)0 -3870 y(practically)k(motiv)-5 b(ated)36 b(examples.)60 -b(A)38 b(go)s(o)s(d)f(in)m(tro)s(duction)g(to)g(the)i(analysis)e(of)h -Fs(r)-5 b(esour)g(c)g(e)0 3991 y(r)g(e)g(quir)g(ements)47 -b Fu(of)39 b(programs)f(is)h([2])h(and)f(the)h(form)m(ulation)c(as)k -(formal)d(inference)j(systems)0 4111 y(ma)m(y)32 b(b)s(e)g(found)g(in)f -([12].)43 b(W)-8 b(e)32 b(should)g(also)f(men)m(tion)g(a)h(classic)f -([5])h(that)g(studies)g(soundness)0 4231 y(and)37 b(completeness)h -(prop)s(erties)f(with)f(resp)s(ect)j(to)d(a)h(denotational)e(seman)m -(tics.)57 b(Rules)37 b(for)0 4352 y(pro)s(cedures)d(ma)m(y)e(b)s(e)h -(found)g(in)f([4)o(].)146 4472 y(W)-8 b(e)32 b(should)f(p)s(oin)m(t)f -(out)h(that)g(w)m(e)h(ha)m(v)m(e)h(used)f(the)g(extensional)f(approac)m -(h)g(to)g(sp)s(ecifying)0 4592 y(the)49 b(assertions)f(of)g(the)h -(inference)f(systems.)92 b(This)49 b(allo)m(ws)e(us)h(to)g(concen)m -(trate)i(on)e(the)0 4713 y Fs(formulation)39 b Fu(of)31 -b(the)h(inference)h(systems)g(without)e(ha)m(ving)h(to)f(w)m(orry)i(ab) -s(out)e(the)h Fs(existenc)-5 b(e)0 4833 y Fu(of)29 b(the)h(assertions)h -(in)e(an)g(explicit)g(assertion)g(language.)42 b(Ho)m(w)m(ev)m(er,)32 -b(it)d(is)g(more)g(common)g(to)0 4954 y(use)34 b(the)f(in)m(tensional)e -(approac)m(h)i(as)f(is)g(done)h(in)f([11].)p eop -%%Page: 212 222 -212 221 bop 251 130 a Fw(212)2326 b(7)112 b(F)-9 b(urther)37 -b(Reading)p 251 193 3473 4 v eop -%%Page: 213 223 -213 222 bop 0 1216 a Fv(App)6 b(endix)77 b(A)0 1668 y(Review)g(of)h -(Notation)0 2157 y Fu(W)-8 b(e)33 b(use)h(the)f(follo)m(wing)c -(notation:)319 2316 y Ft(9)644 b Fu(there)33 b(exists)319 -2484 y Ft(8)644 b Fu(for)32 b(all)319 2652 y Ft(f)g Fs(x)44 -b Ft(j)32 b Fo(:)17 b(:)g(:)p Fs(x)12 b Fo(:)17 b(:)g(:)32 -b Ft(g)99 b Fu(the)33 b(set)g(of)g(those)g Fs(x)44 b -Fu(suc)m(h)34 b(that)e Fo(:)17 b(:)g(:)p Fs(x)12 b Fo(:)17 -b(:)g(:)32 b Fu(holds)319 2819 y Fs(x)44 b Ft(2)33 b -Fs(X)439 b(x)44 b Fu(is)33 b(a)f(mem)m(b)s(er)g(of)g(the)h(set)g -Fs(X)319 2987 y(X)48 b Ft(\022)33 b Fs(Y)397 b Fu(set)33 -b Fs(X)49 b Fu(is)32 b(con)m(tained)h(in)f(set)h Fs(Y)319 -3155 y(X)48 b Ft([)33 b Fs(Y)408 b Ft(f)32 b Fs(z)45 -b Ft(j)32 b Fs(z)12 b Ft(2)q Fs(X)48 b Fu(or)32 b Fs(z)12 -b Ft(2)q Fs(Y)52 b Ft(g)32 b Fu(\(union\))319 3322 y -Fs(X)48 b Ft(\\)33 b Fs(Y)408 b Ft(f)32 b Fs(z)45 b Ft(j)32 -b Fs(z)12 b Ft(2)q Fs(X)48 b Fu(and)33 b Fs(z)12 b Ft(2)p -Fs(Y)52 b Ft(g)33 b Fu(\(in)m(tersection\))319 3490 y -Fs(X)48 b Ft(n)33 b Fs(Y)424 b Ft(f)32 b Fs(z)45 b Ft(j)32 -b Fs(z)12 b Ft(2)q Fs(X)48 b Fu(and)33 b Fs(z)12 b Ft(62)p -Fs(Y)52 b Ft(g)33 b Fu(\(set)g(di\013erence\))319 3657 -y Fs(X)48 b Ft(\002)33 b Fs(Y)397 b Ft(f)32 b(h)p Fs(x)12 -b Fu(,)33 b Fs(y)9 b Ft(i)32 b(j)g Fs(x)12 b Ft(2)p Fs(X)49 -b Fu(and)33 b Fs(y)9 b Ft(2)p Fs(Y)52 b Ft(g)33 b Fu(\(Cartesian)f(pro) -s(duct\))319 3825 y Ft(P)8 b Fu(\()p Fs(X)16 b Fu(\))458 -b Ft(f)32 b Fs(Z)47 b Ft(j)32 b Fs(Z)47 b Ft(\022)33 -b Fs(X)49 b Ft(g)32 b Fu(\(p)s(o)m(w)m(erset\))319 3926 -y Fg(S)388 3993 y Ft(Y)563 b(f)32 b Fs(y)42 b Ft(j)32 -b(9)q Fs(Y)19 b Ft(2)q(Y)7 b Fu(:)44 b Fs(y)9 b Ft(2)p -Fs(Y)53 b Ft(g)32 b Fu(\(so)h(that)2306 3926 y Fg(S)2375 -3993 y Ft(f)f Fs(Y)2549 4008 y Fn(1)2589 3993 y Fu(,)g -Fs(Y)2740 4008 y Fn(2)2812 3993 y Ft(g)g Fu(=)h Fs(Y)3094 -4008 y Fn(1)3134 3993 y Ft([)p Fs(Y)3292 4008 y Fn(2)3331 -3993 y Fu(\))319 4160 y Ft(;)649 b Fu(the)33 b(empt)m(y)g(set)319 -4328 y Fw(T)621 b Ft(f)32 b Fw(tt)p Fu(,)g Fw(\013)h -Ft(g)f Fu(\(truth)h(v)-5 b(alues)33 b Fw(tt)e Fu(\(true\))i(and)g -Fw(\013)g Fu(\(false\)\))319 4496 y Fw(N)611 b Ft(f)32 -b Fw(0)p Fu(,)h Fw(1)p Fu(,)g Fw(2)p Fu(,)f Fo(:)17 b(:)g(:)32 -b Ft(g)h Fu(\(natural)e(n)m(um)m(b)s(ers\))319 4663 y -Fw(Z)631 b Ft(f)32 b Fo(:)17 b(:)g(:)p Fu(,)33 b({)p -Fw(2)p Fu(,)f({)p Fw(1)p Fu(,)g Fw(0)p Fu(,)h Fw(1)p -Fu(,)g Fw(2)p Fu(,)f Fo(:)17 b(:)g(:)32 b Ft(g)h Fu(\(in)m(tegers\))319 -4831 y Fs(f)20 b Fu(:)p Fs(X)c Ft(!)p Fs(Y)362 b(f)54 -b Fu(is)32 b(a)g(total)f(function)h(from)f Fs(X)49 b -Fu(to)32 b Fs(Y)319 4998 y(X)16 b Ft(!)o Fs(Y)440 b Ft(f)32 -b Fs(f)54 b Ft(j)32 b Fs(f)21 b Fu(:)p Fs(X)16 b Ft(!)p -Fs(Y)52 b Ft(g)319 5166 y Fs(f)20 b Fu(:)p Fs(X)c Fo(,)-17 -b Ft(!)q Fs(Y)351 b(f)54 b Fu(is)32 b(a)g(partial)e(function)i(from)g -Fs(X)48 b Fu(to)33 b Fs(Y)319 5334 y(X)16 b Fo(,)-17 -b Ft(!)p Fs(Y)429 b Ft(f)32 b Fs(f)54 b Ft(j)32 b Fs(f)21 -b Fu(:)p Fs(X)16 b Fo(,)-17 b Ft(!)p Fs(Y)53 b Ft(g)0 -5494 y Fu(In)41 b(addition)e(to)h(this)g(w)m(e)i(ha)m(v)m(e)g(sp)s -(ecial)e(notations)g(for)g(functions,)i(relations,)g(predicates)1663 -5849 y(213)p eop -%%Page: 214 224 -214 223 bop 251 130 a Fw(214)2151 b(A)112 b(Review)36 -b(of)i(Notation)p 251 193 3473 4 v 283 515 a Fu(and)33 -b(transition)e(systems.)283 797 y Fp(F)-11 b(unctions)283 -981 y Fu(The)34 b(e\013ect)f(of)g(a)f(function)g Fs(f)21 -b Fu(:)p Fs(X)16 b Ft(!)p Fs(Y)52 b Fu(is)32 b(expressed)j(b)m(y)f(its) -e Fs(gr)-5 b(aph)p Fu(:)527 1141 y(graph\()p Fs(f)21 -b Fu(\))33 b(=)f Ft(f)g(h)p Fs(x)12 b Fu(,)32 b Fs(y)9 -b Ft(i2)q Fs(X)16 b Ft(\002)p Fs(Y)52 b Ft(j)33 b Fs(f)53 -b(x)44 b Fu(=)33 b Fs(y)41 b Ft(g)283 1300 y Fu(whic)m(h)23 -b(is)e(merely)g(an)h(elemen)m(t)g(of)f Ft(P)9 b Fu(\()p -Fs(X)16 b Ft(\002)p Fs(Y)k Fu(\).)i(The)h(graph)e(of)h -Fs(f)42 b Fu(has)23 b(the)f(follo)m(wing)d(prop)s(erties)429 -1460 y Ft(\017)48 b(h)p Fs(x)12 b Fu(,)32 b Fs(y)9 b -Ft(i2)q Fu(graph\()p Fs(f)20 b Fu(\))33 b(and)g Ft(h)o -Fs(x)12 b Fu(,)33 b Fs(y)1648 1423 y Fi(0)1671 1460 y -Ft(i2)p Fu(graph\()p Fs(f)21 b Fu(\))32 b(imply)f Fs(y)42 -b Fu(=)32 b Fs(y)2706 1423 y Fi(0)2729 1460 y Fu(,)h(and)429 -1648 y Ft(\017)48 b(8)q Fs(x)12 b Ft(2)p Fs(X)k Fu(:)33 -b Ft(9)p Fs(y)9 b Ft(2)q Fs(Y)19 b Fu(:)33 b Ft(h)p Fs(x)12 -b Fu(,)32 b Fs(y)9 b Ft(i2)33 b Fu(graph\()p Fs(f)20 -b Fu(\))283 1808 y(This)38 b(expresses)i(the)e(single-v)-5 -b(aluedness)37 b(of)g Fs(f)58 b Fu(and)37 b(the)h(totalit)m(y)d(of)i -Fs(f)21 b Fu(.)57 b(W)-8 b(e)38 b(sa)m(y)g(that)f Fs(f)58 -b Fu(is)283 1928 y Fs(inje)-5 b(ctive)40 b Fu(if)31 b -Fs(f)53 b(x)45 b Fu(=)32 b Fs(f)54 b(x)1186 1892 y Fi(0)1241 -1928 y Fu(implies)30 b(that)j Fs(x)44 b Fu(=)32 b Fs(x)2038 -1892 y Fi(0)2062 1928 y Fu(.)430 2049 y(A)h Fs(p)-5 b(artial)43 -b Fu(function)32 b Fs(g)9 b Fu(:)p Fs(X)16 b Fo(,)-17 -b Ft(!)p Fs(Y)53 b Fu(is)33 b(a)f(function)h(from)f(a)g(subset)j -Fs(X)2901 2064 y Fc(g)2974 2049 y Fu(of)e Fs(X)49 b Fu(to)33 -b Fs(Y)19 b Fu(,)34 b(that)e(is)283 2169 y Fs(g)9 b Fu(:)p -Fs(X)452 2184 y Fc(g)492 2169 y Ft(!)p Fs(Y)20 b Fu(.)32 -b(Again)g(one)h(ma)m(y)f(de\014ne)527 2328 y(graph\()p -Fs(g)9 b Fu(\))32 b(=)h Ft(f)f(h)p Fs(x)12 b Fu(,)32 -b Fs(y)9 b Ft(i2)p Fs(X)16 b Ft(\002)q Fs(Y)52 b Ft(j)32 -b Fs(g)41 b(x)k Fu(=)32 b Fs(y)42 b Fu(and)32 b Fs(x)12 -b Ft(2)q Fu(X)2549 2343 y Fc(g)2621 2328 y Ft(g)283 2488 -y Fu(but)32 b(no)m(w)f(only)g(an)g(analogue)f(of)g(the)h(single-v)-5 -b(aluedness)31 b(prop)s(ert)m(y)h(ab)s(o)m(v)m(e)g(is)e(satis\014ed.)43 -b(W)-8 b(e)283 2608 y(shall)33 b(write)h Fs(g)43 b(x)j -Fu(=)34 b Fs(y)43 b Fu(whenev)m(er)36 b Ft(h)p Fs(x)12 -b Fu(,)34 b Fs(y)9 b Ft(i2)q Fu(graph\()p Fs(g)g Fu(\))33 -b(and)h Fs(g)43 b(x)j Fu(=)34 b(undef)p 2778 2621 236 -4 v 35 w(whenev)m(er)i Fs(x)12 b Ft(62)q Fs(X)3689 2623 -y Fc(g)3729 2608 y Fu(,)283 2729 y(that)38 b(is)g(whenev)m(er)i -Ft(:)q(9)p Fs(y)9 b Ft(2)p Fs(Y)20 b Fu(:)38 b Ft(h)p -Fs(x)12 b Fu(,)39 b Fs(y)9 b Ft(i2)p Fu(graph\()p Fs(g)g -Fu(\).)59 b(T)-8 b(o)38 b(distinguish)f(b)s(et)m(w)m(een)j(a)e -(function)f Fs(f)283 2849 y Fu(and)26 b(a)f(partial)e(function)i -Fs(g)34 b Fu(one)25 b(often)g(calls)g Fs(f)46 b Fu(a)25 -b Fs(total)36 b Fu(function.)k(W)-8 b(e)26 b(shall)e(view)h(the)h -(partial)283 2969 y(functions)33 b(as)g(encompassing)f(the)h(total)e -(functions.)430 3090 y(F)-8 b(or)32 b(total)f(functions)h -Fs(f)1309 3105 y Fn(1)1381 3090 y Fu(and)h Fs(f)1622 -3105 y Fn(2)1694 3090 y Fu(w)m(e)g(de\014ne)h(their)e(comp)s(osition)e -Fs(f)2948 3105 y Fn(2)2988 3090 y Ft(\016)o Fs(f)3088 -3105 y Fn(1)3160 3090 y Fu(b)m(y)527 3249 y(\()p Fs(f)616 -3264 y Fn(2)656 3249 y Ft(\016)o Fs(f)756 3264 y Fn(1)796 -3249 y Fu(\))i Fs(x)45 b Fu(=)32 b Fs(f)1115 3264 y Fn(2)1154 -3249 y Fu(\()p Fs(f)1243 3264 y Fn(1)1315 3249 y Fs(x)12 -b Fu(\))283 3408 y(\(Note)43 b(that)g(the)g(opp)s(osite)f(order)h(is)f -(sometimes)f(used)j(in)e(the)h(literature.\))72 b(F)-8 -b(or)42 b(partial)283 3529 y(functions)33 b Fs(g)758 -3544 y Fn(1)830 3529 y Fu(and)f Fs(g)1073 3544 y Fn(2)1145 -3529 y Fu(w)m(e)h(de\014ne)h Fs(g)1624 3544 y Fn(2)1663 -3529 y Ft(\016)p Fs(g)1767 3544 y Fn(1)1839 3529 y Fu(similarly:)602 -3688 y(\()p Fs(g)694 3703 y Fn(2)733 3688 y Ft(\016)p -Fs(g)837 3703 y Fn(1)876 3688 y Fu(\))e Fs(x)45 b Fu(=)32 -b Fs(z)295 b Fu(if)32 b(there)h(exists)g Fs(y)42 b Fu(suc)m(h)34 -b(that)e Fs(g)2661 3703 y Fn(1)2733 3688 y Fs(x)44 b -Fu(=)33 b Fs(y)41 b Fu(and)33 b Fs(g)3263 3703 y Fn(2)3334 -3688 y Fs(y)42 b Fu(=)32 b Fs(z)602 3856 y Fu(\()p Fs(g)694 -3871 y Fn(2)733 3856 y Ft(\016)p Fs(g)837 3871 y Fn(1)876 -3856 y Fu(\))g Fs(x)45 b Fu(=)32 b(undef)p 1144 3869 -V 100 w(if)g Fs(g)1623 3871 y Fn(1)1694 3856 y Fs(x)45 -b Fu(=)32 b(undef)p 1892 3869 V 33 w(or)1479 4023 y(if)g(there)h -(exists)g Fs(y)42 b Fu(suc)m(h)34 b(that)e Fs(g)2661 -4038 y Fn(1)2733 4023 y Fs(x)44 b Fu(=)33 b Fs(y)1479 -4191 y Fu(but)g Fs(g)1712 4206 y Fn(2)1784 4191 y Fs(y)41 -b Fu(=)33 b(undef)p 1981 4204 V 283 4352 a(The)h(iden)m(tit)m(y)e -(function)g(id:)p Fs(X)16 b Ft(!)p Fs(X)48 b Fu(is)32 -b(de\014ned)i(b)m(y)527 4511 y(id)e Fs(x)44 b Fu(=)33 -b Fs(x)283 4671 y Fu(Finally)-8 b(,)28 b(if)h Fs(f)21 -b Fu(:)p Fs(X)16 b Ft(!)p Fs(Y)k Fu(,)29 b Fs(x)12 b -Ft(2)q Fs(X)46 b Fu(and)30 b Fs(y)9 b Ft(2)p Fs(Y)50 -b Fu(then)30 b(the)h(function)e Fs(f)21 b Fu([)p Fs(x)12 -b Ft(7!)p Fs(y)d Fu(]:)p Fs(X)16 b Ft(!)p Fs(Y)49 b Fu(is)30 -b(de\014ned)h(b)m(y)527 5013 y Fs(f)21 b Fu([)p Fs(x)12 -b Ft(7!)p Fs(y)d Fu(])32 b Fs(x)934 4977 y Fi(0)990 5013 -y Fu(=)1098 4838 y Fg(8)1098 4913 y(<)1098 5062 y(:)1214 -4928 y Fs(y)199 b Fu(if)32 b Fs(x)44 b Fu(=)32 b Fs(x)1804 -4892 y Fi(0)1214 5096 y Fs(f)53 b(x)1354 5059 y Fi(0)1460 -5096 y Fu(otherwise)283 5254 y(A)33 b(similar)c(notation)j(ma)m(y)g(b)s -(e)h(used)g(when)h Fs(f)54 b Fu(is)32 b(a)g(partial)e(function.)430 -5374 y(The)25 b(function)e Fs(f)45 b Fu(is)24 b(of)g -Fs(or)-5 b(der)26 b(of)h(magnitude)k(g)9 b Fu(,)25 b(written)f -Ft(O)s Fu(\()p Fs(g)9 b Fu(\),)26 b(if)d(there)h(exists)h(a)f(natural) -283 5494 y(n)m(um)m(b)s(er)33 b Fw(k)g Fu(suc)m(h)h(that)e -Ft(8)q Fs(x)12 b Fu(.)43 b Fs(f)54 b(x)44 b Ft(\024)33 -b Fw(k)g Fo(?)f Fu(\()p Fs(g)41 b(x)12 b Fu(\).)p eop -%%Page: 215 225 -215 224 bop 3304 130 a Fw(215)p 0 193 3473 4 v 0 515 -a Fp(Relations)0 700 y Fu(A)32 b Fs(r)-5 b(elation)34 -b(fr)-5 b(om)39 b(X)49 b(to)38 b(Y)52 b Fu(is)31 b(a)h(subset)i(of)e -Fs(X)16 b Ft(\002)p Fs(Y)52 b Fu(\(that)32 b(is)g(an)g(elemen)m(t)g(of) -f Ft(P)9 b Fu(\()p Fs(X)16 b Ft(\002)q Fs(Y)j Fu(\)\).)32 -b(A)0 820 y(relation)27 b Fs(on)36 b(X)44 b Fu(is)29 -b(a)f(subset)j(of)d Fs(X)16 b Ft(\002)p Fs(X)g Fu(.)29 -b(If)g Fs(f)21 b Fu(:)p Fs(X)16 b Ft(!)p Fs(Y)48 b Fu(or)29 -b Fs(f)21 b Fu(:)p Fs(X)16 b Fo(,)-17 b Ft(!)p Fs(Y)48 -b Fu(then)30 b(the)f(graph)g(of)f Fs(f)49 b Fu(is)29 -b(a)0 941 y(relation.)46 b(\(Sometimes)32 b(a)i(function)g(is)f(iden)m -(ti\014ed)h(with)f(its)h(graph)g(but)g(w)m(e)h(shall)d(k)m(eep)k(the)0 -1061 y(distinction.\))42 b(The)33 b Fs(identity)i(r)-5 -b(elation)40 b Fu(on)32 b Fs(X)49 b Fu(is)32 b(the)h(relation)244 -1253 y(I)279 1268 y Fc(X)379 1253 y Fu(=)f Ft(f)h(h)o -Fs(x)12 b Fu(,)33 b Fs(x)12 b Ft(i)32 b(j)g Fs(x)12 b -Ft(2)p Fs(X)49 b Ft(g)0 1445 y Fu(from)38 b Fs(X)56 b -Fu(to)40 b Fs(X)16 b Fu(.)40 b(When)g Fs(X)56 b Fu(is)40 -b(clear)f(from)f(the)i(con)m(text)h(w)m(e)g(shall)e(omit)e(the)j -(subscript)h Fs(X)0 1565 y Fu(and)33 b(simply)e(write)h(I.)146 -1686 y(If)37 b Fs(R)323 1701 y Fn(1)362 1686 y Ft(\022)q -Fs(X)16 b Ft(\002)p Fs(Y)56 b Fu(and)37 b Fs(R)1002 1701 -y Fn(2)1041 1686 y Ft(\022)q Fs(Y)19 b Ft(\002)q Fs(Z)50 -b Fu(the)37 b Fs(c)-5 b(omp)g(osition)42 b Fu(of)36 b -Fs(R)2304 1701 y Fn(1)2380 1686 y Fu(follo)m(w)m(ed)f(b)m(y)j -Fs(R)2975 1701 y Fn(2)3014 1686 y Fu(,)g(whic)m(h)e(w)m(e)0 -1806 y(denote)d(b)m(y)h Fs(R)525 1821 y Fn(1)564 1806 -y Ft(\005)o Fs(R)689 1821 y Fn(2)729 1806 y Fu(,)e(is)g(de\014ned)i(b)m -(y)244 1998 y Fs(R)319 2013 y Fn(1)358 1998 y Ft(\005)o -Fs(R)483 2013 y Fn(2)555 1998 y Fu(=)f Ft(f)f(h)p Fs(x)12 -b Fu(,)32 b Fs(z)12 b Ft(i)32 b(j)h(9)p Fs(y)9 b Ft(2)p -Fs(Y)20 b Fu(:)33 b Ft(h)o Fs(x)12 b Fu(,)33 b Fs(y)9 -b Ft(i2)p Fs(R)1805 2013 y Fn(1)1877 1998 y Fu(and)33 -b Ft(h)p Fs(y)9 b Fu(,)32 b Fs(z)12 b Ft(i2)p Fs(R)2453 -2013 y Fn(2)2525 1998 y Ft(g)0 2189 y Fu(Note)33 b(that)f(the)h(order)g -(of)f(comp)s(osition)e(di\013ers)j(from)e(that)h(used)i(for)e -(functions,)244 2381 y(graph\()p Fs(f)577 2396 y Fn(2)616 -2381 y Ft(\016)p Fs(f)717 2396 y Fn(1)756 2381 y Fu(\))h(=)f(graph\()p -Fs(f)1268 2396 y Fn(1)1307 2381 y Fu(\))h Ft(\005)e Fu(graph\()p -Fs(f)1793 2396 y Fn(2)1832 2381 y Fu(\))0 2573 y(and)i(that)f(w)m(e)i -(ha)m(v)m(e)g(the)f(equation)244 2765 y(I)g Ft(\005)e -Fs(R)37 b Fu(=)32 b Fs(R)37 b Ft(\005)31 b Fu(I)i(=)f -Fs(R)146 2956 y Fu(If)37 b Fs(R)j Fu(is)c(a)g(relation)e(on)i -Fs(X)52 b Fu(then)37 b(the)g Fs(r)-5 b(e\015exive)38 -b(tr)-5 b(ansitive)38 b(closur)-5 b(e)43 b Fu(is)36 b(the)h(relation)d -Fs(R)3433 2920 y Fi(\003)0 3077 y Fu(on)e Fs(X)49 b Fu(de\014ned)34 -b(b)m(y)244 3269 y Fs(R)319 3232 y Fi(\003)391 3269 y -Fu(=)e Ft(f)h(h)o Fs(x)12 b Fu(,)33 b Fs(x)794 3232 y -Fi(0)817 3269 y Ft(i)f(j)g(9)q Fu(n)p Ft(\025)p Fu(1:)44 -b Ft(9)p Fs(x)1367 3284 y Fn(1)1406 3269 y Fu(,)33 b -Fo(:)17 b(:)g(:)o Fu(,)33 b Fs(x)1697 3284 y Fn(n)1740 -3269 y Fu(:)44 b Fs(x)g Fu(=)32 b Fs(x)2065 3284 y Fn(1)2137 -3269 y Fu(and)h Fs(x)2384 3232 y Fi(0)2439 3269 y Fu(=)g -Fs(x)2605 3284 y Fn(n)948 3436 y Fu(and)g Ft(8)p Fu(i)p -Fo(<)p Fu(n:)43 b Ft(h)p Fs(x)1517 3451 y Fn(i)1540 3436 -y Fu(,)33 b Fs(x)1657 3451 y Fn(i+1)1771 3436 y Ft(i)o(2)q -Fs(R)j Ft(g)0 3628 y Fu(Note)g(that)g(b)m(y)h(taking)e(n=1)h(and)g -Fs(x)12 b Fu(=)p Fs(x)1495 3592 y Fi(0)1517 3628 y Fu(=)p -Fs(x)1650 3643 y Fn(1)1725 3628 y Fu(it)35 b(follo)m(ws)g(that)h(I)p -Ft(\022)p Fs(R)2552 3592 y Fi(\003)2592 3628 y Fu(.)54 -b(In)36 b(a)g(similar)c(w)m(a)m(y)37 b(it)0 3748 y(follo)m(ws)31 -b(that)i Fs(R)t Ft(\022)p Fs(R)759 3712 y Fi(\003)799 -3748 y Fu(.)43 b(Finally)-8 b(,)30 b(w)m(e)k(de\014ne)244 -3940 y Fs(R)319 3904 y Fn(+)411 3940 y Fu(=)e Fs(R)37 -b Ft(\005)31 b Fs(R)784 3904 y Fi(\003)0 4132 y Fu(and)i(observ)m(e)h -(that)e Fs(R)37 b Ft(\022)c Fs(R)1041 4096 y Fn(+)1133 -4132 y Ft(\022)g Fs(R)1318 4096 y Fi(\003)1357 4132 y -Fu(.)0 4419 y Fp(Predicates)0 4603 y Fu(A)h Fs(pr)-5 -b(e)g(dic)g(ate)41 b Fu(on)34 b Fs(X)51 b Fu(is)33 b(a)h(function)g -(from)f Fs(X)50 b Fu(to)34 b Fw(T)p Fu(.)g(If)g Fs(p)6 -b Fu(:)p Fs(X)16 b Ft(!)p Fw(T)34 b Fu(is)g(a)g(predicate)g(on)h -Fs(X)16 b Fu(,)34 b(the)0 4724 y(relation)d(I)393 4739 -y Fc(p)465 4724 y Fu(on)i Fs(X)48 b Fu(is)32 b(de\014ned)i(b)m(y)244 -4916 y(I)279 4931 y Fc(p)351 4916 y Fu(=)f Ft(f)f(h)p -Fs(x)12 b Fu(,)32 b Fs(x)12 b Ft(i)32 b(j)g Fs(x)12 b -Ft(2)q Fs(X)48 b Fu(and)33 b Fs(p)38 b(x)45 b Fu(=)32 -b Fw(tt)g Ft(g)0 5107 y Fu(Note)h(that)f(I)482 5122 y -Fc(p)554 5107 y Ft(\022)h Fu(I)g(and)g(that)244 5299 -y(I)279 5314 y Fc(p)351 5299 y Ft(\005)f Fs(R)k Fu(=)d -Ft(f)f(h)p Fs(x)12 b Fu(,)32 b Fs(y)9 b Ft(i)32 b(j)h -Fs(p)38 b(x)44 b Fu(=)33 b Fw(tt)e Fu(and)i Ft(h)p Fs(x)12 -b Fu(,)32 b Fs(y)9 b Ft(i2)q Fs(R)36 b Ft(g)244 5467 -y Fs(R)h Ft(\005)31 b Fu(I)469 5482 y Fc(q)540 5467 y -Fu(=)h Ft(f)g(h)p Fs(x)12 b Fu(,)32 b Fs(y)9 b Ft(i)33 -b(j)f(h)p Fs(x)12 b Fu(,)32 b Fs(y)9 b Ft(i2)p Fs(R)37 -b Fu(and)c Fs(q)41 b(y)g Fu(=)33 b Fw(tt)e Ft(g)p eop -%%Page: 216 226 -216 225 bop 251 130 a Fw(216)2151 b(A)112 b(Review)36 -b(of)i(Notation)p 251 193 3473 4 v 283 515 a Fp(T)-11 -b(ransition)46 b(systems)283 700 y Fu(A)33 b Fs(tr)-5 -b(ansition)35 b(system)40 b Fu(is)32 b(a)g(triple)f(of)h(the)h(form)527 -904 y(\(\000,T,)g Fh(\003)q Fu(\))283 1107 y(where)h(\000)e(is)g(a)g -(set)h(of)f Fs(c)-5 b(on\014gur)g(ations)p Fu(,)31 b(T)i(is)f(a)g -(subset)i(of)e(\000)g(called)f(the)i Fs(terminal)42 b -Fu(\(or)32 b Fs(\014nal)p Fu(\))283 1227 y(con\014gurations)68 -b(and)34 b Fh(\003)h Fu(is)f(a)f(relation)g(on)h(\000)f(called)g(a)h -Fs(tr)-5 b(ansition)36 b(r)-5 b(elation)p Fu(.)48 b(The)35 -b(relation)283 1348 y Fh(\003)e Fu(m)m(ust)g(satisfy)527 -1551 y Ft(8)q Fo(\015)5 b Ft(2)p Fu(T:)33 b Ft(8)q Fo(\015)947 -1515 y Fi(0)970 1551 y Ft(2)p Fu(\000:)44 b Ft(:)p Fu(\()p -Fo(\015)5 b Fh(\003)q Fo(\015)1462 1515 y Fi(0)1485 1551 -y Fu(\))283 1754 y(An)m(y)32 b(con\014guration)e Fo(\015)36 -b Fu(in)30 b(\000)p Ft(n)p Fu(T)h(suc)m(h)h(that)f(the)g(transition)e -Fo(\015)5 b Fh(\003)q Fo(\015)2717 1718 y Fi(0)2771 1754 -y Fu(holds)31 b(for)f(no)h Fo(\015)3362 1718 y Fi(0)3416 -1754 y Fu(is)f(called)283 1875 y Fs(stuck)p Fu(.)p eop -%%Page: 217 227 -217 226 bop 0 1180 a Fv(App)6 b(endix)77 b(B)0 1595 y(In)-6 -b(tro)6 b(duction)78 b(to)g(Miranda)0 1844 y(Implemen)-6 -b(tations)0 2296 y Fu(In)43 b(this)e(app)s(endix)i(w)m(e)g(giv)m(e)f -(the)h(basic)f(de\014nitions)g(needed)h(to)f(implemen)m(t)e(the)j(v)-5 -b(arious)0 2417 y(seman)m(tic)30 b(de\014nitions)g(in)g -Fw(Miranda)p Fu(.)44 b(Essen)m(tially)-8 b(,)30 b(this)g(amoun)m(ts)h -(to)f(an)h(implemen)m(tation)0 2537 y(of)h(the)h(material)d(of)i -(Chapter)h(1.)0 2870 y Fj(B.1)161 b(Abstract)52 b(syn)l(tax)0 -3089 y Fu(F)-8 b(or)43 b Fw(Num)h Fu(w)m(e)h(c)m(ho)s(ose)h(the)e -(primitiv)m(e)e(t)m(yp)s(e)k Fr(num)f Fu(of)e Fw(Miranda)p -Fu(.)80 b(F)-8 b(or)43 b Fw(V)-9 b(ar)44 b Fu(w)m(e)i(c)m(ho)s(ose)0 -3209 y(strings)32 b(of)h(c)m(haracters)g(and)g(so)g(de\014ne)h(the)f(t) -m(yp)s(e)g(synon)m(ym:)0 3413 y Fr(>)103 b(var)52 b(==)g([char])0 -3616 y Fu(F)-8 b(or)30 b(eac)m(h)h(of)f(the)h(syn)m(tactic)g -(categories)f Fw(Aexp)p Fu(,)i Fw(Bexp)e Fu(and)h Fw(Stm)e -Fu(w)m(e)j(de\014ne)g(an)e(algebraic)0 3736 y(data)47 -b(t)m(yp)s(e)h(taking)f(in)m(to)f(accoun)m(t)i(the)g(v)-5 -b(arious)46 b(p)s(ossibilities)f(men)m(tioned)i(b)m(y)h(the)g(BNF)0 -3857 y(syn)m(tax)34 b(of)e(Section)h(1.2:)0 4060 y Fr(>)103 -b(aexp)52 b(::=)g(N)g(num)g(|)f(V)h(var)g(|)f(Add)i(aexp)f(aexp)g(|)0 -4228 y(>)564 b(Mult)53 b(aexp)f(aexp)g(|)g(Sub)g(aexp)g(aexp)0 -4443 y(>)103 b(bexp)52 b(::=)g(TRUE)h(|)e(FALSE)i(|)e(Eq)h(aexp)g(aexp) -h(|)e(Le)h(aexp)g(aexp)h(|)0 4610 y(>)564 b(Neg)52 b(bexp)h(|)e(And)h -(bexp)h(bexp)0 4825 y(>)103 b(stm)g(::=)52 b(Ass)g(var)g(aexp)h(|)e -(Skip)i(|)e(Comp)h(stm)g(stm)h(|)0 4993 y(>)564 b(If)52 -b(bexp)g(stm)g(stm)g(|)g(While)h(bexp)f(stm)0 5221 y -Fw(Example)37 b(B.1)48 b Fu(The)34 b(factorial)c(statemen)m(t)j(of)f -(Exercise)i(1.1)e(is)g(represen)m(ted)j(b)m(y)1663 5849 -y(217)p eop -%%Page: 218 228 -218 227 bop 251 130 a Fw(218)1049 b(B)111 b(In)m(tro)s(duction)37 -b(to)g(Miranda)h(Implemen)m(tations)p 251 193 3473 4 -v 283 515 a Fr(>)103 b(factorial)54 b(=)d(Comp)i(\(Ass)f("y")g(\(N)g -(1\)\))283 683 y(>)975 b(\(While)53 b(\(Neg)f(\(Eq)g(\(V)g("x"\))g(\(N) -g(1\)\)\))283 851 y(>)1077 b(\(Comp)53 b(\(Ass)f("y")g(\(Mult)h(\(V)f -("y"\))g(\(V)g("x"\)\)\))283 1018 y(>)1385 b(\(Ass)52 -b("x")g(\(Sub)h(\(V)e("x"\))i(\(N)f(1\)\)\)\)\))283 1251 -y Fu(Note)41 b(that)f(this)g(is)g(a)h(represen)m(tation)g(of)f(the)h -Fs(abstr)-5 b(act)42 b(syntax)52 b Fu(of)40 b(the)h(statemen)m(t.)67 -b(One)283 1371 y(ma)m(y)33 b(b)s(e)g(in)m(terested)g(in)f(a)g(parser)i -(that)e(w)m(ould)g(translate)g(the)h(more)f(readable)g(form)527 -1578 y Fr(y)52 b(:=)g(1;)f(while)i Ft(:)p Fr(\(x)f(=)g(1\))g(do)f(\(y)h -(:=)g(y)g(*)f(x;)h(x)f(:=)h(x)g Ft(\000)f Fr(1\))283 -1785 y Fu(in)m(to)26 b(the)g(ab)s(o)m(v)m(e)h(represen)m(tation.)42 -b(Ho)m(w)m(ev)m(er,)29 b(w)m(e)e(shall)d(refrain)h(from)g(undertaking)h -(the)g(task)283 1905 y(of)33 b(implemen)m(ting)c(a)k(parser)g(as)g(w)m -(e)g(are)g(mainly)d(concerned)k(with)f(seman)m(tics.)439 -b Fh(2)283 2138 y Fw(Exercise)37 b(B.2)48 b Fu(Sp)s(ecify)22 -b(an)g(elemen)m(t)f(of)h Fr(stm)g Fu(that)g(represen)m(ts)i(the)e -(statemen)m(t)g(constructed)283 2258 y(in)32 b(Exercise)i(1.2)e(for)g -(computing)g Fs(n)40 b Fu(to)32 b(the)h(p)s(o)m(w)m(er)g(of)f -Fs(m)7 b Fu(.)1220 b Fh(2)283 2595 y Fj(B.2)161 b(Ev)-9 -b(aluation)55 b(of)f(expressions)283 2815 y Fu(W)-8 b(e)47 -b(shall)d(\014rst)i(b)s(e)g(concerned)i(with)d(the)h(represen)m(tation) -h(of)e(v)-5 b(alues)46 b(and)g(states.)84 b(The)283 2936 -y(natural)28 b(n)m(um)m(b)s(ers)i Fw(Z)f Fu(will)d(b)s(e)j(represen)m -(ted)j(b)m(y)d(the)h(t)m(yp)s(e)f Fr(num)h Fu(meaning)d(that)i(the)g -(seman)m(tic)283 3056 y(function)37 b Ft(N)51 b Fu(b)s(ecomes)37 -b(trivial.)54 b(The)38 b(truth)f(v)-5 b(alues)36 b Fw(T)h -Fu(will)e(b)s(e)i(represen)m(ted)i(b)m(y)f(the)f(t)m(yp)s(e)283 -3176 y Fr(bool)d Fu(of)e(b)s(o)s(oleans.)43 b(So)32 b(w)m(e)i(de\014ne) -g(the)f(t)m(yp)s(e)g(synon)m(yms:)283 3384 y Fr(>)103 -b(z)52 b(==)g(num)283 3551 y(>)103 b(t)52 b(==)g(bool)283 -3758 y Fu(The)32 b(set)f Fw(State)f Fu(is)g(de\014ned)i(as)f(the)g(set) -g(of)f(functions)g(from)f(v)-5 b(ariables)30 b(to)g(natural)f(n)m(um)m -(b)s(ers)283 3878 y(so)k(w)m(e)h(de\014ne:)283 4086 y -Fr(>)103 b(state)53 b(==)f(var)g(->)g(z)283 4319 y Fw(Example)37 -b(B.3)49 b Fu(The)38 b(state)g Fr(s)p 1468 4319 31 4 -v 37 w(init)g Fu(that)f(maps)g(all)e(v)-5 b(ariables)36 -b(except)j Fr(x)f Fu(to)e Fw(0)i Fu(and)f(that)283 4439 -y(maps)c Fr(x)g Fu(to)f Fw(3)g Fu(can)h(b)s(e)g(de\014ned)h(b)m(y)283 -4647 y Fr(>)103 b(s)p 494 4647 V 37 w(init)53 b("x")f(=)f(3)283 -4814 y(>)103 b(s)p 494 4814 V 37 w(init)53 b(y)154 b(=)51 -b(0)283 5021 y Fu(Note)32 b(that)g(w)m(e)g(encapsulate)g(the)g(sp)s -(eci\014c)h(v)-5 b(ariable)29 b(name)j Fr(x)f Fu(in)g(quotes)i(whereas) -g Fr(y)f Fu(can)g(b)s(e)283 5141 y(an)m(y)i(v)-5 b(ariable.)2851 -b Fh(2)430 5374 y Fu(The)35 b(functions)g Ft(A)f Fu(and)g -Ft(B)k Fu(will)32 b(b)s(e)j(called)e Fr(a)p 2119 5374 -V 37 w(val)i Fu(and)g Fr(b)p 2587 5374 V 37 w(val)g Fu(in)f(the)h -(implemen)m(tation)283 5494 y(and)e(they)h(are)e(de\014ned)i(b)m(y)g -(directly)e(translating)e(T)-8 b(ables)33 b(1.1)f(and)h(1.2)f(in)m(to)g -Fw(Miranda)p Fu(:)p eop -%%Page: 219 229 -219 228 bop 0 130 a Fw(B.2)112 b(Ev)-6 b(aluation)36 -b(of)i(expressions)1787 b(219)p 0 193 3473 4 v 0 515 -a Fr(>)103 b(a)p 211 515 31 4 v 37 w(val)52 b(::)g(aexp)g(->)g(state)h -(->)e(z)0 683 y(>)103 b(b)p 211 683 V 37 w(val)52 b(::)g(bexp)g(->)g -(state)h(->)e(t)0 898 y(>)103 b(a)p 211 898 V 37 w(val)52 -b(\(N)g(n\))g(s)410 b(=)52 b(n)0 1065 y(>)103 b(a)p 211 -1065 V 37 w(val)52 b(\(V)g(x\))g(s)410 b(=)52 b(s)f(x)0 -1233 y(>)103 b(a)p 211 1233 V 37 w(val)52 b(\(Add)g(a1)g(a2\))g(s)103 -b(=)52 b(\(a)p 1427 1233 V 37 w(val)g(a1)g(s\))g(+)f(\(a)p -2181 1233 V 38 w(val)h(a2)g(s\))0 1401 y(>)103 b(a)p -211 1401 V 37 w(val)52 b(\(Mult)h(a1)e(a2\))h(s)g(=)g(\(a)p -1427 1401 V 37 w(val)g(a1)g(s\))g(*)f(\(a)p 2181 1401 -V 38 w(val)h(a2)g(s\))0 1568 y(>)103 b(a)p 211 1568 V -37 w(val)52 b(\(Sub)g(a1)g(a2\))g(s)103 b(=)52 b(\(a)p -1427 1568 V 37 w(val)g(a1)g(s\))g(-)f(\(a)p 2181 1568 -V 38 w(val)h(a2)g(s\))0 1783 y(>)103 b(b)p 211 1783 V -37 w(val)52 b(TRUE)g(s)462 b(=)52 b(True)0 1951 y(>)103 -b(b)p 211 1951 V 37 w(val)52 b(FALSE)h(s)410 b(=)52 b(False)0 -2118 y(>)103 b(b)p 211 2118 V 37 w(val)52 b(\(Eq)g(a1)g(a2\))g(s)154 -b(=)52 b(True,)103 b(if)p 1677 2131 103 4 v 52 w(a)p -1888 2118 31 4 v 37 w(val)52 b(a1)g(s)g(=)f(a)p 2540 -2118 V 38 w(val)h(a2)f(s)0 2286 y(>)1179 b(=)52 b(False,)h(if)p -1692 2299 103 4 v 52 w(a)p 1903 2286 31 4 v 37 w(val)f(a1)g(s)f(~=)h(a) -p 2606 2286 V 37 w(val)g(a2)g(s)0 2454 y(>)103 b(b)p -211 2454 V 37 w(val)52 b(\(Le)g(a1)g(a2\))g(s)154 b(=)52 -b(True,)103 b(if)p 1677 2467 103 4 v 52 w(a)p 1888 2454 -31 4 v 37 w(val)52 b(a1)g(s)g(<=)g(a)p 2592 2454 V 37 -w(val)g(a2)g(s)0 2621 y(>)1179 b(=)52 b(False,)h(if)p -1692 2634 103 4 v 52 w(a)p 1903 2621 31 4 v 37 w(val)f(a1)g(s)f(>)h(a)p -2555 2621 V 37 w(val)g(a2)g(s)0 2789 y(>)103 b(b)p 211 -2789 V 37 w(val)52 b(\(Neg)g(b\))g(s)308 b(=)52 b(True,)103 -b(if)p 1677 2802 103 4 v 52 w(b)p 1888 2789 31 4 v 37 -w(val)52 b(b)g(s)g(=)f(False)0 2957 y(>)1179 b(=)52 b(False,)h(if)p -1692 2970 103 4 v 52 w(b)p 1903 2957 31 4 v 37 w(val)f(b)f(s)h(=)f -(True)0 3124 y(>)103 b(b)p 211 3124 V 37 w(val)52 b(\(And)g(b1)g(b2\))g -(s)103 b(=)52 b(True,)103 b(if)p 1677 3137 103 4 v 52 -w(b)p 1888 3124 31 4 v 37 w(val)52 b(b1)g(s)g(=)f(True)i(&)0 -3292 y(>)1795 b(b)p 1903 3292 V 37 w(val)52 b(b2)g(s)f(=)h(True)0 -3459 y(>)1179 b(=)52 b(False,)h(if)p 1692 3472 103 4 -v 52 w(b)p 1903 3459 31 4 v 37 w(val)f(b1)g(s)f(=)h(False)g(\\/)0 -3627 y(>)1795 b(b)p 1903 3627 V 37 w(val)52 b(b2)g(s)f(=)h(False)0 -3831 y Fw(Exercise)36 b(B.4)49 b Fu(Construct)37 b(an)f(algebraic)f -(data)g(t)m(yp)s(e)i(for)f(the)g(binary)g(n)m(umerals)g(consid-)0 -3952 y(ered)46 b(in)e(Section)h(1.3.)81 b(De\014ne)45 -b(a)g(function)f Fr(n)p 1796 3952 V 38 w(val)h Fu(that)g(asso)s(ciates) -h(a)e(n)m(um)m(b)s(er)i(\(in)e(the)0 4072 y(decimal)31 -b(system\))i(to)f(eac)m(h)i(n)m(umeral.)1968 b Fh(2)0 -4276 y Fw(Exercise)36 b(B.5)49 b Fu(De\014ne)33 b(functions)0 -4461 y Fr(>)103 b(fv)p 262 4461 V 37 w(aexp)53 b(::)e(aexp)i(->)e -([var])0 4629 y(>)103 b(fv)p 262 4629 V 37 w(bexp)53 -b(::)e(bexp)i(->)e([var])0 4814 y Fu(computing)35 b(the)i(set)g(of)f -(free)h(v)-5 b(ariables)35 b(o)s(ccurring)h(in)g(an)g(expression.)56 -b(Ensure)38 b(that)e(eac)m(h)0 4935 y(v)-5 b(ariable)31 -b(o)s(ccurs)i(at)f(most)g(once)i(in)d(the)i(resulting)f(lists.)1270 -b Fh(2)0 5139 y Fw(Exercise)36 b(B.6)49 b Fu(De\014ne)33 -b(functions)0 5324 y Fr(>)103 b(subst)p 415 5324 V 38 -w(aexp)52 b(::)g(aexp)g(->)g(var)g(->)g(aexp)g(->)g(aexp)0 -5492 y(>)103 b(subst)p 415 5492 V 38 w(bexp)52 b(::)g(bexp)g(->)g(var)g -(->)g(aexp)g(->)g(bexp)p eop -%%Page: 220 230 -220 229 bop 251 130 a Fw(220)1049 b(B)111 b(In)m(tro)s(duction)37 -b(to)g(Miranda)h(Implemen)m(tations)p 251 193 3473 4 -v 283 515 a Fu(implemen)m(ting)f(the)i(substitution)g(op)s(erations,)h -(that)f(is)g Fr(subst)p 2718 515 31 4 v 38 w(aexp)h Fs(a)46 -b(y)i(a)3242 530 y Fn(0)3321 515 y Fu(constructs)283 -636 y Fs(a)7 b Fu([)p Fs(y)i Ft(7!)q Fs(a)581 651 y Fn(0)620 -636 y Fu(])33 b(and)g Fr(subst)p 1131 636 V 38 w(bexp)g -Fs(b)39 b(y)i(a)1629 651 y Fn(0)1702 636 y Fu(constructs)34 -b Fs(b)6 b Fu([)p Fs(y)j Ft(7!)o Fs(a)2459 651 y Fn(0)2499 -636 y Fu(].)1128 b Fh(2)p eop -%%Page: 221 231 -221 230 bop 0 1182 a Fv(App)6 b(endix)77 b(C)0 1599 y(Op)6 -b(erational)77 b(Seman)-6 b(tics)77 b(in)0 1848 y(Miranda)0 -2303 y Fu(In)41 b(this)f(app)s(endix)g(w)m(e)i(implemen)m(t)c(the)j -(natural)e(seman)m(tics)i(and)f(the)h(structural)f(op)s(era-)0 -2423 y(tional)23 b(seman)m(tics)j(of)f(Chapter)h(2)f(in)g -Fw(Miranda)h Fu(and)f(sho)m(w)i(ho)m(w)f(similar)c(tec)m(hniques)27 -b(can)f(b)s(e)0 2544 y(used)h(to)f(implemen)m(t)f(an)h(in)m(terpreter)h -(for)e(the)i(abstract)g(mac)m(hine)e(and)i(the)f(co)s(de)h(generation)0 -2664 y(of)32 b(Chapter)h(3.)146 2787 y(W)-8 b(e)30 b(shall)d(need)k -(the)e(de\014nitions)g(from)e(App)s(endix)j(B)f(so)g(w)m(e)h(b)s(egin)f -(b)m(y)h(including)d(these:)0 3005 y Fr(>)103 b(\045include)p -154 3027 411 4 v 53 w("appB")0 3220 y Fu(In)46 b(Chapter)g(2)f(w)m(e)i -(distinguish)d(b)s(et)m(w)m(een)j(t)m(w)m(o)f(kinds)g(of)f -(con\014gurations,)k(in)m(termediate)0 3340 y(con\014gurations)44 -b(and)g(\014nal)f(con\014gurations.)77 b(This)45 b(is)e(captured)i(b)m -(y)g(the)f(algebraic)f(data)0 3461 y(t)m(yp)s(e:)0 3677 -y Fr(>)103 b(config)53 b(::=)f(Inter)g(stm)g(state)h(|)f(Final)g(state) -0 3892 y Fu(In)34 b(the)g(next)g(section)g(w)m(e)g(shall)e(sho)m(w)j -(ho)m(w)f(the)g(natural)f(seman)m(tics)g(can)h(b)s(e)g(implemen)m(ted)0 -4012 y(and)f(after)f(that)g(w)m(e)i(shall)d(turn)i(to)f(the)h -(structural)g(op)s(erational)d(seman)m(tics.)0 4358 y -Fj(C.1)160 b(Natural)56 b(seman)l(tics)0 4582 y Fu(Corresp)s(onding)22 -b(to)g(the)h(relation)e Ft(!)h Fu(in)f(Section)i(2.1)e(w)m(e)j(shall)d -(in)m(tro)s(duce)h(a)g(function)g Fr(ns)p 3287 4582 31 -4 v 38 w(stm)0 4702 y Fu(of)32 b(t)m(yp)s(e)0 4919 y -Fr(>)103 b(ns)p 262 4919 V 37 w(stm)52 b(::)g(config)h(->)f(config)0 -5133 y Fu(The)45 b(argumen)m(t)f(of)g(this)g(function)g(corresp)s(onds) -h(to)f(the)h(left-hand)e(side)h(of)g Ft(!)g Fu(whereas)0 -5254 y(the)c(result)g(pro)s(duced)g(will)e(corresp)s(ond)i(to)f(the)i -(righ)m(t-hand)d(side)i(of)f(the)h(relation.)63 b(This)0 -5374 y(is)45 b(p)s(ossible)g(b)s(ecause)i(Theorem)f(2.9)f(sho)m(ws)j -(that)d(the)h(relation)e(is)h(deterministic.)81 b(The)0 -5494 y(de\014nition)32 b(of)g Fr(ns)p 653 5494 V 37 w(stm)h -Fu(follo)m(ws)f(closely)g(the)h(de\014nition)e(of)i Ft(!)f -Fu(in)f(T)-8 b(able)33 b(2.1:)1663 5849 y(221)p eop -%%Page: 222 232 -222 231 bop 251 130 a Fw(222)1420 b(C)112 b(Op)s(erational)37 -b(Seman)m(tics)g(in)g(Miranda)p 251 193 3473 4 v 283 -515 a Fr(>)103 b(ns)p 545 515 31 4 v 38 w(stm)52 b(\(Inter)h(\(Ass)f(x) -f(a\))h(s\))283 683 y(>)411 b(=)51 b(Final)i(\(update)g(s)f(x)f(\(a)p -1878 683 V 38 w(val)h(a)f(s\)\))283 851 y(>)513 b(where)p -847 864 257 4 v 283 1018 a(>)g(update)53 b(s)f(x)f(v)h(y)f(=)h(v,)g(if) -p 1873 1031 103 4 v 52 w(x)f(=)h(y)283 1186 y(>)1282 -b(=)52 b(s)f(y,)h(otherwise)p 1975 1199 462 4 v 283 1401 -a(>)103 b(ns)p 545 1401 31 4 v 38 w(stm)52 b(\(Inter)h(\(Skip\))f(s\))g -(=)g(Final)g(s)283 1616 y(>)103 b(ns)p 545 1616 V 38 -w(stm)52 b(\(Inter)h(\(Comp)f(ss1)g(ss2\))h(s\))283 1783 -y(>)411 b(=)51 b(Final)i(s'')283 1951 y(>)513 b(where)p -847 1964 257 4 v 283 2118 a(>)g(Final)53 b(s')f(=)f(ns)p -1519 2118 31 4 v 38 w(stm)h(\(Inter)h(ss1)f(s\))283 2286 -y(>)513 b(Final)53 b(s'')f(=)g(ns)p 1571 2286 V 37 w(stm)g(\(Inter)h -(ss2)f(s'\))283 2501 y(>)103 b(ns)p 545 2501 V 38 w(stm)52 -b(\(Inter)h(\(If)f(b)f(ss1)h(ss2\))h(s\))283 2669 y(>)411 -b(=)51 b(Final)i(s',)f(if)p 1360 2682 103 4 v 52 w(b)p -1571 2669 31 4 v 37 w(val)g(b)g(s)283 2836 y(>)513 b(where)p -847 2849 257 4 v 283 3004 a(>)g(Final)53 b(s')f(=)f(ns)p -1519 3004 31 4 v 38 w(stm)h(\(Inter)h(ss1)f(s\))283 3219 -y(>)103 b(ns)p 545 3219 V 38 w(stm)52 b(\(Inter)h(\(If)f(b)f(ss1)h -(ss2\))h(s\))283 3386 y(>)411 b(=)51 b(Final)i(s',)f(if)p -1360 3399 103 4 v 52 w(~b)p 1622 3386 31 4 v 37 w(val)g(b)g(s)283 -3554 y(>)513 b(where)p 847 3567 257 4 v 283 3722 a(>)g(Final)53 -b(s')f(=)f(ns)p 1519 3722 31 4 v 38 w(stm)h(\(Inter)h(ss2)f(s\))283 -3936 y(>)103 b(ns)p 545 3936 V 38 w(stm)52 b(\(Inter)h(\(While)f(b)g -(ss\))g(s\))283 4104 y(>)411 b(=)51 b(Final)i(s'',)f(if)p -1411 4117 103 4 v 52 w(b)p 1622 4104 31 4 v 37 w(val)g(b)g(s)283 -4272 y(>)513 b(where)p 847 4285 257 4 v 283 4439 a(>)g(Final)53 -b(s')f(=)f(ns)p 1519 4439 31 4 v 38 w(stm)h(\(Inter)h(ss)e(s\))283 -4607 y(>)513 b(Final)53 b(s'')f(=)g(ns)p 1571 4607 V -37 w(stm)g(\(Inter)h(\(While)g(b)e(ss\))h(s'\))283 4822 -y(>)103 b(ns)p 545 4822 V 38 w(stm)52 b(\(Inter)h(\(While)f(b)g(ss\))g -(s\))283 4989 y(>)411 b(=)51 b(Final)i(s,)f(if)p 1309 -5002 103 4 v 52 w(~b)p 1571 4989 31 4 v 37 w(val)g(b)g(s)283 -5193 y Fu(Note)33 b(that)g(in)e(the)i(axiom)e(for)h(assignmen)m(t)h -Fr(update)h Fs(s)40 b(x)45 b(v)e Fu(corresp)s(onds)34 -b(to)e Fs(s)8 b Fu([)p Fs(x)k Ft(7!)p Fs(v)f Fu(].)430 -5313 y(The)33 b(seman)m(tic)g(function)f Ft(S)1484 5328 -y Fn(ns)1588 5313 y Fu(can)h(no)m(w)g(b)s(e)g(de\014ned)h(b)m(y)p -eop -%%Page: 223 233 -223 232 bop 0 130 a Fw(C.2)112 b(Structural)37 b(op)s(erational)f -(seman)m(tics)1425 b(223)p 0 193 3473 4 v 0 515 a Fr(>)52 -b(s)p 160 515 31 4 v 37 w(ns)g(ss)f(s)h(=)f(s')0 683 -y(>)667 b(where)p 718 696 257 4 v 0 851 a(>)g(Final)52 -b(s')g(=)g(ns)p 1390 851 31 4 v 37 w(stm)g(\(Inter)h(ss)f(s\))0 -1095 y Fw(Example)37 b(C.1)48 b Fu(W)-8 b(e)42 b(can)g(execute)h(the)f -(factorial)d(statemen)m(t)j(\(see)g(Example)f(B.1\))h(from)0 -1216 y(the)36 b(state)g Fr(s)p 470 1216 V 37 w(init)h -Fu(mapping)d Fr(x)h Fu(to)h Fw(3)f Fu(and)h(all)d(other)j(v)-5 -b(ariables)34 b(to)h Fw(0)h Fu(\(see)g(Example)f(B.3\).)0 -1336 y(The)f(\014nal)d(state)i Fr(s)p 713 1336 V 37 w(fac)h -Fu(is)e(obtained)g(as)h(follo)m(ws:)0 1553 y Fr(>)52 -b(s)p 160 1553 V 37 w(fac)g(=)f(s)p 555 1553 V 37 w(ns)h(factorial)i(s) -p 1310 1553 V 37 w(init)0 1768 y Fu(T)-8 b(o)33 b(get)f(the)h(\014nal)f -(v)-5 b(alue)32 b(of)g Fr(y)h Fu(w)m(e)g(ev)-5 b(aluate)33 -b Fr(s)p 1721 1768 V 37 w(fac)52 b("y")p Fu(.)1261 b -Fh(2)0 2013 y Fw(Exercise)36 b(C.2)49 b Fu(Extend)44 -b(the)e(de\014nition)f(of)h Fr(stm)g Fu(and)h Fr(ns)p -2254 2013 V 37 w(stm)g Fu(to)e(include)h(the)g Fr(repeat)p -Fu(-)0 2133 y(construct.)2976 b Fh(2)0 2378 y Fw(Exercise)36 -b(C.3)49 b Fu(De\014ne)31 b(an)f(algebraic)f(data)h(t)m(yp)s(e)h -Fr(deriv)p 2201 2378 V 38 w(tree)g Fu(represen)m(ting)h(the)f(deriv)-5 -b(a-)0 2498 y(tion)39 b(trees)h(of)f(the)i(natural)d(seman)m(tics.)65 -b(Construct)41 b(a)e(v)-5 b(arian)m(t)39 b(of)g(the)h(function)g -Fr(s)p 3221 2498 V 37 w(ns)g Fu(of)0 2619 y(t)m(yp)s(e)244 -2834 y Fr(s)p 301 2834 V 37 w(ns)52 b(::)g(stm)g(->)g(state)g(->)g -(deriv)p 1721 2834 V 38 w(tree)0 3049 y Fu(that)26 b(constructs)j(the)e -Fs(derivation)h(tr)-5 b(e)g(e)34 b Fu(for)27 b(a)f(giv)m(en)h(statemen) -m(t)g(and)g(state)g(rather)f(than)h(just)0 3169 y(the)33 -b(\014nal)f(state.)44 b(Apply)32 b(the)h(function)f(to)h(some)f -(example)g(statemen)m(ts.)663 b Fh(2)0 3516 y Fj(C.2)160 -b(Structural)54 b(op)t(erational)h(seman)l(tics)0 3740 -y Fu(When)25 b(sp)s(ecifying)f(the)h(structural)g(op)s(erational)d -(seman)m(tics)i(w)m(e)i(shall)d(need)j(to)e(test)h(whether)0 -3860 y Ft(\))41 b Fu(pro)s(duces)i(an)e(in)m(termediate)g -(con\014guration)g(or)g(a)g(\014nal)g(con\014guration.)70 -b(So)41 b(w)m(e)i(shall)0 3981 y(in)m(tro)s(duce)33 b(the)g(function)f -Fr(is)p 1092 3981 V 37 w(Final)i Fu(de\014ned)g(b)m(y:)0 -4198 y Fr(>)103 b(is)p 262 4198 V 37 w(Final)53 b(\(Inter)g(ss)e(s\))h -(=)g(False)0 4366 y(>)103 b(is)p 262 4366 V 37 w(Final)53 -b(\(Final)g(s\))e(=)h(True)0 4581 y Fu(Corresp)s(onding)33 -b(to)f(the)h(relation)d Ft(\))j Fu(w)m(e)g(de\014ne)h(the)f(function)f -Fr(sos)p 2565 4581 V 38 w(stm)h Fu(of)f(t)m(yp)s(e:)0 -4798 y Fr(>)103 b(sos)p 313 4798 V 38 w(stm)52 b(::)f(config)i(->)f -(config)0 5013 y Fu(As)26 b(in)e(the)i(previous)g(section)f(the)h -(argumen)m(t)f(of)g(this)g(function)g(will)e(corresp)s(ond)j(to)f(the)h -(con-)0 5133 y(\014guration)i(on)h(the)g(left-hand)f(side)h(of)f(the)i -(relation)d Ft(\))h Fu(and)h(the)h(result)e(will)f(corresp)s(ond)j(to)0 -5254 y(the)g(righ)m(t-hand)f(side.)43 b(Again)28 b(this)i(implemen)m -(tation)c(tec)m(hnique)31 b(is)f(only)f(p)s(ossible)g(b)s(ecause)0 -5374 y(the)38 b(seman)m(tics)g(is)g(deterministic)e(\(Exercise)j -(2.22\).)59 b(The)39 b(de\014nition)e(of)g Fr(sos)p 2961 -5374 V 38 w(stm)i Fu(follo)m(ws)0 5494 y(T)-8 b(able)32 -b(2.2)g(closely:)p eop -%%Page: 224 234 -224 233 bop 251 130 a Fw(224)1420 b(C)112 b(Op)s(erational)37 -b(Seman)m(tics)g(in)g(Miranda)p 251 193 3473 4 v 283 -515 a Fr(>)103 b(sos)p 596 515 31 4 v 38 w(stm)52 b(\(Inter)h(\(Ass)f -(x)g(a\))g(s\))283 683 y(>)462 b(=)52 b(Final)g(\(update)h(s)f(x)f(\(a) -p 1929 683 V 38 w(val)h(a)f(s\)\))283 851 y(>)565 b(where)p -899 864 257 4 v 283 1018 a(>)g(update)53 b(s)e(x)h(v)f(y)h(=)f(v,)h(if) -p 1924 1031 103 4 v 52 w(x)f(=)h(y)283 1186 y(>)1334 -b(=)51 b(s)h(y,)g(otherwise)p 2027 1199 462 4 v 283 1401 -a(>)103 b(sos)p 596 1401 31 4 v 38 w(stm)52 b(\(Inter)h(Skip)f(s\))g(=) -g(Final)g(s)283 1616 y(>)103 b(sos)p 596 1616 V 38 w(stm)52 -b(\(Inter)h(\(Comp)f(ss1)h(ss2\))f(s\))283 1783 y(>)462 -b(=)52 b(Inter)g(\(Comp)h(ss1')f(ss2\))h(s',)283 1951 -y(>)821 b(if)p 1155 1964 103 4 v 52 w(~is)p 1468 1951 -31 4 v 37 w(Final\(sos)p 1964 1951 V 40 w(stm)52 b(\(Inter)h(ss1)f -(s\)\))283 2118 y(>)565 b(where)p 899 2131 257 4 v 283 -2286 a(>)g(Inter)52 b(ss1')h(s')e(=)h(sos)p 1878 2286 -31 4 v 38 w(stm)g(\(Inter)h(ss1)f(s\))283 2501 y(>)103 -b(sos)p 596 2501 V 38 w(stm)52 b(\(Inter)h(\(Comp)f(ss1)h(ss2\))f(s\)) -283 2669 y(>)462 b(=)52 b(Inter)g(ss2)g(s',)283 2836 -y(>)821 b(if)p 1155 2849 103 4 v 52 w(is)p 1417 2836 -31 4 v 37 w(Final\(sos)p 1913 2836 V 40 w(stm)52 b(\(Inter)g(ss1)h -(s\)\))283 3004 y(>)565 b(where)p 899 3017 257 4 v 283 -3171 a(>)g(Final)52 b(s')g(=)g(sos)p 1622 3171 31 4 v -37 w(stm)g(\(Inter)h(ss1)f(s\))283 3386 y(>)103 b(sos)p -596 3386 V 38 w(stm)52 b(\(Inter)h(\(If)f(b)f(ss1)i(ss2\))f(s\))283 -3554 y(>)462 b(=)52 b(Inter)g(ss1)g(s,)g(if)p 1565 3567 -103 4 v 52 w(b)p 1776 3554 31 4 v 37 w(val)g(b)g(s)283 -3769 y(>)103 b(sos)p 596 3769 V 38 w(stm)52 b(\(Inter)h(\(If)f(b)f(ss1) -i(ss2\))f(s\))283 3936 y(>)462 b(=)52 b(Inter)g(ss2)g(s,)g(if)p -1565 3949 103 4 v 52 w(~b)p 1827 3936 31 4 v 37 w(val)g(b)g(s)283 -4151 y(>)103 b(sos)p 596 4151 V 38 w(stm)52 b(\(Inter)h(\(While)g(b)e -(ss\))h(s\))283 4319 y(>)462 b(=)52 b(Inter)g(\(If)g(b)g(\(Comp)g(ss)g -(\(While)h(b)f(ss\)\))g(Skip\))h(s)283 4479 y Fu(The)48 -b(function)f Fr(sos)p 1054 4479 V 38 w(stm)g Fu(implemen)m(ts)f(one)h -(step)h(of)f(the)g(computation.)85 b(The)48 b(function)283 -4599 y Fr(deriv)p 544 4599 V 39 w(seq)31 b Fu(de\014ned)g(b)s(elo)m(w)f -(will)e(determine)i(the)h(complete)f(deriv)-5 b(ation)28 -b(sequence)33 b(\()p Fs(even)f(if)283 4719 y(it)k(is)e(in\014nite!)12 -b Fu(\).)283 4879 y Fr(>)103 b(deriv)p 698 4879 V 39 -w(seq)52 b(\(Inter)g(ss)g(s\))283 5047 y(>)462 b(=)52 -b(\(Inter)h(ss)e(s\))h(:)g(\(deriv)p 1980 5047 V 38 w(seq)g(\(sos)p -2427 5047 V 38 w(stm)g(\(Inter)h(ss)f(s\)\)\))283 5214 -y(>)103 b(deriv)p 698 5214 V 39 w(seq)52 b(\(Final)g(s\))g(=)g([Final)h -(s])283 5374 y Fu(The)37 b(seman)m(tic)e(function)g Ft(S)1347 -5389 y Fn(sos)1478 5374 y Fu(can)g(no)m(w)i(b)s(e)e(de\014ned)i(b)m(y)g -(the)f Fw(Miranda)g Fu(function)f Fr(s)p 3544 5374 V -37 w(sos)p Fu(:)p eop -%%Page: 225 235 -225 234 bop 0 130 a Fw(C.3)112 b(Extensions)37 b(of)h(While)2038 -b(225)p 0 193 3473 4 v 0 515 a Fr(>)103 b(s)p 211 515 -31 4 v 37 w(sos)52 b(ss)g(s)f(=)h(s')0 683 y(>)769 b(where)p -820 696 257 4 v 0 851 a(>)g(Final)53 b(s')f(=)f(last)i(\(deriv)p -1953 851 31 4 v 38 w(seq)f(\(Inter)h(ss)f(s\)\))0 1091 -y Fw(Example)37 b(C.4)48 b Fu(The)30 b(deriv)-5 b(ation)27 -b(sequence)k(obtained)d(b)m(y)i(executing)f(the)g(factorial)d(state-)0 -1211 y(men)m(t)33 b(on)f(the)h(state)g Fr(s)p 846 1211 -V 37 w(init)h Fu(of)e(Example)g(B.3)g(can)h(no)m(w)h(b)s(e)e(obtained)g -(as)h(follo)m(ws:)0 1424 y Fr(>)103 b(fac)p 313 1424 -V 38 w(seq)52 b(=)f(deriv)p 913 1424 V 38 w(seq)h(\(Inter)h(factorial)h -(s)p 2079 1424 V 37 w(init\))0 1634 y Fu(W)-8 b(e)28 -b(ma)m(y)g(w)m(an)m(t)g(to)f(insp)s(ect)h(this)g(in)f(more)g(detail)f -(and)h(in)g(particular)f(w)m(e)j(ma)m(y)e(b)s(e)h(in)m(terested)0 -1755 y(in)47 b(the)i(v)-5 b(alues)48 b(of)g(the)h(v)-5 -b(ariables)47 b Fr(x)h Fu(and)h Fr(y)f Fu(in)g(the)g(v)-5 -b(arious)48 b(in)m(termediate)f(states.)91 b(T)-8 b(o)0 -1875 y(facilitate)30 b(this)i(w)m(e)i(use)f(the)g(function)0 -2087 y Fr(>)103 b(show)p 364 2087 V 38 w(seq)52 b(fv)g(l)f(=)h(lay)g -(\(map)g(show)p 1631 2087 V 38 w(config)h(l\))0 2255 -y(>)923 b(where)p 974 2268 257 4 v 0 2423 a(>)g(show)p -1184 2423 31 4 v 38 w(config)53 b(\(Final)g(s\))f(=)0 -2590 y(>)1026 b("final)52 b(state:\\n"++lay)j(\(map)e(\(show)p -2722 2590 V 38 w(val)f(s\))g(fv\))0 2758 y(>)923 b(show)p -1184 2758 V 38 w(config)53 b(\(Inter)g(ss)f(s\))f(=)0 -2926 y(>)1026 b(show)p 1077 2939 206 4 v 52 w(ss++"\\n"++lay)55 -b(\(map)d(\(show)p 2568 2926 31 4 v 38 w(val)g(s\))g(fv\))0 -3093 y(>)923 b(show)p 1184 3093 V 38 w(val)52 b(s)g(x)f(=)h(")f -(s\("++x++"\)="++shownum)57 b(\(s)52 b(x\))0 3304 y Fu(The)31 -b(function)f(call)f Fr(show)p 965 3304 V 38 w(seq)52 -b(["x","y"])i(fac)p 1874 3304 V 38 w(seq)31 b Fu(will)d(for)i(eac)m(h)i -(con\014guration)d(in)h(the)0 3424 y(deriv)-5 b(ation)34 -b(sequence)k Fr(fac)p 1027 3424 V 38 w(seq)e Fu(list)e(the)i(statemen)m -(t)g(part)f(and)g(the)h(v)-5 b(alues)35 b(of)g Fr(x)h -Fu(and)g Fr(y)f Fu(in)0 3545 y(the)e(state)g(part.)146 -3667 y(The)h(\014nal)e(state)h(of)f(the)h(deriv)-5 b(ation)31 -b(sequence)k(can)e(b)s(e)g(obtained)f(from)0 3879 y Fr(>)52 -b(s)p 160 3879 V 37 w(fac')g(=)g(s)p 607 3879 V 37 w(sos)g(factorial)h -(s)p 1412 3879 V 38 w(init)0 4090 y Fu(and)33 b(the)g(v)-5 -b(alue)32 b(obtained)g(for)g Fr(y)h Fu(is)f(obtained)g(b)m(y)h -(executing)g Fr(s)p 2371 4090 V 38 w(fac')52 b("y")p -Fu(.)559 b Fh(2)0 4329 y Fw(Exercise)36 b(C.5)49 b Fu(Extend)39 -b(the)e(de\014nition)f(of)g Fr(stm)i Fu(and)f Fr(sos)p -2274 4329 V 38 w(stm)g Fu(to)g(include)f(the)h Fr(repeat)p -Fu(-)0 4449 y(construct.)2976 b Fh(2)0 4791 y Fj(C.3)160 -b(Extensions)53 b(of)h(While)0 5013 y Fu(The)30 b(implemen)m(tation)c -(of)j(the)g(natural)f(seman)m(tics)i(of)e Fw(While)g -Fu(in)g(Section)h(C.1)h(will)c(no)m(w)k(b)s(e)0 5133 -y(extended)35 b(to)e(the)h(pro)s(cedure)g(language)e -Fw(Pro)s(c)h Fu(of)g(Section)g(2.5.)45 b(Rather)33 b(than)h(presen)m -(ting)0 5254 y(a)j(fully)e(w)m(ork)m(ed)k(out)e(implemen)m(tation)d(w)m -(e)k(shall)e(giv)m(e)h(detailed)f(instructions)g(for)h(ho)m(w)h(to)0 -5374 y(construct)e(it.)48 b(W)-8 b(e)35 b(shall)e(pa)m(y)i(sp)s(ecial)f -(atten)m(tion)g(to)g(the)h(seman)m(tics)g(of)f Fw(Pro)s(c)g -Fu(with)g(static)0 5494 y(scop)s(e)f(rules)g(for)f(v)-5 -b(ariables)31 b(as)i(w)m(ell)f(as)h(pro)s(cedures.)p -eop -%%Page: 226 236 -226 235 bop 251 130 a Fw(226)1420 b(C)112 b(Op)s(erational)37 -b(Seman)m(tics)g(in)g(Miranda)p 251 193 3473 4 v 283 -515 a(Exercise)g(C.6)49 b Fu(The)37 b(\014rst)f(step)h(will)d(b)s(e)i -(to)g(de\014ne)h(the)f(datat)m(yp)s(es)i(needed)f(to)f(represen)m(t)283 -636 y(the)d(syn)m(tax)i(and)d(the)h(seman)m(tics)g(of)f -Fw(Pro)s(c)p Fu(.)429 844 y Ft(\017)48 b Fu(Extend)40 -b(the)e(algebraic)e(data)h(t)m(yp)s(e)i Fr(stm)f Fu(with)f(the)h(new)h -(forms)e(of)g(statemen)m(ts)i(and)527 964 y(de\014ne)44 -b(algebraic)d(data)i(t)m(yp)s(es)h Fr(dec)p 1901 964 -31 4 v 38 w(V)e Fu(and)h Fr(dec)p 2385 964 V 38 w(P)g -Fu(for)f(v)-5 b(ariable)41 b(declarations)h(and)527 1085 -y(pro)s(cedure)34 b(declarations.)429 1293 y Ft(\017)48 -b Fu(De\014ne)30 b(the)g(algebraic)d(t)m(yp)s(e)j Fr(loc)g -Fu(to)f(b)s(e)h Fr(num)g Fu(suc)m(h)g(that)f(lo)s(cations)f(will)e(b)s -(e)k(n)m(um)m(b)s(ers.)527 1413 y(De\014ne)j(the)g(function)742 -1621 y Fr(new)52 b(::)g(loc)g(->)g(loc)527 1829 y Fu(suc)m(h)34 -b(that)f Fr(new)g Fu(incremen)m(ts)g(its)f(argumen)m(t)g(b)m(y)i(one.) -429 2037 y Ft(\017)48 b Fu(De\014ne)36 b(algebraic)e(t)m(yp)s(es)j -Fr(env)p 1667 2037 V 38 w(V)e Fu(and)h Fr(env)p 2137 -2037 V 38 w(P)f Fu(corresp)s(onding)h(to)f Fw(En)m(v)3199 -2052 y Fn(V)3292 2037 y Fu(and)h Fw(En)m(v)3677 2052 -y Fn(P)3729 2037 y Fu(.)527 2158 y(De\014ne)d(the)g(function)742 -2366 y Fr(upd)p 901 2366 V 38 w(P)51 b(::)h(\(dec)p 1399 -2366 V 38 w(P,)g(env)p 1744 2366 V 37 w(V,)g(env)p 2088 -2366 V 38 w(P\))g(->)g(env)p 2587 2366 V 37 w(P)527 2574 -y Fu(corresp)s(onding)33 b(to)f(up)s(d)1438 2589 y Fn(P)1490 -2574 y Fu(.)429 2782 y Ft(\017)48 b Fu(Finally)-8 b(,)37 -b(w)m(e)j(need)f(a)f(t)m(yp)s(e)i Fr(store)f Fu(corresp)s(onding)g(to)f -Fw(Store)p Fu(.)60 b(There)40 b(are)e(at)g(least)527 -2902 y(three)c(p)s(ossibilities:)40 b(One)33 b(p)s(ossibilit)m(y)e(is)h -(to)g(de\014ne)742 3110 y Fr(loc')52 b(::=)g(Loc)g(loc)g -Ft(j)f Fr(Next)742 3278 y(store)i(==)e(loc')i(->)e(z)527 -3486 y Fu(as)34 b(this)f(will)e(corresp)s(ond)j(closely)e(to)h(the)h -(de\014nition)e(of)h Fw(Store)p Fu(.)45 b(Alternativ)m(ely)-8 -b(,)33 b(one)527 3606 y(ma)m(y)e(iden)m(tify)g(the)g(sp)s(ecial)f(tok)m -(en)i(`next')h(with)d(lo)s(cation)f Fw(0)i Fu(and)g(then)h(simply)e -(de\014ne)742 3814 y Fr(store)53 b(==)e(loc)h(->)g(z)527 -4022 y Fu(The)34 b(third)e(p)s(ossibilit)m(y)e(is)i(to)g(de\014ne)742 -4230 y Fr(store)53 b(==)e(\(loc)i(->)e(z,)h(loc\))527 -4439 y Fu(where)34 b(the)f(second)h(comp)s(onen)m(t)f(corresp)s(onds)h -(to)e(the)h(v)-5 b(alue)32 b(of)g(`next'.)527 4603 y(Cho)s(ose)i(a)e -(metho)s(d)g(that)g(seems)i(appropriate)d(to)i(y)m(ou.)1066 -b Fh(2)283 4838 y Fw(Exercise)37 b(C.7)49 b Fu(Finally)33 -b(w)m(e)j(turn)g(to)m(w)m(ards)h(the)f(transition)e(systems.)54 -b(W)-8 b(e)36 b(b)s(egin)e(b)m(y)j(im-)283 4958 y(plemen)m(ting)32 -b(the)h(transition)e(system)i(for)f(v)-5 b(ariable)31 -b(declarations:)429 5166 y Ft(\017)48 b Fu(De\014ne)34 -b(an)f(algebraic)f(data)h(t)m(yp)s(e)h Fr(config)p 2134 -5166 V 38 w(D)g Fu(for)e(the)i(con\014gurations)f(of)f(the)i(transi-) -527 5286 y(tion)e(system)h(for)f(v)-5 b(ariable)31 b(declarations.)429 -5494 y Ft(\017)48 b Fu(Then)34 b(de\014ne)g(a)e(function)p -eop -%%Page: 227 237 -227 236 bop 0 130 a Fw(C.4)112 b(Pro)m(v)-6 b(ably)37 -b(correct)f(implemen)m(tation)1405 b(227)p 0 193 3473 -4 v 458 515 a Fr(ns)p 566 515 31 4 v 38 w(dec)p 757 515 -V 38 w(V)51 b(::)h(config)p 1357 515 V 38 w(D)g(->)g(config)p -1958 515 V 38 w(D)244 717 y Fu(corresp)s(onding)32 b(to)h(the)g -(relation)d Ft(!)1615 732 y Fn(D)1673 717 y Fu(.)0 915 -y(No)m(w)j(w)m(e)h(turn)f(to)f(the)h(transition)e(relation)f(for)i -(statemen)m(ts:)145 1114 y Ft(\017)49 b Fu(De\014ne)33 -b(an)f(algebraic)f(data)h(t)m(yp)s(e)h Fr(config)p 1846 -1114 V 39 w(P)f Fu(corresp)s(onding)h(to)f(the)h(con\014gurations)244 -1234 y Ft(h)p Fs(S)12 b Fu(,)32 b Fs(sto)6 b Ft(i)32 -b Fu(and)h Fs(sto)39 b Fu(of)32 b(the)h(transition)e(system.)145 -1436 y Ft(\017)49 b Fu(Next)33 b(de\014ne)h(a)e(function)458 -1637 y Fr(ns)p 566 1637 V 38 w(stm)52 b(::)g(\(env)p -1167 1637 V 38 w(V,)g(env)p 1512 1637 V 37 w(P\))g(->)g(config)p -2163 1637 V 38 w(P)g(->)g(config)p 2764 1637 V 38 w(P)244 -1839 y Fu(corresp)s(onding)32 b(to)h(the)g(transition)e(relation)f -Ft(!)p Fu(.)0 2037 y(Finally)g(de\014ne)k(a)e(function)244 -2236 y Fr(s)p 301 2236 V 37 w(ns)52 b(::)g(stm)g(->)g(store)g(->)g -(store)0 2434 y Fu(that)28 b(calls)g Fr(ns)p 529 2434 -V 37 w(stm)i Fu(with)e(appropriately)g(initialized)c(en)m(vironmen)m -(ts.)44 b(Use)29 b(the)g(function)f(on)0 2554 y(v)-5 -b(arious)35 b(example)g(statemen)m(ts)i(in)d(order)i(to)f(ensure)i -(that)f(the)g(implemen)m(tation)c(w)m(orks)37 b(as)0 -2675 y(in)m(tended.)3006 b Fh(2)0 2896 y Fw(Exercise)36 -b(C.8)49 b Fu(Mo)s(dify)37 b(the)g(implemen)m(tation)d(ab)s(o)m(v)m(e)k -(to)f(use)h(dynamic)f(scop)s(e)h(rules)f(for)0 3017 y(v)-5 -b(ariable)31 b(declarations)g(as)i(w)m(ell)f(as)h(pro)s(cedure)g -(declarations.)1062 b Fh(2)146 3238 y Fu(It)33 b(is)g(more)f -(problematic)f(to)i(extend)i(the)e(implemen)m(tation)d(to)j(handle)f -(the)i(constructs)0 3359 y(of)e(Section)h(2.4:)0 3580 -y Fw(Exercise)j(C.9)49 b Fu(Discuss)26 b(ho)m(w)f(to)g(extend)h(the)f -(implemen)m(tation)d(of)i(the)h(natural)f(seman)m(tics)0 -3700 y(in)32 b(Section)g(C.1)h(to)f(incorp)s(orate)g(the)h(constructs)h -(considered)f(in)f(Section)h(2.4.)407 b Fh(2)0 3922 y -Fw(Exercise)36 b(C.10)49 b Fu(Discuss)28 b(ho)m(w)h(to)e(extend)i(the)g -(implemen)m(tation)24 b(of)j(the)h(structural)g(op)s(er-)0 -4042 y(ational)21 b(seman)m(tics)j(of)f(Section)g(C.2)h(to)g(incorp)s -(orate)e(the)i(constructs)h(considered)g(in)e(Section)0 -4163 y(2.4.)3246 b Fh(2)0 4495 y Fj(C.4)160 b(Pro)l(v)-9 -b(ably)55 b(correct)d(implemen)l(tation)0 4714 y Fu(Rather)32 -b(than)g(presen)m(ting)g(a)g(fully)e(w)m(ork)m(ed)k(out)d -Fw(Miranda)i Fu(script)e(w)m(e)i(shall)e(pro)m(vide)h(exer-)0 -4834 y(cises)h(sho)m(wing)g(ho)m(w)g(to)g(dev)m(elop)g(an)f(implemen)m -(tation)e(corresp)s(onding)i(to)g(Chapter)i(3.)0 5055 -y Fw(Exercise)i(C.11)49 b Fu(W)-8 b(e)38 b(need)h(some)f(data)f(t)m(yp) -s(es)j(to)d(represen)m(t)j(the)e(con\014gurations)g(of)f(the)0 -5176 y(mac)m(hine:)145 5374 y Ft(\017)49 b Fu(De\014ne)27 -b(an)g(algebraic)e(data)h(t)m(yp)s(e)h Fr(am)p 1613 5374 -V 38 w(ins)g Fu(for)f(represen)m(ting)i(instructions)e(and)h(de\014ne) -244 5494 y(the)33 b(t)m(yp)s(e)g(synon)m(ym)p eop -%%Page: 228 238 -228 237 bop 251 130 a Fw(228)1420 b(C)112 b(Op)s(erational)37 -b(Seman)m(tics)g(in)g(Miranda)p 251 193 3473 4 v 742 -515 a Fr(am)p 850 515 31 4 v 37 w(code)53 b(==)f([am)p -1451 515 V 37 w(ins])527 712 y Fu(for)32 b(represen)m(ting)i(co)s(de.) -429 909 y Ft(\017)48 b Fu(De\014ne)34 b(an)g(algebraic)d(data)i(t)m(yp) -s(e)i Fr(stack)p 2084 909 V 38 w(values)g Fu(represen)m(ting)f(the)g -(elemen)m(ts)g(that)527 1029 y(ma)m(y)f(b)s(e)f(on)h(the)g(ev)-5 -b(aluation)31 b(stac)m(k)j(and)e(de\014ne)i(the)f(t)m(yp)s(e)h(synon)m -(ym)742 1226 y Fr(stack)53 b(==)e([stack)p 1515 1226 -V 39 w(values])429 1423 y Ft(\017)d Fu(De\014ne)33 b(a)g(t)m(yp)s(e)g -Fr(storage)i Fu(represen)m(ting)e(the)g(storage.)283 -1606 y(Finally)d(de\014ne)527 1790 y Fr(am)p 635 1790 -V 38 w(config)53 b(==)e(\(am)p 1338 1790 V 38 w(code,)i(stack,)g -(storage\))283 1974 y Fu(for)32 b(the)i(con\014gurations)e(of)g -Fw(AM)p Fu(.)2122 b Fh(2)283 2175 y Fw(Exercise)37 b(C.12)49 -b Fu(W)-8 b(e)38 b(can)g(then)g(turn)g(to)g(the)g(seman)m(tics)g(of)g -(the)g(mac)m(hine)f(instructions.)283 2296 y(F)-8 b(or)32 -b(this)g(w)m(e)i(pro)s(ceed)f(in)f(three)i(stages:)429 -2479 y Ft(\017)48 b Fu(First)32 b(de\014ne)i(a)e(function)g -Fr(am)p 1618 2479 V 38 w(step)h Fu(of)f(t)m(yp)s(e)742 -2676 y Fr(am)p 850 2676 V 37 w(step)53 b(::)f(am)p 1400 -2676 V 37 w(config)h(->)f(am)p 2052 2676 V 37 w(config)527 -2873 y Fu(implemen)m(ting)30 b(T)-8 b(able)32 b(3.1.)429 -3070 y Ft(\017)48 b Fu(W)-8 b(e)32 b(shall)d(also)h(b)s(e)h(in)m -(terested)h(in)e(the)h(computation)f(sequences)k(of)c -Fw(AM)h Fu(so)g(de\014ne)h(a)527 3190 y(function)742 -3387 y Fr(am)p 850 3387 V 37 w(comp)p 1091 3387 V 38 -w(seq)52 b(::)g(am)p 1590 3387 V 38 w(code)g(->)g(storage)h(->)f([am)p -2755 3387 V 37 w(config])527 3584 y Fu(that)28 b(giv)m(en)g(a)f -(sequence)k(of)c(instructions)g(and)h(an)g(initial)c(storage)j(will)f -(construct)i(the)527 3704 y(corresp)s(onding)33 b(computation)e -(sequence.)429 3901 y Ft(\017)48 b Fu(Finally)26 b(de\014ne)k(a)e -(function)g Fr(run)h Fu(corresp)s(onding)g(to)f(the)h(function)f -Ft(M)g Fu(of)g(Chapter)h(3.)283 4084 y(This)37 b(pro)m(vides)h(us)f -(with)f(an)h(in)m(terpreter)g(for)f Fw(AM)p Fu(.)h(What)f(happ)s(ens)i -(if)d(w)m(e)j(en)m(ter)g(a)e(stuc)m(k)283 4205 y(con\014guration?)2793 -b Fh(2)283 4407 y Fw(Exercise)37 b(C.13)49 b Fu(Finally)-8 -b(,)30 b(w)m(e)j(implemen)m(t)e(the)i(co)s(de)g(generation)f -(functions:)429 4590 y Ft(\017)48 b Fu(De\014ne)33 b(functions)g -(corresp)s(onding)f(to)h Ft(C)6 b(A)p Fu(,)32 b Ft(C)6 -b(B)36 b Fu(and)d Ft(C)6 b(S)i Fu(.)429 4787 y Ft(\017)48 -b Fu(De\014ne)33 b(a)g(function)f Fr(am)p 1401 4787 V -37 w(stm)i Fu(corresp)s(onding)e(to)g(the)h(function)f -Ft(S)2982 4802 y Fn(am)3080 4787 y Fu(.)283 4970 y(Apply)f(the)g -(construction)f(to)g(a)h(couple)f(of)g(examples)g(to)g(v)m(erify)h -(that)f(ev)m(erything)i(w)m(orks)g(as)283 5091 y(exp)s(ected.)2999 -b Fh(2)283 5293 y Fw(Exercise)37 b(C.14)49 b Fu(Mo)s(dify)31 -b(the)i(implemen)m(tation)c(to)j(use)h(the)g(abstract)f(mac)m(hine)g -Fw(AM)3606 5308 y Fn(2)3677 5293 y Fu(of)283 5413 y(Exercises)j(3.8)d -(and)h(3.17)f(rather)g(than)h Fw(AM)p Fu(.)1684 b Fh(2)p -eop -%%Page: 229 239 -229 238 bop 0 1181 a Fv(App)6 b(endix)77 b(D)0 1598 y(Denotational)h -(Seman)-6 b(tics)77 b(in)0 1847 y(Miranda)0 2301 y Fu(In)40 -b(this)e(app)s(endix)i(w)m(e)g(implemen)m(t)d(the)j(denotational)d -(seman)m(tics)j(of)e(Chapter)i(4)f(in)g Fw(Mi-)0 2422 -y(randa)50 b Fu(and)f(sho)m(w)h(ho)m(w)f(similar)c(tec)m(hniques)51 -b(can)e(b)s(e)g(used)h(to)e(implemen)m(t)f(the)i(static)0 -2542 y(program)31 b(analysis)h(of)g(Chapter)i(5.)146 -2664 y(W)-8 b(e)30 b(shall)d(need)k(the)e(de\014nitions)g(from)e(App)s -(endix)j(B)f(so)g(w)m(e)h(b)s(egin)f(b)m(y)h(including)d(these:)0 -2881 y Fr(>)52 b(\045include)p 103 2902 411 4 v 53 w("appB")0 -3224 y Fj(D.1)161 b(Direct)53 b(st)l(yle)g(seman)l(tics)0 -3447 y Fu(In)28 b(the)h(implemen)m(tation)c(w)m(e)k(shall)d(rely)i(on)g -(some)g(of)f(the)i(built-in)c(functions)j(of)g Fw(Miranda)p -Fu(.)0 3567 y(In)44 b(particular,)h Fr(id)g Fu(is)e(the)i(iden)m(tit)m -(y)e(function)h(and)g(`.')77 b(is)44 b(function)f(comp)s(osition.)75 -b(The)0 3687 y(auxiliary)30 b(function)j Fr(cond)g Fu(is)f(de\014ned)i -(b)m(y)0 3901 y Fr(>)52 b(cond)g(\(p,)g(g1,)g(g2\))g(s)g(=)f(g1)h(s,)g -(if)p 1487 3914 103 4 v 52 w(p)f(s)0 4069 y(>)1026 b(=)51 -b(g2)h(s,)g(if)p 1487 4082 V 52 w(~p)f(s)0 4281 y Fu(The)33 -b(theoretical)d(foundation)h(of)g Fw(Miranda)h Fu(is)f(closely)g -(related)h(to)f(the)h(theory)g(dev)m(elop)s(ed)0 4402 -y(in)45 b(Chapter)j(4)d(\(although)h(it)f(is)h(outside)g(the)g(scop)s -(e)h(of)f(this)g(b)s(o)s(ok)g(to)g(go)g(further)g(in)m(to)0 -4522 y(this\).)71 b(One)42 b(of)f(the)h(consequences)k(of)41 -b(this)h(is)f(that)g(the)i(\014xed)g(p)s(oin)m(t)e(op)s(eration)f(can)i -(b)s(e)0 4642 y(implemen)m(ted)31 b(in)h(a)g(v)m(ery)i(simple)d(w)m(a)m -(y:)0 4856 y Fr(>)52 b(fix)g(ff)f(=)h(ff)g(\(fix)g(ff\))0 -5068 y Fu(The)34 b(function)e Ft(S)650 5083 y Fn(ds)754 -5068 y Fu(can)h(no)m(w)g(b)s(e)g(implemen)m(ted)e(b)m(y)j(the)f -(function)0 5282 y Fr(>)52 b(s)p 160 5282 31 4 v 37 w(ds)g(::)f(stm)h -(->)g(state)h(->)f(state)0 5494 y Fu(A)33 b(straigh)m(tforw)m(ard)f -(rewriting)f(of)h(T)-8 b(able)32 b(4.1)h(giv)m(es:)1663 -5849 y(229)p eop -%%Page: 230 240 -230 239 bop 251 130 a Fw(230)1363 b(D)112 b(Denotational)36 -b(Seman)m(tics)h(in)g(Miranda)p 251 193 3473 4 v 283 -515 a Fr(>)52 b(s)p 443 515 31 4 v 37 w(ds)g(\(Ass)g(x)g(a\))g(s)f(=)h -(update)h(s)e(\(a)p 1915 515 V 38 w(val)h(a)f(s\))h(x)283 -683 y(>)1026 b(where)p 1360 696 257 4 v 283 851 a(>)g(update)53 -b(s)e(v)h(x)g(y)f(=)h(v,)f(if)p 2385 864 103 4 v 52 w(x)h(=)f(y)283 -1018 y(>)1795 b(=)52 b(s)f(y,)h(otherwise)p 2488 1031 -462 4 v 283 1233 a(>)g(s)p 443 1233 31 4 v 37 w(ds)g(Skip)g(=)g(id)283 -1448 y(>)g(s)p 443 1448 V 37 w(ds)g(\(Comp)h(ss1)f(ss2\))g(=)f(\(s)p -1607 1448 V 38 w(ds)h(ss2\))g(.)g(\(s)p 2260 1448 V 37 -w(ds)g(ss1\))283 1663 y(>)g(s)p 443 1663 V 37 w(ds)g(\(If)g(b)g(ss1)g -(ss2\))g(=)f(cond)i(\(b)p 1864 1663 V 37 w(val)f(b,)g(s)p -2311 1663 V 37 w(ds)g(ss1,)g(s)p 2809 1663 V 38 w(ds)f(ss2\))283 -1878 y(>)h(s)p 443 1878 V 37 w(ds)g(\(While)h(b)e(ss\))h(=)g(fix)g(ff) -283 2045 y(>)1077 b(where)p 1411 2058 257 4 v 283 2213 -a(>)g(ff)52 b(g)g(=)f(cond)i(\(b)p 2135 2213 31 4 v 37 -w(val)f(b,)g(g)f(.)h(s)p 2787 2213 V 37 w(ds)g(ss,)g(id\))283 -2400 y Fw(Example)37 b(D.1)49 b Fu(Returning)34 b(to)h(the)g(factorial) -e(statemen)m(t)i(w)m(e)h(can)g(apply)e(its)h(denotation)283 -2521 y(to)e(the)g(initial)c(state)k Fr(s)p 1149 2521 -V 37 w(init)g Fu(as)g(follo)m(ws:)283 2688 y Fr(>)52 -b(s)p 443 2688 V 37 w(final)h(=)e(s)p 941 2688 V 37 w(ds)h(factorial)i -(s)p 1696 2688 V 37 w(init)1750 b Fh(2)283 2876 y Fw(Exercise)37 -b(D.2)49 b Fu(W)-8 b(e)41 b(ma)m(y)g(b)s(e)g(in)m(terested)h(in)f(the)g -(v)-5 b(arious)40 b(iterands)h(of)g(the)g(\014xed)i(p)s(oin)m(t.)283 -2996 y(Rewrite)24 b(the)g(seman)m(tic)f(equations)h(ab)s(o)m(v)m(e)g -(so)g(that)f(eac)m(h)h(\014xed)h(p)s(oin)m(t)d(is)h(unfolded)h(at)f -(most)g(n)283 3117 y(times)28 b(where)h(n)f(is)g(an)g(additional)d -(parameter)j(to)f(the)i(functions.)42 b(Giv)m(e)28 b(examples)g(sho)m -(wing)283 3237 y(that)j(if)f(the)i(v)-5 b(alue)30 b(of)h(n)g(is)g -(su\016cien)m(tly)h(large)d(then)j(w)m(e)g(get)f(the)h(same)f(result)g -(as)g(ab)s(o)m(v)m(e.)76 b Fh(2)283 3425 y Fw(Exercise)37 -b(D.3)49 b Fu(Extend)34 b(the)f(de\014nition)e(ab)s(o)m(v)m(e)j(to)e -(handle)g(the)h Fr(repeat)p Fu(-construct.)152 b Fh(2)283 -3752 y Fj(D.2)161 b(Extensions)53 b(of)g(While)283 3971 -y Fu(It)34 b(is)e(fairly)f(straigh)m(tforw)m(ard)i(to)g(extend)h(the)g -(implemen)m(tation)c(to)j(handle)f(the)i(pro)s(cedure)283 -4091 y(language)e(and)h(the)g(exception)g(language)e(of)h(Section)h -(4.5.)283 4279 y Fw(Exercise)k(D.4)49 b Fu(Mo)s(dify)33 -b(the)h(ab)s(o)m(v)m(e)g(implemen)m(tation)d(to)i(use)i(en)m(vironmen)m -(ts)f(and)g(stores)283 4399 y(and)c(extend)g(it)f(to)f(implemen)m(t)g -(the)h(seman)m(tics)h(of)e(the)i(language)e Fw(Pro)s(c)g -Fu(of)h(Section)g(4.5.)74 b Fh(2)283 4587 y Fw(Exercise)37 -b(D.5)49 b Fu(Mo)s(dify)27 b(the)i(ab)s(o)m(v)m(e)g(implemen)m(tation)d -(to)i(use)h(con)m(tin)m(uations)f(and)g(extend)283 4707 -y(it)k(to)g(handle)h(the)g(language)e Fw(Exc)h Fu(of)g(Section)h(4.5.) -1472 b Fh(2)283 5035 y Fj(D.3)161 b(Static)54 b(program)f(analysis)283 -5254 y Fu(Rather)30 b(than)g(presen)m(ting)g(a)f(fully)f(w)m(ork)m(ed)k -(out)d Fw(Miranda)h Fu(script)g(p)s(erforming)d(the)j(dep)s(en-)283 -5374 y(dency)44 b(analysis)d(w)m(e)i(shall)d(pro)m(vide)i(a)g(rather)g -(detailed)e(list)h(of)g(instructions)g(for)h(ho)m(w)g(to)283 -5494 y(dev)m(elop)34 b(suc)m(h)g(an)e(implemen)m(tation.)p -eop -%%Page: 231 241 -231 240 bop 0 130 a Fw(D.3)112 b(Static)36 b(program)i(analysis)1864 -b(231)p 0 193 3473 4 v 0 515 a(Exercise)36 b(D.6)49 b -Fu(The)43 b(\014rst)f(step)h(will)c(b)s(e)j(to)f(implemen)m(t)f(the)i -(complete)f(lattices)g Fw(P)g Fu(and)0 636 y Fw(PState)32 -b Fu(and)h(the)g(op)s(erations)f(on)g(them:)145 839 y -Ft(\017)49 b Fu(De\014ne)31 b(an)f(algebraic)f(data)h(t)m(yp)s(e)i -Fr(property)h Fu(represen)m(ting)e(the)g(set)g Fw(P)f -Fu(of)g(prop)s(erties)244 960 y(and)j(de\014ne)g(a)g(function)f -Fr(p)p 1236 960 31 4 v 37 w(lub)h Fu(corresp)s(onding)g(to)f -Ft(t)2265 975 y Fn(P)2317 960 y Fu(.)145 1163 y Ft(\017)49 -b Fu(De\014ne)g(a)f(t)m(yp)s(e)h(synon)m(ym)h Fr(pstate)g -Fu(represen)m(ting)f(the)g(prop)s(ert)m(y)g(states.)92 -b(De\014ne)244 1283 y(the)42 b(sp)s(ecial)f(prop)s(ert)m(y)i(states)f -Fb(init)g Fu(and)g Fb(lost)p Fu(.)72 b(De\014ne)42 b(a)g(function)f -Fr(pstate)p 3286 1283 V 39 w(lub)244 1404 y Fu(corresp)s(onding)32 -b(to)h Ft(t)1056 1419 y Fn(PS)1147 1404 y Fu(.)2224 b -Fh(2)0 1632 y Fw(Exercise)36 b(D.7)49 b Fu(W)-8 b(e)33 -b(can)f(then)h(turn)f(to)g(the)g(seman)m(tic)g(equations)g(de\014ning)g -(the)h(analysis:)145 1835 y Ft(\017)49 b Fu(De\014ne)33 -b(the)g(functions)458 2039 y Fr(p)p 515 2039 V 38 w(aexp)52 -b(::)g(aexp)g(->)g(pstate)h(->)f(property)244 2242 y -Fu(corresp)s(onding)32 b(to)h Ft(P)8 b(A)32 b Fu(and)458 -2446 y Fr(p)p 515 2446 V 38 w(bexp)52 b(::)g(bexp)g(->)g(pstate)h(->)f -(property)244 2649 y Fu(corresp)s(onding)32 b(to)h Ft(P)8 -b(B)t Fu(.)145 2852 y Ft(\017)49 b Fu(De\014ne)33 b(the)g(auxiliary)d -(function)j Fr(cond)p 1713 2852 V 37 w(P)g Fu(corresp)s(onding)g(to)f -(cond)2774 2867 y Fn(P)2827 2852 y Fu(.)145 3056 y Ft(\017)49 -b Fu(De\014ne)33 b(the)g(function)458 3259 y Fr(p)p 515 -3259 V 38 w(stm)52 b(::)g(stm)g(->)f(pstate)i(->)f(pstate)244 -3463 y Fu(corresp)s(onding)36 b(to)g Ft(P)8 b(S)45 b -Fu(of)36 b(T)-8 b(able)36 b(5.2.)54 b(\(Y)-8 b(ou)37 -b(ma)m(y)f(use)h(the)g(results)g(of)f(Section)g(5.4)244 -3583 y(for)c(this.\))2782 b Fh(2)0 3811 y Fw(Exercise)36 -b(D.8)49 b Fu(Implemen)m(t)35 b(the)h(algorithm)c(of)j(Section)h(5.2)f -(and)h(apply)f(the)h(implemen-)0 3932 y(tation)31 b(to)h(a)h(couple)f -(of)g(examples)h(to)f(v)m(erify)h(that)f(ev)m(erything)i(w)m(orks)g(as) -f(exp)s(ected.)198 b Fh(2)p eop -%%Page: 232 242 -232 241 bop 251 130 a Fw(232)1363 b(D)112 b(Denotational)36 -b(Seman)m(tics)h(in)g(Miranda)p 251 193 3473 4 v eop -%%Page: 233 243 -233 242 bop 0 1180 a Fv(Bibliograph)-6 b(y)49 1632 y -Fu([1])49 b(S.)40 b(Abramsky)-8 b(,)42 b(C.)f(Hankin:)58 -b Fs(A)n(bstr)-5 b(act)41 b(Interpr)-5 b(etation)41 b(of)h(De)-5 -b(clar)g(ative)40 b(L)-5 b(anguages)p Fu(,)201 1752 y(Ellis)30 -b(Horw)m(o)s(o)s(d)i(\(1987\).)49 1950 y([2])49 b(A.)39 -b(V.)g(Aho,)i(J.)f(E.)f(Hop)s(croft,)i(J.)e(D.)g(Ullman:)54 -b Fs(Data)41 b(Structur)-5 b(es)42 b(and)e(A)n(lgorithms)p -Fu(,)201 2071 y(Addison{W)-8 b(esley)33 b(\(1982\).)49 -2269 y([3])49 b(A.)39 b(V.)g(Aho,)i(R.)e(Sethi,)i(J.)f(D.)e(Ullman:)55 -b Fs(Compilers:)g(Principles,)42 b(T)-7 b(e)i(chniques)39 -b(and)201 2389 y(T)-7 b(o)i(ols)p Fu(,)31 b(Addison{W)-8 -b(esley)33 b(\(1986\).)49 2587 y([4])49 b(K.)33 b(R.)g(Apt:)45 -b Fs(T)-7 b(en)35 b(Y)-7 b(e)i(ars)35 b(of)g(Ho)-5 b(ar)g(e's)36 -b(L)-5 b(o)g(gic:)45 b(A)36 b(Survey)g(|)f(Part)h(1)p -Fu(,)e(A)m(CM)g(T)-8 b(oplas)33 b Fw(3)201 2707 y Fu(4)f(\(1981\).)49 -2905 y([5])49 b(J.)25 b(W.)h(de)h(Bakk)m(er:)41 b Fs(Mathematic)-5 -b(al)28 b(The)-5 b(ory)28 b(of)h(Pr)-5 b(o)g(gr)g(am)28 -b(Corr)-5 b(e)g(ctness)p Fu(,)26 b(Pren)m(tice-Hall)201 -3026 y(\(1980\).)49 3224 y([6])49 b(D.)36 b(Cl)m(\023)-46 -b(emen)m(t,)38 b(J.)g(Desp)s(eyroux,)h(T.)f(Desp)s(eyroux,)i(G.)d -(Kahn:)52 b(A)37 b(simple)f(applicativ)m(e)201 3344 y(language:)57 -b(Mini-ML,)39 b Fs(Pr)-5 b(o)g(c)g(e)g(e)g(dings)41 b(of)h(the)g(1986)f -(A)n(CM)h(Confer)-5 b(enc)g(e)41 b(on)g(Lisp)h(and)201 -3464 y(F)-7 b(unctional)33 b(Pr)-5 b(o)g(gr)g(amming)31 -b Fu(\(1986\).)49 3662 y([7])49 b(J.)i(Desp)s(eyroux:)83 -b(Pro)s(of)51 b(of)h(translation)d(in)i(natural)g(seman)m(tics,)57 -b Fs(Pr)-5 b(o)g(c)g(e)g(e)g(dings)51 b(of)201 3783 y(Symp)-5 -b(osium)37 b(on)g(L)-5 b(o)g(gic)37 b(in)h(Computer)f(Scienc)-5 -b(e)p Fu(,)36 b(Cam)m(bridge,)g(Massac)m(h)m(usetts,)k(USA)201 -3903 y(\(1986\).)49 4101 y([8])49 b(M.)33 b(J.)g(C.)g(Gordon:)43 -b Fs(The)35 b(Denotational)f(Description)g(of)h(Pr)-5 -b(o)g(gr)g(amming)33 b(L)-5 b(anguages,)201 4221 y(A)n(n)34 -b(Intr)-5 b(o)g(duction)p Fu(,)32 b(Springer-V)-8 b(erlag)31 -b(\(1979\).)49 4419 y([9])49 b(M.)c(Hennessy:)71 b Fs(The)46 -b(Semantics)f(of)h(Pr)-5 b(o)g(gr)g(amming)45 b(L)-5 -b(anguages:)67 b(A)n(n)46 b(Elementary)201 4540 y(Intr)-5 -b(o)g(duction)34 b(using)g(Structur)-5 b(al)36 b(Op)-5 -b(er)g(ational)34 b(Semantics)p Fu(,)d(Wiley)h(\(1991\).)0 -4738 y([10])49 b(C.)g(B.)g(Jones:)77 b Fs(Softwar)-5 -b(e)50 b(Development:)73 b(A)50 b(R)n(igor)-5 b(ous)49 -b(Appr)-5 b(o)g(ach)p Fu(,)53 b(Pren)m(tice-Hall)201 -4858 y(\(1980\).)0 5056 y([11])c(J.)54 b(Lo)s(ec)m(kx,)62 -b(K.)54 b(Sieb)s(er:)88 b Fs(The)54 b(F)-7 b(oundations)54 -b(of)h(Pr)-5 b(o)g(gr)g(am)54 b(V)-7 b(eri\014c)i(ation)p -Fu(,)59 b(Wiley{)201 5176 y(T)-8 b(eubner)34 b(Series)f(in)e(Computer)i -(Science)g(\(1984\).)0 5374 y([12])49 b(H.)34 b(R.)h(Nielson:)47 -b(A)35 b(Hoare-lik)m(e)f(pro)s(of)f(system)j(for)e(run-time)g(analysis) -g(of)g(programs,)201 5494 y Fs(Scienc)-5 b(e)33 b(of)i(Computer)f(Pr)-5 -b(o)g(gr)g(amming)p Fu(,)32 b(v)m(ol)g(9)g(\(1987\).)1663 -5849 y(233)p eop -%%Page: 234 244 -234 243 bop 251 130 a Fw(234)2676 b(Bibliograph)m(y)p -251 193 3473 4 v 283 515 a Fu([13])49 b(F.)29 b(Nielson,)g(H.)g(R.)h -(Nielson:)40 b(Tw)m(o-lev)m(el)30 b(seman)m(tics)f(and)h(co)s(de)f -(generation,)g Fs(The)-5 b(or)g(et-)484 636 y(ic)g(al)34 -b(Computer)h(Scienc)-5 b(e)p Fu(,)31 b(v)m(ol)h(56)h(\(1988\).)283 -839 y([14])49 b(G.)22 b(D.)f(Plotkin:)38 b Fs(A)25 b(Structur)-5 -b(al)27 b(appr)-5 b(o)g(ach)24 b(to)h(Op)-5 b(er)g(ational)25 -b(Semantics)p Fu(,)e(Lecture)g(notes,)484 960 y(D)m(AIMI)33 -b(FN-19,)f(Aarh)m(us)h(Univ)m(ersit)m(y)-8 b(,)33 b(Denmark)f(\(1981,)g -(reprin)m(ted)h(1991\).)283 1163 y([15])49 b(G.)34 b(D.)f(Plotkin:)45 -b(An)35 b(op)s(erational)c(seman)m(tics)k(for)e(CSP)-8 -b(,)35 b(in:)46 b Fs(F)-7 b(ormal)34 b(Description)h(of)484 -1283 y(Pr)-5 b(o)g(gr)g(amming)28 b(Conc)-5 b(epts)29 -b(II)p Fu(,)d(Pro)s(ceedings)i(of)e(TC-2)h(W)-8 b(ork.)28 -b(Conf.)f(\(ed.)g(D.)g(Bj\034rner\),)484 1404 y(North{Holland)k -(\(1982\).)283 1607 y([16])49 b(D.)32 b(A.)h(Sc)m(hmidt:)44 -b Fs(Denotational)33 b(Semantics:)44 b(a)35 b(Metho)-5 -b(dolo)g(gy)35 b(for)g(L)-5 b(anguage)34 b(Devel-)484 -1727 y(opment)p Fu(,)e(Allyn)f(&)i(Bacon,)g(Inc.)g(\(1986\).)283 -1931 y([17])49 b(J.)42 b(E.)h(Sto)m(y:)63 b Fs(Denotational)42 -b(Semantics:)62 b(The)43 b(Sc)-5 b(ott{Str)g(achey)43 -b(Appr)-5 b(o)g(ach)43 b(to)h(Pr)-5 b(o-)484 2051 y(gr)g(amming)34 -b(L)-5 b(anguage)34 b(The)-5 b(ory)p Fu(,)32 b(MIT)i(Press)g(\(1977\).) -p eop -%%Page: 235 245 -235 244 bop 0 974 a Fv(Index)77 b(of)h(Sym)-6 b(b)6 b(ols)0 -1446 y Fu(\()p Fw(P)p Fu(,)32 b Ft(v)251 1461 y Fn(P)304 -1446 y Fu(\),)g(136)0 1567 y(\()p Fw(PState)p Fu(,)g -Ft(v)506 1582 y Fn(PS)598 1567 y Fu(\),)h(140)0 1687 -y(\()p Fw(PState)f Ft(!)g Fw(PState)p Fu(,)g Ft(v)p Fu(\),)i(148)0 -1807 y(\()p Fw(State)f Fo(,)-17 b Ft(!)32 b Fw(State)p -Fu(,)h Ft(v)p Fu(\),)g(93)0 1928 y(\()p Fs(D)9 b Fu(,)33 -b Ft(v)258 1943 y Fc(D)322 1928 y Fu(\),)g(95)0 2124 -y Ft(\001)17 b(\001)g(\001)n Fu([)p Ft(\001)g(\001)g(\001)o(7\000)-17 -b(!\001)17 b(\001)g(\001)n Fu(],)33 b(51)0 2244 y Ft(\001)17 -b(\001)g(\001)n Fu([)p Ft(\001)g(\001)g(\001)o(7!\001)g(\001)g(\001)m -Fu(],)33 b(16,)f(17,)g(177,)g(214)0 2365 y Ft(\001)17 -b(\001)g(\001)n(\021)33 b(\001)17 b(\001)g(\001)n Fu(rel)p -342 2378 109 4 v 32 w Ft(\001)g(\001)g(\001)o Fu(,)32 -b(137,)g(138)0 2485 y Ft(\001)17 b(\001)g(\001)n(`)33 -b(\001)17 b(\001)g(\001)n(!)32 b(\001)17 b(\001)g(\001)n -Fu(,)33 b(54,)f(58)0 2605 y Ft(\016)p Fu(,)g(214)0 2726 -y Ft(\005)p Fu(,)f(215)0 2846 y Fo(,)-17 b Ft(!)p Fu(,)33 -b(213)0 2966 y Ft(!)p Fu(,)f(213)0 3087 y Fh(\003)p Fu(,)h(64)0 -3207 y Ft(\))p Fu(,)f(32)0 3328 y Ft(!)p Fu(,)g(20)0 -3448 y Ft(!)100 3412 y Fc(t)129 3448 y Fu(,)h(202)0 3568 -y Ft(!)100 3583 y Fc(D)164 3568 y Fu(,)f(51,)g(58)0 3689 -y Ft(!)100 3704 y Fn(Aexp)264 3689 y Fu(,)h(31)0 3809 -y Ft(!)100 3824 y Fn(Bexp)262 3809 y Fu(,)f(32)0 3930 -y Ft(t)p Fu(,)h(136)0 3983 y Fg(F)69 4050 y Fu(,)g(97,)f(99,)g(136,)g -(140,)g(148)0 4170 y Ft(?)p Fu(,)h(95)0 4291 y Ft(v)p -Fu(,)g(95,)f(136,)g(140,)g(148)0 4411 y Ft(w)p Fu(,)h(95)0 -4531 y Ft(`)p Fu(,)f(180,)g(192,)g(203)0 4652 y Ft(j)-17 -b Fu(=,)33 b(184,)e(191,)h(203)0 4772 y Ft(:)p Fu(,)h(177)0 -4893 y Ft(_)p Fu(,)g(177)0 5013 y Ft(^)p Fu(,)g(177)0 -5133 y Ft(\))p Fu(,)f(177)0 5254 y Ft(f)g Fs(P)43 b Ft(g)33 -b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)p Fu(,)32 b(176)0 -5374 y Ft(f)g Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b(+)h -Fs(Q)41 b Ft(g)p Fu(,)33 b(191)0 5494 y Ft(f)f Fs(P)43 -b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(e)40 b Ft(+)32 b Fs(Q)42 -b Ft(g)p Fu(,)33 b(202)1882 1446 y Fs(f)1932 1410 y Fn(n)1976 -1446 y Fu(,)f(104)1882 1567 y Fs(R)1957 1531 y Fi(\003)1996 -1567 y Fu(,)h(215)1882 1688 y Fs(R)1957 1652 y Fn(+)2016 -1688 y Fu(,)f(215)1882 1899 y Ft(A)o Fu(,)h(12)1882 2020 -y Ft(B)s Fu(,)g(14)1882 2141 y Ft(C)6 b(A)o Fu(,)33 b(70)1882 -2262 y Ft(C)6 b(B)s Fu(,)33 b(70)1882 2383 y Ft(C)6 b(S)i -Fu(,)32 b(71)1882 2504 y Ft(D)1961 2467 y Fn(P)1961 2528 -y(ds)2032 2504 y Fu(,)h(121)1882 2624 y Ft(D)1961 2588 -y Fn(V)1961 2649 y(ds)2032 2624 y Fu(,)g(120)1882 2745 -y Ft(M)o Fu(,)g(68)1882 2866 y Ft(N)14 b Fu(,)33 b(9)1882 -2987 y Ft(O)s Fu(\()p Fs(g)9 b Fu(\),)32 b(214)1882 3108 -y Ft(P)8 b Fu(,)33 b(213)1882 3229 y Ft(P)8 b(A)p Fu(,)32 -b(142)1882 3349 y Ft(P)8 b(A)2039 3364 y Fc(X)2106 3349 -y Fu(,)33 b(161)1882 3470 y Ft(P)8 b(B)s Fu(,)33 b(142)1882 -3591 y Ft(P)8 b(B)2027 3606 y Fc(X)2095 3591 y Fu(,)32 -b(161)1882 3712 y Ft(P)8 b(S)g Fu(,)32 b(144)1882 3833 -y Ft(P)8 b(S)2027 3848 y Fc(X)2094 3833 y Fu(,)33 b(161)1882 -3954 y Ft(S)1949 3969 y Fn(am)2048 3954 y Fu(,)f(72)1882 -4075 y Ft(S)1949 4090 y Fn(cs)2013 4075 y Fu(,)g(130)1882 -4195 y Ft(S)1949 4159 y Fi(0)1949 4220 y Fn(cs)2013 4195 -y Fu(,)g(128)1882 4316 y Ft(S)1949 4331 y Fn(ds)2021 -4316 y Fu(,)g(85,)g(122)1882 4437 y Ft(S)1949 4401 y -Fi(0)1949 4462 y Fn(ds)2021 4437 y Fu(,)g(119)1882 4558 -y Ft(S)1949 4573 y Fn(ns)2021 4558 y Fu(,)g(31)1882 4679 -y Ft(S)1949 4694 y Fn(sos)2044 4679 y Fu(,)h(39)1882 -4800 y Ft(T)25 b(A)p Fu(,)32 b(201)1882 4920 y Ft(T)25 -b(B)t Fu(,)32 b(201)1882 5132 y Fw(AM)p Fu(,)g(63)1882 -5253 y Fw(Aexp)p Fu(,)g(7)1882 5374 y Fw(Aexp)2139 5389 -y Fc(X)2206 5374 y Fu(,)h(161)1882 5494 y Fw(Bexp)p Fu(,)f(7)1663 -5849 y(235)p eop -%%Page: 236 246 -236 245 bop 251 130 a Fw(236)2454 b(Index)38 b(of)g(Sym)m(b)s(ols)p -251 193 3473 4 v 283 515 a(Bexp)535 530 y Fc(X)603 515 -y Fu(,)33 b(161)283 636 y Fw(Blo)s(c)m(k)p Fu(,)f(51)283 -756 y Fw(Co)s(de)p Fu(,)i(64)283 877 y Fw(Con)m(t)p Fu(,)f(127)283 -997 y Fw(Dec)470 1012 y Fn(P)522 997 y Fu(,)g(53,)f(117)283 -1117 y Fw(Dec)470 1132 y Fn(V)528 1117 y Fu(,)h(51,)f(117)283 -1238 y Fw(En)m(v)475 1253 y Fn(E)527 1238 y Fu(,)h(130)283 -1358 y Fw(En)m(v)475 1373 y Fn(P)527 1358 y Fu(,)g(54,)f(56,)g(58,)h -(121)283 1478 y Fw(En)m(v)475 1493 y Fn(V)533 1478 y -Fu(,)g(57,)f(118)283 1599 y Fw(Exc)p Fu(,)h(126)283 1719 -y Fw(Exception)p Fu(,)f(126)283 1840 y Fw(\013)p Fu(,)h(213)283 -1960 y Fw(Lo)s(c)p Fu(,)g(57,)g(118)283 2080 y Fw(N)p -Fu(,)g(213)283 2201 y Fw(Num)p Fu(,)f(7)283 2321 y Fw(P)p -Fu(,)h(136)283 2441 y Fw(PState)p Fu(,)g(137)283 2562 -y Fw(Pname)p Fu(,)g(53,)f(117)283 2682 y Fw(Pro)s(c)p -Fu(,)g(52,)h(117)283 2803 y Fw(Stac)m(k)p Fu(,)g(64)283 -2923 y Fw(State)p Fu(,)g(12)283 3043 y Fw(State)538 3058 -y Fc(X)606 3043 y Fu(,)g(161)283 3164 y Fw(Stm)p Fu(,)f(7)283 -3284 y Fw(Stm)483 3299 y Fc(X)550 3284 y Fu(,)h(161)283 -3405 y Fw(Store)p Fu(,)g(57,)f(118)283 3525 y Fw(T)p -Fu(,)h(213)283 3645 y Fw(tt)p Fu(,)f(213)283 3766 y Fw(V)-9 -b(ar)p Fu(,)33 b(7)283 3886 y Fw(While)p Fu(,)f(6)283 -4006 y Fw(Z)p Fu(,)i(213)283 4210 y Fs(a)7 b Fu(,)33 -b(7)283 4330 y Fs(b)6 b Fu(,)33 b(7)283 4451 y Fs(c)6 -b Fu(,)33 b(64,)f(127)283 4571 y Fs(D)366 4586 y Fc(P)425 -4571 y Fu(,)h(53,)f(117)283 4691 y Fs(D)366 4706 y Fc(V)427 -4691 y Fu(,)h(51,)f(117)283 4812 y Fs(e)7 b Fu(,)33 b(64,)g(126)283 -4932 y Fs(env)439 4947 y Fc(E)498 4932 y Fu(,)g(130)283 -5053 y Fs(env)439 5068 y Fc(P)497 5053 y Fu(,)g(54,)f(121)2165 -515 y Fs(env)2321 530 y Fc(V)2381 515 y Fu(,)h(57,)f(118)2165 -636 y Fs(n)7 b Fu(,)33 b(7)2165 756 y Fs(P)10 b Fu(,)33 -b(176)2165 877 y Fs(p)6 b Fu(,)33 b(53,)f(117,)g(136)2165 -997 y Fs(ps)8 b Fu(,)32 b(137)2165 1117 y Fs(S)12 b Fu(,)32 -b(7)2165 1238 y Fs(s)8 b Fu(,)33 b(12)2165 1358 y Fs(sto)6 -b Fu(,)33 b(57,)f(118)2165 1478 y Fs(Q)9 b Fu(,)33 b(176)2165 -1599 y Fs(x)12 b Fu(,)32 b(7)2165 1802 y Fb(d)p Fu(?,)h(135,)f(136)2165 -1923 y Fb(init)p Fu(,)h(141)2165 2043 y Fb(init)2345 -2058 y Fc(X)2413 2043 y Fu(,)f(163)2165 2163 y Fb(lost)p -Fu(,)h(141)2165 2284 y Fb(ok)p Fu(,)g(135)2165 2487 y(cond,)g(87,)f -(119)2165 2608 y(cond)2365 2623 y Fn(P)2418 2608 y Fu(,)g(145)2165 -2728 y(D)m(V,)h(51)2165 2848 y(extend)2448 2863 y Fc(X)2517 -2848 y Fu(,)f(161)2165 2969 y(FIX,)h(88,)f(97,)g(104,)g(146)2165 -3089 y(FV,)g(15,)h(16,)f(160)2165 3209 y(graph,)g(214)2165 -3330 y(I,)h(215)2165 3450 y(I)2200 3465 y Fc(p)2240 3450 -y Fu(,)f(215)2165 3571 y(I)2200 3586 y Fc(X)2268 3571 -y Fu(,)g(215)2165 3691 y(id,)g(214)2165 3811 y(lo)s(okup,)g(118)2165 -3932 y(new,)i(57,)e(118)2165 4052 y(next,)i(57,)e(118)2165 -4172 y(OK,)g(137)2165 4293 y(on-trac)m(k,)h(137)2165 -4413 y(up)s(d)2330 4428 y Fn(P)2382 4413 y Fu(,)g(54,)f(56,)g(58)2165 -4534 y(wlp,)g(186)2165 4737 y(rel)p 2165 4750 109 4 v --1 w(,)h(136{138)2165 4857 y(undef)p 2165 4870 236 4 -v 1 w(,)f(214)p eop -%%Page: 237 247 -237 246 bop 0 974 a Fv(Index)0 1406 y Fr(abort)p Fu(-construct,)35 -b(44)0 1529 y(abstract)e(mac)m(hine,)f(63)0 1653 y(abstract)h(syn)m -(tax,)h(7)0 1776 y(additiv)m(e)e(function,)g(163)0 1900 -y(admissible)f(predicate,)h(173)0 2023 y(an)m(ti-symmetric)f(relation,) -f(95)0 2146 y(arithmetic)g(expression,)k(7)166 2270 y(analysis,)e(142) -166 2393 y(execution)h(time,)f(201)166 2517 y(seman)m(tics,)h(12)166 -2640 y(translation,)e(70)0 2763 y Fr(assert)p Fu(-construct,)k(46)0 -2887 y(assertion,)e(175)0 3010 y(axiom,)e(20)0 3133 y(axiomatic)f -(seman)m(tics,)j(178)0 3390 y(basis)g(elemen)m(t,)f(7)0 -3513 y Fr(begin)p Fu(-construct,)j(51,)d(117,)g(126)0 -3637 y(bisim)m(ulation)d(relation,)i(81)0 3760 y(b)s(o)s(olean)g -(expression,)j(7)166 3884 y(analysis,)e(142)166 4007 -y(execution)h(time,)f(201)166 4130 y(seman)m(tics,)h(14)166 -4254 y(translation,)e(70)0 4510 y Fr(call)p Fu(-construct,)j(53,)f -(117,)e(197)0 4634 y(call-b)m(y-v)-5 b(alue)30 b(parameter,)i(60,)h -(126)0 4757 y(ccp)s(o,)g(99)0 4881 y(c)m(hain,)g(97)0 -5004 y(c)m(hain)40 b(complete)f(partially)e(ordered)k(set,)332 -5124 y(99)0 5248 y(co)s(de)33 b(generation,)f(69)0 5371 -y(complete)g(lattice,)f(99)0 5494 y(completeness,)i(183)2048 -1406 y(of)21 b(partial)e(correctness)24 b(inference)e(sys-)2214 -1526 y(tem,)32 b(187)2048 1648 y(of)i(total)g(correctness)k(inference)d -(sys-)2214 1768 y(tem,)d(196)1882 1890 y(comp)s(osite)f(elemen)m(t,)h -(7)1882 2011 y(comp)s(ositional)d(de\014nition,)i(11)1882 -2133 y(computation)g(sequence,)k(66)1882 2254 y(concrete)e(syn)m(tax,)i -(7)1882 2376 y(con\014guration,)c(216)2048 2497 y(\014nal,)g(216)2048 -2619 y(stuc)m(k,)j(216)2048 2740 y(terminal,)c(216)1882 -2862 y(constan)m(t)j(propagation,)e(133)1882 2983 y(con)m(tin)m -(uation,)g(127)1882 3105 y(con)m(tin)m(uation)g(st)m(yle)i(seman)m -(tics,)g(127)1882 3226 y(con)m(tin)m(uous)g(function,)f(103)1882 -3348 y(correct)h(implemen)m(tation,)c(73)1882 3571 y(declared)j(v)-5 -b(ariable,)31 b(51)1882 3692 y(denotational)f(seman)m(tics,)j(85)2048 -3814 y(con)m(tin)m(uation)e(st)m(yle,)i(127)2048 3935 -y(direct)f(st)m(yle,)h(85)1882 4057 y(dep)s(endency)i(analysis,)d(134) -1882 4178 y(deriv)-5 b(ation)30 b(sequence,)36 b(33)1882 -4300 y(deriv)-5 b(ation)30 b(tree,)k(22)1882 4421 y(detection)e(of)g -(signs)h(analysis,)f(133)1882 4543 y(deterministic)e(seman)m(tics,)j -(28,)f(38,)h(68)1882 4664 y(direct)f(st)m(yle)h(seman)m(tics,)g(85)1882 -4786 y(dubious,)f(135)1882 4907 y(dynamic)f(scop)s(e,)j(53)1882 -5130 y(equiv)-5 b(alence)32 b(relation,)f(141)1882 5252 -y(ev)-5 b(aluation)30 b(stac)m(k,)k(64)1882 5373 y(exception,)f(126) -1882 5494 y(exception)g(en)m(vironmen)m(t,)g(130)1663 -5849 y(237)p eop -%%Page: 238 248 -238 247 bop 251 130 a Fw(238)3028 b(Index)p 251 193 3473 -4 v 283 515 a Fu(expressiv)m(eness,)37 b(191)283 636 -y(extensional)c(approac)m(h,)g(177)283 837 y(\014xed)h(p)s(oin)m(t,)e -(87)450 957 y(least,)g(97,)g(104)450 1078 y(requiremen)m(ts,)h(92,)f -(97)283 1198 y(\014xed)i(p)s(oin)m(t)e(induction,)g(173)283 -1319 y(\014xed)i(p)s(oin)m(t)e(theory)-8 b(,)33 b(106)283 -1439 y(\015o)m(w)h(of)e(con)m(trol,)g(137)283 1559 y -Fr(for)p Fu(-construct,)26 b(28,)d(36,)h(43,)f(72,)h(111,)f(117,)616 -1680 y(151,)31 b(182)283 1800 y(free)i(v)-5 b(ariable,)31 -b(15,)i(16,)f(160)283 1920 y(function)h(comp)s(osition,)d(214)283 -2041 y(functional)h(dep)s(endency)-8 b(,)35 b(134)283 -2242 y(graph)e(of)f(a)g(function,)g(214)283 2443 y Fr(handle)p -Fu(-construct,)j(126)283 2645 y(iden)m(tit)m(y)e(function,)f(214)283 -2765 y(iden)m(tit)m(y)h(relation,)e(215)283 2886 y(induction,)h(10)450 -3006 y(\014xed)h(p)s(oin)m(t,)f(173)450 3126 y(on)38 -b(the)h(length)e(of)h(computation)f(se-)616 3247 y(quences,)e(67)450 -3367 y(on)21 b(the)h(length)g(of)f(deriv)-5 b(ation)20 -b(sequences,)616 3487 y(37)450 3608 y(on)42 b(the)h(shap)s(e)g(of)f -(deriv)-5 b(ation)41 b(trees,)616 3728 y(28)450 3849 -y(on)52 b(the)g(shap)s(e)h(of)f(inference)h(trees,)616 -3969 y(183)450 4089 y(structural,)32 b(11)283 4210 y(inference)i -(system,)f(178)450 4330 y(for)f(execution)h(time,)e(200)450 -4451 y(for)h(partial)e(correctness,)35 b(178)450 4571 -y(for)d(total)f(correctness,)j(191)283 4691 y(inference)g(tree,)f(180) -283 4812 y(injectiv)m(e)g(function,)f(214)283 4932 y(input)h(v)-5 -b(ariable,)31 b(134)283 5052 y(instructions,)i(64)283 -5173 y(in)m(tensional)e(approac)m(h,)j(177,)e(190)283 -5293 y(in)m(v)-5 b(arian)m(t,)32 b(179,)g(192)283 5494 -y(Kripk)m(e-relation,)f(141)2165 515 y(least)h(elemen)m(t,)h(95)2165 -636 y(least)f(\014xed)i(p)s(oin)m(t,)e(97,)g(104)2165 -758 y(least)g(upp)s(er)h(b)s(ound,)g(97)2165 879 y(lo)s(cal)d(v)-5 -b(ariable,)31 b(51)2165 1000 y(lo)s(cation,)f(57,)i(118)2165 -1121 y(logical)d(v)-5 b(ariable,)31 b(176)2165 1242 y(lo)s(oping)f -(computation)h(sequence,)36 b(66)2165 1363 y(lo)s(oping)30 -b(execution,)j(25,)g(36)2165 1579 y(monotone)f(function,)g(100)2165 -1700 y(m)m(utual)f(recursiv)m(e)j(pro)s(cedure,)g(60)2165 -1916 y(natural)d(seman)m(tics,)i(20)2165 2037 y(non-determinism,)d(46,) -j(197)2165 2158 y(non-recursiv)m(e)h(pro)s(cedure,)f(56,)f(122,)g(197) -2165 2279 y(n)m(um)m(b)s(er,)h(9)2165 2400 y(n)m(umeral,)f(7,)g(11)2165 -2616 y Fr(or)p Fu(-construct,)i(46,)e(197)2165 2737 y(order)h(of)f -(magnitude,)f(214)2165 2858 y(order)d(of)g(magnitude)f(of)h(execution)h -(time,)2497 2979 y(200)2165 3100 y(ordering,)j(93)2331 -3221 y(an)m(ti-symmetry)-8 b(,)32 b(95)2331 3342 y(on)h -Fw(P)p Fu(,)f(136)2331 3463 y(on)h Fw(PState)p Fu(,)f(140)2331 -3584 y(on)h Fw(PState)f Ft(!)g Fw(PState)p Fu(,)g(148)2331 -3705 y(on)h Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)p -Fu(,)f(93)2331 3826 y(re\015exivit)m(y)-8 b(,)33 b(95,)f(141)2331 -3947 y(symmetry)-8 b(,)33 b(141)2331 4068 y(transitivit)m(y)-8 -b(,)31 b(95,)h(141)2165 4190 y(output)h(v)-5 b(ariable,)31 -b(134)2165 4405 y Fr(par)p Fu(-construct,)j(48)2165 4526 -y(parallelism,)29 b(48)2165 4648 y(parameterized)j(relation,)f(141)2165 -4769 y(partial)f(correctness,)35 b(169,)d(175)2331 4890 -y(axiomatic)e(seman)m(tics,)j(178)2331 5011 y(denotational)e(seman)m -(tics,)i(172)2331 5132 y(natural)e(seman)m(tics,)i(169)2331 -5253 y(structural)45 b(op)s(erational)e(seman)m(tics,)2497 -5373 y(172)2165 5494 y(partial)30 b(function,)i(213)p -eop -%%Page: 239 249 -239 248 bop 0 130 a Fw(Index)3028 b(239)p 0 193 3473 -4 v 0 515 a Fu(partially)30 b(ordered)j(set,)h(95)0 636 -y(p)s(ostcondition,)d(176)0 756 y(precondition,)h(176)0 -877 y(predicate,)h(215)0 997 y Fr(proc)p Fu(-construct,)h(53,)f(117,)e -(197)0 1117 y(pro)s(cedure)j(declaration,)d(53,)h(117,)g(121)0 -1238 y(pro)s(cedure)23 b(en)m(vironmen)m(t,)h(54,)g(56,)f(58,)g(121)0 -1358 y(pro)s(cedure)34 b(name,)e(53,)g(117)0 1478 y(program)f(v)-5 -b(ariable,)31 b(176)0 1599 y(prop)s(ert)m(y)-8 b(,)33 -b(135)0 1719 y(prop)s(ert)m(y)g(state,)g(137)166 1840 -y(improp)s(er,)e(138)166 1960 y(prop)s(er,)i(138)0 2080 -y Fr(protect)p Fu(-construct,)i(50)0 2201 y(pro)m(v)-5 -b(abilit)m(y)d(,)31 b(180)166 2321 y(in)21 b(execution)h(time)f -(inference)h(system,)332 2441 y(203)166 2562 y(in)f(partial)f -(correctness)j(inference)g(sys-)332 2682 y(tem,)32 b(180)166 -2803 y(in)i(total)f(correctness)k(inference)e(sys-)332 -2923 y(tem,)d(192)0 3043 y(pro)m(v)-5 b(ably)32 b(equiv)-5 -b(alence,)33 b(182)0 3246 y Fr(raise)p Fu(-construct,)i(126)0 -3366 y Fr(random)p Fu(-construct,)g(48)0 3486 y(recurrence)f(equation,) -f(205,)f(207)0 3607 y(recursiv)m(e)i(pro)s(cedure,)g(54,)e(56,)g(125,)g -(198)0 3727 y(re\015exiv)m(e)i(ordering,)e(141)0 3848 -y(re\015exiv)m(e)i(relation,)d(95)0 3968 y(re\015exiv)m(e)j(transitiv)m -(e)e(closure,)h(215)0 4088 y(relation,)e(215)0 4209 y(relation)g(comp)s -(osition,)f(215)0 4329 y Fr(repeat)p Fu(-construct,)43 -b(28,)e(30,)f(36,)h(39,)f(43,)332 4450 y(72,)24 b(81,)f(111,)g(112,)h -(117,)f(129,)g(151,)332 4570 y(160,)43 b(182,)g(183,)g(186,)g(190,)h -(194,)332 4690 y(196,)32 b(208)0 4811 y(rule,)g(20)0 -4931 y(rule)g(of)g(consequence,)k(180)0 5133 y(safet)m(y)e(of)e(static) -g(analysis,)g(153,)g(159)0 5254 y(seman)m(tic)g(clause,)h(9)0 -5374 y(seman)m(tic)f(equation,)h(9)0 5494 y(seman)m(tic)f(equiv)-5 -b(alence,)33 b(26,)f(39,)h(112)1882 515 y(seman)m(tic)f(function,)g(9) -1882 638 y(soundness,)i(183)2048 760 y(of)21 b(execution)h(time)f -(inference)h(system,)2214 880 y(208)2048 1003 y(of)f(partial)e -(correctness)24 b(inference)e(sys-)2214 1123 y(tem,)32 -b(184)2048 1245 y(of)i(total)g(correctness)k(inference)d(sys-)2214 -1366 y(tem,)d(194)1882 1488 y(state,)h(12)1882 1610 y(statemen)m(t,)g -(7)2048 1732 y(analysis,)f(144)2048 1855 y(execution)h(time,)e(202)2048 -1977 y(seman)m(tics,)h(31,)h(39,)f(85)2048 2099 y(translation,)e(71) -1882 2221 y(static)i(scop)s(e,)h(53,)f(117)1882 2344 -y(storage,)g(64)1882 2466 y(store,)h(57,)f(118)1882 2588 -y(strict)g(function,)g(103)1882 2710 y(strongest)h(p)s(ostcondition,)e -(187,)h(190)1882 2833 y(structural)g(induction,)g(11)1882 -2955 y(structural)g(op)s(erational)e(seman)m(tics,)j(32)1882 -3077 y(stuc)m(k)h(con\014guration,)e(216)1882 3199 y(substitution,)g -(16,)g(17,)g(51)1882 3322 y(symmetric)f(ordering,)h(141)1882 -3558 y(terminating)19 b(computation)h(sequence,)27 b(66)1882 -3680 y(terminating)j(execution,)j(25,)f(36)1882 3803 -y(total)f(correctness,)j(169)2048 3925 y(axiomatic)c(seman)m(tics,)j -(191)1882 4047 y(total)e(function,)h(213)1882 4169 y(transition)e -(relation,)h(216)1882 4292 y(transition)f(system,)k(216)1882 -4414 y(transitiv)m(e)e(ordering,)f(141)1882 4536 y(transitiv)m(e)h -(relation,)e(95)1882 4773 y(upp)s(er)j(b)s(ound,)f(97)1882 -5009 y(v)-5 b(alidit)m(y)d(,)30 b(184)2048 5131 y(in)21 -b(execution)h(time)e(inference)j(system,)2214 5252 y(203)2048 -5374 y(in)e(partial)e(correctness)24 b(inference)e(sys-)2214 -5494 y(tem,)32 b(184)p eop -%%Page: 240 250 -240 249 bop 251 130 a Fw(240)3028 b(Index)p 251 193 3473 -4 v 450 515 a Fu(in)33 b(total)g(correctness)k(inference)e(sys-)616 -636 y(tem,)d(191)283 756 y Fr(var)p Fu(-construct,)j(51,)d(117)283 -877 y(v)-5 b(ariable,)31 b(7)283 997 y(v)-5 b(ariable)31 -b(declaration,)g(51,)i(117,)e(120)283 1117 y(v)-5 b(ariable)31 -b(en)m(vironmen)m(t,)i(57,)f(118)283 1321 y(w)m(eak)m(est)j(lib)s(eral) -30 b(precondition,)i(187)p eop -%%Trailer -end -userdict /end-hook known{end-hook}if -%%EOF diff --git a/wiley.ps.gz b/wiley.ps.gz Binary files differnew file mode 100644 index 0000000..251eb69 --- /dev/null +++ b/wiley.ps.gz |