From 2d7904d35c3614cd276890b5ff4f49d469205c9a Mon Sep 17 00:00:00 2001
From: Camil Staps
Date: Mon, 15 Feb 2016 12:29:08 +0100
Subject: ps instead of pdf

---
 wiley.ps | 21900 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 21900 insertions(+)
 create mode 100644 wiley.ps

(limited to 'wiley.ps')

diff --git a/wiley.ps b/wiley.ps
new file mode 100644
index 0000000..f18f0cf
--- /dev/null
+++ b/wiley.ps
@@ -0,0 +1,21900 @@
+%!PS-Adobe-2.0
+%%Creator: dvips(k) 5.78 Copyright 1998 Radical Eye Software (www.radicaleye.com)
+%%Title: notes.dvi
+%%Pages: 250
+%%PageOrder: Ascend
+%%BoundingBox: 0 0 596 842
+%%EndComments
+%DVIPSCommandLine: dvips -f notes.dvi
+%DVIPSParameters: dpi=600, compressed
+%DVIPSSource:  TeX output 1999.09.29:1650
+%%BeginProcSet: texc.pro
+%!
+/TeXDict 300 dict def TeXDict begin /N{def}def /B{bind def}N /S{exch}N
+/X{S N}B /TR{translate}N /isls false N /vsize 11 72 mul N /hsize 8.5 72
+mul N /landplus90{false}def /@rigin{isls{[0 landplus90{1 -1}{-1 1}
+ifelse 0 0 0]concat}if 72 Resolution div 72 VResolution div neg scale
+isls{landplus90{VResolution 72 div vsize mul 0 exch}{Resolution -72 div
+hsize mul 0}ifelse TR}if Resolution VResolution vsize -72 div 1 add mul
+TR[matrix currentmatrix{dup dup round sub abs 0.00001 lt{round}if}
+forall round exch round exch]setmatrix}N /@landscape{/isls true N}B
+/@manualfeed{statusdict /manualfeed true put}B /@copies{/#copies X}B
+/FMat[1 0 0 -1 0 0]N /FBB[0 0 0 0]N /nn 0 N /IE 0 N /ctr 0 N /df-tail{
+/nn 8 dict N nn begin /FontType 3 N /FontMatrix fntrx N /FontBBox FBB N
+string /base X array /BitMaps X /BuildChar{CharBuilder}N /Encoding IE N
+end dup{/foo setfont}2 array copy cvx N load 0 nn put /ctr 0 N[}B /df{
+/sf 1 N /fntrx FMat N df-tail}B /dfs{div /sf X /fntrx[sf 0 0 sf neg 0 0]
+N df-tail}B /E{pop nn dup definefont setfont}B /ch-width{ch-data dup
+length 5 sub get}B /ch-height{ch-data dup length 4 sub get}B /ch-xoff{
+128 ch-data dup length 3 sub get sub}B /ch-yoff{ch-data dup length 2 sub
+get 127 sub}B /ch-dx{ch-data dup length 1 sub get}B /ch-image{ch-data
+dup type /stringtype ne{ctr get /ctr ctr 1 add N}if}B /id 0 N /rw 0 N
+/rc 0 N /gp 0 N /cp 0 N /G 0 N /sf 0 N /CharBuilder{save 3 1 roll S dup
+/base get 2 index get S /BitMaps get S get /ch-data X pop /ctr 0 N ch-dx
+0 ch-xoff ch-yoff ch-height sub ch-xoff ch-width add ch-yoff
+setcachedevice ch-width ch-height true[1 0 0 -1 -.1 ch-xoff sub ch-yoff
+.1 sub]/id ch-image N /rw ch-width 7 add 8 idiv string N /rc 0 N /gp 0 N
+/cp 0 N{rc 0 ne{rc 1 sub /rc X rw}{G}ifelse}imagemask restore}B /G{{id
+gp get /gp gp 1 add N dup 18 mod S 18 idiv pl S get exec}loop}B /adv{cp
+add /cp X}B /chg{rw cp id gp 4 index getinterval putinterval dup gp add
+/gp X adv}B /nd{/cp 0 N rw exit}B /lsh{rw cp 2 copy get dup 0 eq{pop 1}{
+dup 255 eq{pop 254}{dup dup add 255 and S 1 and or}ifelse}ifelse put 1
+adv}B /rsh{rw cp 2 copy get dup 0 eq{pop 128}{dup 255 eq{pop 127}{dup 2
+idiv S 128 and or}ifelse}ifelse put 1 adv}B /clr{rw cp 2 index string
+putinterval adv}B /set{rw cp fillstr 0 4 index getinterval putinterval
+adv}B /fillstr 18 string 0 1 17{2 copy 255 put pop}for N /pl[{adv 1 chg}
+{adv 1 chg nd}{1 add chg}{1 add chg nd}{adv lsh}{adv lsh nd}{adv rsh}{
+adv rsh nd}{1 add adv}{/rc X nd}{1 add set}{1 add clr}{adv 2 chg}{adv 2
+chg nd}{pop nd}]dup{bind pop}forall N /D{/cc X dup type /stringtype ne{]
+}if nn /base get cc ctr put nn /BitMaps get S ctr S sf 1 ne{dup dup
+length 1 sub dup 2 index S get sf div put}if put /ctr ctr 1 add N}B /I{
+cc 1 add D}B /bop{userdict /bop-hook known{bop-hook}if /SI save N @rigin
+0 0 moveto /V matrix currentmatrix dup 1 get dup mul exch 0 get dup mul
+add .99 lt{/QV}{/RV}ifelse load def pop pop}N /eop{SI restore userdict
+/eop-hook known{eop-hook}if showpage}N /@start{userdict /start-hook
+known{start-hook}if pop /VResolution X /Resolution X 1000 div /DVImag X
+/IE 256 array N 2 string 0 1 255{IE S dup 360 add 36 4 index cvrs cvn
+put}for pop 65781.76 div /vsize X 65781.76 div /hsize X}N /p{show}N
+/RMat[1 0 0 -1 0 0]N /BDot 260 string N /rulex 0 N /ruley 0 N /v{/ruley
+X /rulex X V}B /V{}B /RV statusdict begin /product where{pop false[
+(Display)(NeXT)(LaserWriter 16/600)]{dup length product length le{dup
+length product exch 0 exch getinterval eq{pop true exit}if}{pop}ifelse}
+forall}{false}ifelse end{{gsave TR -.1 .1 TR 1 1 scale rulex ruley false
+RMat{BDot}imagemask grestore}}{{gsave TR -.1 .1 TR rulex ruley scale 1 1
+false RMat{BDot}imagemask grestore}}ifelse B /QV{gsave newpath transform
+round exch round exch itransform moveto rulex 0 rlineto 0 ruley neg
+rlineto rulex neg 0 rlineto fill grestore}B /a{moveto}B /delta 0 N /tail
+{dup /delta X 0 rmoveto}B /M{S p delta add tail}B /b{S p tail}B /c{-4 M}
+B /d{-3 M}B /e{-2 M}B /f{-1 M}B /g{0 M}B /h{1 M}B /i{2 M}B /j{3 M}B /k{
+4 M}B /w{0 rmoveto}B /l{p -4 w}B /m{p -3 w}B /n{p -2 w}B /o{p -1 w}B /q{
+p 1 w}B /r{p 2 w}B /s{p 3 w}B /t{p 4 w}B /x{0 S rmoveto}B /y{3 2 roll p
+a}B /bos{/SS save N}B /eos{SS restore}B end
+
+%%EndProcSet
+TeXDict begin 39158280 55380996 1000 600 600 (notes.dvi)
+@start
+%DVIPSBitmapFont: Fa cmsy6 6 1
+/Fa 1 49 df<EA01E0EA03F0A4EA07E0A213C0120FA21380A2EA1F00A2121EA2123E123C
+A25AA3127012F05A12600C1A7E9B12>48 D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fb cmcsc10 12 26
+/Fb 26 123 df<EC7FC0903803FFF890380FC07E90393F001F80017E6D7E496D7E48486D
+7E48486D7EA248486D7E000F8149147E001F157FA3003F1680A249143F007F16C0A600FF
+16E0B3A2007F16C0A66C6CEC7F80A3001F1600A36C6C14FEA200075D6D130100035D6C6C
+495A6C6C495A017E495A6D495A90260FC07EC7FC903803FFF89038007FC02B447BC137>
+48 D<1438147814F81303130F13FFB5FC13F713071200B3B3B0497E497EB712C0A32242
+76C137>I<49B4FC010F13F0013F13FC9038FC03FF2601E00013C0D807C0EB3FE048486D
+7E90C76C7E001E6E7E4881003814030078811270007C80B416807F7F81A46C485B6CC7FC
+C8FC17005DA25E15075E4B5AA24B5A5E4B5A4B5A4BC7FC5D4A5A4A5A4A5AEC0FC04A5A92
+C8FC143E5C5C495A4948EB0380EB078049C7FC011EEC07005B5B5B48485C485A49141E48
+B612FE5A5A5A5AB75AA329427AC137>I<157015F8A34A7EA24A7EA3EC077FA2020F7FEC
+0E3FA2021E7FEC1C1FA24A6C7EA202787FEC7007A24A6C7EA2010180ECC001A2010380EC
+8000A249C7127FA2498191B6FCA24981011CC7121F013C810138140FA201788101701407
+A201F06E7E5B000182487E000782D81FF84A7EB5027F13F8A335347CB33D>97
+D<B77E16F016FC3A03FC0003FF6C4801001380EE3FC017E0161FEE0FF0A217F8A21607A2
+160FA217F0161F17E0EE3FC0EE7F80EEFF00ED03FE90B612F0A29039F80007FE9238007F
+80EE1FC0EE0FF0EE07F817FC160317FE160117FFA617FE1603A2EE07FCEE0FF8EE1FF0EE
+3FE0486C903801FFC0B8120016FC16E030337BB23A>I<4AB4EB0180021FEBF00391B5EA
+FC0701039038007E0FD907F8EB0F9FD91FE0EB03DF4948EB01FF01FFC8FC4848157F4848
+153FA24848151F4848150F121F491507123F5BA2007F1603A3484892C7FCAB6C7EEF0380
+A2123FA27F001F16076D1600000F5E6C6C150E6C6C151E171C6C6C153C6C6C5DD93FC05C
+6D6CEB03E0D907F8495A902703FF807FC7FC0100EBFFFC021F13F00201138031357BB33B
+>I<B7FC16F016FC3A03FE0003FF6C489038007F80EE1FE0707E707E707E1601707E177F
+A21880173F18C0A2EF1FE0A418F0AA18E0A4EF3FC0A21880177F180017FE16015F4C5AEE
+0FF04C5AEE7FC0486CD903FFC7FCB712FC16F093C8FC34337BB23E>I<B812F0A3D803FE
+C7123F6C48EC07F816011600A21778A21738A3171C1507A31700A25DA25D157F90B6FCA3
+9038FC007F151F81A2811707A3170E92C7FCA4171EA2173CA2177C17FC16011607486C14
+3FB812F8A330337BB238>I<B812C0A3D803FEC7FC6C48EC1FE0160716031601A21600A4
+1770A2150EA21700A3151EA2153E15FE90B5FCA3EBFC00153E151EA2150EA592C8FCAB48
+B4FCB512FEA32C337BB235>I<DA03FF1303021FEBE00791B5EAF80F0103903800FE1FD9
+0FF8EB1F3FD91FE0EB07BFD97F806DB4FC49C77E484880484881484881A2484881121F49
+81123F5BA2007F82A25B00FF93C7FCAA4BB512F86C7EA2DB00011380003F6F1300837F12
+1F7F120F6C7E7F12036C7E6C6C5DEB7FC0D91FE05BD90FF8EB07DF903A03FF803F8F0100
+9038FFFE07021FEBF80302030180C7FC35357BB340>I<B5D8F803B512E0A3D803FEC738
+0FF8006C486E5AB390B7FCA301FCC71207B3A3486C4A7EB5D8F803B512E0A333337BB23D
+>I<B512F8A33803FE006C5AB3B3A7487EB512F8A315337BB21E>I<90383FFFFEA3903800
+7FE0EC1FC0B3B1127EB4FCA4EC3F805A0070EB7F006C137E001E5B380F83F83803FFE0C6
+90C7FC1F347BB22A>I<B500F890380FFFF0A3D803FEC76C13806C48913803FC0017F04C
+5A5F4CC7FC161E5E5E5EED03E04B5A4B5A4BC8FC153E5D15F014014A7E4A7E140F4A7EEC
+7CFF4A6C7EEBFDF09039FFE03FC04A6C7EEC800FD9FE007F496D7E6F7EA26F7E6F7E8283
+707E707EA2707E707E83160383486C913807FF80B500F8011F13F8A335337BB23F>I<B5
+12FEA3000390C9FCEA01FCB3A9EE01C0A416031780A41607A2160F161FA2167FEEFF0048
+6C1307B8FCA32A337BB233>I<D8FFFEEE7FFFA26D93B5FC000318C06C1880D9DF80EC01
+DFA2D9CFC0EC039FA3D9C7E0EC071FA2D9C3F0140EA3D9C1F8141CA2D9C0FC1438A3027E
+1470A26E14E0A391391F8001C0A291390FC00380A3913907E00700A2913803F00EA36E6C
+5AA26E6C5AA3ED7E70A26F5AA3486C6D5A487ED81FFC6D48EB3FC0B50080020FB5FCA2ED
+070040337BB24A>I<D8FFFC91383FFFE07FA2D801FF020713006EEB01FC6E6D5A1770EB
+DFE0EBCFF013C780EBC3FC13C180EBC0FF80816E7E6E7EA26E7E6E7E1403816E7E140081
+ED7F80ED3FC0A2ED1FE0ED0FF0150716F8ED03FC150116FEED00FF167F17F0163F161FA2
+160F1607486C1403487ED81FFC1401B56C1300A2177033337BB23D>I<EC07FF023F13E0
+903901FE03FC903907F0007FD90FC0EB1F80D93F80EB0FE049C76C7E01FE6E7E48486E7E
+48486E7E4848157FA24848ED3F80001F17C0A24848ED1FE0A3007F17F049150FA300FF17
+F8AA007F17F06D151FA2003F17E0A26D153F001F17C0A26C6CED7F80000717006D5D0003
+5E6C6C4A5A6C6C4A5A017F4A5A6D6C495AD90FC0EB1F80D907F0017FC7FC903901FE03FC
+9039003FFFE0020790C8FC35357BB33F>I<B7FC16F016FC3A03FE0003FF6C489038007F
+80EE3FC0EE1FE0EE0FF0A2EE07F8A217FCA617F8A2EE0FF0A2EE1FE0EE3FC0EEFF00ED03
+FE90B612F816C001FCC9FCB3A2487EB512F8A32E337BB238>I<EC07FF023F13E0903901
+FE03FC903907F0007FD90FC0EB1F80D93F80EB0FE049C76C7E01FE6E7E48486E7E48486E
+7E0007824981000F17804848ED3FC0A2003F17E049151FA2007F17F0A249150FA200FF17
+F8AA007F17F0A26D151F003F17E0A36C6CED3FC0A26C6CED7F80000702F814009026F803
+FE5B0003D907075B3B01FC0E0381FC3B00FE0C01C3F8017F903800E7F0D93F8CEBEFE0D9
+0FCCEB7F80D907FE91C7FC903901FF03FC9027003FFFF813180207133C91C7123E183804
+3F137893381FC1F8EFFFF0A37013E0A27013C0701380701300EE007C35427BB33F>I<B6
+12F8EDFF8016E03A03FE000FF86C48EB03FEED00FF707E707E83161FA283A55FA24C5A5F
+4CC7FC16FEED03FCED1FF090B6128003FCC8FC9038FC003FED0FC06F7E6F7E6F7E821500
+82A382A383A4EFC01CA2167FEFE03C486C023F1338B500F890381FF07893380FF8F09338
+03FFE0CAEA7F8036347BB23C>I<90390FF0018090387FFE0348B512873907F00FEF390F
+C001FF48C7FC003E143F151F5A150F5A1507A36C1403A27E6C91C7FC6C7E7FEA3FF8EBFF
+806C13FC6CEBFFC06C14F06C80C614FE011F7F01031480D9001F13C014019138003FE015
+1F150FED07F0150312E01501A37EA216E06C1403A26CEC07C06CEC0F806C6CEB1F0001E0
+133ED8FBFE13FC00F0B55AD8E01F13E0D8C00390C7FC24357BB32E>I<007FB812C0A390
+3A8007FC003F277E0003F8130F007C16070078160300701601A200F017E0A2481600A6C7
+1600B3AA4A7E4A7E010FB512FEA333327CB13B>I<B500F890383FFFE0A3D803FEC70007
+13006C48EC01FC705A1770B3AE000016F06D5DA2017E1401017F4A5A7F6D6C495A6E49C7
+FC6D6C131ED903F0137C903901FE03F89039007FFFE0021F1380DA03FCC8FC33347BB23D
+>I<B500F091387FFF80A30003018091381FFC006C90C8EA0FE06C6D5D017F5E6D6C4AC7
+FC171E6D6C5C6D6C143817786D6C5C6D6C5C16016D6C495A6D6C5C16076E6C48C8FC9138
+3FC00E161E6E6C5A91380FF03816786E6C5A6E6C5AEDFDC0EC01FF6E5B93C9FC81B14B7E
+023F13FEA339337EB23D>121 D<003FB7FCA39039FC0001FE01E01303018014FC90C7EA
+07F8003E140F003C15F0007CEC1FE00078EC3FC0A2ED7F800070ECFF00A24A5A4A5AC712
+075D4A5A141F5D4A5A4A5AA24AC7FC495AA2495A495A130F4A1307495A133F5C495A49C7
+FC160F485A485AA24848141E485A001F153E49147E484814FE007F140349131FB7FCA328
+337BB232>I E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fc cmmi8 8 17
+/Fc 17 117 df<14C0A5497EA700F0EC03C039FF83F07F003FB61200000F14FC000114E0
+6C6C1380D91FFEC7FCEB07F8497EA2497EEB3F3FEB3E1F496C7EEB7807496C7EA248486C
+7E48486C7E49137090C71230222180A023>63 D<013FB512FEEEFFC0903A00FE0007F0EE
+01F84AEB007E8301018118804A140F18C00103150718E05CA21307A25CA2130FA24A140F
+A2131F18C04A141FA2013F1680173F91C81300A249157EA2017E5D5F01FE14014C5A494A
+5A4C5A00014BC7FC163E4914FCED03F00003EC1FC0B7C8FC15F8332D7CAC3A>68
+D<013FB71280A2D900FEC7127F170F4A1407A20101150318005CA21303A25C1630010714
+7094C7FC4A136016E0130F15019138C007C091B5FC5BECC0074A6C5AA2133FA20200EB00
+0CA249151C92C71218017E1538173001FE15705F5B4C5A000115034C5A49140F161F0003
+4AB4C7FCB8FC5E312D7DAC34>I<90383FFFFCA2903800FE00A25CA21301A25CA21303A2
+5CA21307A25CA2130FA25CA2131FA25CA2133FA291C7FCA25BA2137EA213FEA25BA21201
+A25BA21203B512E0A21E2D7DAC1F>73 D<ED7FC0913807FFF891381F807E91397C001F80
+D901F0EB0FC0D907E0EB03E0D90F8014F049C71201013EEC00F84915FC5B12014848157E
+485AA2485A121FA2485A17FE90C9FC5AA300FEED01FCA3EE03F8A217F0160717E0160FEE
+1FC01780007EED3F005E6C157E5E6C6C495AED03E06C6CEB0FC06C6C49C7FCD803F8137E
+3900FE03F890383FFFC0D907FEC8FC2F2F7CAD36>79 D<013FB6FC17E0903A00FE0007F0
+EE01FC4AEB007EA2010181A25C1880010316005F5CA2010715FEA24A5C4C5A010F4A5A4C
+5A4AEB1F8004FFC7FC91B512F84914C00280C9FCA3133F91CAFCA35B137EA313FE5BA312
+015BA21203B512E0A2312D7DAC2D>I<913807F00691383FFE0E9138F80F9E903903E001
+FE903807800049C7127C131E49143CA2491438A313F81630A26D1400A27FEB7F8014F86D
+B47E15F06D13FC01077F01007F141F02011380EC003F151F150FA215071218A3150F0038
+1500A2151EA2007C5C007E5C007F5C397B8003E039F1F00F8026E07FFEC7FC38C00FF027
+2F7CAD2B>83 D<B500C090380FFFC0A2D807F8C73801FC006C48EC00F05F4C5A5F6D4AC7
+FC120116065EA25E6D5C12005E5EA24B5A6D49C8FCA2017E13065DA25D017F5BA26D5B5D
+A24A5A0283C9FCA2EB1F86148CA2149814F0A26D5A5CA25C91CAFCA21306322E7CAC29>
+86 D<90260FFFFCEB7FFFA29026007FC0EB0FF06E48148018006E6C131E1718020F5C6F
+5B02075C6F485A020349C7FCEDF8065E6E6C5A5E6E6C5A5EED7F8093C8FC6F7EA26F7E15
+3F156FEDCFE0EC018791380307F0EC0703020E7F141C4A6C7E14704A6C7E495A4948137F
+49C7FC010E6E7E5B496E7E5BD801F081D807F8143FD8FFFE0103B5FCA2382D7EAC3A>88
+D<EB07E0EB1FF890387C1CE0EBF80D3801F00F3803E007EA07C0120FD81F8013C0A2EA3F
+00140F481480127EA2141F00FE14005AA2EC3F02EC3E06A25AEC7E0E007CEBFE0C14FC01
+01131C393E07BE18391F0E1E38390FFC0FF03903F003C01F1F7D9D25>97
+D<13F8121FA21201A25BA21203A25BA21207A25BA2120FEBC7E0EB9FF8EBB83C381FF01E
+EBE01F13C09038800F80EA3F00A2123EA2007E131FA2127CA2143F00FC14005AA2147EA2
+147C14FC5C387801F01303495A383C0F806C48C7FCEA0FFCEA03F0192F7DAD1E>I<EB01
+F8EB0FFE90383E0780EB7C01D801F813C03803F0073807E00FEA0FC001801380121F48C8
+FCA25A127EA312FE5AA51560007C14E0EC01C0EC03806CEB0F00001E131C380F81F83807
+FFE0C648C7FC1B1F7D9D1F>I<157C4AB4FC913807C380EC0F87150FEC1F1FA391383E0E
+0092C7FCA3147E147CA414FC90383FFFF8A2D900F8C7FCA313015CA413035CA413075CA5
+130F5CA4131F91C8FCA4133EA3EA383C12FC5BA25B12F0EAE1E0EA7FC0001FC9FC213D7C
+AE22>102 D<14FCEB03FF90380F839C90381F01BC013E13FCEB7C005B1201485A15F848
+5A1401120F01C013F0A21403121F018013E0A21407A215C0A2000F130F141F0007EB3F80
+EBC07F3803E1FF3800FF9F90383E1F0013005CA2143EA2147E0038137C00FC13FC5C495A
+38F807E038F00F80D87FFEC7FCEA1FF81E2C7E9D22>I<90387C01F89038FE07FE3901CF
+8E0F3A03879C0780D907B813C0000713F000069038E003E0EB0FC0000E1380120CA2D808
+1F130712001400A249130F16C0133EA2017EEB1F80A2017C14005D01FC133E5D15FC6D48
+5A3901FF03E09038FB87C0D9F1FFC7FCEBF0FC000390C8FCA25BA21207A25BA2120FA2EA
+FFFCA2232B829D24>112 D<903807E03090381FF87090387C1CF0EBF80D3801F00F3903
+E007E0EA07C0000F1303381F800715C0EA3F00A248130F007E1480A300FE131F481400A3
+5C143E5A147E007C13FE5C1301EA3E07EA1F0E380FFCF8EA03F0C7FC13015CA313035CA2
+1307A2EBFFFEA21C2B7D9D20>I<130E131FA25BA2133EA2137EA2137CA213FCA2B512F8
+A23801F800A25BA21203A25BA21207A25BA2120FA25BA2001F1310143013001470146014
+E0381E01C0EB0380381F0700EA0F0EEA07FCEA01F0152B7EA919>116
+D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fd cmr6 6 7
+/Fd 7 110 df<1438B2B712FEA3C70038C7FCB227277C9F2F>43
+D<13FF000313C0380781E0380F00F0001E137848133CA248131EA400F8131FAD0078131E
+A2007C133E003C133CA26C13786C13F0380781E03803FFC0C6130018227DA01E>48
+D<13E01201120712FF12F91201B3A7487EB512C0A212217AA01E>I<EA01FC3807FF8038
+1C0FC0383003E0386001F0EB00F812F86C13FCA2147C1278003013FCC7FC14F8A2EB01F0
+EB03E014C0EB0780EB0F00131E13385B5B3801C00CEA0380380600185A5A383FFFF85AB5
+12F0A216217CA01E>I<13FF000313C0380F03E0381C00F014F8003E13FC147CA2001E13
+FC120CC712F8A2EB01F0EB03E0EB0FC03801FF00A2380003E0EB00F01478147C143E143F
+1230127812FCA2143E48137E0060137C003813F8381E03F0380FFFC00001130018227DA0
+1E>I<14E01301A213031307130F130D131913391371136113C11201EA03811301120612
+0E121C12181230127012E0B6FCA2380001E0A6EB03F0EB3FFFA218217DA01E>I<3A0F0F
+F00FF03AFF3FFC3FFC9039703E703E3A1FC01FC01F6C486C487EA201001300AD3BFFF0FF
+F0FFF0A22C157D9432>109 D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fe cmbsy10 12 2
+/Fe 2 21 df<007FBA12F8BB12FCA46C19F84606779B59>0 D<1A78F101FC1907191F19
+7F953801FFF8060713C0061F1300F07FFC943801FFF0050713C0051F90C7FCEF7FFC9338
+01FFF0040713C0041F90C8FCEEFFFC030313F0030F13C0033F90C9FCEDFFFC020313F002
+0F1380DA3FFECAFCECFFF8010313E0010F1380D93FFECBFCEBFFF8000313E0000F1380D8
+3FFECCFCEAFFF813E0A213F8EA7FFE380FFF80000313E0C613F8EB3FFE90380FFF800103
+13E0010013F8EC3FFE91380FFF80020313E0020013FCED3FFF030F13C0030313F0030013
+FCEE3FFF040713C0040113F09338007FFCEF1FFF050713C0050113F09438007FFCF01FFF
+060713C0060113F09538007FFC191F19071901F100781A00B2003FBA12F04819F8BB12FC
+A36C19F8465C77C459>20 D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Ff cmmib10 12 2
+/Ff 2 64 df<127812FE6C7E13E013F8EA3FFE380FFF80000313E0C613F8EB3FFE90380F
+FF80010313E0010013F8EC3FFE91380FFF80020313F0020013FCED3FFF030F13C0030313
+F0030013FCEE1FFF040713C0040113F09338007FFCEF1FFF050713C0050113F09438007F
+FCF01FFF060713C0060113F89538007FFC191FA2197F953801FFF8060713C0061F1300F0
+7FFC943801FFF0050713C0051F90C7FCEF7FFC933801FFF0040713C0041F90C8FCEEFFFC
+030313F0030F13C0033F90C9FCEDFFFC020313F0020F1380DA3FFECAFCECFFF8010313E0
+010F1380D93FFECBFCEBFFF8000313E0000F1380D83FFECCFCEAFFF813E0138048CDFC12
+78464477BA59>62 D<156015F0A34A7EA64A7EA64A7E00401720D8FFC0ED3FF0D9FF87EB
+1FFF91B7FC6C17E0001F17800007EEFE00000116F86C6C15E0011F158001074AC7FC0101
+14F86D5C6E5BA291B57EA24980A249EB9FFC150F49486C7EECFC0349486C7E4A7E49486D
+7E4A133F49486D7E91C7120F013E1407496E7E0178140101306E5A34327EB139>I
+E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fg cmex10 10 12
+/Fg 12 126 df<EE03C0160F163F167F923801FF004B5A4B5AED0FF04B5A4B5A4B5A4BC7
+FC5C5D4A5A14075D4A5AA2141F5DA24A5AA44A5AB3B3B3B214FF92C8FCA35B5CA2495AA2
+5C13075C130F495A5C133F495A49C9FC485A485A485A485AEA1FC0485AB4CAFC12FCA2B4
+FCEA3F806C7EEA0FF06C7E6C7E6C7E6C7E6D7E6D7E131F806D7E130780130380A26D7EA2
+807FA381147FB3B3B3B26E7EA46E7EA281140FA26E7E8114036E7E81806F7E6F7E6F7E6F
+7EED07FC6F7E6F7E9238007FC0163F160F16032AF8748243>40 D<EC01F01407140F143F
+147F903801FFC0491380491300495A495A495A495A5C495A485B5A91C7FC485AA2485AA2
+485AA2123F5BA2127F5BA412FF5BB3B3A71C4B607E4A>56 D<EAFFC0B3B3A77F127FA47F
+123FA27F121FA26C7EA26C7EA26C7E807E6C7F6D7E806D7E6D7E6D7E6D7E6D13806D13C0
+9038007FF0143F140F140714011C4B60804A>58 D<EC1FF8B3B3A7143F15F0A4EC7FE0A3
+15C014FFA2491380A215005B5C1307495A5C131F495A5C495A495A4890C7FC485A485A48
+5A485AEA7FE0EAFF8090C8FC12FCB4FC7FEA7FE0EA1FF06C7E6C7E6C7E6C7E6C7F6D7E6D
+7E806D7E130F806D7E1303807F1580A26D13C0A2147F15E0A3EC3FF0A415F8141FB3B3A7
+1D9773804A>60 D<EAFFC0B3A90A1B60804A>62 D<0078EF078000FCEF0FC0B3B3B3B3A4
+BAFCA47E6C18803A537B7F45>70 D<0078EF078000FCEF0FC0B3B3B3A46C171F007E1880
+A2007F173F6C1800A26D5E001F177E6D16FE6C6C4B5A6D15036C6C4B5A6C6C4B5A6C6C4B
+5A6C6C6CEC7FC06D6C4A5AD93FF8010790C7FC6DB4EB3FFE6D90B55A010315F06D5D6D6C
+1480020F01FCC8FC020113E03A537B7F45>83 D<913801FFE0020F13FC027FEBFF8049B6
+12E04981010F15FC499038003FFED93FF8EB07FFD97FC001007F49486E7E4848C8EA1FE0
+48486F7E48486F7E48486F7E49150148486F7E49167E003F177F90CA7EA2481880007E17
+1FA200FE18C048170FB3B3B3A40078EF07803A537B7F45>I<EE7F80ED0FFF157F4AB5FC
+140F143F5C49B6FC13075B4991C7FC4913E090B5C8FC4813F84813E014804848C9FC485A
+EA1FF0485A5B485A48CAFCA25A5A5A291B838925>122 D<B4FC13F813FF14C014F814FE
+8015C015F081C66C7F01037F9039007FFF80020F7F02037F1400ED3FF06F7EED07FC6F7E
+15016F7EEE7F80A2163F161F160F291B818925>I<12F87E7E7EA26C7E6C7E7F6C7EEA0F
+FC6C7E6C6C7E14E06C13F86C13FF013F13E06D13FF6DECFF807F13016D7E80140F14016E
+7E150FED007F291B839A25>I<EE0F80161F163F167FA2EEFF004B5A15034B5AED1FF84B
+5AEDFFE01403020F5B027F5B902603FFFEC7FC017F5BB65A5D15C092C8FC5C14F814C091
+C9FC13F890CAFC291B819A25>I E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fh lasy10 12 2
+/Fh 2 51 df<127012FCB4FC13C013F0EAF7FCEAF1FF38F07FC0EB1FF0EB07FCEB01FF90
+38007FC0EC1FF0EC07FE913801FF809138007FE0ED1FF8ED03FE923800FF80EE3FE0EE0F
+F8EE03FE933800FF80EF3FE0EF0FF8EF03FE943800FF80F03FE0F00FF0A2F03FE0F0FF80
+943803FE00EF0FF8EF3FE0EFFF80DC03FEC7FCEE0FF8EE3FE0EEFF80DB03FEC8FCED1FF8
+ED7FE0913801FF80DA07FEC9FCEC1FF0EC7FC04948CAFCEB07FCEB1FF0EB7FC0D8F1FFCB
+FCEAF7FCEAFFF013C090CCFC12FC12703C3A78B54D>3 D<003FB9FC481880BAFCA200F0
+CA1207B3B3ADBAFCA37E393977BE4A>50 D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fi cmsy8 8 6
+/Fi 6 85 df<B812C0A32A037A9137>0 D<130C131EA50060EB01800078130739FC0C0F
+C0007FEB3F80393F8C7F003807CCF83801FFE038007F80011EC7FCEB7F803801FFE03807
+CCF8383F8C7F397F0C3F8000FCEB0FC039781E078000601301000090C7FCA5130C1A1D7C
+9E23>3 D<137813FE1201A3120313FCA3EA07F8A313F0A2EA0FE0A313C0121F1380A3EA
+3F00A3123E127E127CA35AA35A0F227EA413>48 D<171017F0160116031607A2160FA216
+1F161B163B1633167316E3A2ED01C316831503EE03F81507150E1601151C1538A2157015
+E0A2EC01C0EC038083EC0700140E92B5FC141F5C5C0270C77E5C495AD82003157E387007
+80D8780FC8127FEAFE3ED8FFFE160449ED3F9C4916F86C4816E06C48ED1FC06C48ED0E00
+0007CBFC36337EAF38>65 D<496C13FC0107EB07FF011F011F1380017F017F13C03B01FF
+81E07FE03A039F03801F3A021F0F000F26003F1E13075C4A14C014F84AEB0F804A14004A
+131E017F14384A5B4B5A9138000F80033EC7FC9038FE01FF020713E0021F13F849487F91
+38001FFE4848EB03FF1500EE7F8049143FA20003151FA25BA21207491500A2000F153E5B
+5E001F1578013C5C01FEEB01C03A3FFFC01F80003ED9FFFEC7FC486C13F8D8703F13C026
+C007FCC8FC2B2F7EAD2E>I<180C183C0107B712F8011F16E0017F16C048B81200270380
+007CC8FC000FC712FC121E123E007E495A127C12FC12F000C0495AC7FCA34A5AA44A5AA4
+4A5AA4143F92C9FCA4147EA3147C14FCA25C1301A25C13035CA2495A5C010ECAFC130836
+347DAE27>84 D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fj cmbx12 17.28 43
+/Fj 43 122 df<94387FFF80041FB512F04BB612FC030F81037F6F7E4AB5D8E0077F4A49
+C76C7E020F01F0EC1FF04A01C0147F4A90C8487E4A485C4A484A7F49495C495BA2495B4E
+7F49705B5DA3725B725B725B735A96C9FCAB0503B512FEBBFCA6D8000F01E0C7120184B3
+B3AF003FB6D8F803B71280A651657DE45A>12 D<EA01FCEA07FF4813804813C04813E048
+13F0A2B512F8A76C13F0A26C13E06C13C06C13806C1300EA01FC151574942D>46
+D<16F04B7E1507151F153FEC01FF1407147F010FB5FCB7FCA41487EBF007C7FCB3B3B3B2
+007FB91280A6395D74DC51>49 D<913801FFF8023FEBFFC049B612FC010715FF011F16C0
+4916F09026FFFC0180489026C0003F13FE4890C7000F7FD807FC0203148048486E14C048
+486E14E0496F13F0D83FFC816D17F8486C816E6E13FCB57E19FE6E80A219FFA283A36C5B
+A26C5B6C90C8FCD807FC5DEA01F0CA14FEA34D13FCA219F85F19F04D13E0A24D13C01980
+94B512004C5B604C5B4C5B4C5B604C5B4C48C7FC4C5A4C5A4B13E04B5B4B5B4CC8FC4B5A
+4B5A4B5ADB7FC0143F4B5A4A90C8FC4A5A4A48157EEC0FF04A5A4A5A4A5A4AC912FEEB01
+FC495A4948ED01FC4948150749B8FC5B5B90B9FC5A4818F85A5A5A5A5ABAFCA219F0A440
+5D78DC51>I<92B5FC020F14F8027F14FF49B712E001078249D9C01F13FC90273FFC0003
+7FD97FE001007FD9FF806E7F4848C86C7F6D834801C06E7F487F6E826E80486D82A4805C
+A37E4A4A5B6C5B6C5B6C495E011FC85A90C95CA24D5B6194B5FC4C91C7FC604C5B4C13F0
+041F5B047F1380030FB5C8FC020FB512FC17E0178017F8EFFF8091C7001F13E0040313F8
+7013FE706C7E7113C0717F85717F85838585A2711480A31AC0A2EA03FCEA0FFF487F487F
+487FA2B57EA21A80A35F1A005C6C604A5C616C494A5B49C8FCD81FF84B5B6C6C4B5B6CB4
+6C91B55A6C01F001035C6C9026FF801F49C7FC6C6C90B65A6D16F0010F16C0010193C8FC
+D9003F14F0020149C9FC425E79DC51>I<F01F804E7E187F18FFA25F5F5F5FA25F5F5FA2
+94B5FC5E5E5EA25E5EEE3FBFEE7F3FA216FEED01FCED03F8ED07F0A2ED0FE0ED1FC0ED3F
+8016005D15FE4A5A4A5AA24A5A4A5A4A5A4A5AA24AC7FC14FE495A5C1303495A495A495A
+5C133F49C8FC13FE485AA2485A485A485A5B121F485A48C9FC12FEBCFCA6CA6CEBC000B1
+037FB8FCA6485E7CDD51>I<01C0EE01C0D801F8160F01FF167F02F0EC07FFDAFF8090B5
+FC92B712801900606060606060604DC7FC5F17F017C04CC8FC16F8D9FC7F90C9FC91CBFC
+AEED3FFF0203B512F0021F14FE027F6E7E01FDB712E090B5D8E00F7F9126FC000313FC02
+F001007F02C06E7E91C86C13804917C0496F13E05B6C486F13F090C9FC19F8A219FC8319
+FEA419FFA3EA03F0EA0FFC487E487E487FA2B57EA319FEA35C4D13FC6C90C8FC4917F85B
+D83FF04B13F013806C6C17E06D4B13C06C6C4B13806C6C92B51200D803FE4A5B6C6C6C49
+5B6C01E0011F5BD97FFE90B55A6DB712C06D5E01074BC7FC010115F0D9003F1480020301
+F0C8FC405E78DC51>I<EE1FFF0303B512E0031F14F892B612FE020381020FD9F8037F4A
+9039C0007FC0027F90C7EA1FE0DAFFFC6E7E4901F014074949EC7FF8494914FF49495B49
+90C7487F5B49485C495AA2485BA25A48496E5BA248705B715B4A6F5A4894C8FCA35AA25C
+5A923801FFE0030F13FE033F6D7E4B14E002C1B612F8B526C3FE037F913AC7F0007FFF03
+C0011F7FDACF806D7F02DFC76C7F02DE6E7F14FE4A6E7F854A82A24A8283A24A1780A41A
+C05CA27EA77EA3806C1980A37E1A007E5F6C6D5EA26C606E4A5B7E6D6C4A5B6E5E6D6C4A
+5B6D6D495B6D01E0017F90C7FC01039039FC03FFFE6D90B612F86D5E023F15C0020F92C8
+FC020114FCDA001F1380425E79DC51>I<EA01FCEA07FF4813804813C04813E04813F0A2
+B512F8A76C13F0A26C13E06C13C06C13806C1300EA01FCC8FCB3A4EA01FCEA07FF481380
+4813C04813E04813F0A2B512F8A76C13F0A26C13E06C13C06C13806C1300EA01FC154074
+BF2D>58 D<F00FE04E7EA24E7EA34E7EA24E7EA34D7FA24D80A24D80A34D80A24D80A34D
+80A2DD7FBF7FA2181F05FF8017FE04016D7FA24D7E04038217F804076D80A24D7E040F82
+17E0041F6D80A24D7F043F825F047F6E7FA294C77E4C825E03016F7FA24C800303845E03
+076F80A24C80030F845E031F6F80A24C81033F845E037F707F93B9FCA292BA7EA24A85A2
+03FCC912070203865D020771805D86020F864B82021F865D87023F864B83027F8692CBFC
+874A864A840101875C0103738090381FFFC0B700E092B812FEA66F647BE37A>65
+D<BB12F0F2FF801BF81BFEF3FFC088D800010280C814F8081F7F080713FF748074808675
+7F757FA2757FA28987A289A965A263656365636598B55A505C5091C7FC505B081F5B087F
+13F04FB512C096B6C8FC93B812F81BC01BF8F3FF801CE00480C8001F13F8080313FE746D
+7E746C7F757F757F89757F757F89871E80A27514C0A41EE087A663A21EC0A3631E80A251
+14006365515B63515B98B55A08035C080F5C97B6C7FCBD5A1CF81CE099C8FC1BF898C9FC
+63627AE173>I<942601FFFEED03C0057FD9FFF01407040FB600FE140F047FDBFFC0131F
+0303B800F0133F030F05FC137F033F9127F8007FFE13FF92B548C73807FF81020302F002
+0113C34A02809138003FF7021F49C96CB5FC4A01F816074A01E08291B54816004991CB7E
+494984494984495B494984498649498490B55A88485C884891CDFC481C7F5C5A1D3F5C5A
+A21D1F485BA34899C7FCA35CA2B5FCB07EA280A37EA2F50FC06C7FA37E801D1F6C1D8080
+7E6C6E193F1E006C6E611D7E6D6D19FE6D6D616D1A016D6D4E5A6D6D18076D6D4E5A6D6D
+6C4D5A6D6E4D5A6E6D4D5A6E01F84C48C7FC6E01FEEE07FE02076D6CED1FFC6E02F0ED7F
+F0020002FE913803FFE0033FD9FFF8013F1380030F91B7C8FC030317FCDB007F16E0040F
+1680DC007F02F8C9FC050191CAFC626477E275>I<BB12E0F2FF801BF01BFE757E1CF0D8
+00010280C7000780DF003F13FE08076D7E080180746C7F091F7F7513FC757F09017F878A
+767F767F888A767FA2767FA2767FA28A881F80A37614C0A41FE0A5891FF0B09AB512E0A5
+1FC0A4521480A31F006466A2525BA2525BA2525B525BA2525B99B55A5191C7FC515B515B
+091F5B097F5B50B512C008075C083F91C8FC0707B512FCBD12F01CC051C9FC1BF81B8008
+E0CAFC6C627AE17C>I<BD12FCA488A2D8000102C0C71201F1000F1A01F2007F1B3F1B0F
+1B07757EA28787A288A3F43F80A31C1FA3197EA3F40FC0A499C7FC19FEA31801A2180318
+07181F18FF93B6FCA6EEC000181F180718031801A21800A21D7E197EA21DFCA696C81201
+1DF8A31C03A3F407F0A31C0FA21C1F1C3F1DE01C7F1CFF63631B0F093F13C098B5FC1A07
+97B6FCBEFCA31D80A35F617AE06A>I<BD12E0A41CF0A2D8000102C0C71207F1003F1A0F
+1A031A001B7F1B3FF31FF81B0FA21B07A21B03A21B011CFCA31B00A419FCA21C7EA41C00
+A21801A31803A21807180F183FEF01FF93B6FCA6EEC001EF003F180F18071803A21801A3
+1800A896C9FCB3A5B912F8A657617AE065>I<B700E0040FB712808282A28282D800016E
+DC000101FCC7FC719338001FC0A283838302FD8014FC6F7F6F7F836F80816F806F80846F
+806F8082707F8470807080827080857080708083717F8571807180837180718086718084
+727F727F8772807280847280877280737F85737F1C807314C07314E0857314F07314F81C
+FC7413FE867413FF74149F1DDF7414FF868686A287878787A287878787A28888888888A2
+8890261FFFC084B700F8831D7FA21D3F1D1F775A71627AE17E>78
+D<BB7E1AFCF2FFC01BF81BFE757ED800010280C7001F80070114F0DF003F7F080F7F747F
+747F7414807414C0A27513E0A21DF0A27513F8A41DFCA91DF8A45113F0A21DE0A298B512
+C01D8062501400505B505B083F5B4FB512E0071F5C93B9C7FC1BFC1BF01B8008F0C8FC04
+C0CCFCB3B3A2B97EA65E627AE16E>80 D<DBFFFEEC01E0020FD9FFE01303027F02FC1307
+49B7EA800F010716E0011FEEF01F49D9C007EBFC3F4948C7383FFE7FD9FFF00207B5FC48
+4914014801806E7E4890C97E48170F4982001F834982123F844848177FA2193FA200FF18
+1FA36D170FA27FA26D17078080806E93C7FC6C13FCECFF8015F86CECFFC016FC6CEDFFE0
+17FE6CEEFFE018F86C17FE6C717E6C846C18F06D836D836D836D83010318807F6D6C17C0
+020F17E01401DA000F16F01500040715F8EE007F050314FC1700183F84060713FE84A200
+7C8300FC83A2197FA3193F7EA21AFC7EA36D18F86D177FA26D18F06D17FF6D18E06D5E6D
+18C06D6C4B138002E05D02F84B130002FEED3FFE9026CFFFE0ECFFFC018701FF010713F0
+010191B65A486C6C5E021F93C7FC48010315FC48D9007F14E048020149C8FC476477E25A
+>83 D<001FBEFCA64849C79126E0000F148002E0180091C8171F498601F81A0349864986
+A2491B7FA2491B3F007F1DC090C9181FA4007E1C0FA600FE1DE0481C07A5CA95C7FCB3B3
+B3A3021FBAFCA663617AE070>I<B800F8011FB80203B7FCA6D8000F91C9000102E0CAEB
+FE006D72F207F0707260230F6D73627072171F6D6A708277173F6D7397C7FC70846B6E72
+197E707217FE6E726170855118016E6870731503636E68704C6E15076E68718451180F6E
+DE7E7F607172151F6E06FE61714B7E08016F153F6E4E6C95C8FC71840803616F4D6C177E
+7102076F15FE6F66714B7E080F7013016F4D6C5F7185081F18036F4D6C5F71023F701307
+6F94C75F728450180F6F047E6E5E7272131F1AFE6F4C6E5EDEE00171133F6F4C6E93C9FC
+06F084070361704B6E157E06F87213FE1907704B6E5DDEFC0F1881704B6E5D06FE19C107
+1F18C3704B6E5DDEFF3F18E7706407BFC9FC07FF18FF704A705CA3704A705CA27099CAFC
+4F82A27149705BA37149705BA27149705BA37149705BA37190CB5BA27148725AA3714872
+5A714872CBFCA0637DE1A7>87 D<913807FFFC91B612E0010715FC011F15FF4916C09027
+7FFC003F7FD9FFC0010F7F4801F001037F486D6D7F707F486D6E7E85717FA2717FA36C49
+6E7FA26C5B6C5BEB3F8090C9FCA70303B6FC92B7FC140F147F0103B5EAFE0F010F148001
+3FEBFC004913E048B512804849C7FC485B4813F05A5C485B5A5CA2B5C8FCA45FA25F806C
+5E806C16FB6ED903F37F6C6DD907E313FF6C01FCD91FC114FE6C9027FF80FF8114FF0001
+91B5C6FC6C6C4A7F011F02F8131F010302E0010313FE9026003FFECAFC48437BC14E>97
+D<903807FF80B6FCA6C6FC7F7FB3A8EFFFF8040FEBFF80047F14F00381B612FC038715FF
+038F010014C0DBBFF0011F7FDBFFC001077F93C700017F4B6E7F03F86F7E4B6F7E4B1780
+4B6F13C0A27313E0A27313F0A21BF8A37313FCA41BFEAE1BFCA3611BF8A31BF0611BE0A2
+4F13C06F17804F13006F5D6F4B5A6F4A5B4AB44A5B4A6C6C010F5B9126F83FE0013F13C0
+9127F00FFC01B55A4A6CB648C7FCDAC00115F84A6C15E091C7001F91C8FC90C8000313E0
+4F657BE35A>I<92380FFFF04AB67E020F15F0023F15FC91B77E01039039FE001FFF4901
+F0010113804901C0010713C049494913E0017F90C7FC49484A13F05C485B5A485BA2485B
+7113E05A4A6E13C048701380943800FE0095C7FC5A5CA3B5FCAE7E80A37EA2806C18FCA2
+6C6D150119F86C7F6C17036EED07F06C6D16E06C6D150F6D6DEC1FC06D6DEC7F806D01F0
+ECFF00010701FCEB03FE6D9039FF803FFC010091B512F0023F5D020F1580020102FCC7FC
+DA000F13C03E437BC148>I<F17FF8050FB5FCA6EF000F8484B3A892380FFF804AB512F8
+020F14FE023FECFF8391B712E301039138007FF34901F8EB0FFB011F01E00103B5FC4901
+8013004990C87E4948814849814849814A815A485BA25A5C5AA35A5CA3B5FCAE7EA46C7F
+A37EA26C7FA26C6D5DA26C6D5D6C5F6C6D5D6D6C92B5FC6D6C0203806D01C049806D01F0
+D91FF7EBFFFE6D9039FE01FFE7010190B612876D6CECFE07021F14F8020314E09127003F
+FE00ECC0004F657BE35A>I<92380FFFC04AB512FC020FECFF80023F15E091B712F80103
+D9FE017F499039F0003FFE4901C0EB0FFF4990C76C7F49486E7F49486E7F49486E7F4884
+4849157F48844A153F48845A4A151F855AA3485B721380A3B5FCA291B9FCA41A000280CB
+FCA67EA3807EA37E6E160F6CF01F80A26C6D163F6C19006E5E6C6D16FE6C606D6C15016D
+6C6CEC07F86D6D4A5A6D01F0EC3FE0010301FC49B45A6D9026FFC01F90C7FC6D6C90B55A
+021F15F8020715E0020092C8FC030713F041437CC14A>I<EE3FFC0307B51280033F14C0
+4AB612F0020715F84A9038F03FFC4AEB807F913A7FFE00FFFE4A5A4B4813FF4913F05B49
+13E0A24913C0A27013FE4949EB7FFCEF3FF8EF1FF0EF07C094C7FCB0B812C0A6D8001F01
+C0C8FCB3B3B0007FB612FCA638657CE431>I<DBFFFEEC0FF8020FD9FFE0EBFFFE027FDA
+FC037F49B7000F1480010793B6FC49D9F01F02F913C049D9800314814948C7EBFC034948
+027F7F4948EC3FFE4805FF14804A6E6D130048F0803E97C7FC48496E7FA34884A96C60A3
+6C6D4A5BA26C95C8FC6E5C6C5F6D6C4A5A6D6C4A5A90271FFF80035BDBF01F5B4990B65A
+4993C9FCD97C7F14FCD9FC0F14E049C649CAFC000191CCFCA37FA212037F6C7E8014E091
+B77E18FEF0FFC06C18F019FC6D17FF6D84866D846D84013F8448BAFC48854801E0C71201
+4890C9000F7F484816014848EE007F4848717E8512FF5B85A56D5F007F616D173F003F61
+6D177F6C6C4D5A6C01C003035B6C6D4B5B6C01F8031F5BC601FF92B5C7FC6D01F8011F5B
+011F90B712F8010717E0010094C8FC020F15F0DA003F01FCC9FC4A5F7CC051>I<903807
+FF80B6FCA6C6FC7F7FB3A8EF1FFF94B512F0040714FC041F14FF4C8193267FE07F7F9227
+81FE001F7FDB83F86D7FDB87F07FDB8FC0814C7F039FC78015BE03BC8003FC825DA25DA2
+5DA45DB3B2B7D8F007B71280A651647BE35A>I<EB0FE0EB3FF8497E497E487F4880A248
+80A76C5CA26C91C7FC6C5B6D5A6D5AEB0FE090C9FCAF903807FF80007FB5FCA6C6FC7F7F
+B3B3AEB712C0A622657BE42C>I<903807FF80B6FCA6C6FC7F7FB3A90503B61280A6DD00
+3FEB8000DE0FF8C7FC4E5A4E5A4E5A4E5ADD03FEC8FC4D5A4D5A4D5A4D5AEFFF804C90C9
+FC4C5A4C5A4C5AEE3FE04C5A4C7E158103837F038F7F039F7F15BF92B57E838415FC4B6C
+7F4B6C7F03E080ED801F707F707F8482707F7080A2717F717F8583717F717F8583717F71
+80868495B512F0B7D8E00FECFFF0A64C647BE355>107 D<903807FF80B6FCA6C6FC7F7F
+B3B3B3B3ADB712E0A623647BE32C>I<902607FF80D91FFFEEFFF8B691B500F00207EBFF
+80040702FC023F14E0041F02FF91B612F84C6F488193267FE07F6D4801037F922781FE00
+1F9027E00FF0007FC6DA83F86D9026F01FC06D7F6DD987F06D4A487F6DD98FC0DBF87EC7
+804C6D027C80039FC76E488203BEEEFDF003BC6E4A8003FC04FF834B5FA24B5FA24B94C8
+FCA44B5EB3B2B7D8F007B7D8803FB612FCA67E417BC087>I<902607FF80EB1FFFB691B5
+12F0040714FC041F14FF4C8193267FE07F7F922781FE001F7FC6DA83F86D7F6DD987F07F
+6DD98FC0814C7F039FC78015BE03BC8003FC825DA25DA25DA45DB3B2B7D8F007B71280A6
+51417BC05A>I<923807FFE092B6FC020715E0021F15F8027F15FE494848C66C6C7E0107
+01F0010F13E04901C001037F4990C87F49486F7E49486F7E49486F7E48496F13804819C0
+4A814819E04819F04A814819F8A348496F13FCA34819FEA4B518FFAD6C19FEA46C6D4B13
+FCA36C19F8A26C6D4B13F0A26C6D4B13E06C19C06E5D6C19806C6D4B13006D6C4B5A6D6C
+4B5A6D01C001035B010701F0010F13E06D01FE017F5B010090B7C7FC023F15FC020715E0
+020092C8FC030713E048437CC151>I<902607FF80EBFFF8B6010FEBFF80047F14F00381
+B612FC038715FF038F010114C09227BFF0003F7FC6DAFFC0010F7F6D91C76C7F6D490201
+7F03F86E7F4B824B6F13804B6F13C0A27313E0A21BF0851BF8A2851BFCA47313FEAE4F13
+FCA41BF861A21BF0611BE0611BC06F4B13801B006F92B5FC6F4A5B6F4A5B03FF4A5B7001
+1F5B04E0017F13C09226CFFC03B55A03C7B648C7FC03C115F803C015E0041F91C8FC0403
+13E093CBFCB3A3B712F0A64F5D7BC05A>I<DB0FFFEC01F04AB500E01303020F02F81307
+023F14FE91B7130F01030280EB801F49903AFC001FC03F011F01F0EB0FE04901C0903803
+F07F4949903801F8FF90B5C87E484992B5FC48498184485B48835C48835C5A845C5AA4B5
+5AAE6C7FA47E80A27EA26C6D5D606C7F606C6D5D6C7F6C94B5FC6D6C5C6D6D13076D01E0
+EB0FEF6D01F8EB3FCF6D9039FE01FF8F010190B6120F6D6C14FC021F14F0020314C09139
+003FFE0092C8FCB3A3053FB612FCA64E5D7BC055>I<D90FFFEB0FFCB690383FFF8093B5
+12E04B14F04B14F8923907FC7FFC92390FE0FFFEC6EC1F806DD93F0113FF6D133E157E15
+7C15F8A215F07013FEA24BEB7FFCEF3FF8EF0FE04B90C7FCA55DB3B0B712F8A638417BC0
+42>I<913A3FFF8007800107B5EAF81F011FECFE3F017F91B5FC48B8FC48EBE0014890C7
+121FD80FFC1407D81FF0801600485A007F167F49153FA212FF171FA27F7F7F6D92C7FC13
+FF14E014FF6C14F8EDFFC06C15FC16FF6C16C06C16F06C826C826C826C82013F1680010F
+16C01303D9007F15E0020315F0EC001F1500041F13F81607007C150100FC81177F6C163F
+A2171F7EA26D16F0A27F173F6D16E06D157F6D16C001FEEDFF806D0203130002C0EB0FFE
+02FCEB7FFC019FB65A010F5DD8FE0315C026F8007F49C7FC48010F13E035437BC140>I<
+EC07E0A6140FA5141FA3143FA2147FA214FF5BA25B5B5B5B137F48B5FC000F91B512FEB8
+FCA5D8001F01E0C8FCB3AFEF0FC0AC171F6D6D1480A2173F6D16006F5B6D6D137E6D6D5B
+6DEBFF836EEBFFF86E5C020F14C002035C9126003FFCC7FC325C7DDA3F>I<902607FFC0
+ED3FFEB60207B5FCA6C6EE00076D826D82B3B3A260A360A2607F60183E6D6D147E4E7F6D
+6D4948806D6DD907F0ECFF806D01FFEB3FE06D91B55A6E1500021F5C020314F8DA003F01
+8002F0C7FC51427BC05A>I<B700C00103B512FCA6C66C01C0C8381FFE006D6DED07F0A2
+6D6D5E190F6D6D5E191F6D606F153F6D95C7FC6F5DA26D6D157E19FE6D6E5C18016E5E70
+13036E5E701307A26E6D5C180F6E6D5C181F6E6D5C183F6E93C8FC705BA26E6D13FEA26E
+6E5A17816FEBC1F817C36F5C17E76F5C17FFA26F5CA26F5CA26F91C9FCA26F5BA36F5BA2
+705AA2705AA2705AA2705A4E417DBF55>I<007FB600C0017FB512F8A6D8001F01F8C700
+03EBE0006D040090C7FC6D6D4A5A6D6D4A5A6D6D4A5A70495A6D4C5A6E7F6E6D495A6E6D
+495A7049C8FC6E4A5A6E6D485A6E6D485A6E13FFEF8FF06EEC9FE06FEBFFC06F5C6F91C9
+FC5F6F5B816F7F6F7F8481707F8493B57E4B805D4B80DB0FF37FDB1FE17F04C080153F4B
+486C7F4B486C7F4A486D7F4A486D7F4A5A4B6D7F020F6E7F4A486D7F4A486D804A5A4AC8
+6C7F49486F7F4A6F7F0103707FEB3FFFB600F049B7FCA650407EBF55>120
+D<B700C00103B512FCA6D8003F01C0C8381FFE006FED07F0A26D6D5E190F6D6D5E191F6D
+6D5E193F6D95C7FC6F5D6D177E6F15FEA26D6E495AA26E6D5C18036E6D5C18076E5E7013
+0F6E5E70131FA26E6D495AA26E6D91C8FC606E6D137E18FE6E5D17816F5C17C3A26FEBE7
+F0A26FEBF7E017FF6F5CA26F5CA26F91C9FCA36F5BA26F5BA2705AA2705AA2705AA35FA2
+5F163F94CAFC5E167E16FED807E05CD81FF81301487E486C495AA2B5495AA24B5A5E151F
+4B5A6C4849CBFC15FEEBFC01393FF807FC391FF03FF06CB55A6C5C6C91CCFCC613FCEB1F
+E04E5D7DBF55>I E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fk cmr10 10 36
+/Fk 36 122 df<121C127FEAFF80A213C0A3127F121C1200A412011380A2120313005A12
+06120E5A5A5A12600A19798817>44 D<121C127FEAFF80A5EA7F00121C0909798817>46
+D<EB01C013031307131F13FFB5FCA2131F1200B3B3A8497E007FB512F0A31C3879B72A>
+49 D<EB0FF0EB7FFE48B57E3903E03FE0390F000FF0000E6D7E486D7E486D7E12300070
+6D7E126012FCB4EC7F807FA56CC7FC121CC8FCEDFF00A34A5A5D14035D4A5A5D140F4A5A
+4A5A92C7FC147C5C495A495A495A495A91C8FC011EEB01805B5B49130348481400485A48
+5A000EC75A000FB6FC5A5A485CB6FCA321387CB72A>I<EB07F8EB3FFF4913C03901F80F
+F03903C007F848486C7E380E0001000F80381FE0006D7FA56C5A6C5AC85A1401A25D4A5A
+A24A5A5DEC0F80027EC7FCEB1FFCECFF809038000FE06E7EEC01FC816E7EED7F80A216C0
+A2153F16E0A2121EEA7F80487EA416C049137F007F1580007EC7FC0070ECFF006C495A12
+1E390F8003F83907F00FF00001B512C06C6C90C7FCEB0FF8233A7DB72A>I<1538A3157C
+A315FEA34A7EA34A6C7EA202077FEC063FA2020E7FEC0C1FA2021C7FEC180FA202387FEC
+3007A202707FEC6003A202C07F1501A2D901807F81A249C77F167FA20106810107B6FCA2
+4981010CC7121FA2496E7EA3496E7EA3496E7EA213E0707E1201486C81D80FFC02071380
+B56C90B512FEA3373C7DBB3E>65 D<913A01FF800180020FEBE003027F13F8903A01FF80
+7E07903A03FC000F0FD90FF0EB039F4948EB01DFD93F80EB00FF49C8127F01FE153F1201
+4848151F4848150FA248481507A2485A1703123F5B007F1601A35B00FF93C7FCAD127F6D
+ED0180A3123F7F001F160318006C7E5F6C7E17066C6C150E6C6C5D00001618017F15386D
+6C5CD91FE05C6D6CEB03C0D903FCEB0F80902701FF803FC7FC9039007FFFFC020F13F002
+011380313D7BBA3C>67 D<B648B512FEA30001902680000313006C90C76C5AB3A491B6FC
+A391C71201B3A6486D497EB648B512FEA337397DB83E>72 D<B649B5FCA3000101809038
+007FF06C90C8EA3F80053EC7FC173C17385F5F4C5A4C5A4CC8FC160E5E5E5E5E4B5AED07
+80030EC9FC5D153E157E15FF5C4A7F4A6C7E140E4A6C7E4A6C7E14704A6C7E4A6C7E1480
+4A6C7E6F7EA26F7F707EA2707E707EA2707EA2707E707EA2707E707F8484486D497FB601
+1FEBFF80A339397DB841>75 D<B612E0A3000101C0C8FC6C90C9FCB3AD1718A517381730
+A31770A317F0A216011603160FEE1FE0486D13FFB8FCA32D397DB834>I<B712C016F816
+FE000190398001FF806C90C7EA3FC0EE0FE0EE07F0EE03F817FC17FE1601A217FFA717FE
+A2EE03FCA2EE07F817F0EE0FE0EE3FC0923801FF0091B512FC16F091C9FCB3A5487FB6FC
+A330397DB839>80 D<B612FEEDFFE016F8000190388007FE6C90C76C7EEE3FC0707E707E
+707EA2707EA283A65FA24C5AA24C5A4C5AEE3F8004FFC8FCED07FC91B512E05E9138000F
+F0ED03F8ED00FE82707E707EA2161F83A583A6F00180A217F8160F1803486D01071400B6
+6D6C5A04011306933800FE0ECAEA3FFCEF07F0393B7DB83D>82 D<D90FF813C090383FFE
+0190B512813903F807E33907E000F74848137F4848133F48C7121F003E140F007E1407A2
+007C140312FC1501A36C1400A37E6D14006C7E7F13F86CB47E6C13F8ECFF806C14E06C14
+F86C14FEC680013F1480010714C0EB007F020713E0EC007FED3FF0151F150FED07F8A200
+C01403A21501A37EA216F07E15036C15E06C14076C15C06C140F6DEB1F80D8FBF0EB3F00
+D8F0FE13FE39E03FFFF8010F13E0D8C00190C7FC253D7CBA2E>I<003FB812E0A3D9C003
+EB001F273E0001FE130348EE01F00078160000701770A300601730A400E01738481718A4
+C71600B3B0913807FF80011FB612E0A335397DB83C>I<B6903807FFFEA3000101809038
+007FE06C90C8EA1F80EF0F001706B3B2170E6D150C80171C133F17186D6C14385F6D6C14
+F06D6C5C6D6C495A6D6CEB07806D6C49C7FC91387F807E91381FFFF8020713E09138007F
+80373B7DB83E>I<007FB590383FFFFCA3C601F801071380D97FE0D903FCC7FC013FEC01
+F06D6C5C5F6D6C5C6D6C13034CC8FC6D6C1306160E6D6C5B6DEB8018163891387FC0306E
+6C5A16E06E6C5A91380FF18015FB6EB4C9FC5D14036E7EA26E7F6F7EA24B7E15DF913801
+9FF09138038FF8150F91380607FC91380E03FE140C4A6C7EEC38000230804A6D7E14E04A
+6D7E49486D7E130391C76C7E01066E7E130E010C6E7E011C1401013C8101FE822607FF80
+010713E0B500E0013FEBFF80A339397EB83E>88 D<EB1FE0EBFFFC3803E03F3907000F80
+390F8007E0486C6C7E13E06E7EA26E7E6C5A6C5AC8FCA4147FEB07FFEB3FE0EBFE00EA03
+F8EA0FF0EA1FC0123F485A90C7FC160C12FEA31401A26C13036CEB077C903980063E1838
+3FC01E3A0FE0781FF03A03FFF00FE03A007F8007C026277DA52A>97
+D<EA03F012FFA3120F1203B0EC1FE0EC7FF89038F1E03E9039F3801F809039F7000FC001
+FEEB07E049EB03F049EB01F85BED00FCA216FEA2167E167FAA167E16FEA216FC15016D14
+F8ED03F07F01EEEB07E001C6EB0FC09039C7801F00903881E07E903800FFF8C7EA1FC028
+3B7EB92E>I<EB03FC90381FFF8090387E03E03901F80070484813F83907E001FC380FC0
+03A2EA1F80123F90380001F848EB00F01500A2127E12FEAA127E127FA26C14067F001F14
+0E6D130C000F141C6C6C13386C6C13706C6C13E039007C07C090381FFF00EB07F81F277D
+A525>I<ED0FC0EC03FFA3EC003F150FB0EB03F8EB1FFF90387E078F9038F801EF3903F0
+007F4848133F4848131FA24848130F123F90C7FC5AA2127E12FEAA127E127FA27EA26C6C
+131FA26C6C133F6C6C137F6C6CEBEFF03A01F801CFFF39007C078F90381FFE0FD907F813
+C0283B7DB92E>I<EB07F8EB1FFF90387C0FC03901F803E03903F001F0D807E013F8380F
+C0004848137CA248C7127E153E5A153F127E12FEA3B7FCA248C8FCA5127EA2127FA26C14
+037F001F14076C6C13060007140E6D131CD801F013386C6C137090387E03E090381FFF80
+903803FC0020277EA525>I<147E903803FF8090380FC1E0EB1F8790383F0FF0137EA213
+FCA23901F803C091C7FCADB512FCA3D801F8C7FCB3AB487E387FFFF8A31C3B7FBA19>I<
+ED03F090390FF00FF890393FFC3C3C9039F81F707C3901F00FE03903E007C03A07C003E0
+10000FECF000A248486C7EA86C6C485AA200075C6C6C485A6D485A6D48C7FC38073FFC38
+060FF0000EC9FCA4120FA213C06CB512C015F86C14FE6CECFF804815C03A0F80007FE048
+C7EA0FF0003E140348140116F8481400A56C1401007C15F06CEC03E0003F1407D80F80EB
+0F80D807E0EB3F003901FC01FC39007FFFF0010790C7FC26387EA52A>I<EA03F012FFA3
+120F1203B0EC0FF0EC3FFCECF03F9039F1C01F809039F3800FC0EBF70013FE496D7EA25B
+A35BB3A3486C497EB500C1B51280A3293A7EB92E>I<EA0380EA0FE0487EA56C5AEA0380
+C8FCAAEA03F012FFA312071203B3AA487EB512C0A312387EB717>I<EA03F012FFA3120F
+1203B1913801FFFCA39138007FC01600157C15705D4A5A4A5A4AC7FC141E1438147814FC
+13F1EBF3FEEBF73F01FE7FEBF81F496C7E8114076E7E6E7E811400157E157F811680ED1F
+C0486CEB3FF0B500C0B5FCA3283A7EB92C>107 D<EA03F012FFA3120F1203B3B3AD487E
+B512C0A3123A7EB917>I<2703F00FF0EB1FE000FFD93FFCEB7FF8913AF03F01E07E903B
+F1C01F83803F3D0FF3800FC7001F802603F70013CE01FE14DC49D907F8EB0FC0A2495CA3
+495CB3A3486C496CEB1FE0B500C1B50083B5FCA340257EA445>I<3903F00FF000FFEB3F
+FCECF03F9039F1C01F803A0FF3800FC03803F70013FE496D7EA25BA35BB3A3486C497EB5
+00C1B51280A329257EA42E>I<EB03FE90380FFF8090383E03E09038F800F84848137C48
+487F48487F4848EB0F80001F15C090C712074815E0A2007EEC03F0A400FE15F8A9007E15
+F0A2007F14076C15E0A26C6CEB0FC0000F15806D131F6C6CEB3F006C6C137EC66C13F890
+387E03F090381FFFC0D903FEC7FC25277EA52A>I<3807E01F00FFEB7FC09038E1E3E090
+38E387F0380FE707EA03E613EE9038EC03E09038FC0080491300A45BB3A2487EB512F0A3
+1C257EA421>114 D<EBFF03000313E7380F80FF381E003F487F487F00707F12F0A2807E
+A27EB490C7FCEA7FE013FF6C13E06C13F86C7F00037FC67F01071380EB007F141F00C0EB
+0FC01407A26C1303A37E15806C13077EEC0F00B4131E38F3C07C38E1FFF038C03F801A27
+7DA521>I<1318A51338A31378A313F8120112031207001FB5FCB6FCA2D801F8C7FCB215
+C0A93800FC011580EB7C03017E13006D5AEB0FFEEB01F81A347FB220>I<D803F0EB07E0
+00FFEB01FFA3000FEB001F00031407B3A4150FA3151F12016D133F0000EC77F86D9038E7
+FF8090383F03C790381FFF87903A03FC07E00029267EA42E>I<B53A1FFFE03FFEA3260F
+F8009038000FF86C48017EEB03E018C00003023EEB0180A26C6C013FEB0300A36C6CEC80
+06156FA2017E9038EFC00C15C7A2D93F016D5A15830281EBF038D91F831430150102C3EB
+F87090260FC6001360A2D907E66D5A02EC137CA2D903FCEB7F804A133FA2010192C7FC4A
+7FA20100141E4A130E0260130C37257EA33C>119 D<B538803FFEA33A0FF8000FF06C48
+EB07C00003EC03806C7E16007F00001406A2017E5BA2137F6D5BA26D6C5AA2ECC070010F
+1360A26D6C5AA214F101035BA2D901FBC7FCA214FF6D5AA2147CA31438A21430A2147014
+60A25CA2EA7C0100FE5B130391C8FC1306EAFC0EEA701C6C5AEA1FF0EA0FC027357EA32C
+>121 D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fl cmbx10 10 6
+/Fl 6 115 df<B500F80403B512F06E5EA26E5ED8007FF1E000A2D97BFF161EA201796D
+5DA201786D5DA26E6C5DA36E6C4A5AA26E6C4A5AA26E6C4A5AA26E6C4A5AA26E6C141EA3
+6E6D5BA26E6D5BA26F6C5BA26F6C485AA36F6C485AA26F6C485AA26F6C48C7FCA2923803
+FF1EA36F13BCA26F13F8A2705AA2705AA213FCB500FC6D4848B612F0A2EE0F80EE070054
+397DB85B>77 D<EB3FFE0003B512E0000F14F8391FF00FFE003FEB03FF6D6C7F6E7FA26F
+7EA26C5A6C5AEA0380C8FCA2EC3FFF010FB5FC137F3901FFF87F00071380380FFE00EA3F
+F85B485A12FF5BA415FF6D5A127F263FF00713F83B1FFC1FBFFFC0390FFFFE1F0003EBF8
+0F39003FE0032A257DA42E>97 D<EE7F80ED7FFFA4150381AF903801FF81010F13F1013F
+13FD9038FFC07F0003EB001FD807FC1307000F8048487F5B123FA2485AA312FFAA127FA2
+7F123FA26C6C5B000F5C6C6C5B6C6C4913C02701FF80FD13FE39007FFFF9011F13E10103
+13012F3A7DB935>100 D<EA01F0EA07FC487EA2487EA56C5AA26C5AEA01F0C8FCA913FF
+127FA412077EB3A9B512F8A4153B7DBA1B>105 D<01FEEB7FC000FF903803FFF8020F13
+FE91381F03FFDA3C011380000713780003497E6D4814C05CA25CA291C7FCB3A3B5D8FC3F
+13FFA430257DA435>110 D<9038FE03F000FFEB0FFEEC3FFF91387C7F809138F8FFC000
+075B6C6C5A5CA29138807F80ED3F00150C92C7FC91C8FCB3A2B512FEA422257EA427>
+114 D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fm cmr7 7 1
+/Fm 1 50 df<13381378EA01F8121F12FE12E01200B3AB487EB512F8A215267BA521>49
+D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fn cmr8 8 37
+/Fn 37 122 df<9138FF807E01079038E1FF80903A1F807FC3C0D93E00EB87E049EBFF07
+4913FE485A00039138FC018049017CC7FCAAB712FCA22703E0007CC7FCB3A6486C13FE3A
+7FFF0FFFF0A22B2F7FAE29>11 D<14FF010713E090381F80F090383E003849137C4913FC
+485A1203491378153092C7FCA7157CB612FCA23803E000157CB3A5486C13FE3A7FFF0FFF
+E0A2232F7FAE27>I<EC0380B3A4B812FCA3C7D80380C7FCB3A42E2F7CA737>43
+D<EB3FC0EBFFF03803E07C48487E48487E497E001EEB0780A2003E14C0A248EB03E0A500
+FC14F0B0007C14E0A3007E1307003E14C0A36CEB0F806C14006D5A3807C03E3803F0FC38
+00FFF0EB3FC01C2D7DAB23>48 D<130C133C137CEA03FC12FFEAFC7C1200B3B113FE387F
+FFFEA2172C7AAB23>I<EB7F803801FFF0380780FC380E003F48EB1F8048EB0FC05A0060
+EB07E012F000FC14F07E1403A3007C1307C7FCA215E0140F15C0141F1580EC3F00147E14
+7C5C495A495A495A495A011EC7FC5B5B4913305B485A4848136048C7FC000E14E0001FB5
+FC5A4814C0B6FCA21C2C7DAB23>I<EB3FC03801FFF03807C0FC380E007E487FEC1F8000
+3F14C0A2EB800F1300A2000C131FC7FC1580A2EC3F00143E5C5CEB03F0EBFFC014F0EB00
+FC143FEC1F8015C0140F15E0A2EC07F0A21238127C12FEA3EC0FE012F8006014C0007013
+1F6C1480001EEB3F00380780FC3801FFF038007FC01C2D7DAB23>I<140EA2141E143EA2
+147E14FEA2EB01BE1303143E1306130E130C131813381330136013E013C0EA0180120313
+001206120E120C5A123812305A12E0B612FCA2C7EA3E00A9147F90381FFFFCA21E2D7EAC
+23>I<000CEB0180380FC01F90B512005C5C14F014C0D80C7EC7FC90C8FCA8EB1FC0EB7F
+F8380DE07C380F801F01001380000E130F000CEB07C0C713E0A2140315F0A4127812FCA4
+48EB07E012E0006014C00070130F6C14806CEB1F006C133E380780F83801FFE038007F80
+1C2D7DAB23>I<EB03F8EB0FFE90383E0780EBF8013901F007C03803E00FEA07C0EA0F80
+A2391F00078091C7FC123EA2127EA2127CEB0FC038FC3FF0EBF07C38FDC01EB4487E0100
+1380EC07C04814E0A214034814F0A4127CA3127EA2003E14E01407121E001F14C06CEB0F
+803907801F003803C03E6C6C5A38007FF0EB1FC01C2D7DAB23>I<EB3F80EBFFF03803E0
+783807C03E48487E48487E003E14801407007E14C0127C00FC14E01403A315F0A5007C13
+07127EA2003E130F7E6C131F3807803B3803E0F33800FFC390383F03E013001407A215C0
+A2140F001E1480003F14005C143E143C003E5B001C5B380E03E03807FF80D801FEC7FC1C
+2D7DAB23>57 D<4A7E4A7EA34A7EA24A7EA3EC1BF81419A2EC30FCA2EC70FEEC607EA24A
+7EA349486C7EA2010380EC000FA201066D7EA3496D7EA2011FB57EA29038180001496D7E
+A349147EA201E0147F4980A20001ED1F801203000716C0D80FF0EC3FE0D8FFFC0103B5FC
+A2302F7EAE35>65 D<B612FCEDFF803A03F8000FC00001EC03F06F7E6F7E82167E167FA6
+167E16FE5E4B5A4B5AED0FE0ED7F8090B6C7FC16E09039F80003F0ED01FC6F7E167F8217
+80161F17C0A61780163F17005E16FEED03FC0003EC0FF0B712C04BC7FC2A2D7DAC32>I<
+B612F815FF3A03F8001FE00001EC03F0ED00F8167E82EE1F80160F17C0EE07E0A2EE03F0
+A217F81601A317FCAA17F8A3EE03F0A217E0160717C0160FEE1F80EE3F00167E5EED03F0
+0003EC1FE0B7128003F8C7FC2E2D7DAC36>68 D<B712FEA23903F800010001EC003E8282
+82A282A3178016011518A293C7FCA31538157815F890B5FCA2EBF800157815381518A217
+60A392C712C0A4160117801603A21607160F163F0003913801FF00B8FCA22B2D7EAC30>
+I<B612FCEDFF803A03F8000FE00001EC03F0ED00F882167E167F821780A617005E167E5E
+5EED03F0ED0FE090B6128003FCC7FC01F8C9FCB2487EB512F0A2292D7EAC30>80
+D<90383F80303901FFF0703807C07C390F000EF0001E13074813034813011400127000F0
+1470A315307EA26C1400127E127FEA3FE013FE381FFFE06C13FC6C13FF00011480D8003F
+13E013039038003FF0EC07F81401140015FC157C12C0153CA37EA215787E6C14706C14F0
+6CEB01E039F78003C039E3F00F0038E07FFE38C00FF01E2F7CAD27>83
+D<B500C090380FFFC0A2D807FCC73803FE006C48EC00F800015E5F6C7E5F6D1401017E5D
+A26D4AC7FCA26E5B011F140680010F5CA26D6C5BA26E133801031430A26D6C5BA26E13E0
+01005C8091387E0180A26E48C8FCA21583EC1F86A2EC0FCCA215FC6E5AA26E5AA36E5AA2
+6E5A322E7FAC35>86 D<EAFFE0A3EAE000B3B3B3A7EAFFE0A30B4379B114>91
+D<EAFFE0A31200B3B3B3A712FFA30B437FB114>93 D<13FF000713C0380F01F0381C00F8
+003F137C80A2143F001E7FC7FCA4EB07FF137F3801FE1FEA07F0EA1FC0EA3F80EA7F0012
+7E00FE14065AA3143F7E007E137F007FEBEF8C391F83C7FC390FFF03F83901FC01E01F20
+7D9E23>97 D<EB1FE0EB7FFC3801F01E3803E0073907C01F80EA0F80EA1F005A003EEB0F
+00007E90C7FCA2127C12FCA9127EA215C07E6C130101801380380FC0033907E007003801
+F03E38007FF8EB1FC01A207E9E1F>99 D<15F8141FA214011400ACEB0FE0EB7FF83801F8
+1E3803E0073807C003380F8001EA1F00481300123E127EA25AA9127C127EA2003E13017E
+EB8003000F13073903E00EFC3A01F03CFFC038007FF090391FC0F800222F7EAD27>I<EB
+1F80EBFFF03803E0783807C03E380F801E381F001FEC0F80123E007E130715C0127C12FC
+A3B6FCA200FCC8FCA5127EA2003E14C0123F6C1301390F80038001C013003803E00F3801
+F03C38007FF8EB1FC01A207E9E1F>I<EB03F0EB0FFCEB3E1EEB7C3F13F8EA01F0A23803
+E00C1400AAB512E0A23803E000B3A6487E387FFF80A2182F7FAE16>I<EA0780EA0FC0EA
+1FE0A4EA0FC0EA0780C7FCA8EA07C012FFA2120F1207B3A5EA0FE0EAFFFCA20E2E7EAD14
+>105 D<130FEB1F80EB3FC0A4EB1F80EB0F0090C7FCA8EB07C013FFA2130F1307B3AD12
+30127838FC0F80A21400485AEA783EEA3FF8EA07E0123C83AD16>I<EA07C012FFA2120F
+1207ADEC1FFEA2EC0FF0EC07C05D020EC7FC5C5C5C5CEBC3C013C7EBCFE0EBDFF013F9EB
+F0F8497EEBC07E143E80816E7E14076E7E816E7E486C487E3AFFFE07FF80A2212E7EAD25
+>I<2607C07FEB07F03BFFC3FFC03FFC903AC783F0783F3C0FCE01F8E01F803B07DC00F9
+C00F01F8D9FF8013C04990387F000749137EA249137CB2486C01FEEB0FE03CFFFE0FFFE0
+FFFEA2371E7E9D3C>109 D<3807C0FE39FFC3FF809038C703E0390FDE01F0EA07F8496C
+7EA25BA25BB2486C487E3AFFFE1FFFC0A2221E7E9D27>I<EB1FE0EB7FF83801F03E3803
+C00F3907800780390F0003C04814E0003EEB01F0A248EB00F8A300FC14FCA9007C14F8A2
+6CEB01F0A26CEB03E0A2390F8007C03907C00F803901F03E0038007FF8EB1FE01E207E9E
+23>I<3807C0FE39FFC7FF809038CF03E0390FDC01F03907F800FC49137E49133E49133F
+ED1F80A3ED0FC0A8151F1680A2ED3F00A26D137E6D137C5D9038FC01F09038CE07E09038
+C7FF80D9C1FCC7FC01C0C8FCA9487EEAFFFEA2222B7E9D27>I<380781F838FF87FEEB8E
+3FEA0F9CEA07B813B0EBF01EEBE000A45BB0487EB5FCA2181E7E9D1C>114
+D<3801FE183807FFB8381E01F8EA3C00481378481338A21418A27E7EB41300EA7FF06CB4
+FC6C13C06C13F0000113F838001FFC130138C0007E143EA26C131EA27EA26C133CA26C13
+7838FF01F038E3FFC000C0130017207E9E1C>I<1360A413E0A312011203A21207121FB5
+12F0A23803E000AF1418A714383801F03014703800F860EB3FE0EB0F80152A7FA81B>I<
+3AFFFC07FF80A23A0FF003FC000003EB01F0000114C06D485A000091C7FCEB7C06EB3E0E
+6D5A14B8EB0FB0EB07E013036D7E497E1307EB067C497EEB1C1F01387FEB700F496C7E6E
+7ED803C07F00076D7E391FE003FC3AFFF007FFC0A2221D7F9C25>120
+D<3AFFFC01FFC0A23A0FE0007E000007147C1538000314306D137000011460A26C6C5BA2
+EBFC01017C5BEB7E03013E90C7FCA2EB1F06A2148EEB0F8CA2EB07D8A2EB03F0A36D5AA2
+6D5AA2495AA2130391C8FC1278EAFC06A25B131CEA7838EA7070EA3FE0EA0F80222B7F9C
+25>I E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fo cmmi12 12 16
+/Fo 16 122 df<EB01FCD907FF15E0011F13C0017F6DEB01C090B56C1480486E13032603
+FE0715002707F000FC5B01C0017C130648C76C130E001E021E130C001C80003C6E131C00
+381618486E1338EE8030006002011370176000E016E0C86D5A150016C15F16C394C7FC16
+E316E71666166E166CA2167C1678A3167016F05EA35EA31501A25E1503A44BC8FCA35D15
+0EA45DA45DA333417EAB33>13 D<1730A317701760A317E05FA316015FA3160394C8FCA3
+5E1606A3160E160C013E1607D9FF80ED1F802603C3C0011CEB3FC0260703E01318260601
+F0157F000E173F001C1538D818030230131F0038170F0030170700701570D86007026013
+035CA2D8E00F02E0148000C049491301EA001F4A150303011500013F5C14006049010314
+06017E91C7FC180E180C01FE49141C4901061418183860030E1460030C14E04D5A4D5A03
+1C49C7FC0318130E017E5D5F6D01385B90261F80305BD90FC0EB03C0D907F0010FC8FC90
+3901FE707C9039003FFFF002031380DA0060C9FC15E05DA314015DA3140392CAFCA35C14
+06A3140E140C3A597DC43F>32 D<EC07FE91387FFFC049B512F0010714F890391FF003FE
+49C7127E0178143E01E0140848481400485A90C9FC5A1206A412077EEB803E3901E7FFC0
+39007FC1E014FFD801E75BD80380C8FC48C9FC120E5A5A5A1260A212E05AA4ED01806C14
+036C150000705C0078140E003E143C391FC003F86CB512E000035CC649C7FCEB1FF0272F
+7EAC2E>34 D<F101C04F7E190186A21900861A781A7C86A286747EA2747E747E87747E74
+7E1B7E87F31F80F30FC0F307F0007FBC12F8BD12FEA27E571C7BB262>42
+D<137EEA01FF1207EA0FFEEA1FC0EA3F00127C127812F85AA67E1278127C123FEA1FC0EA
+0FFEEA07FF1201EA007E10187BAE1B>44 D<121EEA7F80A2EAFFC0A4EA7F80A2EA1E000A
+0A78891B>58 D<121EEA7F8012FF13C0A213E0A3127FEA1E601200A413E013C0A3120113
+80120313005A1206120E5A5A5A12600B1D78891B>I<F001C0F007E0181FF07FC0943801
+FF00EF07FCEF1FF0EF7FC04C48C7FCEE0FFCEE3FF0EEFFC0030390C8FCED0FF8ED3FE0ED
+FF80DA03FEC9FCEC1FF8EC7FE0903801FF80D907FECAFCEB1FF0EB7FC04848CBFCEA07FC
+EA1FF0EA7FC048CCFCA2EA7FC0EA1FF0EA07FCEA01FF38007FC0EB1FF0EB07FE903801FF
+809038007FE0EC1FF8EC03FE913800FF80ED3FE0ED0FF8ED03FF030013C0EE3FF0EE0FFC
+EE01FF9338007FC0EF1FF0EF07FCEF01FF9438007FC0F01FE01807F001C03B3878B44C>
+I<127012FCB4FCEA7FC0EA1FF0EA07FCEA01FF38007FC0EB1FF0EB07FE903801FF809038
+007FE0EC1FF8EC03FE913800FF80ED3FE0ED0FF8ED03FF030013C0EE3FF0EE0FFCEE01FF
+9338007FC0EF1FF0EF07FCEF01FF9438007FC0F01FE0A2F07FC0943801FF00EF07FCEF1F
+F0EF7FC04C48C7FCEE0FFCEE3FF0EEFFC0030390C8FCED0FF8ED3FE0EDFF80DA03FEC9FC
+EC1FF8EC7FE0903801FF80D907FECAFCEB1FF0EB7FC04848CBFCEA07FCEA1FF0EA7FC048
+CCFC12FC12703B3878B44C>62 D<15C0A54A7EA84A7EA500FCEE0FC0D87FE0913801FF80
+D81FFF91383FFE0000079039FBF7FFF8000190B612E0D8003F92C7FC010F14FC010314F0
+010014C0023F90C8FC6E5AA24A7E4A7FA29138FF3FC0ECFE1F49486C7EECF80749486C7E
+49486C7EECC0004948137C91C7123C49143E011E141E4980013880496E7E016014013230
+81B031>I<91B87E19F019FC02009039C00007FF6F489038007FC003FFED1FE0737E93C8
+6C7E737E19014A707E5D1A7FA20203EF3F805DA21BC014075DA3140F4B17E0A3141F4B17
+C0A3143F4B167FA3027F18804B16FFA302FF180092C95A62A24917034A5F19076201034D
+5A5C4F5A620107173F4A5F4FC7FC19FE010F4C5A4A15034E5AF00FE0011F4C5A4A4B5A06
+FFC8FC013FED01FCEF0FF84AEC3FE001FF913803FF80B848C9FC17F094CAFC4B447CC351
+>68 D<EC0FC0EC7FF0903901F8381C903907E01C7E90380FC00E90393F0007FE496D5A13
+FE485A49130100035D485A120F491303001F5DA2485A1507007F5D5BA2150F00FF5D90C7
+FCA2151F5E5AA2033F1330EE00701760A24B13E017C015FE007E130102031301003ED907
+3E1380003F010E13036C011C14006C6C486C5A3A07C0F00F0E3A01FFC007FC3A007F0001
+F02C2D7CAB33>97 D<01F8D903FCEC7F80D803FED91FFF903803FFE0D8071F903B7C0FC0
+0F81F83E0E0F80E007E01C00FC001C9026C3C0030178137C271807C700D9F0E0137E02CE
+902601F1C0133E003801DCDAFB80133F003001D892C7FCD90FF814FF0070495C0060495C
+A200E04949485CD8C01F187E4A5C1200040715FE013F6091C75BA2040F14014960017E5D
+1903041F5D13FE494B130762043F160E0001060F130C4992C713C0191F4CED801C00031A
+1849027E1638F2003004FE167000071A60494A16E0F201C0030192380F0380000FF18700
+494AEC03FED80380D90070EC00F84F2D7DAB55>109 D<01F8EB03FCD803FEEB1FFFD807
+1F90387C0FC03B0E0F80E007E03A0C07C3C003001CD9C7007F001801CE1301003801DC80
+003013D8EB0FF800705B00605BA200E0491303D8C01F5D5C12001607013F5D91C7FCA216
+0F495D137E161F5F13FE49143F94C7FC187000014B136049147E16FE4C13E0000317C049
+150104F81380170300071700495D170EEE781C000FED7C3849EC1FF0D80380EC07C0342D
+7DAB3A>I<02FCEB07E0903A03FF801FFC903A0F07C0781E903A1C03E0E01F903A3801F1
+C07FD9700013804901FB13FF4848EBFF00495B000316FE90C71438484A13001206140100
+0E5C120CC7FC14035DA314075DA3140F5DA3021F143817305D1770023F1460121E003F16
+E0267F807FEB01C0026F148000FF01EF1303D901CFEB070000FE903887C00E267C03835B
+3A3C0F01E0783A1FFC00FFE0D803F0EB3F80302D7EAB37>120 D<133ED9FF8014E02603
+C3C0EB03F0380703E0380601F0000E1507001C16E0EA180312380030150F007016C0EA60
+075C161FD8E00F158000C05BEA001F4A133F1700133F91C7FC5E49147E137EA216FE01FE
+5C5BA215015E485AA215035EA200001407150F6D5C017C131F153F6D13FF90391F03CFC0
+903807FF8F903801FC0F90C7121F5EA2153F93C7FCD807C05BD81FE0137E5DA24848485A
+4A5A01805B39380007C00018495A001C49C8FC6C137C380781F83803FFE0C66CC9FC2C40
+7DAB30>I E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fp cmbx12 14.4 46
+/Fp 46 122 df<EEFFFC031FEBFF804AB612E0020781021F9038C00FF8913A7FFE0003FC
+DAFFF0EB00FE4949EB03FF4901805B4990C7487F49485CA2495A4D7F013F6F5B5CA37190
+C7FC715AEF01F894C9FCA90403B512C0BAFCA526003FFCC7120783B3B3A6003FB5D8FC03
+B612C0A542547DD34B>12 D<151E153E157E15FCEC01F8EC07F0EC0FE0EC1FC01580143F
+EC7F0014FE1301495A5C1307495AA2495A133F5C137FA2495AA24890C7FCA25A5BA21207
+A2485AA3121F5BA3123FA25BA3127FA55B12FFB3A3127F7FA5123FA37FA2121FA37F120F
+A36C7EA21203A27F7EA26C7FA26D7EA2133F80131F6D7EA26D7E1303806D7E1300147FEC
+3F80141F15C0EC0FE0EC07F0EC01F8EC00FC157E153E151E1F7973D934>40
+D<127012F8127C127E7EEA1FC06C7E6C7E12037F6C7E6C7E7F6D7E133F806D7EA26D7E80
+130780A26D7EA26D7EA215807FA215C0A2EC7FE0A315F0143FA315F8A2141FA315FCA514
+0F15FEB3A315FC141FA515F8A3143FA215F0A3147F15E0A3ECFFC0A21580A25B1500A249
+5AA2495AA25C130F5C495AA2495A5C137F49C7FC5B485A485A5B1207485A485A48C8FC12
+7E127C5A12701F7979D934>I<B712F0AB240B7F9F2D>45 D<EC3FFE0103B512E0010F14
+FC013F14FF90B712C048D9C07F7F2703FE000F13F8D807F801037FD80FE06D7F48486D7F
+48488001F01680486C6E13C07F486C6E13E07FA27013F0A56C5AA26C5AEA0FF0EA03C0C9
+14E05EA218C05E1880A24C13005F4C5A4B5B5F4B5B5F4B5B4B90C7FC4B5A5E4B5AED7FE0
+4B5A4A5B4A48C8FC4A5A5D4A48EB01F04A5AEC3F804AC7FC02FEEC03E0495A495A495A49
+5AD91F80140749C8FC013E150F017FB7FC90B812C05A5A5A5A5A5A5AB9FC1880A4344E79
+CD43>50 D<177C17FE1601A216031607160FA2161F163F167F16FFA25D5D5DA2ED0FBF15
+1FED3F3F157E157C15F81401EC03F0EC07E015C0140FEC1F80EC3F00143E5C14FC495A49
+5A5C495A130F495A91C7FC133E137E5B485A5B485A1207485A5B48C8FC5A127E5ABA12C0
+A5C96C48C7FCAF020FB712C0A53A4E7CCD43>52 D<ED0FFF92B512E0020780021F14FC91
+397FFE03FE903A01FFF0007F4901C0EB3F804990C7121F4948EC7FC0494814FF49484913
+E049485B01FF5C485BA2485B5AA2486F13C04A6D1380486F1300177E94C7FC5AA291CAFC
+5AA21508913801FFF8020713FFB54814C04A14F04AC66C7E023C6D7E4A6D7E4A6D7E7013
+804A15C0A24A15E07013F05C18F8A491C714FCA37EA67EA46C17F880A27E18F06C5D18E0
+6C6D15C07E6E4913806C6D15006D6C495A6D6CEB7FFC6DB448485A6D90B55A010315C001
+0092C7FC023F13FC020713C0364F7ACD43>54 D<171F4D7E4D7EA24D7EA34C7FA24C7FA3
+4C7FA24C7FA34C7FA24C80A283047F80EE7E3F04FE8016FC830301814C7E03038116F083
+0307814C7E030F8116C083031F814C7E033F8293C7FC844B82037E8003FE825D84020183
+4B800203835D840207834B80020F8392B8FCA24A83A24A8492C9FC854A84027E8202FE84
+5C850101854A820103855C850107854A82010F855C011F83D9FFFC84B600F8020FB712E0
+A55B537BD266>65 D<BA12C019FEF1FFC01AF01AFCD8000701F0C7000313FFDE007F7F73
+7F070F7F737F878587858785A287A84F5BA263616361634F5B4F5B077F90C7FC4E485A06
+0713F892B812E097C8FC861AF003F0C7000313FE9539003FFF80070F13E0737F07017F87
+737F747E1C807413C0A27413E0A31CF0A386A362A31CE0A2621CC0A250138097B5FC1C00
+4F5B19074F5B073F13F04EB55ABC128098C7FC1AF81AC007F8C8FC54527CD160>I<9326
+01FFFCEC01C0047FD9FFC013030307B600F81307033F03FE131F92B8EA803F0203DAE003
+EBC07F020F01FCC7383FF0FF023F01E0EC0FF94A01800203B5FC494848C9FC4901F88249
+49824949824949824949824990CA7E494883A2484983485B1B7F485B481A3FA24849181F
+A3485B1B0FA25AA298C7FC5CA2B5FCAE7EA280A2F307C07EA36C7FA21B0F6C6D1980A26C
+1A1F6C7F1C006C6D606C6D187EA26D6C606D6D4C5A6D6D16036D6D4C5A6D6D4C5A6D01FC
+4C5A6D6DEE7F806D6C6C6C4BC7FC6E01E0EC07FE020F01FEEC1FF80203903AFFE001FFF0
+020091B612C0033F93C8FC030715FCDB007F14E0040101FCC9FC525479D261>I<BA7E19
+FCF1FF801AF01AFCD8000701F0C7000F13FF060014C0071F7F070713F807017F737F747E
+747F747F86747F747F8886888688A2757EA31D8087A21DC0A51DE0A387A963A31DC0A51D
+80A2631D00A3515AA2646264505B6264505B505B5090C7FCF2FFFE4F5B07075B071F5B96
+B512C0060F91C8FCBB5A1AF01AC007FCC9FC19805B527CD167>I<BC1280A5D8000701F8
+C7000114C0F0001F19071901851A7F1A3F1A1FA2F20FE0A21A07A31A03A318F81BF01A01
+A497C7FC1701A317031707170F177F92B6FCA59238F8007F170F170717031701A317001B
+3EA31B7CA395C8FCA21BFCA21BF8A21A01A31A031BF01A071A0FA21A1F1A3FF27FE0F101
+FF1907191F0603B5FCBCFCA21BC0A34F517CD058>I<BB12FEA5D8000701F8C700077FF0
+007F191F190785858586861B80A21A1FA31A0FA41BC006F81307A497C7FCA31701A31703
+1707170F177F92B6FCA59238F8007F170F170717031701A31700A795C9FCB3B812F8A54A
+517CD055>I<B812F8A5D8000701F8CAFCB3B3A91A7CA41AFC1AF8A51901A31903A21907
+1AF0190FA2191F193F197F19FF180360183F4DB5FCBB12E0A546527CD151>76
+D<B600FC073FB512FE6F61A26F96B6FCA2D80007F5C00070EF01EFA202EF6DEF03CFA202
+E76DEF078FA202E36DEF0F0FA202E16D171EA302E06D173CA26F6C1778A26F6C17F0A26F
+6DED01E0A26F6DED03C0A36F6DED0780A26F6DED0F00A26F6D151EA26F6D5DA3706C5DA2
+706C5DA2706D495AA2706D495AA2706D495AA3706D49C7FCA2706D131EA2706D5BA2716C
+5BA3716C5BA271EB81E0A271EBC3C0A271EBE780A27101FFC8FCA3715BA2715BA2725AA2
+725AA2D93FFC6F5AB74DB712FEA2725AA2725A77527CD180>I<B600F893B7FC81818182
+D800076E9239003FFC00F307E082828202EF7F8214E702E37F02E18002E080836F7F816F
+7F6F7F6F7F83816F806F80707F707F8482707F707F707F85827080717F717F717F858371
+7F717F7114801AC0837213E07213F07213F87213FC1AFE847213FF7214877214C71BE773
+13F7857313FF8585A28585858686A286868686A286861B7FD93FFC183FB7171FA21B0F1B
+07755A60527CD169>I<93380FFFC00303B6FC031F15E092B712FC0203D9FC0013FF020F
+01C0010F13C0023F90C7000313F0DA7FFC02007F494848ED7FFE4901E0ED1FFF49496F7F
+49496F7F4990C96C7F49854948707F4948707FA24849717E48864A83481B804A83481BC0
+A2481BE04A83A2481BF0A348497113F8A5B51AFCAF6C1BF86E5FA46C1BF0A26E5F6C1BE0
+A36C6D4D13C0A26C6D4D1380A26C1B006C6D4D5A6E5E6C626D6C4C5B6D6D4B5B6D6D4B5B
+6D6D4B5B6D6D4B5B6D6D4B90C7FC6D6D4B5A6D01FF02035B023F01E0011F13F0020F01FC
+90B512C0020390B7C8FC020016FC031F15E0030392C9FCDB001F13E0565479D265>I<BA
+FC19F819FF1AE086D8000701F0C7001F13FC060113FF726C13807313C0070F13E01BF085
+7313F81BFCA27313FEA41BFFA81BFEA31BFC61A21BF84F13F04F13E0614F13C04F13004E
+485A061F5B92B812F01AC04FC7FC19E003F8CBFCB3AEB812C0A550527CD15C>I<B912F0
+F0FF8019F819FF1AC0D8000701F0C714F0060F7F060113FE727F737F737F85737F87A273
+7FA387A863A2616363A24F5B4F5B4F90C8FC4F5A06035B060F13F095B512C092B8C9FC19
+F819E019F89226F0000313FE9439007FFF80061F7F727F727F86727F8486A2727FA887A7
+1D1C1D3E8785A275137E73157C7315FC736D13F8B86C6DEBF801739038FE07F07390B512
+E0736C14C0080F1400CEEA7FFC5F537CD164>82 D<91260FFF80130791B500F85B010702
+FF5B011FEDC03F49EDF07F9026FFFC006D5A4801E0EB0FFD4801800101B5FC4848C87E48
+488149150F001F824981123F4981007F82A28412FF84A27FA26D82A27F7F6D93C7FC14C0
+6C13F014FF15F86CECFF8016FC6CEDFFC017F06C16FC6C16FF6C17C06C836C836D826D82
+010F821303010082021F16801400030F15C0ED007F040714E01600173F050F13F08383A2
+00788200F882A3187FA27EA219E07EA26CEFFFC0A27F6D4B13806D17006D5D01FC4B5A01
+FF4B5A02C04A5A02F8EC7FF0903B1FFFC003FFE0486C90B65AD8FC0393C7FC48C66C14FC
+48010F14F048D9007F90C8FC3C5479D24B>I<003FBC1280A59126C0003F9038C0007F49
+C71607D87FF8060113C001E08449197F49193F90C8171FA2007E1A0FA3007C1A07A500FC
+1BE0481A03A6C994C7FCB3B3AC91B912F0A553517BD05E>I<B700FC017FB600FE91B612
+F0A5D8003F01C0C8001F01E0C9EBF8006F71EE0FC06D7161876F1C1F6D7196C7FC6F8373
+606D1E3E6F836D7160876F1CFC6D666F4B801F016D66704A806E525A88704A17076E059F
+5F70021F80080F160F6E6570023F806EDC3E074CC8FC8870027E5F6EDC7C03163E7002FC
+804F6C167E6E1C7C700101814F6C16FC6E745B70010317016E4C6D5D060716C00580496D
+14036F63DDC00F16E04F6D14076F07F05BDDE01F170F6F92C76C5D1DF8DDF03E6E141F6F
+98C9FCDDF87E16FC067C6E5C6FF1FE3EDDFCFC177E6F4A6E147C1DFFDDFFF06E14FC6F62
+A24E816F62A270496F5BA24E817061A295C97E7061A270487090CAFCA37048705AA24D16
+01040360A27048705A84537DD18B>87 D<EC7FFF0107B512F0013F14FE90B77E48D9E00F
+7F2703FE000113F0486C6D7F6EEB3FFC48826E131F83707FA36C496D7FA26C90C7FC6C5A
+C9FCA6037FB5FC020FB6FC91B7FC01071487013FEBF0074913803901FFFC004813F0485B
+485B485B4890C7FC5A5BA2485AA45EA26D5C007F151D163D6C6C02797F6C6D01F113F86C
+9026C003E0EBFFE06C9027F81FC07F13F06C90B5487EC64B7E011F01FC010713E0010101
+E090C8FC3C387CB641>97 D<EB3FF0B5FCA51203C6FCB3A4923801FFE0030F13FE033FEB
+FFC092B612F002F301017F913AF7F8003FFEDAFFE0EB0FFF03806D7F92C76C7F4A6E7F4A
+824A6E7FA2727EA285A28584A31A80AC1A00A44E5AA36118FF616E4A5BA26E4A5B6E4A5B
+6F495BDACFC04990C7FCDA87F0EB7FFC913A03FE03FFF849C6B612E0496D148049011F01
+FCC8FC90C7000313C041547BD24B>I<913801FFF8021FEBFF8091B612F0010315FC010F
+9038C00FFE903A1FFE0001FFD97FFC491380D9FFF05B4817C048495B5C5A485BA2486F13
+8091C7FC486F1300705A4892C8FC5BA312FFAD127F7FA27EA2EF03E06C7F17076C6D15C0
+7E6E140F6CEE1F806C6DEC3F006C6D147ED97FFE5C6D6CEB03F8010F9038E01FF0010390
+B55A01001580023F49C7FC020113E033387CB63C>I<4DB47E0407B5FCA5EE001F1707B3
+A4913801FFE0021F13FC91B6FC010315C7010F9038E03FE74990380007F7D97FFC0101B5
+FC49487F4849143F484980485B83485B5A91C8FC5AA3485AA412FFAC127FA36C7EA37EA2
+6C7F5F6C6D5C7E6C6D5C6C6D49B5FC6D6C4914E0D93FFED90FEFEBFF80903A0FFFC07FCF
+6D90B5128F0101ECFE0FD9003F13F8020301C049C7FC41547CD24B>I<913803FFC0023F
+13FC49B6FC010715C04901817F903A3FFC007FF04948EB1FF8D9FFE06D7E488248496D7E
+48814A15805A4890C76C13C0A24817E0A282485A18F0A312FFA390B8FCA318E049CAFCA5
+127FA46C7EA26C17E0EF01F06C7F17036C17E06C6D14076C6DEC0FC06CEE1F806D6CEC3F
+00D93FFC14FE6D6CEB03FC903A0FFFC03FF8010390B55A010015C0021F49C7FC020113F0
+34387CB63D>I<ED3FFC0203B5FC020F14C0023F14E09139FFF81FF0499038C03FF849EB
+807F49903800FFFC495A495AA2495AA2EE7FF8495AEE3FF0EE0FC093C7FCAEB712E0A526
+007FF8C8FCB3B3A7007FB512FEA52E547CD329>I<DA3FFF14FF0103B5D8F00713C0010F
+DAFC1F13E0013FECFF7F90267FFC0F9038FF9FF09026FFE001EBF83F48496C13E0484990
+387FF01F4890C7D83FF813E0489338FC0FC0F0078048486E6CC7FCA2003F82A9001F5EA2
+6C6C4A5AA26C5E6C6D495A6C6D495A6C6D485BDAFC0F5B4890B6C8FCD803EF14FC01C314
+F02607C03F90C9FC91CBFCA2120FA37FA213F813FE90B7FC6C16F817FF18C06C836C836C
+836D828448B9FC12074848C700031480D81FF8EC003F4848150748486F13C083485A83A5
+6D5D007F18806D5D003F18006C6C4B5AD80FFEED1FFC6C6C6CEC7FF86C01E049485A6C01
+FE011F5B6C6CB71280010F03FCC7FC010115E0D9000F01FCC8FC3C4F7CB543>I<EB3FF0
+B5FCA51203C6FCB3A4EE1FFC93B512C0030314F0030F8092391FE07FFC92393F001FFE03
+7C8003F07FDAF1E081ECF3C0DAF7807F8502FFC7FC5CA25CA45CB3ACB6D8F807B612C0A5
+42537BD24B>I<137F497E487F487F487F487FA76C5B6C5B6C5B6C5B6DC7FC90C8FCADEB
+3FF0B5FCA512017EB3B3A6B612E0A51B547BD325>I<EB3FF0B5FCA51203C6FCB3A54CB5
+12F8A59339003FFE00EF1FE04D5A4D5A4DC7FCEE01FCEE07F84C5A4C5AEE3F8004FFC8FC
+4B5A4B5AED07F0ED1FE0153F4B7E4B7E02F37F02F77F91B5FC82039F7F030F7F4A7EDAF8
+037F02F0806F7F6F7F167F707E83707F707F8284707F707F82717E84717E1980B6D8F003
+B6FCA540537CD247>107 D<EB3FF0B5FCA512017EB3B3B3B1B612F0A51C537BD225>I<D9
+3FF0D91FFCEDFFE0B591B500C0010713FE030302F0011F6D7E030F6E017F8092271FE07F
+FCD9FF037F922A3F001FFE01F8007F0003027C9126FF03E080C602F06DD90780137FDAF1
+E0038FC77FDAF3C0159EDAF7806D01BC143F07FC8102FFC75C4A5EA24A5EA44A5EB3ACB6
+D8F807B6D8C03FB512FEA567367BB570>I<D93FF0EB1FFCB591B512C0030314F0030F80
+92391FE07FFC92393F001FFE0003027C80C602F07FDAF1E081ECF3C0DAF7807F8502FFC7
+FC5CA25CA45CB3ACB6D8F807B612C0A542367BB54B>I<913801FFE0021F13FE91B612C0
+010315F0010F9038807FFC903A1FFC000FFED97FF86D6C7E49486D7F48496D7F48496D7F
+4A147F48834890C86C7EA24883A248486F7EA3007F1880A400FF18C0AC007F1880A3003F
+18006D5DA26C5FA26C5F6E147F6C5F6C6D4A5A6C6D495B6C6D495B6D6C495BD93FFE011F
+90C7FC903A0FFF807FFC6D90B55A010015C0023F91C8FC020113E03A387CB643>I<903A
+3FF001FFE0B5010F13FE033FEBFFC092B612F002F301017F913AF7F8007FFE0003D9FFE0
+EB1FFFC602806D7F92C76C7F4A824A6E7F4A6E7FA2717FA285187F85A4721380AC1A0060
+A36118FFA2615F616E4A5BA26E4A5B6E4A5B6F495B6F4990C7FC03F0EBFFFC9126FBFE07
+5B02F8B612E06F1480031F01FCC8FC030313C092CBFCB1B612F8A5414D7BB54B>I<9126
+01FFE0EB0780021F01F8130F91B500FE131F0103ECFF80010F9039F03FC03F499039800F
+E07F903A7FFE0003F04948903801F8FF4849EB00FD4849147F4A805A4849805A4A805AA2
+91C87E5AA35B12FFAC6C7EA37EA2806C5EA26C6D5CA26C6D5C6C6D5C6C93B5FC6C6D5B6D
+6C5B6DB4EB0FEF010F9038C07FCF6D90B5120F010114FED9003F13F80203138091C8FCB1
+040FB61280A5414D7CB547>I<90397FE003FEB590380FFF80033F13E04B13F09238FE1F
+F89139E1F83FFC0003D9E3E013FEC6ECC07FECE78014EF150014EE02FEEB3FFC5CEE1FF8
+EE0FF04A90C7FCA55CB3AAB612FCA52F367CB537>I<903903FFF00F013FEBFE1F90B7FC
+120348EB003FD80FF81307D81FE0130148487F4980127F90C87EA24881A27FA27F01F091
+C7FC13FCEBFFC06C13FF15F86C14FF16C06C15F06C816C816C81C681013F1580010F15C0
+1300020714E0EC003F030713F015010078EC007F00F8153F161F7E160FA27E17E07E6D14
+1F17C07F6DEC3F8001F8EC7F0001FEEB01FE9039FFC00FFC6DB55AD8FC1F14E0D8F80714
+8048C601F8C7FC2C387CB635>I<143EA6147EA414FEA21301A313031307A2130F131F13
+3F13FF5A000F90B6FCB8FCA426003FFEC8FCB3A9EE07C0AB011FEC0F8080A26DEC1F0015
+806DEBC03E6DEBF0FC6DEBFFF86D6C5B021F5B020313802A4D7ECB34>I<D93FF8913801
+FFC0B50207B5FCA50003ED001FC61607B3AE5FA35FA2017F5D173B177B6D6C14F3DC01E3
+13F06D6CD907C3EBFFC0903A0FFFC03F836D90B51203010114FE6D6C13F8020701E091C7
+FC42377BB54B>I<B600F00107B5FCA5C601F8C8EA7FC06EED3F00A26D6C153E187E013F
+167C6E15FC6D5E6F13016D5E6F13036D5E8117076D6D5C170F6D6D5C171F6D93C7FC6F5B
+027F143E6F137E023F147C6F13FCA26E6D5A16816EEBC1F016C36E5C16E76E5C16FF6E5C
+A26E91C8FCA36F5AA26F5AA26F5AA26F5AA26F5A6F5A40357DB447>I<B6D8E07FB5D8C0
+03B512C0A5000101F0C701F0C7381FF8006E027FED07E06C715DA26E023F150F017F705D
+6E181F013F7092C7FC177F6E606D92B5143E6F177E6D71137C5E03C001F315FC6D02036E
+5B03E001E114016D05E05B160703F001C014036D020F02F05B03F8EB807FF1F8076D021F
+5E03FCD9003F130F027F04FC5B5EDBFE3E90381FFE1F023F017E93C8FCDBFF7C010F5B6E
+EEFF3E16FC4C6D13FE6E5F4C7F6E5FA24C7F6E5F4C7F6E5FA24C147F6E5F93C8123F6F5E
+A2033E6FC9FC5A357DB461>I<007FB500F090387FFFFEA5C66C48C7000F90C7FC6D6CEC
+03F86D6D495A6D6D495A6D4B5A6F495A6D6D91C8FC6D6D137E6D6D5B91387FFE014C5A6E
+6C485A6EEB8FE06EEBCFC06EEBFF806E91C9FCA26E5B6E5B6F7E6F7EA26F7F834B7F4B7F
+92B5FCDA01FD7F03F87F4A486C7E4A486C7E020F7FDA1FC0804A486C7F4A486C7F02FE6D
+7F4A6D7F495A49486D7F01076F7E49486E7E49486E7FEBFFF0B500FE49B612C0A542357E
+B447>I<B600F00107B5FCA5C601F8C8EA7FC06EED3F00A26D6C153E187E013F167C6E15
+FC6D5E6F13016D5E6F13036D5E8117076D6D5C170F6D6D5C171F6D93C7FC6F5B027F143E
+6F137E023F147C6F13FCA26E6D5A16816EEBC1F016C36E5C16E76E5C16FF6E5CA26E91C8
+FCA36F5AA26F5AA26F5AA26F5AA26F5AA35E150F5E151F93C9FC5DD81FC0133E486C137E
+486C137C486C13FC5D14015D14034A5A6C48485A49485A263FC07FCAFCEB81FE6CB45A6C
+13F000035BC690CBFC404D7DB447>I E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fq line10 10 10
+/Fq 10 84 df<1C0C1C1E1C3E1C7C1CF8F301F0F303E0F307C0F30F80F31F001B3E6363
+505A505A505A505A50C7FC1A3E62624F5A4F5A4F5A4F5A4FC8FC193E61614E5A4E5A4E5A
+4E5A4EC9FC183E60604D5A4D5A4D5A4D5A4DCAFC173E5F5F4C5A4C5A4C5A4C5A4CCBFC16
+3E5E5E4B5A4B5A4B5A4B5A4BCCFC153E5D5D4A5A4A5A4A5A4A5A4ACDFC143E5C5C495A49
+5A495A495A49CEFC133E5B5B485A485A485A485A48CFFC123E5A5A5A1260575782D453>
+0 D<1718173C177C177817F817F0160117E0160317C016071780160F17005E161E163E16
+3C167C167816F85E15015E15035E15075E150F93C7FC5D151E153E153C157C157815F85D
+14015D14035D14075D140F92C8FC5C141E143E143C147C147814F85C13015C13035C1307
+5C130F91C9FC5B131E133E133C137C137813F85B12015B12035B12075B120F90CAFC5A12
+1E123E123C127C127812F85A12602E5782D42A>I<1C0C1C3E1CFEF303FCF30FF8F33FE0
+F3FF80973803FE00F20FF8F23FE0F2FF80DF03FEC7FCF10FF8F13FE0F1FF80DE03FEC8FC
+F00FF8F03FE0F0FF80DD03FEC9FCEF0FF8EF3FE0EFFF80DC03FECAFCEE0FF8EE3FE0EEFF
+80DB03FECBFCED0FF8ED3FE0EDFF80DA03FECCFCEC0FF8EC3FE0ECFF80D903FECDFCEB0F
+F8EB3FE0EBFF80D803FECEFCEA0FF8EA3FE0EA7F8000FECFFC12F81260572E82AB53>8
+D<1C0C1C3E1C7EF301FCF303F8F30FE0F31FC0F37F001BFEF203F8505AF21FC0505A08FE
+C7FC4F5AF107F04F5AF13F804FC8FCF001FC4E5AF00FE04E5A067FC9FC18FEEF03F84D5A
+EF1FC0EF7F8005FECAFCEE03FCEE07F0EE1FC04C5A04FECBFC4B5AED07F04B5AED3F804B
+CCFCEC01FC4A5AEC0FE04A5A027FCDFC14FEEB03F8495AEB1FC0495A01FECEFC485AEA07
+F0485AEA3F8048CFFC12FC5A1260573B82B853>17 D<F10180F103C019071A80190FF11F
+00193E193C197C614E5A6118034E5A4E5A96C7FC60183E60187818F84D5A4D5A6017074D
+5A4DC8FC171E173E5F5F5F16014C5A4C5A5F160F4CC9FC163E163C167C5E4B5A5E15034B
+5A4B5A93CAFC5D153E5D157815F84A5A4A5A5D14074A5A4ACBFC141E143E5C5C5C130149
+5A495A5C130F49CCFC133E133C137C5B485A5B1203485A485A90CDFC5A123E5A127812F8
+5A1260425782D43E>19 D<126012F07E127C7E7E6C7E6C7E6C7E6C7E6C7E137C7F7F6D7E
+6D7E6D7E6D7E6D7E147C80806E7E6E7E6E7E6E7E6E7E157C81816F7E6F7E6F7E6F7E6F7E
+167C8282707E707E707E707E707E177C8383717E717E717E717E717E187C8484727E727E
+727E727E727E197C8585737E737E737E737E737E1A7C8686747E747E747E747E747E1B7C
+8787F30F80F307C0F303E0F301F0F300F81C7C1C3E1C1E1C0C575782D453>64
+D<126012F07E1278127C123C123E121E121F7E7F12077F12037F12017F12007F1378137C
+133C133E131E131F7F801307801303801301801300801478147C143C143E141E141F8081
+1407811403811401811400811578157C153C153E151E151F818215078215038215018215
+00821678167C163C163E161E161F821780160717C0160317E0160117F0160017F8177817
+7C173C17182E5782D42A>I<126012F812FEEA7F80EA3FE0EA0FF8EA03FEC66C7EEB3FE0
+EB0FF8EB03FE903800FF80EC3FE0EC0FF8EC03FE913800FF80ED3FE0ED0FF8ED03FE9238
+00FF80EE3FE0EE0FF8EE03FE933800FF80EF3FE0EF0FF8EF03FE943800FF80F03FE0F00F
+F8F003FE953800FF80F13FE0F10FF8F103FE963800FF80F23FE0F20FF8F203FE973800FF
+80F33FE0F30FF8F303FCF300FE1C3E1C0C572E82AB53>72 D<126012F87E127F6C7EEA0F
+E06C7EEA01FC6C7EEB3F806D7EEB07F06D7EEB00FE147FEC1FC06E7EEC03F86E7EEC007F
+6F7EED0FE06F7EED01FC6F7EEE3F80707EEE07F0EE03FCEE00FEEF7F80EF1FC0EF07F071
+7EEF00FE187FF01FC0727EF003F8727EF0007F737EF10FE0737EF101FC737EF23F80747E
+F207F0747EF200FE1B7FF31FC0F30FE0F303F8F301FCF3007E1C3E1C0C573B82B853>81
+D<126012F07E1278127C7E7E7E7F6C7E6C7E12017F6C7E137C133C133E7F6D7E1307806D
+7E6D7E130080147C80141E141F6E7E6E7E1403816E7E6E7E1578157C818181826F7E6F7E
+1501826F7E167C163C163E82707E160783707E707E160083177C83171E171F717E717E17
+0384717E717E1878187C84848485727E727E180185727E197C193C193E85F10F8019071A
+C01903F10180425782D43E>83 D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fr cmtt12 12 70
+/Fr 70 127 df<00085B003EEB07C0007FEB0FE0A24814F0A26C14E0B3A2007E1307003E
+14C0A20008EB01001C1E75BD33>34 D<D803E01438D80FF8147C486C14FEA2486C13015E
+EA7F7FD87E3F13035E00FEEB8007D8FC1F5CA2150F5EA2151F5ED8FE3F133F007E01005B
+A2D87F7F137FD83FFE91C7FC5D6C485BA2380FF801D803E05BC7FC14035D14075DA2140F
+5D141F5DA2143F5DA2147F92C8FC5C5CA213015C13035CA20107147C4A48B4FC4B138013
+0F4A4813C0131F9139C00FEFE016C7013F011F13F002801383137F1400A25B5BA2120149
+14C70003020F13E04914EF923807FFC01207496D1380A26C486D13006C48EB007C2C4D7D
+C433>37 D<EB03E0EB0FF8497E497E497E90B5FC9038FE3F803801FC1F13F8000380EBF0
+0FA7141F5D91393F87FFE001F84913F00001137F147E14FE9026F9FC0713E001FF903801
+F8006C13F8ECF00302E05B1507D97FC05B14809038FF000F485D148048141F4801C05B5A
+391FEFE03FD83FC791C7FC903887F07FD87F03137EECF8FE6D6C5A12FEEB00FF6E5AA291
+393FF00180EE03C091391FE007E0140F6CEB1FF06C133FEC7FF8903980FFFE0FD83FC301
+FF13C0D9FFFC13FF6C496C13806C497E6CD9E00F13006C90388007FE3A00FE0001F82C3F
+7DBD33>I<EA07C0EA0FF0EA1FF8A213FCA213FE120F1207EA007EA613FE13FCA21201EA
+03F8A2EA07F0120FEA1FE0EA7FC0EAFF8013005A5A12700F1E6EBC33>I<140FEC3F8014
+7F14FF491300495AEB07F8495A495A495A495A49C7FC5B12015B485A12075B120F5B121F
+5BA2123F5BA2127F90C8FCA45A5AAD7E7EA47F123FA27F121FA27F120F7F12077F12036C
+7E7F12007F6D7E6D7E6D7E6D7E6D7EEB03FE6D7E6D1380147F143FEC0F00194D6FC433>
+I<127812FE7E7F6C7E6C7EEA0FF06C7E6C7E6C7E6C7E6D7E133F80131F6D7E8013078013
+03801301A2801300A28080A41580143FAD147F1500A45C5CA213015CA213035C13075C13
+0F5C495A133F5C137F49C7FC485A485A485A485AEA3FE0485A485A90C8FC5A1278194D78
+C433>I<14F0497EA8007015E000F8EC01F000FE140700FF140F01C1133F01F113FF263F
+F9F913C0000FB61200000314FCC614F06D5B011F1380D907FEC7FC90381FFF80017F13E0
+90B57E000314FC000F14FF263FF9F913C026FFF1F813F001C1133F0101130F00FE140700
+F814010070EC00E000001500A86D5A242B79B333>I<140E141F4A7EB0003FB7FC481680
+B812C0A36C16806C1600C7D83F80C7FCB06EC8FC140E2A2B7CB333>I<EA07C0EA0FF0EA
+1FF8123F13FCA213FEA2121F120F1207EA007E13FEA213FC1201EA03F81207EA0FF0EA7F
+E012FF13C013005A12780F196E8A33>I<003FB612FC4815FEB8FCA36C15FE6C15FC2807
+7BA133>I<121FEA3F80EA7FC0EAFFE0A5EA7FC0EA3F80EA1F000B0B6C8A33>I<167016F8
+ED01FCA2150316F8150716F0A2150F16E0151F16C0153F1680157F1600A25D5D14015D14
+035D14075DA2140F5D141F5D143F5D147F92C7FCA25C5C13015C13035CA213075C130F5C
+131F5C133F5CA2137F91C8FC5B5B12015B12035BA212075B120F5B121F5B123F5BA2127F
+90C9FC5A5AA2127C1238264D7AC433>I<14FF010313C0010F13F0497F497F497F9038FF
+81FF3A01FE007F804848EB3FC049131F4848EB0FE0A24848EB07F0A24848EB03F8A24848
+EB01FCA348C812FEA4007E157E00FE157FAE6C15FF6C15FEA46D1301003F15FCA26D1303
+001F15F8A26C6CEB07F0A26C6CEB0FE06D131F6C6CEB3FC0A26CB4EBFF806C018113006D
+B45A6D5B6D5B6D5B010313C0010090C7FC283F7BBD33>I<EB01E0497EA21307A2130FA2
+131F133F137F13FF1203123F5AEAFFF713E71387EA7E071200B3B3A2003FB512FE488016
+80A216006C5C213E76BD33>I<EB03FF011F13E0017F13FC48B57E48ECFF804815C0260F
+FE0313E03A1FF0007FF049EB1FF84848130F49EB03FC127F90C7EA01FE4814005A6C15FF
+167FA3127E123CC9FCA216FF16FEA2150116FC150316F81507ED0FF0ED1FE0153F16C0ED
+7F80EDFF004A5AEC07FC4A5A4A5A4A5A4A5A4A5A4990C7FC495AEB07F8EB1FF0495A495A
+495A4890C8FC4848143E4848147FEA0FF0485A48B7FCB8FCA37E6C15FE283E7BBD33>I<
+903801FFC0010F13F8013F13FE90B67E48814881489038807FF03A0FFC000FF801F06D7E
+484813036F7EA21500A26C5A6C5AC9FC15015EA215034B5A150F4B5A4B5A913803FFC001
+03B55A4991C7FC5D8116C06D8090C76C7EED0FF8ED03FC6F7E6F7E821780163FA2EE1FC0
+A3123C127EB4FCA2163F1780167F6C16006D5C6D495A6C6C1303D81FF8EB0FFC3A0FFF80
+7FF86C90B55A6C5D6C15806C6C91C7FC010F13FC010113C02A3F7CBD33>I<0007B612F0
+4815F85AA316F001C0C8FCB0ECFFC001C713F801DF7F90B6FC168016C0028013E09039FC
+001FF001F0EB0FF849130749EB03FC6C4813016CC713FEC9FCA216FF167FA41218127EA2
+B415FF16FEA24814016C15FC6C14036DEB07F86D130F6C6CEB1FF06C6CEB7FE09039FE03
+FFC06CB612806C150000015C6C14F8013F13E0010390C7FC283E7BBC33>53
+D<127CB8128017C0A4178048C813004B5A4B5A007C4A5AC8485A5E151F4B5A4B5A93C7FC
+5D5D4A5A14035D14075D140F5D141F5D143F5DA24AC8FCA25C5CA213015CA3495AA41307
+5CA5130F5CAA6D5A6D5A2A3F7CBD33>55 D<121FEA3F80EA7FC0EAFFE0A5EA7FC0EA3F80
+EA1F00C7FCB3A3121FEA3F80EA7FC0EAFFE0A5EA7FC0EA3F80EA1F000B2B6CAA33>58
+D<EA07C0EA0FE0EA1FF0EA3FF8A5EA1FF0EA0FE0EA07C0C7FCB3A3EA07C0EA0FE0EA1FF0
+EA3FF8A213FCA3121F120F12071200A2120113F81203EA07F0120FEA1FE0127FEAFFC013
+80130012FC12700E396EAA33>I<161C167E16FF15035DED1FFEED3FFCEDFFF84A13E002
+0713C04A1300EC3FFEEC7FF849485A4913C0010F5B4948C7FCEB7FFCEBFFF000035B4813
+80001F90C8FCEA3FFC485AEAFFE05B7FEA7FF86C7E6CB4FC00077F6C13E0C67FEB7FFCEB
+1FFE6D6C7E01037F6D13F06D6C7EEC3FFEEC0FFF6E13C0020113E06E13F8ED3FFCED1FFE
+ED07FF811500167E161C28337BB733>I<003FB7FC481680B812C0A36C16806C1600CBFC
+A9003FB7FC481680B812C0A36C16806C16002A177CA933>I<1238127EB4FC13C07FEA7F
+F86C7E6CB4FC00077F6C13E0C67FEB7FFCEB1FFE6D6C7E01037F6D13F06D6C7EEC3FFEEC
+0FFF6E13C0020113E06E13F8ED3FFCED1FFEED07FF815DED1FFEED3FFCEDFFF84A13E002
+0713C04A1300EC3FFEEC7FF849485A4913C0010F5B4948C7FCEB7FFCEBFFF000035B4813
+80001F90C8FCEA3FFC485AEAFFE05B90C9FC127E123828337BB733>I<EC1F804A7E4A7E
+A34A7EA314F901017FA501037FA214F0A201077FA4ECE07E010F137FA449486C7EA54948
+6C7EA4017F80EC000FA291B5FCA290B67EA43A01FE0007F8491303A4000381491301A300
+0781491300D87FFF90380FFFE0B56C4813F06E5AA24A7E6C496C13E02C3E7DBD33>65
+D<007FB512F8B7FC16C082826C813A03F8000FFCED03FE15016F7E82A2EE3F80A7EE7F00
+A25E4B5AA2ED07FCED1FF890B65A5E1680828216F89039F8000FFCED01FE6F7EEE7F8016
+3F17C0161FA2EE0FE0A7161F17C0A2163FEE7F8016FF4B1300150F007FB65AB75A5E16E0
+5E6C4AC7FC2B3D7DBC33>I<91391FE00780DAFFFC13C00103EBFF0F010F148F4914FF5B
+90387FF81F9038FFC00748497E4848487E497F485A167F485A49143F121F5B003F151F5B
+A2127F90C8EA0F8093C7FCA25A5AAD7E7EA36DEC0F80003FED1FC0A27F121F7F000F153F
+6D15806C7E167F6C6CECFF007F3A01FF8003FE6C6D485A90397FF81FF86DB55A6D5C6D5C
+010391C7FC010013FCEC1FE02A3F7CBD33>I<003FB512F04814FCB7FC826C816C813A03
+F8007FF0ED1FF8ED07FC15036F7E8281EE7F80A2163F17C0161FA217E0160FA4EE07F0AD
+160F17E0A4161F17C0163FA21780167FEEFF00A24B5A15034B5AED1FF8ED7FF0003FB6FC
+4815C0B75A93C7FC6C14FC6C14F02C3D7EBC33>I<003FB712E04816F0B8FCA27E7ED801
+FCC71207A8EE03E093C7FCA6151F4B7EA490B6FCA69038FC003FA46FC7FC92C8FCA817F8
+EE01FCA9003FB7FC5AB8FCA27E6C16F82E3D7EBC33>I<003FB712E04816F0B8FCA27E7E
+D801FCC71207A8EE03E093C7FCA7151F4B7EA490B6FCA69038FC003FA46FC7FC92C8FCB1
+383FFFF8487FB57EA26C5B6C5B2C3D7DBC33>I<003FB612804815C0B712E0A26C15C06C
+1580260003F8C7FCB3B3AD003FB612804815C0B712E0A26C15C06C1580233D78BC33>73
+D<387FFFF8B57E80A25C6C5BD801FCC9FCB3B3A3EE03E0EE07F0A9007FB7FCB8FCA46C16
+E02C3D7DBC33>76 D<D83FF8EC1FFC486CEC3FFE486CEC7FFFA2007F16FE6C6CECFFFC00
+0716E001EF14F7EC8001A39039E7C003E7A3ECE007A201E314C7A2ECF00FA201E11487EC
+F81FA201E01407A2ECFC3FA2EC7C3EA2EC7E7EEC3E7CA3EC1E78EC1FF8A2EC0FF0A3EC07
+E0EC03C091C7FCAED83FFCEC3FFC486CEC7FFEB591B5FCA26C48EC7FFE6C48EC3FFC303D
+7FBC33>I<D87FFC90381FFFE0486C4913F07FA36C6D6C13E00003913800FC0013F780A2
+13F380A3EBF1F0A38013F0A280A2147C147EA2143E143FA2801580A3140F15C0A2140715
+E0A2140315F0A21401A215F81400A3157CA3153C153EA2151E151F387FFF80B5EAC00FA3
+15076C496C5A2C3D7DBC33>I<003FB512FC48ECFF80B712E016F86C816C813A01FC000F
+FF030313801500EE7FC0163FEE1FE0160FA217F01607A6160F17E0A2161FEE3FC0167FEE
+FF801503030F130090B65A5E5E16E0168003FCC7FC01FCC9FCB3383FFFE0487FB57EA26C
+5B6C5B2C3D7EBC33>80 D<007FB57EB612F815FE81826C812603F8007FED3FF0ED0FF815
+076F7E1501A26F7EA74B5AA215034B5A150FED3FF0EDFFE090B65A5E93C7FC5D8182D9F8
+007F153F6F7E150F821507AA173E177FA416F8030313FF267FFFC014FEB538E001FF17FC
+81EE7FF86C49EB3FF0C9EA0FC0303E7EBC33>82 D<D907FE137890393FFFC07C90B5EAF0
+FC4814FC000714FF5AEBFC03391FF0007F4848133F0180131F007F140F90C71207481403
+5AA21501A46CEC00F86C15007F7F6C7E7FEA1FFE380FFFE06C13FF6C14F06C14FC6C6C13
+FF011F1480010314C0D9003F13E0020313F09138003FF8ED0FFC1507ED03FE1501150016
+FFA2007C157F12FEA56C15FF16FE7FED01FC6D130301F0EB07F801FC130F9039FF807FF0
+91B512E016C000FC1580013FEBFE00D8F80F5BD8780013E0283F7BBD33>I<003FB712F8
+4816FCB8FCA43AFE000FE001A8007CED00F8C71500B3B3A40107B512C049804980A26D5C
+6D5C2E3D7EBC33>I<273FFFE001B5FC486D481480B56C4814C0A26C496C14806C496C14
+00D801FCC7EA0FE0B3B3A36D141F00005EA26D143F6D5DA26D6C49C7FC6E5B6D6C485AEC
+F00390390FFC0FFC6DB55A6D5C6D5C6D6C1380DA1FFEC8FCEC07F8323E80BC33>I<D87F
+FF903803FFF8B56C4813FCA46C496C13F8D807F09038003F806D147F00031600A36D5C00
+015DA46C6C495AA46D13036D5CA3EC8007013F5CA3ECC00F011F5CA46D6C485AA46D6C48
+5AA4010391C7FC6E5AA30101137EA2ECFCFEA201005BA5EC7FF8A46E5AA26E5A6E5A2E3E
+7EBC33>I<D83FFCEC3FFC486CEC7FFEB591B5FCA26C48EC7FFE6C48EC3FFCD80FC0EC03
+F0A76D1407000716E0A86C6CEC0FC0A2EC07E0EC0FF0EC1FF8A3000116809039F83FFC1F
+EC3E7CA4EC7E7EA200001600A2EC7C3E01FC5CECFC3FA3ECF81F017C143EA590397DF00F
+BEA3013D14BC90393FE007FCA5ECC003011F5C6D486C5A303E7FBC33>I<007FB512C0B6
+12E0A415C048C8FCB3B3B3ABB612C015E0A46C14C01B4D6CC433>91
+D<1238127C12FEA27E7E7F123FA27F121F7F120F7F12077F1203A27F12017F12007F7F80
+133FA280131F80130F801307801303A28013018013008080A281143F81141F81140F8114
+07A28114038114018114008181A21680153F16C0151F16E0150F16F01507A216F8150316
+FC1501A2ED00F81670264D7AC433>I<007FB512C0B612E0A47EC7120FB3B3B3AB007FB5
+FCB6FCA46C14C01B4D7DC433>I<EB7FFE0003B512C04814F048804880819038E007FF02
+007F6C486D7E6C48133FC8121F82150FA4EC0FFF0103B5FC131F90B6FC120348140F4813
+80381FFC00EA3FE0485A5B48C7FC5AA47E151F6C6C133F6D13FF263FF8077F6CB712F06C
+16F86C14F76C14E3C61401903A3FF8003FF02D2B7BAA33>97 D<EA3FFC487E12FFA2127F
+123F1200AC4AB4FC020F13C0023F13F04A13FC91B57E90B7FCDAFE071380DAF80013C002
+E0137F4AEB3FE04A131F91C7EA0FF016074915F81603A217FC1601A81603A217F87F1607
+17F06E130F6EEB1FE0163F6EEB7FC09139F801FF80DAFE07130091B55A495C6E5B6E13E0
+D97E0F138090263C03FEC7FC2E3D7FBC33>I<ECFFFC0107EBFF80011F14C0017F14E090
+B612F05A48EB800F3807FE00D80FF8EB07E049EB03C0484890C7FC485AA2485A90C9FCA3
+5A5AA77E7EA27FA26C6CEB01F06DEB03F8121FD80FF813076D14F06CB4131F6C9038E07F
+E06C90B5FC6C15C06D1400011F5B010713F8010013C0252B79AA33>I<ED7FF84B7E5CA2
+80157F1501ACEB01FF010F13C1013F13F14913FD90B6FC5A4813803907FE003FD80FF813
+1F4848130F491307484813035B007F140190C7FCA25AA25AA87E7E15037F003F14077F6C
+6C130F6D131F6C6C133F6D137F3907FF81FF6C90B612F06C02FD13F86C02F913FC013F13
+E1010F018113F8902601FE0013F02E3D7DBC33>I<ECFF80010713F0011F13FC017F13FF
+90B612804815C048018013E03907FE001FD80FF8EB0FF049EB07F848481303485A49EB01
+FC127F90C7FC16FE150012FEB7FCA516FC48C9FC7E7EA27F123F6D147C001F15FE7F6C6C
+1301EA07FC6DEB07FC3A03FFC03FF86C90B5FC6C6C14F06D14C0010F14800103EBFE0090
+38007FF0272B7BAA33>I<ED3FF0913801FFFC020713FE141F4A13FF5CECFFC04913004A
+137E494813184A1300A8003FB612F84815FCB7FCA36C15F8260003F8C7FCB3AD003FB612
+804815C0A46C1580283D7DBC33>I<EE1FC0D901FEEBFFF090260FFFC313F8013F13F749
+90B512FC90B7FC4815F148010313812607FC00EB80F849017F1360484890383FC0004913
+1FA2001F8149130FA66D131F000F5DA26D133F6C6C495A6D13FF2603FF0390C7FCECFFFE
+485C5D5DD80FCF13C0D9C1FEC8FC01C0C9FCA36C7E7F6CB512FEEDFFC06C15F800078148
+15FF4816809026E0000713C0D83F80EB007F48C8EA1FE0160F007E150700FE16F0481503
+A56C1507007FED0FE06D141FD83FE0EC7FC0D81FF8903801FF80270FFF801F13006C90B5
+5A6C5DC615F0013F14C0010F91C7FC010013F02E437DAB33>I<EA3FFC487E12FFA2127F
+123F1200AC4AB4FC020713C0021F13F0027F7F91B57E90B6FC9138FE03FEECF801ECF000
+02C07F825C91C7FCA35BB3A43B3FFFF80FFFFC486D4813FEB56C4813FFA26C496C13FE6C
+496C13FC303D7FBC33>I<14E0EB03F8A2497EA36D5AA2EB00E091C8FCAA383FFFF8487F
+A47EEA0001B3AD007FB612C0B712E016F0A216E06C15C0243E78BD33>I<EA7FF8487EA4
+127F1200AC4AB512C04A14E04A14F0A26E14E06E14C09139000FF0004B5A4B5A4B5A4BC7
+FC4A5A4A5A4A5A4A5A4A5A4A5A4A5A4A7E01FD7F90B5FC81ECF3F8ECE3FC14C1EC80FEEC
+007F5B496D7E6F7E82150F6F7E6F7E8215016F7E3B7FFFF80FFFF0B56C4813F817FCA217
+F86C496C13F02E3D7EBC33>107 D<383FFFFC487FB5FCA27E7EC7FCB3B3AD003FB612F8
+4815FCB712FEA26C15FC6C15F8273D7ABC33>I<267FC0FC137E3BFFE3FF01FF8001EF01
+877F90B500CF7F15DF6C91B57E0007010F1387496CEB03F801FC13FE9039F803FC01A201
+F013F8A301E013F0B3A53C7FFE0FFF07FF80B548018F13C0A46C486C01071380322B80AA
+33>I<393FFC01FF267FFE0713C000FF011F13F0027F7F007F90B57E6CB6FCC69038FE03
+FEECF801ECF00002C07F825C91C7FCA35BB3A43B3FFFF80FFFFC486D4813FEB56C4813FF
+A26C496C13FE6C496C13FC302B7FAA33>I<EB01FE90380FFFC0013F13F0497F48B512FE
+48804801031380EBFC00D80FF0EB3FC04848EB1FE049130F003F15F0491307007F15F890
+C71203A2007E140100FE15FCA86C14036C15F8A36D1307003F15F06D130F6C6CEB1FE06D
+133F6C6CEB7FC06C6CEBFF80EBFF036C90B512006C5C6C6C13F86D5B010F13C0D901FEC7
+FC262B7AAA33>I<393FFC01FF267FFE0F13C000FF013F13F04A13FC007F90B57E6CB7FC
+C6D9FE071380DAF80013C002E0137F4AEB3FE04A131F91C7EA0FF016074915F81603A217
+FC1601A81603A217F87F160717F06E130F6EEB1FE0163F6EEB7FC09139F801FF80DAFE07
+130091B55A495C6E5B6E13E0020F1380DA03FEC7FC91C9FCB0383FFFF8487FB57EA26C5B
+6C5B2E417FAA33>I<02FF137C0107EBE0FE011F13F0017F13FC90B512FE4814FF4813C0
+3907FE003FD80FF8131F4848130F49130748481303A24848130190C7FCA2481400A25AA8
+7E7E15017F003F14037F6C6C13076D130F6C6C131F6C6C137F9038FF81FF6CEBFFFE6C14
+FC6C6C13F86D13F0010F13C0903801FE0090C8FCB092387FFFFC92B512FEA46F13FC2F41
+7CAA33>I<3A7FFF8003FEB539C01FFF80037F13E002C1B5FC02C314F06C13C73A001FCF
+FE0FECDFF09139FFC007E092388003C04AC8FCA25C5C5CA25CA45CB1007FB512FEB7FCA4
+6C5C2C2B7DAA33>I<90381FFE0F90B5EACF80000314FF120F5A5A387FF003EB800000FE
+C7127F153F5AA36CEC1F006C91C7FCEA7FC0EA3FFEEBFFF06CEBFF80000714F06C14FCC6
+6C7F010F7FD9003F1380020113C09138003FE0007C140F00FEEC07F01503A27EA27F6D13
+076DEB0FE06D131F9039FC01FFC090B61280A200FDECFE0000FC5CD8F83F13F0D8780790
+C7FC242B79AA33>I<EB03C0497E130FAA003FB612FC4881B7FCA36C5D26000FE0C8FCB3
+A3161FEE3F80A5167F6E14006D6C485A9138FE07FE6DB5FC5E6D5C6D14E0023F1380DA07
+FCC7FC29377EB633>I<D83FFCEB1FFE486C497E00FF5CA2007F80003F800000EC007FB3
+A75EA25D6D5B5D90387FC03F91B612FC6D15FE6DEC7FFF6D13FE6D01F813FE01009038C0
+3FFC302B7FAA33>I<3B3FFFC00FFFF0486D4813F8B56C4813FCA26C496C13F86C496C13
+F0D801F8C7EA7E006D14FE00005DA26D1301017E5CA2017F13036D5CA2EC8007011F5CA2
+ECC00F010F5CA36D6C485AA3ECF03F010391C7FCA26E5A0101137EA2ECFCFE01005BA214
+FF6E5AA36E5AA26E5A6E5A2E2B7EAA33>I<3B7FFF8007FFF8B56C4813FC6E5AA24A7E6C
+496C13F8D80FC0C7EA0FC06D141F00071680A56D143F00031600A3EC0FC0EC1FE0A23A01
+F83FF07EA3EC7FF8147CA20000157C9039FCFCFCFCA3ECF87CA2017C5C017D137EECF03E
+A2017F133FA26D486C5AA3ECC00F90390F8007C02E2B7EAA33>I<3B3FFFC07FFF80486D
+B512C0B500F114E0A26C01E014C06C496C13803B00FE000FE000017F495AEB3F804B5A6D
+6C48C7FC90380FE07E903807F0FEECF1FC903803FBF8EB01FF6D5B5D6E5A143F6E5A143F
+814A7E14FF903801FBF0ECF9F8903803F1FCEB07E0157E90380FC07F011F6D7E90383F80
+1F02007F496D7E01FE6D7E484813033B7FFFC03FFFE0B56C4813F0A46C496C13E02C2B7D
+AA33>I<3B7FFF801FFFE0B56C4813F06E4813F8A24A6C13F06C496C13E0D803F8C7EAFC
+00000114015E7F000014036D5C137EA2017F495A7FA26E485A131FA26D6C485AA214E001
+0749C7FCA214F01303157EEB01F8A2157C010013FC14FC5D147C147DEC3FF0A36E5AA36E
+5AA2141F5DA2143F92C8FCA3147EA214FE003F5B1301387F83F81387EB1FF0EBFFE06C5B
+5C6C90C9FC6C5AEA03F02D417DAA33>I<000FB712804816C05AA317800180C713004B5A
+4B5A4B5A4B5A6CC7485AC8485A4B5A4BC7FC4A5A4A5A4A5A4A5A4A5A4A5A4A5A4AC8FC49
+5A495A495A495A495A495A495A49C7EA0F804848EC1FC0485A485A485A485A485A48B7FC
+B8FCA46C16802A2B7DAA33>I<1238127C12FEB3B3B3B3127C1238074D6AC433>124
+D<013E13079039FF800F8000039038C01FC048EBE03F48EBF07F489038F9FF803A7FE7FF
+FE00D8FF835B01015B486C5B007CEB7FC00038011FC7FC220C78BC33>126
+D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fs cmti12 12 62
+/Fs 62 125 df<4CB414FC040F9039C003FF80933B3F81F00783C0933B7C00781F01E04C
+9038F83F03923C01F001FC3E07F003030103EB7E0F922607E007EB7C1F19FCDB0FC001F8
+14E0943A03F0F80FC0DD01E1EB0780031FD9000190C7FC5E180361153F93C7FCA2180761
+5D157EA2180F6115FE91B912F0A3DA00FCC7D81F80C7FC1401A25D183F96C8FCA214035D
+A260187E14075DA218FE60140F5DA2170160141F5DA2170360143F92C7FCA21707605C14
+7EA2170F6014FE5CA24D5AA2495A95C9FC5F5C0103153E177E001CEBE038007F02FE137C
+26FF07E114FC02C15C4C5AEB0F8100FE903901FC03E0D8F81F9038F007C03B701E00E00F
+80D8783CD9F83ECAFCD81FF0EB3FF8D807C0EB0FE04C5A83C53C>11
+D<EF7FF80407B5FC93391FC00FC093393E0001E004FCEB00F04B4813014B4813075E0307
+140FA24B5A19E0031FEC03804C90C7FCA3153F93C9FCA45D157EA415FE91B8FCA260DA00
+FCC7127E020115FE4B5CA317016014035D170360A214074B130760A3020F140F4B5CA317
+1F021F5D5DA2053F13E01801023F16C092C7FCA2EF7F03057E13805C027E15071900173E
+180E02FEEC1E1E4AEC1F1CEF07F8EF01E094C8FC495AA35C1303A2001C5B127FEAFF075C
+A2495A00FE90CBFCEAF81FEA701EEA783CEA1FF0EA07C03C5A83C537>I<EFFFC00407EB
+F83F93381F807E93397E000F7F04F8EB1F7E4B48EB3FFE0303147F4B4813FF19FC4B5A18
+7E183D4B48EB01F8A31803033F15F093C7FCA218074B15E0A2157E180F19C0A215FE91B8
+FC1980A2DA00FCC7121F0201153F4B1500A3600203157E5DA218FE6014075D170160A214
+0F4B130360A3021F14074B5CA3050F1338023FEDC07892C71470A3051F13F04AED80E014
+7E188119C0170F02FEED83804AEC0787F0C700EF01FEEF0078494892C7FCA4495AA3001C
+5BEA7F0700FF5BA25C130F00FE90CBFCEAF81E12F0EA783CEA1FF0EA07C0405A83C539>
+I<141EEC3F80ECFFC0A35B1580A315005BA25CA35C1307A25CA35C130FA25CA35C131FA2
+5CA349C7FCA3133EA35BA31378A35BA35BA35B90C8FCA9120FEA3FC0127FA212FFA35B6C
+C8FC123C1A4776C61E>33 D<13F0EA03F8EA07FC120FA6EA03CCEA001C1318A213381330
+A2137013E013C0120113801203EA0700120E5A5A5A5A5A0E1D6BC41E>39
+D<13F0EA03FC1207A2EA0FFEA4EA07FCEA03CCEA000C131C1318A2133813301370136013
+E0EA01C013801203EA0700120E5A5A5A5A5A0F1D7A891E>44 D<007FB5FCB6FCA214FEA2
+1805789723>I<16C01501A215031507ED0F80151F153F157F913801FF005C140F147F90
+3807FCFEEB0FF0EB0700EB00015DA314035DA314075DA3140F5DA3141F5DA3143F5DA314
+7F92C7FCA35C5CA313015CA313035CA313075CA2130FA2131F133FB612FCA25D224276C1
+32>49 D<ED03FCED1FFF037F13C0913801FE07913903F001E091380FE00091381F800391
+383F000F027E131F5C495A495A010715C04948EB07004A90C7FC131F495AA249C9FCA213
+FE1201A2485AEC07F09038F83FFC0007EBF81F9039F9C00F803A0FFB8007C0EBF70001FE
+80491303001F815B5B82485AA3491307127F5BA2150F5E90C7FCA2151F485DA25A4B5AA2
+007E5D157F93C7FC5D5D4A5A003E495A003F5C4A5A6C6C485A000FEB3F80D9C0FEC8FC38
+03FFFC6C13F038007F802B4475C132>54 D<ED1FE0EDFFFC020313FF913907E03F809139
+1F800FC091393E0007E04A13034A14F049481301495AA2495AA2495AA21603011F15E0A2
+16076E14C0EE0F806E131F6EEB3F006E133E6D6C5B02FF13F0ED83E06DEBC7C06D01FFC7
+FC6D13FC6D5B6E7E6E7E91B57ED901EF7FD907837FEB1F01D93E007F496D7E49133F4848
+131F4848130F48486D7E48481303001F140190C7FC5A003E1400007E5D127CA2150100FC
+5D5A4B5AA24B5A127C4B5A4BC7FC6C143E003F5C6C495A390FC003F03907F01FC06CB5C8
+FCC613FCEB1FE02C4477C132>56 D<ED3FC0EDFFF0020313FC91380FE07E91383F803F4A
+487E02FC14800101140F494814C0495A495AA2495A133F4A14E0137FA249C7FC161FA248
+16C05BA2163F12035BA2167F17804914FFA34B130012015D5D00005D6D130F017C131D15
+3B6DEB73FC90381F03E3903907FF83F8903801FC0790C7FC5E150F5E151F5E4B5AA24BC7
+FCA2001C14FE007F5C48495A4A5A14074A5A485C00F8013FC8FC48137E5C387C07F0383F
+FFE06C1380D803FCC9FC2B4476C132>I<130FEB1FC0133FEB7FE013FFA214C0EB7F8014
+00131E90C7FCB3A5120FEA3FC0127FA212FFA35B6CC7FC123C132B76AA1E>I<EF038017
+07A24D7EA2171FA2173F177FA217FFA25EA2EE03BF1607173F160F160E161C841638171F
+167016F016E0ED01C0A2ED0380A2ED0700A2150E151E151C5D845D170F5D14015D14035D
+4AC7FC92B6FC5CA2021CC7120F143C14385CA24A81A249481407A2495A130791C8FC130E
+131EA25B137C13FC00014C7ED807FE151FB500E00107B512F8A219F03D477BC648>65
+D<DC0FF8130393B513070307ECC00F923A1FF803E01F923A7FC000F81E4BC7EA7C3EDA03
+FCEC3C7EDA0FF0EC1EFE4A48EC0FFC4A4814074AC8FC02FE1503494816F8130349481501
+495A494816F0495A137F5C01FF17E04890C9FCA2485A19C0485AA2485A95C7FC121F5BA2
+123F5BA3127F5BA4485AA41838A218781870A218F0007F5F1701601703003F5F17076D4B
+C7FC001F160E171E6C6C5D6D5D00075E6C6C4A5A6DEC07C06C6C4A5AD8007F023EC8FCD9
+3FC013FC90391FF807F00107B512C0010191C9FC9038001FF0404872C546>67
+D<91B712F818FF19C00201903980003FF06E90C7EA0FF84AED03FCF000FE4B157FA2F13F
+800203EE1FC05DF10FE0A214074B16F01907A2140F5D1AF8A2141F5DA2190F143F5D1AF0
+A2147F4B151FA302FF17E092C9123FA34918C04A167F1A80A2010317FF4A1700A24E5A13
+074A4B5A611807010F5F4A4B5A181F61011F4C5A4A4BC7FC18FE4D5A013F4B5A4A4A5A4D
+5A017FED3FC005FFC8FC4AEB03FE01FFEC1FF8B812E094C9FC16F845447AC34A>I<91B9
+12C0A30201902680000313806E90C8127F4A163F191F4B150FA30203EE07005DA314074B
+5D190EA2140F4B1307A25F021F020E90C7FC5DA2171E023F141C4B133C177C17FC027FEB
+03F892B5FCA39139FF8003F0ED00011600A2495D5CA2160101034B13705C19F061010791
+C8FC4A1501611803010F5F4A150796C7FC60131F4A151E183E183C013F167C4A15FC4D5A
+017F1503EF0FF04A143F01FF913803FFE0B9FCA26042447AC342>I<91B91280A3020190
+2680000713006E90C8FC4A163FA24B81A30203160E5DA314074B151E191CA2140F5D1707
+5F021F020E90C7FC5DA2171E023F141C4B133CA2177C027F5CED800392B5FCA291B65AED
+00071601A2496E5A5CA2160101035D5CA2160301075D4A90CAFCA3130F5CA3131F5CA313
+3F5CA2137FA313FFB612E0A341447AC340>I<DC0FF81306DCFFFE130E03079038FF801E
+923A1FF807E03E923A7F8001F03CDA01FEC7EA787CDA03F8EC3CFCDA0FF0141D4A48EC1F
+F8DA3F80140F4AC8FCD901FE1507494816F05C01071603495A494816E0495A137F5C01FF
+17C04890C9FC5B12031980485AA2485A95C7FC121F5BA2123F5BA3127F5BA4485A043FB5
+12E0A39339001FF80060A360A2007F163F60A3177F003F5F7F121F17FF6D93C7FC000F5D
+6C6C5C7F6C6C4A5A6C6CEC1F3E6C6C143ED93FC0EBF81E903A1FF007F01C0107B5EAC00C
+010149C9FC9038003FF03F4872C54B>I<91B6D8803FB512E0A302010180C7387FE0006E
+90C86C5A4A167FA24B5EA219FF14034B93C7FCA26014074B5DA21803140F4B5DA2180714
+1F4B5DA2180F143F4B5DA2181F147F92B75AA3DAFF80C7123F92C85BA2187F5B4A5EA218
+FF13034A93C8FCA25F13074A5DA21703130F4A5DA21707131F4A5DA2170F133F4A5DA201
+7F151FA24A5D496C4A7EB6D8803FB512E0A34B447AC348>I<027FB512E091B6FCA20200
+EBE000ED7F8015FFA293C7FCA35C5DA314035DA314075DA3140F5DA3141F5DA3143F5DA3
+147F5DA314FF92C8FCA35B5CA313035CA313075CA3130F5CA3131F5CA2133FA25CEBFFE0
+B612E0A25D2B447BC326>I<91B66C90383FFFF8A302010180C7000F13006E90C8EA07FC
+4A17F01AC04B4B5A4FC7FC193C02035E4B5DF003E0F0078002074BC8FC4B141E6018F802
+0F4A5A4BEB03C04D5A4DC9FC021F141E4B137C17F04C5A023F495A4B487E161F163F027F
+497EED80FFED81EF923883CFF89138FF8F8FED1E07033C7F157849EBF00303E07F15C092
+380001FF495A5C707FA213074A6E7EA2173F010F825C171F84131F4A140F84A2013F6F7E
+5CA2017F6F7EA24A4A7E496C4A7FB66C90B512FC5E614D447AC34B>75
+D<91B612F0A25F020101C0C7FC6E5B4A90C8FCA25DA314035DA314075DA3140F5DA3141F
+5DA3143F5DA3147F5DA314FF92C9FCA35B5CA3010316104A1538A21878010716705C18F0
+18E0010F15015C18C01703011F15074A1580170FA2013FED1F004A5C5F017F15FE16034A
+130F01FFEC7FFCB8FCA25F35447AC33D>I<91B56C93387FFFC08298B5FC02014DEBC000
+6E614A5FA203DF4C6CC7FC1A0E63912603CFE05D038F5F1A381A711407030FEEE1FCA2F1
+01C3020FEE0383020E60F107036F6C1507021E160E021C60191CF1380F143C023804705B
+A2F1E01F0278ED01C091267003F85EF003801A3F02F0ED070002E0030E5CA24E137F1301
+02C04B91C8FC606201036D6C5B02805F4D5A943803800113070200DA07005BA2050E1303
+495D010E606F6C5A1907011E5D011C4B5CA27048130F133C01384B5C017892C7FC191F01
+F85C486C027E5DD807FE027C4A7EB500F00178013FB512C0A216705A447AC357>I<91B5
+6C49B512E0A28202009239000FFC00F107F0706E5A4A5F15DF705D1907EC03CFDB8FF892
+C7FCA203875D02077F0303150EA270141EEC0F01020E161C826F153C141E021C6E133816
+7F1978023C800238013F1470A27113F00278131F02705E83040F130102F014F84A5E1607
+EFFC0313014A01035C17FE1807010314014A02FF90C8FCA2705B0107168F91C8138E177F
+18DE5B010EED3FDC18FCA2011E151F011C5EA2170F133C01386F5A1378A201F81503486C
+5EEA07FEB500F01401A2604B447AC348>I<EE1FF84BB5FC923907F01FC092391F8003F0
+92397E0001F8DA01F86D7EDA03E0147EDA0FC0804A48EC1F804AC813C0027E150F4A16E0
+49481507494816F01307495A494816F8013F16035C137F49C9FC4917FC120112035B1207
+491607120FA25B121F19F849160F123FA34848EE1FF0A3183F19E0485A19C0187FA2F0FF
+80A219005F604D5AA2007F4C5A4D5AA24D5A003F5F4D5A6D4BC7FC001F5E4C5A6C6C5DEE
+03F06C6C4A5A0003ED1FC06C6C4A5A6C6C027EC8FC017EEB01F890393F8007F090390FE0
+3F80902603FFFEC9FC9038007FE03E4872C54B>I<91B712F018FEF0FF80020190398000
+7FE06E90C7EA1FF04AED07F818034B15FCF001FE1403A24B15FFA21407A25DA2140FF003
+FE5DA2021F16FC18074B15F8180F023F16F0F01FE04B15C0F03F80027FED7F0018FE4BEB
+03FCEF0FF002FFEC7FC092B6C7FC17F892CAFC5BA25CA21303A25CA21307A25CA2130FA2
+5CA2131FA25CA2133FA25CA2137FA25C497EB67EA340447AC342>I<EE1FF84BB5FC9239
+07F01FC092391F8007F092397E0001F8DA01F86D7E4A48147EDA0FC0804A4815804AC8EA
+1FC0147E4AED0FE013014948ED07F0495A495A011F17F8495A5C137F49C9120319FC485A
+000317075B12075B120FA25B121FF00FF85B123FA34848EE1FF0A449EE3FE012FF19C018
+7FA2198018FF190090C95A604D5AA26C4C5A6D5E170F03F85C003FD907FE495ADA0F0749
+5ADA1C0349C7FC3A1FC0380180023014FE000F0170EB81FCD9E060EB83F00007913800C7
+E03B03F0E001CFC02601F8C0EBFF80D800FC4AC8FCD97EE013F890393F6007F090270FF0
+3FC013300103B5FC9026007FE11470DA0003146018E0A2170170485A170770485A923807
+F83F93B5C7FCA26F5B5FA25F6F5B6F13C0043FC8FC3E5972C54B>I<91B77E18F818FE02
+0190398001FF806E90C7EA3FC04AED1FE0F00FF04BEC07F8180319FC14034B15FEA31407
+5DA3020FED07FC5DA2F00FF8141F4B15F0F01FE0F03FC0023F16804BEC7F0018FEEF03F8
+027F4A5A4BEB1FC04CB4C7FC92B512F891B612E092380003F8EE00FE177F496F7E4A6E7E
+A28413034A140FA2171F13075CA2173F130F5CA24D5A131F5CA3013F170E5CA2017FEE80
+1E191C4A163C496C1638B66C90383FC070051F13F094380FE1E0CA3803FF80943800FE00
+3F467AC347>I<DB03FE130C92390FFF801C037FEBE03C9238FE03F8913A03F0007C7C4A
+48EB3EF84A48131F4A48130F4AC7FC027EEC07F05C1703495A18E0495AA213074A15C0A3
+130F1880A28094C7FCA280806D7EECFFE015FC6DEBFF806D14F016FC6D14FF023F80020F
+801403DA003F7F150703007F163F161F160FA21607A3120716031607A2485EA2120E160F
+001E5EA2001F4B5AA2484BC7FC6D143E167E6D5C007F4A5A6D495AD87CF0495AD8787CEB
+1F8027F03F807FC8FC90381FFFFCD8E00713F039C0007F80364879C537>I<48B912F85A
+A2913B0007FC001FF0D807F84A130701E0010F140349160148485C90C71500A2001E021F
+15E05E121C123C0038143F4C1301007818C0127000F0147F485DA3C800FF91C7FC93C9FC
+A35C5DA314035DA314075DA3140F5DA3141F5DA3143F5DA3147F5DA314FF92CAFCA35B5C
+A21303A21307497E007FB612C0A25E3D446FC346>I<B6913807FFFEA25C000301C00200
+13E06C90C9EA7F00183E183C60A26C1770601701604D5AA24DC7FC5F170E6E5CA2017F5D
+177817705FA24C5AA24C5A16076E91C8FC160E133F5E163C16385EA25E15015E6E485AA2
+4BC9FC131F150E151E151C5DA25D15F05DECF1C0A290380FF38014F792CAFC14FEA25CA2
+5C5CA25C13075CA25C91CBFC3F466CC348>86 D<023FB5D8C003B512E0A21780020001F8
+C7387FFC006F48EC3FE06F48158097C7FC031F153E705C1978030F15E07013014E5A0307
+4A5A7091C8FC180E03035C705B187803015C70485A606FEB83800587C9FC178FEE7FDE17
+FC5F705A5F161F83A2160F4C7EA2163FEE77FC16F7ED01E3923803C3FEED07831601030E
+7F151CED3C004B805D4B6D7E4A5A4A5A4AC76C7E5C141E4A6E7E14384A140F4A81495A01
+031507494881130F133F017F4B7E2603FFC04A7E007F01F849B512FEB5FC614B447CC348
+>88 D<007FB54AB51280B65CA2000101E09139007FF0006C49ED3FC04A93C7FC6D6C153E
+601878013F5E6E4A5A604D5A6D6C4AC8FC5F171E010F151C6E5C5F010715F06E495A5F4C
+5A6D6C49C9FC5E161E0101141C6E5B5E16F06DEB81E05EED8380DA7F87CAFC15CF15DEEC
+3FDC15F85DA26E5A5D143FA35D147FA392CBFC5CA35C1301A35C1303A3495AA3497E000F
+B512F8A341446DC348>I<021FB712F85C19F093C7121F03F0EC3FE0DA7FC0EC7FC04BEC
+FF80027EC813004A5C4A4A5A4D5A49484A5A4A5D4D5A4A143F01034B5A4A4A5A4C90C7FC
+01075D91C712034C5A4C5A90C8485A5F163F4C5A4C5A4B90C8FC5E15034B5A4B5A4B5A5E
+4B5A157F4B5A4A90C9FC4A5A5D14074A5A4A4814E04A5A5D027F14014A485C4990C7FC49
+4814034A5D130749481407495A49484AC7FC5C49485C01FF151E4890C8123E4848157E48
+4815FE494A5A000F1503484814074848EC3FF84848EB03FF90B7FCB8FC5F3D4479C33C>
+I<EC1F80EC7FE0903901F07070903907C039F890380F801D90381F001F013E6D5A137E5B
+484813075E485A120749130F000F5DA2485A151F003F5D5BA2153F007F92C7FC90C7FCA2
+5D157E12FEA29238FE0380EDFC071700A2007E13015E913803F80E1407003E010F131E16
+1C6C131C02385B3A0F80F078783A07C3E07C703A01FF801FE03A007E000780292D76AB32
+>97 D<EB0FE0EA07FFA338001FC0130F131FA25CA3133F91C8FCA35B137EA313FE5BA312
+015BEC1F80EC7FE03903F9E0F89038F3C07C9038F7003E13FE48487F5BA2491480485AA2
+5BA2121F5BA2153F123F90C7FCA2157F481500127EA25D5D5AA24A5AA24A5AA2007C5C4A
+5A140F5D4A5A003C49C7FC003E137E001E5B6C485A380783E03803FF80C648C8FC214676
+C42D>I<EC0FE0EC7FF8903801F81E903807E00F90390F80078090381F0003017E14C049
+131F0001143F5B4848EB7F801207485AED3E00484890C7FCA2485AA2127F90C9FCA35A5A
+A45AA5ED0180ED03C0ED0780A2007CEC0F00007E141E003E147C15F06CEB03E0390F800F
+802607C07EC7FC3801FFF838007FC0222D75AB2D>I<EE07F0ED03FFA39238000FE01607
+160FA217C0A2161FA21780A2163FA21700A25EA2167EA216FEA25EEC1F80EC7FE1903801
+F071903907C039F890380F801D90381F001F013E130F017E5C5B48481307A248485C1207
+49130F120F5E485A151F123F495CA2153F127F90C790C7FCA25DA200FE147EA29238FE03
+80160703FC1300A2007E13015E913803F80E1407003E010F131E161C6C131C02385B3A0F
+80F078783A07C3E07C703A01FF801FE03A007E0007802C4676C432>I<EC0FE0EC7FF890
+3801F83E903807C00F90391F800780EB3F00017E14C0491303485A48481307000715805B
+000F140F484814005D4848133E15FCEC07F0007FEBFFC0D9FFFEC7FC14C090C9FC5A5AA5
+5AA4ED0180ED03C0007CEC0780A2007EEC0F00003E141E157C6C14F06CEB03E03907800F
+802603C07EC7FC3801FFF838003FC0222D75AB2D>I<EE0F80EE3FE0EEF870923801F038
+923803E0F8923807E1FC16C3ED0FC7A2EE87F892381F83F0EE81E0EE8000153F93C7FCA4
+5D157EA415FE5DA349B512FEA390260001F8C7FCA314035DA414075DA4140F5DA4141F5D
+A4143F92C8FCA55C147EA314FE5CA413015CA4495AA35C1307121C007F5B12FF495AA291
+C9FC485AEAF81E485AEA7878EA1FF0EA07C02E5A83C51E>I<15FCEC03FF91390F838380
+91393E01CFC091387C00EF4A13FF4948137F010315804948133F495A131F4A1400133F91
+C75A5B167E13FE16FE1201495CA215011203495CA21503A2495CA21507A25EA2150F151F
+5E0001143F157F6C6C13FF913801DF8090387C039F90383E0F3FEB0FFCD903F090C7FC90
+C7FC5DA2157EA215FEA25DA2001C495A127F48495A14074A5A485C023FC8FC00F8137E38
+7C01F8381FFFE0000390C9FC2A407BAB2D>I<14FE137FA3EB01FC13001301A25CA21303
+A25CA21307A25CA2130FA25CA2131FA25C157F90393F83FFC091388F81F091381E00F802
+387F4948137C5C4A137EA2495A91C7FCA25B484814FE5E5BA2000314015E5BA200071403
+5E5B1507000F5DA249130F5E001F1678031F1370491480A2003F023F13F0EE00E090C7FC
+160148023E13C01603007E1680EE070000FEEC1E0FED1F1E48EC0FF80038EC03E02D467A
+C432>I<143C147E14FE1301A3EB00FC14701400AE137C48B4FC3803C780380703C0000F
+13E0120E121C13071238A21278EA700F14C0131F00F0138012E0EA003F1400A25B137EA2
+13FE5B12015BA212035B141E0007131C13E0A2000F133CEBC038A21478EB807014F014E0
+EB81C0EA0783EBC7803803FE00EA00F8174378C11E>I<16F0ED03F8A21507A316F0ED01
+C092C7FCAEEC01F0EC07FCEC1E1EEC380F0270138014E0130114C0EB03800107131F1400
+A2130E153F131E011C140090C7FC5DA2157EA215FEA25DA21401A25DA21403A25DA21407
+A25DA2140FA25DA2141FA25DA2143FA292C7FCA25C147EA214FE001C5B127F48485A495A
+A248485A495AD8F81FC8FCEA707EEA3FF8EA0FC0255683C11E>I<14FE137FA3EB01FC13
+001301A25CA21303A25CA21307A25CA2130FA25CA2131FA25C167E013F49B4FC92380783
+C09138000E07ED3C1F491370ED603F017E13E0EC01C09026FE03801380913907000E00D9
+FC0E90C7FC5C00015B5C495AEBF9C03803FB8001FFC9FCA214F03807F3FCEBF07F9038E0
+1FC06E7E000F130781EBC003A2001F150FA20180140EA2003F151E161C010013E0A2485D
+A2007E1578167000FE01015B15F1489038007F800038021FC7FC2A467AC42D>I<EB03F8
+EA01FFA3380007F013031307A214E0A2130FA214C0A2131FA21480A2133FA21400A25BA2
+137EA213FEA25BA21201A25BA21203A25BA21207A25BA2120FA25BA2121FA25BA2123FA2
+90C7FCA2387F01C01303007E1380A2130700FE130012FCA25B130EEA7C1E131CEA3C3CEA
+3E786C5AEA07C0154678C419>I<D801F0D90FE0EB07F0D803FCD97FF8EB3FFC28071E01
+F03EEBF81F3E0E1F03C01F01E00F80271E0F8700D983807F001C018E90390F870007003C
+019C148E003801B802DC8002F814FC26781FF05C0070495CA24A5C00F0494948130FD8E0
+3F6091C75B1200043F141F4960017E92C7FCA24C143F01FE95C7FC49147E6104FE147E12
+01494A14FE610301EE0780000305011400494A14F8A2030302035B0007F0F00E495C1A1E
+0307EDE01C000F193C494A153862030F020113F0001FF0F1E0494A903800FF800007C7D8
+0380023EC7FC492D78AB50>I<D801F0EB0FE0D803FCEB7FF83A071E01F03E3A0E0F03C0
+1F001ED987001380001C018E130F003C139C003801B814C014F838781FF000705BA25C00
+F049131FD8E03F158091C7FC1200163F491500137EA25E01FE147E5B16FE5E1201491301
+5E170F00030203130E4914F0A20307131E0007EDE01C5B173CEEC038000F167849157017
+E0ED03C1001FEDE3C049903801FF000007C8127C302D78AB37>I<EC0FE0EC7FFC903801
+F83E903907E00F8090390F8007C0EB1F00017EEB03E04914F0A248481301484814F81207
+485AA2485AA2485A1503127F90C7FCA215074815F05AA2150F16E05AED1FC0A21680153F
+16005D157E5D007C495A007E495A003E5C4A5A6CEB1F80260F803EC7FC3807C0FC3801FF
+F038003F80252D75AB32>I<D903E0137E903A07F801FF80903A0E3C0783E0903A1C1E0F
+01F0903A3C1F1C00F801385B017849137C01705BA24A48137E01E05BA292C7FC00015B13
+C0147EC7FC02FE14FEA25CA20101140117FC5CA20103140317F85CA20107EC07F0A24AEB
+0FE0A2010F15C0EE1F80163F1700496C137E5E4B5A9138B803F090393F9C07E091389E0F
+80DA07FEC7FCEC01F849C9FCA2137EA213FEA25BA21201A25BA21203A21207B512F0A25C
+2F3F7FAB32>I<91381F800C91387FE01C903901F0703C903907C0387890390F801CF890
+381F001D013E130F017E14F05B48481307A2484814E012075B000F140F16C0485AA2003F
+141F491480A3007F143F90C71300A35D00FE147EA315FE5DA2007E1301A24A5A1407003E
+130FA26C495A143B380F80F33807C3E73901FF87E038007E071300140F5DA3141F5DA314
+3F92C7FCA25CA25C017F13FEA25D263F76AB2D>I<D801F0EB3F803A03FC01FFF03A071E
+03C0F83A0E0F0F007C001E90389E01FC001C139CECB803003813F0A2D91FE013F80078EC
+00E00070491300A200F05BEAE03F91C8FC1200A25B137EA313FE5BA312015BA312035BA3
+12075BA3120F5BA3121F5B0007C9FC262D78AB29>I<EC0FE0EC7FF8903801F01E903803
+C00F90390780078090380F0003011E14C0150749131FA2017CEB3F801378137CED0E0092
+C7FC137E137F14F014FF6D13C06D13F06D7F6D7F1300EC0FFE14011400157F81120E003F
+141E487EA2153E48C7123CA200FC5C12705D0078495A6C495A6CEB0F80260F803EC7FC38
+03FFF838007FC0222D7AAB28>I<1470EB01F8A313035CA313075CA3130F5CA3131F5CA2
+007FB512E0B6FC15C0D8003FC7FCA25B137EA313FE5BA312015BA312035BA312075BA312
+0F5BA2EC0780001F140013805C140E003F131EEB001C143C14385C6C13F0495A6C485AEB
+8780D807FEC7FCEA01F81B3F78BD20>I<137C48B414072603C780EB1F80380703C0000F
+7F000E153F121C0107150012385E1278D8700F147E5C011F14FE00F05B00E05DEA003FEC
+0001A2495C137E150313FE495CA215071201495CA2030F13380003167849ECC070A3031F
+13F0EE80E0153F00011581037F13C06DEBEF8300000101148090397C03C787903A3E0F07
+C70090391FFE01FE903903F000782D2D78AB34>I<017C143848B414FC3A03C78001FE38
+0703C0000F13E0120E001C14000107147E1238163E1278D8700F141E5C131F00F049131C
+12E0EA003F91C7123C16385B137E167801FE14705BA216F0000115E05B150116C0A24848
+EB0380A2ED0700A2150E12015D6D5B000014786D5B90387C01E090383F0780D90FFFC7FC
+EB03F8272D78AB2D>I<017CEE038048B4020EEB0FC02603C780013FEB1FE0380703C000
+0E7F5E001C037E130F01071607123804FE130300785DEA700F4A1501011F130100F00180
+4914C012E0EA003FDA000314034C14805B137E0307140701FE1700495CA2030F5C000117
+0E495CA260A24848495A60A2601201033F5C7F4B6C485A000002F713036D9039E7E00780
+90267E01C349C7FC903A1F0781F81E903A0FFF007FF8D901FCEB0FE03B2D78AB41>I<02
+F8133FD907FEEBFFE0903A0F0F83C0F0903A1C07C780F890393803CF03017013EE01E0EB
+FC07120101C013F8000316F00180EC01C000074AC7FC13001407485C120EC7FC140F5DA3
+141F5DA3143F92C8FCA34AEB03C01780147EA202FEEB0700121E003F5D267F81FC130E6E
+5BD8FF83143CD903BE5B26FE079E5B3A7C0F1F01E03A3C1E0F83C0271FF803FFC7FC3907
+E000FC2D2D7CAB2D>I<137C48B414072603C780EB1F80380703C0000F7F000E153F001C
+1600130712385E0078157EEA700F5C011F14FE00F0495B12E0EA003FEC00015E5B137E15
+0301FE5C5BA2150700015D5BA2150F00035D5BA2151F5EA2153F12014BC7FC6D5B00005B
+EB7C0390383E0F7EEB1FFEEB03F090C712FE5DA214015D121F397F8003F0A24A5A484848
+5A5D48131F00F049C8FC0070137E007813F8383801F0381E07C06CB4C9FCEA01FC294078
+AB2F>I<027C130749B4130F49EB800E010F141E49EBC03CEDE03890393F03F07890397C
+00FDF00178EB3FE00170EB03C001F0148049130790C7EA0F00151E5D5D5D4A5A4A5A4A5A
+4AC7FC141E5C5C5C495A495A495A49C8FC011E14F04914E05B491301485A4848EB03C0D8
+07B0130701FEEB0F80390FCF801F3A1F07E07F00393E03FFFED83C015B486C5B00705C00
+F0EB7FC048011FC7FC282D7BAB28>I<B812F0A22C02779B32>I<BE12C0A25A02759B64>
+I E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Ft cmsy10 12 52
+/Ft 52 120 df<007FB912E0BA12F0A26C18E03C04789A4D>0 D<121FEA3F80EA7FC0EA
+FFE0A5EA7FC0EA3F80EA1F000B0B789E1C>I<0060160600F0160F6C161F007C163E6C16
+7C6C16F86C6CEC01F06C6CEC03E06C6CEC07C06C6CEC0F806C6CEC1F00017C143E6D5C6D
+5C6D6C485A6D6C485A6D6C485A6D6C485A6D6C48C7FCEC7C3E6E5A6E5A6E5A6E5AA24A7E
+4A7EEC3E7C4A7E4A7E49486C7E49486C7E49486C7E49486C7E49C77E013E147C49804980
+4848EC0F804848EC07C04848EC03E04848EC01F048C912F8003E167C48163E48161F4816
+0F00601606303072B04D>I<14034A7E4A7E4A7E4A7EEC7CF8ECF87C49487E49487E4948
+6C7E49486C7E49486C7E013E6D7E496D7E49147C4848804848804848EC0F804848EC07C0
+48C8EA03E0003EED01F048ED00F848167CA2007C16F86CED01F06CED03E06C6CEC07C06C
+6CEC0F806C6CEC1F006C6C143E6C6C5C017C5C6D495A6D495A6D6C485A6D6C485A6D6C48
+C7FC903801F03E6D6C5AEC7CF8EC3FF06E5A6E5A6E5A6EC8FC2E2E7EAF33>5
+D<49B4FC010F13E0013F13F890B512FE48EB01FF3A03F8003F80D807E0EB0FC0D80F80EB
+03E048C7EA01F0001E1400003E15F8003C1578007C157C0078153C00F8153E48151EA86C
+153E0078153C007C157C003C1578003E15F8001E15F0001F14016C6CEB03E0D807E0EB0F
+C0D803F8EB3F803A01FF01FF006CEBFFFE013F13F8010F13E0010190C7FC27267BAB32>
+14 D<49B4FC010F13E0013F13F890B512FE48804815804815C04815E04815F0A24815F8
+A24815FCA2B712FEAA6C15FCA26C15F8A26C15F0A26C15E06C15C06C15806C15006C5C01
+3F13F8010F13E0010190C7FC27267BAB32>I<007FBA1280BB12C0A26C1980CEFCB0007F
+BA1280BB12C0A26C1980CEFCB0007FBA1280BB12C0A26C1980422C7BAE4D>17
+D<92B712E0020F16F0143F91B812E001030180C9FCD90FF8CAFCEB1FE0EB3F80017ECBFC
+13F8485A485A485A5B120F48CCFC121E123E123CA2127C1278A212F85AAA7E1278A2127C
+123CA2123E121E121F6C7E12077F6C7E6C7E6C7E137E6D7EEB1FE0EB0FF8903803FF8001
+0090B712E0023F16F0140F020016E092CAFCB0001FB912E04818F0A26C18E03C4E78BE4D
+>I<007FB612F0B8FC17C06C16F0C9EA1FFCEE01FF706C7EEF1FC0EF07E0EF01F0717E18
+7C84181E181FF00F80180719C01803A219E01801A219F01800AA180119E0A2180319C0A2
+18071980180FF01F00181E183E60604D5AEF07E0EF1FC0EF7F804C48C7FCEE1FFC007FB7
+12F0B812C094C8FC6C15F0CDFCB0007FB91280BA12C0A26C18803C4E78BE4D>I<19E0F0
+03F0180FF03FE0F0FF80943803FE00EF0FF8EF3FE0EFFF80DC03FEC7FCEE0FF8EE3FE0EE
+FF80DB03FEC8FCED1FF8ED7FE0913801FF80DA07FEC9FCEC1FF0EC7FC04948CAFCEB07FC
+EB1FF0EB7FC04848CBFCEA07FCEA1FF0EA7FC048CCFCA2EA7FC0EA1FF0EA07FCEA01FF38
+007FC0EB1FF0EB07FCEB01FF9038007FC0EC1FF0EC07FC913801FF809138007FE0ED1FF8
+ED07FE923800FF80EE3FE0EE0FF8EE03FE933800FF80EF3FE0EF0FF8EF03FE943800FF80
+F03FE0F00FF01803F000E01900B0007FB912E0BA12F0A26C18E03C4E78BE4D>I<127012
+FCB4FCEA7FC0EA1FF0EA07FCEA01FF38007FC0EB1FF0EB07FCEB01FF9038007FC0EC1FF0
+EC07FC913801FF809138007FE0ED1FF8ED07FE923800FF80EE3FE0EE0FF8EE03FE933800
+FF80EF3FE0EF0FF8EF03FE943800FF80F03FE0F00FF0A2F03FE0F0FF80943803FE00EF0F
+F8EF3FE0EFFF80DC03FEC7FCEE0FF8EE3FE0EEFF80DB03FEC8FCED1FF8ED7FE0913801FF
+80DA07FEC9FCEC1FF0EC7FC04948CAFCEB07FCEB1FF0EB7FC04848CBFCEA07FCEA1FF0EA
+7FC048CCFC12FC1270CDFCB0007FB912E0BA12F0A26C18E03C4E78BE4D>I<D907F81780
+D93FFFEE01C090B512C04814F048804814FE270FF807FF1503261FC00001C0158048C7D8
+3FE01407003EDA0FF8140F486E6CEC1F000078DA01FF5C00706E01C013FE00F092393FF8
+07FC486FB55A04075C705C04005C053F90C7FC0040EE07F8CEFCA4D907F81780D93FFFEE
+01C090B512C04814F048804814FE270FF807FF1503261FC00001C0158048C7D83FE01407
+003EDA0FF8140F486E6CEC1F000078DA01FF5C00706E01C013FE00F092393FF807FC486F
+B55A04075C705C04005C053F90C7FC0040EE07F8422C7BAF4D>25
+D<1AF0A3861A78A21A7C1A3CA21A3E1A1E1A1F747EA2747E747E87747E747E1B7E87757E
+F30FE0F303F8007FBC12FEBE1280A26CF3FE00CEEA03F8F30FE0F31F8051C7FC1B7E6350
+5A505A63505A505AA250C8FC1A1E1A3E1A3CA21A7C1A78A21AF862A359347BB264>33
+D<18034E7E85180385180185727E1978197C8585737E86737E737E007FBA7EBB7E866C85
+CDEA0FC0747EF203F8F200FEF37F80F31FE0F307FC983801FF80A2983807FC00F31FE0F3
+7F8009FEC7FCF203F8F207E0505A007FBBC8FCBB5A626C61CCEA03F04F5A4F5A624FC9FC
+193E61197819F84E5A6118036118076172CAFC59387BB464>41 D<02C0130C496C131EB3
+B3AF00C0170C00F0173C00FC17FC00FE1601D83F81ED07F0D80FC1ED0FC0D807E1ED1F80
+D801F9ED7E00D800FD5D017FEC1FF8011F15E0010F5D01075D010392C7FC6D6C133E0100
+143C6E137C027C5B6E485A021E5BEC1F03020F5B9138078780A2DA03CFC8FCA2EC01FEA2
+6E5AA31578A31530A236587DC43D>43 D<031CED01C0033E4B7E033C1501037C82037815
+0003F8824B16780201177C4B163C0203173E4A48824B82020F844ACA6C7E023E717E027E
+8491BA7E498549854985D90FC0CBEA1F804948727E017FCCEA07F001FCF101F8D803F8F1
+00FED80FE0F23F80D83FC0F21FE0B4CEEA07F8A2D83FC0F21FE0D80FE0F23F80D803F8F2
+FE00C66CF101F8017FF107F0D91F80F00FC06D6C4E5A6DBBC7FC6D616D616D61027ECAEA
+03F0023E606E4D5A6E6C4C5A020795C8FC6F5E6E6C163E0201173C6F167C020017786F16
+F803785E037C1501033C5E033E1503031C6F5A5D387DB464>I<92B6FC020F1580143F91
+B7120001030180C8FCD90FF8C9FCEB1FE0EB3F80017ECAFC13F8485A485A485A5B120F48
+CBFC121E123E123CA2127C1278A212F85AA3B9FC1880A2180000F0CBFCA37E1278A2127C
+123CA2123E121E121F6C7E12077F6C7E6C7E6C7E137E6D7EEB1FE0EB0FF8903803FF8001
+0090B6FC023F1580140F02001500313A78B542>50 D<1706170F171F171E173E173C177C
+177817F817F0160117E0160317C016071780160F17005E161E163E163C167C167816F85E
+15015E15035E15075E150F93C7FC5D151E153E153C157C157815F85D14015D14035DA214
+075D140F92C8FC5C141E143E143C147C147814F85C13015C13035C13075C130F91C9FC5B
+131E133E133C137C137813F85B12015B12035B12075B120F90CAFC5A121E123E123C127C
+127812F85A1260305C72C600>54 D<126012F0B012FC12FEA212FC12F0B0126007267BAB
+00>I<0060171800F0173CA26C177C00781778A2007C17F8003C17F0003E1601001E17E0
+A2001F16036C17C0A26D1507000717806D150F00031700A26D5D0001161EA26D153E0000
+163C90B712FC6D5DA3013CC85AA2013E1401011E5D011F14036D5DA26E130701075DA26E
+130F010392C7FC6E5B0101141EA26E133E0100143CA26E137C02781378027C13F8023C5B
+A2EC3E01021E5BA2EC1F03020F5B158702075BA215CF020390C8FCA215FF6E5AA26E5AA3
+1578A21530364780C437>I<007FB712E0B812F0A27ECAFCB3AA001FB7FC5A5A7ECAFCB3
+AB007FB7FCB8FCA26C16E02C457BC437>I<007FB812FCB912FEA27ECB121EB3A4180C37
+1B7BA342>I<4B7E4B7EA215075EA2ECFF87010313EF90260F80FFC7FC90383E003F497F
+498048488048488049133F0007EC3DF049133C000FEC7CF8157848C7137CA248ECF87E15
+F0A2140148ECE07F007E81A2140315C0A200FE010714801580A3140F1500A25C141EA314
+3E143CA3147C1478A214F85CA31301007E491400A213035C007F5DA2D83F07147E5CA213
+0F001F90C7127C018F14FC000F5D139F01DE130100075DD803FE495A5B00014A5A00004A
+5A017C49C7FC017E133E90387F80F89038FBFFE001F0138091C9FCA212015BA26C5A2955
+7CCC32>I<16C04B7EB3B3B3A7007FBA1280BB12C0A26C198042427BC14D>63
+D<190E193E197EF001FE1803A21807A2180FA2181FA2183F183B187B187318F318E31701
+18C31703188317071803170F171EA2173CA21778177017F0EE01E0A2EE03C0A2DC07807F
+EE0F00A2161EA24C7F5EA25E15015E4B5A15074C81DB0F1FB6FCED1F7F4BB7FCA25D92B8
+FC03F0C8FC0201834A5A4A5A5D0030130F007049C96C7E143E00F8137E6C5B6C48488326
+FF87F0043F133801FFF0F8F04AEFFFE04A18C04A70138091CAEBFE006C48EF0FF86C48EF
+07C06C4894C8FCEA07E04D4D7DC750>65 D<DA01C0EB01FE020791381FFF80DA1F8090B5
+12E0027F010314F0D901FF010F14F80107023F14FC49EC7E01499139F8007FFE013CD983
+E0131F01204948130F0100494813074BC7FC033E1403037E15FC495B5D19F85D4BEC07F0
+19E04B15C049EE0F804BEC1F00187E92C812F8EF03F04948EC1FC0EF7F80DC03FEC7FC4A
+EB1FF893B5FC90260FF80314C04B14F04B804A4880DB00077F011F02007F053F13804A14
+0F7113C0834948807113E0A2187F495AA2183F91C9FCA24917C0A25B00011880A249EE7F
+00187E485A604D5A2607F0305DD9F1F04A5A48486C4A5AD9EFFEEC1F80496C6C017EC7FC
+001F9138F003FC019F90B512F0D83F8F15C0010792C8FCD87E0114F82678007F13C000E0
+D90FFCC9FC3F487DC541>I<EE01FE93381FFF8093B512C0030714E0151F157F913801FE
+01913903F0007FDA07C0133F021FC713C0143E5C4A1580495A4948EC7F001307495A4948
+14FEA249C7485A495D137E494A5AEE07C0000193C7FC484891C8FCA2485AA3485AA2121F
+A25B123FA4485AA512FFA77FA3171E6D5D007F16FC4C5A6D4A5A6D5D003F4B5A6D4A5A6D
+4AC7FC6C6C143E6C01C013F89138F803F06C90B55A6C15806C4AC8FC6C14F8013F13C0D9
+07FCC9FC33487FC534>I<031FB512C00203B7FC021F16E091B812F8010317FE010F717E
+90283FE07FC03F80D97E00020080D801F84A011F7FD803E004077F484804017F000FEF00
+7F4848717E003F02FF151F737E48C782007E92C8FC4872138012F0008084C8FC4A5A85A4
+4A5AA21B00A34A5AA24F5A5D62140FA24B4B5A141F4F5A4B5EA2023F4C5A4F5A5D027F4C
+C7FC197E92C9127C6102FE4B5A4E5A4E5A49484B5A063EC8FC01035E4A4A5AEF07E04948
+EC1FC005FFC9FCEE07FC4948EBFFF091B61280017F4ACAFC90B612F04815804802F8CBFC
+4891CCFC49447EC34D>I<0403B712F8043F16FE4BB9FC1507151F157FDBFC0090C7EA07
+FE912703F001FEEC01F8DA07C017F0DA0F801780021F94C7FCEC3F004A495A147E14FE5C
+49485C4A1307495A91C7FC90C85B160FA25FA2161F5FA2163F5FA2167F94B612C0A293B7
+FC624FC7FC4B5D04FCC712704B4891C8FCA34B5AA24B5AA25E151F5E153FA24BCBFCA215
+FEA25D14015D486C485AEA07C0001F495A383FE00FD87FF05B39FFFC1F80D87FFF90CCFC
+14FE6C5B6C13F06C5B00031380D800FCCDFC50477EC348>70 D<EF07F8EF7FFE4CB5FC04
+0714805E043F14C0EE7C0F923801F8034B487EED07E0030F7F4B5A4B5AA24BC713804B15
+004B14FC020115F04B14C0020392C7FC5D1407A24A5AA2141F5DA2143F5DA2147F5DA214
+FFA292CAFC5BA35C1303A35C1307A25CA2130F5CA2495AA349481608197C494816F891C9
+1203180790B56CEC0FF04814F803FFEC1FE04803F014C004FE1480489239FFE03F00D80F
+E0EDFFFC261FC00F5D263F800115E0007EC7001F5C007C020391C7FC00F09138003FF03E
+487DC545>76 D<DC03801960040F1AE04C7E043F1901047FF103C01E071E0F1E1F83F63F
+8004FF197F1EFF65715F651F004B6104EF60DCCFF85F1D7E1DFD0303F1F9FE0487EF01F1
+711603F407E10307F00FC10407EF1F83706CEE3F031C7E030F62030E18FC706CED01F8F3
+03F0031CEF07E098380FC007706DEC1F804BEF3F00661B7E4B6D6C5C505A505A4B6E4948
+130F053F4A5A02014D5A4B163F716C49C7FC4A4804FE5D6272485A4AC7000F495A72485A
+4A4C48141F020E0207495A7248C8FC4A0203137EF0FFFE023C5E02386E5B02785E02706E
+5B02F05E0010496F5AD8380194C9FC267C03C0153ED87F87041CEFF830B548031018F095
+CAEBFFE091CE14C0491D809A380FFE00491CF86C48F307C06C4898C8FCEA07E06C4B7DC5
+78>I<F50FE01DFF1C031C0F64645213C0161E043E94B5128004FEF0C0004B6CDC01FCC7
+FC1CF01CC0515A4B7FA251C8FC83A21B0E8316BF03075FA2EE9FF0041F163C1B3883ED0F
+0F63030E7F16071BF0031E6D5D1603151C711401705E153C033880704B5AA20378800370
+017F14077291C9FCA203F0133F4B6E5B051F140EA24A4880050F141E1A1C4A4880170772
+133C4AC71538170384020E6E1478F18070A24A6E13C01AF0726C5A5CF03FF0027816F102
+7092381FF9C0001801F016FD001C49150FD83E0117FF267FC3C08101FF705B5CB58291C9
+91CAFC725A6C4817786C4894CBFC6C5AEA03F0635283CC52>I<DB01C0EB3FC0923A0780
+01FFF892261F000F13FE033E013F7F03FC90B61280912601F00115C0912803E007E03F13
+E0913A0F800F800791281F001F000113F0023E013E6D13F84A49147F4A49143F902601F0
+0116FC49484848141F49484848140F130F4948484815FE90263F001F15075E017E133F49
+91C8FC4B15034848137E00035C495B0007495A15804848CAFC1AFC121F5BA2123FF107F8
+A2485AA21AF0190FA200FF19E0A2F11FC0A21A80193F1A006D177EA2614E5A7F007F4D5A
+4E5A6D5F4E5A6C6C4CC7FC6D163E606C6C5E6D4B5A6C6DEC07C06C01E04A5A6E023FC8FC
+6C01FC14FC6C9039FFC00FF86C91B512E06D1580011F02FCC9FC6D14F0010391CAFC9038
+003FF047487AC54F>I<031FB512F00203B77E021F16F091B812FC010317FF010F188090
+283FE07FC00F14C0D97E00DA007F13E0D801F84A010F13F0D803E016034848040013F800
+0F187F4848EF3FFC003F02FF151FA248C790C8120F127E48180712F0008019F8C75A5DA2
+1AF0190F1AE04A5A1AC0F11F80A24BED3F000207167E197C614E5A4A484A5A4E5A061FC7
+FC4B143E18FC021FEC07F0EF7FE09239C07FFF8091273FC1FFFCC8FC03C313F0038F1380
+DB9FFCC9FC027F13800380CAFC92CBFC5CA25CA2495AA3495AA213075CA2130F5CA2495A
+A3495A91CCFC137E137C136046497EC345>I<031FB512FC0203B712E0021F16FC91B9FC
+010318C0010F8490283FE07FC00380D97E00DA001F7FD801F84A1303D803E004007F4848
+173F000F181F4848170F003F14FF190748C790C8FC007E615A12F0008061C75A4B4B5AA2
+62191F624A484BC7FC193E61614E5A4A48EC07E0F00F80063FC8FCEF03FC4B48B45A020F
+010F13E04C90C9FC4B485A4C7E021F90B5FC041F7FDBC0077F023F7F707F158082027F6E
+7E92C7FC717E5C4A81171F13014A6E7E1B0349486E6C141F1B3E73137C49486E6D13F8F2
+01F049486E9038E003E09638F007C0719038FC1F80494892397FFFFE006249486F13F091
+C96C13C0013C7048C7FC0170EE03F050467EC354>82 D<EF7FF0933807FFFE043FEBFF80
+93B612E0030315F0030F15F892381F800F92267E000113FC03F8EB007F4A48141F020315
+0F4A5A020FED07F85D021F16F0023F16E019C0F00F00027F150895C7FC81A281A2816E7E
+816E6C7E16E06E13F86E13FE6EEBFFC06E14F06E6C13FC031F7F03076D7E030180DB003F
+7F040F7F04037F82706C7E173F010E6F7E017C150F5BD803F01507485A48481503121F48
+485EA2127F60A200FF4C5A7F604D5A6D5E6D4BC7FC6C6C153E6D5D01FFEC01F06C01C0EB
+07E06C01FCEB7FC06C90B6C8FC6C15FC6C15E0C61580013F01FCC9FC010313803E487EC5
+3C>I<1B3C1B7CF201F8020FB912F091BA12E001031980010FF0FE004918F8017F188001
+F8C7D807F0C9FCD803F0140F4848141F120F48485D003F153FA2127F5F4848147F90C8FC
+5A00F85E00E015FFC9FCA294CAFC5DA35E1503A35E1507A35E150FA35E151FA35E153FA3
+5E157FA35E15FFA293CBFCA25CA25D1403A25DA24A5AA34A5AA24A5AA25D143F5D027ECC
+FC147814604E4E7CC636>I<D907F81678D93FFF16FE4901C04A7E48B56C1680486E5CD8
+07C36D16C0390F807FFC9038001FFEC7000F9238003FE06E6C150F6E16076E6D1403A26E
+6D1401A2157F7015C0153FA219036F6C1580A3F107006F7E61190E191E0307151CA261A2
+70147861A24E5A03035D18034E5AA24EC7FC181EA2606018F8604D5A17034D5A4D5A95C8
+FC5F173E5F5FEEFDF016FF5F5F5F94C9FC5E5E00204A5A00705D4B5A00F04A5A6CEC7F80
+4BCAFC6C495A6CEB07F839FF801FF09038E07FE06CB55A92CBFC6C5B5C6C13F06C13C000
+0390CCFCEA00FC43527DC343>89 D<0060170C00F0171EB3B3A76C173E0078173CA2007C
+177C6C17F8001E17F0001F16016C6CED03E0D807E0ED0FC06C6CED1F80D801FEEDFF006C
+6C6CEB03FED93FFCEB7FF86DB65A0103158001004AC7FC020713C0373D7BBA42>91
+D<913807FFC091B512FE01036E7E011F15F0903A3FFC007FF8D9FF80EB03FE4848C87ED8
+03F0ED1F804848ED0FC0D80F80ED03E048C9EA01F0001E1600003E17F848177C0078173C
+A200F8173E48171EB3B3A70060170C373D7BBA42>I<1538157CA315FEA24A7E15EF0203
+7F15C702077F1583A2020F7F1501021F7FEC1E00023E7F023C1378027C137C0278133CA2
+02F8133E4A131E0101141F4A7F0103814A13070107814A1303A2010F8191C71201498101
+1E1400013E81013C1578017C157C0178153C01F8153E49151EA20001161F498100031780
+491507000717C0491503000F17E090C91201A24817F0001E1600003E17F8003C1778007C
+177C0078173C00F8173E48171EA20060170C373D7BBA42>94 D<0060170C00F0171EA26C
+173E0078173C007C177C003C1778003E17F8001E17F0001F16016C17E0A26D1503000717
+C06D1507000317806D150F000117006D5D0000161EA26D153E0178153C017C157C013C15
+78013E15F8011E5D011F14016D5D6E130301075DA26E130701035D6E130F010192C7FC6E
+5B0100141E6E133E0278133CA2027C137C023C1378023E13F8021E5BEC1F01020F5B1583
+02075BA215C702035B15EF020190C8FC15FF6E5AA2157CA31538373D7BBA42>I<126012
+F0B3ADB9128018C0A300F0CBFCB3AE126032457BC43D>I<ED0FE015FF913803FC00EC0F
+E0EC3FC04A5A4AC7FC5C495AA2495AB3AD495AA2495A131F495A495A01FEC8FCEA07F8EA
+FFE0A2EA07F8EA00FEEB7F806D7E6D7E130F6D7EA26D7EB3AD6D7EA26D7E806E7E6E7EEC
+0FE0EC03FC913800FFE0150F236479CA32>102 D<12FEEAFFE0EA07F8EA00FEEB7F806D
+7E6D7E130F6D7EA26D7EB3AD6D7EA26D7E806E7E6E7EEC0FE0EC03FC913800FFE0A29138
+03FC00EC0FE0EC3FC04A5A4AC7FC5C495AA2495AB3AD495AA2495A131F495A495A01FEC8
+FCEA07F8EAFFE048C9FC236479CA32>I<140C141EA2143E143C147C1478A214F814F013
+0114E0A2130314C013071480A2130F14005B131EA2133E133C137C1378A213F85BA21201
+5B12035BA212075B120F90C7FCA25A121E123E123CA2127C127812F85AA27E1278127C12
+3CA2123E121E121F7EA27F12077F1203A27F12017F1200A27F1378A2137C133C133E131E
+A2131F7F14801307A214C0130314E01301A214F0130014F81478A2147C143C143E141EA2
+140C176476CA27>I<126012F0A27E1278127C123CA2123E121E121F7EA27F12077F1203
+A27F12017F1200A27F1378137C133CA2133E131EA2131F7F14801307A214C0130314E013
+01A214F0130014F81478A2147C143C143E141EA2143E143C147C1478A214F814F0130114
+E0A2130314C013071480A2130F14005B131EA2133E133CA2137C137813F85BA212015B12
+035BA212075B120F90C7FCA25A121E123E123CA2127C127812F85AA2126017647BCA27>
+I<126012F0B3B3B3B3B3A81260046474CA1C>I<126012F0A27E1278A2127C123C123E12
+1EA2121F7EA27F1207A27F12037F1201A27F1200A27F1378A2137C133C133E131EA2131F
+7FA2801307A2801303801301A2801300A2801478A2147C143C143E141EA2141F80A28114
+07811403A2811401A2811400A2811578157C153CA2153E151EA2151F81A21680150716C0
+1503A216E01501A216F01500A216F81678167C163CA2163E161EA2160C27647BCA32>
+110 D<0060173000F01778B3B3B2B912F8A36C17F0353B7ABA42>116
+D<003FB912F84818FCA219F80078CCFCB3B3AE007FB912F819FCA26C18F8CDFCB0007FB9
+12F8BA12FCA26C18F83E4E78BE4D>118 D<007FB912F0BA12F8A27ECC1278B3B3AE007F
+B912F8BAFCA26C18F0CDFCB0007FB912F8BA12FCA26C18F83E4E7ABE4D>I
+E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fu cmr12 12 91
+/Fu 91 128 df<B91280A300019038C000036C6C489038003FC0171F17071703A21701A2
+EF00E0A31860A418701830A31800B3B3A58048487EB612F8A334447CC33D>0
+D<027FB67EA39126001FFEC9FC6F5A6F5AA8B46CEFFF8001E01603D81FF0933807FC006C
+6C4C5A0007606D161F000360A26D163F000160AC6C6C5F187FA4D97F804BC7FCA2013F5E
+02C01401131F02E04A5A010F5ED907F01407D903F85DD901FC4A5AD900FE4A5A027F027F
+C8FCDA1FC713FE0207B512F8020114C09126001FFCC9FCED07F8A84B7E4B7E027FB67EA3
+41447BC34C>9 D<9239FFC001FC020F9038F80FFF913B3F803E3F03C0913BFC00077E07
+E0D903F890390FFC0FF0494890383FF81F4948EB7FF0495A494814E049C7FCF00FE04991
+393FC0038049021F90C7FCAFB912F0A3C648C7D81FC0C7FCB3B2486CEC3FF0007FD9FC0F
+B512E0A33C467EC539>11 D<4AB4FC020F13E091387F80F8903901FC001C49487FD907E0
+130F4948137F011FECFF80495A49C7FCA25B49EC7F00163E93C7FCACEE3F80B8FCA3C648
+C7FC167F163FB3B0486CEC7FC0007FD9FC1FB5FCA330467EC536>I<913801FFC0020FEB
+FB8091387F803F903801FC00494813FFEB07E0EB1FC0A2495A49C7FC167F49143F5BAFB8
+FCA3C648C7123FB3B2486CEC7FC0007FD9FC1FB5FCA330467EC536>I<DBFF80EB3FE002
+0F9039F001FFFC913B3F807C0FF01F913CFC000E3F800380D903F86D48486C7E4948D90F
+FC804948D93FF8130F4948017F4A7E49485C49C75BA25B494B6D5A041F6E5A96C8FCACF1
+07F0BBFCA3C648C7391FC0001F190F1907B3B0486C4A6C497E007FD9FC0FB50083B512E0
+A34B467EC551>I<131F1480133F137FA2EBFF00485A485A5B485A485A138048C7FC123E
+123C5A12E0124011126CC431>19 D<1606A25E161C1618163816305EEC7F80903903FFF0
+C090380FC0FC90393E001F8049130F01F0EB03C04848497E0003814848EB0CF84848147C
+1518001F157E48C7487E157015604802E01380007EECC01FEC0180A200FED9030013C0A2
+1406140E140C141C14185CA25C007E16805CD87F01143F003F4914001303001F90C7123E
+0186147E000F157C01CC14FC00075DD803F8495A00014A5A00004A5A017E011FC7FC9038
+7F807E9038C7FFF89038C07F804848C9FCA248CAFC5A1206120E120C5AA22A3F7DB431>
+28 D<121EEA7F80EAFFC0A9EA7F80ACEA3F00AB121EAC120CA5C7FCAA121EEA7F80A2EA
+FFC0A4EA7F80A2EA1E000A4778C61B>33 D<001EEB03C0397F800FF000FF131F01C013F8
+A201E013FCA3007F130F391E6003CC0000EB000CA401E0131C491318A300011438491330
+0003147090C712604814E0000614C0000E130148EB038048EB070048130E0060130C1E1D
+7DC431>I<EC03F0EC0FF8EC3E1EEC7C0E4A7E49487E130302E07F01071301A3EB0FC0A4
+150393CAFC14E05D1506150E5D1518010713386E5A156015E0ECF1C0DAFB800107B512C0
+6DB4C7FC5C4A9139007FFC000101EE1FE019806E6FC7FC0100160E497E495E496C6C1418
+010E1638496C6C1430011816709026381FE05C01705E496C6C1301D801C06D5C00030107
+1403D807806D91C8FC000F6D6C5B001F0101140E003F6E130C90C7EB801C48027F5BEEC0
+304891383FE070031F5B705AED0FF9923807FB806D6DB4C812C05E6F7E007F6E6D13016D
+6E6C14804C6C13036C6C496D1400001F912603CFF85B6C6C90260F07FC130E6C6C90263E
+01FE133C3D03FE01F800FF80F8C6B54890383FFFF0013F0180010713C0D907FCC890C7FC
+42497CC64C>38 D<121EEA7F8012FF13C0A213E0A3127FEA1E601200A413E013C0A31201
+1380120313005A1206120E5A5A5A12600B1D78C41B>I<140C141C1438147014E0EB01C0
+1303EB0780EB0F00A2131E5BA25B13F85B12015B1203A2485AA3485AA348C7FCA35AA212
+3EA2127EA4127CA312FCB3A2127CA3127EA4123EA2123FA27EA36C7EA36C7EA36C7EA212
+017F12007F13787FA27F7FA2EB0780EB03C01301EB00E014701438141C140C166476CA26
+>I<12C07E12707E7E7E120F6C7E6C7EA26C7E6C7EA21378137C133C133E131E131FA2EB
+0F80A3EB07C0A3EB03E0A314F0A21301A214F8A41300A314FCB3A214F8A31301A414F0A2
+1303A214E0A3EB07C0A3EB0F80A3EB1F00A2131E133E133C137C13785BA2485A485AA248
+5A48C7FC120E5A5A5A5A5A16647BCA26>I<14F0A2805CA70078EC01E000FCEC03F0B414
+0FD87F80EB1FE0D83FC0EB3FC03A0FF060FF003903F861FC3900FC63F090383F6FC0D90F
+FFC7FCEB03FCEB00F0EB03FCEB0FFF90383F6FC09038FC63F03903F861FC390FF060FF3A
+3FC0F03FC0D87F80EB1FE0D8FF00EB0FF000FC14030078EC01E0C790C7FCA7805CA2242B
+7ACA31>I<16C04B7EB3AB007FBAFCBB1280A26C1900C8D801E0C9FCB3AB6F5A41407BB8
+4C>I<121EEA7F8012FF13C0A213E0A3127FEA1E601200A413E013C0A312011380120313
+005A1206120E5A5A5A12600B1D78891B>I<B612C0A61A067F9721>I<121EEA7F80A2EAFF
+C0A4EA7F80A2EA1E000A0A78891B>I<1618163CA2167C1678A216F816F0A2150116E015
+0316C0A215071680A2150F1600A25D151EA2153E153CA2157C157815F85DA214015DA214
+035DA214075DA2140F92C7FC5C141EA2143E143CA2147C1478A214F85CA213015CA21303
+5C13075CA2130F91C8FCA25B131EA2133E133CA2137C137813F85BA212015BA212035BA2
+12075BA2120F90C9FCA25A121E123E123CA2127C1278A212F85AA2126026647BCA31>I<
+14FF010713E090381F81F890383E007C01FC133F4848EB1F8049130F4848EB07C04848EB
+03E0A2000F15F0491301001F15F8A2003F15FCA390C8FC4815FEA54815FFB3A46C15FEA5
+6D1301003F15FCA3001F15F8A26C6CEB03F0A36C6CEB07E0000315C06D130F6C6CEB1F80
+6C6CEB3F00013E137C90381F81F8903807FFE0010090C7FC28447CC131>I<143014F013
+011303131F13FFB5FC13E713071200B3B3B0497E497E007FB6FCA3204278C131>I<EB03
+FE90381FFFC0017F13F03901F80FFC3903C001FE48486C7E000EC7EA7F8048EC3FC0ED1F
+E04815F00030140F007015F800601407126CB415FC7F7F1503A46C4813076CC7FCC8FC16
+F8A2150F16F0151F16E0A2ED3FC0ED7F8016005D5D4A5A4A5A4A5A5D4A5A4A5A4AC7FC14
+7C5C5C495A495A495A49C7120C131E5B013814185B5B485A4848143848C81230000E1570
+001FB612F0A25A5AB712E0A326427BC131>I<49B4FC010F13E0013F13FC9038FE01FE3A
+01F0007F80D803C0EB3FC048C7EA1FE0120EED0FF0EA0FE0486C14F8A215077F5BA26C48
+130FEA03C0C813F0A3ED1FE0A2ED3FC01680ED7F0015FE4A5AEC03F0EC1FC0D90FFFC7FC
+15F090380001FCEC007FED3F80ED1FC0ED0FE016F0ED07F816FC150316FEA2150116FFA3
+121EEA7F80487EA416FE491303A2007EC713FC00701407003015F80038140F6C15F06CEC
+1FE06C6CEB3FC0D803E0EB7F803A01FE01FE0039007FFFF8010F13E0010190C7FC28447C
+C131>I<ED0380A21507150FA2151F153FA2157F15FFA25CEC03BF153F14071406140C14
+1C141814301470146014C013011480EB03005B13065B131C13185B1370136013E0485A5B
+120390C7FC1206120E120C5A123812305A12E0B812C0A3C8383F8000ADEDFFE0027FEBFF
+C0A32A437DC231>I<000615C0D807C0130701FCEB7F8090B612005D5D5D15E015802606
+3FFCC7FC90C9FCAE14FF010713C090381F01F090383800FC01F0137ED807C07F49EB1F80
+16C090C7120F000615E0C8EA07F0A316F81503A216FCA5123E127F487EA416F890C71207
+5A006015F0A20070140F003015E00038EC1FC07E001EEC3F806CEC7F006C6C13FE6C6C48
+5A3901F807F039007FFFE0011F90C7FCEB07F826447BC131>I<EC07FCEC3FFF91B512C0
+903903FC03E0903907E000F0D91FC0133849C71258017EEB01FC01FE1303491307485A48
+5AA24848EB03F8000FEC01F092C7FC485AA3485AA3127FA29038007F80903801FFF09038
+0780FC39FF0E003E49EB1F8049EB0FC049EB07E0136001E0EB03F04914F8150116FC5BED
+00FEA390C812FFA47EA57F123FA216FE121F15016D14FC120FED03F86C7EED07F06C6C14
+E06C6CEB0FC06C6CEB1F80017EEB3F0090383F80FE90380FFFF8010313E0010013802844
+7CC131>I<121CA2EA1F8090B712C0A3481680A217005E0038C8120C0030151C00705D00
+60153016705E5E4814014B5A4BC7FCC81206150E5D151815385D156015E04A5AA24A5A14
+0792C8FC5CA25C141E143EA2147E147CA214FCA21301A3495AA41307A6130FAA6D5AEB01
+C02A457BC231>I<14FF010713E0011F13F890387F00FE01FC133FD801F0EB1F804848EB
+0FC049EB07E00007EC03F048481301A290C713F8481400A47FA26D130116F07F6C6CEB03
+E013FC6C6CEB07C09039FF800F806C9038C01F006CEBF03EECF87839007FFEF090383FFF
+C07F01077F6D13F8497F90381E7FFFD97C1F1380496C13C02601E00313E048486C13F000
+079038007FF84848EB3FFC48C7120F003EEC07FE150148140016FF167F48153FA2161FA5
+6C151E007C153EA2007E153C003E157C6C15F86DEB01F06C6CEB03E06C6CEB07C0D803F8
+EB1F80C6B4EBFF0090383FFFFC010F13F00101138028447CC131>I<14FF010713E0011F
+13F890387F80FC9038FC007E48487F4848EB1F804848EB0FC0000FEC07E0485AED03F048
+5A16F8007F140190C713FCA25AA216FE1500A516FFA46C5CA36C7E5D121F7F000F5C6C6C
+1306150E6C6C5B6C6C5BD8007C5B90383F01E090390FFF80FE903801FE0090C8FC150116
+FCA4ED03F8A216F0D80F801307486C14E0486C130F16C0ED1F80A249EB3F0049137E001E
+C75A001C495A000F495A3907E01FE06CB51280C649C7FCEB1FF028447CC131>I<121EEA
+7F80A2EAFFC0A4EA7F80A2EA1E00C7FCB3A5121EEA7F80A2EAFFC0A4EA7F80A2EA1E000A
+2B78AA1B>I<121EEA7F80A2EAFFC0A4EA7F80A2EA1E00C7FCB3A5121E127FEAFF80A213
+C0A4127F121E1200A512011380A3120313005A1206120E120C121C5A5A12600A3E78AA1B
+>I<007FBAFCBB1280A26C1900CEFCB0007FBAFCBB1280A26C190041187BA44C>61
+D<EB0FFC90387FFFC03901F007F039078001FC000EC77E48147F48EC3F804815C0006014
+1F00FE15E07E7FA56CC7FC001CEC3FC0C8FCED7F80A2EDFF004A5AEC03F84A5A5D4A5A4A
+5A92C7FC143E143C5CA2147014F05CA25C1301A35CA990C9FCAAEB03C0EB0FF0A2497EA4
+6D5AA2EB03C023467BC52E>63 D<16C04B7EA34B7EA34B7EA34B7EA3ED19FEA3ED30FFA2
+03707FED607FA203E07FEDC03FA2020180ED801FA2DA03007F160FA20206801607A24A6D
+7EA34A6D7EA34A6D7EA20270810260147FA202E08191B7FCA249820280C7121FA249C87F
+170FA20106821707A2496F7EA3496F7EA3496F7EA201788313F8486C83D80FFF03037FB5
+00E0027FEBFFC0A342477DC649>65 D<B8FC17E017FC00019039C00003FF6C6C4801007F
+EF3FC0717E717E717E84170384170184A760A21703601707604D5A4D5AEF7FC04DC7FCEE
+03FEEE3FF091B65A17FC0280C7B47EEF1FC0EF0FF0717E717E717E717E1980187F19C0A2
+183F19E0A8F07FC0A2198018FF4D1300A24D5AEF0FFC4D5AEF7FE048486C903803FFC0B9
+C7FC17FC17C03B447CC345>I<DB0FFE146092B500C013E0020314F0913A0FFC01FC0191
+393FC0003E02FFC7EA0F83D903FCEC03C74948EC01E74948EC00FF4948157F4948153F49
+48151F49C9120F485A491607120348481603A248481601A248481600A2123FA249176012
+7FA31900485AAE6C7EA21960A2123F7FA2001F18E07F000F18C0A26C6C160119806C6C16
+0312016DEE07006C6C16066D6C150E6D6C5D6D6C5D6D6C15786D6C5D6D6C4A5AD900FFEC
+0780DA3FC0011FC7FCDA0FFC13FC0203B512F0020014C0DB0FFEC8FC3B487BC546>I<B8
+FC17F017FC00019039C00007FF6C499038007FC0017FED1FE0EF07F0EF03FC717E717E84
+727E727E727EA2727E85180385A2180185A38584A31A80AD1A00A36061A3611803611807
+61180F614E5A183F614EC7FC18FEEF03FC4D5AEF1FE001FFED7FC0486DD907FFC8FCB812
+FC17F094C9FC41447CC34B>I<B912F8A3000101C0C7127F6C6C48EC07FC17011700187C
+183C181CA284A31806A4180704067FA395C7FCA4160EA2161E163E16FE91B5FCA3EC8000
+163E161E160EA21606A319C0A3F0018093C7FCA41803A21900A260A260A2181EA2183E18
+7EEF01FE170748486C147FB95AA33A447CC342>I<B912F0A3000101C0C7127F6C6C48EC
+0FF817031701170018781838A2181CA3180CA4180E1806160CA21800A5161CA2163C167C
+ED01FC91B5FCA3EC8001ED007C163C161CA2160CA793C8FCB08048487EB612F8A337447C
+C340>I<DB0FFE146092B500C013E0020314F0913A0FFC01FC0191393FC0003E02FFC7EA
+0F83D903FCEC03C74948EC01E74948EC00FF4948157F4948153F4948151F49C9120F485A
+491607120348481603A248481601A248481600A2123FA2491760127FA396C7FC485AAD4C
+B612C06C7EA293C7387FF000725A003F171F7FA2121F7F120FA26C7EA26C7E6C7EA26C7E
+6D7E6D6C153F6D7E6D6C157F6D6C15E7D903FEEC01C7D900FFEC0383DA3FE0EB0F01DA0F
+FCEBFE000203B500F81360020002E090C7FCDB0FFEC9FC42487BC54D>I<B6D8C003B6FC
+A3000101E0C70007138026007F80913801FE00B3A991B7FCA30280C71201B3AC2601FFE0
+913807FF80B6D8C003B6FCA340447CC349>I<B612F0A3C6EBF0006D5A6D5AB3B3B3A449
+7E497EB612F0A31C447DC323>I<010FB512FEA3D9000313806E130080B3B3AB123F487E
+487EA44A5A13801300006C495A00705C6C13076C5C6C495A6CEB1F802603E07FC7FC3800
+FFFCEB1FE027467BC332>I<B600C049B512C0A3000101E0C8387FFC006C49ED3FE06D48
+1680063EC7FC183C183860604D5A4D5A4DC8FC171E17385F5F4C5A4C5A4CC9FC160E5E5E
+5E5E4B5A4B7E4B7E150F4B7E4B7E1577EDE3FE913881C1FFEC8381DA87007F028E6D7E14
+9C02B86D7E02F06D7E14C04A6D7E707EA2707E707EA2707F717EA2717E717EA2717E717E
+A2717E717EA2717F8585496C82486D4A13FCB600C0011FEBFFE0A343447CC34C>I<B612
+F8A3000101E0C9FC6C6C5A5CB3B31830A418701860A518E0A3EF01C0A217031707A2170F
+173F177FEE01FF48486C011F1380B9FCA334447CC33D>I<B56C933807FFFC6E5EA20001
+F1FE0026006FE0EE1BF8A3D967F01633A2D963F81663A3D961FC16C3A3D960FEED0183A2
+027FED0303A36E6C1406A36E6C140CA26E6C1418A36E6C1430A36E6C1460A26E6C14C0A3
+6E6CEB0180A3037FEB0300A292383F8006A36F6C5AA36F6C5AA26F6C5AA36F6C5AA36F6C
+5AA26FB45AA370C7FC13F0A2486C143ED80FFFEF0FFEB500F0011C0107B512FCA34E447B
+C359>I<B56C020FB5FC8080C6040013F06D6CED1F80D96FF8ED0F00A2D967FC1506EB63
+FEA2EB61FF01607FA26E7E6E7EA26E7E6E7EA26E7E6E7EA26E7E6E7FA26F7E6F7EA26F7E
+6F7EA26F7E6F7EA26F7E6F1380A2EE7FC0EE3FE0A2EE1FF0EE0FF8A2EE07FCEE03FEA2EE
+01FF701386A2EF7FC6EF3FE6A2EF1FF6EF0FFEA217071703A217011700A201F0167E183E
+487ED80FFF161EB500F0150EA2180640447CC349>I<ED1FFC4AB512C0913907F007F091
+391F8000FC027EC7123FD901F8EC0FC049486E7E49486E7E49486E7E49486E7E49C9127E
+017E8201FE834848707E4848707EA24848707EA2000F84491603001F84A24848707EA300
+7F84A24982A300FF1980AD6C6C4C1300A4003F606D1603A2001F60A26C6C4C5AA26C6C4C
+5AA20003606D161F6C6C4C5A000060017F4CC7FC6E5D013F5E6D6C4A5AD907E0EC03F06D
+6C4A5AD901FCEC1FC0D9007E4AC8FCDA1F8013FC913907F007F00201B512C09126001FFC
+C9FC41487BC54C>I<B712FCEEFFC017F800019039C0000FFC6C6C48EB01FF9338007F80
+EF1FE0170FEF07F018F8EF03FCA218FE1701A218FFA718FEA2170318FCA2EF07F818F0EF
+0FE0EF1FC0EF7F80933801FE00EE0FFC91B612F017800280C9FCB3AA3801FFE0B612C0A3
+38447CC342>I<B712E016FF17C000019039C0003FF86C6C48EB03FCEE00FF717E717E71
+7E717E717EA284170384A760A21707604D5AA24D5A4D5A4DC8FCEE01FEEE07F8EE3FE091
+B6C9FC16FC913980007F80EE0FE0707EEE03FC707E160083717EA2717EA784A71A608417
+1FA21AE0716C13C02601FFE002071301B600C01680943801FC03943900FE0700CBEA3FFE
+F007F843467CC348>82 D<49B41303010FEBE007013F13F89039FE00FE0FD801F8131FD8
+07E0EB079F49EB03DF48486DB4FC48C8FC4881003E81127E82127C00FC81A282A37E82A2
+7EA26C6C91C7FC7F7FEA3FF813FE381FFFE06C13FE6CEBFFE06C14FC6C14FF6C15C0013F
+14F0010F80010180D9001F7F14019138001FFF03031380816F13C0167F163F161F17E000
+C0150FA31607A37EA36C16C0160F7E17806C151F6C16006C5D6D147ED8FBC05CD8F9F049
+5AD8F07C495A90393FC00FE0D8E00FB51280010149C7FC39C0003FF02B487BC536>I<00
+3FB912F8A3903BF0001FF8001F01806D481303003EC7150048187C0078183CA20070181C
+A30060180CA5481806A5C81600B3B3A54B7EED7FFE49B77EA33F447DC346>I<B600C001
+0FB5FCA3000101E0C813F026007F80ED1F80F00F00A21806B3B3A7180E6D6C150CA2181C
+131F6E1518010F163818306D6C1570606D6C14016D6C5D6D6CEC0780027F4AC7FC6E6C13
+1EDA1FE0137C913907FC03F00201B55A6E6C1380DB07FCC8FC40467CC349>I<B692383F
+FFF0A3000301E003071300C649ED01FC4A5E017F705A6E5E133F616E1501011F5FA26D6C
+4BC7FCA28001071606A26E150E0103160CA26D6C5DA2806D5EA26F1470027F156081023F
+5DA281021F4A5AA26F1303020F92C8FC8102071406A26F130E0203140CA26E6C5BA2816E
+5CA2EE8070037F1360A26F6C5AA216E092381FE180A216F3030F90C9FC16FBED07FEA36F
+5AA36F5AA26F5AA3166044467EC349>I<B60107B500F890380FFFFEA3000301E0D9001F
+90C813F06C0180DA0FFCED3FC091C86C48ED1F006C871C0E6D6C6E7E1C0CA26D6C6F5DA3
+6EDA06FF1538011F1A30A26E020E6D1470010FDB0C7F1560A26E021C7F0107DB183F5DA2
+856D6CDA301F4A5AA36D6C4A6C6C49C7FCA36D6C4A6C6C1306A3DB80016E130E027FDA80
+03140CA2DBC00380023FDA00015CA203E081021F01066D5CA36E6C486E6C5AA36E6C486E
+6C5AA36F48EC1FE1020360A2DBFE7015F302010160020F90C8FCA2DBFFE015FB6E49EC07
+FEA36F486E5AA36FC86C5AA3031E6F5AA4030C16605F467EC364>I<003FB500E0011FB5
+FCA3C691C7000713E0D93FFC020190C7FC6D4815FC010F6F5A6D6C15E0A26D6C4A5A6D6C
+5D4DC8FC6D6D5B6E6C13065F6E6C131C6E6C13185F6E6C13706E6C13605F913803FE01DA
+01FF5B4CC9FC6E1387ED7FC616CCED3FFC6F5A5E6F7E6F7EA26F7E82A203067F150E9238
+0C7FC04B6C7E15389238301FF04B6C7E15E04B6C7E4A486C7E14034B6C7E02066D7F140E
+020C6E7E4A6E7E143802306E7E4A6E7E14E04A6E7E49486E7E130349C86C7E496F7F5B49
+6C8201FF83000701E0020313F8B500F8021FEBFFF0A344447EC349>I<B66C91380FFFFC
+A3000101F8C8000313C026007FE0923800FE0061013F17F06D6C5E80010F5F6D6C4B5A18
+036D6C93C7FC6E15066D160E6D6D140C181C6E6C14186E6C5C18706E6C146018E06E6C5C
+6E6C495A17036E6C91C8FC5F6E6C13066E6D5A171C92387FC0185FED3FE06F6C5A17E06F
+6C5AEEF980ED07FF6F90C9FCA26F5AB3A6923807FF800203B6FCA346447FC349>I<EAFF
+FCA4EAF000B3B3B3B3B3A2EAFFFCA40E6476CA1B>91 D<01C01318000114384848137048
+C712E0000EEB01C0000C1480001C13030018140000385B003013060070130E0060130CA3
+00E0131C481318A400CFEB19E039FFC01FF801E013FCA3007F130FA2003F130701C013F8
+390F0001E01E1D71C431>I<EAFFFCA4EA003CB3B3B3B3B3A2EAFFFCA40E647ECA1B>I<13
+C01201EA0380EA0700120E120C121C12181238123012701260A312E05AA412CFEAFFC013
+E0A3127FA2123F13C0EA0F000B1D79C41B>96 D<EB07FC90383FFF809038F80FE03903C0
+03F048C66C7E000E6D7ED80FC0137E486C137F6D6D7EA36F7EA26C5AEA0380C8FCA4EC0F
+FF49B5FC90380FFE1FEB3FC0EBFF00EA03FC485A485A485A485A127F5B176048C7FCA315
+3FA36D137F007F14EF6D9038C7E0C0003F13013A1FE00783F13B07F81E03FF802701FFFC
+0113003A001FE0007C2B2E7CAC31>I<EA01FC12FFA3120712031201B3EC03FC91380FFF
+8091383C07E091387001F89039FDE0007E02807F01FFEC1F8091C713C049EC0FE0491407
+17F0A2EE03F8A217FCA2160117FEAB17FC1603A217F8A2EE07F0A26DEC0FE017C06D141F
+01FBEC3F80D9F380EB7E00D9E1C05B9039E0F001F89039C03C07E09039801FFF80C7D803
+FCC7FC2F467DC436>I<EC7F80903803FFF090380FC07C90383F000F01FCEB03804848EB
+01C00003140F4848EB1FE049133F120F485AA2485AED1FC0007FEC070092C7FCA290C9FC
+5AAB7E7FA2123F16307F001F15706C6C146016E06C6C14C06C6C13010001EC03806C6CEB
+0700013F131E90381FC078903807FFF001001380242E7DAC2B>I<167FED3FFFA3150181
+82B3EC7F80903803FFF090380FC07C90383F000E017E1307496D5AD803F87F48487F5B00
+0F81485AA2485AA2127FA290C8FC5AAB7E7FA2123FA26C7EA2000F5D7F6C6C5B00035C6C
+6C9038077F806C6C010E13C0013F011C13FE90380FC0F8903803FFE09026007F0013002F
+467DC436>I<EB01FE903807FFC090381F03F090387E00FC49137E48487F485A4848EB1F
+80000F15C049130F121F484814E01507A2007F15F090C7FCA25AA390B6FCA290C9FCA67E
+A27FA2123F16306C7E1670000F15606D14E06C6C14C0000314016C6CEB03806C6CEB0700
+013E131E90381F80F8903803FFE0010090C7FC242E7DAC2B>I<EC0FE0EC7FF8903801F8
+1E903803F03F90390FE07F8090381FC0FF5C133F495AA2ED7F0001FE131C92C7FCAFB67E
+A3C648C8FCB3B2486C7E007F13FFA321467EC51E>I<EE0F80D901FCEB7FE0903A0FFF81
+F0F090393F07E3819039FC01FF033A01F800FE014848017E13E00007027FC7FC497F000F
+8149131F001F81A9000F5D6D133F000792C7FC6D5B0003147E6C6C5B6D485A3903BF07E0
+90380FFF80260701FCC8FC90CAFCA25AA37F6C7E7F90B512F86C14FF16E06C15F86C6C80
+48B67E3A07C0000FFF48481300003FC8EA3F80003E151F48ED0FC0A2481507A56C150F00
+7C1680007E151F003E16006C153E6C6C5CD807E0495AD801F8EB07E0D8007FEB3F809026
+1FFFFEC7FC010113E02C427DAC31>I<EA01FC12FFA3120712031201B3EC01FE913807FF
+C091381E07F091383801F802707FECE000D9FDC07F5C01FF147F91C7FCA25BA35BB3A848
+6CECFF80B5D8F83F13FEA32F457DC436>I<EA01E0EA07F8A2487EA46C5AA2EA01E0C8FC
+ADEA01FC12FFA3120712031201B3B0487EB512F8A315437DC21C>I<143C14FFA2491380
+A46D1300A2143C91C7FCADEC7F80EB3FFFA31300147F143FB3B3AA123E127F39FF807F00
+A2147EA25C6C485A383C01F06C485A3807FF80D801FEC7FC195785C21E>I<EA01FC12FF
+A3120712031201B3A292381FFFE0A36F1300ED07F816E05E5E030EC7FC5D5D5D5D4A5A4A
+5A4AC8FC5CEC3F804A7E14FF9038FDCFE09038FF8FF01407496C7E01FC7F14016E7E8181
+6F7E82151F6F7E821507826F7E8282486C491380B5D8F81F13F8A32D457DC433>I<EA01
+FC12FFA3120712031201B3B3B3A5487EB512F8A315457DC41C>I<D801FC01FFEC1FE000
+FF010701E0EBFFFC913B0F03F801E07F913C3C01FC07803F800007903C7000FE0E001FC0
+000349D97E1C130F2601FDC0D97F38804A143001FFDA3FF06D7E91C75BA2495DA3495DB3
+A8486C4A6C497EB5D8F81FB50003B512E0A34B2C7DAB52>I<3901FC01FE00FF903807FF
+C091381E07F091383801F8000701707F0003EBE0002601FDC07F5C01FF147F91C7FCA25B
+A35BB3A8486CECFF80B5D8F83F13FEA32F2C7DAB36>I<EC7F80903803FFF090380FC0FC
+90383E001F496D7E496D7E48486D7E48486D7E48486D7E000F81A24848147E003F157FA2
+90C87E481680A44816C0AA6C1680A26D147F003F1600A2001F157E6D14FE000F5D6D1301
+00075D6C6C495A6C6C495A6C6C495A013E49C7FC90381FC0FE903807FFF89038007F802A
+2E7DAC31>I<3901FC03FC00FF90380FFF8091383C07E091387001F83A07FDE000FE0001
+0180137F01FFEC3F8091C7EA1FC04915E049140F17F0160717F8160317FCA3EE01FEABEE
+03FCA3EE07F8A217F0160F6D15E0EE1FC06D143F17806EEB7E00D9FDC05B9039FCF003F8
+91383C0FE091381FFF80DA03FCC7FC91C9FCAE487EB512F8A32F3F7DAB36>I<91387F80
+03903903FFE00790380FE07890393F801C0F90387E000E496D5AD803F8EB039F0007EC01
+BF4914FF48487F121F5B003F81A2485AA348C8FCAB6C7EA3123F7F121F6D5C120F6D5B12
+076C6C5B6C6C497E6C6C130E013F131C90380FC0F8903803FFE09038007F0091C7FCAEEE
+FF80033F13FEA32F3F7DAB33>I<3903F803F000FFEB1FFCEC3C3EEC707F0007EBE0FF38
+03F9C000015B13FBEC007E153C01FF13005BA45BB3A748B4FCB512FEA3202C7DAB26>I<
+90383FE0183901FFFC383907E01F78390F0003F8001E1301481300007C1478127800F814
+38A21518A27EA27E6C6C13006C7E13FC383FFFE06C13FC6C13FF6C14C06C14E0C614F001
+1F13F81300EC0FFC140300C0EB01FE1400157E7E153EA27EA36C143C6C147C15786C14F8
+6CEB01F039F38003E039F1F00F8039E07FFE0038C00FF01F2E7DAC26>I<1306A5130EA4
+131EA3133E137EA213FE12011207001FB512F0B6FCA2C648C7FCB3A4150CAA017E131C01
+7F1318A26D133890381F8030ECC070903807E0E0903801FFC09038007F001E3E7EBC26>
+I<D801FC147F00FFEC3FFFA300071401000380000181B3A85EA35DA212006D5B017E9038
+077F80017F010E13C06D011C13FE90380FC078903803FFF09026007F8013002F2D7DAB36
+>I<B539F001FFFCA3000790C7EA7FE06C48EC1F8000011600160E1200160C017F5CA280
+013F5CA26E1370011F146080010F5CA2ECF00101075CA26D6C48C7FCA26E5A01011306A2
+6D6C5AA214FF6E5AA215B8EC3FB015F06E5AA36E5AA26E5AA36EC8FC2E2C7EAA33>I<B5
+00E0B539E03FFF80A30007903C000FFE000FFC00D803FCD903F8EB03F8F001E012010301
+5D6D80000060A26D6E13036DD9037E91C7FCA20280017F5B013FD9063F1306A2D91FC06E
+5AED0C1FA2D90FE06E5AED180FA2D907F06E5AED3007A2D903F86E5AED6003A2902601FC
+E06D5AEDC00117FCD900FFECFD80ED800017FF027F92C8FC92C77EA26E147E023E143EA2
+021E143C021C141CA2412C7EAA46>I<B539F007FFFCA30003D9C00113C0C6496C130001
+7F14FC013F5C6E13E06D7E010F495A6D6C485A02F890C7FC903803FC060101130E6E5A90
+3800FF186E5AEC3FF05D141F140F6E7E81140FEC0DFCEC19FEEC38FF4A7E9138603F8002
+C07F0101131F49486C7E02007F01066D7E010E1303496D7E013C80017C80D801FC1580D8
+0FFE4913C0B5D8800F13FFA3302B7FAA33>I<B539F001FFFCA3000790C7EA7FE06C48EC
+1F8000011600160E0000150C6D141C6D1418A26E1338013F1430A26D6C5BA26E13E0010F
+5CA26D6C485AA2ECF803010391C7FCA2903801FC06A2ECFE0E0100130CA2EC7F18A215B8
+EC3FB0A2EC1FE0A36E5AA26E5AA36EC8FCA21406A35CA25CA2123C007E5BB4FC5CA25CEA
+FE01387C0380D87007C9FCEA3C1EEA0FFCEA03F02E3F7EAA33>I<003FB612E0A29038C0
+003F90C713C0003CEC7F800038ECFF00A20030495A0070495AA24A5A0060495AA24A5A4A
+5AA2C7485A4AC7FC5B5C495A13075C495A131F4A1360495A495AA249C712C0485AA2485A
+485A1501485A48481303A24848EB07804848131F00FF14FF90B6FCA2232B7DAA2B>I<B9
+FCA23002809B31>I<BF1280A26102809B62>I<001EEB0780007FEB0FE039FF801FF0EBC0
+3FA4EB801F397F000FE0001EEB07801C0A76C231>127 D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fv cmbx12 24.88 45
+/Fv 45 122 df[<96380FFFFE060FB612E04DB712FC051F16FF94B912C0040784041F18
+F8047F9126FC001F7F4BB6008001017F030702F8C8EA3FFF4B02E0030F7F033F02804B7F
+4B49C9127F92B54893B57E4A02F05D4A4A4B804A4A5D4A4A84634A91C9FC4A5BA24A5B51
+80755C91B5FC5EA3755CA2755C755C755CE23FFEC8FCF40FF899CAFCAF083FB612FCBFFC
+A9C702FCC912038787B3B3B3B2003FB800F0013FB812F0A9>116
+144 123 271 129 12 D[<EF01F8EF07FC170F171F177FEE01FF1607161F93B5FC150315
+3F0203B6FC49B7FCB9FCA615C3ECFC03EBFE00C8FCB3B3B3B3B3AE007FBC1280A9>81
+135 110 262 116 49 D[<93381FFFF00303B612E0033F15FC4AB812C0020717F0021F17
+FC027F17FF49BA12C0010719F049DA800F814901F8C715FE4901C0021F804948C8000781
+49486F814801F00300814849708048018070804890CA6C806E70804813F002FC7080486D
+70158080486E6F15C0817315E081B6836F19F0A3861DF8A56C5CA26C5CA26C5C6C91CAFC
+6C5B000113F826007FE01AF090CCFC62A21DE0A297B6FC1DC0A24F1580A24F150064A24F
+5C64614F5C644F5C644F91C7FC96B55A4E5C634E5C4E5C4E5C98C8FC4E5B4E5B4E5B95B5
+12E04D5C624D49C9FC4D5B4D5B4D13E04D5B4D5B4D48CAFC4C5B4C5B4C5B4C01C0ED0FF8
+4C5B4C90C9FC4C5A4C48EE1FF04B13F04B5B4B5B4B5B4B90CAFCDB3FFC173F4B4818E04B
+5A4A5B4A49177F4A90CBFC4A4818FF5D4A485F4A48053F13C04ABBFC91BCFC5B5B5B5B49
+1B805B5B90BDFC5A5A5A5A481C005A5ABEFCA464A4>93 135 117
+262 116 I[<933807FFFE93B612F8030FEDFF80033F16F04AB812FE0207717E4A18E002
+3F844A9026FC003F14FC49B500C00107804901FCC70001804901F06E6C14C04901C06F80
+4990C97E4A708049488549B46C6F8015E090B500F8846F8148878181A2481C808285A461
+A36C92C8FC1D006C5CA26D5B6D494B5C6D5B010713C0010190C95D90CB5A64A24F5C6461
+644F5C96B6C7FC634E5C4E5C4E14E04E5C063F5C95B548C8FC050314F80407B612E00307
+B712804B4BC9FC19F885F1FFC01AF86F16FF92C86C14C0060714F0060114FC7280073F6D
+7E738073807314F888738085881D807315C0A21DE0861DF0A21DF8A27414FCA41DFEEB7F
+F03801FFFC487F000F6D7E4880A248804880A3B67E1DFCA45014F8A34B19F07E97B612E0
+5D1DC06C5C4B4B15806C91C9FC02FC4C15006C494C5C6C01C0616E4C5C6C01F84C5C6C01
+FE4C5C6C6D6C4B5C6D01F04AB65A011F01FF020792C7FC6D02F8017F14FC010391B85A01
+0019E0023F1880020F4DC8FC020317F0DA007F1680030303F8C9FCDB000F49CAFC>95
+137 118 262 116 I[<F37FC0517E6262A2626262A2626297B5FC61A2616161A2616161
+96B6FCA2606060A2606060F07FEF19CF18FF4D138F4D130F18FE1707EF0FFCEF1FF8EF3F
+F018E0177FEFFFC04C138018005E4C5A4C5A4C5A5F163F4C5A4C5A5F5D4B90C7FC4B5A4B
+5A5E151F4B5A4B5A5E15FF4A5B4A90C8FC4A5A5D140F4A5A4A5A5D147F4A5A495B4990C9
+FC5C1307495A495A5C133F495A495A485B91CAFC5A485A485A5B121F485A485A485A90BE
+12FEA9CC003F02E0C7FCB3A6040FBA12FEA9>103 136 122 263
+116 I[<010E1AE0D91FC0F007F002F0183F02FFEF01FF03E0160F03FF4BB5FC04FE91B6
+5A93B95AA26499C7FC6363636363636398C8FC1AFC621AE06297C9FC19FC19F019C04ECA
+FC18F0DAF87F49CBFC92CEFCB3A394B5FC041F14F84BB77E030716E0031F16FC037F16FF
+02F9B912C002FBDA800F8091B526F0000114F893C86C7F03FC6F7F03F06F7F03C06F804B
+6F804AC96C804A854A70804A85854A856D5A90CC6C7FA21D80A21DC0A21DE086A21DF0A5
+1DF8A3EB7FC03801FFF000077F4813FE5A487F815A81B6FCA31DF0A41DE0625D6C1CC092
+CAFC5C1D806C01F894B6FC4A1A006C13C001F8CA485C6C6C626D5F0007636D4D5C6C6D61
+6C01E05E6C6D4C5C6E4C5CD97FFE93B548C7FC6D6C6C4A5C6D01E002075C010701FC023F
+5C6D9026FFE003B612C06D91B8C8FC6D6C5F021F17F0020717C0020194C9FC6E6C15F003
+0792CAFCDB007F13C0>93 137 117 262 116 I[<95380FFFE00503B6FC053F15C04CB7
+12F8040782043F16FF93B97E4B8403079126FE003F7F031F02E001037F4B91C87F92B500
+FCED3FFC4A02F06F7E4A02C0150F4A4A92B5FC4A91C812034A01FC5D4A494B14804A495D
+91B5FC494A4B14C0495C494A5DA24991C9FC5B5D5B5D5B90B57114805D48731400A2745B
+484A705B745B48070013E098C8FCA2485CA35AA35AA34B903807FFE0053FEBFF80484BB6
+12F04C15FC040F15FF4C16C04C16F093267FF803809327FF80003F13FEB600C190C7000F
+7FDBC3FC6E80DBC7F86E804C6E80DBCFE06E80DBDFC06F7F4C6F7F03FF8493C96C7F5D1D
+804B7014C0A21DE05D1DF0A25D7414F8A34B19FCA47E1DFEA25DA67EA56C80A46C1CFCA3
+7EA21DF87E81626C1CF0A26C1CE0A26D6D19C0626D1B806D6D1900626D6D606D6D4C5B70
+5F6D95B55A6D6E4A5C6D6E4A5C6E01F84A5C6E6D021F91C7FC6E01FF027F5B0207DAF007
+B55A6E91B712F00200606F1780031F4CC8FC030316F8030016C0041F4AC9FC04001480>
+95 137 118 262 116 I[<48B4FCA3487F14E014FE91B512F893BB12E0A45AA41EC01E80
+1E0048646565A2656565654899C7FCA26464646402E0CB5BD83FFCCB5A494E5B505B4997
+C8FC505A505A49183F505A007F4F5A63494D5B4F5B614F90C9FC4F5A4848604F5A4F5A19
+FFCB485B4E5B624E90CAFC604E5A61183F4E5AA24E5A5F615F4D5BA25F4D5BA25F96CBFC
+5FA24D5AA25EA24C5BA25EA25EA24C5BA25EA35E60A293B5FCA35DA35DA35D60A35DA65D
+A75DAE6F5CA36F5C6F91CCFC6F5B6F5B9238007FF0EE1FC0>99 142
+115 267 116 I[<F31FF0517E517EA2517EA3507FA25080A25080A35080A25080A35080
+A25080A397B67EA24F81A34F82A24F82A34F82A2DF1FFD811AFC62073F6D80A2DF7FF081
+871AE007FF6D80A24E01C081871A804E6E81A24E0100828761060F6E81A24E4883876106
+3F6F80A24E486E80A26106FF6F80A24D496E80A2614D7081A24D90C86C81A260050F7081
+A24D486F81A260053F7180A24D487080A26005FF7180A24C497080A2604C7281A24C90CA
+6C81A25F040F728194BDFC4C88A34C88A24C88A3DCFFE0CB001F80A24B497280A25F4B74
+81A24B90CC6C81A25E030F7481A24B487381A25E033F7580A24B487480A25E03FF7580A2
+4A497480A25E4A7681A24A90CE6C81A25D91261FFF8074810103B512FEB900C0040FBA12
+FEA9>159 145 120 272 176 65 D[<BFFC1EFEF6FFE01FFCF7FF8020E020FC8C7A7EC7
+00034ACA001F15E00B0381E3007F800C1F80788078800C01818E788179808B8E8B8E8B8E
+A27980A4791580AB551500A4555CA26A676A676A555C9CB65AA2545D5492C7FC545C5414
+F80C3F5C9BB65A5315800B0F4AC8FC0B7F14F80A1FB612E094BCC9FC1FF81F801FF8F7FF
+8020F020FE4DCA00016E7EE3003F14F00C07807814FE0C006E7E79807980798079807980
+8E7980791580A27915C023E08C23F0A223F88CA223FCA38C23FEAB5614FCA55614F8A29D
+B612F0A35515E06723C055158067551500555C555C9CB6FC0C035D5415E00C1F5D9BB75A
+0B0F93C7FCC212FC6921E021800EFCC8FC20F09DC9FC1FF00CFCCAFC>143
+142 120 269 165 I[<0803B500C0EE01F00703B600FEEE03F8077FDBFFE015070607B8
+00FC150F063F05FF151F4DBA00E0143F050F07F8147F053F07FE14FF94BC5B04039326F8
+000FECC003040F4BC86CEBF007043F03C0030F6D5A93B648C900036D5A4B03F09339007F
+FF3F030703C0051F90B5FC4B92CB7E033F02FC18034B02F08492B648844A0380193F4A92
+CD7E4A4A864A4A864A02F0864A4A864A8991B65A494B874992CF7E4C885B494A885E498B
+494A88A2495C8D90B65A8D5A5E48217FA24892D1FC223FA25A5DA248211FA3485CFA0FF0
+9FC7FCA25AA45DA3B6FCB27EA381A47EA46C80FA07F0FA0FF87EA2817EA36C6F1D1F23F0
+7E827E223F6D6E1EE0A26D6E1D7F23C06D6E1DFF7F705213806D806D55130070646D6F64
+6D6F515A6E6E1B1F6E6E515A6E6E515A6E6E1BFF6E6E505B6E6E505B6E6F4F5B6E03E04F
+90C7FC6F6EF13FFE6F02FC4F5A030F02FF4E485A6F03C005075B030103F0051F5B6F03FE
+057F1380043FDAFFE00303B5C8FC040F03FE033F13FC0403DBFFF80107B55A040093B812
+E0053F1A80050F4FC9FC050119F8DD003F18C0060795CAFCDE007F16F0070393CBFCDF00
+0314C0>141 146 115 271 168 I[<BE12FEF5FFFCF6FFC01FFCF7FF8020E020FC20FF21
+C0C7000392C9000116F0E2000F810B0015FE0C1F800C0315C00C00810D3F8079800D0714
+FE79807981796C808C7A807A808F7A807A808C8F7A818DA17E8DA17E8DA17EA27B80A2A1
+7E8DA17EA28DA17EA3A113808DA3A113C0A57B15E0A6A113F0B3A2A113E0A569A113C0A5
+A11380A269A2A11300A3575CA2A15AA269A15A69A15AA2575CA15A69A15A9EB6FC5692C7
+FC6B565C68565C565C565C565C9DB65A5592C8FC0D075C555C0D3F5C9CB65A0C0315C00C
+0F5D0C7F92C9FC0B07B612FC52B712F0C212C09ECAFC20FC20F020800DFCCBFC1FE00CFC
+CCFC53CDFC>156 142 120 269 178 I[<C21280A421C0A5C700030380C81201F40007F5
+007F0C1F14E01E071E018A1F3F8B8B8B7913F0A28B8BA2207FA3203F21F8201FA4200FA3
+21FC2007A4F47FC0A3F803FEA49DC7FCA31CFFA463A263A26363631B7F50B5FC1A1F95B8
+FCA9953880001F1A01747E1B1F878787A287A287A41C7FAA99CBFCB3AFBC12F0A9>127
+141 120 268 146 70 D[<BC1280A9C7000103C0C8FCB3B3B3B3B3B3B0BC1280A9>73
+142 121 269 87 73 D[<BC12F0A9C700030380CEFCB3B3B3B3A5F8FF80A4672100A667
+A368A21F07A41F0FA3555AA21F3FA21F7FA21FFFA2666668666666666653B5FC651D0F53
+5C1D7F0A03B6FC1C1F0903B7FCC1FCA468A5>121 142 120 269
+140 76 D[<B96C0C3FB812E07266729BB9FC7265A37265A27265C70003A101F8C8FC72F5
+0FF7A2706DF51FE7A3706EF43FC7A2706EF47F87A2706EF4FF07A2706EF301FEA3706EF3
+03FCA2706EF307F8A2706EF30FF0A2716DF31FE0A3716EF23FC0A2716EF27F80A2716EF2
+FF00A2716E4F5AA3716E4F5AA2716E4F5AA2716E4F5AA2726D4F5AA3726E4E5AA2726E4E
+5AA2726E4EC7FCA2726E4D5AA3726E4D5AA2726E4D5AA2726E4D5AA2736D4D5AA3736E4C
+5AA2736E4C5AA2736E4CC8FCA3736E4B5AA2736E4B5AA2736E4B5AA2736E4B5AA3746D4B
+5AA2746E4A5AA2746E4A5AA2746E4AC9FCA3746E495AA2746E495AA2746E495AA2746E49
+5AA3756D495AA2756E485AA2756E485AA2756E48CAFCA375ECF1FEA275ECFBFCA275ECFF
+F8A2755DA3765CA2765CA2765CA27691CBFCA3765B4A7F49B500FE715BB900FC51BB12E0
+765BA2765BA3775A775A775A>203 142 120 269 220 I[<B900C04EB912F8848484A284
+848485C7000399C7000302FCC7FC73DF000F90C8FC73745A858585A28570807081708182
+867081708170818286718071817181718183877181718171818487728172817281728184
+8872817281738085897381738173817381A27381738174807481868A7481748174817481
+A27481758075817581878B758175817581878B7680768176817681888C76817681768189
+8C7715807715C07715E07715F08921F87715FC7715FE7814FF8A22877815C77815E77815
+F77815FFA28A8A8B8B8BA28B8B8B8BA28B8C8C8C8CA28C8C8C8CA28D8D8D8D8DA24A6D88
+49B500FE88B900FC86227FA2223F221F220F2207A27C5A>165 142
+120 269 182 I[<97B512F0077FECFFE00607B712FE067FEEFFE00503B912FC051FF0FF
+80057F19E00403BB12FC040F9226E0007F14FF043F02FCC7000315C04C02E0DA007F804B
+B60080031F14F8030702FCC9000314FE4B4A70804B02E0706C80037F0280051F14E092B6
+CB6C804A4A72804A4A72804A02F00600804A4A737F4A4A73804A8B4A4A738091B6CD6C80
+494A7480A2494A7480494A7480498C4C86498D4C87498D494A7580A290B68B4C87488EA2
+4892CF6C80A3488E4B88A2488EA3484A761580A34823C0A5484A7615E0A7B621F0B36C23
+E0A26F64A56C23C0A46F646C2380A36C23006F64A26C6AA270636C6AA26C6A70636C6A70
+636D69A26D6E98B65AA26D6E505DA26D6E5092C7FC6D6870626D6E505C6D686D6F4F5C6E
+6E4F5C6E6E4F5CA26E6E96B65A6E6E4E92C8FC6E6E4E5C020102FF060F14F86E6F4D5C6F
+6E4D5C6F02F094B65A030F6E4C92C9FC6F02FE04075C03016E6C031F14F86F03F092B65A
+043F02FE020715C0040FDAFFF090B7CAFC040392B812FC04001AF0051F198005074ECBFC
+DD007F17E0060F94CCFCDE007F15E0070002F0CDFC>148 146 115
+271 175 I[<BE12F8F5FFF01EFF1FE01FFCF7FF8020E020F820FEC7000392C9000781E2
+003F15C00B03810B00810C3F8078800C07807880788178818E8B8E8B8E8B8EA28EA28B8E
+A42380AC2300A46A67A26AA26A676A676A9CB65A6A665492C7FC545C0C1F5C545C9BB612
+E00B075D0B3F5D0A07B648C8FC95BB12F820E0208055C9FC1FF09CCAFC1EF00BF8CBFC06
+80D0FCB3B3B2BB12FEA9>137 142 120 269 159 I[<BD12FCF4FFFCF5FFE01EFCF6FFC0
+1FF01FFE797E20E0C7000392C96C15F80A0181E2003F14FF0B07810B0115E0776C807880
+7880788078808A78818E7881A28E8B8EA37980A48EAA6AA3676AA26AA29CB65AA26A545D
+9FCAFC66545C545C545C545C9BB612C0535D0B074ACBFC0B3F5C52B612F00A7F15C095BB
+CCFC1FF81FC054CDFC1EF81EFE787E95C8000315E0E1003F14F80A0F14FE0A0380768176
+6C807780778077808C77807780A27781A27781A28DA28A8DA88DA98DA87BED1FC0A1EB3F
+E0A28AA28D8AA1137F7C15C08A7818FF7C1580786F5B781900BB00FC6F6F5B796E495A79
+02FEEB1FFC799139FFC07FF80D0792B55A0D015F796C5E0E1F5E0E034BC7FCD4001F14F8
+E7003F13C0>163 144 120 269 173 82 D[<93260FFFF8163E4BB600E0153F031F03FE
+5D037FDBFFC05C0203B800F05B020F05FC5B4A05FF5B027FF0C00F91B526FC000FECF01F
+010302C0D9007F6D5A4949C800076D5A4901F8030090B6FC4901E0163F4949160F494982
+90B5CA12014A834849844849181F87484984A2484984874886A248498588A24887A388A2
+B58680A36E85A3806E85A28080816C6E725A03F096C7FC8115FE6F7E6C15F0EEFF8017F8
+6CEEFFC018FC6CEFFFE019FE6CF0FFF01AFE6CF1FFC06C1AF01BFC6C1AFF6D1AC06D866D
+1AF86D866D866D866D876D87023F866E860207860201866E7E031F85030385ED007F0407
+1980EE003F050318C0EF001F060117E0F0000F1900080F15F01A031A007514F81B1F8787
+7514FC87A2007F86486C86A288A288A46D86A31EF87FA37F1EF0A26D626D1CE0A27F6D50
+13C0A26E1B806E616E1B0002F896B5FC6E4E5B6E4E5B6E6C5F03E04D5B03F84D5B03FE4D
+5BDBFFC093B55A04F803035C496CD9FF80021F91C7FCD9FC1F02FF49B55AD9F80792B75A
+496C19F049C66149011F18804901074DC8FC90C817F848031F16C04803004BC9FC007C04
+011480>102 146 115 271 129 I[<000FC312F8A6488EA304C0C7001F02FCC7120103F8
+C8F0000F03C01C0192C9737E02FC1E1F4A8A02E01E034A8A4A8A4890CA757EA249203F49
+201FA349200FA2492007A4492003007F8EA4498CA848487A1380A6CC99C7FCB3B3B3B3AA
+030FBD12F8A9>145 140 120 267 162 I[<BB00C00507B812F8A9C7001F4ACE000192C7
+FC71E1000713E06E791380A2846E5590C8FC846E555A846E555AA26E6F64223F846F545A
+846F545AA26F6E6469846F535B856F5390C9FC856F66210F856F535A856F535A8570525A
+A28570525A8570515B8570515BA2706F96CAFC688670515A8670515A867064203F867150
+5A8671505A8671636786714F5B87714F90CBFC87714F5AA287714F5A87714F5A87724E5A
+A2726E5E1FFF87724D5B87724D5B887296CCFC6688724D5A88724D5A8872601E3F88734C
+5A88734C5A88734B5BA21CFF734B5B1D8373038790CDFC1DC773EDCFFEA273EDEFFC1DFF
+A2735EA2745DA2745DA3745DA2745DA27492CEFCA3745CA2745CA2745CA3755BA2755BA2
+755BA2755BA27590CFFC755A>165 144 123 269 176 86 D<93B512FC037FECFFF00207
+B8FC023F17E091B912F84918FE0107727E499126C0007F14E04901E0C7000F80496D0203
+80496D020014FE6F6F7F90B570806F6F8085486E6F807380A27380A28885886C5CA26D49
+82886D5B6D5B010713C0010190CAFC90CCFCA90603B7FC050FB8FC0403B9FC167F0307BA
+FC153F4AB7EA807F020FEDE000023F02FCC7FC91B612E0010392C8FC4914FC011F14F049
+14C0495C90B548C9FC485C485C485C485C5A5D485CA24891CAFCA3B6FC5CA397B6FCA461
+806C60F107EF6C6E150F6F16CF6C183F6FDB7F8F806C6EDBFF0F14E06C02FCDA03FE15FE
+6C6E91260FFC0791B5FC6C6E6CD93FF817806C923AF803FFF003013F91B6487E010FEF80
+00010394C77E010004FC141F021F03F0140702010380DA007F1400DA000701F8CDFC695F
+79DD71>97 D[<ED1FF0017FB5FCB7FCA9EA003F1307A27FB3B296383FFFC00607B512FE
+063FECFFE04DB712F8050716FF051F17C0057F17F094B5D8C00F8004F301FCC714FE04F7
+01E0023F7F93B50080020F804DC86C14E005F80301804D6F804D707F05808294CA804C71
+7F4C7180A24C71808BA27680A28B88A28BA28BA3888BA52080B02000A56764A267A36764
+67A2525CA267647062704D91C7FC704D5BA2714C5B7193B55A05F04B5CDCBFF84B5CDC1F
+FC030F5C4B6CB44B91C8FC7001C0027F5B4B6C01F00103B55A4BC601FF013F14F04B6D90
+B712C04B011F94C9FC4B6D16FC4B010316F092C86C15804A030F02F8CAFC90CB49CBFC>
+113 144 121 270 129 I<94387FFFF0041FB612E093B712FE0307707E031F17F092B97E
+4A18FE020784021F9126F8000F14804A0280010014C04A49C74814E049B500F85C494A17
+F0494A5C495C494A4A14F84991C8FC5D495B90B5FC5D5A485C7314F05A4B6F14E05A7314
+C0487214804B93383FFE00F20FF84896C8FCA4485CA5B6FCB07EA281A37EA36C80A37E6F
+18FE6CF201FFA26C6E5F1CFE6C801B076C6EEF0FFC6D7F70EE1FF86DF13FF06D6E167F6D
+6EEEFFE06D02F84B13C06D6E5D6D02FF030F13806D03C0023F1300023F02F0903801FFFC
+6E9126FF801F5B020792B65A6E18C0020060033F4CC7FC030716F8030016C0041F4AC8FC
+DC007F13C0585F78DD67>I[<F53FE098B6FC4FB7FCA996C77E1B0FA287B3B294383FFF80
+040FB512FC93B71280030716E0031F16F8037F16FE4AB9128702074AC66C13C7021F02E0
+010713F74A91C890B6FC4A01FC153F49B548150F4902E081494A81494A814991CA7E495B
+8749498390B548835A5D5AA2485CA25A5D5AA35AA25D5AA5B6FCB07EA57E81A37EA27EA2
+817EA26C80A26C626C6E5F636D7F6D6D94B6FC6D606D6D1607705D6D6E4B81010102F015
+7F6D6E92B712FE6E01FE020301EF91B512806E6D6C011F13CF020FDAF801B5120F020391
+B612FE6E17F86E6C16E0030F16800301EDFC00DB003F14E0040049C74AC8FC>113
+144 120 270 129 I<94387FFFC0040FB6FC93B712E0030716FC031F16FF037F17C04AB9
+12F00207DAF80380021F912680003F13FE4A49C7000F7F4A01F802038049B5486E804902
+C06E6C7F494A6F7F4991C9FC49727F4949707F4B84498490B548707F5A4B198048855D48
+1CC086481CE05D5A871DF05AA25D5AA21DF887A2B6FCA392BBFCA51DF00380CDFCA77EA4
+817EA37EA2817EA26CF307F06FF00FF87E816C1B1F6F19F06C1B3F6D6DF07FE06D7FF4FF
+C06D6E4C13806D6E5E6D02F04C13006D6EEE1FFE6D6E4C5A6D6C01FFEEFFF86E02E00203
+5B6E02FC021F5B02079126FFC003B55A6E92B7C7FC020060033F17F8030F17E003011780
+DB003F03FCC8FC040315C0DC000F01F8C9FC5D5F7ADD6A>I[<95383FFF80050FB512F094
+B612FE040781041F16C0047F824BB87E0307DAF8077F031FDAC00F7F4B49C6487F4B495B
+92B500F0814A4A5B4A5C4A93B612805F4A91C7FC5C5E5C5E5C731400A24C6E5B91B56F5B
+A2735B070313E00700138097C8FCB3A4BA12F8A9C702FCCBFCB3B3B3B3A2003FB9FCA9>
+81 144 121 271 71 I<F5FFC093260FFFFC030F13F04BB600E0027F7F031F03FE49B512
+FE037F9226FF8007800203B8EAF01F020FDDFC3F15804A7148133F027FDA003F90B500F0
+14C091B500F80107ED807F4902E00101ECFC00010702806D6C5B93C87E49496F7F49496F
+7F49496F6D6D1380491A8077130090B5486F6E6C5AF503F84875C8FCA2484A6F80A44887
+AB6C63A46C6E4B5CA26C63A26D6D4B5CA26D97C9FC6D6D4B5B6D6D4B5B6D6D4B5B705C01
+0102E049B512E06D02F801075C4902FF013F5C4992B648CAFC496002F317F090260FE07F
+1680031F4BCBFC90261FC00115E0DB000F01FCCCFC013F91CFFCA3137FA280A380A28080
+806E7E15F092B812F06DF0FFE01BFEF3FFC06D1AF81CFE767E6D1BE06D87896D1BFE6D87
+7F6E878A0103BD7E130F013F8890BEFC4802E0C9003F814891CBFC4801FC180F48490601
+804849727E484985884849737F88A2B55A88A66E616C65A26E616C6D4F5B6C656E616C6D
+4F5B6C6D96B55A6C6D6C05035C6F5FC602F0051F49C7FC6D01FC057F5B6DD9FF800303B5
+5A010F02F8033F14E06DDAFFE0010FB65A010192B9C8FCD9003F19F8020F19E0020196C9
+FCDA001F17F0030194CAFCDB000192CBFC6A887ADD74>I[<ED1FF0017FB5FCB7FCA9EA00
+3F1307A27FB3B2963803FFFC073FEBFFE096B612F8060715FE061F6F7E4E16E095B87E4D
+D9FC03804DD9C000804D48C76C7FDD0FF880DD1FE0824D486E804D5A05FEC881DCF1FC81
+5F04F385EEF7F04D81EEFFC0A24D84A294C9FCA25EA35EA45EB3B3AFB9D8E001B912C0A9
+>114 143 119 270 129 I[<EC3FC0ECFFF0010313FC497F497F498049804980A290B67E
+A24881A86C5DA26D5CA26D5C6D5C6D91C8FC6D5B6D5B010013F0EC3FC091CAFCB3A3ED1F
+F0017FB5FCB7FCA9EA003F1307A27FB3B3B3B0B91280A9>49 144
+119 271 65 I[<ED1FF0017FB5FCB7FCA9EA003F1307A27FB3B3B3B3B3B3ACB912C0A9>
+50 143 119 270 65 108 D<DB3FE0912601FFFC943801FFFC017FB5031FD9FFE0041FEB
+FFE0B792B600FC93B612FC060303FF030315FF060F04C0020F16C0063F04F0023F16F095
+B86C91B87E4DD9FC036E49D9FC03804DD9C0006E49D9C000804D48C7003F6D4948C7003F
+7FDD0FF86EDB0FF880D8003F4B48714848830107DB3FC06E9126C03FC06E804D484E5A6D
+4BC86F48C881DCE1FE6FDAE1FE814D61DCE3F8DEF3F884DCE7F0F0F7F04D6F4B81DCEFC0
+F0FFC0A2DCFF804F84A294C993C9FCA24C61A34C61A44C61B3B3AFB900E090B900E090B9
+12E0A9B35D77DCC2>I<DB3FE0913803FFFC017FB5033FEBFFE0B792B612F8060715FE06
+1F6F7E4E16E095B87E4DD9FC03804DD9C000804D48C76C7FDD0FF880D8003FDB1FE08201
+074B486E804D5A6D03FEC881DCE1FC815F04E385EEE7F04D81EEEFC0A2DCFF8084A294C9
+FCA25EA35EA45EB3B3AFB9D8E001B912C0A9725D77DC81>I<94381FFFF00407B612C004
+7F15FC0303B87E030F17E0037F17FC4ABAFC4A9126FC007F80020F02C0010714E04A49C8
+80027F01F8033F13FC91B5486F7F4902C003077F494A6F804991C96C8049497080494971
+7F49874949717FA290B548717F48884B83481D80A2481DC04B83481DE0A2481DF0A3484A
+7114F8A4481DFCA5B61BFEAF6C1DFCA56C6E4D14F8A36C1DF0A36C1DE06F5F6C1DC0A26C
+6E4D1480A26C1D006F5F6C646D6D4D5B6F94B5FC6D636D6D4C5C6D6E4B5C6D6E4B5C6D02
+F0031F5C6D6E4B91C7FC6D6C01FE92B512FC6ED9FFC001075C6E02FC017F5C020791B812
+C0020196C8FC6E6C17FC031F17F003031780DB007F03FCC9FC040715C0DC001F01F0CAFC
+675F7ADD74>I<DB1FF091381FFFC0017FB50203B6FCB7021F15E095B712FC050316FF05
+0F17C0053F17F094B912FC04F1DAC01F8004F79026FC00018093B500E06D6C14C0D8003F
+93C86C8001074B030F8005F86F806D03E06F804D6F804D8194CA6C7F4C864C71805E7680
+A27680A27680A28B88A28BA288A28BA4882080B0200064A467A26467A3525CA267646764
+67647062704D91C7FC7094B55AA2714B5C714B5C714B5C05F84B5C71033F5C05FF4B91C8
+FC06C049B55A04FB01F001075C04F801FF017F14F07190B712C0051F94C9FC7116FC0503
+16F0DD007F1580060F02F8CAFC060049CBFC96CDFCB3ACB912E0A9718579DC81>I<DB7F
+C049B47E90B6021F13F8B7027F13FE4DB67E4D15E04D814D814D01077F94263FF00F7F94
+387FC01F4D48487FD8003F16000107DAC1FE491480EEC3FC6D5DEEC7F05F16CF5F16DF4D
+6D1400A204FFC76C5BA2735B4C6E5B735B070013C04C92C8FCA45EA65EB3B3AAB912FCA9
+515D79DC5F>114 D<92261FFFF814F80203B638C001FC023FEDFC0791B8121F010317FF
+130F013F9038F8001F4990C8FCD9FFF8153F4801E0150F484915034849814890CAFC197F
+4848173F191F485AA2007F180FA31907487EA27FA28002E0705A6E93C8FC14FC14FF15F0
+6CECFF8016FCEEFFF06CEEFF8018F06C17FE727E6C18E0856C18FC6C846C727E6C856D84
+011F846D841303010084023F83140F020183EC001FDB007F16801603DC000F15C0170018
+3F060F14E0007F1703486C82727E857F85857FA2857F1BC07FA27F1B806D5F7F1B006E5E
+6E5F6E163F6E4C5A02FC4C5A6E03035B6E6C4A5B03F0023F5B03FF0107B55A01F991B7C7
+FCD9F07F16FCD9E01F16F0D9800716C0D9000193C8FC48D9003F14F8007C020349C9FC4B
+5F78DD5C>I[<ED03FEA81507A5150FA4151FA3153FA2157FA215FFA25CA25C5CA25C5C5C
+5C91B5FC13035B131F017F91B712F00007BAFCBBFCA7C74AC9FCB3B3AAF101FFB1616E17
+FE82A219076E17FC836EEE0FF871131F6E6EEB3FF071137F6E6EEBFFE06EDAFF0313C06E
+92B512806E1700033F5D6F5D03075D030015E0041F1480040001FCC7FC>72
+132 124 258 90 I<DB0FF8F01FF0017FB594B6FCB74BB7FCA9D8003F94C77E0107190F
+A26D85B3B3B063A463A263A27F6398B6FCA26DF001FB7015036EEF07F3E00FE3806E6D15
+1FE07FC314FF6E6D6CDAFF83EDFFC06E6E010313036E02FCEB3FFE6E91B612FC020017F8
+6F16E0031F16800303EDFE00DB007F14F8040102C093C8FC725E77DC81>I<B90303B7FC
+A9D8000702F8CA000FEBFE006D6E050013E0666D6E6164826D5090C7FC836E4F5AA26E6E
+4C5AA26E6E4C5AA26E6E5F1C3F836E4F5A836E4F5AA26E6E4B5BA26E6E4B90C8FCA26F6E
+5D1B07846F4D5A846F4D5AA26F6E4A5AA26F6E4A5AA26F6E5D1BFF846F4C5B846F4C90C9
+FCA2706E485AA27002C05B1A0F7002E05B1A1F19F0704B5A19F8704B5AA2706E485AA270
+6E5B96B5FC7093CAFCA3715CA2715CA2715CA2715CA3715CA2715CA2715CA27191CBFCA2
+725AA3725A725A725A705D7BDB7B>I<B800FE017FB700F8023FB612F8A9D8000F02F0C8
+000702C0C9003FEBF800100313806D6E6F7390C7FC775E6D69706F6E1607A26D6E6F6277
+160F6D6970706D161FA26E6E6F61516D163F6E687192B6167FA26E68714A6F15FF6E6871
+4A608A6E9DC8FC714A6F5C6E6771DA0FFD17078A6E06F86071021F6F140F6E67714A486C
+161F8A6F4D6C5F72017F6F143F6F667249486C167F8A6F4D6C5F72487113FFA26F02F04A
+6C4B5B4F17C06F4C6D94C9FCDEF807715AA26F02FC496D4B5A070F17F06F4C6D5EDEFE1F
+EFF80FA26F02FF496E4A5A073F17FC704B6E5D07FFEFFE3FA2704B6E4A5A1FFF704B6E5D
+20FFA27092C86C5DA2704A6F92CAFCA3704A6F5CA2704A6F5CA3704A705BA27149705BA3
+7149705BA27149705BA37190CA6C5BA271487190CBFC7148715A9D5D7BDBA8>I<007FB8
+6C49B712FEA9C792C9000F02C0C7FC6E6E030101F0C8FC715F6E6E4B5B6E6E4B5B6E4E90
+C9FC6E6E5E71151F6E6E4B5A6E6E4B5A6E4E5A6F6E495B72495B6F6E495B6F806F6E4990
+CAFC6F4C5A72495A6F6E495A6F6E495A6F03815B705E7014C307E75B7091B5CBFC705D70
+5D705D6282705D715C8386718071807180837180864D814D815F4D81874D814D81DDFFF3
+804C13E14C01C1804C0180814E6C804C6E804C487F4C48824C486D804C486D804B496D80
+4B497F73804B49834B90C86C804B486F804B48814B486F804B48844C6F804A71804A496F
+804A49814A90CA814A487180023F7280010FB500E07080B8031FB812E0A9735C7CDB7B>
+I<007FB800C04AB71280A9D800034ACA000791C7FC6D080013F0775A6D6E4E5AA26E6E60
+64836E4F90C8FC836E4F5A836E4F5AA26E6E4C5AA26E6E5F1C3F6E6E5F1C7F836E4F5A84
+6F4D5B846F4D90C9FCA26F6E4A5AA26F6E5D1B0F846F4D5A846F4D5A846F4D5AA26F6E4A
+5AA2706E5C627002C091CAFC6219E0704B5A19F0704B5AA2706E485AA2706E485AA27002
+FE5B1A7F19FF704B5AA2715DA27192CBFCA2715CA2715CA3715CA2715CA2715CA2715CA2
+725BA27290CCFCA3725AA2725AA24E5AA24E5AA261187FA24E5AA24D5B13FE2603FF804A
+90CDFC000F13E0486D4A5A487F486D4A5AA260B56C141F4D5AA24D5A17FF604C5B4A4990
+CEFC6C5D4C5A6C49EB3FFC4A495A6C4948485A9026FE80075B270FFFC03F5B6C90B6CFFC
+6C5D6C15F86C6C5C011F14C0010749D0FC9038007FE071857CDB7B>I
+E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fw cmbx12 12 61
+/Fw 61 123 df<DB3FFEEB07FE0207B539C07FFF80023F02F1B512E0913CFFF003FFFE07
+F00103D980019038F81FF849494801F013FCD91FFC49EBE03F49485B18C0495A18804948
+EE1FF8A270EC07E07091C7FCABBA12F0A4C69026E000030180C7FCB3B2007FD9FFC1B67E
+A446457EC441>11 D<ED1FFE0203B512C0021F14F09139FFF803F8010390388000FC4990
+C77ED91FFCEB03FF013F5C5C495A4C13804948150082A3705AEE00F894C7FCA74BB51280
+B9FCA4C69038E00003B3B2007FD9FFC1B6FCA438457EC43E>I<EC01C01403EC0F80EC1F
+00143E5C14FC495A495A495AA2495A131F495AA249C7FC5B5B12015B1203A2485AA3485A
+A3121F5BA2123FA35B127FA612FFA25BAE7FA2127FA6123F7FA3121FA27F120FA36C7EA3
+6C7EA212017F12007F7F6D7EA26D7E130F6D7EA26D7E6D7E6D7E147C8080EC0F80EC03C0
+14011A6475CA2C>40 D<12E07E127C7E7E6C7E7F6C7E6C7E6C7EA26C7E7F137FA26D7E80
+131F80130F80A26D7EA36D7EA3801301A280A37F1580A615C0A2147FAE14FFA21580A615
+005BA35CA213035CA3495AA3495AA25C131F5C133F5C49C7FCA213FE5B485AA2485A485A
+485A5B48C8FC123E5A12F05A1A647ACA2C>I<B612F8A91D097F9A25>45
+D<EA0780EA1FE0EA3FF0EA7FF8EAFFFCA6EA7FF8EA3FF0EA1FE0EA07800E0E788D1F>I<
+EC3FF849B5FC010F14E090393FF01FF890397FC007FC49486C7E48496C7E48486D138048
+48EC7FC0A24848EC3FE0A2001F16F0A2003F16F849141FA2007F16FCA600FF16FEB3A300
+7F16FCA5003F16F86D143FA2001F16F0A2000F16E06D147F000716C0A26C6CECFF806C6C
+4913006C6D485A6D6C485A90393FF01FF8010FB512E0010314809026003FF8C7FC2F427C
+C038>48 D<EC03C01407141F147FEB03FF133FB6FCA313C3EA0003B3B3AFB712FCA42641
+77C038>I<ECFFE0010F13FE013FEBFFC090B612F02603FE017F3A07F0007FFED80FC0EB
+1FFF48486D138048C76C13C04816E001C07F01F06D13F012FF7F6F13F8A56C5A6C5A6C5A
+C9FC4B13F0A34B13E017C05D17804B13005E4B5A4B5A5E4B5AEDFF804A90C7FC4A5AEC07
+F84A5A4A5AEC3F804AC71278147E5CD901F014F8494814F0495A495A49C8FC013C140149
+140390B7FC4816E05A5A5A5A5A5AB812C0A42D417BC038>I<ECFFF0010713FF011F14C0
+D97F8013F09039FC003FFCD803F06D7E48486D7EA2D80FF86D138013FE001F16C07FA66C
+5A6C4815806C485BC81400A24B5A5E4B5A4B5A4B5A4A1380DA0FFEC7FC903807FFF85D15
+FF90C713C0ED3FF0ED1FFC6FB4FC6F138017C08117E017F081A217F8A2EA0FC0EA3FF048
+7EA2487EA317F05DA26C4815E04915C0495BD83F804913806C6C1500D80FF0EB3FFE6CB4
+EBFFF8000190B55A6C6C14C0011F49C7FC010113E02D427BC038>I<161F5EA25E5E5DA2
+5D5D5D5DA25D5D92B5FCEC01F715E7EC03C7EC0787140FEC1F07141E143C147814F8EB01
+F014E0EB03C0EB0780130FEB1F00131E5B5B13F85B485A485A485A120F90C7FC121E5A12
+7C5AB91280A4C8000F90C7FCAC027FB61280A431417DC038>I<0007150301E0143F01FF
+EB07FF91B55A5EA25E16E05E5E4BC7FC15F815E04AC8FC01C0C9FCAAEC3FF001C3B5FC01
+CF14C09039DFE03FF09039FE000FFC01F86D7E496D7E491580496D13C06C5AC814E08117
+F0A317F8A31206EA1FC0EA7FE07F12FF7FA317F05B5D6C4815E01380007CC714C06C5C6C
+16806D4913006C6C495AD807F0EB3FFCD803FEEBFFF0C6B65A013F1480010F01FCC7FC01
+0113C02D427BC038>I<4AB47E021F13F0027F13FC903901FF807F903A07FC001F804948
+130FD93FE0EB1FC04948137F01FFECFFE048495A481300A2485A120FA248486D13C0EE7F
+80EE1E00003F92C7FCA25B127FA3EC1FFE00FF90387FFFC091B512F09039F9E00FF89039
+FBC007FC9039FF8003FF4A7E17804915C06F13E05B17F0A317F85BA4127FA5123FA317F0
+6C7EA2000F16E05D6C6C15C017806C6C4913006C6D5A6C9038C00FFC90397FF03FF8011F
+B55A010714C0010191C7FC9038003FF82D427BC038>I<121E121F13FC90B712FEA44816
+FC17F817F017E0A217C01780481600007EC8127E007C157C16FC00784A5A4B5A4B5A00F8
+5D48140F4B5A4BC7FCC8127E157C15FC4A5A14035D14075D140F141F5D143FA2147F5D14
+FFA35BA34990C8FCA35BA65BAA6D5A6D5A6D5A2F447AC238>I<EC7FF00103B5FC010F14
+C090393F801FF090397C0007FC4848EB01FE48486D7E49800007168049143F000F16C016
+1F121FA27FA27F7F01FE143F6D158002C0137F02F014006C01FC13FEECFE016C9038FF83
+FCEDE7F06CECFFE06C15806C92C7FC6D14C06D80010F14F86D80011F80017F802601FE3F
+14802603FC0F14C02607F80314E04848C6FC48486D13F04848131F150748486D13F81500
+00FF157F90C8123F161F160FA21607A36D15F0A2007F150F6D15E0123F6DEC1FC06C6CEC
+3F806C6CEC7F00D807FEEB01FE3A03FFC00FFCC690B512F0013F14C0010F91C7FC010013
+F02D427BC038>I<EC7FF0903807FFFE011F6D7E90397FE03FE09039FF801FF048496C7E
+48486D7E00076E7E484880001F80003F16805B007F16C08117E012FFA217F0A617F8A400
+7F5CA4123F5D6C7E000F5C6C7E00035C6C6C131E6C6D5A90387FFFF8011F5B010301C013
+F090C8FCA317E05DA2EA03C0D80FF015C0487E486C15805D17004B5AA24B5A49495A6C48
+5C01C0EB7FE0000F4A5A2607F8035B6CB548C7FC6C14F86C6C13E0D907FEC8FC2D427BC0
+38>I<EA0780EA1FE0EA3FF0EA7FF8EAFFFCA6EA7FF8EA3FF0EA1FE0EA0780C7FCB0EA07
+80EA1FE0EA3FF0EA7FF8EAFFFCA6EA7FF8EA3FF0EA1FE0EA07800E2C78AB1F>I<EE1F80
+A24C7EA24C7EA34C7EA24B7FA34B7FA24B7FA34B7F169F031F80161F82033F80ED3E0703
+7E80157C8203FC804B7E02018115F0820203814B137F0207815D173F020F814B7F021F82
+92C77EA24A82023E80027E82027FB7FCA291B87EA2D901F8C700017F4A80A20103834A15
+7F0107834A153FA249488284011F8491C97E4984133E842601FFC083B6020FB612F0A44C
+457CC455>65 D<B9FC18F018FE727E26003FFCC7000713E005017F717FF03FFC85727E84
+1A80A27213C0A84E1380A21A00604E5A614E5A4D485A4D13C0051F90C7FC91B712FC18F0
+18FF02FCC7000313C0050013F0F03FFC727E727E7213801AC07213E0A27213F0A31AF8A8
+1AF0601AE0601AC0604E13804E1300F0FFFE050713F8BA5A19C04EC7FC18E045447CC350
+>I<DCFFF81470031F01FF14F04AB6EAE0010207EDF803023F9039E003FE07DAFFFEC7EA
+7F0F4901F0EC1FDF010701C0EC07FF4949804948C87E4948814948167F4948163F484916
+1F5A4849160FA248491607A24890CA1203A25A5B1901127FA296C7FC5B12FFAE127F7FA2
+1AF0123FA27F7E19016C6D17E0A26C6D16031AC06C6D16076C19806C6D160F6D6CEE1F00
+6D6C163E6D6C5E6D6C6C5D6D6DEC03F0010101F04A5A6D01FEEC3FC091283FFFE001FFC7
+FC020790B512FC020115F0DA001F1480030001F8C8FC44467AC451>I<B9FC18F018FE72
+7E26003FFEC7001F13E0050113F8716C7EF01FFF06077F727F727F727F197F86737EA273
+7EA2737EA21B80A2851BC0A51BE0AD1BC0A51B8061A21B00A24F5AA24F5A62197F4F5A4E
+5B4E5B4E5B061F90C7FC4E5A943801FFF8051F5BBA12C04EC8FC18F095C9FC4B447CC356
+>I<BA12F8A4D8001F90C700037FEF003F180F180318011800A2197C197E193EA2191EA4
+0578131F85A396C7FCA217F8A316011603161F92B5FCA4ED001F160316011600A30578EB
+01E0A3F103C0A394C7FCA21907A21A80190FA3191FA2193FF17F0061601807181F4DB5FC
+BBFC61A343447DC34A>I<BA1280A426003FFEC7001F13C01701EF007F183F181F180F18
+07A2F003E0A31801A4F000F0EE01E0A31900A31603A31607160F167F91B6FCA49138FE00
+7F160F16071603A31601A693C9FCB0B712F0A43C447CC346>I<B712E0A4D8001F90C7FC
+B3B3B3A6B712E0A423447DC32A>73 D<B712F0A426003FFECAFCB3B3F00780A4180F1900
+A460A360A2187EA218FE170117031707171F177FEE03FFB95AA439447CC343>76
+D<B500FE067FB512806E95B6FCA26F5ED8003F50C7FCA2013D6DEE03DFA2013C6DEE079F
+A26E6CEE0F1FA26E6C161EA26E6C163CA36E6C1678A26E6C16F0A26E6DEC01E0A26E6DEC
+03C0A36E6DEC0780A26F6CEC0F00A26F6C141EA26F6C5CA36F6C5CA26F6C5CA26F6D485A
+A26F6D485AA26F6D485AA3706C48C7FCA293383FF81EA2706C5AA2706C5AA3706C5AA270
+5BA2705BA2705BA213FFB66EC7007FB61280A2173E171C61447CC36A>I<B64BB512FE81
+81A2D8003F6D91390001FE006FED007881013D7F81133C6E7E6E7F6E7F6E7F6E7F82806E
+7F6E7F6F7E6F7F83816F7F6F7F6F7F6F7F6F7F8382707F707F707F707F8482707F707F71
+7E7113807113C019E0837113F07113F87113FC7113FE19FF847213F884848484A2848419
+7F193F191FA2190F190701FF1703B6160119001A78A24F447CC358>I<923807FFC092B5
+12FE0207ECFFC091261FFE0013F0DA7FF0EB1FFC902601FFC0EB07FF010790C7000113C0
+49486E7F49486F7E49486F7E49486F7E49486F7E48496F7E4819804A814819C091C97E48
+19E0A248487013F0A2003F19F8A3007F19FC49177FA400FF19FEAD007F19FC6D17FFA300
+3F19F8A36C6C4C13F0A36C6D4B13E0A26C6D4B13C06C19806E5D6C19006C6D4B5A6D6C4B
+5A6D6C4B5A6D6C4B5A6D6C4A5B6D01C001075B010101F0011F90C7FC6D01FEEBFFFE023F
+B612F8020715C002004AC8FC030713C047467AC454>I<B9FC18F018FE727ED8001F90C7
+001F13E005017F716C7E727E727E85721380A27213C0A31AE0A81AC0A34E1380A24E1300
+614E5AF0FFF84D5B051F13C092B7C7FC18FC18C092CBFCB3A9B712E0A443447DC34D>I<
+B812F8EFFFC018F818FED8001F90C7383FFF80050713E005017F716C7E727E85727EA272
+7FA286A762A26097C7FC61183F614E5A943801FFE005075B057F90C8FC92B612F818C084
+DB000113F89338003FFEEF0FFF717F717F858385A2717FA785A61B0F85A2187F1B1F726C
+131E72143EB700E06DEB807C72EBE0F80601EBFFF0726C13E0CC0007138050457DC354>
+82 D<DAFFE0131C010701FE133C013F9038FF807C90B6EAE0FC489038801FF93A03FC00
+03FF4848EB007F4848143F4848141F4848140F1607007F1503491401A2160012FF177CA2
+7F173C7F7F7F6D92C7FC6CB4FC14E014FE6CEBFFF015FF6C15E016FC6C816C6F7E6C826C
+826C6C81011F810107811300020F80140003077FED007F82040F138082A200F08182A382
+7EA218007EA26C5D5F7E6D4A5A13E06D4A5A01FC4A5AD9FF80EB3FE026FE7FF8EBFFC0D8
+FC1FB6C7FCD8F80714FC48C614F0480107138031467AC43E>I<003FBA12E0A49026FE00
+0FEB800301F0EE007FD87FC0EF1FF049170F90C71607007E1803007C1801A300781800A4
+00F819F8481978A5C81700B3B3A40107B8FCA445437CC24E>I<B76C010FB512F8A42600
+3FFEC9380FF800F103E0B3B3A9011F17076280190F6D60A26D6D4BC7FC6D5F6F153E6D6D
+5D6DEE01FCDA7FF84A5A6E6CEC0FF0DA0FFFEC3FE06E9039F003FF80020190B6C8FC6E6C
+14FC030F14E09226007FFEC9FC4D457CC356>I<B792B6FCA4C66C48C900031300013FEF
+007C6E17FC6D606F15016D608119036D606F15076D606F150F6D6081191F6D6D93C7FC61
+027F163E6F157E023F167C8119FC6E6D5C18016E5E7013036E5E8218076E6D5C180F6E5E
+70131F6E93C8FC705B037F143E82187E033F147C7013FC6F5C17816F5C17C117C36F5C17
+E76F5C17FF6F5CA36F91C9FCA2705AA2705AA3705AA2705AA2705AA250457EC355>I<B6
+00FE017FB691B512FEA426007FFCC8D83FFEC800011300F5003C6E70167C013F70177880
+7415F86D705F6F7014016D705FA26F7014036D64814E6D14076D646F70140F6D041E94C7
+FCA26F023E6D5C6DDC3C7F151E81027F037C6D5CF0783F6F70147C023F4B6C1578A26F01
+016F13F86E4B6C5D16806E02036F485A4E7E04C0EEE0036E4A486C5DA2DCE00FEDF0076E
+4B6C5D16F06E4A6F48C8FC051E7F04F8705A6E4A027F131EA2DCFC7CEDFE3E037F017802
+3F133C04FE16FF033F01F85E4D8004FF17F86F496E5BA36F496E5BA26F604D80A26F90C8
+6C5BA36F486F90C9FCA26F48167EA30478163C6F457EC374>I<001FB812FEA402F8C713
+FC02804913F849C75A01F816F0494A13E0495C4916C048485C4C138090C814005E003E4B
+5A5F5D4B5B003C5E5D5F4B5BC85A5F4B90C7FC5D5E4B5A5C5E4A5B5C5E4A5B5C5E4A90C8
+FC5C5D4A5A49160F5D495B5B5D4949141F5B4B141E5B4990C8FC4A153E13FF485B4A157E
+5A484915FE4A14014816034A14074849140F48EE3FFC91C812FF4848140FB9FCA438447A
+C344>90 D<903807FFF0017F13FF48B612C03A03FC007FF0486CEB1FF8486CEB0FFE6F7E
+A26F7FA26F7F6C5A6C5AEA00F090C7FCA44AB5FC147F0107B6FC013F13C19038FFF80100
+0313E0481380381FFE00485A5B127F5B12FF5BA35DA26D5B6C6C5B003F141ED81FFE4913
+F83C0FFF80F87FFFC00003EBFFF0C6ECC01F90390FFE0007322C7DAB36>97
+D<EB7FC0B5FCA412037EB3ED1FF802C1B5FC02C714E09139DFC03FF89139FF000FFC02FC
+EB03FE4A6D7E4A15804A6D13C04A15E0177F18F0A2EF3FF8A318FCAB18F8A3177F18F0A2
+18E017FF6E15C06E4913806E491300027C495A496C495A903AFC1FC07FF0D9F807B512C0
+D9F00191C7FC9039E0003FF036457DC43E>I<EC3FFF0103B512F0010F14FC90393FF001
+FE9039FFC003FF4849481380481300485A485A121F5B003F6E13006F5A007FEC00784991
+C7FCA312FFAA127FA27FA2123FEE03C06C7E16076C6C15806C6C140F6C6DEB1F006C6D13
+3E6C6D13FC90393FF807F8010FB512E0010314809026003FF8C7FC2A2C7CAB32>I<EE03
+FEED07FFA4ED001F160FB3EC3FF0903803FFFE010FEBFF8F90393FF807EF9039FFC001FF
+48903880007F4890C7123F4848141F4848140F121F5B123FA2127F5BA312FFAB127FA36C
+7EA2121F7F000F151F6C6C143F0003157F6C6C14FF6CD9C0037F90277FF01FCF13FC011F
+B5120F010313FC9038007FE036457CC43E>I<EC3FFC0103B57E011F14E090393FF81FF8
+9039FFC007FC48496C7E48496C7E48486D13804848147F17C0485A003FED3FE0A2127F49
+15F0A2161F12FFA290B7FCA301F0C9FCA5127FA36C7EA217F06C7E000F15016C6C15E016
+036C6CEC07C0C66DEB1F80D97FE0EB7F0090393FFC03FE010FB512F8010114E09026001F
+FEC7FC2C2C7DAB33>I<4AB4FC021F13E091B512F00103EB83F8903907FE0FFCD90FFC13
+FE90381FF81F133FEB7FF0A2EBFFE0ED0FFCA2ED03F092C7FCABB612F8A4C601E0C7FCB3
+B2007FEBFFE0A427457DC422>I<177E9139FFE003FF010FD9FE071380013F9039FF9F9F
+C0903AFFC07FFE3F489038001FF84848130F4848EB07FC000F9238FE1F80001F9238FF0F
+00496D90C7FCA2003F82A7001F93C7FCA26D5B000F5D00075D6C6C495A6C6C495A489038
+C07FE091B51280D8078F49C8FC018013E0000F90CAFCA47F7F7F90B612C016FE6C6F7E17
+E06C826C16FC7E000382000F82D81FF0C7123FD83FC014074848020113808248C9FC177F
+A46D15FF007F17006C6C4A5A6D1403D81FF8EC0FFCD807FEEC3FF03B01FFC001FFC06C6C
+B6C7FC010F14F80100148032417DAC38>I<EB7FC0B5FCA412037EB3ED07FE92383FFFC0
+92B512F09139C3F03FF89139C7C01FFC9138CF000F02DE8014FC4A6D7EA25C5CA35CB3A8
+B60083B512FEA437457CC43E>I<13FC487E487E4813804813C0A66C13806C13006C5A6C
+5A90C7FCACEB7FC0EA7FFFA412037EB3B0B6FCA418467CC520>I<EB7FC0B5FCA412037E
+B393387FFFE0A493380FF800EE07E0EE1FC04CC7FC167E5EED03F8ED07E04B5A4B5A037F
+C8FC15FEECC1FCECC3FE14C7ECDFFF91B57E82A202F97F02E17F02C07FEC807F6F7E826F
+7E816F7F836F7F816F7F83707E163F17FFB60003B512F8A435457DC43B>107
+D<EB7FC0B5FCA412037EB3B3B3A5B61280A419457CC420>I<90277F8007FFEC0FFEB501
+3F01C090387FFF8092B5D8F001B512E0913D81F81FFC03F03FF8913D87C00FFE0F801FFC
+000390268F000790381E000F6C019E6E488002BC5D02B86D496D7E14F84A5DA24A5DA24A
+5DB3A8B60081B60003B512FEA4572C7CAB5E>I<90397F8007FEB590383FFFC092B512F0
+913983F03FF8913987C01FFC000390388F000F6C019E8014BC02B86D7E14F85C5CA35CB3
+A8B60083B512FEA4372C7CAB3E>I<EC1FFC49B512C0010F14F890393FF80FFE90397FC0
+01FF4848C7EA7FC048486E7E48486E7E000F8249140F001F82A2003F82491407007F82A3
+00FF1780AA007F1700A46C6C4A5AA2001F5E6C6C4A5AA26C6C4A5A6C6C4A5A6C6D495A6C
+6D485B90273FF80FFEC7FC010FB512F8010114C09026001FFCC8FC312C7DAB38>I<9039
+7FC01FF8B500C1B5FC02C714E09139DFC03FF89139FF001FFC000301FCEB07FE6C496D7E
+4A15804A6D13C04A15E08218F0177F18F8A3EF3FFCAB18F8177FA318F017FF18E05E6E15
+C06E4913806E4913006E495A6E495A9139DFC07FF002C7B512C002C191C7FC9138C03FF0
+92C9FCAFB67EA4363F7DAB3E>I<DA3FF0131E902603FFFC133E010F01FF137E903A3FF8
+0FC0FE9039FFE003E0489038C001F14890388000FB4890C7127F4848143F001F151F5B00
+3F150F5B127FA35B12FFAB6C7EA3123F7F121F6D141F000F153F6C6C147F6C15FF6C6D5A
+6C9038E003EF90393FF01FCF6DB5120F010313FC9038007FE091C7FCAF0307B512FCA436
+3F7CAB3B>I<90387F807FB53881FFE0028313F091388F87F891389F0FFC000390389E1F
+FE6C13BC14B814F814F0A29138E00FFCED07F8ED01E092C7FCA25CB3A6B612E0A4272C7D
+AB2E>I<90391FFE038090B512CF000314FF380FF003391FC0007F48C7123F48141F007E
+140FA200FE1407A27E7F6D90C7FC13F0EBFF806C13FCECFF806C14E015F86C14FE6C8012
+03C61580013F14C01301D9000F13E0140000F0147F153F6C141FA2150F7E16C07E6C141F
+168001C0133F6DEB7F009038F801FC00FCB55AD8F03F13E026E007FEC7FC232C7CAB2C>
+I<EB01E0A51303A41307A2130FA2131FA2133F137F13FF1203000F90B51280B7FCA3C601
+E0C7FCB3A4ED01E0A91503D97FF013C0A2013FEB0780ECF80F90391FFC1F00903807FFFE
+010113F89038003FE0233F7EBE2C>I<D97FC049B4FCB50103B5FCA40003EC000F6C81B3
+A85EA25EA26C5DA26E5B017FD901F7138090273FF807E713FE010FB512870103EBFE0790
+38007FF8372C7CAB3E>I<B6903803FFFCA4000101C09038007F806EEC3E006C163C8001
+7F5D8017F8013F5D6E1301011F5D6E1303010F5D6E13076D5DED800F6D92C7FC15C05E6D
+EBE01E163E6D143CEDF07C027F1378EDF8F8023F5B15FD021F5B15FF6E5BA36E5BA26E90
+C8FCA26E5AA26E5AA21578362C7EAB3B>I<B5D8FE1FB539801FFFF0A400039027C0007F
+E0C7EAFE006C033F157C7114786E17F86C6F6C5C6E1601017F6E6C5CA26E011F1403013F
+6F5C6E013F1407011F6F5CA26E0179140F010F048090C7FC6E01F95C6D02F0EBC01E1580
+6D902681E07F5B18E003C3157C6D9139C03FF07815E76DDA801F5B18F803FF14F96E9039
+000FFDE018FF6E486D5BA36E486D5BA26E486D90C8FCA24B7F02075DA26E48147C4B143C
+4C2C7EAB51>I<B500FE90383FFFF0A4000101E0903807F8006C6DEB03E06D6C495A013F
+4A5A6D6C49C7FC6E5B6D6C137E6DEB807C6D6D5A6DEBC1F0EDE3E06DEBF7C06EB45A806E
+90C8FC5D6E7E6E7F6E7FA24A7F4A7F8291381F3FFCEC3E1F027C7F4A6C7E49486C7F0103
+6D7F49487E02C08049486C7F49C76C7E013E6E7E49141F48B46E7EB500E090B512FCA436
+2C7EAB3B>I<B6903803FFFCA4000101C09038007F806EEC3E006C163C80017F5D8017F8
+013F5D6E1301011F5D6E1303010F5D6E13076D5DED800F6D92C7FC15C05E6DEBE01E163E
+6D143CEDF07C027F1378EDF8F8023F5B15FD021F5B15FF6E5BA36E5BA26E90C8FCA26E5A
+A26E5AA21578A215F85D14015D001F1303D83F805B387FC007D8FFE05B140F92C9FC5C14
+3E6C485A5C383F07F0381FFFC06C5BD801FCCAFC363F7EAB3B>I<001FB71280A39026FC
+000F130001E05B49495A49495A90C75B15FF003E495B5E4A5B003C5B4A5B93C7FC5C4A5A
+C7485A5D14FF495B5D495B5B495B92380007805B495A495A4A130F01FF1500485B5C4849
+5B5A485B91C75A485D48485C4848EB03FE49131FB7FCA3292C7DAB32>I
+E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fx cmti10 10.95 6
+/Fx 6 117 df<147E49B47E903907C1C38090391F80EFC090383F00FF017E137F491480
+4848133F485AA248481400120F5B001F5C157E485AA215FE007F5C90C7FCA21401485C5A
+A21403EDF0385AA21407EDE078020F1370127C021F13F0007E013F13E0003E137FECF3E1
+261F01E313C03A0F8781E3803A03FF00FF00D800FC133E252977A72E>97
+D<EE3F80ED1FFF1700A2ED007FA2167EA216FEA25EA21501A25EA21503A25EA21507A25E
+147E903801FF8F903807C1CF90391F80EFC090383F00FF017E137F5B48486D5A485AA248
+5A000F92C7FC5B001F5CA24848137EA215FE127F90C75AA214015A485CA2140316384814
+F0A21407167891380FE070127C021F13F0007E013F5B003E137FECF3E1261F01E35B3A0F
+8781E3802703FF00FFC7FCD800FC133E294077BE2E>100 D<EC3F80903801FFE0903807
+E0F890381F803CEB3E0001FC131E485A485A12074848133E49133C121F4848137C15F8EC
+03F0397F000FE0ECFF80B5EAFC0014C048C8FCA45AA61506150E151E007C143C15786C14
+F0EC01E06CEB07C0390F801F003807C0FC3801FFF038007F801F2976A72A>I<1478EB01
+FCA21303A314F8EB00E01400AD137C48B4FC38038F80EA0707000E13C0121E121CEA3C0F
+1238A2EA781F00701380A2EAF03F140012005B137E13FE5BA212015BA212035B14381207
+13E0000F1378EBC070A214F0EB80E0A2EB81C01383148038078700EA03FEEA00F8163E79
+BC1C>105 D<D801F0D93F80137F3D07FC01FFE003FFC03D0F3E07C1F80F83F03D0E1F0F
+00FC1E01F8001E011C90387C3800001C49D97E707F003C01F05C0038157F4A5C26783FC0
+5C12704A91C7FC91C7127E00F003FE1301494A5CEA007EA20301140301FE5F495CA20303
+1407000160495C180F03075D0003051F13E0494A1480A2030FEC3F810007F001C0495CA2
+031F91383E0380120F494AEC0700A2033F150E001FEF1E1C4991C7EA0FF80007C7000EEC
+03E0432979A74A>109 D<EB01C0EB03F01307A25CA2130FA25CA2131FA25CA2133FA291
+C7FCA2007FB51280B6FC1500D8007EC7FC13FEA25BA21201A25BA21203A25BA21207A25B
+A2120FA25BA2121F141C1380A2003F133C1438EB0078147014F05C495AEA1F03495A6C48
+C7FCEA07FCEA01F0193A78B81E>116 D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fy cmtt10 10.95 15
+/Fy 15 120 df<120FEA3FC0EA7FE0A2EAFFF0A4EA7FE0A2EA3FC0EA0F000C0C6E8B30>
+46 D<16E0ED01F0ED03F8A2150716F0150F16E0151F16C0153F1680A2157F16005D5D14
+015D14035D14075D140F5D141F5DA2143F5D147F92C7FC5C5C13015C13035C13075C130F
+5C131F5CA2133F5C137F91C8FC5B5B12015B12035B12075B120F5BA2121F5B123F5B127F
+90C9FC5A5AA2127C123825477BBE30>I<120FEA3FC0EA7FE0A2EAFFF0A4EA7FE0A2EA3F
+C0EA0F00C7FCAF120FEA3FC0EA7FE0A2EAFFF0A4EA7FE0A2EA3FC0EA0F000C276EA630>
+58 D<EB7FFC0003B57E000F14E015F84880819038E007FF02017F390FC0007F6C48133F
+C87F151FA391B5FC130F137F48B6FC12075A003FEB801FEBF800EA7FE0138048C7FC5AA4
+6C143F6C6C137F6D13FF383FF80F90B712C06C16E07E000314E7C6140390263FF80013C0
+2B277CA630>97 D<913801FFE04A7F5CA28080EC0007ABEB03FE90381FFF87017F13E790
+B6FC5A5A481303390FFC007FD81FF0133F49131F4848130F5B007F140790C7FCA25A5AA7
+7E7E150F7F003F141F7F6D133F6C6C137F390FF801FFEBFE076CB712C06C16E06C02F713
+F06C6C13C7011F010713E0902607FC0313C02C387DB730>100 D<EA3FFC487E12FFA212
+7F123F1200ABEC03FE91380FFFC0023F7F91B57E90B67E82ECFE07ECF00102E07FECC000
+5C91C7FCA35BB33B3FFFF81FFFF8486D4813FCB500FE14FEA26C01FC14FC6C496C13F82F
+3880B730>104 D<14E0EB03F8A2497EA36D5AA2EB00E091C8FCA9381FFFF8487F5AA27E
+7EEA0001B3A9003FB612C04815E0B7FCA27E6C15C023397AB830>I<EA7FF8487EA4127F
+1200AB0203B512804A14C017E0A217C06E14809139001FE0004B5A4B5A4BC7FC4A5A4A5A
+EC0FF84A5A4A5A4A5A4A5A01FD7F90B57E8114F7ECE3F8ECC1FCEC81FEEC00FF497F496D
+7E6F7E826F7E15076F7E6F7E3B7FFFF81FFFE0B56C4813F017F8A217F06C496C13E02D38
+7FB730>107 D<267FC0FC137E3BFFE7FF03FF8001EF01877F90B500CF7F92B57E7E0007
+010F1387496CEB03F89039FC03FE0101F813FC01F013F8A301E013F0B3A23C7FFE0FFF07
+FF80B548018F13C0A46C486C01071380322781A630>109 D<393FFC03FE3A7FFE0FFFC0
+00FF013F7F91B57E6CB67E6C81C6EBFE07ECF00102E07FECC0005C91C7FCA35BB33B3FFF
+F81FFFF8486D4813FCB500FE14FEA26C01FC14FC6C496C13F82F2780A630>I<393FFC03
+FE3A7FFE1FFF8000FF017F13E090B612F86C816C81C69038FE07FFECF001DAC00013804A
+EB7FC091C7123FEE1FE05B160FA217F01607A7160F17E07F161F17C06E133F6EEB7F806E
+13FFDAF00313009138FC0FFE91B55A5E495C6E5B021F1380DA03FCC7FC91C9FCAE383FFF
+F8487FB57EA26C5B6C5B2C3B80A630>112 D<3A3FFF800FF8489038C07FFFB500C1B512
+8014C36C01CF14C06C13DF3A001FFFFC3F15E09238801F809238000F0002FC90C7FCA25C
+5CA25CA35CAF003FB512FC4880B7FCA26C5C6C5C2A277EA630>114
+D<EB0780497E131FA9003FB612E04815F0B7FCA36C15E026001FC0C7FCB216F8ED01FCA4
+150302E013F890380FF0079138F81FF06DB5FC16E06D14C06D14006D6C5AEC1FF026327E
+B130>116 D<D83FFCEB3FFC486C497E00FF14FFA2007F147F003F143F00001400B3A415
+01A215036D130F90387FC03F91B612F86D15FC17FE6D5B010701F813FC01019038C07FF8
+2F2780A630>I<3B3FFFC01FFFE0486D4813F0B515F8A26C16F06C496C13E0D807E0C7EA
+3F00A26D5C0003157EA56D14FE00015DEC0F80EC1FC0EC3FE0A33A00FC7FF1F8A2147DA2
+ECFDF9017C5C14F8A3017E13FBA290393FF07FE0A3ECE03FA2011F5C90390F800F802D27
+7FA630>119 D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: Fz cmsy10 10.95 2
+/Fz 2 25 df<EE3FFC0307B512E0033F14FC92B7FC0203D9E00713C0DA0FFCC7EA3FF0DA
+1FE0EC07F8DA3F80EC01FC02FEC9127FD901F8EE1F804948707E4948707ED90F80EE01F0
+49CB7E013E187C49840178181E01F8181F4848F00F804848F007C049180300071AE04918
+01000F1AF090CDFC481AF8001E1A78A2003E1A7C003C1A3CA2007C1A3E00781A1EA300F8
+1A1F481A0FAD6C1A1F00781A1EA3007C1A3E003C1A3CA2003E1A7C001E1A78A2001F1AF8
+6C1AF06D180100071AE06D180300031AC06D18076C6CF00F806C6CF01F000178181E017C
+183E6D606D606D6C4C5AD907E0EE07E06D6C4C5A6D6C4C5AD900FE047FC7FCDA3F80EC01
+FCDA1FE0EC07F8DA0FFCEC3FF0913B03FFE007FFC0020090B6C8FC033F14FC030714E092
+26003FFCC9FC50557BC05B>13 D<D91FE01620D97FF816703801FFFE486D7E48804814F0
+9038E01FF8271F8007FC15E0393E0001FE003CD9007F1401007CDA3FC013030078DA0FE0
+14C00070DA07F81307DB03FEEB1F8048913A01FF807F006F90B5FC043F5B705B04075B04
+0113E000409238007F803C157BA047>24 D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: FA cmr10 10.95 38
+/FA 38 122 df<EC0FC0EC3FE0ECF878903801F018903803E01C903807C00C130FEC800E
+011F1306A2EB3F00A4150EEC800CA2151C5D153015705D6D6C5A14C1ECC38002C7CAFC02
+EE91383FFFFCEB0FEC14FC4A020313C06D48913800FE006E15F818706D6C1560010716E0
+496C5D011D1501D939FF4A5A017093C7FC496D5B0001017F1406496C6C130E00036E5B26
+07801F1418000F6E1338001F6D6C5B383F0007486E5B6E6C485AEC01FF486D495A0487C8
+FCED7FCEED3FEEDB1FFC14186D6D5AA2007F6E6C14386D6D6C1430003F4A6C14706D496C
+6C13E0001F91391E3FC0016C6C903AFC1FF003C03D07FC07F007FC0F800001B5D8C001B5
+12006C6C90C7EA7FFCD90FF8EC0FF03E437CC047>38 D<1430147014E0EB01C0EB038013
+07EB0F00131E133E133C5B13F85B12015B12035B1207A2485AA348C7FCA35AA2123EA212
+7EA4127CA312FCB2127CA3127EA4123EA2123FA27EA36C7EA36C7EA212037F12017F1200
+7F13787F133E131E7FEB07801303EB01C0EB00E014701430145A77C323>40
+D<12C07E12707E7E121E7E6C7E7F12036C7E7F12007F1378137C133C133EA27FA3EB0F80
+A314C0A21307A214E0A41303A314F0B214E0A31307A414C0A2130FA21480A3EB1F00A313
+3EA2133C137C137813F85B12015B485A12075B48C7FC121E121C5A5A5A5A145A7BC323>
+I<B512FEA617067F951E>45 D<121EEA7F80A2EAFFC0A4EA7F80A2EA1E000A0A798919>
+I<14C013031307131F137FEA07FFB5FC139FEAF81F1200B3B3ACEB7FF0B612F8A31D3D78
+BC2D>49 D<EB07FC90383FFF8090B512E03903F01FF839078007FC390F0001FE001E6D7E
+001C158048EC7FC05AED3FE01260B4FC6DEB1FF07FA56C5A6CC7FC120CC813E0153FA216
+C0157F168015FF16004A5A5D4A5A4A5A5D4A5A4A5A4AC7FC147E147C5C495AEB03C0495A
+49C8FC011E14305B13385B491460485A485A48C8FC000E15E0001FB6FCA25A4815C0B7FC
+A3243D7CBC2D>I<EB03FCEB1FFF90387E07C09038FC03F048486C7E48486C7E4848137C
+000F147E4848137F81003F15805B007F15C0A2151F12FF16E0A516F0A5127F153FA36C7E
+A2001F147F120F6C6C13FF6D13DF000313013900F8039F90387E0F1FD91FFE13E0EB07F0
+90C7FCA2ED3FC0A41680157FD80F801400487E486C13FEA24A5A5D49485AEB8007391E00
+0FE04A5A260FC07FC7FC3803FFFE6C13F838003FC0243F7CBC2D>57
+D<121EEA7F80A2EAFFC0A4EA7F80A2EA1E00C7FCB3121E127FEAFF80A213C0A4127F121E
+1200A412011380A3120313005A1206120E120C121C5A1230A20A3979A619>59
+D<1507A34B7EA34B7EA24B7EA34B7E156FA2EDEFF815C7A291380187FC1583A291380303
+FE1501A291380600FFA34A6D7EA34A6D7EA34A6D7EA20270800260130FA202E0804A1307
+A201018191B6FCA2498191C71201A201068182A2496F7EA3496F7EA3496F7EA21370717E
+13F800014C7ED80FFE4B7EB500E0010FB512F8A33D417DC044>65
+D<011FB512FCA3D9000713006E5A1401B3B3A6123FEA7F80EAFFC0A44A5A1380D87F005B
+006C130700705C6C495A6C495A000F495A2603C07EC7FC3800FFF8EB3FC026407CBD2F>
+74 D<D907FC130C90391FFF801C017F13F03A01FC03F83C3A03F0003E7CD807C0EB1FFC
+48481307001F140348C71201003E1400127E167C007C153C12FCA2161CA36C150CA27EA2
+6C6C14007F7FEA3FF8EBFF806C13F86CEBFF806C14F06C14FC6C14FF6C15C0013F14E001
+0714F0EB007F020713F89138007FFC150FED07FE15031501ED00FFA200C0157FA3163FA2
+7EA36C153EA26C157E167C6C15FC6C15F86C14016DEB03F001E0EB07E0D8F9F8EB0FC03A
+F07F803F803AE01FFFFE00010713F839C0007FC028427BBF33>83
+D<003FB91280A3903AE0007FE00090C76C48131F007EEF0FC0007C170700781703007017
+01A300601700A5481860A5C81600B3B14B7E4B7E0107B612FEA33B3D7DBC42>I<B500FE
+017FB5D88003B5FCA3000301C0010101E0C7EA7FF86C90C849EC0FE07148EC07807E716C
+150080017F1906717E6E180E013F190C4D7E80011F614D7E17676D6C60EFE7FC17C36D6C
+6084EE01816D6C60A24CC67E6D6C4D5AA20406EB7F806E17036D96C7FC4CEB3FC003805E
+027F17064CEB1FE003C0160E023F170C4CEB0FF015E0021F5F047014F804601307DA0FF0
+5E04E014FC4C1303DA07F85E19FEDBF9801301DA03FD5EA203FFC812FF6E5FA24B157F02
+0094C8FCA24B81A2037C153E0378151EA20338151C0330150C58407EBD5D>87
+D<EB0FF8EBFFFE3903F01F8039070007E0486C6C7E9038E001F8D81FF07F6E7EA3157F6C
+5AEA0380C8FCA4EC1FFF0103B5FC90381FF87FEB7F803801FC00EA07F8EA0FE0485A485A
+A248C7FCEE018012FEA315FFA3007F5BEC03BF3B3F80071F8300261FC00E13C73A07F03C
+0FFE3A01FFF807FC3A003FC001F0292A7DA82D>97 D<EA01FC12FFA3120712031201B1EC
+03FC91381FFF8091387C07E09138E001F09039FDC000FCD9FF80137E91C77E4915804914
+1F17C0EE0FE0A217F0A2160717F8AA17F0A2160FA217E0161F17C06D1580EE3F006D5CD9
+FB8013FE9039F1C001F89039E0E003F09039C0780FC09026801FFFC7FCC7EA07F82D407E
+BE33>I<49B4FC010F13E090383F00F8017C131E4848131F4848137F0007ECFF80485A5B
+121FA24848EB7F00151C007F91C7FCA290C9FC5AAB6C7EA3003F15C07F001F140116806C
+6C13036C6CEB0700000314066C6C131E6C6C133890383F01F090380FFFC0D901FEC7FC22
+2A7DA828>I<ED01FC15FFA3150715031501B114FF010713C190381F80F190387E003949
+131FD803F81307485A49130348481301121F123F5B127FA290C7FCA25AAA7E7FA2123FA2
+6C7E000F14037F000714076C6C497E6C6CEB1DFFD8007C017913F890383F01E190380FFF
+C1903A01FE01FC002D407DBE33>I<EB01FE90380FFFC090383F03F09038FC01F848486C
+7E4848137E48487F000F158049131F001F15C04848130FA2127F16E090C7FCA25AA290B6
+FCA290C9FCA67EA27F123F16606C7E16E0000F15C06C6C13016DEB03806C6CEB0700C66C
+130E017E5B90381F80F8903807FFE0010090C7FC232A7EA828>I<EC1FC0EC7FF8903801
+F83C903807E07E90380FC0FFEB1FC1EB3F811401137FEC00FE01FE137C1500AEB6FCA3C6
+48C7FCB3AE487E007F13FFA320407EBF1C>I<167C903903F801FF903A1FFF078F809039
+7E0FCE0F9039F803FC1F3A03F001F80F170048486C6CC7FC000F8049137E001F147FA800
+0F147E6D13FE00075C6C6C485AA23901F803E03903FE0FC026071FFFC8FCEB03F80006CA
+FC120EA3120FA27F7F6CB512E015FE6C6E7E6C15E06C810003813A0FC0001FFC48C7EA01
+FE003E140048157E825A82A46C5D007C153E007E157E6C5D6C6C495A6C6C495AD803F0EB
+0FC0D800FE017FC7FC90383FFFFC010313C0293D7EA82D>I<EA01FC12FFA31207120312
+01B1EC01FE913807FFC091381E07E091387803F09138E001F8D9FDC07F148001FF6D7E91
+C7FCA25BA25BB3A6486C497EB5D8F87F13FCA32E3F7DBE33>I<EA01E0EA07F8A2487EA4
+6C5AA2EA01E0C8FCACEA01FC127FA3120712031201B3AC487EB512F0A3143E7DBD1A>I<
+1478EB01FEA2EB03FFA4EB01FEA2EB00781400AC147FEB7FFFA313017F147FB3B3A5123E
+127F38FF807E14FEA214FCEB81F8EA7F01387C03F0381E07C0380FFF803801FC00185185
+BD1C>I<EA01FC12FFA3120712031201B292387FFF80A392381FFC00ED0FE0168093C7FC
+151C5D5D5D4A5AEC0780020EC8FC141E143F4A7E14FF9038FDDFC09038FF9FE0140F9038
+FC07F001F87F6E7E1401816E7E81826F7E151F826F7EA282486C14FEB539F07FFFE0A32B
+3F7EBE30>I<EA01FC12FFA3120712031201B3B3B1487EB512F8A3153F7DBE1A>I<2701F8
+01FE14FF00FF902707FFC00313E0913B1E07E00F03F0913B7803F03C01F80007903BE001
+F87000FC2603F9C06D487F000101805C01FBD900FF147F91C75B13FF4992C7FCA2495CB3
+A6486C496CECFF80B5D8F87FD9FC3F13FEA347287DA74C>I<3901F801FE00FF903807FF
+C091381E07E091387803F000079038E001F82603F9C07F0001138001FB6D7E91C7FC13FF
+5BA25BB3A6486C497EB5D8F87F13FCA32E287DA733>I<14FF010713E090381F81F89038
+7E007E01F8131F4848EB0F804848EB07C04848EB03E0000F15F04848EB01F8A2003F15FC
+A248C812FEA44815FFA96C15FEA36C6CEB01FCA3001F15F86C6CEB03F0A26C6CEB07E06C
+6CEB0FC06C6CEB1F80D8007EEB7E0090383F81FC90380FFFF0010090C7FC282A7EA82D>
+I<3901FC03FC00FF90381FFF8091387C0FE09138E003F03A03FDC001FC6CB4486C7E91C7
+127F49EC3F805BEE1FC017E0A2EE0FF0A3EE07F8AAEE0FF0A4EE1FE0A2EE3FC06D1580EE
+7F007F6E13FE9039FDC001F89039FCE007F09138780FC0DA1FFFC7FCEC07F891C9FCAD48
+7EB512F8A32D3A7EA733>I<3901F807E000FFEB1FF8EC787CECE1FE3807F9C100031381
+EA01FB1401EC00FC01FF1330491300A35BB3A5487EB512FEA31F287EA724>114
+D<90383FC0603901FFF8E03807C03D381F000F003E1303003C1301127C0078130012F815
+60A27E7E7E6D1300EA7FF8EBFFC06C13F86C13FE6C7F6C1480000114C0D8003F13E00103
+13F0EB001FEC0FF800C01303A214017E1400A27E15F07E6C130115E06CEB03C039FF8007
+8039F1E01F0038E0FFFC38C01FE01D2A7DA824>I<130CA5131CA4133CA2137CA213FC12
+0112031207001FB512C0B6FCA2D801FCC7FCB3A21560A9000014E06D13C0A2EB7F01013F
+1380EB1F83903807FF00EB01FC1B397EB723>I<D801FC14FE00FF147FA3000714030003
+140100011400B3A51501A31503120015076DEB06FF017E010E13806D4913FC90381FC078
+903807FFE00100903880FE002E297DA733>I<B539E007FFE0A32707FE000113006C48EB
+007C1678000115707F00001560A2017F5CA2EC8001013F5CA26D6C48C7FCA26E5A010F13
+06A26D6C5AA2ECF81C01031318A26D6C5AA2ECFE7001001360A2EC7FC0A36E5AA26EC8FC
+A3140EA22B287EA630>I<B53BC3FFFE01FFF8A33D0FFE003FF0007FC06C48D91FC0EB1F
+800003020F15000001170E70130C15076C6C6E5BA27F6D6E5B150D02801570013F6E1360
+151802C015E0011FD938FE5BED307ED90FE090387F0180ED603FA2D907F00283C7FCEDC0
+1F02F81487010315C69138F9800F02FD14CED901FF14ECED00076D15F84A1303A2027E5C
+027C1301A2023C5C0238130002185C3D287EA642>I<B539F01FFFE0A300039039C007FE
+00C690388003F8D97F0013E002805BD93FC05B011F49C7FC90380FE00EECF00C6D6C5A01
+0313386D6C5A6E5A6D6C5A6E5A143F81141F6E7E4A7E4A7E1473EC61FCECC1FE903801C0
+FF49487E49486C7E010680010E6D7E49130F013C6D7E017C80D801FC80D80FFE497EB590
+383FFFF8A32D277FA630>I<B539E007FFE0A32707FE000113006C48EB00FC0001157816
+706C7E16607F6D5CA26D6C485AA2ECC003011F91C7FCA290380FE006A2ECF00E0107130C
+14F801035BA2ECFC380101133014FE01005BA2EC7FC0A36E5AA26EC8FCA3140EA2140CA2
+141C1418A25CA200181370007E1360B413E05C13015C4848C9FCEA7E07EA700EEA383CEA
+1FF8EA07E02B3A7EA630>I E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: FB cmsl12 14.4 13
+/FB 13 116 df<0103BA12F05BA21BE0D9000301E0C7120F6E4914001A3F1A1F4C150F1A
+071A03A21A015C93C9FCA55C5D1BC0A4020F150E5D97C7FCA3181E021F151C5D183CA218
+7C18FC023F4A5A4B130F92B6FCA4913A7FF0001FF04B13071701A21700A202FF5D5DA549
+4B5A5D94CAFCA45B92CCFCA55B5CA5130F5CA2497E496C7E007FB612E0B7FCA34C527BD1
+4C>70 D<0107B600FC013FB612E0A24D17C0A2D9000301F0C8001FEB80006E01C06F48C7
+FCA34C5EA41A1F5C93C95BA41A3F5C4B5FA41A7F140F4B5FA41AFF141F4B5FA4614AB9FC
+63A303F0C8120161147F4B94C8FCA46114FF4B5EA4190F5B4B5EA4191F5B92C95BA4193F
+5B4A5FA4197F130F4A5FA2496C4C7E496C4B7FB7D88007B612FCA204005EA25B527BD158
+>72 D<0107B500E0037FB512E0821DC082D900010503EBF8006E9438007FC07070C7FC4A
+183EDBCFFE161E1B1CEDC7FFA203C36D153C140303816D1538A203807FA2706C15781407
+4B6C6C1570A2707EA2706C15F05C020E6D6C5DA2707FA2706D1301141E021C6F5C82A271
+7E1A03023C6E7E023860717EA2717E1A0702786E7E027095C8FC711380A27113C06202F0
+6E13E04A170EF07FF0A2F03FF81A1E0101EE1FFC4A171CF00FFEA2F007FF1A3C010318BC
+4A6F13B81AF884A284130791CA6C5AA2193FA249171FA249715A497E496C16073803FFF8
+B600C01503A24B6F5AA25B527BD158>78 D<0107B8FC19F019FE737ED900039026E00007
+13E06E499038007FF8F11FFCF107FE4C6E7E737F737FA2747E5C93C97FA55C5DA4505A14
+0F4B5F61634F90C7FC62021F16074BED0FF84F5A4F5AF1FF80060390C8FC023FED0FFC4B
+ECFFF092B7128006FCC9FC84923AF00003FF80027F9138007FE04B6E7EF00FF8727E8572
+7E14FF4B8086A45B5DA5495E92C8FCA5494C90C8FC5CA2F301C0A21B03010F1A804A811B
+07496C05801300496C6F5CB76C6D141E736C5A93C86C6C5A73B45ACC00075B9638007F80
+52547BD156>82 D<EC03FF023F13E091B512FC903903FC01FE903A07C0007F8049C76C7E
+496E7EEB3FC06E6D7E137F707EA35C6D5A6DC7FC90C8FCA3160FA25FED07FF0203B5FC02
+1F138F9138FFE01F903807FE00D91FF05CEB7FC049C7FCEA03FE4848143F485A48485D5B
+485A007F173849147FEF807012FF90C812FFA25DA24BEB00E04B7E6D130E007F91391E3F
+81C06C6C013C1383D81FF001F0EBC7803C0FFC07E01FFF006CB500805BC649486C5AD91F
+F0EB03E0353679B43B>97 D<EDFFC0020713F8023F13FE91387F80FF903A01FC003FC0D9
+07F8EB1FE0D90FE0130F4948EB07F0494814F849C712035B4848EC01FC485AA2485A120F
+5B121F5B123FA348B7FCA301C0C9FC12FF5BAA127F17E0A216016C6C15C016036C6CEC07
+80000F16006D5C6C6C141E6C6C147C6C6C14F06C6CEB03E090393FE01F80010FB5C7FC01
+0313F89038007FC02E3679B434>101 D<F003F0DB07F8EB1FFCDB7FFFEB7FFE4AB538C1
+F87E913A07F80FF3C0913B0FE003FF00FE91393FC001FE91267F8000147C4AC714104A02
+7F1300495A0103825C1307A2495AA417FF95C7FC5CA24C5AA26E495A01075D4C5A6D6C49
+5A6D6C495A496C495A91267F81FEC8FC9039071FFFFCD90E0713E0D91E0190C9FC011CCB
+FCA2133CA5133EA2EB3F8091B512FCEEFFC06D15F817FE6D8118C0133F01FEC700077FD8
+03F89138007FF04848151FD80FC0150F48481507003F707E90C9FC5A007E1601170300FE
+5F5AA26C1607007E4C5A60007F161F6C6C4B5A6C6C03FFC7FC6C6CEC01FC6C6CEC07F8D8
+03FEEC3FE03B00FFC003FF80013FB548C8FC010714E09026007FFEC9FC3F4E7FB43B>
+103 D<EC03C0EC0FF0EC1FF8143FA2147FA4EC3FF0EC1FE0EC0F8091C7FCB0EC7FC0EB7F
+FF1580A290B5FC13031300A21500A55B5CA513035CA513075CA5130F5CA5131F5CA5133F
+5CA2137F497E007FEBFFC0B6FC1580A21D507CCF21>105 D<EC03FEEB03FF5B15FCA2EB
+001F1407A315F8A5140F15F0A5141F15E0A5143F15C0A5147F1580A514FF1500A55B5CA5
+13035CA513075CA5130F5CA5131F5CA5133F5CA2137FEBFFF0007FEBFFE0B612C0A31F53
+7CD221>108 D<91277F8003FE4AB4FC90B590261FFFC0010F13E0DB007F01F0013F13F8
+922701F80FFC9038FC07FE923D03C003FE01E001FF010390260F00019038078000010001
+1E6D6C48C7EA7F804B151E4A485D037015384B6E48143F6E485D4B4A48147F5B92C85BA2
+4A93C8FCA301034B16FF4A4B1600A5010703035D4A4B5DA5010F030715034A4B5DA5011F
+030F15074A4B5DA5013F031F150F4A4B5DA2017F033F151FD9FFF0DA7FF8EC3FFC007F90
+26FFE03FB5D8F01FB512F8B648484A4814F0A35D347CB363>I<91397F8007FE90B59038
+1FFFC0DB007F7F923901F80FF8923907C007FC010390380F00030100011E6D7E5DECFE70
+A24B13006E5A4B13015B92C7FCA25CA2170313034A5DA4170713074A5DA4170F130F4A5D
+A4171F131F4A5DA4173F133F4A5DA2017F157FD9FFF0ECFFF0007F9026FFE07FEBFFE0B6
+48B612C0A33B347CB341>I<ED7FC0913803FFFC021F13FF91397F807F80903A01FE000F
+E0D903F86D7ED907E06D7ED91FC06D7E4948130049C8127E017E157F5B0001EE3F80485A
+12074916C0120FA2485AA2003F17E05BA2127FA34848ED7FC0A5EFFF80A390C913005E5F
+A26C6C4A5AA24C5A003F5E4C5A6C6C141F5F6C6C4A5A6C6C4AC7FCED01FCD803FC495AC6
+6CEB0FF090397FC07FC0011FB5C8FC010713F8010013C0333678B43B>I<DA07FE13E091
+383FFFC149B512F3903A03FC01FFC090390FC0007F4948133F49C7121F017E140F5BEE07
+80485AA4120317007F7F6D91C7FC6C13C014F8ECFFC06C14FC6D13FF6D14C06D806D8001
+0380D9007F7F14039138003FFE15076F7E001C8081A282A2003E157EA45E123F485D6D13
+014B5A6D495A6D495AD87CF0495AD8F87E01FFC7FC39F03FFFFCD8E00F13F0D8C00390C8
+FC2B367CB42E>115 D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: FC cmsy10 14.4 4
+/FC 4 84 df<943807FFF094B67E040715F0043F15FE93B87E03039026FC001F13E0030F
+0180010013F8DB3FFCC8EA1FFEDBFFE0923803FF804A018003007F4A48CAEA3FE0DA0FF8
+EF0FF8DA1FE0EF03FC4A48717E4A48717E02FECCEA3F804948737E4948737E4948737E49
+48737E4A19014948737E49CE127E491B7F017E8749757E491B0F000189491B0700038949
+1B03000789491B01000F89491B00001F8990D0127CA2481D7E003E1D3EA3007E1D3F007C
+89A400FC1E80481D0FAE6C1D1F007C1E00A4007E65003E1D3EA3003F1D7E6C1D7CA26D1C
+FC000F656D1B010007656D1B030003656D1B070001656D1B0F0000656D1B1F017E51C7FC
+017F636D1B7E6D6C626D6C4F5A6E19036D6C4F5A6D6C4F5A6D6C4F5A6D6C4F5ADA7F8006
+FFC8FC6E6C4D5A6E6C4D5ADA0FF8EF0FF8DA03FEEF3FE06E6C6CEEFFC06E01E003035BDB
+3FFCDB1FFEC9FC92260FFF80ECFFF8030301FC011F13E0030090B71280043F4BCAFC0407
+15F004001580050701F0CBFC696E79D478>13 D<DD07801A03050F63DD3FC062057F6369
+05FF1B3E217E21FE72190120034C642007200F201F72193F207F4C6420FF05DF61726067
+040762179F058F4F5B72F03FBF040FF27F3F050F19FFF601FE716C18FC041F963803F87F
+041EDF07F05BF60FE00503181F043E6DEF3FC0043CF17F801F000CFE13FF4C6C6D4B485C
+1D03535A04F04E5A716D4B5A6603014F485A4CF07F00726C5D52485D4B484D5A525A0307
+6E6C4A5A4C60525A4BC76D023F5C061F4B5A52C7FC031E4D5A726C495A033E4D4893C7FC
+033C4D5A73495A4B0207143F73495A515A4B6E4990C85AF283FE02016FEB87FC4BEECFF8
+0203EFDFF04B6EEBFFE0634A486F5B98C9FC020F705A4AC95B0008725A001E013E5F003F
+017E704884D9E0FC5FD87FFF7148F083C04A70CAECCF804A93CB14FF2200B5487613FC4A
+6621E06C49761380001F90D1007CC7FC6C489BC8FCEA01F882597DD390>77
+D<93B612FC031FEDFFE092B812FC0207EFFF80023F18E091BA7E010319FC490181D98007
+8090261FF003DA003F7FD93F8004071480D9FE00040014C0484892C87E4848061F13E048
+4884000F8548487213F086003F5C494A81127F90C7FC00FE1A7F12F800401BE0C8485AA2
+1CC0A21C804C16FF031F1800A2505AA24C4B5A033F5F1A07505A4C5E505A037F4C5A50C7
+FC4C15FE4F5A03FFED07F04F5A4CEC3F8007FFC8FC4AED07FCF0FFF84CB512E004071480
+4A4949C9FCDBFE3F13F04C138005FCCAFC913907FCFF8093CCFCA24A5AA34A5AA34A5AA3
+4A5AA34A5AA34990CDFCA25C1303A25C13075C130F5C5CEB1F8091CEFC131854587DD153
+>80 D<F07FF80507B57E053F14E04CB612F8040715FE041F814C16809338FFC00FDB01FC
+C714C0DB07F0143F4B48140F4B48804B4880157F4BC86C1380A24A5A0203180062020717
+F84F5A1A80020F93C8FCA281A282A282826E7F826E13FE826E14C06E14F06F13FC6F13FF
+030F14C06F14F0030114FC6F6C13FF041F80040714E0040180706C7F051F7F05077F717F
+1700727F84D903C06F7F011F82D97F808149C9FCD803FE82EA07F8484882121F4960123F
+A2007F96C7FCA26100FF17036D5F616D16074E5A6D5F6D4C5A6C6C4C5A6E4BC8FC6C01E0
+EC01FC6EEC07F86C01FEEC1FF06C903AFFE003FFC06C91B6C9FC6C16FCC616F06D15C001
+1F4ACAFC010314F09026003FFECBFC4A567ED348>83 D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: FD cmr12 14.4 1
+/FD 1 100 df<EC0FFE91387FFFE049B512F8903907F801FE90391FE0001FD93F80EB07
+8049C7EA0FC001FE143F484815E00003157F485A485AA2485AEE3FC0003FED0F004991C7
+FCA2127FA35B12FFAB127F7FA3123F6D1570121F6D15F0000F16E06D140112076C6CEC03
+C06D15806C6C14076C6DEB0F00D93FC0131E6D6C137C903907FC03F06DB55AD9007F1380
+DA0FF8C7FC2C367CB434>99 D E
+%EndDVIPSBitmapFont
+%DVIPSBitmapFont: FE cmr17 24.88 25
+/FE 25 118 df[<1AF04F7E4F7EA34F7EA34F7EA34F7FA34F7FA34F7FA296B57EA219FB
+06018019F319F106038019E119E0060780F1C07FA2060F804F7EA2061F814F7EA2063E81
+86067E81187C8606FC8160860501824E7FA20503824E7FA20507824E147FA24D48818705
+1F8395C8FC874D83173E87057E83177C8705FC834D81A20401844D81A20403844D81A24C
+48831C7F040F845F88041F8594CAFC884C85043E83A2047E85047C83A204FC854C8393BB
+FC4B86A24B86A3DB07E0CB7F5E1D7F030F865E89031F8793CC7EA24B87033E85A2037E87
+037C85A24B87890201885D890203885D890207884B1A7FA2020F884B86A2021F8992CE7E
+5C8C4A878C5C8A498A497F010F6D507F496D88017F6D083F7F0007B500FE4FB612C0B700
+C095B812F0A6>132 145 123 272 143 65 D[<96261FFF8016380607B512FC063FDAFF
+8015784DB712E0050F04FC15F8053F04FF14014CB526FE000F7F4C02C0010001E0130304
+0F01FCC8EA1FF0043F01E0DB07FC130793B50080ED01FE4B49CA007F130F030701F8EF3F
+804B01E094381FC01F4B49EF07E04B90CB3803F03FDBFFFEF001F84A49953800FC7F4A49
+197E4A01E0F13FFF4A5B4A49858A4A90CD7E4A5A4A48864949865D4988495B49491B7FA2
+49491B3FA24990CF121F5B5C01FF1D0F5C5A4A1C075AA24A1C035AA25C481E01A3485BA2
+1F005AA25CA2481F00A691D2FCB5FCB37E80A67EA28020787EA36C7FA37E6E1DF820F07E
+80A26C6D1C0120E07E80017F1D036E1DC06D1D076D7F20806D6D1B0F6F1C006D656D6D1B
+1E6D6D1B3E676D7F6E6C636E6C1A016E6D62704F5A6E6D19076E6D4F5A6E6D4F5A6E6D4F
+C7FC6E6D197EDB3FFF616F01C04D5A6F6D4D5A6F01F8EF0FE0030101FE4D5A6F6D6CEE7F
+80043F01E0DB01FEC8FC040F01FCED0FFC0403D9FFC0EC7FF07002FE903807FFE0DC003F
+90B71280050F4CC9FC050116F0DD003F15C0060702FCCAFCDE001F13C0>117
+147 118 271 138 67 D[<BF12FEA58AD8001F0280C9120F010349CB123F6D4918071C00
+6D871D1F891D03777FA2891E7F1E3FA21E1FA3787EA31E07A31E03A38BA21E01A7E003C0
+811E00A49CC7FCA61A07A41A0FA21A1FA21A3F1A7FF101FF1907197F92B9FCA603FCC87E
+19071901F1007F1A3F1A1FA21A0FA21A07A41A03A4F703C0A4F70780A397CAFCA4F70F00
+A567A31F1E1F3EA41F7EA21F7C1FFCA31E01A21E031E07671E0F1E1F1E3F1E7F1EFF651D
+07535B491B7F52B5FC496D181F011F6D6C0407B6FCC0FCA267A4>114
+141 117 268 130 69 D[<BF12F0A58AD8001F0280C97E010349CA12016D49EF001F1C07
+6D1A01881D3F1D1F777E1D07A21D031D01A21D00A21E7C1E7EA21E3EA41E1EA31E1FA28A
+A71F801E07F20780A39BC7FCA81A0FA41A1FA21A3FA21A7F1AFF1903190F96B5FC92B9FC
+A603FCC8FC190F190319001A7F1A3FA21A1FA21A0FA41A07AB97CBFCB3B0497FA2496D7E
+011F14F8B912C0A6>105 141 117 268 124 I[<B800FC033FB8FCA6D8001F02E0CA0007
+ECF800010391CC14C06D49735BA26D497390C7FCB3B3B392BDFCA603FCCC123FB3B3B3A6
+496D4F7FA2496D96B57E011F02E0050714F8B800FC033FB8FCA6>120
+141 117 268 143 72 D[<B9FCA6D8000FECF000010114806D91C7FCA26E5AB3B3B3B3B3
+B3AD91B5FCA24980010F14F0B9FCA6>48 141 118 268 68 I[<B912C0A6D8001F02F8CD
+FC010314806D49CEFCA26D5BB3B3B3B3A61EF0A5F501E0A81D03A31EC0A31D07A41D0FA3
+1D1F1E801D3FA21D7FA21DFFA264646452130064646451B5FC1B0749191F1B7F496D0403
+B6FC011F6D6C157FBFFC65A5>100 141 117 268 119 76 D[<B600FE9AB612FE6F64A3
+7063A2D8001FF9F000D903F76DE107BF138001019EC7FCA2D900F36D98380F3FFEA202F1
+6D1B1EA302F06D1B3CA36F6C1B78A36F6C1BF0A270F201E081A26F6DF103C0A36F6DF107
+80A36F6DF10F00A36F6D191EA26F6D61A3706C61A3706C61A3706C4E5AA2706D4D5AA370
+6D4D5AA3706D4DC7FCA3706D171EA2706D5FA3716C5FA3716C5FA3716C4C5AA2535A717F
+A2716D4B5AA3716D4BC8FCA3716D151EA3716D5DA2726C5DA3726C5DA3726C4A5AA3726D
+495AA2726D495AA3726D49C9FCA3726D131EA3726D5BA2736C5BA3736C5BA3736C485AA3
+73EB83C0A2F387807313C7A27301EFCAFCA37313FEA3496C705BA3496C715A497E496C71
+484D7E497F017F01E09AB57E0003B500FC7048040714F0B700F0083FB712FEA2745AA374
+5A>151 141 116 268 176 I[<B600FC060FB7FC8181A282A2D800076EDD003F14C00100
+6E0607EBFE000B0113F870725B02F7755A02F36D735A70735A14F102F07F7073C7FC8183
+816F7F838183816F7F83816F7FA2707E8482707FA2707F8482707F84828482717E858385
+83717F8583717FA2717F8583727EA2727F8684727F86848684727F86848685737F878573
+7FA2737F8785737FA2737F8786747F88868886747F88868886747F8887751380A27513C0
+1DE0877513F0A27513F81DFC877513FE1DFF881E8F887613CF1EEF881EFF8888A28888A2
+89A28989A2496C86A289496C86497E496C86497F017F01E0850003B500FC86B712F08AA2
+8A8AA2>120 141 117 268 143 I[<F17FFE061FB512F895B7FC050716E0053FD9C00313
+FCDDFFF8C7EA1FFF040301C0020313C0040F90C913F0DC3FFCEE3FFCDC7FF0EE0FFE4B48
+48706C7E4B018004017F030F90CB13F0DB1FFCF03FF84B48727E4B48727E4B48727E4A49
+727F4A49727F4A90CD7F4A48747E021F884A48747E4A48747E4A48747EA24949747F4949
+747F498A4B86498A92CFFC498A4948767EA24948767EA201FF8A4A884820804A884820C0
+A348497613E0A348497613F0A34820F8A24A884820FCA54820FEA291D1FCA5B51FFFB26C
+6D5213FEA76C20FC6E64A36C20F8A26E64A26C20F0A26E646C20E0A36C6D5213C0A26C20
+806E646C20006E64017F66A26D6C525AA26D6D505BA26D6D505B6D666F626D666D6D505B
+6F626D9BC7FC6E6C505A6E6C505A6E6C505A6E646E6D4E5B70606E6D4E5B02006D4E90C8
+FC6F6C4E5A6F6C4E5A6F6C4E5A6F6C4E5A030301C0040313C06F6D4C5B9226007FF8DC1F
+FEC9FCDC3FFEEE7FFC93260FFF80913801FFF0040301E0020713C0040001FC023F90CAFC
+943B3FFFC003FFFC050790B612E005011680DD001F02F8CBFC9526007FFECCFC>128
+147 118 271 149 I[<BB12FCF2FFF01BFEF3FFC01CF01CFCD8001F0280C8003F13FF01
+0349C9000114C06D49DC003F7F090713F86D07017F757FF43FFF767F767F767F767F767F
+767FA2777E8A891F80A2891FC0A21FE0A289A21FF0AB1FE0A3651FC0A31F80651F006566
+A2535A525B6664525B525B525B5290C7FCF4FFFC515B09075B093F13C050B55A083F49C8
+FC92BA12F81CC051C9FC1BF008FCCAFC03FCCFFCB3B3B3A2497FA2497F011F14E0B812FC
+A6>108 141 117 268 130 I[<922601FFF01507031FEBFF8092B600F05C020315FC020F
+03FF5C023F16C091B5D8000F01F05B4901F09038007FF84901C0DA0FFE5B010F90C8EA03
+FFD91FFC03006D5A4948EE3FC04948EE1FE14AEE0FF14948EE07FB484916014890CBB5FC
+5B48488486484884A248488486123F4984A2007F85A24984A212FF87A387A37F87A37FA2
+007F867FA27F7F003F97C7FC7F806C7F806C7F806C13FE806C14C06C14F8EDFF806C15F0
+6D14FF6D15F06D15FF6D16F06D16FE6DEEFFE06D17F86D6C16FE021F707E020717E00201
+17F86E6C82030F82030082040F82040082051F81050181DD001F801801DE003F7F070F7F
+8507017F85741380867413C0867413E0A2867413F0A286A200F01A7F1CF8A21B3FA41B1F
+7EA57EA21CF0A27E1B3F7E1CE07F1B7F6D1AC0A26D19FF1C806D606D1A006D606D616D18
+076E4D5AD9DFC04D5A6E60D98FF0173FD987FC4D5AD903FF4C485A010001C04B5B48D97F
+F04B90C7FCDA3FFEED1FFE4890260FFFC0ECFFF8020301FF01075B486D91B612C06E6C5E
+48020F4BC8FC030115F048DA003F14C0040001FCC9FC>85 147 118
+271 106 83 D[<001FC112C0A603C0C700070280C7121F02FCC8000149C9FC4801E06F49
+041F13E091CA1807498901F81D00491E7F491E3F491E1FA2491E0FA290CB1907A2003E1F
+03A3007E20F0007C1F01A600781F00A800F820F8482078A7CC1A00B3B3B3B3AC4E7F4E7F
+4E80067F14F8047FB912F8A6>125 140 122 267 138 I[<B800C0030FB700FC0403B7FC
+A6C66C02E0CA00074ACB001F14E0010F91CB000102F0060714006D497202C0060113FC6D
+497349725B4B73755A6DA16D5AA15E6F73755A6D89A193C7FC6F85027FA1121E8B6F856E
+A15A8B7084A1157C6E506D1978A27022F86E7661657021016E76616570DE1E7F19036EA1
+5A0B3E7F70F03C3F6E595A0B7C8070F0781FA1140F6E08F86E95C8FC537E7069037F7617
+1E52487E70213E6F76173C1C03714D6C197C6F22780A0781714D7E6F6A0A0F817194C7FC
+A113016F4E6F5F0A1E147F711F036F765F5280711F076F775E1C7C7104786E170F6F9FC9
+FC0AF882714C80047F201E090183714C80A1133E70040371153C5280721E7C7076157851
+4880721EF870765D1B0F7292C916017068518372021E167F70555A093E8372023C82A112
+0770047C725C097882721D0F707791CAFC51827265057F76131E1A01724A70153E711E3C
+08038507804982716608078507C04982A112F871020F735B98CBFC07E01B01710AFE5B08
+1E187F07F01B03710AFF5B1A3EDFF83C7213077166087C1A87DFFC7884710B8FCBFC08F8
+1ACF73488423DFDE7FFF1BFE5084A272645084A27264A250847264A297CDFC7264A24F1A
+7FA20603644F1A3FA20601644F1A1FA2060099CCFC4F86>192 144
+126 268 197 87 D<ED0FFF92B512F0020714FE021F6E7E91267FF00313E04AC7EA7FF8
+D903FCEC1FFCD907F0EC07FFD90FC06E7F49486E7F49C97F013E707E49707E49161F8549
+707E48B4FC02C06F7E80486D836E81A3727FA46C5BA238007FC06D5A90CAFCA8053FB5FC
+041FB6FC4BB7FC031FEBFE0192B512800203EBF800021F1380DA7FFEC7FC903801FFF049
+13C0010F5B4948C8FC495A495A48485A5C485B485B4890C9FCA2485AA248481A3CA2485A
+A312FF5B60A460A2606D160E007F171E181C6D163C003F4D6C6C13786D16F06C6C15016C
+6D4A486C6C13F06C6DEC07C06C6D913B1F801FF801E06C01F8DA3E00EBFC0326007FFED9
+01FC90390FFF9FC090283FFFC00FF86DEBFF80010F90B500E06D1400010103806D5BD900
+3F01FCC813F8020301C0ED1FC0565C78DA5F>97 D<EE3FFC0303B512C0031F14F8037F14
+FF912701FFE00313C0020790C7EA3FE0DA0FFCEC07F8DA3FF0EC01FC4A48EC007E4A4881
+4949ED0F804990C9EA07C04948EE03E0495A4948EE01F0013F17004948EE0FF84A163F01
+FF177F4849EEFFFC60485BA25A91C9FC5AA248487013F8A2F13FE0003FF01FC04994C7FC
+A2127FA45BA212FFAF127F7FA4123FA27FA2121FA27F6C190F806C191F1A1E6C7F1A3E6C
+6D173C6C197C6E17786D6C17F8013F18F06D6C16016EEE03E06D6CEE07C06D6DED0F806D
+6D151F6D6DED3F006D6C6C157EDA3FFC15F86EB4EC03F0020701C0EB1FE0020101F8EBFF
+806E6CB548C7FC031F14F8030314C09226003FFCC8FC485C79DA54>99
+D[<1BFCF11FFF0607B5FCA6F0000719001A7F1A3FA21A1FB3B3A4EE1FFC0303B512C003
+1F14F8037F14FE913B01FFF801FF8002079039C0001FC04A48C7EA07F0DA3FF8EC01F84A
+48EC007CDAFFC0153E4949151F4990C9EA0F9F4948EE07DF4948EE03FF494882013F8349
+5A4948177F1A3F485B1A1F485B5A91CBFC5AA25B121FA2123F5BA3127FA35BA212FFAF12
+7FA37FA3123FA36C7EA3120F7F7EA26C6D173FA26C6D177FA26C6D17FF017F5F806D6C5E
+011FEF07DF6D6CEE0F9F6D6C93381F1FFE6D6C163E6D6D037C7F6D01E0DA01F8806E6CDA
+03F014F0DA1FFCDA0FC0ECFFF06EB4EC7F8002039039E007FE00020090B512F8033F14E0
+030791C7FC9226007FF04BC7FC>92 144 121 270 106 I[<EB07F0497E497E497E497E
+90B57EA76D90C7FC6D5A6D5A6D5A6D5A90C9FCB3ACEC1F8048B5FC127FA6C67E131F7F7F
+A27FB3B3B3AE497F497F013F13F8B712F8A6>37 137 121 264 52
+105 D[<EC1F800003B5FCB6FCA6C6FC131F7F7FA27FB3B3B3B3B3B3AD497F497F013F13
+F8B712FEA6>39 143 121 270 52 108 D<023F912601FFE0933807FF800003B5021F01
+FE047F13F8B6027FD9FFC04AB6FC4CB600F0020715C0932607FC0101FC91261FF00713F0
+93280FC0001FFE4AC76C7E043FC76C6C02FC6E7E047C020390268001F0EC0FFEC64B6E6D
+48486E7E011F49486E6D48486E7F6D4948704848826D4A037F91C87E4B48DCF81E836D49
+C9003F4981030E1838031E93261FFC78707E4B60A24BEFFDE009FF8403707049163F15F0
+4B60A34B95CAFCA44B5FB3B3B0496D4C6C4D7E496D4C6D4C7E013F01F893B500E003036D
+7EB700FE0103B700F8010FB712E0A6935A79D9A0>I<023F913801FFE00003B5021F13FE
+B6027FEBFFC04CB612F0932607FC0113FC933A0FC0001FFE043FC76C7E047C02037FC64B
+6E7F011F49486E7F6D4948826D4A157F4B48826D49C9123F150E031E707E5DA25D870370
+160F15F05DA35DA45DB3B3B0496D4C7E496D4C7F013F01F893B512E0B700FE0103B712F8
+A65D5A79D96A>I<EE1FFE4BB512E0030F14FC037FECFF809226FFF0037F020390398000
+7FF0DA0FFCC7EA0FFCDA1FF0EC03FEDA7FE06E6C7EDAFF806E6C7E4990C96C7E4948707E
+4948707E4948707E4948707EA24948707E4948707F01FF854A177F48864890CB6C7EA248
+8649181F000F86A34848727EA3003F86A34848721380A500FF1BC0AF007F1B80A26D60A3
+003F1B00A3001F626D181FA2000F62A26C6C4E5AA26C626E177F6C626E17FF6C626D6C4C
+5BA26D6C4C90C7FC6D6C4C5A6D6C4C5A0107606D6C4C5A6D6C4C5A6D01C0EDFFC06E6C4A
+5BDA3FF8020790C8FCDA0FFCEC0FFC6EB46CEB7FF802019039F003FFE06E6CB61280030F
+02FCC9FC030114E09226001FFECAFC525C7ADA5F>I<023FEC0FF00003B5EC7FFEB649B5
+1280040714E093391FF00FF093383F803F93397E007FF85EC6DA01F0EBFFFC011F495A6D
+5C6D13075E6D49C7FC4BEC7FF8151E031CEC1FE0033CEC0780033891C7FC1578A2157015
+F0A25DA45DA55DB3B3AB815B497F013F13FCB812C0A63E5A7AD949>114
+D<15F0A91401A61403A41407A4140FA2141FA2143FA2147FA214FF5B5B5B5B5B137F90B9
+FC120FBAFCA4C7D87FF0C9FCB3B3AAF001E0B218036E6C15C0A318076E6C1580A2180F6E
+6C1500606E6C141E6E6D133E606E6D5B6E9038F001F092393FFC07E06FB55A03075C0301
+49C7FC9238001FF03B807DFE49>116 D<DA1F80177E0003B593380FFFFEB60303B5FCA6
+C6EF0003011FEF007F6D183F6D181FA26D180FB3B3AE1A1FA41A3FA31A7FA26D18FFA2F1
+01EF816DEF03CFF1078FA26E6C92380F0FFF191E6E6C033C806E6C0378806E6CDA01F014
+F86E6CDA03E0ECFFF86E6C6CEB0FC06E01F8EB7F806E6CB5EAFE00031F14F8030314E092
+26003FFEC791C7FC5D5B79D96A>I E
+%EndDVIPSBitmapFont
+end
+%%EndProlog
+%%BeginSetup
+%%Feature: *Resolution 600dpi
+TeXDict begin
+%%PaperSize: A4
+
+%%EndSetup
+%%Page: 0 1
+0 0 bop 383 1805 a FE(SEMANTICS)60 b(WITH)j(APPLICA)-16
+b(TIONS)1078 2107 y(A)62 b(F)-16 b(ormal)61 b(In)-5 b(tro)5
+b(duction)904 2545 y FD(c)870 2549 y FC(\015)p FB(Hanne)38
+b(Riis)g(Nielson)2158 2545 y FD(c)2124 2549 y FC(\015)p
+FB(Flemming)d(Nielson)864 3281 y FA(c)839 3284 y Fz(\015)o
+FA(The)47 b(w)m(ebpage)h Fy(http://www.daimi.au.dk/)p
+Fz(\030)-7 b Fy(hrn)47 b FA(con)m(tains)839 3397 y(information)19
+b(ab)s(out)i(ho)m(w)g(to)g(do)m(wnload)g(a)g(cop)m(y)h(of)f(this)f(b)s
+(o)s(ok)g(\(sub-)839 3510 y(ject)31 b(to)g(the)g(conditions)d(listed)h
+(b)s(elo)m(w\).)839 3670 y(The)41 b(b)s(o)s(ok)h(ma)m(y)h(b)s(e)e(do)m
+(wnloaded)g(and)h(prin)m(ted)f(free)h(of)g(c)m(harge)839
+3783 y(for)34 b(p)s(ersonal)f(study;)j(it)e(ma)m(y)h(b)s(e)f(do)m
+(wnloaded)g(and)g(prin)m(ted)f(free)839 3896 y(of)28
+b(c)m(harge)h(b)m(y)f(instructors)f(for)h Fx(imme)-5
+b(diate)36 b FA(photo)s(cop)m(ying)28 b(to)h(stu-)839
+4008 y(den)m(ts)35 b(pro)m(vided)g(that)h(no)g(fee)g(is)f(c)m(harged)h
+(for)g(the)f(course;)k(these)839 4121 y(p)s(ermissions)29
+b(explicitly)h(exclude)i(the)h(righ)m(t)f(to)i(an)m(y)f(other)g
+(distri-)839 4234 y(bution)19 b(of)j(the)f(b)s(o)s(ok)g(\(b)s(e)g(it)g
+(electronically)f(or)h(b)m(y)g(making)g(ph)m(ysical)839
+4347 y(copies\).)839 4507 y(All)29 b(other)h(distribution)d(should)h(b)
+s(e)i(agreed)h(with)e(the)i(authors.)839 4667 y(This)22
+b(is)i(a)h(revised)f(edition)f(completed)i(in)e(July)g(1999;)29
+b(the)c(original)839 4780 y(edition)e(from)i(1992)i(w)m(as)f(published)
+21 b(b)m(y)k(John)f(Wiley)h(&)f(Sons;)j(this)839 4893
+y(should)h(b)s(e)i(ac)m(kno)m(wledged)h(in)e(all)g(references)i(to)g
+(the)g(b)s(o)s(ok.)p eop
+%%Page: 1 2
+1 1 bop 3441 130 a Fw(i)p 0 193 3473 4 v eop
+%%Page: 5 3
+5 2 bop 0 1181 a Fv(Con)-6 b(ten)g(ts)0 1733 y Fw(List)37
+b(of)g(T)-9 b(ables)2688 b(vii)0 1954 y(Preface)3019
+b(ix)0 2174 y(1)90 b(In)m(tro)s(duction)2652 b(1)146
+2296 y Fu(1.1)100 b(Seman)m(tic)32 b(description)g(metho)s(ds)66
+b(.)50 b(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)
+h(.)g(.)g(.)g(.)142 b(1)146 2418 y(1.2)100 b(The)33 b(example)f
+(language)g Fw(While)64 b Fu(.)50 b(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g
+(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)142 b(7)146
+2540 y(1.3)100 b(Seman)m(tics)32 b(of)g(expressions)72
+b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)
+g(.)g(.)f(.)h(.)g(.)g(.)g(.)142 b(9)146 2662 y(1.4)100
+b(Prop)s(erties)32 b(of)g(the)h(seman)m(tics)g(.)50 b(.)g(.)g(.)g(.)g
+(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)
+93 b(15)0 2882 y Fw(2)d(Op)s(erational)37 b(Seman)m(tics)2107
+b(19)146 3004 y Fu(2.1)100 b(Natural)31 b(seman)m(tics)38
+b(.)49 b(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)
+g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(20)146
+3126 y(2.2)100 b(Structural)32 b(op)s(erational)e(seman)m(tics)35
+b(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)
+g(.)g(.)g(.)93 b(32)146 3248 y(2.3)100 b(An)33 b(equiv)-5
+b(alence)32 b(result)48 b(.)i(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h
+(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93
+b(40)146 3370 y(2.4)100 b(Extensions)34 b(of)e Fw(While)64
+b Fu(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g
+(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(44)146 3492
+y(2.5)100 b(Blo)s(c)m(ks)32 b(and)h(pro)s(cedures)81
+b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)
+g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(50)0 3713 y Fw(3)d(Pro)m(v)-6
+b(ably)37 b(Correct)f(Implemen)m(tation)1554 b(63)146
+3834 y Fu(3.1)100 b(The)33 b(abstract)g(mac)m(hine)e(.)50
+b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g
+(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(63)146 3956 y(3.2)100
+b(Sp)s(eci\014cation)31 b(of)i(the)g(translation)f(.)50
+b(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g
+(.)g(.)g(.)93 b(69)146 4078 y(3.3)100 b(Correctness)85
+b(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)
+g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93
+b(73)146 4200 y(3.4)100 b(An)33 b(alternativ)m(e)e(pro)s(of)h(tec)m
+(hnique)39 b(.)50 b(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g
+(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(81)0 4421 y Fw(4)d(Denotational)37
+b(Seman)m(tics)2054 b(85)146 4543 y Fu(4.1)100 b(Direct)31
+b(st)m(yle)j(seman)m(tics:)43 b(sp)s(eci\014cation)48
+b(.)i(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g
+(.)93 b(85)146 4664 y(4.2)100 b(Fixed)32 b(p)s(oin)m(t)g(theory)84
+b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)
+g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(93)146 4786
+y(4.3)100 b(Direct)31 b(st)m(yle)j(seman)m(tics:)43 b(existence)37
+b(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)
+g(.)g(.)g(.)44 b(107)146 4908 y(4.4)100 b(An)33 b(equiv)-5
+b(alence)32 b(result)48 b(.)i(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h
+(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44
+b(112)146 5030 y(4.5)100 b(Extensions)34 b(of)e Fw(While)64
+b Fu(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g
+(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44 b(117)0 5251
+y Fw(5)90 b(Static)37 b(Program)f(Analysis)1958 b(133)146
+5373 y Fu(5.1)100 b(Prop)s(erties)32 b(and)h(prop)s(ert)m(y)g(states)44
+b(.)50 b(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)
+h(.)g(.)g(.)g(.)44 b(135)146 5494 y(5.2)100 b(The)33
+b(analysis)42 b(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g
+(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)
+44 b(142)1710 5849 y(v)p eop
+%%Page: 6 4
+6 3 bop 251 130 a Fw(vi)2944 b(Con)m(ten)m(ts)p 251 193
+3473 4 v 430 515 a Fu(5.3)99 b(Safet)m(y)34 b(of)e(the)h(analysis)52
+b(.)e(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g
+(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(153)430 636 y(5.4)99
+b(Bounded)34 b(iteration)e(.)50 b(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g
+(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)
+44 b(160)283 854 y Fw(6)91 b(Axiomatic)35 b(Program)h(V)-9
+b(eri\014cation)1587 b(169)430 974 y Fu(6.1)99 b(Direct)32
+b(pro)s(ofs)g(of)g(program)f(correctness)98 b(.)50 b(.)g(.)g(.)g(.)g(.)
+f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(169)430
+1094 y(6.2)99 b(P)m(artial)31 b(correctness)k(assertions)d(.)50
+b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g
+(.)g(.)g(.)g(.)44 b(175)430 1215 y(6.3)99 b(Soundness)35
+b(and)d(completeness)54 b(.)c(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f
+(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(183)430
+1335 y(6.4)99 b(Extensions)34 b(of)e(the)h(axiomatic)d(system)68
+b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)
+g(.)44 b(191)430 1456 y(6.5)99 b(Assertions)34 b(for)e(execution)h
+(time)99 b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g
+(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(200)283 1674 y Fw(7)91
+b(F)-9 b(urther)37 b(Reading)2348 b(209)283 1891 y(A)62
+b(Review)36 b(of)i(Notation)2200 b(213)283 2109 y(App)s(endices)2741
+b(212)283 2327 y(B)67 b(In)m(tro)s(duction)36 b(to)h(Miranda)h
+(Implemen)m(tations)1092 b(217)430 2448 y Fu(B.1)79 b(Abstract)33
+b(syn)m(tax)49 b(.)h(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)
+g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44
+b(217)430 2568 y(B.2)79 b(Ev)-5 b(aluation)31 b(of)h(expressions)39
+b(.)50 b(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)
+g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(218)283 2786 y Fw(C)66
+b(Op)s(erational)37 b(Seman)m(tics)f(in)h(Miranda)1468
+b(221)430 2906 y Fu(C.1)78 b(Natural)32 b(seman)m(tics)37
+b(.)50 b(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)
+f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(221)430
+3027 y(C.2)78 b(Structural)32 b(op)s(erational)e(seman)m(tics)35
+b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)
+g(.)g(.)g(.)44 b(223)430 3147 y(C.3)78 b(Extensions)34
+b(of)e Fw(While)65 b Fu(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g
+(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44
+b(225)430 3268 y(C.4)78 b(Pro)m(v)-5 b(ably)33 b(correct)g(implemen)m
+(tation)97 b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g
+(.)g(.)g(.)g(.)g(.)44 b(227)283 3485 y Fw(D)61 b(Denotational)36
+b(Seman)m(tics)h(in)g(Miranda)1415 b(229)430 3606 y Fu(D.1)73
+b(Direct)32 b(st)m(yle)h(seman)m(tics)27 b(.)50 b(.)g(.)g(.)f(.)h(.)g
+(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)
+g(.)g(.)44 b(229)430 3726 y(D.2)73 b(Extensions)34 b(of)e
+Fw(While)65 b Fu(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g
+(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)44
+b(230)430 3847 y(D.3)73 b(Static)32 b(program)f(analysis)h(.)50
+b(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g
+(.)g(.)g(.)g(.)g(.)g(.)g(.)44 b(230)283 4065 y Fw(Bibliograph)m(y)2675
+b(233)283 4282 y(Index)38 b(of)g(Sym)m(b)s(ols)2454 b(235)283
+4500 y(Index)3029 b(237)p eop
+%%Page: 7 5
+7 4 bop 0 1180 a Fv(List)77 b(of)g(T)-19 b(ables)146
+1632 y Fu(1.1)100 b(The)33 b(seman)m(tics)g(of)f(arithmetic)f
+(expressions)f(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g
+(.)g(.)g(.)93 b(13)146 1752 y(1.2)100 b(The)33 b(seman)m(tics)g(of)f(b)
+s(o)s(olean)f(expressions)63 b(.)49 b(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g
+(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(14)146 1956 y(2.1)100
+b(Natural)31 b(seman)m(tics)i(for)f Fw(While)24 b Fu(.)50
+b(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h
+(.)g(.)g(.)g(.)93 b(20)146 2076 y(2.2)100 b(Structural)32
+b(op)s(erational)e(seman)m(tics)j(for)f Fw(While)98 b
+Fu(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93
+b(33)146 2197 y(2.3)100 b(Natural)31 b(seman)m(tics)i(for)f(statemen)m
+(ts)h(of)f Fw(Blo)s(c)m(k)53 b Fu(.)d(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f
+(.)h(.)g(.)g(.)g(.)93 b(52)146 2317 y(2.4)100 b(Natural)31
+b(seman)m(tics)i(for)f(v)-5 b(ariable)31 b(declarations)55
+b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93
+b(52)146 2437 y(2.5)100 b(Natural)31 b(seman)m(tics)i(for)f
+Fw(Pro)s(c)g Fu(with)g(dynamic)g(scop)s(e)h(rules)51
+b(.)f(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(54)146 2558 y(2.6)100
+b(Pro)s(cedure)33 b(calls)f(in)g(case)h(of)f(mixed)g(scop)s(e)h(rules)g
+(\(c)m(ho)s(ose)g(one\))69 b(.)49 b(.)h(.)g(.)g(.)g(.)93
+b(56)146 2678 y(2.7)100 b(Natural)31 b(seman)m(tics)i(for)f(v)-5
+b(ariable)31 b(declarations)g(using)h(lo)s(cations)82
+b(.)50 b(.)g(.)g(.)g(.)93 b(58)146 2798 y(2.8)100 b(Natural)31
+b(seman)m(tics)i(for)f Fw(Pro)s(c)g Fu(with)g(static)g(scop)s(e)h
+(rules)101 b(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93
+b(59)146 3002 y(3.1)100 b(Op)s(erational)30 b(seman)m(tics)j(for)f
+Fw(AM)101 b Fu(.)50 b(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g
+(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(65)146 3122 y(3.2)100
+b(T)-8 b(ranslation)31 b(of)h(expressions)89 b(.)50 b(.)g(.)g(.)g(.)g
+(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)
+93 b(70)146 3243 y(3.3)100 b(T)-8 b(ranslation)31 b(of)h(statemen)m(ts)
+h(in)f Fw(While)50 b Fu(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g
+(.)f(.)h(.)g(.)g(.)g(.)93 b(71)146 3446 y(4.1)100 b(Denotational)30
+b(seman)m(tics)i(for)g Fw(While)g Fu(.)50 b(.)g(.)f(.)h(.)g(.)g(.)g(.)g
+(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)93 b(86)146
+3566 y(4.2)100 b(Denotational)30 b(seman)m(tics)i(for)g
+Fw(While)f Fu(using)i(lo)s(cations)58 b(.)50 b(.)g(.)g(.)g(.)f(.)h(.)g
+(.)g(.)g(.)44 b(119)146 3687 y(4.3)100 b(Denotational)30
+b(seman)m(tics)i(for)g(v)-5 b(ariable)31 b(declarations)63
+b(.)50 b(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44 b(121)146
+3807 y(4.4)100 b(Denotational)30 b(seman)m(tics)i(for)g(non-recursiv)m
+(e)i(pro)s(cedure)g(declarations)71 b(.)50 b(.)44 b(122)146
+3928 y(4.5)100 b(Denotational)30 b(seman)m(tics)i(for)g
+Fw(Pro)s(c)93 b Fu(.)50 b(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g
+(.)g(.)f(.)h(.)g(.)g(.)g(.)44 b(123)146 4048 y(4.6)100
+b(Denotational)30 b(seman)m(tics)i(for)g(recursiv)m(e)i(pro)s(cedure)g
+(declarations)c(.)50 b(.)g(.)g(.)g(.)44 b(125)146 4168
+y(4.7)100 b(Con)m(tin)m(uation)31 b(st)m(yle)j(seman)m(tics)e(for)g
+Fw(While)27 b Fu(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g
+(.)g(.)g(.)44 b(128)146 4289 y(4.8)100 b(Con)m(tin)m(uation)31
+b(st)m(yle)j(seman)m(tics)e(for)g Fw(Exc)61 b Fu(.)49
+b(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44
+b(130)146 4492 y(5.1)100 b(Analysis)32 b(of)g(expressions)62
+b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)
+g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44 b(143)146 4613 y(5.2)100
+b(Analysis)32 b(of)g(statemen)m(ts)i(in)d Fw(While)100
+b Fu(.)50 b(.)g(.)f(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g
+(.)g(.)g(.)44 b(144)146 4816 y(6.1)100 b(Axiomatic)30
+b(system)k(for)e(partial)e(correctness)84 b(.)50 b(.)g(.)g(.)g(.)g(.)g
+(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44 b(178)146 4936
+y(6.2)100 b(Axiomatic)30 b(system)k(for)e(total)f(correctness)88
+b(.)50 b(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)h(.)g(.)g(.)g(.)44
+b(192)146 5057 y(6.3)100 b(Exact)33 b(execution)g(times)f(for)g
+(expressions)54 b(.)49 b(.)h(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)g(.)f(.)
+h(.)g(.)g(.)g(.)44 b(202)146 5177 y(6.4)100 b(Natural)31
+b(seman)m(tics)i(for)f Fw(While)f Fu(with)h(exact)h(execution)h(times)
+79 b(.)49 b(.)h(.)g(.)g(.)g(.)44 b(203)146 5297 y(6.5)100
+b(Axiomatic)30 b(system)k(for)e(order)g(of)h(magnitude)e(of)h
+(execution)h(time)46 b(.)k(.)g(.)g(.)g(.)44 b(204)1683
+5849 y(vii)p eop
+%%Page: 8 6
+8 5 bop 251 130 a Fw(viii)2654 b(List)37 b(of)h(T)-9
+b(ables)p 251 193 3473 4 v eop
+%%Page: 9 7
+9 6 bop 0 1180 a Fv(Preface)0 1632 y Fu(Man)m(y)37 b(b)s(o)s(oks)f(on)h
+(formal)c(seman)m(tics)k(b)s(egin)e(b)m(y)i(explaining)e(that)h(there)g
+(are)h(three)f(ma)5 b(jor)0 1752 y(approac)m(hes)34 b(to)e(seman)m
+(tics,)h(that)f(is)145 1923 y Ft(\017)49 b Fu(op)s(erational)30
+b(seman)m(tics,)145 2115 y Ft(\017)49 b Fu(denotational)30
+b(seman)m(tics,)j(and)145 2308 y Ft(\017)49 b Fu(axiomatic)30
+b(seman)m(tics;)0 2478 y(but)36 b(then)g(they)h(go)e(on)h(to)f(study)i
+(just)f Fs(one)43 b Fu(of)35 b(these)i(in)e(greater)g(detail.)52
+b(The)36 b(purp)s(ose)h(of)0 2598 y(this)32 b(b)s(o)s(ok)g(is)g(to)145
+2769 y Ft(\017)49 b Fu(presen)m(t)34 b(the)f Fs(fundamental)h(ide)-5
+b(as)40 b Fu(b)s(ehind)32 b Fs(al)5 b(l)43 b Fu(of)32
+b(these)i(approac)m(hes,)145 2961 y Ft(\017)49 b Fu(to)25
+b(stress)i(their)d Fs(r)-5 b(elationship)30 b Fu(b)m(y)d(form)m
+(ulating)22 b(and)j(pro)m(ving)g(the)h(relev)-5 b(an)m(t)25
+b(theorems,)244 3082 y(and)145 3274 y Ft(\017)49 b Fu(to)i(illustrate)f
+(the)i Fs(applic)-5 b(ability)60 b Fu(of)51 b(formal)e(seman)m(tics)j
+(as)g(a)f(to)s(ol)f(in)h(computer)244 3395 y(science)q(.)0
+3565 y(This)45 b(is)g(an)g(am)m(bitious)e(goal)h(and)h(to)f(ac)m(hiev)m
+(e)j(it,)g(the)f(bulk)f(of)f(the)i(dev)m(elopmen)m(t)g(con-)0
+3685 y(cen)m(trates)37 b(on)f(a)g(rather)f(small)f(core)i(language)f
+(of)g Fr(while)p Fu(-programs)h(for)f(whic)m(h)h(the)h(three)0
+3806 y(approac)m(hes)e(are)g(dev)m(elop)s(ed)g(to)f(roughly)f(the)i
+(same)f(lev)m(el)g(of)f(sophistication.)47 b(T)-8 b(o)34
+b(demon-)0 3926 y(strate)f(the)g Fs(applic)-5 b(ability)40
+b Fu(of)32 b(formal)f(seman)m(tics)h(w)m(e)i(sho)m(w)145
+4097 y Ft(\017)49 b Fu(ho)m(w)34 b(to)g(use)g(seman)m(tics)g(for)f(v)-5
+b(alidating)31 b(protot)m(yp)s(e)j(implemen)m(tations)d(of)i(program-)
+244 4217 y(ming)e(languages,)145 4409 y Ft(\017)49 b
+Fu(ho)m(w)41 b(to)g(use)g(seman)m(tics)g(for)g(v)m(erifying)f(analyses)
+h(used)h(in)e(more)g(adv)-5 b(anced)42 b(imple-)244 4530
+y(men)m(tations)32 b(of)g(programming)d(languages,)j(and)145
+4722 y Ft(\017)49 b Fu(ho)m(w)29 b(to)g(use)h(seman)m(tics)f(for)f(v)m
+(erifying)h(useful)g(program)e(prop)s(erties)i(including)e(infor-)244
+4843 y(mation)j(ab)s(out)j(execution)g(time.)0 5013 y(The)k(dev)m
+(elopmen)m(t)f(is)f Fs(intr)-5 b(o)g(ductory)45 b Fu(as)36
+b(is)f(already)g(re\015ected)i(in)e(the)h(title.)51 b(F)-8
+b(or)35 b(this)g(rea-)0 5133 y(son)c(v)m(ery)i(man)m(y)e(adv)-5
+b(anced)32 b(concepts)h(within)d(op)s(erational,)f(denotational)g(and)i
+(axiomatic)0 5254 y(seman)m(tics)36 b(ha)m(v)m(e)h(had)f(to)f(b)s(e)h
+(omitted.)52 b(Also)35 b(w)m(e)i(ha)m(v)m(e)g(had)f(to)f(omit)f
+(treatmen)m(t)i(of)f(other)0 5374 y(approac)m(hes)26
+b(to)f(seman)m(tics,)h(for)f(example)f(P)m(etri-nets)h(and)g(temp)s
+(oral)e(logic.)39 b(Some)24 b(p)s(oin)m(ters)0 5494 y(to)32
+b(further)h(reading)f(are)h(giv)m(en)f(in)g(Chapter)h(7.)1697
+5849 y(ix)p eop
+%%Page: 10 8
+10 7 bop 251 130 a Fw(x)3050 b(Preface)p 251 193 3473
+4 v 283 419 V 283 3790 4 3371 v 1711 1523 a Fq(\010)1628
+1565 y(\010)1545 1606 y(\010)1462 1648 y(\010)1379 1689
+y(\010)1296 1731 y(\010)1279 1739 y(\010)1711 2270 y(\010)1628
+2312 y(\010)1545 2353 y(\010)1462 2395 y(\010)1379 2437
+y(\010)1296 2478 y(\010)1279 2486 y(\010)1711 3018 y(\010)1628
+3059 y(\010)1545 3101 y(\010)1462 3142 y(\010)1379 3184
+y(\010)1296 3225 y(\010)1279 3234 y(\010)2126 1523 y(H)2209
+1565 y(H)2292 1606 y(H)2375 1648 y(H)2458 1689 y(H)2541
+1731 y(H)2558 1739 y(H)2126 2270 y(H)2209 2312 y(H)2292
+2353 y(H)2375 2395 y(H)2458 2437 y(H)2541 2478 y(H)2558
+2486 y(H)2126 3018 y(H)2209 3059 y(H)2292 3101 y(H)2375
+3142 y(H)2458 3184 y(H)2541 3225 y(H)2558 3234 y(H)p
+1959 1208 4 308 v 1959 1955 4 474 v 1959 2702 V 1959
+3408 4 432 v 1711 765 485 4 v 1711 903 4 139 v 1739 859
+a Fu(Chapter)34 b(1)p 2192 903 V 1711 906 485 4 v 1587
+1234 735 4 v 1587 1465 4 232 v 1740 1328 a(Chapter)f(2)1615
+1440 y(Sections)g(2.1{2.3)p 2318 1465 V 1587 1468 735
+4 v 798 1762 V 798 1880 4 118 v 826 1855 a(Sections)g(2.4{2.5)p
+1529 1880 V 798 1883 735 4 v 2541 1761 485 4 v 2541 1900
+4 139 v 1065 w(Chapter)g(3)p 3023 1900 V 2541 1903 485
+4 v 1587 1981 735 4 v 1587 2212 4 232 v 1740 2075 a(Chapter)g(4)1615
+2187 y(Sections)g(4.1{4.4)p 2318 2212 V 1587 2215 735
+4 v 881 2510 523 4 v 881 2627 4 118 v 909 2603 a(Section)g(4.5)p
+1400 2627 V 881 2630 523 4 v 2541 2508 485 4 v 2541 2647
+4 139 v 1194 w(Chapter)g(5)p 3023 2647 V 2541 2650 485
+4 v 1587 2728 735 4 v 1587 2960 4 232 v 1740 2822 a(Chapter)g(6)1615
+2935 y(Sections)g(6.1{6.3)p 2318 2960 V 1587 2963 735
+4 v 881 3257 523 4 v 881 3375 4 118 v 909 3350 a(Section)g(6.4)p
+1400 3375 V 881 3378 523 4 v 2541 3257 V 2541 3375 4
+118 v 1194 w(Section)f(6.5)p 3061 3375 V 2541 3378 523
+4 v 1711 3422 485 4 v 1711 3560 4 139 v 1739 3516 a(Chapter)i(7)p
+2192 3560 V 1711 3563 485 4 v 3753 3790 4 3371 v 283
+3793 3473 4 v 283 4078 a Fp(Ov)l(erview)283 4281 y Fu(As)26
+b(is)e(illustrated)e(in)i(the)h(dep)s(endency)i(diagram,)d(Chapters)h
+(1,)h(2,)g(4,)g(6)e(and)h(7)f(form)g(the)g(core)283 4402
+y(of)34 b(the)g(b)s(o)s(ok.)47 b(Chapter)35 b(1)f(in)m(tro)s(duces)g
+(the)h(example)e(language)g(of)g Fr(while)p Fu(-programs)h(that)283
+4522 y(is)28 b(used)h(throughout)f(the)h(b)s(o)s(ok.)41
+b(In)29 b(Chapter)g(2)e(w)m(e)j(co)m(v)m(er)f(t)m(w)m(o)g(approac)m
+(hes)g(to)f Fs(op)-5 b(er)g(ational)283 4642 y(semantics)p
+Fu(,)43 b(the)f(natural)e(seman)m(tics)h(of)g(G.)g(Kahn)g(and)g(the)h
+(structural)f(op)s(erational)e(se-)283 4763 y(man)m(tics)30
+b(of)g(G.)h(Plotkin.)41 b(Chapter)32 b(4)e(dev)m(elops)i(the)f
+Fs(denotational)h(semantics)38 b Fu(of)30 b(D.)i(Scott)283
+4883 y(and)40 b(C.)h(Strac)m(hey)g(including)d(simple)h(\014xed)i(p)s
+(oin)m(t)e(theory)-8 b(.)66 b(Chapter)40 b(6)g(in)m(tro)s(duces)g
+Fs(pr)-5 b(o-)283 5004 y(gr)g(am)33 b(veri\014c)-5 b(ation)36
+b Fu(based)31 b(on)f(op)s(erational)e(and)i(denotational)e(seman)m
+(tics)j(and)f(go)s(es)g(on)g(to)283 5124 y(presen)m(t)e(the)e
+(axiomatic)d(approac)m(h)j(due)h(to)e(C.)h(A.)g(R.)f(Hoare.)42
+b(Finally)-8 b(,)24 b(Chapter)i(7)g(con)m(tains)283 5244
+y(suggestions)34 b(for)e(further)g(reading.)430 5374
+y(The)i(\014rst)f(three)h(or)f(four)f(sections)i(of)f(eac)m(h)g(of)g
+(the)g(Chapters)i(2,)e(4)f(and)i(6)e(are)h(dev)m(oted)283
+5494 y(to)i(the)h(language)d(of)i Fr(while)p Fu(-programs)g(and)g(co)m
+(v)m(ers)i(sp)s(eci\014cation)d(as)i(w)m(ell)e(as)h(theoretical)p
+eop
+%%Page: 11 9
+11 8 bop 0 130 a Fw(Preface)3019 b(xi)p 0 193 3473 4
+v 0 515 a Fu(asp)s(ects.)44 b(In)32 b(eac)m(h)g(of)f(the)g(c)m(hapters)
+i(w)m(e)f(extend)h(the)e Fr(while)p Fu(-language)g(with)g(v)-5
+b(arious)30 b(other)0 636 y(constructs)c(and)e(the)g(emphasis)g(is)f
+(here)i(on)f(sp)s(eci\014cation)g(rather)g(than)g(theory)-8
+b(.)41 b(In)24 b(Sections)0 756 y(2.4)39 b(and)h(2.5)g(w)m(e)h
+(consider)f(extensions)h(with)e(ab)s(ortion,)i(non-determinism,)e
+(parallelism,)0 877 y(blo)s(c)m(k)33 b(constructs,)h(dynamic)f(and)g
+(static)f(pro)s(cedures,)j(and)e(non-recursiv)m(e)h(and)f(recursiv)m(e)
+0 997 y(pro)s(cedures.)86 b(In)47 b(Section)f(4.5)g(w)m(e)i(consider)e
+(extensions)i(of)e(the)h Fr(while)p Fu(-language)f(with)0
+1117 y(static)37 b(pro)s(cedures)i(that)e(ma)m(y)h(or)f(ma)m(y)g(not)h
+(b)s(e)f(recursiv)m(e)i(and)f(w)m(e)h(sho)m(w)f(ho)m(w)g(to)g(handle)0
+1238 y(exceptions,)e(that)d(is,)h(certain)g(kinds)g(of)g(jumps.)47
+b(Finally)-8 b(,)32 b(in)h(Section)h(6.4)f(w)m(e)i(consider)f(an)0
+1358 y(extension)c(with)e(non-recursiv)m(e)i(and)f(recursiv)m(e)i(pro)s
+(cedures)f(and)f(w)m(e)h(also)e(sho)m(w)i(ho)m(w)g(total)0
+1478 y(correctness)46 b(prop)s(erties)e(are)f(handled.)77
+b(The)45 b(sections)g(on)e(extending)i(the)f(op)s(erational,)0
+1599 y(denotational)31 b(and)h(axiomatic)e(seman)m(tics)j(ma)m(y)g(b)s
+(e)f(studied)h(in)f(an)m(y)h(order.)146 1728 y(The)d(applicabilit)m(y)c
+(of)j(op)s(erational,)e(denotational)g(and)i(axiomatic)e(seman)m(tics)i
+(is)g(illus-)0 1848 y(trated)h(in)f(Chapters)j(3,)e(5)g(and)g(6.)42
+b(In)31 b(Chapter)f(3)g(w)m(e)h(sho)m(w)g(ho)m(w)g(to)f(pro)m(v)m(e)h
+(the)f(correctness)0 1969 y(of)37 b(a)g(simple)f(compiler)f(for)i(the)h
+Fr(while)p Fu(-language)f(using)g(the)h(op)s(erational)d(seman)m(tics.)
+58 b(In)0 2089 y(Chapter)35 b(5)f(w)m(e)i(pro)m(v)m(e)g(an)e(analysis)g
+(for)g(the)g Fr(while)p Fu(-language)h(correct)g(using)f(the)h(denota-)
+0 2209 y(tional)f(seman)m(tics.)54 b(Finally)-8 b(,)34
+b(in)h(Section)h(6.5)g(w)m(e)h(extend)g(the)g(axiomatic)c(approac)m(h)k
+(so)f(as)0 2330 y(to)c(obtain)g(information)d(ab)s(out)j(execution)h
+(time)f(of)g Fr(while)p Fu(-programs.)146 2459 y(App)s(endix)27
+b(A)g(reviews)h(the)f(mathematical)c(notation)i(on)h(whic)m(h)i(this)e
+(b)s(o)s(ok)g(is)g(based.)42 b(It)0 2579 y(is)30 b(mostly)g(standard)g
+(notation)g(but)g(some)h(ma)m(y)f(\014nd)h(our)f(use)i(of)e
+Fo(,)-17 b Ft(!)30 b Fu(and)h Ft(\005)e Fu(non-standard.)0
+2700 y(W)-8 b(e)38 b(use)g Fs(D)47 b Fo(,)-17 b Ft(!)37
+b Fs(E)50 b Fu(for)37 b(the)g(set)h(of)f Fs(p)-5 b(artial)48
+b Fu(functions)37 b(from)f Fs(D)47 b Fu(to)37 b Fs(E)12
+b Fu(;)38 b(this)f(is)g(b)s(ecause)h(w)m(e)0 2820 y(\014nd)j(that)g
+(the)g Fs(D)50 b Fo(*)40 b Fs(E)53 b Fu(notation)39 b(is)i(to)s(o)e
+(easily)h(o)m(v)m(erlo)s(ok)m(ed.)69 b(Also)41 b(w)m(e)g(use)h
+Fs(R)j Ft(\005)39 b Fs(S)53 b Fu(for)0 2940 y(the)32
+b(comp)s(osition)d(of)i(binary)h(relations)e Fs(R)36
+b Fu(and)31 b Fs(S)12 b Fu(;)32 b(this)f(is)g(b)s(ecause)i(of)e(the)h
+(di\013eren)m(t)g(order)0 3061 y(of)44 b(comp)s(osition)e(used)k(for)e
+(relations)f(and)h(functions.)79 b(When)46 b(dealing)d(with)h
+(axiomatic)0 3181 y(seman)m(tics)c(w)m(e)h(use)f(form)m(ulae)e
+Ft(f)i Fs(P)50 b Ft(g)39 b Fs(S)52 b Ft(f)39 b Fs(Q)49
+b Ft(g)40 b Fu(for)f(partial)e(correctness)42 b(assertions)e(but)0
+3302 y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32
+b(+)h Fs(Q)41 b Ft(g)28 b Fu(for)g(total)e(correctness)31
+b(assertions)d(b)s(ecause)i(the)e(explicit)f(o)s(ccurrence)j(of)0
+3422 y Ft(+)i Fu(\(for)g(termination\))e(ma)m(y)j(prev)m(en)m(t)h(the)f
+(studen)m(t)h(from)e(confusing)g(the)h(t)m(w)m(o)g(systems.)146
+3551 y(App)s(endices)27 b(B,)f(C)g(and)g(D)f(con)m(tain)g(implemen)m
+(tations)e(of)i(some)h(of)f(the)h(seman)m(tic)g(sp)s(eci-)0
+3671 y(\014cations)e(using)g(the)g(functional)e(language)h
+Fw(Miranda)p Fu(.)2073 3635 y Fn(1)2154 3671 y Fu(The)i(in)m(ten)m
+(tion)f(is)f(that)h(the)g(abilit)m(y)0 3792 y(to)39 b(exp)s(erimen)m(t)
+h(with)g(seman)m(tic)f(de\014nitions)g(enhances)j(the)e(understanding)g
+(of)f(material)0 3912 y(that)32 b(is)f(often)h(regarded)h(as)f(b)s
+(eing)f(terse)i(and)g(hea)m(vy)g(with)f(formalism.)40
+b(It)32 b(should)g(b)s(e)g(p)s(os-)0 4032 y(sible)j(to)g(rew)m(ork)i
+(these)g(implemen)m(tations)c(in)i(an)m(y)h(functional)f(language)f
+(but)i(if)f(an)g(eager)0 4153 y(language)42 b(\(lik)m(e)g
+Fw(Standard)i(ML)p Fu(\))f(is)f(used,)47 b(great)42 b(care)h(m)m(ust)g
+(b)s(e)g(tak)m(en)h(in)e(the)h(imple-)0 4273 y(men)m(tation)37
+b(of)h(the)h(\014xed)h(p)s(oin)m(t)d(com)m(binator.)60
+b(Ho)m(w)m(ev)m(er,)42 b(no)d(con)m(tin)m(uit)m(y)f(is)g(lost)g(if)f
+(these)0 4394 y(app)s(endices)c(are)g(ignored.)0 4618
+y Fp(Notes)46 b(for)f(the)g(instructor)0 4820 y Fu(The)35
+b(reader)g(should)g(preferably)f(b)s(e)h(acquain)m(ted)g(with)f(the)h
+(BNF-st)m(yle)g(of)f(sp)s(ecifying)g(the)0 4941 y(syn)m(tax)e(of)e
+(programming)d(languages)i(and)i(should)f(b)s(e)g(familiar)c(with)k
+(most)g(of)g(the)g(mathe-)0 5061 y(matical)c(concepts)k(surv)m(ey)m(ed)
+h(in)d(App)s(endix)h(A.)g(T)-8 b(o)29 b(appreciate)f(the)h(protot)m(yp)
+s(e)g(implemen-)0 5181 y(tations)j(of)g(the)h(app)s(endices)h(some)f
+(exp)s(erience)h(in)e(functional)f(programming)f(is)i(required.)p
+0 5304 1389 4 v 112 5365 a Fm(1)149 5395 y Fl(Miranda)24
+b Fk(is)f(a)g(trademark)f(of)h(Researc)n(h)e(Soft)n(w)n(are)h(Limited,)
+j(23)d(St)i(Augustines)f(Road,)h(Can)n(terbury)-7 b(,)0
+5494 y(Ken)n(t)27 b(CT1)g(1XP)-7 b(,)27 b(UK.)p eop
+%%Page: 12 10
+12 9 bop 251 130 a Fw(xii)2986 b(Preface)p 251 193 3473
+4 v 283 515 a Fu(W)-8 b(e)24 b(ha)m(v)m(e)g(ourselv)m(es)h(used)f(this)
+f(b)s(o)s(ok)g(for)f(an)h(undergraduate)h(course)g(at)f(Aarh)m(us)h
+(Univ)m(ersit)m(y)283 636 y(in)32 b(whic)m(h)h(the)g(required)g
+(functional)e(programming)f(is)i(in)m(tro)s(duced)h(\\on-the-\015y".)
+430 756 y(W)-8 b(e)48 b(pro)m(vide)g(t)m(w)m(o)g(kinds)g(of)f
+(exercises.)90 b(One)48 b(kind)f(helps)h(the)g(studen)m(t)h(in)e
+(his/her)283 877 y(understanding)31 b(of)e(the)h
+(de\014nitions/results/tec)m(hniques)h(used)g(in)e(the)h(text.)44
+b(In)30 b(particular)283 997 y(there)38 b(are)e(exercises)j(that)d(ask)
+h(the)g(studen)m(t)i(to)d(pro)m(v)m(e)i(auxiliary)c(results)j(needed)h
+(for)e(the)283 1117 y(main)23 b(results)i(but)f(then)h(the)g(pro)s(of)f
+(tec)m(hniques)i(will)c(b)s(e)i(minor)f(v)-5 b(ariations)22
+b(of)i(those)h(already)283 1238 y(explained)37 b(in)g(the)h(text.)58
+b(W)-8 b(e)38 b(ha)m(v)m(e)g(mark)m(ed)g(those)g(exercises)h(whose)f
+(results)g(are)f(needed)283 1358 y(later)d(b)m(y)i(\\)p
+Fw(\(Essen)m(tial\))p Fu(".)47 b(The)36 b(other)f(kind)g(of)f
+(exercises)i(are)f(more)f(c)m(hallenging)f(in)h(that)283
+1478 y(they)g(extend)g(the)g(dev)m(elopmen)m(t,)f(for)g(example)f(b)m
+(y)i(relating)d(it)h(to)g(other)h(approac)m(hes.)45 b(W)-8
+b(e)283 1599 y(use)36 b(a)e(star)h(to)f(mark)g(the)h(more)f(di\016cult)
+f(of)h(these)i(exercises.)52 b(Exercises)36 b(mark)m(ed)f(b)m(y)g(t)m
+(w)m(o)283 1719 y(stars)42 b(are)e(rather)h(length)m(y)g(and)f(ma)m(y)h
+(require)g(insigh)m(t)e(not)i(otherwise)g(presen)m(ted)i(in)c(the)283
+1840 y(b)s(o)s(ok.)70 b(It)42 b(will)d(not)i(b)s(e)h(necessary)h(for)e
+(studen)m(ts)j(to)d(attempt)g(all)e(the)j(exercises)h(but)f(w)m(e)283
+1960 y(do)33 b(recommend)f(that)g(they)i(read)f(them)f(and)h(try)f(to)h
+(understand)h(what)e(the)h(exercises)i(are)283 2080 y(ab)s(out.)283
+2369 y Fp(Ac)l(kno)l(wledgemen)l(ts)283 2554 y Fu(In)47
+b(writing)d(this)h(b)s(o)s(ok)h(w)m(e)g(ha)m(v)m(e)h(b)s(een)g(greatly)
+e(assisted)i(b)m(y)f(the)g(commen)m(ts)g(and)g(sug-)283
+2674 y(gestions)h(pro)m(vided)g(b)m(y)g(colleagues)f(and)g(review)m
+(ers)i(and)e(b)m(y)i(studen)m(ts)g(and)f(instructors)283
+2795 y(at)c(Aarh)m(us)h(Univ)m(ersit)m(y)-8 b(.)75 b(This)43
+b(includes)g(Anders)h(Gammelgaard,)f(Chris)g(Hankin,)i(T)-8
+b(or-)283 2915 y(b)s(en)40 b(Am)m(toft)e(Hansen,)j(Jens)f(P)m(alsb)s
+(erg)f(J\034rgensen,)j(Ernst-R)s(\177)-51 b(udiger)37
+b(Olderog,)j(Da)m(vid)e(A.)283 3035 y(Sc)m(hmidt,)29
+b(Kirsten)f(L.)g(Solb)s(erg)f(and)h(Bernhard)g(Ste\013en.)43
+b(Sp)s(ecial)27 b(thanks)i(are)f(due)g(to)g(Stef-)283
+3156 y(fen)g(Grarup,)g(Jacob)g(Seligmann,)f(and)g(Bettina)g(Blaab)s
+(erg)f(S\034rensen)j(for)e(their)g(en)m(th)m(usiasm)283
+3276 y(and)33 b(great)f(care)h(in)f(reading)g(preliminary)e(v)m
+(ersions.)283 3633 y(Aarh)m(us,)k(Octob)s(er)f(1991)1721
+b(Hanne)33 b(Riis)e(Nielson)2985 3800 y(Flemming)e(Nielson)283
+4089 y Fp(Revised)46 b(Edition)283 4274 y Fu(In)36 b(this)f(revised)i
+(edition)d(w)m(e)i(ha)m(v)m(e)h(corrected)g(a)e(n)m(um)m(b)s(er)h(of)f
+(t)m(yp)s(ographical)f(errors)i(and)f(a)283 4394 y(few)h(mistak)m(es;)h
+(ho)m(w)m(ev)m(er,)i(no)c(ma)5 b(jor)34 b(c)m(hanges)j(ha)m(v)m(e)f(b)s
+(een)h(made.)51 b(Since)35 b(the)h(publication)283 4515
+y(of)49 b(the)g(\014rst)g(edition)e(w)m(e)j(ha)m(v)m(e)g(obtained)e
+(helpful)g(commen)m(ts)g(from)g(Jens)i(Kno)s(op)e(and)283
+4635 y(Anders)35 b(Sandholm.)45 b(The)34 b(w)m(ebpage)h(for)e(the)h(b)s
+(o)s(ok)f(no)m(w)h(also)e(con)m(tains)i(implemen)m(tations)283
+4756 y(of)f(App)s(endices)g(B,)g(C)g(and)g(D)f(in)g(Gofer)f(as)i(w)m
+(ell)f(as)h(in)f(Miranda.)283 5112 y(Aarh)m(us,)i(July)e(1999)1883
+b(Hanne)33 b(Riis)e(Nielson)2985 5280 y(Flemming)e(Nielson)p
+eop
+%%Page: 1 11
+1 10 bop 0 1183 a Fv(Chapter)78 b(1)0 1602 y(In)-6 b(tro)6
+b(duction)0 2058 y Fu(The)34 b(purp)s(ose)f(of)f(this)g(b)s(o)s(ok)g
+(is)145 2279 y Ft(\017)49 b Fu(to)32 b(describ)s(e)h(some)g(of)f(the)h
+(main)e(ideas)h(and)h(metho)s(ds)f(used)i(in)e(seman)m(tics,)145
+2501 y Ft(\017)49 b Fu(to)32 b(illustrate)f(these)i(on)g(in)m
+(teresting)f(applications,)f(and)145 2722 y Ft(\017)49
+b Fu(to)32 b(in)m(v)m(estigate)h(the)g(relationship)d(b)s(et)m(w)m(een)
+35 b(the)e(v)-5 b(arious)32 b(metho)s(ds.)0 2944 y(F)-8
+b(ormal)47 b(seman)m(tics)k(is)e(concerned)j(with)d(rigorously)g(sp)s
+(ecifying)g(the)i(meaning,)i(or)d(b)s(e-)0 3064 y(ha)m(viour,)32
+b(of)g(programs,)g(pieces)i(of)e(hardw)m(are)h(etc.)44
+b(The)34 b(need)f(for)f(rigour)g(arises)g(b)s(ecause)145
+3286 y Ft(\017)49 b Fu(it)31 b(can)i(rev)m(eal)g(am)m(biguities)d(and)i
+(subtle)h(complexities)e(in)h(apparen)m(tly)g(crystal)h(clear)244
+3406 y(de\014ning)f(do)s(cumen)m(ts)i(\(for)e(example)g(programming)d
+(language)j(man)m(uals\),)f(and)145 3627 y Ft(\017)49
+b Fu(it)36 b(can)i(form)f(the)h(basis)f(for)g(implemen)m(tation,)f
+(analysis)h(and)g(v)m(eri\014cation)g(\(in)g(par-)244
+3748 y(ticular)31 b(pro)s(ofs)h(of)g(correctness\).)0
+3969 y(W)-8 b(e)30 b(will)d(use)k(informal)26 b(set)31
+b(theoretic)e(notation)g(\(review)m(ed)i(in)d(App)s(endix)j(A\))e(to)g
+(represen)m(t)0 4090 y(seman)m(tic)40 b(concepts.)67
+b(This)40 b(will)e(su\016ce)j(in)e(this)h(b)s(o)s(ok)f(but)i(for)e
+(other)h(purp)s(oses)h(greater)0 4210 y(notational)25
+b(precision)i(\(that)g(is,)h(formalit)m(y\))d(ma)m(y)i(b)s(e)g(needed,)
+j(for)d(example)g(when)i(pro)s(cess-)0 4330 y(ing)j(seman)m(tic)h
+(descriptions)f(b)m(y)i(mac)m(hine)f(as)g(in)f(seman)m(tics)h(directed)
+g(compiler-compilers)0 4451 y(or)f(mac)m(hine)g(assisted)i(pro)s(of)d
+(c)m(hec)m(k)m(ers.)0 4806 y Fj(1.1)161 b(Seman)l(tic)52
+b(description)h(metho)t(ds)0 5032 y Fu(It)45 b(is)f(customary)h(to)f
+(distinguish)f(b)s(et)m(w)m(een)k(the)e(syn)m(tax)i(and)d(the)i(seman)m
+(tics)e(of)h(a)f(pro-)0 5153 y(gramming)34 b(language.)55
+b(The)37 b Fs(syntax)49 b Fu(is)36 b(concerned)j(with)d(the)h
+(grammatical)c(structure)38 b(of)0 5273 y(programs.)43
+b(So)32 b(a)g(syn)m(tactic)i(analysis)e(of)g(the)h(program)244
+5494 y Fr(z)p Fu(:=)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(y)p
+Fu(;)g Fr(y)p Fu(:=)p Fr(z)1712 5849 y Fu(1)p eop
+%%Page: 2 12
+2 11 bop 251 130 a Fw(2)2631 b(1)113 b(In)m(tro)s(duction)p
+251 193 3473 4 v 283 515 a Fu(will)32 b(realize)i(that)g(it)f(consists)
+i(of)f(three)h(statemen)m(ts)g(separated)g(b)m(y)h(the)e(sym)m(b)s(ol)g
+(`;'.)49 b(Eac)m(h)283 636 y(of)36 b(these)i(statemen)m(ts)f(has)g(the)
+g(form)e(of)h(a)g(v)-5 b(ariable)35 b(follo)m(w)m(ed)g(b)m(y)i(the)g
+(comp)s(osite)f(sym)m(b)s(ol)283 756 y(`:=')d(and)g(an)f(expression)i
+(whic)m(h)f(is)f(just)h(a)g(v)-5 b(ariable.)430 878 y(The)42
+b Fs(semantics)48 b Fu(is)40 b(concerned)j(with)d(the)i(meaning)d(of)h
+(grammatically)d(correct)k(pro-)283 998 y(grams.)57 b(So)37
+b(it)f(will)f(express)k(that)e(the)g(meaning)f(of)h(the)g(ab)s(o)m(v)m
+(e)h(program)e(is)g(to)h(exc)m(hange)283 1118 y(the)i(v)-5
+b(alues)38 b(of)f(the)h(v)-5 b(ariables)37 b Fr(x)h Fu(and)g
+Fr(y)g Fu(\(and)g(setting)g Fr(z)g Fu(to)f(the)i(\014nal)e(v)-5
+b(alue)37 b(of)g Fr(y)p Fu(\).)60 b(If)38 b(w)m(e)283
+1239 y(w)m(ere)33 b(to)e(explain)g(this)g(in)g(more)f(detail)g(w)m(e)j
+(w)m(ould)e(lo)s(ok)f(at)h(the)h(grammatical)c(structure)k(of)283
+1359 y(the)h(program)f(and)g(use)i(explanations)e(of)g(the)h(meanings)f
+(of)429 1568 y Ft(\017)48 b Fu(sequences)36 b(of)c(statemen)m(ts)i
+(separated)f(b)m(y)h(`;',)f(and)429 1777 y Ft(\017)48
+b Fu(a)33 b(statemen)m(t)g(consisting)f(of)g(a)g(v)-5
+b(ariable)31 b(follo)m(w)m(ed)g(b)m(y)j(`:=')f(and)f(an)h(expression.)
+283 1986 y(The)e(actual)d(explanations)h(can)h(b)s(e)f(formalized)e(in)
+i(di\013eren)m(t)h(w)m(a)m(ys.)44 b(In)30 b(this)f(b)s(o)s(ok)g(w)m(e)h
+(shall)283 2106 y(consider)j(three)h(approac)m(hes.)44
+b(V)-8 b(ery)34 b(roughly)-8 b(,)32 b(the)h(ideas)f(are)h(as)f(follo)m
+(ws:)283 2315 y Fw(Op)s(erational)37 b(seman)m(tics:)48
+b Fu(The)32 b(meaning)d(of)i(a)f(construct)i(is)e(sp)s(eci\014ed)i(b)m
+(y)f(the)h(compu-)527 2435 y(tation)40 b(it)f(induces)j(when)g(it)e(is)
+g(executed)j(on)d(a)h(mac)m(hine.)67 b(In)41 b(particular,)g(it)f(is)g
+(of)527 2555 y(in)m(terest)33 b Fs(how)43 b Fu(the)33
+b(e\013ect)g(of)g(a)f(computation)f(is)h(pro)s(duced.)283
+2764 y Fw(Denotational)37 b(seman)m(tics:)48 b Fu(Meanings)29
+b(are)g(mo)s(delled)e(b)m(y)i(mathematical)d(ob)5 b(jects)30
+b(that)527 2885 y(represen)m(t)42 b(the)d(e\013ect)i(of)e(executing)h
+(the)f(constructs.)66 b(Th)m(us)41 b Fs(only)47 b Fu(the)40
+b(e\013ect)g(is)f(of)527 3005 y(in)m(terest,)34 b(not)e(ho)m(w)h(it)f
+(is)g(obtained.)283 3214 y Fw(Axiomatic)j(seman)m(tics:)48
+b Fu(Sp)s(eci\014c)i(prop)s(erties)g(of)f(the)h(e\013ect)h(of)e
+(executing)h(the)g(con-)527 3334 y(structs)31 b(are)f(expressed)j(as)c
+Fs(assertions)p Fu(.)42 b(Th)m(us)31 b(there)g(ma)m(y)e(b)s(e)h(asp)s
+(ects)h(of)e(the)i(execu-)527 3455 y(tions)h(that)h(are)f(ignored.)283
+3663 y(T)-8 b(o)32 b(get)g(a)g(feeling)f(for)g(their)h(di\013eren)m(t)g
+(nature)g(let)f(us)i(see)g(ho)m(w)g(they)g(express)h(the)e(meaning)283
+3784 y(of)h(the)g(example)f(program)f(ab)s(o)m(v)m(e.)283
+4079 y Fp(Op)t(erational)47 b(seman)l(tics)f(\(Chapter)g(2\))283
+4266 y Fu(An)34 b(op)s(erational)c(explanation)i(of)g(the)h(meaning)f
+(of)g(a)g(construct)i(will)d(tell)g(ho)m(w)j(to)e Fs(exe)-5
+b(cute)283 4387 y Fu(it:)429 4595 y Ft(\017)48 b Fu(T)-8
+b(o)30 b(execute)i(a)e(sequence)j(of)c(statemen)m(ts)i(separated)g(b)m
+(y)g(`;')g(w)m(e)g(execute)h(the)e(individ-)527 4716
+y(ual)i(statemen)m(ts)h(one)g(after)g(the)g(other)f(and)h(from)e(left)h
+(to)g(righ)m(t.)429 4925 y Ft(\017)48 b Fu(T)-8 b(o)31
+b(execute)h(a)f(statemen)m(t)g(consisting)e(of)h(a)h(v)-5
+b(ariable)28 b(follo)m(w)m(ed)i(b)m(y)h(`:=')g(and)g(another)527
+5045 y(v)-5 b(ariable)35 b(w)m(e)j(determine)e(the)i(v)-5
+b(alue)36 b(of)g(the)h(second)h(v)-5 b(ariable)35 b(and)i(assign)f(it)g
+(to)g(the)527 5165 y(\014rst)d(v)-5 b(ariable.)283 5374
+y(W)d(e)34 b(shall)e(record)i(the)g(execution)g(of)f(the)h(example)f
+(program)f(in)h(a)g(state)h(where)h Fr(x)f Fu(has)f(the)283
+5494 y(v)-5 b(alue)32 b Fw(5)p Fu(,)h Fr(y)g Fu(the)g(v)-5
+b(alue)32 b Fw(7)g Fu(and)h Fr(z)g Fu(the)g(v)-5 b(alue)32
+b Fw(0)g Fu(b)m(y)i(the)f(follo)m(wing)d(\\deriv)-5 b(ation)31
+b(sequence":)p eop
+%%Page: 3 13
+3 12 bop 0 130 a Fw(1.1)112 b(Seman)m(tic)37 b(description)f(metho)s
+(ds)1685 b(3)p 0 193 3473 4 v 493 500 a Ft(h)p Fr(z)p
+Fu(:=)p Fr(x)p Fu(;)33 b Fr(x)p Fu(:=)p Fr(y)p Fu(;)g
+Fr(y)p Fu(:=)p Fr(z)p Fu(,)100 b([)p Fr(x)p Ft(7!)p Fw(5)p
+Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p Fu(,)f Fr(z)p Ft(7!)p
+Fw(0)p Fu(])p Ft(i)294 668 y(\))364 b(h)p Fr(x)p Fu(:=)p
+Fr(y)p Fu(;)33 b Fr(y)p Fu(:=)p Fr(z)p Fu(,)100 b([)p
+Fr(x)p Ft(7!)p Fw(5)p Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p
+Fu(,)f Fr(z)p Ft(7!)p Fw(5)p Fu(])p Ft(i)294 835 y(\))629
+b(h)p Fr(y)p Fu(:=)p Fr(z)p Fu(,)100 b([)p Fr(x)p Ft(7!)p
+Fw(7)p Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p Fu(,)f Fr(z)p
+Ft(7!)p Fw(5)p Fu(])p Ft(i)294 1003 y(\))1020 b Fu([)p
+Fr(x)p Ft(7!)p Fw(7)p Fu(,)32 b Fr(y)p Ft(7!)p Fw(5)p
+Fu(,)h Fr(z)p Ft(7!)p Fw(5)p Fu(])0 1193 y(In)45 b(the)f(\014rst)h
+(step)g(w)m(e)h(execute)g(the)f(statemen)m(t)g Fr(z)p
+Fu(:=)p Fr(x)f Fu(and)h(the)f(v)-5 b(alue)44 b(of)g Fr(z)g
+Fu(is)g(c)m(hanged)0 1313 y(to)f Fw(5)g Fu(whereas)i(those)f(of)f
+Fr(x)g Fu(and)h Fr(y)f Fu(are)h(unc)m(hanged.)77 b(The)44
+b(remaining)d(program)h(is)h(no)m(w)0 1434 y Fr(x)p Fu(:=)p
+Fr(y)p Fu(;)33 b Fr(y)p Fu(:=)p Fr(z)q Fu(.)70 b(After)42
+b(the)g(second)g(step)h(the)f(v)-5 b(alue)41 b(of)g Fr(x)h
+Fu(is)f Fw(7)g Fu(and)h(w)m(e)h(are)e(left)g(with)g(the)0
+1554 y(program)32 b Fr(y)p Fu(:=)p Fr(z)p Fu(.)45 b(The)34
+b(third)e(and)h(\014nal)g(step)g(of)g(the)g(computation)f(will)f(c)m
+(hange)j(the)f(v)-5 b(alue)0 1675 y(of)32 b Fr(y)h Fu(to)f
+Fw(5)p Fu(.)44 b(Therefore)34 b(the)f(initial)c(v)-5
+b(alues)32 b(of)g Fr(x)h Fu(and)g Fr(y)g Fu(ha)m(v)m(e)h(b)s(een)f(exc)
+m(hanged,)i(using)d Fr(z)h Fu(as)0 1795 y(a)f(temp)s(orary)g(v)-5
+b(ariable.)146 1915 y(This)45 b(explanation)d(giv)m(es)j(an)f
+Fs(abstr)-5 b(action)51 b Fu(of)43 b(ho)m(w)i(the)f(program)f(is)h
+(executed)i(on)e(a)0 2036 y(mac)m(hine.)65 b(It)40 b(is)g(imp)s(ortan)m
+(t)e(to)h(observ)m(e)j(that)e(it)f(is)g(indeed)i(an)f(abstraction:)57
+b(w)m(e)41 b(ignore)0 2156 y(details)21 b(lik)m(e)g(use)j(of)d
+(registers)i(and)f(addresses)i(for)e(v)-5 b(ariables.)39
+b(So)22 b(the)g(op)s(erational)e(seman)m(tics)0 2277
+y(is)32 b(rather)h(indep)s(enden)m(t)h(of)e(mac)m(hine)g(arc)m
+(hitectures)h(and)g(implemen)m(tation)c(strategies.)146
+2397 y(In)24 b(Chapter)h(2)e(w)m(e)i(shall)d(formalize)f(this)j(kind)f
+(of)h(op)s(erational)d(seman)m(tics)j(whic)m(h)g(is)f(often)0
+2517 y(called)36 b Fs(structur)-5 b(al)40 b(op)-5 b(er)g(ational)38
+b(semantics)44 b Fu(\(or)37 b(small-step)e(seman)m(tics\).)57
+b(An)37 b(alternativ)m(e)0 2638 y(op)s(erational)20 b(seman)m(tics)i
+(is)g(called)f Fs(natur)-5 b(al)25 b(semantics)k Fu(\(or)22
+b(big-step)g(seman)m(tics\))g(and)g(di\013ers)0 2758
+y(from)34 b(the)i(structural)f(op)s(erational)e(seman)m(tics)j(b)m(y)g
+(hiding)e(ev)m(en)j(more)e(execution)h(details.)0 2878
+y(In)e(the)f(natural)g(seman)m(tics)g(the)h(execution)g(of)f(the)h
+(example)e(program)g(in)h(the)h(same)f(state)0 2999 y(as)g(b)s(efore)f
+(will)f(b)s(e)h(represen)m(ted)k(b)m(y)d(the)g(follo)m(wing)d(\\deriv)
+-5 b(ation)31 b(tree":)294 3187 y Ft(h)o Fr(z)p Fu(:=)p
+Fr(x)p Fu(,)j Fs(s)646 3202 y Fn(0)685 3187 y Ft(i)e(!)g
+Fs(s)936 3202 y Fn(1)1293 3187 y Ft(h)p Fr(x)p Fu(:=)p
+Fr(y)p Fu(,)h Fs(s)1645 3202 y Fn(1)1685 3187 y Ft(i)f(!)g
+Fs(s)1936 3202 y Fn(2)p 244 3274 1782 4 v 661 3475 a
+Ft(h)p Fr(z)p Fu(:=)p Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(y)p
+Fu(,)g Fs(s)1278 3490 y Fn(0)1317 3475 y Ft(i)g(!)f Fs(s)1569
+3490 y Fn(2)2293 3475 y Ft(h)p Fr(y)p Fu(:=)p Fr(z)p
+Fu(,)h Fs(s)2645 3490 y Fn(2)2684 3475 y Ft(i)g(!)f Fs(s)2936
+3490 y Fn(3)p 244 3562 2782 4 v 1028 3763 a Ft(h)p Fr(z)p
+Fu(:=)p Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(y)p Fu(;)g Fr(y)p
+Fu(:=)p Fr(z)p Fu(,)g Fs(s)1910 3778 y Fn(0)1950 3763
+y Ft(i)f(!)g Fs(s)2201 3778 y Fn(3)0 3954 y Fu(where)i(w)m(e)f(ha)m(v)m
+(e)h(used)g(the)f(abbreviations:)294 4123 y Fs(s)342
+4138 y Fn(0)481 4123 y Fu(=)99 b([)p Fr(x)p Ft(7!)p Fw(5)p
+Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p Fu(,)g Fr(z)p Ft(7!)o
+Fw(0)p Fu(])294 4290 y Fs(s)342 4305 y Fn(1)481 4290
+y Fu(=)99 b([)p Fr(x)p Ft(7!)p Fw(5)p Fu(,)33 b Fr(y)p
+Ft(7!)p Fw(7)p Fu(,)g Fr(z)p Ft(7!)o Fw(5)p Fu(])294
+4458 y Fs(s)342 4473 y Fn(2)481 4458 y Fu(=)99 b([)p
+Fr(x)p Ft(7!)p Fw(7)p Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p
+Fu(,)g Fr(z)p Ft(7!)o Fw(5)p Fu(])294 4626 y Fs(s)342
+4641 y Fn(3)481 4626 y Fu(=)99 b([)p Fr(x)p Ft(7!)p Fw(7)p
+Fu(,)33 b Fr(y)p Ft(7!)p Fw(5)p Fu(,)g Fr(z)p Ft(7!)o
+Fw(5)p Fu(])0 4816 y(This)i(is)f(to)h(b)s(e)g(read)g(as)g(follo)m(ws:)
+47 b(The)36 b(execution)f(of)g Fr(z)p Fu(:=)p Fr(x)g
+Fu(in)f(the)h(state)h Fs(s)2857 4831 y Fn(0)2931 4816
+y Fu(will)c(result)j(in)0 4936 y(the)30 b(state)g Fs(s)449
+4951 y Fn(1)518 4936 y Fu(and)g(the)g(execution)g(of)f
+Fr(x)p Fu(:=)p Fr(y)h Fu(in)f(state)h Fs(s)2041 4951
+y Fn(1)2110 4936 y Fu(will)d(result)j(in)e(state)i Fs(s)2954
+4951 y Fn(2)2994 4936 y Fu(.)42 b(Therefore)0 5057 y(the)33
+b(execution)h(of)e Fr(z)p Fu(:=)p Fr(x)p Fu(;)h Fr(x)p
+Fu(:=)p Fr(y)h Fu(in)e(state)h Fs(s)1621 5072 y Fn(0)1693
+5057 y Fu(will)e(giv)m(e)h(state)i Fs(s)2366 5072 y Fn(2)2405
+5057 y Fu(.)44 b(F)-8 b(urthermore,)33 b(execution)0
+5177 y(of)k Fr(y)p Fu(:=)p Fr(z)h Fu(in)f(state)h Fs(s)770
+5192 y Fn(2)847 5177 y Fu(will)d(giv)m(e)j(state)g Fs(s)1534
+5192 y Fn(3)1611 5177 y Fu(so)g(in)e(total)h(the)h(execution)g(of)f
+(the)h(program)e(in)0 5297 y(state)d Fs(s)287 5312 y
+Fn(0)359 5297 y Fu(will)d(giv)m(e)j(the)g(resulting)e(state)i
+Fs(s)1600 5312 y Fn(3)1640 5297 y Fu(.)43 b(This)33 b(is)f(expressed)k
+(b)m(y)244 5494 y Ft(h)p Fr(z)p Fu(:=)p Fr(x)p Fu(;)d
+Fr(x)p Fu(:=)p Fr(y)p Fu(;)g Fr(y)p Fu(:=)p Fr(z)p Fu(,)g
+Fs(s)1126 5509 y Fn(0)1165 5494 y Ft(i)g(!)f Fs(s)1417
+5509 y Fn(3)p eop
+%%Page: 4 14
+4 13 bop 251 130 a Fw(4)2631 b(1)113 b(In)m(tro)s(duction)p
+251 193 3473 4 v 283 515 a Fu(but)33 b(no)m(w)h(w)m(e)f(ha)m(v)m(e)h
+(hidden)f(the)g(ab)s(o)m(v)m(e)g(explanation)f(of)g(ho)m(w)h(it)e(w)m
+(as)j(actually)d(obtained.)430 637 y(In)39 b(Chapter)g(3)g(w)m(e)h
+(shall)d(use)j(the)f(natural)f(seman)m(tics)h(as)g(the)g(basis)g(for)f
+(pro)m(ving)g(the)283 758 y(correctness)d(of)d(an)h(implemen)m(tation)c
+(of)j(a)h(simple)e(programming)e(language.)283 1057 y
+Fp(Denotational)48 b(seman)l(tics)e(\(Chapter)g(4\))283
+1246 y Fu(In)38 b(the)f(denotational)e(seman)m(tics)j(w)m(e)g(concen)m
+(trate)g(on)f(the)h Fs(e\013e)-5 b(ct)46 b Fu(of)36 b(executing)i(the)f
+(pro-)283 1366 y(grams)32 b(and)h(w)m(e)h(shall)d(mo)s(del)g(this)h(b)m
+(y)h(mathematical)d(functions:)429 1578 y Ft(\017)48
+b Fu(The)h(e\013ect)g(of)e(a)h(sequence)i(of)e(statemen)m(ts)h
+(separated)f(b)m(y)h(`;')56 b(is)47 b(the)h(functional)527
+1699 y(comp)s(osition)31 b(of)h(the)h(e\013ects)h(of)e(the)h
+(individual)d(statemen)m(ts.)429 1911 y Ft(\017)48 b
+Fu(The)26 b(e\013ect)g(of)e(a)h(statemen)m(t)g(consisting)f(of)h(a)f(v)
+-5 b(ariable)23 b(follo)m(w)m(ed)h(b)m(y)i(`:=')f(and)g(another)527
+2031 y(v)-5 b(ariable)33 b(is)h(the)h(function)f(that)g(giv)m(en)h(a)f
+(state)h(will)d(pro)s(duce)k(a)e(new)h(state:)48 b(it)34
+b(is)g(as)527 2151 y(the)j(original)c(one)j(except)i(that)e(the)g(v)-5
+b(alue)36 b(of)g(the)g(\014rst)h(v)-5 b(ariable)34 b(of)i(the)g
+(statemen)m(t)527 2272 y(is)c(equal)h(to)f(that)g(of)h(the)g(second)g
+(v)-5 b(ariable.)283 2484 y(F)d(or)49 b(the)h(example)e(program)g(w)m
+(e)i(obtain)f(functions)g(written)g Ft(S)8 b Fu([)-17
+b([)p Fr(z)p Fu(:=)p Fr(x)p Fu(])g(])q(,)54 b Ft(S)8
+b Fu([)-17 b([)p Fr(x)p Fu(:=)p Fr(y)p Fu(])g(])q(,)54
+b(and)283 2604 y Ft(S)8 b Fu([)-17 b([)q Fr(y)p Fu(:=)p
+Fr(z)p Fu(])g(])44 b(for)f(eac)m(h)i(of)e(the)g(assignmen)m(t)h
+(statemen)m(ts)g(and)g(for)e(the)i(o)m(v)m(erall)f(program)f(w)m(e)283
+2725 y(get)33 b(the)g(function)527 2937 y Ft(S)8 b Fu([)-17
+b([)q Fr(z)p Fu(:=)p Fr(x)p Fu(;)33 b Fr(x)p Fu(:=)p
+Fr(y)p Fu(;)g Fr(y)p Fu(:=)p Fr(z)p Fu(])-17 b(])34 b(=)e
+Ft(S)8 b Fu([)-17 b([)p Fr(y)p Fu(:=)p Fr(z)p Fu(])g(])34
+b Ft(\016)e(S)8 b Fu([)-17 b([)q Fr(x)p Fu(:=)p Fr(y)p
+Fu(])g(])33 b Ft(\016)g(S)7 b Fu([)-17 b([)q Fr(z)p Fu(:=)p
+Fr(x)p Fu(])g(])283 3149 y(Note)45 b(that)g(the)g Fs(or)-5
+b(der)55 b Fu(of)44 b(the)h(statemen)m(ts)g(ha)m(v)m(e)h(c)m(hanged)g
+(b)s(ecause)g(w)m(e)g(use)f(the)g(usual)283 3269 y(notation)36
+b(for)h(function)g(comp)s(osition)e(where)k(\()p Fs(f)58
+b Ft(\016)37 b Fs(g)9 b Fu(\))37 b Fs(s)46 b Fu(means)37
+b Fs(f)58 b Fu(\()p Fs(g)46 b(s)8 b Fu(\).)58 b(If)37
+b(w)m(e)i(w)m(an)m(t)f(to)283 3390 y(determine)g(the)g(e\013ect)h(of)e
+(executing)i(the)f(program)f(on)g(a)h(particular)e(state)i(then)h(w)m
+(e)g(can)283 3510 y Fs(apply)i Fu(the)33 b(function)f(to)h(that)f
+(state)h(and)g Fs(c)-5 b(alculate)39 b Fu(the)33 b(resulting)f(state)h
+(as)g(follo)m(ws:)527 3722 y Ft(S)8 b Fu([)-17 b([)q
+Fr(z)p Fu(:=)p Fr(x)p Fu(;)33 b Fr(x)p Fu(:=)p Fr(y)p
+Fu(;)g Fr(y)p Fu(:=)p Fr(z)p Fu(])-17 b(])q(\([)p Fr(x)p
+Ft(7!)p Fw(5)p Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p Fu(,)f
+Fr(z)p Ft(7!)p Fw(0)p Fu(]\))796 3890 y(=)g(\()p Ft(S)8
+b Fu([)-17 b([)q Fr(y)p Fu(:=)p Fr(z)p Fu(])g(])33 b
+Ft(\016)g(S)8 b Fu([)-17 b([)p Fr(x)p Fu(:=)p Fr(y)p
+Fu(])g(])34 b Ft(\016)e(S)8 b Fu([)-17 b([)p Fr(z)p Fu(:=)p
+Fr(x)p Fu(])g(])r(\)\([)p Fr(x)p Ft(7!)o Fw(5)p Fu(,)33
+b Fr(y)p Ft(7!)p Fw(7)p Fu(,)g Fr(z)p Ft(7!)o Fw(0)p
+Fu(]\))796 4057 y(=)f Ft(S)8 b Fu([)-17 b([)q Fr(y)p
+Fu(:=)p Fr(z)p Fu(])g(])q(\()p Ft(S)8 b Fu([)-17 b([)p
+Fr(x)p Fu(:=)p Fr(y)p Fu(])g(])q(\()p Ft(S)8 b Fu([)-17
+b([)q Fr(z)p Fu(:=)p Fr(x)p Fu(])g(])q(\([)p Fr(x)p Ft(7!)p
+Fw(5)p Fu(,)32 b Fr(y)p Ft(7!)p Fw(7)p Fu(,)h Fr(z)p
+Ft(7!)p Fw(0)p Fu(]\)\)\))796 4225 y(=)f Ft(S)8 b Fu([)-17
+b([)q Fr(y)p Fu(:=)p Fr(z)p Fu(])g(])q(\()p Ft(S)8 b
+Fu([)-17 b([)p Fr(x)p Fu(:=)p Fr(y)p Fu(])g(])q(\([)p
+Fr(x)p Ft(7!)p Fw(5)p Fu(,)33 b Fr(y)p Ft(7!)p Fw(7)p
+Fu(,)f Fr(z)p Ft(7!)p Fw(5)p Fu(]\)\))796 4392 y(=)g
+Ft(S)8 b Fu([)-17 b([)q Fr(y)p Fu(:=)p Fr(z)p Fu(])g(])q(\([)p
+Fr(x)p Ft(7!)p Fw(7)p Fu(,)33 b Fr(y)p Ft(7!)o Fw(7)p
+Fu(,)g Fr(z)p Ft(7!)p Fw(5)p Fu(]\))796 4560 y(=)f([)p
+Fr(x)p Ft(7!)p Fw(7)p Fu(,)h Fr(y)p Ft(7!)p Fw(5)p Fu(,)g
+Fr(z)p Ft(7!)p Fw(5)p Fu(])283 4772 y(Note)j(that)f(w)m(e)i(are)e(only)
+g(manipulating)d(mathematical)h(ob)5 b(jects;)38 b(w)m(e)e(are)g(not)f
+(concerned)283 4893 y(with)c(executing)h(programs.)42
+b(The)31 b(di\013erence)h(ma)m(y)f(seem)g(small)d(for)j(a)f(program)g
+(with)g(only)283 5013 y(assignmen)m(t)35 b(and)g(sequencing)i(statemen)
+m(ts)f(but)f(for)f(programs)g(with)h(more)f(sophisticated)283
+5133 y(constructs)g(it)e(is)g(substan)m(tial.)43 b(The)33
+b(b)s(ene\014ts)h(of)e(the)g(denotational)f(approac)m(h)i(are)f(mainly)
+283 5254 y(due)f(to)e(the)h(fact)f(that)g(it)g(abstracts)h(a)m(w)m(a)m
+(y)h(from)d(ho)m(w)i(programs)f(are)g(executed.)45 b(Therefore)283
+5374 y(it)f(b)s(ecomes)g(easier)h(to)f(reason)g(ab)s(out)g(programs)g
+(as)g(it)f(simply)g(amoun)m(ts)h(to)g(reasoning)283 5494
+y(ab)s(out)30 b(mathematical)e(ob)5 b(jects.)44 b(Ho)m(w)m(ev)m(er,)33
+b(a)d(prerequisite)h(for)f(doing)f(so)i(is)f(to)g(establish)g(a)p
+eop
+%%Page: 5 15
+5 14 bop 0 130 a Fw(1.1)112 b(Seman)m(tic)37 b(description)f(metho)s
+(ds)1685 b(5)p 0 193 3473 4 v 0 515 a Fu(\014rm)30 b(mathematical)e
+(basis)j(for)g(denotational)e(seman)m(tics)i(and)g(this)g(task)g(turns)
+h(out)f(not)g(to)0 636 y(b)s(e)i(en)m(tirely)f(trivial.)146
+771 y(The)48 b(denotational)e(approac)m(h)h(can)h(easily)e(b)s(e)i
+(adapted)f(to)g(express)j(other)d(sorts)h(of)0 891 y(prop)s(erties)32
+b(of)h(programs.)42 b(Some)32 b(examples)h(are:)145 1169
+y Ft(\017)49 b Fu(Determine)29 b(whether)i(all)d(v)-5
+b(ariables)29 b(are)h(initialized)c(b)s(efore)k(they)h(are)f(used)h(|)f
+(if)f(not)244 1290 y(a)j(w)m(arning)g(ma)m(y)h(b)s(e)g(appropriate.)145
+1568 y Ft(\017)49 b Fu(Determine)33 b(whether)i(a)e(certain)g
+(expression)i(in)e(the)h(program)f(alw)m(a)m(ys)h(ev)-5
+b(aluates)34 b(to)244 1688 y(a)e(constan)m(t)i(|)e(if)f(so)i(one)g(can)
+g(replace)f(the)h(expression)h(b)m(y)f(the)g(constan)m(t.)145
+1966 y Ft(\017)49 b Fu(Determine)23 b(whether)j(all)c(parts)i(of)g(the)
+g(program)f(are)h(reac)m(hable)h(|)f(if)f(not)h(they)h(could)244
+2087 y(as)33 b(w)m(ell)e(b)s(e)i(remo)m(v)m(ed)h(or)e(a)g(w)m(arning)g
+(migh)m(t)g(b)s(e)g(appropriate.)0 2365 y(In)h(Chapter)g(5)g(w)m(e)g
+(dev)m(elop)g(an)g(example)f(of)g(this.)146 2500 y(While)c(w)m(e)h
+(prefer)g(the)g(denotational)e(approac)m(h)i(when)h(reasoning)e(ab)s
+(out)g(programs)f(w)m(e)0 2620 y(ma)m(y)k(prefer)g(an)g(op)s(erational)
+e(approac)m(h)j(when)g(implemen)m(ting)c(the)k(language.)41
+b(It)32 b(is)e(there-)0 2741 y(fore)39 b(of)g(in)m(terest)h(whether)g
+(a)f(denotational)f(de\014nition)g(is)h Fs(e)-5 b(quivalent)48
+b Fu(to)39 b(an)g(op)s(erational)0 2861 y(de\014nition)32
+b(and)g(this)g(is)h(studied)g(in)e(Section)i(4.3.)0 3242
+y Fp(Axiomatic)46 b(seman)l(tics)g(\(Chapter)g(6\))0
+3457 y Fu(Often)29 b(one)h(is)e(in)m(terested)j(in)d
+Fs(p)-5 b(artial)31 b(c)-5 b(orr)g(e)g(ctness)31 b(pr)-5
+b(op)g(erties)37 b Fu(of)29 b(programs:)41 b(A)29 b(program)f(is)0
+3578 y(partially)j(correct,)k(with)e(resp)s(ect)i(to)f(a)f
+(precondition)g(and)h(a)f(p)s(ostcondition,)g(if)g(whenev)m(er)0
+3698 y(the)c(initial)c(state)30 b(ful\014ls)d(the)j(precondition)e(and)
+h(the)g(program)e(terminates,)i(then)h(the)f(\014nal)0
+3818 y(state)34 b(is)g(guaran)m(teed)g(to)g(ful\014l)e(the)i(p)s
+(ostcondition.)46 b(F)-8 b(or)33 b(our)g(example)h(program)e(w)m(e)j
+(ha)m(v)m(e)0 3939 y(the)e(partial)d(correctness)35 b(prop)s(ert)m(y:)
+244 4217 y Ft(f)d Fr(x)p Fu(=)p Fr(n)h Ft(^)g Fr(y)p
+Fu(=)p Fr(m)g Ft(g)f Fr(z)p Fu(:=)p Fr(x)p Fu(;)h Fr(x)p
+Fu(:=)p Fr(y)p Fu(;)h Fr(y)p Fu(:=)p Fr(z)f Ft(f)f Fr(y)p
+Fu(=)p Fr(n)h Ft(^)g Fr(x)p Fu(=)p Fr(m)g Ft(g)0 4495
+y Fu(where)k Fr(x)p Fu(=)p Fr(n)f Ft(^)g Fr(y)p Fu(=)p
+Fr(m)f Fu(is)g(the)h(precondition)f(and)h Fr(y)p Fu(=)p
+Fr(n)g Ft(^)f Fr(x)p Fu(=)p Fr(m)h Fu(is)f(the)h(p)s(ostcondition.)51
+b(The)0 4615 y(names)33 b Fr(n)g Fu(and)g Fr(m)g Fu(are)g(used)h(to)f
+(\\remem)m(b)s(er")f(the)h(initial)d(v)-5 b(alues)32
+b(of)h Fr(x)g Fu(and)g Fr(y)p Fu(,)g(resp)s(ectiv)m(ely)-8
+b(.)0 4736 y(The)26 b(state)f([)p Fr(x)p Ft(7!)p Fw(5)p
+Fu(,)h Fr(y)p Ft(7!)p Fw(7)p Fu(,)g Fr(z)p Ft(7!)p Fw(0)p
+Fu(])f(satis\014es)g(the)h(precondition)d(b)m(y)j(taking)e
+Fr(n)p Fu(=)p Fw(5)h Fu(and)f Fr(m)p Fu(=)p Fw(7)h Fu(and)0
+4856 y(when)37 b(w)m(e)h(ha)m(v)m(e)f Fs(pr)-5 b(ove)g(d)46
+b Fu(the)37 b(partial)d(correctness)k(prop)s(ert)m(y)f(w)m(e)g(can)g
+(deduce)h(that)e Fs(if)57 b Fu(the)0 4976 y(program)29
+b(terminates)h Fs(then)38 b Fu(it)30 b(will)f(do)h(so)h(in)f(a)h(state)
+g(where)h Fr(y)f Fu(is)f Fw(5)h Fu(and)g Fr(x)g Fu(is)f
+Fw(7)p Fu(.)43 b(Ho)m(w)m(ev)m(er,)0 5097 y(the)35 b(partial)d
+(correctness)37 b(prop)s(ert)m(y)e(do)s(es)g(not)f(ensure)i(that)e(the)
+h(program)e Fs(wil)5 b(l)45 b Fu(terminate)0 5217 y(although)31
+b(this)i(is)f(clearly)f(the)i(case)h(for)e(the)h(example)f(program.)146
+5352 y(The)j(axiomatic)c(seman)m(tics)j(pro)m(vides)g(a)g
+Fs(lo)-5 b(gic)g(al)35 b(system)40 b Fu(for)34 b(pro)m(ving)f(partial)e
+(correct-)0 5473 y(ness)40 b(prop)s(erties)e(of)g(individual)d
+(programs.)60 b(A)38 b(pro)s(of)g(of)f(the)i(ab)s(o)m(v)m(e)g(partial)d
+(correctness)0 5593 y(prop)s(ert)m(y)d(ma)m(y)g(b)s(e)f(expressed)k(b)m
+(y)d(the)g(follo)m(wing)d(\\pro)s(of)i(tree":)p eop
+%%Page: 6 16
+6 15 bop 251 130 a Fw(6)2631 b(1)113 b(In)m(tro)s(duction)p
+251 193 3473 4 v 577 668 a Ft(f)32 b Fs(p)715 683 y Fn(0)787
+668 y Ft(g)h Fr(z)p Fu(:=)p Fr(x)g Ft(f)f Fs(p)1246 683
+y Fn(1)1318 668 y Ft(g)317 b(f)32 b Fs(p)1823 683 y Fn(1)1895
+668 y Ft(g)h Fr(x)p Fu(:=)p Fr(y)g Ft(f)f Fs(p)2354 683
+y Fn(2)2426 668 y Ft(g)p 527 754 1999 4 v 999 956 a(f)g
+Fs(p)1137 971 y Fn(0)1209 956 y Ft(g)g Fr(z)p Fu(:=)p
+Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(y)g Ft(f)g Fs(p)1933
+971 y Fn(2)2004 956 y Ft(g)739 b(f)32 b Fs(p)2931 971
+y Fn(2)3003 956 y Ft(g)h Fr(y)p Fu(:=)p Fr(z)g Ft(f)f
+Fs(p)3462 971 y Fn(3)3534 956 y Ft(g)p 527 1042 3107
+4 v 1420 1244 a(f)g Fs(p)1558 1259 y Fn(0)1630 1244 y
+Ft(g)g Fr(z)p Fu(:=)p Fr(x)p Fu(;)i Fr(x)p Fu(:=)p Fr(y)p
+Fu(;)f Fr(y)p Fu(:=)p Fr(z)g Ft(f)f Fs(p)2619 1259 y
+Fn(3)2691 1244 y Ft(g)283 1436 y Fu(where)i(w)m(e)g(ha)m(v)m(e)g(used)g
+(the)f(abbreviations)577 1608 y Fs(p)633 1623 y Fn(0)772
+1608 y Fu(=)100 b Fr(x)p Fu(=)p Fr(n)33 b Ft(^)f Fr(y)p
+Fu(=)p Fr(m)577 1775 y Fs(p)633 1790 y Fn(1)772 1775
+y Fu(=)100 b Fr(z)p Fu(=)p Fr(n)33 b Ft(^)f Fr(y)p Fu(=)p
+Fr(m)577 1943 y Fs(p)633 1958 y Fn(2)772 1943 y Fu(=)100
+b Fr(z)p Fu(=)p Fr(n)33 b Ft(^)f Fr(x)p Fu(=)p Fr(m)577
+2111 y Fs(p)633 2126 y Fn(3)772 2111 y Fu(=)100 b Fr(y)p
+Fu(=)p Fr(n)33 b Ft(^)f Fr(x)p Fu(=)p Fr(m)283 2303 y
+Fu(W)-8 b(e)39 b(ma)m(y)f(view)h(the)f(logical)e(system)j(as)f(a)g(sp)s
+(eci\014cation)g(of)g(only)f(certain)h(asp)s(ects)i(of)d(the)283
+2424 y(seman)m(tics.)42 b(It)27 b(usually)f(do)s(es)i(not)e(capture)i
+(all)d(asp)s(ects)j(for)e(the)h(simple)f(reason)h(that)g(all)d(the)283
+2544 y(partial)32 b(correctness)k(prop)s(erties)e(listed)g(b)s(elo)m(w)
+f(can)i(b)s(e)f(pro)m(v)m(ed)i(using)d(the)i(logical)c(system)283
+2664 y(but)i(certainly)f(w)m(e)i(w)m(ould)e(not)h(regard)f(the)h
+(programs)f(as)h(b)s(eha)m(ving)f(in)g(the)h(same)f(w)m(a)m(y:)552
+2832 y Ft(f)h Fr(x)p Fu(=)p Fr(n)f Ft(^)h Fr(y)p Fu(=)p
+Fr(m)g Ft(g)g Fr(z)p Fu(:=)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p
+Fr(y)p Fu(;)g Fr(y)p Fu(:=)p Fr(z)g Ft(f)f Fr(y)p Fu(=)p
+Fr(n)h Ft(^)g Fr(x)p Fu(=)p Fr(m)g Ft(g)550 3000 y(f)d
+Fr(x)p Fu(=)p Fr(n)h Ft(^)g Fr(y)p Fu(=)p Fr(m)f Ft(g)h
+Fr(if)g(x)p Fu(=)p Fr(y)f(then)i(skip)f(else)h Fu(\()p
+Fr(z)p Fu(:=)p Fr(x)p Fu(;)f Fr(x)p Fu(:=)p Fr(y)p Fu(;)h
+Fr(y)p Fu(:=)p Fr(z)p Fu(\))f Ft(f)f Fr(y)p Fu(=)p Fr(n)h
+Ft(^)f Fr(x)p Fu(=)p Fr(m)h Ft(g)552 3167 y(f)i Fr(x)p
+Fu(=)p Fr(n)f Ft(^)h Fr(y)p Fu(=)p Fr(m)g Ft(g)g Fr(while)g(true)h(do)f
+(skip)h Ft(f)e Fr(y)p Fu(=)p Fr(n)h Ft(^)g Fr(x)p Fu(=)p
+Fr(m)g Ft(g)283 3335 y Fu(The)26 b(b)s(ene\014ts)f(of)f(the)h
+(axiomatic)d(approac)m(h)j(are)f(that)g(the)h(logical)c(systems)26
+b(pro)m(vide)f(an)f(easy)283 3455 y(w)m(a)m(y)29 b(of)e(pro)m(ving)g
+(prop)s(erties)g(of)g(programs)f(|)h(and)g(to)g(a)g(large)f(exten)m(t)j
+(it)d(has)i(b)s(een)g(p)s(ossible)283 3576 y(to)42 b(automate)e(it.)69
+b(Of)41 b(course)i(this)e(is)g(only)g(w)m(orth)m(while)g(if)g(the)h
+(axiomatic)d(seman)m(tics)i(is)283 3696 y(faithful)31
+b(to)i(the)g(\\more)f(general")g(\(denotational)f(or)h(op)s
+(erational\))f(seman)m(tics)i(w)m(e)g(ha)m(v)m(e)i(in)283
+3816 y(mind)d(and)g(w)m(e)i(shall)d(discuss)j(this)e(in)g(Section)g
+(6.3.)283 4104 y Fp(The)45 b(complemen)l(tary)h(view)283
+4289 y Fu(It)30 b(is)g(imp)s(ortan)m(t)e(to)h(note)h(that)g(these)h
+(kinds)f(of)g(seman)m(tics)g(are)g Fs(not)39 b Fu(riv)-5
+b(al)28 b(approac)m(hes,)k(but)283 4410 y(are)25 b(di\013eren)m(t)g
+(tec)m(hniques)h(appropriate)e(for)g(di\013eren)m(t)h(purp)s(oses)h
+(and)e(|)h(to)f(some)g(exten)m(t)i(|)283 4530 y(for)32
+b(di\013eren)m(t)g(programming)c(languages.)43 b(T)-8
+b(o)32 b(stress)h(this,)f(the)g(dev)m(elopmen)m(t)g(will)d(address)283
+4650 y(the)k(follo)m(wing)d(issues:)429 4850 y Ft(\017)48
+b Fu(It)53 b(will)e(dev)m(elop)j(eac)m(h)g(of)e(the)i(approac)m(hes)g
+(for)e(a)h(simple)f(language)g(of)g Fr(while)p Fu(-)527
+4970 y(programs.)429 5172 y Ft(\017)c Fu(It)40 b(will)d(illustrate)h
+(the)i(p)s(o)m(w)m(er)g(and)g(w)m(eakness)i(of)e(eac)m(h)g(of)f(the)h
+(approac)m(hes)h(b)m(y)g(ex-)527 5292 y(tending)33 b(the)g
+Fr(while)p Fu(-language)f(with)g(other)h(programming)c(constructs.)429
+5494 y Ft(\017)48 b Fu(It)25 b(will)e(pro)m(v)m(e)j(the)f(relationship)
+e(b)s(et)m(w)m(een)k(the)e(approac)m(hes)h(for)f(the)g
+Fr(while)p Fu(-language.)p eop
+%%Page: 7 17
+7 16 bop 0 130 a Fw(1.2)112 b(The)38 b(example)f(language)h(While)1734
+b(7)p 0 193 3473 4 v 145 515 a Ft(\017)49 b Fu(It)32
+b(will)d(giv)m(e)i(examples)h(of)f(applications)e(of)i(the)h(seman)m
+(tic)g(descriptions)f(in)g(order)h(to)244 636 y(illustrate)e(their)i
+(merits.)0 967 y Fj(1.2)161 b(The)53 b(example)h(language)g(While)0
+1186 y Fu(This)37 b(b)s(o)s(ok)f(illustrates)e(the)j(v)-5
+b(arious)36 b(forms)f(of)h(seman)m(tics)h(on)f(a)g(v)m(ery)i(simple)d
+(imp)s(erativ)m(e)0 1307 y(programming)30 b(language)h(called)g
+Fw(While)p Fu(.)42 b(As)33 b(a)g(\014rst)g(step)g(w)m(e)h(m)m(ust)f(sp)
+s(ecify)g(its)f(syn)m(tax.)146 1427 y(The)26 b(syn)m(tactic)g(notation)
+d(w)m(e)j(use)f(is)g(based)g(on)g(BNF.)g(First)e(w)m(e)j(list)d(the)j
+(v)-5 b(arious)24 b Fs(syntac-)0 1548 y(tic)29 b(c)-5
+b(ate)g(gories)33 b Fu(and)26 b(giv)m(e)f(a)h(meta-v)-5
+b(ariable)23 b(that)i(will)f(b)s(e)i(used)h(to)e(range)h(o)m(v)m(er)h
+Fs(c)-5 b(onstructs)34 b Fu(of)0 1668 y(eac)m(h)f(category)-8
+b(.)44 b(F)-8 b(or)32 b(our)g(language)g(the)h(meta-v)-5
+b(ariables)30 b(and)j(categories)f(are)h(as)f(follo)m(ws:)244
+1865 y Fs(n)40 b Fu(will)30 b(range)i(o)m(v)m(er)i(n)m(umerals,)e
+Fw(Num)p Fu(,)244 2032 y Fs(x)44 b Fu(will)30 b(range)j(o)m(v)m(er)h(v)
+-5 b(ariables,)31 b Fw(V)-9 b(ar)p Fu(,)244 2200 y Fs(a)40
+b Fu(will)30 b(range)i(o)m(v)m(er)i(arithmetic)d(expressions,)j
+Fw(Aexp)p Fu(,)244 2367 y Fs(b)k Fu(will)31 b(range)h(o)m(v)m(er)i(b)s
+(o)s(olean)d(expressions,)j Fw(Bexp)p Fu(,)f(and)244
+2535 y Fs(S)44 b Fu(will)30 b(range)j(o)m(v)m(er)h(statemen)m(ts,)f
+Fw(Stm)p Fu(.)0 2732 y(The)k(meta-v)-5 b(ariables)34
+b(can)i(b)s(e)h(primed)e(or)g(subscripted.)56 b(So,)37
+b(for)f(example,)g Fs(n)7 b Fu(,)37 b Fs(n)3117 2696
+y Fi(0)3141 2732 y Fu(,)g Fs(n)3267 2747 y Fn(1)3307
+2732 y Fu(,)g Fs(n)3433 2747 y Fn(2)0 2852 y Fu(all)30
+b(stand)k(for)e(n)m(umerals.)146 2972 y(W)-8 b(e)31 b(assume)g(that)f
+(the)h(structure)g(of)f(n)m(umerals)g(and)g(v)-5 b(ariables)29
+b(is)h(giv)m(en)g(elsewhere;)j(for)0 3093 y(example)38
+b(n)m(umerals)f(migh)m(t)g(b)s(e)h(strings)g(of)g(digits,)g(and)g(v)-5
+b(ariables)37 b(strings)h(of)f(letters)h(and)0 3213 y(digits)31
+b(starting)h(with)g(a)g(letter.)43 b(The)34 b(structure)g(of)e(the)h
+(other)f(constructs)j(is:)294 3401 y Fs(a)116 b Fu(::=)100
+b Fs(n)40 b Ft(j)32 b Fs(x)44 b Ft(j)32 b Fs(a)1051 3416
+y Fn(1)1124 3401 y Fu(+)g Fs(a)1289 3416 y Fn(2)1361
+3401 y Ft(j)g Fs(a)1478 3416 y Fn(1)1551 3401 y Fo(?)g
+Fs(a)1689 3416 y Fn(2)1761 3401 y Ft(j)g Fs(a)1878 3416
+y Fn(1)1950 3401 y Ft(\000)h Fs(a)2117 3416 y Fn(2)294
+3569 y Fs(b)121 b Fu(::=)100 b Fr(true)33 b Ft(j)g Fr(false)g
+Ft(j)g Fs(a)1394 3584 y Fn(1)1466 3569 y Fu(=)f Fs(a)1631
+3584 y Fn(2)1703 3569 y Ft(j)h Fs(a)1821 3584 y Fn(1)1893
+3569 y Ft(\024)g Fs(a)2060 3584 y Fn(2)2132 3569 y Ft(j)f(:)q
+Fs(b)38 b Ft(j)32 b Fs(b)2453 3584 y Fn(1)2525 3569 y
+Ft(^)h Fs(b)2675 3584 y Fn(2)294 3737 y Fs(S)111 b Fu(::=)100
+b Fs(x)44 b Fu(:=)33 b Fs(a)39 b Ft(j)33 b Fr(skip)g
+Ft(j)f Fs(S)1429 3752 y Fn(1)1501 3737 y Fu(;)h Fs(S)1628
+3752 y Fn(2)1700 3737 y Ft(j)f Fr(if)h Fs(b)38 b Fr(then)c
+Fs(S)2283 3752 y Fn(1)2355 3737 y Fr(else)f Fs(S)2659
+3752 y Fn(2)511 3904 y Ft(j)151 b Fr(while)34 b Fs(b)k
+Fr(do)33 b Fs(S)0 4094 y Fu(Th)m(us,)39 b(a)e(b)s(o)s(olean)e
+(expression)j Fs(b)43 b Fu(can)37 b(only)f(ha)m(v)m(e)i(one)f(of)f(six)
+h(forms.)55 b(It)37 b(is)f(called)g(a)g Fs(b)-5 b(asis)0
+4214 y(element)37 b Fu(if)27 b(it)h(is)g Fr(true)h Fu(or)f
+Fr(false)i Fu(or)e(has)h(the)g(form)e Fs(a)2002 4229
+y Fn(1)2074 4214 y Fu(=)33 b Fs(a)2240 4229 y Fn(2)2308
+4214 y Fu(or)28 b Fs(a)2480 4229 y Fn(1)2552 4214 y Ft(\024)33
+b Fs(a)2719 4229 y Fn(2)2787 4214 y Fu(where)d Fs(a)3122
+4229 y Fn(1)3190 4214 y Fu(and)f Fs(a)3433 4229 y Fn(2)0
+4335 y Fu(are)35 b(arithmetic)f(expressions.)54 b(It)35
+b(is)g(called)g(a)g Fs(c)-5 b(omp)g(osite)36 b(element)44
+b Fu(if)35 b(it)f(has)i(the)g(form)e Ft(:)q Fs(b)0 4455
+y Fu(where)g Fs(b)k Fu(is)31 b(a)h(b)s(o)s(olean)f(expression,)j(or)e
+(the)h(form)e Fs(b)1971 4470 y Fn(1)2042 4455 y Ft(^)i
+Fs(b)2192 4470 y Fn(2)2263 4455 y Fu(where)h Fs(b)2596
+4470 y Fn(1)2668 4455 y Fu(and)e Fs(b)2908 4470 y Fn(2)2980
+4455 y Fu(are)g(b)s(o)s(olean)0 4576 y(expressions.)45
+b(Similar)29 b(remarks)k(apply)f(to)h(arithmetic)d(expressions)k(and)f
+(statemen)m(ts.)146 4696 y(The)g(sp)s(eci\014cation)e(ab)s(o)m(v)m(e)i
+(de\014nes)g(the)f Fs(abstr)-5 b(act)34 b(syntax)44 b
+Fu(of)31 b Fw(While)f Fu(in)h(that)g(it)g(simply)0 4816
+y(sa)m(ys)39 b(ho)m(w)g(to)e(build)f(arithmetic)g(expressions,)41
+b(b)s(o)s(olean)36 b(expressions)k(and)d(statemen)m(ts)i(in)0
+4937 y(the)d(language.)51 b(One)36 b(w)m(a)m(y)h(to)e(think)g(of)g(the)
+h(abstract)g(syn)m(tax)h(is)e(as)h(sp)s(ecifying)f(the)h(parse)0
+5057 y(trees)42 b(of)f(the)h(language)e(and)i(it)e(will)f(then)j(b)s(e)
+g(the)f(purp)s(ose)h(of)f(the)h Fs(c)-5 b(oncr)g(ete)42
+b(syntax)54 b Fu(to)0 5177 y(pro)m(vide)33 b(su\016cien)m(t)h
+(information)29 b(that)j(enable)h(unique)g(parse)g(trees)h(to)e(b)s(e)h
+(constructed.)146 5298 y(So)g(giv)m(en)g(the)g(string)e(of)i(c)m
+(haracters:)244 5494 y Fr(z)p Fu(:=)p Fr(x)p Fu(;)g Fr(x)p
+Fu(:=)p Fr(y)p Fu(;)g Fr(y)p Fu(:=)p Fr(z)p eop
+%%Page: 8 18
+8 17 bop 251 130 a Fw(8)2631 b(1)113 b(In)m(tro)s(duction)p
+251 193 3473 4 v 283 515 a Fu(the)47 b(concrete)h(syn)m(tax)g(of)d(the)
+i(language)e(m)m(ust)i(b)s(e)f(able)g(to)g(resolv)m(e)h(whic)m(h)g(of)e
+(the)i(t)m(w)m(o)283 636 y(abstract)33 b(syn)m(tax)i(trees)e(b)s(elo)m
+(w)f(it)g(is)g(in)m(tended)h(to)g(represen)m(t:)2799
+794 y Fs(S)2467 1209 y(S)285 b Fu(;)297 b Fs(S)2733 918
+y Fq(\000)2650 1001 y(\000)2567 1084 y(\000)2525 1126
+y(\000)p 2814 1126 4 291 v 2816 918 a(@)2899 1001 y(@)2982
+1084 y(@)3023 1126 y(@)2218 1624 y Fs(S)202 b Fu(;)214
+b Fs(S)2421 1333 y Fq(\023)2359 1416 y(\023)2297 1499
+y(\023)2276 1527 y(\023)p 2482 1541 V 2484 1333 a(S)2546
+1416 y(S)2608 1499 y(S)2629 1527 y(S)2027 2039 y Fr(z)115
+b Fu(:=)63 b Fs(a)2359 2288 y Fr(x)2193 1748 y Fq(\001)2151
+1831 y(\001)2110 1914 y(\001)2093 1948 y(\001)p 2233
+1956 V 2234 1748 a(A)2276 1831 y(A)2318 1914 y(A)2334
+1948 y(A)p 2382 2205 4 125 v 2525 2039 a Fr(x)115 b Fu(:=)63
+b Fs(a)2857 2288 y Fr(y)2691 1748 y Fq(\001)2650 1831
+y(\001)2608 1914 y(\001)2591 1948 y(\001)p 2731 1956
+4 291 v 2733 1748 a(A)2774 1831 y(A)2816 1914 y(A)2832
+1948 y(A)p 2880 2205 4 125 v 2940 1624 a Fr(y)115 b Fu(:=)63
+b Fs(a)3272 1873 y Fr(z)3106 1333 y Fq(\001)3065 1416
+y(\001)3023 1499 y(\001)3007 1533 y(\001)p 3146 1541
+4 291 v 3148 1333 a(A)3189 1416 y(A)3231 1499 y(A)3247
+1533 y(A)p 3296 1790 4 125 v 973 794 a Fs(S)906 918 y
+Fq(\000)823 1001 y(\000)740 1084 y(\000)699 1126 y(\000)640
+1209 y Fs(S)616 1333 y Fq(\001)574 1416 y(\001)533 1499
+y(\001)516 1533 y(\001)474 1624 y Fr(z)p 655 1541 4 291
+v 91 w Fu(:=)657 1333 y Fq(A)699 1416 y(A)740 1499 y(A)757
+1533 y(A)782 1624 y Fs(a)p 805 1790 4 125 v 782 1873
+a Fr(x)p 987 1126 4 291 v 981 1209 a Fu(;)989 918 y Fq(@)1072
+1001 y(@)1155 1084 y(@)1197 1126 y(@)1305 1209 y Fs(S)1259
+1333 y Fq(\023)1197 1416 y(\023)1134 1499 y(\023)1114
+1527 y(\023)1554 1624 y Fs(S)890 2039 y Fr(x)90 b Fu(:=)63
+b Fs(a)1197 2288 y Fr(y)1031 1748 y Fq(\001)989 1831
+y(\001)948 1914 y(\001)931 1948 y(\001)p 1071 1956 V
+1072 1748 a(A)1114 1831 y(A)1155 1914 y(A)1172 1948 y(A)p
+1220 2205 4 125 v 1320 1541 4 291 v 1313 1624 a Fu(;)1321
+1333 y Fq(S)1384 1416 y(S)1446 1499 y(S)1467 1527 y(S)1056
+1624 y Fs(S)1388 2039 y Fr(y)90 b Fu(:=)63 b Fs(a)1695
+2288 y Fr(z)1529 1748 y Fq(\001)1487 1831 y(\001)1446
+1914 y(\001)1429 1948 y(\001)p 1569 1956 V 1570 1748
+a(A)1612 1831 y(A)1653 1914 y(A)1670 1948 y(A)p 1718
+2205 4 125 v 283 2622 a Fu(In)37 b(this)f(b)s(o)s(ok)g(w)m(e)h(shall)e
+Fs(not)46 b Fu(b)s(e)37 b(concerned)h(with)e(concrete)h(syn)m(tax.)57
+b(Whenev)m(er)38 b(w)m(e)g(talk)283 2742 y(ab)s(out)47
+b(syn)m(tactic)i(en)m(tities)e(suc)m(h)h(as)g(arithmetic)d
+(expressions,)53 b(b)s(o)s(olean)46 b(expressions)j(or)283
+2863 y(statemen)m(ts)e(w)m(e)g(will)c(alw)m(a)m(ys)k(b)s(e)f(talking)e
+(ab)s(out)h(the)h(abstract)g(syn)m(tax)h(so)f(there)h(is)e(no)283
+2983 y(am)m(biguit)m(y)g(with)g(resp)s(ect)i(to)e(the)h(form)f(of)g
+(the)h(en)m(tit)m(y)-8 b(.)84 b(In)46 b(particular,)h(the)f(t)m(w)m(o)h
+(trees)283 3103 y(ab)s(o)m(v)m(e)34 b(are)e(b)s(oth)h(elemen)m(ts)g(of)
+f(the)h(syn)m(tactic)g(category)g Fw(Stm)p Fu(.)430 3224
+y(It)e(is)g(rather)g(cum)m(b)s(ersome)g(to)g(use)h(the)g(graphical)d
+(represen)m(tation)j(of)f(abstract)g(syn)m(tax)283 3344
+y(and)i(w)m(e)h(shall)d(therefore)i(use)h(a)e(linear)f(notation.)42
+b(So)33 b(w)m(e)g(shall)e(write)527 3528 y Fr(z)p Fu(:=)p
+Fr(x)p Fu(;)i(\()p Fr(x)p Fu(:=)p Fr(y)p Fu(;)h Fr(y)p
+Fu(:=)p Fr(z)p Fu(\))283 3712 y(for)e(the)i(leftmost)d(syn)m(tax)j
+(tree)f(and)527 3897 y(\()p Fr(z)p Fu(:=)p Fr(x)p Fu(;)g
+Fr(x)p Fu(:=)p Fr(y)p Fu(\);)g Fr(y)p Fu(:=)p Fr(z)283
+4081 y Fu(for)i(the)h(righ)m(tmost)e(one.)52 b(F)-8 b(or)35
+b(statemen)m(ts)h(one)g(often)f(writes)g(the)h(brac)m(k)m(ets)i(as)d
+Fr(begin)i Ft(\001)17 b(\001)g(\001)283 4201 y Fr(end)41
+b Fu(but)e(w)m(e)h(shall)e(feel)h(free)h(to)f(use)h(\()33
+b Ft(\001)17 b(\001)g(\001)30 b Fu(\))39 b(in)g(this)g(b)s(o)s(ok.)63
+b(Similarly)-8 b(,)37 b(w)m(e)k(use)f(brac)m(k)m(ets)283
+4322 y(\()33 b Ft(\001)17 b(\001)g(\001)31 b Fu(\))e(to)f(resolv)m(e)i
+(am)m(biguities)d(for)i(elemen)m(ts)g(in)f(the)i(other)f(syn)m(tactic)h
+(categories.)42 b(T)-8 b(o)29 b(cut)283 4442 y(do)m(wn)k(on)e(the)h(n)m
+(um)m(b)s(er)g(of)f(brac)m(k)m(ets)i(needed)g(w)m(e)f(shall)e(allo)m(w)
+g(to)h(use)i(the)e(familiar)d(relativ)m(e)283 4562 y(binding)j(p)s(o)m
+(w)m(ers)j(\(precedences\))h(of)c(+,)i Fo(?)e Fu(and)i
+Ft(\000)f Fu(etc.)44 b(and)32 b(so)h(write)f Fr(1)p Fu(+)p
+Fr(x)p Fo(?)p Fr(2)g Fu(for)g Fr(1)p Fu(+\()p Fr(x)p
+Fo(?)p Fr(2)p Fu(\))283 4683 y(but)h(not)g(for)f(\()p
+Fr(1)p Fu(+)p Fr(x)p Fu(\))p Fo(?)p Fr(2)p Fu(.)283 4885
+y Fw(Exercise)37 b(1.1)49 b Fu(The)33 b(follo)m(wing)d(statemen)m(t)j
+(is)f(in)g Fw(While)p Fu(:)527 5070 y Fr(y)p Fu(:=)p
+Fr(1)p Fu(;)h Fr(while)h Ft(:)q Fu(\()p Fr(x)p Fu(=)p
+Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p
+Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(\))283 5254 y(It)23 b(computes)h(the)f(factorial)d(of)j(the)g
+(initial)c(v)-5 b(alue)22 b(b)s(ound)h(to)g Fr(x)g Fu(\(pro)m(vided)g
+(that)f(it)g(is)h(p)s(ositiv)m(e\))283 5374 y(and)34
+b(the)f(result)g(will)e(b)s(e)i(the)g(\014nal)f(v)-5
+b(alue)33 b(of)f Fr(y)p Fu(.)45 b(Dra)m(w)33 b(a)g(graphical)e
+(represen)m(tation)j(of)e(the)283 5494 y(abstract)h(syn)m(tax)i(tree.)
+2516 b Fh(2)p eop
+%%Page: 9 19
+9 18 bop 0 130 a Fw(1.3)112 b(Seman)m(tics)37 b(of)g(expressions)1956
+b(9)p 0 193 3473 4 v 0 515 a(Exercise)36 b(1.2)49 b Fu(Assume)42
+b(that)e(the)h(initial)c(v)-5 b(alue)40 b(of)g(the)h(v)-5
+b(ariable)39 b Fr(x)i Fu(is)f Fs(n)48 b Fu(and)41 b(that)f(the)0
+636 y(initial)31 b(v)-5 b(alue)34 b(of)g Fr(y)h Fu(is)f
+Fs(m)7 b Fu(.)49 b(W)-8 b(rite)34 b(a)g(statemen)m(t)h(in)f
+Fw(While)f Fu(that)h(assigns)h Fr(z)g Fu(the)g(v)-5 b(alue)34
+b(of)g Fs(n)0 756 y Fu(to)e(the)h(p)s(o)m(w)m(er)h(of)e
+Fs(m)7 b Fu(,)33 b(that)f(is)244 984 y Fo(n)22 b(?)g
+Ft(\001)17 b(\001)g(\001)k Fo(?)g(n)244 1019 y Fg(|)p
+281 1019 135 10 v 135 w({z)p 490 1019 V 135 w(})279 1124
+y Fs(m)40 b Fu(times)0 1317 y(Giv)m(e)32 b(a)h(linear)e(as)h(w)m(ell)g
+(as)h(a)f(graphical)f(represen)m(tation)i(of)f(the)h(abstract)g(syn)m
+(tax.)275 b Fh(2)146 1579 y Fu(The)37 b(seman)m(tics)g(of)e
+Fw(While)g Fu(is)g(giv)m(en)h(b)m(y)h(de\014ning)f(so-called)f
+Fs(semantic)i(functions)44 b Fu(for)0 1700 y(eac)m(h)i(of)f(the)h(syn)m
+(tactic)g(categories.)81 b(The)47 b(idea)d(is)h(that)g(a)g(seman)m(tic)
+g(function)g(tak)m(es)i(a)0 1820 y(syn)m(tactic)40 b(en)m(tit)m(y)f(as)
+g(argumen)m(t)f(and)h(returns)h(its)e(meaning.)60 b(The)40
+b(op)s(erational,)e(denota-)0 1940 y(tional)24 b(and)j(axiomatic)c
+(approac)m(hes)28 b(men)m(tioned)e(earlier)f(will)f(b)s(e)i(used)i(to)e
+(sp)s(ecify)h(seman)m(tic)0 2061 y(functions)34 b(for)f(the)i(statemen)
+m(ts)f(of)g Fw(While)p Fu(.)46 b(F)-8 b(or)33 b(n)m(umerals,)h
+(arithmetic)e(expressions)j(and)0 2181 y(b)s(o)s(olean)c(expressions)j
+(the)f(seman)m(tic)g(functions)f(are)h(sp)s(eci\014ed)g(once)h(and)e
+(for)g(all)f(b)s(elo)m(w.)0 2544 y Fj(1.3)161 b(Seman)l(tics)52
+b(of)i(expressions)0 2773 y Fu(Before)38 b(em)m(barking)g(on)g(sp)s
+(ecifying)f(the)i(seman)m(tics)f(of)g(the)g(arithmetic)e(and)i(b)s(o)s
+(olean)f(ex-)0 2893 y(pressions)f(of)e Fw(While)g Fu(let)g(us)h(ha)m(v)
+m(e)i(a)d(brief)h(lo)s(ok)e(at)i(the)g(n)m(umerals;)h(this)f(will)d
+(presen)m(t)37 b(the)0 3014 y(main)31 b(ingredien)m(ts)i(of)g(the)h
+(approac)m(h)f(in)g(a)g(v)m(ery)h(simple)e(setting.)45
+b(So)33 b(assume)h(for)e(the)i(mo-)0 3134 y(men)m(t)42
+b(that)g(the)g(n)m(umerals)g(are)g(in)f(the)h Fs(binary)50
+b Fu(system.)73 b(Their)42 b(abstract)g(syn)m(tax)i(could)0
+3254 y(then)33 b(b)s(e)g(sp)s(eci\014ed)g(b)m(y:)244
+3482 y Fs(n)40 b Fu(::=)32 b Fr(0)h Ft(j)f Fr(1)h Ft(j)f
+Fs(n)40 b Fr(0)33 b Ft(j)f Fs(n)40 b Fr(1)0 3710 y Fu(In)47
+b(order)g(to)f(determine)h(the)g(n)m(um)m(b)s(er)g(represen)m(ted)i(b)m
+(y)f(a)f(n)m(umeral)f(w)m(e)h(shall)f(de\014ne)i(a)0
+3830 y(function)244 4058 y Ft(N)14 b Fu(:)44 b Fw(Num)32
+b Ft(!)g Fw(Z)0 4286 y Fu(This)f(is)g(called)e(a)i Fs(semantic)h
+(function)38 b Fu(as)32 b(it)d(de\014nes)k(the)f(seman)m(tics)f(of)f
+(the)h(n)m(umerals.)43 b(W)-8 b(e)0 4406 y(w)m(an)m(t)42
+b Ft(N)56 b Fu(to)41 b(b)s(e)g(a)g Fs(total)i(function)49
+b Fu(b)s(ecause)42 b(w)m(e)g(w)m(an)m(t)h(to)d(determine)h(a)g(unique)h
+(n)m(um)m(b)s(er)0 4527 y(for)36 b(eac)m(h)h(n)m(umeral)f(of)g
+Fw(Num)p Fu(.)54 b(If)36 b Fs(n)44 b Ft(2)37 b Fw(Num)e
+Fu(then)i(w)m(e)h(write)e Ft(N)14 b Fu([)-17 b([)q Fs(n)7
+b Fu(])-17 b(])37 b(for)f(the)h(application)0 4647 y(of)i
+Ft(N)53 b Fu(to)39 b Fs(n)7 b Fu(,)41 b(that)e(is)g(for)g(the)h
+(corresp)s(onding)f(n)m(um)m(b)s(er.)64 b(In)39 b(general,)i(the)e
+(application)e(of)0 4767 y(a)k(seman)m(tic)g(function)g(to)g(a)g(syn)m
+(tactic)h(en)m(tit)m(y)g(will)d(b)s(e)j(written)f(within)f(the)i(\\syn)
+m(tactic")0 4888 y(brac)m(k)m(ets)34 b(`[)-17 b([)q(')32
+b(and)g(`])-17 b(])q(')32 b(rather)h(than)f(the)g(more)g(usual)g(`\(')g
+(and)g(`\)'.)44 b(These)34 b(brac)m(k)m(ets)g(ha)m(v)m(e)f(no)0
+5008 y(sp)s(ecial)c(meaning)f(but)i(throughout)f(this)h(b)s(o)s(ok)f(w)
+m(e)i(shall)d(enclose)i(syn)m(tactic)h(argumen)m(ts)f(to)0
+5128 y(seman)m(tic)23 b(functions)g(using)g(the)h(\\syn)m(tactic")g
+(brac)m(k)m(ets)h(whereas)g(w)m(e)f(use)h(ordinary)d(brac)m(k)m(ets)0
+5249 y(\(or)32 b(juxtap)s(ositioning\))e(in)i(all)e(other)j(cases.)146
+5374 y(The)28 b(seman)m(tic)f(function)g Ft(N)41 b Fu(is)27
+b(de\014ned)h(b)m(y)g(the)f(follo)m(wing)e Fs(semantic)k(clauses)34
+b Fu(\(or)27 b Fs(e)-5 b(qua-)0 5494 y(tions)p Fu(\):)p
+eop
+%%Page: 10 20
+10 19 bop 251 130 a Fw(10)2575 b(1)113 b(In)m(tro)s(duction)p
+251 193 3473 4 v 577 500 a Ft(N)15 b Fu([)-17 b([)p Fr(0)p
+Fu(])g(])195 b(=)100 b Fw(0)577 668 y Ft(N)15 b Fu([)-17
+b([)p Fr(1)p Fu(])g(])195 b(=)100 b Fw(1)577 835 y Ft(N)15
+b Fu([)-17 b([)p Fs(n)40 b Fr(0)p Fu(])-17 b(])100 b(=)g
+Fw(2)32 b Ff(?)h Ft(N)15 b Fu([)-17 b([)p Fs(n)7 b Fu(])-17
+b(])577 1003 y Ft(N)15 b Fu([)-17 b([)p Fs(n)40 b Fr(1)p
+Fu(])-17 b(])100 b(=)g Fw(2)32 b Ff(?)h Ft(N)15 b Fu([)-17
+b([)p Fs(n)7 b Fu(])-17 b(])34 b(+)e Fw(1)283 1205 y
+Fu(Here)38 b Fw(0)e Fu(and)h Fw(1)g Fu(are)f(n)m(um)m(b)s(ers,)j(that)d
+(is)g(elemen)m(ts)h(of)g Fw(Z)p Fu(.)g(F)-8 b(urthermore,)37
+b Ff(?)g Fu(and)f(+)h(are)f(the)283 1326 y(usual)e(arithmetic)e(op)s
+(erations)h(on)h(n)m(um)m(b)s(ers.)48 b(The)35 b(ab)s(o)m(v)m(e)f
+(de\014nition)f(is)h(an)f(example)h(of)f(a)283 1446 y
+Fs(c)-5 b(omp)g(ositional)45 b Fu(de\014nition;)37 b(this)f(means)g
+(that)g(for)g(eac)m(h)h(p)s(ossible)f(w)m(a)m(y)h(of)f(constructing)g
+(a)283 1566 y(n)m(umeral)f(it)f(tells)h(ho)m(w)h(the)g(corresp)s
+(onding)f(n)m(um)m(b)s(er)h(is)f(obtained)g(from)f(the)i(meanings)e(of)
+283 1687 y(the)f Fs(sub)p Fu(constructs.)283 1924 y Fw(Example)k(1.3)49
+b Fu(W)-8 b(e)25 b(can)f(calculate)g(the)g(n)m(um)m(b)s(er)h
+Ft(N)14 b Fu([)-17 b([)q Fr(101)p Fu(])g(])26 b(corresp)s(onding)e(to)g
+(the)h(n)m(umeral)283 2044 y Fr(101)34 b Fu(as)f(follo)m(ws:)527
+2254 y Ft(N)15 b Fu([)-17 b([)p Fr(101)p Fu(])g(])34
+b(=)f Fw(2)f Ff(?)h Ft(N)14 b Fu([)-17 b([)q Fr(10)p
+Fu(])g(])34 b(+)e Fw(1)885 2421 y Fu(=)h Fw(2)f Ff(?)h
+Fu(\()p Fw(2)f Ff(?)h Ft(N)15 b Fu([)-17 b([)p Fr(1)p
+Fu(])g(])q(\))33 b(+)f Fw(1)885 2589 y Fu(=)h Fw(2)f
+Ff(?)h Fu(\()p Fw(2)f Ff(?)h Fw(1)p Fu(\))g(+)f Fw(1)885
+2756 y Fu(=)h Fw(5)283 2966 y Fu(Note)g(that)g(the)g(string)e
+Fr(101)j Fu(is)e(decomp)s(osed)h(according)f(to)g(the)h(syn)m(tax)h
+(for)e(n)m(umerals.)79 b Fh(2)430 3202 y Fu(So)27 b(far)g(w)m(e)i(ha)m
+(v)m(e)g(only)e Fs(claime)-5 b(d)36 b Fu(that)28 b(the)f(de\014nition)g
+(of)g Ft(N)42 b Fu(giv)m(es)28 b(rise)f(to)g(a)h(w)m(ell-de\014ned)283
+3322 y(total)37 b(function.)58 b(W)-8 b(e)38 b(shall)f(no)m(w)h(presen)
+m(t)i(a)d Fs(formal)i(pr)-5 b(o)g(of)58 b Fu(sho)m(wing)38
+b(that)g(this)f(is)h(indeed)283 3443 y(the)33 b(case.)p
+283 3564 3473 5 v 283 3745 a Fw(F)-9 b(act)38 b(1.4)49
+b Fu(The)33 b(ab)s(o)m(v)m(e)h(equations)f(for)f Ft(N)14
+b Fu(,)33 b(de\014ne)g(a)g(total)e(function)h Ft(N)14
+b Fu(:)44 b Fw(Num)31 b Ft(!)i Fw(Z)p Fu(.)p 283 3866
+V 283 4075 a Fw(Pro)s(of:)38 b Fu(W)-8 b(e)33 b(ha)m(v)m(e)h(a)e(total)
+f(function)h Ft(N)14 b Fu(,)33 b(if)e(for)i(all)d(argumen)m(ts)j
+Fs(n)39 b Ft(2)33 b Fw(Num)552 4242 y Fu(there)g(is)g(exactly)g(one)f
+(n)m(um)m(b)s(er)h Fw(n)g Ft(2)g Fw(Z)g Fu(suc)m(h)h(that)f
+Ft(N)14 b Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])33 b(=)f
+Fw(n)699 b Fu(\(*\))283 4410 y(Giv)m(en)38 b(a)f(n)m(umeral)g
+Fs(n)44 b Fu(it)37 b(can)h(ha)m(v)m(e)g(one)g(of)f(four)g(forms:)53
+b(it)36 b(can)i(b)s(e)g(a)f(basis)g(elemen)m(t)h(and)283
+4530 y(then)33 b(it)e(is)g(equal)g(to)h Fr(0)g Fu(or)f
+Fr(1)p Fu(,)h(or)g(it)f(can)h(b)s(e)g(a)f(comp)s(osite)g(elemen)m(t)g
+(and)h(then)h(it)d(is)i(equal)f(to)283 4651 y Fs(n)345
+4615 y Fi(0)369 4651 y Fr(0)d Fu(or)g Fs(n)625 4615 y
+Fi(0)649 4651 y Fr(1)g Fu(for)g(some)g(other)g(n)m(umeral)f
+Fs(n)1797 4615 y Fi(0)1821 4651 y Fu(.)42 b(So,)29 b(in)e(order)h(to)g
+(pro)m(v)m(e)h(\(*\))f(w)m(e)h(ha)m(v)m(e)h(to)e(consider)283
+4771 y(all)j(four)h(p)s(ossibilities.)430 4893 y(The)37
+b(pro)s(of)f(will)e(b)s(e)i(conducted)i(b)m(y)f Fs(induction)44
+b Fu(on)36 b(the)h Fs(structur)-5 b(e)44 b Fu(of)36 b(the)h(n)m(umeral)
+f Fs(n)7 b Fu(.)283 5013 y(In)33 b(the)f Fs(b)-5 b(ase)33
+b(c)-5 b(ase)39 b Fu(w)m(e)33 b(pro)m(v)m(e)g(\(*\))e(for)g(the)i
+(basis)e(elemen)m(ts)h(of)g Fw(Num)p Fu(,)f(that)h(is)f(for)g(the)h
+(cases)283 5133 y(where)41 b Fs(n)47 b Fu(is)39 b Fr(0)h
+Fu(or)f Fr(1)p Fu(.)64 b(In)40 b(the)g Fs(induction)h(step)k
+Fu(w)m(e)40 b(consider)g(the)g(comp)s(osite)f(elemen)m(ts)g(of)283
+5254 y Fw(Num)p Fu(,)32 b(that)f(is)g(the)i(cases)g(where)g
+Fs(n)39 b Fu(is)31 b Fs(n)1839 5218 y Fi(0)1862 5254
+y Fr(0)h Fu(or)g Fs(n)2126 5218 y Fi(0)2149 5254 y Fr(1)p
+Fu(.)44 b(The)32 b(induction)f(h)m(yp)s(othesis)i(will)c(then)283
+5374 y(allo)m(w)35 b(us)i(to)f(assume)h(that)g(\(*\))f(holds)g(for)g
+(the)h(immediate)c(constituen)m(t)k(of)f Fs(n)7 b Fu(,)38
+b(that)e(is)g Fs(n)3705 5338 y Fi(0)3729 5374 y Fu(.)283
+5494 y(W)-8 b(e)42 b(shall)f(then)h(pro)m(v)m(e)h(that)e(\(*\))g(holds)
+g(for)g Fs(n)7 b Fu(.)71 b(It)42 b(then)g(follo)m(ws)e(that)i(\(*\))f
+(holds)g(for)g(all)p eop
+%%Page: 11 21
+11 20 bop 0 130 a Fw(1.3)112 b(Seman)m(tics)37 b(of)g(expressions)1900
+b(11)p 0 193 3473 4 v 0 515 a Fu(n)m(umerals)32 b Fs(n)40
+b Fu(b)s(ecause)34 b(an)m(y)f(n)m(umeral)f Fs(n)39 b
+Fu(can)33 b(b)s(e)g(constructed)h(in)e(that)h(w)m(a)m(y)-8
+b(.)0 683 y Fw(The)31 b(case)h Fs(n)38 b Fu(=)31 b Fr(0)p
+Fu(:)43 b(Only)31 b(one)g(of)g(the)g(seman)m(tic)g(clauses)h
+(de\014ning)f Ft(N)45 b Fu(can)32 b(b)s(e)f(used)h(and)f(it)0
+803 y(giv)m(es)37 b Ft(N)14 b Fu([)-17 b([)q Fs(n)7 b
+Fu(])-17 b(])37 b(=)f Fw(0)p Fu(.)55 b(So)36 b(clearly)f(there)i(is)f
+(exactly)h(one)g(n)m(um)m(b)s(er)f Fw(n)h Fu(in)f Fw(Z)g
+Fu(\(namely)g Fw(0)p Fu(\))g(suc)m(h)0 924 y(that)c Ft(N)15
+b Fu([)-17 b([)p Fs(n)7 b Fu(])-17 b(])34 b(=)e Fw(n)p
+Fu(.)0 1091 y Fw(The)h(case)g Fs(n)40 b Fu(=)32 b Fr(1)h
+Fu(is)f(similar)d(and)k(w)m(e)h(omit)c(the)j(details.)0
+1259 y Fw(The)k(case)h Fs(n)44 b Fu(=)36 b Fs(n)738 1223
+y Fi(0)762 1259 y Fr(0)p Fu(:)52 b(Insp)s(ection)37 b(of)g(the)g
+(clauses)g(de\014ning)g Ft(N)51 b Fu(sho)m(ws)39 b(that)d(only)h(one)g
+(of)0 1379 y(the)44 b(clauses)h(is)f(applicable)e(and)i(w)m(e)h(ha)m(v)
+m(e)g Ft(N)15 b Fu([)-17 b([)p Fs(n)7 b Fu(])-17 b(])45
+b(=)f Fw(2)g Ff(?)g Ft(N)15 b Fu([)-17 b([)p Fs(n)2486
+1343 y Fi(0)2510 1379 y Fu(])g(].)78 b(W)-8 b(e)45 b(can)f(no)m(w)h
+(apply)0 1500 y(the)38 b(induction)e(h)m(yp)s(othesis)j(to)d
+Fs(n)1282 1464 y Fi(0)1343 1500 y Fu(and)i(get)f(that)g(there)h(is)f
+(exactly)h(one)f(n)m(um)m(b)s(er)h Fw(n)3224 1464 y Fi(0)3285
+1500 y Fu(suc)m(h)0 1620 y(that)32 b Ft(N)14 b Fu([)-17
+b([)q Fs(n)407 1584 y Fi(0)431 1620 y Fu(])g(])32 b(=)g
+Fw(n)670 1584 y Fi(0)694 1620 y Fu(.)43 b(But)33 b(then)g(it)e(is)h
+(clear)f(that)h(there)h(is)f(exactly)h(one)f(n)m(um)m(b)s(er)h
+Fw(n)f Fu(\(namely)0 1741 y Fw(2)h Ff(?)f Fw(n)240 1704
+y Fi(0)264 1741 y Fu(\))g(suc)m(h)i(that)f Ft(N)14 b
+Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])33 b(=)g Fw(n)p
+Fu(.)0 1908 y Fw(The)g(case)g Fs(n)40 b Fu(=)32 b Fs(n)721
+1872 y Fi(0)745 1908 y Fr(1)h Fu(is)f(similar)d(and)k(w)m(e)g(omit)e
+(the)i(details.)1117 b Fh(2)146 2121 y Fu(The)31 b(general)f(tec)m
+(hnique)h(that)f(w)m(e)h(ha)m(v)m(e)g(applied)e(in)g(the)h
+(de\014nition)f(of)g(the)i(syn)m(tax)g(and)0 2242 y(seman)m(tics)i(of)f
+(n)m(umerals)g(can)h(b)s(e)g(summarized)e(as)i(follo)m(ws:)p
+0 2324 3470 4 v 0 2341 V -2 2548 4 208 v 15 2548 V 1101
+2469 a Fw(Comp)s(ositional)d(De\014nitions)p 3452 2548
+V 3469 2548 V 0 2552 3470 4 v -2 3041 4 490 v 15 3041
+V 66 2717 a Fu(1:)143 b(The)34 b(syn)m(tactic)f(category)g(is)f(sp)s
+(eci\014ed)i(b)m(y)f(an)g(abstract)g(syn)m(tax)h(giving)d(the)i
+Fs(b)-5 b(asis)285 2837 y(elements)52 b Fu(and)44 b(the)g
+Fs(c)-5 b(omp)g(osite)51 b(elements)8 b Fu(.)77 b(The)45
+b(comp)s(osite)e(elemen)m(ts)h(ha)m(v)m(e)i(a)285 2958
+y(unique)33 b(decomp)s(osition)e(in)m(to)h(their)g(immediate)e
+(constituen)m(ts.)p 3452 3041 V 3469 3041 V -2 3690 4
+650 v 15 3690 V 66 3125 a(2:)143 b(The)29 b(seman)m(tics)f(is)f
+(de\014ned)i(b)m(y)g Fs(c)-5 b(omp)g(ositional)36 b Fu(de\014nitions)27
+b(of)g(a)h(function:)40 b(There)285 3246 y(is)24 b(a)g
+Fs(semantic)29 b(clause)i Fu(for)23 b(eac)m(h)i(of)f(the)g(basis)g
+(elemen)m(ts)h(of)f(the)g(syn)m(tactic)h(category)285
+3366 y(and)i(one)g(for)f(eac)m(h)h(of)f(the)h(metho)s(ds)f(for)g
+(constructing)h(comp)s(osite)f(elemen)m(ts.)41 b(The)285
+3487 y(clauses)28 b(for)e(comp)s(osite)g(elemen)m(ts)i(are)f(de\014ned)
+h(in)e(terms)h(of)g(the)g(seman)m(tics)g(of)g(the)285
+3607 y(immediate)j(constituen)m(ts)k(of)e(the)h(elemen)m(ts.)p
+3452 3690 V 3469 3690 V 0 3694 3470 4 v 0 3710 V 0 3859
+a(The)42 b(pro)s(of)f(tec)m(hnique)i(w)m(e)f(ha)m(v)m(e)h(applied)d(is)
+h(closely)g(connected)i(with)e(the)h(approac)m(h)g(to)0
+3979 y(de\014ning)33 b(seman)m(tic)f(functions.)43 b(It)33
+b(can)g(b)s(e)g(summarized)e(as)i(follo)m(ws:)p 0 4081
+V 0 4097 V -2 4305 4 208 v 15 4305 V 1232 4226 a Fw(Structural)f
+(Induction)p 3452 4305 V 3469 4305 V 0 4308 3470 4 v
+-2 4678 4 370 v 15 4678 V 66 4474 a Fu(1:)143 b(Pro)m(v)m(e)39
+b(that)f(the)g(prop)s(ert)m(y)g(holds)f(for)g(all)f(the)i
+Fs(b)-5 b(asis)45 b Fu(elemen)m(ts)37 b(of)g(the)h(syn)m(tactic)285
+4594 y(category)-8 b(.)p 3452 4678 V 3469 4678 V -2 5206
+4 529 v 15 5206 V 66 4762 a(2:)143 b(Pro)m(v)m(e)39 b(that)d(the)i
+(prop)s(ert)m(y)f(holds)g(for)f(all)f(the)i Fs(c)-5 b(omp)g(osite)44
+b Fu(elemen)m(ts)37 b(of)f(the)i(syn-)285 4882 y(tactic)44
+b(category:)66 b(Assume)45 b(that)f(the)g(prop)s(ert)m(y)h(holds)e(for)
+h(all)e(the)i(immediate)285 5003 y(constituen)m(ts)d(of)f(the)g(elemen)
+m(t)g(\(this)f(is)h(called)f(the)h Fs(induction)h(hyp)-5
+b(othesis)p Fu(\))39 b(and)285 5123 y(pro)m(v)m(e)34
+b(that)e(it)g(also)g(holds)g(for)g(the)h(elemen)m(t)f(itself.)p
+3452 5206 V 3469 5206 V 0 5210 3470 4 v 0 5226 V 146
+5374 a(In)41 b(the)f(remainder)f(of)h(this)f(b)s(o)s(ok)h(w)m(e)h
+(shall)d(assume)j(that)f(n)m(umerals)f(are)h(in)f(decimal)0
+5494 y(notation)30 b(and)h(ha)m(v)m(e)i(their)e(normal)e(meanings)h
+(\(so)i(for)e(example)h Ft(N)14 b Fu([)-17 b([)q Fr(137)p
+Fu(])g(])33 b(=)e Fw(137)g Ft(2)h Fw(Z)p Fu(\).)f(It)p
+eop
+%%Page: 12 22
+12 21 bop 251 130 a Fw(12)2575 b(1)113 b(In)m(tro)s(duction)p
+251 193 3473 4 v 283 515 a Fu(is)30 b(imp)s(ortan)m(t)e(to)i
+(understand,)i(ho)m(w)m(ev)m(er,)h(that)d(there)h(is)f(a)g(distinction)
+e(b)s(et)m(w)m(een)k(n)m(umerals)283 636 y(\(whic)m(h)27
+b(are)f(syn)m(tactic\))i(and)e(n)m(um)m(b)s(ers)h(\(whic)m(h)g(are)f
+(seman)m(tic\),)h(ev)m(en)h(in)e(decimal)e(notation.)283
+922 y Fp(Seman)l(tic)46 b(functions)283 1107 y Fu(The)36
+b(meaning)d(of)h(an)g(expression)h(dep)s(ends)h(on)f(the)f(v)-5
+b(alues)35 b(b)s(ound)f(to)g(the)h(v)-5 b(ariables)33
+b(that)283 1228 y(o)s(ccur)38 b(in)f(it.)58 b(F)-8 b(or)36
+b(example,)j(if)d Fr(x)i Fu(is)f(b)s(ound)h(to)f Fw(3)h
+Fu(then)g(the)g(arithmetic)e(expression)j Fr(x)p Fu(+)p
+Fr(1)283 1348 y Fu(ev)-5 b(aluates)33 b(to)f Fw(4)g Fu(but)h(if)e
+Fr(x)h Fu(is)g(b)s(ound)g(to)g Fw(2)h Fu(then)g(the)f(expression)i(ev)
+-5 b(aluates)32 b(to)g Fw(3)p Fu(.)44 b(W)-8 b(e)32 b(shall)283
+1468 y(therefore)f(in)m(tro)s(duce)f(the)h(concept)g(of)e(a)h
+Fs(state)p Fu(:)43 b(to)29 b(eac)m(h)i(v)-5 b(ariable)28
+b(the)j(state)f(will)e(asso)s(ciate)283 1589 y(its)h(curren)m(t)h(v)-5
+b(alue.)41 b(W)-8 b(e)29 b(shall)f(represen)m(t)i(a)f(state)g(as)g(a)f
+(function)h(from)e(v)-5 b(ariables)27 b(to)i(v)-5 b(alues,)283
+1709 y(that)33 b(is)f(an)g(elemen)m(t)h(of)f(the)h(set)527
+1900 y Fw(State)g Fu(=)f Fw(V)-9 b(ar)32 b Ft(!)h Fw(Z)283
+2090 y Fu(Eac)m(h)42 b(state)f Fs(s)49 b Fu(sp)s(eci\014es)42
+b(a)e(v)-5 b(alue,)42 b(written)f Fs(s)48 b(x)12 b Fu(,)43
+b(for)d(eac)m(h)h(v)-5 b(ariable)39 b Fs(x)53 b Fu(of)40
+b Fw(V)-9 b(ar)p Fu(.)67 b(Th)m(us)42 b(if)283 2211 y
+Fs(s)f Fr(x)33 b Fu(=)f Fw(3)h Fu(then)g(the)g(v)-5 b(alue)32
+b(of)g Fr(x)p Fu(+)p Fr(1)h Fu(in)f(state)h Fs(s)40 b
+Fu(is)33 b Fw(4)p Fu(.)430 2331 y(Actually)-8 b(,)41
+b(this)e(is)h(just)g(one)g(of)g(sev)m(eral)h(represen)m(tations)g(of)e
+(the)i(state.)66 b(Some)40 b(other)283 2451 y(p)s(ossibilities)30
+b(are)j(to)f(use)h(a)g(table:)p 527 2553 877 4 v 525
+2801 4 249 v 728 2718 a Fr(x)p 978 2801 V 368 w Fw(5)p
+1402 2801 V 525 2969 4 168 v 728 2886 a Fr(y)p 978 2969
+V 385 w Fw(7)p 1402 2969 V 525 3137 V 728 3053 a Fr(z)p
+978 3137 V 385 w Fw(0)p 1402 3137 V 527 3140 877 4 v
+283 3288 a Fu(or)g(a)f(\\list")f(of)h(the)h(form)527
+3478 y([)p Fr(x)p Ft(7!)p Fw(5)p Fu(,)g Fr(y)p Ft(7!)p
+Fw(7)p Fu(,)g Fr(z)p Ft(7!)o Fw(0)p Fu(])283 3669 y(\(as)28
+b(in)f(Section)g(1.1\).)41 b(In)28 b(all)d(cases)k(w)m(e)g(m)m(ust)e
+(ensure)i(that)f(exactly)f(one)h(v)-5 b(alue)27 b(is)g(asso)s(ciated)
+283 3789 y(with)36 b(eac)m(h)g(v)-5 b(ariable.)51 b(By)37
+b(requiring)d(a)i(state)g(to)f(b)s(e)h(a)g(function)f(this)g(is)g
+(trivially)e(ful\014lled)283 3909 y(whereas)49 b(for)e(the)g
+(alternativ)m(e)f(represen)m(tations)j(ab)s(o)m(v)m(e)e(extra)h
+(restrictions)f(ha)m(v)m(e)h(to)f(b)s(e)283 4030 y(enforced.)430
+4150 y(Giv)m(en)33 b(an)g(arithmetic)e(expression)k Fs(a)41
+b Fu(and)33 b(a)g(state)h Fs(s)41 b Fu(w)m(e)34 b(can)g(determine)f
+(the)h(v)-5 b(alue)32 b(of)283 4271 y(the)41 b(expression.)66
+b(Therefore)40 b(w)m(e)h(shall)d(de\014ne)j(the)f(meaning)e(of)i
+(arithmetic)d(expressions)283 4391 y(as)f(a)g(total)e(function)h
+Ft(A)g Fu(that)h(tak)m(es)h(t)m(w)m(o)f(argumen)m(ts:)50
+b(the)37 b(syn)m(tactic)f(construct)h Fs(and)45 b Fu(the)283
+4511 y(state.)f(The)34 b(functionalit)m(y)d(of)h Ft(A)g
+Fu(is)527 4702 y Ft(A)p Fu(:)43 b Fw(Aexp)33 b Ft(!)f
+Fu(\()p Fw(State)h Ft(!)f Fw(Z)p Fu(\))283 4893 y(This)h(means)e(that)h
+Ft(A)f Fu(tak)m(es)j(its)d(parameters)h Fs(one)h(at)i(a)f(time)p
+Fu(.)43 b(So)32 b(w)m(e)h(ma)m(y)e(supply)i Ft(A)e Fu(with)283
+5013 y(its)i(\014rst)g(parameter,)g(sa)m(y)h Fr(x)p Fu(+)p
+Fr(1)p Fu(,)f(and)g(study)h(the)f(function)g Ft(A)o Fu([)-17
+b([)q Fr(x)p Fu(+)p Fr(1)p Fu(])g(])q(.)44 b(It)33 b(has)h
+(functionalit)m(y)283 5133 y Fw(State)45 b Ft(!)g Fw(Z)g
+Fu(and)g(only)g(when)h(w)m(e)f(supply)h(it)e(with)g(a)h(state)g(\(whic)
+m(h)h(happ)s(ens)f(to)g(b)s(e)g(a)283 5254 y(function)32
+b(but)g(that)g(do)s(es)g(not)g(matter\))f(do)h(w)m(e)h(obtain)e(the)i
+(v)-5 b(alue)31 b(of)h(the)g(expression)h Fr(x)p Fu(+)p
+Fr(1)p Fu(.)430 5374 y(Assuming)25 b(the)g(existence)i(of)e(the)h
+(function)e Ft(N)40 b Fu(de\014ning)25 b(the)h(meaning)e(of)g(n)m
+(umerals,)j(w)m(e)283 5494 y(can)f(de\014ne)g(the)f(function)g
+Ft(A)f Fu(b)m(y)i(de\014ning)f(its)f(v)-5 b(alue)25 b
+Ft(A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(s)33
+b Fu(on)25 b(eac)m(h)h(arithmetic)d(expression)p eop
+%%Page: 13 23
+13 22 bop 0 130 a Fw(1.3)112 b(Seman)m(tics)37 b(of)g(expressions)1900
+b(13)p 0 193 3473 4 v 0 419 V 0 1260 4 841 v 432 528
+a Ft(A)o Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])q Fs(s)381
+b Fu(=)100 b Ft(N)14 b Fu([)-17 b([)q Fs(n)7 b Fu(])-17
+b(])432 696 y Ft(A)o Fu([)g([)q Fs(x)12 b Fu(])-17 b(])p
+Fs(s)387 b Fu(=)100 b Fs(s)40 b(x)432 863 y Ft(A)o Fu([)-17
+b([)q Fs(a)606 878 y Fn(1)678 863 y Fu(+)33 b Fs(a)844
+878 y Fn(2)883 863 y Fu(])-17 b(])q Fs(s)109 b Fu(=)100
+b Ft(A)o Fu([)-17 b([)q Fs(a)1420 878 y Fn(1)1460 863
+y Fu(])g(])p Fs(s)41 b Fu(+)32 b Ft(A)p Fu([)-17 b([)p
+Fs(a)1860 878 y Fn(2)1900 863 y Fu(])g(])q Fs(s)432 1031
+y Ft(A)o Fu([)g([)q Fs(a)606 1046 y Fn(1)678 1031 y Fo(?)33
+b Fs(a)817 1046 y Fn(2)856 1031 y Fu(])-17 b(])q Fs(s)136
+b Fu(=)100 b Ft(A)o Fu([)-17 b([)q Fs(a)1420 1046 y Fn(1)1460
+1031 y Fu(])g(])p Fs(s)41 b Ff(?)33 b Ft(A)o Fu([)-17
+b([)q Fs(a)1842 1046 y Fn(2)1881 1031 y Fu(])g(])q Fs(s)432
+1199 y Ft(A)o Fu([)g([)q Fs(a)606 1214 y Fn(1)678 1199
+y Ft(\000)33 b Fs(a)845 1214 y Fn(2)885 1199 y Fu(])-17
+b(])q Fs(s)107 b Fu(=)100 b Ft(A)o Fu([)-17 b([)q Fs(a)1420
+1214 y Fn(1)1460 1199 y Fu(])g(])p Fs(s)41 b Fe(\000)32
+b Ft(A)p Fu([)-17 b([)q Fs(a)1874 1214 y Fn(2)1913 1199
+y Fu(])g(])q Fs(s)p 3469 1260 V 0 1263 3473 4 v 654 1424
+a Fu(T)-8 b(able)32 b(1.1:)43 b(The)34 b(seman)m(tics)e(of)g
+(arithmetic)f(expressions)0 1708 y Fs(a)41 b Fu(and)33
+b(state)h Fs(s)8 b Fu(.)46 b(The)34 b(de\014nition)f(of)g
+Ft(A)g Fu(is)g(giv)m(en)g(in)g(T)-8 b(able)33 b(1.1.)45
+b(The)35 b(clause)e(for)g Fs(n)41 b Fu(re\015ects)0 1828
+y(that)29 b(the)g(v)-5 b(alue)28 b(of)h Fs(n)36 b Fu(in)28
+b(an)m(y)h(state)h(is)e Ft(N)15 b Fu([)-17 b([)p Fs(n)7
+b Fu(])-17 b(])q(.)42 b(The)30 b(v)-5 b(alue)28 b(of)h(a)f(v)-5
+b(ariable)28 b Fs(x)40 b Fu(in)28 b(state)i Fs(s)37 b
+Fu(is)28 b(the)0 1949 y(v)-5 b(alue)34 b(b)s(ound)i(to)e
+Fs(x)47 b Fu(in)34 b Fs(s)8 b Fu(,)36 b(that)e(is)h Fs(s)43
+b(x)12 b Fu(.)50 b(The)36 b(v)-5 b(alue)34 b(of)h(the)g(comp)s(osite)f
+(expression)i Fs(a)3260 1964 y Fn(1)3300 1949 y Fu(+)p
+Fs(a)3433 1964 y Fn(2)0 2069 y Fu(in)31 b Fs(s)40 b Fu(is)31
+b(the)i(sum)e(of)h(the)g(v)-5 b(alues)32 b(of)f Fs(a)1398
+2084 y Fn(1)1470 2069 y Fu(and)h Fs(a)1716 2084 y Fn(2)1787
+2069 y Fu(in)f Fs(s)8 b Fu(.)44 b(Similarly)-8 b(,)28
+b(the)k(v)-5 b(alue)31 b(of)g Fs(a)3037 2084 y Fn(1)3110
+2069 y Fo(?)h Fs(a)3248 2084 y Fn(2)3319 2069 y Fu(in)g
+Fs(s)0 2189 y Fu(is)f(the)h(pro)s(duct)f(of)g(the)h(v)-5
+b(alues)31 b(of)g Fs(a)1361 2204 y Fn(1)1432 2189 y Fu(and)g
+Fs(a)1677 2204 y Fn(2)1748 2189 y Fu(in)g Fs(s)8 b Fu(,)32
+b(and)f(the)h(v)-5 b(alue)31 b(of)f Fs(a)2740 2204 y
+Fn(1)2811 2189 y Ft(\000)i Fs(a)2977 2204 y Fn(2)3048
+2189 y Fu(in)f Fs(s)39 b Fu(is)31 b(the)0 2310 y(di\013erence)i(b)s(et)
+m(w)m(een)h(the)f(v)-5 b(alues)32 b(of)g Fs(a)1438 2325
+y Fn(1)1510 2310 y Fu(and)g Fs(a)1756 2325 y Fn(2)1828
+2310 y Fu(in)g Fs(s)8 b Fu(.)43 b(Note)32 b(that)g(+)h(,)f
+Ff(?)g Fu(and)h Fe(\000)f Fu(o)s(ccurring)0 2430 y(on)i(the)g(righ)m(t)
+f(of)h(these)h(equations)f(are)g(the)g(usual)g(arithmetic)e(op)s
+(erations,)h(whilst)g(on)h(the)0 2550 y(left)42 b(they)i(are)f(just)h
+(pieces)f(of)g(syn)m(tax;)50 b(this)42 b(is)h(analogous)f(to)h(the)g
+(distinction)e(b)s(et)m(w)m(een)0 2671 y(n)m(umerals)32
+b(and)h(n)m(um)m(b)s(ers)g(but)g(w)m(e)h(shall)d(not)h(b)s(other)h(to)f
+(use)i(di\013eren)m(t)e(sym)m(b)s(ols.)0 2897 y Fw(Example)37
+b(1.5)48 b Fu(Supp)s(ose)34 b(that)e Fs(s)41 b Fr(x)33
+b Fu(=)f Fw(3)p Fu(.)44 b(Then:)294 3091 y Ft(A)o Fu([)-17
+b([)q Fr(x)p Fu(+)p Fr(1)p Fu(])g(])q Fs(s)108 b Fu(=)99
+b Ft(A)p Fu([)-17 b([)p Fr(x)p Fu(])g(])q Fs(s)41 b Fu(+)32
+b Ft(A)p Fu([)-17 b([)p Fr(1)p Fu(])g(])q Fs(s)775 3259
+y Fu(=)99 b(\()p Fs(s)41 b Fr(x)p Fu(\))32 b(+)h Ft(N)14
+b Fu([)-17 b([)q Fr(1)p Fu(])g(])775 3426 y(=)99 b Fw(3)33
+b Fu(+)f Fw(1)775 3594 y Fu(=)99 b Fw(4)0 3795 y Fu(Note)33
+b(that)g(here)g Fr(1)h Fu(is)e(a)h(n)m(umeral)f(\(enclosed)h(in)f(the)i
+(brac)m(k)m(ets)h(`[)-17 b([')33 b(and)g(`])-17 b(])q('\))33
+b(whereas)h Fw(1)f Fu(is)g(a)0 3915 y(n)m(um)m(b)s(er.)3049
+b Fh(2)0 4142 y Fw(Example)37 b(1.6)48 b Fu(Supp)s(ose)28
+b(w)m(e)g(add)f(the)g(arithmetic)d(expression)k Ft(\000)16
+b Fs(a)35 b Fu(to)26 b(our)h(language.)40 b(An)0 4262
+y(acceptable)33 b(seman)m(tic)f(clause)h(for)f(this)g(construct)i(w)m
+(ould)e(b)s(e)244 4464 y Ft(A)o Fu([)-17 b([)q Ft(\000)16
+b Fs(a)7 b Fu(])-17 b(])r Fs(s)40 b Fu(=)33 b Fw(0)f
+Fe(\000)h Ft(A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q
+Fs(s)0 4666 y Fu(whereas)39 b(the)f(alternativ)m(e)e(clause)i
+Ft(A)o Fu([)-17 b([)q Ft(\000)16 b Fs(a)7 b Fu(])-17
+b(])q Fs(s)46 b Fu(=)37 b Ft(A)o Fu([)-17 b([)q Fr(0)37
+b Ft(\000)h Fs(a)7 b Fu(])-17 b(])q Fs(s)45 b Fu(w)m(ould)38
+b(con)m(tradict)f(the)h(com-)0 4786 y(p)s(ositionalit)m(y)29
+b(requiremen)m(t.)2301 b Fh(2)0 5013 y Fw(Exercise)36
+b(1.7)49 b Fu(Pro)m(v)m(e)f(that)e(the)h(equations)g(of)f(T)-8
+b(able)46 b(1.1)g(de\014ne)h(a)f(total)f(function)h Ft(A)0
+5133 y Fu(in)51 b Fw(Aexp)g Ft(!)g Fu(\()p Fw(State)h
+Ft(!)f Fw(Z)p Fu(\):)h(First)e(argue)i(that)f(it)f(is)h(su\016cien)m(t)
+i(to)e(pro)m(v)m(e)i(that)e(for)0 5254 y(eac)m(h)39 b
+Fs(a)h Ft(2)33 b Fw(Aexp)39 b Fu(and)f(eac)m(h)h Fs(s)47
+b Ft(2)39 b Fw(State)f Fu(there)h(is)f(exactly)h(one)g(v)-5
+b(alue)38 b Fw(v)g Ft(2)h Fw(Z)g Fu(suc)m(h)h(that)0
+5374 y Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q
+Fs(s)41 b Fu(=)32 b Fw(v)p Fu(.)48 b(Next)35 b(use)g(structural)f
+(induction)f(on)h(the)h(arithmetic)d(expressions)j(to)f(pro)m(v)m(e)0
+5494 y(that)e(this)h(is)f(indeed)h(the)g(case.)2221 b
+Fh(2)p eop
+%%Page: 14 24
+14 23 bop 251 130 a Fw(14)2575 b(1)113 b(In)m(tro)s(duction)p
+251 193 3473 4 v 283 419 V 283 2160 4 1741 v 715 528
+a Ft(B)t Fu([)-17 b([)p Fr(true)p Fu(])g(])r Fs(s)239
+b Fu(=)99 b Fw(tt)715 696 y Ft(B)t Fu([)-17 b([)p Fr(false)p
+Fu(])g(])r Fs(s)188 b Fu(=)99 b Fw(\013)715 954 y Ft(B)t
+Fu([)-17 b([)p Fs(a)878 969 y Fn(1)951 954 y Fu(=)32
+b Fs(a)1116 969 y Fn(2)1156 954 y Fu(])-17 b(])p Fs(s)110
+b Fu(=)1518 779 y Fg(8)1518 854 y(<)1518 1003 y(:)1633
+869 y Fw(tt)83 b Fu(if)31 b Ft(A)p Fu([)-17 b([)p Fs(a)2067
+884 y Fn(1)2107 869 y Fu(])g(])p Fs(s)41 b Fu(=)32 b
+Ft(A)p Fu([)-17 b([)q Fs(a)2508 884 y Fn(2)2547 869 y
+Fu(])g(])q Fs(s)1633 1037 y Fw(\013)106 b Fu(if)31 b
+Ft(A)p Fu([)-17 b([)p Fs(a)2067 1052 y Fn(1)2107 1037
+y Fu(])g(])p Fs(s)41 b Ft(6)p Fu(=)32 b Ft(A)p Fu([)-17
+b([)q Fs(a)2508 1052 y Fn(2)2547 1037 y Fu(])g(])q Fs(s)715
+1306 y Ft(B)t Fu([)g([)p Fs(a)878 1321 y Fn(1)951 1306
+y Ft(\024)33 b Fs(a)1118 1321 y Fn(2)1157 1306 y Fu(])-17
+b(])q Fs(s)108 b Fu(=)1518 1131 y Fg(8)1518 1206 y(<)1518
+1356 y(:)1633 1221 y Fw(tt)83 b Fu(if)31 b Ft(A)p Fu([)-17
+b([)p Fs(a)2067 1236 y Fn(1)2107 1221 y Fu(])g(])p Fs(s)41
+b Fe(\024)33 b Ft(A)o Fu([)-17 b([)q Fs(a)2521 1236 y
+Fn(2)2561 1221 y Fu(])g(])p Fs(s)1633 1389 y Fw(\013)106
+b Fu(if)31 b Ft(A)p Fu([)-17 b([)p Fs(a)2067 1404 y Fn(1)2107
+1389 y Fu(])g(])p Fs(s)41 b Ff(>)33 b Ft(A)o Fu([)-17
+b([)q Fs(a)2521 1404 y Fn(2)2561 1389 y Fu(])g(])p Fs(s)715
+1658 y Ft(B)t Fu([)g([)p Ft(:)33 b Fs(b)6 b Fu(])-17
+b(])q Fs(s)294 b Fu(=)1518 1484 y Fg(8)1518 1558 y(<)1518
+1708 y(:)1633 1573 y Fw(tt)83 b Fu(if)31 b Ft(B)t Fu([)-17
+b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 b Fw(\013)1633
+1741 y(\013)106 b Fu(if)31 b Ft(B)t Fu([)-17 b([)p Fs(b)6
+b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 b Fw(tt)715 2010 y
+Ft(B)t Fu([)-17 b([)p Fs(b)872 2025 y Fn(1)944 2010 y
+Ft(^)33 b Fs(b)1094 2025 y Fn(2)1134 2010 y Fu(])-17
+b(])p Fs(s)132 b Fu(=)1518 1836 y Fg(8)1518 1911 y(<)1518
+2060 y(:)1633 1926 y Fw(tt)83 b Fu(if)31 b Ft(B)t Fu([)-17
+b([)p Fs(b)2050 1941 y Fn(1)2089 1926 y Fu(])g(])q Fs(s)41
+b Fu(=)32 b Fw(tt)g Fu(and)g Ft(B)t Fu([)-17 b([)p Fs(b)2782
+1941 y Fn(2)2822 1926 y Fu(])g(])p Fs(s)41 b Fu(=)32
+b Fw(tt)1633 2093 y(\013)106 b Fu(if)31 b Ft(B)t Fu([)-17
+b([)p Fs(b)2050 2108 y Fn(1)2089 2093 y Fu(])g(])q Fs(s)41
+b Fu(=)32 b Fw(\013)h Fu(or)f Ft(B)t Fu([)-17 b([)p Fs(b)2690
+2108 y Fn(2)2730 2093 y Fu(])g(])p Fs(s)41 b Fu(=)32
+b Fw(\013)p 3753 2160 V 283 2163 3473 4 v 991 2323 a
+Fu(T)-8 b(able)33 b(1.2:)43 b(The)33 b(seman)m(tics)g(of)f(b)s(o)s
+(olean)f(expressions)430 2588 y(The)g(v)-5 b(alues)31
+b(of)f(b)s(o)s(olean)f(expressions)k(are)d(truth)h(v)-5
+b(alues)30 b(so)h(in)f(a)g(similar)e(w)m(a)m(y)k(w)m(e)f(shall)283
+2709 y(de\014ne)j(their)e(meanings)g(b)m(y)h(a)g(\(total\))e(function)h
+(from)f Fw(State)i Fu(to)f Fw(T)p Fu(:)527 2882 y Ft(B)t
+Fu(:)43 b Fw(Bexp)33 b Ft(!)f Fu(\()p Fw(State)h Ft(!)f
+Fw(T)p Fu(\))283 3055 y(Here)i Fw(T)e Fu(consists)i(of)e(the)h(truth)f
+(v)-5 b(alues)33 b Fw(tt)f Fu(\(for)f(true\))i(and)g
+Fw(\013)g Fu(\(for)f(false\).)430 3176 y(Using)g Ft(A)h
+Fu(w)m(e)h(can)f(de\014ne)h Ft(B)i Fu(b)m(y)e(the)f(seman)m(tic)g
+(clauses)h(of)e(T)-8 b(able)33 b(1.2.)44 b(Again)32 b(w)m(e)i(ha)m(v)m
+(e)283 3296 y(the)h(distinction)e(b)s(et)m(w)m(een)k(syn)m(tax)f
+(\(e.g.)49 b Ft(\024)35 b Fu(on)f(the)h(left-hand)f(side\))g(and)h
+(seman)m(tics)g(\(e.g.)283 3416 y Fe(\024)e Fu(on)g(the)g(righ)m
+(t-hand)e(side\).)283 3604 y Fw(Exercise)37 b(1.8)49
+b Fu(Assume)33 b(that)g Fs(s)40 b Fr(x)33 b Fu(=)f Fw(3)h
+Fu(and)g(determine)f Ft(B)s Fu([)-17 b([)q Ft(:)p Fu(\()p
+Fr(x)33 b Fu(=)f Fr(1)p Fu(\)])-17 b(])q Fs(s)8 b Fu(.)579
+b Fh(2)283 3793 y Fw(Exercise)37 b(1.9)49 b Fu(Pro)m(v)m(e)38
+b(that)e(the)h(equations)g(of)f(T)-8 b(able)37 b(1.2)f(de\014ne)i(a)e
+(total)f(function)i Ft(B)j Fu(in)283 3913 y Fw(Bexp)33
+b Ft(!)f Fu(\()p Fw(State)h Ft(!)f Fw(T)p Fu(\).)2380
+b Fh(2)283 4101 y Fw(Exercise)37 b(1.10)49 b Fu(The)26
+b(syn)m(tactic)g(category)g Fw(Bexp)2211 4065 y Fi(0)2260
+4101 y Fu(is)e(de\014ned)j(as)f(the)f(follo)m(wing)e(extension)283
+4221 y(of)33 b Fw(Bexp)p Fu(:)577 4386 y Fs(b)106 b Fu(::=)99
+b Fr(true)34 b Ft(j)e Fr(false)i Ft(j)e Fs(a)1661 4401
+y Fn(1)1733 4386 y Fu(=)h Fs(a)1899 4401 y Fn(2)1971
+4386 y Ft(j)f Fs(a)2088 4401 y Fn(1)2160 4386 y Ft(6)p
+Fu(=)h Fs(a)2326 4401 y Fn(2)2398 4386 y Ft(j)f Fs(a)2515
+4401 y Fn(1)2587 4386 y Ft(\024)h Fs(a)2754 4401 y Fn(2)2827
+4386 y Ft(j)f Fs(a)2944 4401 y Fn(1)3016 4386 y Ft(\025)h
+Fs(a)3183 4401 y Fn(2)830 4554 y Ft(j)99 b Fs(a)1014
+4569 y Fn(1)1087 4554 y Fo(<)32 b Fs(a)1252 4569 y Fn(2)1324
+4554 y Ft(j)g Fs(a)1441 4569 y Fn(1)1514 4554 y Fo(>)g
+Fs(a)1679 4569 y Fn(2)1751 4554 y Ft(j)g(:)q Fs(b)38
+b Ft(j)32 b Fs(b)2072 4569 y Fn(1)2144 4554 y Ft(^)h
+Fs(b)2294 4569 y Fn(2)2366 4554 y Ft(j)f Fs(b)2477 4569
+y Fn(1)2549 4554 y Ft(_)h Fs(b)2699 4569 y Fn(2)830 4721
+y Ft(j)99 b Fs(b)1008 4736 y Fn(1)1080 4721 y Ft(\))32
+b Fs(b)1263 4736 y Fn(2)1335 4721 y Ft(j)h Fs(b)1447
+4736 y Fn(1)1518 4721 y Ft(,)g Fs(b)1702 4736 y Fn(2)283
+4888 y Fu(Giv)m(e)g(a)f Fs(c)-5 b(omp)g(ositional)41
+b Fu(extension)34 b(of)e(the)h(seman)m(tic)f(function)g
+Ft(B)k Fu(of)c(T)-8 b(able)32 b(1.2.)430 5008 y(Tw)m(o)h(b)s(o)s(olean)
+e(expressions)k Fs(b)1572 5023 y Fn(1)1644 5008 y Fu(and)d
+Fs(b)1884 5023 y Fn(2)1956 5008 y Fu(are)h Fs(e)-5 b(quivalent)41
+b Fu(if)32 b(for)g(all)e(states)k Fs(s)8 b Fu(,)527 5181
+y Ft(B)t Fu([)-17 b([)p Fs(b)684 5196 y Fn(1)724 5181
+y Fu(])g(])p Fs(s)41 b Fu(=)32 b Ft(B)t Fu([)-17 b([)p
+Fs(b)1107 5196 y Fn(2)1147 5181 y Fu(])g(])p Fs(s)283
+5355 y Fu(Sho)m(w)35 b(that)e(for)f(eac)m(h)i Fs(b)1174
+5319 y Fi(0)1231 5355 y Fu(of)e Fw(Bexp)1594 5319 y Fi(0)1651
+5355 y Fu(there)i(exists)g(a)f(b)s(o)s(olean)f(expression)i
+Fs(b)39 b Fu(of)33 b Fw(Bexp)g Fu(suc)m(h)283 5475 y(that)g
+Fs(b)546 5439 y Fi(0)602 5475 y Fu(and)f Fs(b)39 b Fu(are)32
+b(equiv)-5 b(alen)m(t.)2186 b Fh(2)p eop
+%%Page: 15 25
+15 24 bop 0 130 a Fw(1.4)112 b(Prop)s(erties)36 b(of)i(the)f(seman)m
+(tics)1763 b(15)p 0 193 3473 4 v 0 515 a Fj(1.4)161 b(Prop)t(erties)53
+b(of)h(the)f(seman)l(tics)0 737 y Fu(Later)29 b(in)g(the)h(b)s(o)s(ok)g
+(w)m(e)g(shall)e(b)s(e)i(in)m(terested)h(in)e(t)m(w)m(o)h(kinds)g(of)f
+(prop)s(erties)g(for)h(expressions.)0 858 y(One)39 b(is)g(that)f(their)
+g(v)-5 b(alues)39 b(do)g(not)g(dep)s(end)h(on)e(v)-5
+b(alues)39 b(of)g(v)-5 b(ariables)37 b(that)i(do)f(not)h(o)s(ccur)0
+978 y(in)h(them.)67 b(The)41 b(other)g(is)f(that)g(if)g(w)m(e)h
+(replace)g(a)f(v)-5 b(ariable)39 b(with)h(an)g(expression)i(then)f(w)m
+(e)0 1098 y(could)d(as)h(w)m(ell)e(ha)m(v)m(e)j(made)e(a)g(similar)d(c)
+m(hange)40 b(in)d(the)i(state.)61 b(W)-8 b(e)39 b(shall)e(formalize)f
+(these)0 1219 y(prop)s(erties)c(b)s(elo)m(w)h(and)g(pro)m(v)m(e)g(that)
+g(they)g(do)g(hold.)0 1516 y Fp(F)-11 b(ree)45 b(v)-7
+b(ariables)0 1704 y Fu(The)27 b Fs(fr)-5 b(e)g(e)29 b(variables)34
+b Fu(of)26 b(an)g(arithmetic)f(expression)i Fs(a)34 b
+Fu(is)26 b(de\014ned)i(to)e(b)s(e)h(the)g(set)g(of)f(v)-5
+b(ariables)0 1824 y(o)s(ccurring)41 b(in)f(it.)69 b(F)-8
+b(ormally)g(,)41 b(w)m(e)h(ma)m(y)f(giv)m(e)h(a)f(comp)s(ositional)d
+(de\014nition)i(of)h(the)h(subset)0 1944 y(FV\()p Fs(a)7
+b Fu(\))32 b(of)h Fw(V)-9 b(ar)p Fu(:)294 2152 y(FV\()p
+Fs(n)7 b Fu(\))373 b(=)99 b Ft(;)294 2319 y Fu(FV\()p
+Fs(x)12 b Fu(\))378 b(=)99 b Ft(f)33 b Fs(x)44 b Ft(g)294
+2487 y Fu(FV\()p Fs(a)526 2502 y Fn(1)598 2487 y Fu(+)32
+b Fs(a)763 2502 y Fn(2)803 2487 y Fu(\))101 b(=)e(FV\()p
+Fs(a)1349 2502 y Fn(1)1389 2487 y Fu(\))32 b Ft([)h Fu(FV\()p
+Fs(a)1790 2502 y Fn(2)1830 2487 y Fu(\))294 2654 y(FV\()p
+Fs(a)526 2669 y Fn(1)598 2654 y Fo(?)f Fs(a)736 2669
+y Fn(2)776 2654 y Fu(\))128 b(=)99 b(FV\()p Fs(a)1349
+2669 y Fn(1)1389 2654 y Fu(\))32 b Ft([)h Fu(FV\()p Fs(a)1790
+2669 y Fn(2)1830 2654 y Fu(\))294 2822 y(FV\()p Fs(a)526
+2837 y Fn(1)598 2822 y Ft(\000)g Fs(a)765 2837 y Fn(2)804
+2822 y Fu(\))100 b(=)f(FV\()p Fs(a)1349 2837 y Fn(1)1389
+2822 y Fu(\))32 b Ft([)h Fu(FV\()p Fs(a)1790 2837 y Fn(2)1830
+2822 y Fu(\))0 3031 y(As)d(an)f(example)g(FV\()p Fr(x)p
+Fu(+)p Fr(1)p Fu(\))g(=)g Ft(f)g Fr(x)h Ft(g)f Fu(and)g(FV\()p
+Fr(x)p Fu(+)p Fr(y)p Fo(?)p Fr(x)p Fu(\))g(=)g Ft(f)g
+Fr(x)p Fu(,)i Fr(y)e Ft(g)p Fu(.)42 b(It)30 b(should)f(b)s(e)g(ob)m
+(vious)0 3151 y(that)39 b(only)g(the)h(v)-5 b(ariables)38
+b(in)h(FV\()p Fs(a)7 b Fu(\))39 b(ma)m(y)g(in\015uence)h(the)g(v)-5
+b(alue)39 b(of)g Fs(a)7 b Fu(.)64 b(This)39 b(is)g(formally)0
+3272 y(expressed)c(b)m(y:)p 0 3394 3473 5 v 0 3576 a
+Fw(Lemma)i(1.11)49 b Fu(Let)39 b Fs(s)48 b Fu(and)39
+b Fs(s)1158 3540 y Fi(0)1220 3576 y Fu(b)s(e)h(t)m(w)m(o)f(states)h
+(satisfying)f(that)f Fs(s)48 b(x)i Fu(=)39 b Fs(s)2839
+3540 y Fi(0)2902 3576 y Fs(x)51 b Fu(for)38 b(all)f Fs(x)51
+b Fu(in)0 3697 y(FV\()p Fs(a)7 b Fu(\).)43 b(Then)34
+b Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)41
+b Fu(=)32 b Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q
+Fs(s)1256 3660 y Fi(0)1279 3697 y Fu(.)p 0 3817 V 0 4027
+a Fw(Pro)s(of:)26 b Fu(W)-8 b(e)24 b(shall)e(giv)m(e)h(a)g(fairly)e
+(detailed)h(pro)s(of)g(of)h(the)h(lemma)d(using)h(structural)h
+(induction)0 4148 y(on)30 b(the)h(arithmetic)d(expressions.)44
+b(W)-8 b(e)31 b(shall)d(\014rst)j(consider)f(the)h(basis)f(elemen)m(ts)
+g(of)g Fw(Aexp)p Fu(:)0 4315 y Fw(The)35 b(case)g Fs(n)7
+b Fu(:)48 b(F)-8 b(rom)33 b(T)-8 b(able)34 b(1.1)g(w)m(e)i(ha)m(v)m(e)g
+Ft(A)o Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])q Fs(s)42
+b Fu(=)35 b Ft(N)14 b Fu([)-17 b([)q Fs(n)7 b Fu(])-17
+b(])35 b(as)g(w)m(ell)f(as)g Ft(A)p Fu([)-17 b([)p Fs(n)7
+b Fu(])-17 b(])q Fs(s)3043 4279 y Fi(0)3101 4315 y Fu(=)34
+b Ft(N)15 b Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(].)0 4436
+y(So)32 b Ft(A)p Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])p
+Fs(s)41 b Fu(=)32 b Ft(A)p Fu([)-17 b([)q Fs(n)7 b Fu(])-17
+b(])p Fs(s)806 4399 y Fi(0)862 4436 y Fu(and)33 b(clearly)f(the)h
+(lemma)d(holds)i(in)g(this)g(case.)0 4603 y Fw(The)e(case)h
+Fs(x)12 b Fu(:)42 b(F)-8 b(rom)28 b(T)-8 b(able)30 b(1.1)f(w)m(e)i(ha)m
+(v)m(e)g Ft(A)p Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])p
+Fs(s)38 b Fu(=)30 b Fs(s)38 b(x)j Fu(as)30 b(w)m(ell)g(as)g
+Ft(A)o Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])p Fs(s)2862
+4567 y Fi(0)2916 4603 y Fu(=)29 b Fs(s)3069 4567 y Fi(0)3123
+4603 y Fs(x)12 b Fu(.)42 b(F)-8 b(rom)0 4724 y(the)31
+b(assumptions)f(of)g(the)h(lemma)d(w)m(e)j(get)g Fs(s)38
+b(x)k Fu(=)31 b Fs(s)1927 4687 y Fi(0)1980 4724 y Fs(x)42
+b Fu(b)s(ecause)32 b Fs(x)42 b Ft(2)31 b Fu(FV\()p Fs(x)12
+b Fu(\))30 b(so)h(clearly)e(the)0 4844 y(lemma)h(holds)j(in)e(this)i
+(case.)146 4966 y(Next)h(w)m(e)f(turn)g(to)f(the)h(comp)s(osite)f
+(elemen)m(ts)h(of)f Fw(Aexp)p Fu(:)0 5133 y Fw(The)f(case)g
+Fs(a)509 5148 y Fn(1)579 5133 y Fu(+)f Fs(a)742 5148
+y Fn(2)781 5133 y Fu(:)43 b(F)-8 b(rom)29 b(T)-8 b(able)30
+b(1.1)g(w)m(e)h(ha)m(v)m(e)h Ft(A)o Fu([)-17 b([)q Fs(a)2064
+5148 y Fn(1)2134 5133 y Fu(+)30 b Fs(a)2297 5148 y Fn(2)2337
+5133 y Fu(])-17 b(])p Fs(s)39 b Fu(=)30 b Ft(A)o Fu([)-17
+b([)q Fs(a)2733 5148 y Fn(1)2773 5133 y Fu(])g(])p Fs(s)38
+b Fu(+)31 b Ft(A)o Fu([)-17 b([)q Fs(s)3160 5148 y Fn(2)3199
+5133 y Fu(])g(])q Fs(s)38 b Fu(and)0 5254 y(similarly)24
+b Ft(A)p Fu([)-17 b([)p Fs(a)568 5269 y Fn(1)636 5254
+y Fu(+)28 b Fs(a)797 5269 y Fn(2)836 5254 y Fu(])-17
+b(])q Fs(s)922 5218 y Fi(0)973 5254 y Fu(=)28 b Ft(A)o
+Fu([)-17 b([)q Fs(a)1251 5269 y Fn(1)1291 5254 y Fu(])g(])p
+Fs(s)1376 5218 y Fi(0)1427 5254 y Fu(+)28 b Ft(A)p Fu([)-17
+b([)p Fs(s)1696 5269 y Fn(2)1736 5254 y Fu(])g(])p Fs(s)1821
+5218 y Fi(0)1845 5254 y Fu(.)42 b(Since)28 b Fs(a)2221
+5269 y Fn(i)2273 5254 y Fu(\(for)f(i)g(=)g(1,2\))h(is)f(an)h(immediate)
+0 5374 y(sub)s(expression)35 b(of)e Fs(a)789 5389 y Fn(1)862
+5374 y Fu(+)g Fs(a)1028 5389 y Fn(2)1101 5374 y Fu(and)g(FV\()p
+Fs(a)1523 5389 y Fn(i)1547 5374 y Fu(\))g Ft(\022)h Fu(FV\()p
+Fs(a)1961 5389 y Fn(1)2033 5374 y Fu(+)f Fs(a)2199 5389
+y Fn(2)2239 5374 y Fu(\))g(w)m(e)h(can)g(apply)f(the)g(induction)0
+5494 y(h)m(yp)s(othesis)i(\(that)f(is)g(the)g(lemma\))e(to)i
+Fs(a)1534 5509 y Fn(i)1592 5494 y Fu(and)g(get)h Ft(A)o
+Fu([)-17 b([)q Fs(a)2122 5509 y Fn(i)2146 5494 y Fu(])g(])p
+Fs(s)43 b Fu(=)34 b Ft(A)o Fu([)-17 b([)q Fs(a)2550 5509
+y Fn(i)2574 5494 y Fu(])g(])p Fs(s)2659 5458 y Fi(0)2683
+5494 y Fu(.)48 b(It)34 b(is)g(no)m(w)h(easy)g(to)p eop
+%%Page: 16 26
+16 25 bop 251 130 a Fw(16)2575 b(1)113 b(In)m(tro)s(duction)p
+251 193 3473 4 v 283 515 a Fu(see)34 b(that)f(the)g(lemma)d(holds)i
+(for)g Fs(a)1596 530 y Fn(1)1668 515 y Fu(+)h Fs(a)1834
+530 y Fn(2)1906 515 y Fu(as)g(w)m(ell.)283 683 y Fw(The)38
+b(cases)h Fs(a)851 698 y Fn(1)928 683 y Ft(\000)f Fs(a)1100
+698 y Fn(2)1177 683 y Fu(and)g Fs(a)1429 698 y Fn(1)1506
+683 y Fo(?)f Fs(a)1649 698 y Fn(2)1726 683 y Fu(follo)m(w)f(the)i(same)
+g(pattern)f(and)h(are)g(omitted.)57 b(This)283 803 y(completes)33
+b(the)g(pro)s(of.)2529 b Fh(2)430 1009 y Fu(In)41 b(a)f(similar)e(w)m
+(a)m(y)k(w)m(e)g(ma)m(y)e(de\014ne)j(the)e(set)g(FV\()p
+Fs(b)6 b Fu(\))41 b(of)f(free)h(v)-5 b(ariables)40 b(in)g(a)g(b)s(o)s
+(olean)283 1130 y(expression)34 b Fs(b)39 b Fu(b)m(y)577
+1336 y(FV\()p Fr(true)p Fu(\))231 b(=)100 b Ft(;)577
+1504 y Fu(FV\()p Fr(false)p Fu(\))180 b(=)100 b Ft(;)577
+1672 y Fu(FV\()p Fs(a)809 1687 y Fn(1)881 1672 y Fu(=)32
+b Fs(a)1046 1687 y Fn(2)1086 1672 y Fu(\))101 b(=)f(FV\()p
+Fs(a)1633 1687 y Fn(1)1672 1672 y Fu(\))33 b Ft([)g Fu(FV\()p
+Fs(a)2074 1687 y Fn(2)2113 1672 y Fu(\))577 1839 y(FV\()p
+Fs(a)809 1854 y Fn(1)881 1839 y Ft(\024)g Fs(a)1048 1854
+y Fn(2)1088 1839 y Fu(\))99 b(=)h(FV\()p Fs(a)1633 1854
+y Fn(1)1672 1839 y Fu(\))33 b Ft([)g Fu(FV\()p Fs(a)2074
+1854 y Fn(2)2113 1839 y Fu(\))577 2007 y(FV\()p Ft(:)p
+Fs(b)6 b Fu(\))318 b(=)100 b(FV\()p Fs(b)6 b Fu(\))577
+2175 y(FV\()p Fs(b)803 2190 y Fn(1)875 2175 y Ft(^)33
+b Fs(b)1025 2190 y Fn(2)1064 2175 y Fu(\))123 b(=)100
+b(FV\()p Fs(b)1627 2190 y Fn(1)1666 2175 y Fu(\))32 b
+Ft([)h Fu(FV\()p Fs(b)2061 2190 y Fn(2)2100 2175 y Fu(\))283
+2421 y Fw(Exercise)k(1.12)49 b(\(Essen)m(tial\))31 b
+Fu(Let)j Fs(s)41 b Fu(and)34 b Fs(s)2024 2385 y Fi(0)2080
+2421 y Fu(b)s(e)g(t)m(w)m(o)g(states)h(satisfying)d(that)h
+Fs(s)42 b(x)j Fu(=)33 b Fs(s)3654 2385 y Fi(0)3711 2421
+y Fs(x)283 2541 y Fu(for)f(all)f Fs(x)44 b Fu(in)32 b(FV\()p
+Fs(b)6 b Fu(\).)43 b(Pro)m(v)m(e)34 b(that)f Ft(B)s Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Ft(B)t
+Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)2218 2505
+y Fi(0)2241 2541 y Fu(.)1413 b Fh(2)283 2845 y Fp(Substitutions)283
+3034 y Fu(W)-8 b(e)46 b(shall)d(later)g(b)s(e)i(in)m(terested)h(in)e
+(replacing)f(eac)m(h)j(o)s(ccurrence)g(of)e(a)h(v)-5
+b(ariable)42 b Fs(y)54 b Fu(in)44 b(an)283 3155 y(arithmetic)j
+(expression)i Fs(a)56 b Fu(with)48 b(another)g(arithmetic)e(expression)
+k Fs(a)3003 3170 y Fn(0)3042 3155 y Fu(.)91 b(This)48
+b(is)g(called)283 3275 y Fs(substitution)39 b Fu(and)30
+b(w)m(e)i(write)e Fs(a)7 b Fu([)p Fs(y)i Ft(7!)p Fs(a)1685
+3290 y Fn(0)1725 3275 y Fu(])30 b(for)g(the)h(arithmetic)d(expression)k
+(so)f(obtained.)42 b(The)283 3395 y(formal)31 b(de\014nition)g(is)h(as)
+h(follo)m(ws:)577 3583 y Fs(n)7 b Fu([)p Fs(y)i Ft(7!)p
+Fs(a)879 3598 y Fn(0)919 3583 y Fu(])449 b(=)100 b Fs(n)577
+3840 y(x)12 b Fu([)p Fs(y)d Ft(7!)p Fs(a)874 3855 y Fn(0)913
+3840 y Fu(])455 b(=)1571 3666 y Fg(8)1571 3741 y(<)1571
+3890 y(:)1686 3756 y Fs(a)1743 3771 y Fn(0)1866 3756
+y Fu(if)31 b Fs(x)44 b Fu(=)33 b Fs(y)1686 3923 y(x)135
+b Fu(if)31 b Fs(x)44 b Ft(6)p Fu(=)33 b Fs(y)577 4103
+y Fu(\()p Fs(a)672 4118 y Fn(1)744 4103 y Fu(+)g Fs(a)910
+4118 y Fn(2)949 4103 y Fu(\)[)p Fs(y)9 b Ft(7!)p Fs(a)1227
+4118 y Fn(0)1267 4103 y Fu(])101 b(=)f(\()p Fs(a)1666
+4118 y Fn(1)1705 4103 y Fu([)p Fs(y)9 b Ft(7!)p Fs(a)1945
+4118 y Fn(0)1985 4103 y Fu(]\))32 b(+)h(\()p Fs(a)2286
+4118 y Fn(2)2325 4103 y Fu([)p Fs(y)9 b Ft(7!)p Fs(a)2565
+4118 y Fn(0)2605 4103 y Fu(]\))577 4270 y(\()p Fs(a)672
+4285 y Fn(1)744 4270 y Fo(?)33 b Fs(a)883 4285 y Fn(2)922
+4270 y Fu(\)[)p Fs(y)9 b Ft(7!)p Fs(a)1200 4285 y Fn(0)1240
+4270 y Fu(])128 b(=)100 b(\()p Fs(a)1666 4285 y Fn(1)1705
+4270 y Fu([)p Fs(y)9 b Ft(7!)p Fs(a)1945 4285 y Fn(0)1985
+4270 y Fu(]\))32 b Fo(?)h Fu(\()p Fs(a)2259 4285 y Fn(2)2298
+4270 y Fu([)p Fs(y)9 b Ft(7!)p Fs(a)2538 4285 y Fn(0)2578
+4270 y Fu(]\))577 4438 y(\()p Fs(a)672 4453 y Fn(1)744
+4438 y Ft(\000)33 b Fs(a)911 4453 y Fn(2)951 4438 y Fu(\)[)p
+Fs(y)9 b Ft(7!)p Fs(a)1229 4453 y Fn(0)1268 4438 y Fu(])100
+b(=)g(\()p Fs(a)1666 4453 y Fn(1)1705 4438 y Fu([)p Fs(y)9
+b Ft(7!)p Fs(a)1945 4453 y Fn(0)1985 4438 y Fu(]\))32
+b Ft(\000)h Fu(\()p Fs(a)2287 4453 y Fn(2)2327 4438 y
+Fu([)p Fs(y)9 b Ft(7!)p Fs(a)2567 4453 y Fn(0)2606 4438
+y Fu(]\))283 4652 y(As)34 b(an)e(example)g(\()p Fr(x)p
+Fu(+)p Fr(1)p Fu(\)[)p Fr(x)p Ft(7!)p Fr(3)p Fu(])h(=)g
+Fr(3)p Fu(+)p Fr(1)g Fu(and)f(\()p Fr(x)p Fu(+)p Fr(y)p
+Fo(?)p Fr(x)p Fu(\)[)p Fr(x)p Ft(7!)q Fr(y)p Ft(\000)p
+Fr(5)p Fu(])h(=)g(\()p Fr(y)p Ft(\000)p Fr(5)p Fu(\)+)p
+Fr(y)p Fo(?)p Fu(\()p Fr(y)p Ft(\000)p Fr(5)p Fu(\).)430
+4775 y(W)-8 b(e)48 b(also)e(ha)m(v)m(e)j(a)e(notion)f(of)h
+(substitution)g(\(or)g(up)s(dating\))f(for)h(states.)89
+b(W)-8 b(e)48 b(de\014ne)283 4895 y Fs(s)8 b Fu([)p Fs(y)h
+Ft(7!)p Fs(v)i Fu(])33 b(to)f(b)s(e)h(the)g(state)g(that)f(is)g(as)h
+Fs(s)40 b Fu(except)35 b(that)d(the)h(v)-5 b(alue)32
+b(b)s(ound)h(to)f Fs(y)41 b Fu(is)33 b Fs(v)11 b Fu(,)32
+b(that)g(is)527 5198 y(\()p Fs(s)8 b Fu([)p Fs(y)h Ft(7!)p
+Fs(v)i Fu(]\))32 b Fs(x)45 b Fu(=)1147 5023 y Fg(8)1147
+5098 y(<)1147 5247 y(:)1262 5113 y Fs(v)176 b Fu(if)31
+b Fs(x)44 b Fu(=)33 b Fs(y)1262 5281 y(s)41 b(x)95 b
+Fu(if)31 b Fs(x)44 b Ft(6)p Fu(=)33 b Fs(y)283 5494 y
+Fu(The)h(relationship)d(b)s(et)m(w)m(een)j(the)f(t)m(w)m(o)h(concepts)g
+(is)e(sho)m(wn)i(in)e(the)h(follo)m(wing)c(exercise:)p
+eop
+%%Page: 17 27
+17 26 bop 0 130 a Fw(1.4)112 b(Prop)s(erties)36 b(of)i(the)f(seman)m
+(tics)1763 b(17)p 0 193 3473 4 v 0 515 a(Exercise)36
+b(1.13)49 b(\(Essen)m(tial\))37 b Fu(Pro)m(v)m(e)k(that)e
+Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu([)p Fs(y)i Ft(7!)p
+Fs(a)2164 530 y Fn(0)2204 515 y Fu(]])-17 b(])q Fs(s)47
+b Fu(=)39 b Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q(\()p
+Fs(s)8 b Fu([)p Fs(y)h Ft(7!A)p Fu([)-17 b([)p Fs(a)3126
+530 y Fn(0)3166 515 y Fu(])g(])q Fs(s)8 b Fu(]\))39 b(for)0
+636 y(all)30 b(states)k Fs(s)8 b Fu(.)2910 b Fh(2)0 864
+y Fw(Exercise)36 b(1.14)49 b(\(Essen)m(tial\))25 b Fu(De\014ne)i
+(substitution)f(for)g(b)s(o)s(olean)g(expressions:)42
+b Fs(b)6 b Fu([)p Fs(y)j Ft(7!)p Fs(a)3406 879 y Fn(0)3445
+864 y Fu(])0 984 y(is)44 b(to)h(b)s(e)g(the)h(b)s(o)s(olean)d
+(expression)j(that)f(is)f(as)i Fs(b)k Fu(except)d(that)e(all)e(o)s
+(ccurrences)j(of)f(the)0 1105 y(v)-5 b(ariable)26 b Fs(y)37
+b Fu(are)28 b(replaced)h(b)m(y)g(the)f(arithmetic)e(expression)k
+Fs(a)2268 1120 y Fn(0)2307 1105 y Fu(.)42 b(Pro)m(v)m(e)30
+b(that)e(y)m(our)g(de\014nition)0 1225 y(satis\014es)244
+1429 y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu([)p Fs(y)j Ft(7!)p
+Fs(a)641 1444 y Fn(0)680 1429 y Fu(]])-17 b(])q Fs(s)41
+b Fu(=)32 b Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])q(\()p
+Fs(s)8 b Fu([)p Fs(y)h Ft(7!)o(A)p Fu([)-17 b([)q Fs(a)1572
+1444 y Fn(0)1611 1429 y Fu(])g(])q Fs(s)8 b Fu(]\))0
+1632 y(for)32 b(all)f(states)i Fs(s)8 b Fu(.)2761 b Fh(2)p
+eop
+%%Page: 18 28
+18 27 bop 251 130 a Fw(18)2575 b(1)113 b(In)m(tro)s(duction)p
+251 193 3473 4 v eop
+%%Page: 19 29
+19 28 bop 0 1180 a Fv(Chapter)78 b(2)0 1595 y(Op)6 b(erational)77
+b(Seman)-6 b(tics)0 2047 y Fu(The)27 b(role)e(of)g(a)h(statemen)m(t)g
+(in)f Fw(While)f Fu(is)h(to)h(c)m(hange)h(the)f(state.)41
+b(F)-8 b(or)25 b(example,)i(if)e Fr(x)h Fu(is)f(b)s(ound)0
+2168 y(to)i Fw(3)g Fu(in)g Fs(s)35 b Fu(and)27 b(w)m(e)i(execute)g(the)
+f(statemen)m(t)f Fr(x)h Fu(:=)f Fr(x)h Fu(+)f Fr(1)g
+Fu(then)h(w)m(e)g(get)g(a)f(new)h(state)g(where)g Fr(x)0
+2288 y Fu(is)k(b)s(ound)h(to)f Fw(4)p Fu(.)44 b(So)33
+b(while)f(the)h(seman)m(tics)g(of)f(arithmetic)e(and)j(b)s(o)s(olean)e
+(expressions)k(only)0 2408 y Fs(insp)-5 b(e)g(ct)43 b
+Fu(the)34 b(state)h(in)e(order)h(to)g(determine)g(the)g(v)-5
+b(alue)34 b(of)f(the)i(expression,)h(the)e(seman)m(tics)0
+2529 y(of)e(statemen)m(ts)i(will)c Fs(mo)-5 b(dify)41
+b Fu(the)33 b(state)g(as)f(w)m(ell.)146 2649 y(In)38
+b(an)g(op)s(erational)e(seman)m(tics)i(w)m(e)g(are)g(concerned)i(with)d
+Fs(how)48 b Fu(to)37 b(execute)j(programs)0 2769 y(and)27
+b(not)g(merely)f(what)h(the)h(results)f(of)g(execution)g(are.)42
+b(More)27 b(precisely)-8 b(,)28 b(w)m(e)g(are)f(in)m(terested)0
+2890 y(in)39 b(ho)m(w)h(the)f(states)i(are)e(mo)s(di\014ed)f(during)h
+(the)h(execution)g(of)f(the)h(statemen)m(t.)64 b(W)-8
+b(e)40 b(shall)0 3010 y(consider)33 b(t)m(w)m(o)g(di\013eren)m(t)g
+(approac)m(hes)h(to)e(op)s(erational)e(seman)m(tics:)145
+3211 y Ft(\017)49 b Fs(Natur)-5 b(al)36 b(semantics)p
+Fu(:)43 b(its)33 b(purp)s(ose)h(is)e(to)h(describ)s(e)h(ho)m(w)g(the)f
+Fs(over)-5 b(al)5 b(l)43 b Fu(results)33 b(of)g(exe-)244
+3332 y(cutions)f(are)h(obtained.)145 3535 y Ft(\017)49
+b Fs(Structur)-5 b(al)26 b(op)-5 b(er)g(ational)24 b(semantics)p
+Fu(:)37 b(its)21 b(purp)s(ose)i(is)e(to)h(describ)s(e)h(ho)m(w)f(the)g
+Fs(individual)244 3655 y(steps)40 b Fu(of)32 b(the)h(computations)f
+(tak)m(e)h(place.)0 3856 y(W)-8 b(e)46 b(shall)e(see)i(that)f(for)g
+(the)h(language)e Fw(While)g Fu(w)m(e)i(can)g(easily)e(sp)s(ecify)i(b)s
+(oth)f(kinds)h(of)0 3977 y(seman)m(tics)41 b(and)g(that)g(they)h(will)d
+(b)s(e)i(\\equiv)-5 b(alen)m(t")40 b(in)h(a)f(sense)j(to)e(b)s(e)g
+(made)g(clear)f(later.)0 4097 y(Ho)m(w)m(ev)m(er,)33
+b(w)m(e)f(shall)d(also)h(giv)m(e)h(examples)f(of)g(programming)e
+(constructs)k(where)g(one)f(of)f(the)0 4217 y(approac)m(hes)k(is)e(sup)
+s(erior)g(to)g(the)h(other.)146 4338 y(F)-8 b(or)43 b(b)s(oth)h(kinds)g
+(of)f(op)s(erational)e(seman)m(tics,)47 b(the)d(meaning)e(of)h
+(statemen)m(ts)i(will)c(b)s(e)0 4458 y(sp)s(eci\014ed)33
+b(b)m(y)h(a)e Fs(tr)-5 b(ansition)35 b(system)p Fu(.)43
+b(It)33 b(will)d(ha)m(v)m(e)k(t)m(w)m(o)f(t)m(yp)s(es)h(of)e
+(con\014gurations:)294 4651 y Ft(h)o Fs(S)12 b Fu(,)33
+b Fs(s)8 b Ft(i)99 b Fu(represen)m(ting)39 b(that)f(the)g(statemen)m(t)
+g Fs(S)49 b Fu(is)38 b(to)f(b)s(e)h(executed)i(from)645
+4771 y(the)33 b(state)g Fs(s)8 b Fu(,)33 b(and)294 4939
+y Fs(s)311 b Fu(represen)m(ting)34 b(a)e(terminal)e(\(that)j(is)f
+(\014nal\))g(state.)0 5133 y(The)24 b Fs(terminal)i(c)-5
+b(on\014gur)g(ations)31 b Fu(will)21 b(b)s(e)i(those)h(of)f(the)h
+(latter)e(form.)39 b(The)25 b Fs(tr)-5 b(ansition)26
+b(r)-5 b(elation)0 5254 y Fu(will)31 b(then)j(describ)s(e)g(ho)m(w)g
+(the)g(execution)g(tak)m(es)h(place.)45 b(The)34 b(di\013erence)g(b)s
+(et)m(w)m(een)i(the)e(t)m(w)m(o)0 5374 y(approac)m(hes)40
+b(to)f(op)s(erational)d(seman)m(tics)j(amoun)m(ts)g(to)f(di\013eren)m
+(t)i(w)m(a)m(ys)g(of)f(sp)s(ecifying)f(the)0 5494 y(transition)31
+b(relation.)1687 5849 y(19)p eop
+%%Page: 20 30
+20 29 bop 251 130 a Fw(20)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 2467
+4 2049 v 609 528 a Fu([ass)761 543 y Fn(ns)833 528 y
+Fu(])372 b Ft(h)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33
+b Fs(s)8 b Ft(i)32 b(!)g Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o
+Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])609
+743 y([skip)807 758 y Fn(ns)879 743 y Fu(])326 b Ft(h)p
+Fr(skip)p Fu(,)34 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)609 1035
+y Fu([comp)864 1050 y Fn(ns)935 1035 y Fu(])1242 948
+y Ft(h)p Fs(S)1348 963 y Fn(1)1387 948 y Fu(,)h Fs(s)8
+b Ft(i)32 b(!)g Fs(s)1746 912 y Fi(0)1770 948 y Fu(,)g
+Ft(h)p Fs(S)1935 963 y Fn(2)1974 948 y Fu(,)h Fs(s)2082
+912 y Fi(0)2105 948 y Ft(i)f(!)h Fs(s)2357 912 y Fi(00)p
+1242 1012 1158 4 v 1481 1116 a Ft(h)o Fs(S)1586 1131
+y Fn(1)1626 1116 y Fu(;)p Fs(S)1720 1131 y Fn(2)1759
+1116 y Fu(,)g Fs(s)8 b Ft(i)32 b(!)g Fs(s)2118 1080 y
+Fi(00)609 1397 y Fu([if)706 1361 y Fn(tt)694 1422 y(ns)764
+1397 y Fu(])1658 1310 y Ft(h)p Fs(S)1764 1325 y Fn(1)1803
+1310 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)2162 1274 y
+Fi(0)p 1242 1374 1360 4 v 1242 1478 a Ft(h)p Fr(if)h
+Fs(b)38 b Fr(then)c Fs(S)1804 1493 y Fn(1)1876 1478 y
+Fr(else)f Fs(S)2180 1493 y Fn(2)2220 1478 y Fu(,)f Fs(s)8
+b Ft(i)33 b(!)f Fs(s)2579 1442 y Fi(0)2677 1397 y Fu(if)f
+Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41
+b Fu(=)32 b Fw(tt)609 1759 y Fu([if)706 1723 y Fn(\013)694
+1784 y(ns)764 1759 y Fu(])1658 1673 y Ft(h)p Fs(S)1764
+1688 y Fn(2)1803 1673 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g
+Fs(s)2162 1636 y Fi(0)p 1242 1736 V 1242 1841 a Ft(h)p
+Fr(if)h Fs(b)38 b Fr(then)c Fs(S)1804 1856 y Fn(1)1876
+1841 y Fr(else)f Fs(S)2180 1856 y Fn(2)2220 1841 y Fu(,)f
+Fs(s)8 b Ft(i)33 b(!)f Fs(s)2579 1804 y Fi(0)2677 1759
+y Fu(if)f Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p
+Fs(s)41 b Fu(=)32 b Fw(\013)609 2121 y Fu([while)871
+2085 y Fn(tt)859 2146 y(ns)930 2121 y Fu(])1242 2035
+y Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1707
+1998 y Fi(0)1730 2035 y Fu(,)h Ft(h)p Fr(while)g Fs(b)39
+b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)2510 1998 y Fi(0)2534
+2035 y Ft(i)g(!)g Fs(s)2785 1998 y Fi(00)p 1242 2098
+1586 4 v 1528 2203 a Ft(h)o Fr(while)i Fs(b)39 b Fr(do)33
+b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)h Fs(s)2500
+2166 y Fi(00)2903 2121 y Fu(if)e Ft(B)t Fu([)-17 b([)p
+Fs(b)6 b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 b Fw(tt)609
+2406 y Fu([while)871 2370 y Fn(\013)859 2431 y(ns)930
+2406 y Fu(])275 b Ft(h)p Fr(while)34 b Fs(b)k Fr(do)33
+b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)41
+b Fu(if)31 b Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
+b(])q Fs(s)40 b Fu(=)33 b Fw(\013)p 3753 2467 4 2049
+v 283 2470 3473 4 v 1166 2631 a Fu(T)-8 b(able)32 b(2.1:)44
+b(Natural)31 b(seman)m(tics)i(for)f Fw(While)283 2881
+y Fj(2.1)161 b(Natural)55 b(seman)l(tics)283 3100 y Fu(In)34
+b(a)f(natural)e(seman)m(tics)j(w)m(e)g(are)f(concerned)i(with)d(the)i
+(relationship)d(b)s(et)m(w)m(een)k(the)e Fs(initial)283
+3220 y Fu(and)j(the)g Fs(\014nal)45 b Fu(state)36 b(of)f(an)g
+(execution.)53 b(Therefore)37 b(the)f(transition)e(relation)f(will)g
+(sp)s(ecify)283 3340 y(the)40 b(relationship)d(b)s(et)m(w)m(een)k(the)f
+(initial)35 b(state)k(and)h(the)f(\014nal)f(state)i(for)e(eac)m(h)i
+(statemen)m(t.)283 3461 y(W)-8 b(e)33 b(shall)f(write)g(a)g(transition)
+f(as)527 3640 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32
+b(!)g Fs(s)992 3604 y Fi(0)283 3819 y Fu(In)m(tuitiv)m(ely)38
+b(this)f(means)h(that)f(the)i(execution)f(of)f Fs(S)50
+b Fu(from)36 b Fs(s)46 b Fu(will)36 b(terminate)g(and)i(the)g(re-)283
+3940 y(sulting)32 b(state)h(will)d(b)s(e)j Fs(s)1208
+3904 y Fi(0)1231 3940 y Fu(.)430 4060 y(The)i(de\014nition)e(of)h
+Ft(!)g Fu(is)g(giv)m(en)g(b)m(y)h(the)g(rules)f(of)g(T)-8
+b(able)34 b(2.1.)48 b(A)34 b Fs(rule)42 b Fu(has)35 b(the)f(general)283
+4181 y(form)537 4323 y Ft(h)p Fs(S)643 4338 y Fn(1)682
+4323 y Fu(,)f Fs(s)790 4338 y Fn(1)829 4323 y Ft(i)g(!)f
+Fs(s)1081 4286 y Fi(0)1081 4347 y Fn(1)1120 4323 y Fu(,)h
+Ft(\001)17 b(\001)g(\001)n Fu(,)33 b Ft(h)p Fs(S)1462
+4338 y Fn(n)1505 4323 y Fu(,)f Fs(s)1612 4338 y Fn(n)1656
+4323 y Ft(i)g(!)g Fs(s)1907 4286 y Fi(0)1907 4347 y Fn(n)p
+537 4386 1414 4 v 1000 4491 a Ft(h)p Fs(S)12 b Fu(,)32
+b Fs(s)8 b Ft(i)32 b(!)h Fs(s)1465 4454 y Fi(0)2026 4409
+y Fu(if)e Ft(\001)17 b(\001)g(\001)283 4652 y Fu(where)40
+b Fs(S)638 4667 y Fn(1)677 4652 y Fu(,)g Ft(\001)17 b(\001)g(\001)n
+Fu(,)39 b Fs(S)993 4667 y Fn(n)1074 4652 y Fu(are)g Fs(imme)-5
+b(diate)38 b(c)-5 b(onstituents)47 b Fu(of)37 b Fs(S)50
+b Fu(or)38 b(are)g(statemen)m(ts)h Fs(c)-5 b(onstructe)g(d)283
+4772 y(fr)g(om)43 b Fu(the)35 b(immediate)e(constituen)m(ts)j(of)f
+Fs(S)12 b Fu(.)35 b(A)g(rule)g(has)h(a)e(n)m(um)m(b)s(er)i(of)f
+Fs(pr)-5 b(emises)42 b Fu(\(written)283 4893 y(ab)s(o)m(v)m(e)29
+b(the)f(solid)f(line\))f(and)i(one)g Fs(c)-5 b(onclusion)34
+b Fu(\(written)28 b(b)s(elo)m(w)g(the)g(solid)e(line\).)41
+b(A)28 b(rule)f(ma)m(y)283 5013 y(also)32 b(ha)m(v)m(e)i(a)e(n)m(um)m
+(b)s(er)h(of)e Fs(c)-5 b(onditions)40 b Fu(\(written)32
+b(to)g(the)h(righ)m(t)f(of)g(the)g(solid)f(line\))g(that)i(ha)m(v)m(e)
+283 5133 y(to)j(b)s(e)g(ful\014lled)e(whenev)m(er)k(the)e(rule)g(is)f
+(applied.)52 b(Rules)36 b(with)f(an)h(empt)m(y)g(set)g(of)g(premises)
+283 5254 y(are)d(called)e Fs(axioms)40 b Fu(and)33 b(the)g(solid)e
+(line)g(is)h(then)h(omitted.)430 5374 y(In)m(tuitiv)m(ely)-8
+b(,)32 b(the)g(axiom)e([ass)1531 5389 y Fn(ns)1604 5374
+y Fu(])i(sa)m(ys)h(that)f(in)f(a)h(state)h Fs(s)8 b Fu(,)32
+b Fs(x)44 b Fu(:=)32 b Fs(a)39 b Fu(is)32 b(executed)i(to)e(yield)283
+5494 y(a)38 b(\014nal)f(state)h Fs(s)8 b Fu([)p Fs(x)k
+Ft(7!)o(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8
+b Fu(])38 b(whic)m(h)g(is)f(as)h Fs(s)45 b Fu(except)40
+b(that)d Fs(x)49 b Fu(has)38 b(the)g(v)-5 b(alue)37 b
+Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8
+b Fu(.)59 b(This)p eop
+%%Page: 21 31
+21 30 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216
+b(21)p 0 193 3473 4 v 0 515 a Fu(is)45 b(really)f(an)i
+Fs(axiom)g(schema)52 b Fu(b)s(ecause)47 b Fs(x)12 b Fu(,)49
+b Fs(a)j Fu(and)46 b Fs(s)54 b Fu(are)45 b(meta-v)-5
+b(ariables)44 b(standing)h(for)0 636 y(arbitrary)33 b(v)-5
+b(ariables,)33 b(arithmetic)e(expressions)36 b(and)d(states)i(but)f(w)m
+(e)h(shall)d(simply)g(use)j(the)0 756 y(term)h(axiom)f(for)h(this.)56
+b(W)-8 b(e)37 b(obtain)e(an)i Fs(instanc)-5 b(e)43 b
+Fu(of)36 b(the)h(axiom)e(b)m(y)j(selecting)e(particular)0
+877 y(v)-5 b(ariables,)30 b(arithmetic)e(expressions)k(and)f(states.)43
+b(As)31 b(an)g(example,)f(if)f Fs(s)2725 892 y Fn(0)2795
+877 y Fu(is)h(the)h(state)g(that)0 997 y(assigns)i(the)g(v)-5
+b(alue)32 b Fw(0)g Fu(to)h(all)d(v)-5 b(ariables)31 b(then)244
+1188 y Ft(h)p Fr(x)h Fu(:=)h Fr(x)p Fu(+)p Fr(1)p Fu(,)g
+Fs(s)788 1203 y Fn(0)827 1188 y Ft(i)g(!)f Fs(s)1079
+1203 y Fn(0)1118 1188 y Fu([)p Fr(x)p Ft(7!)p Fw(1)p
+Fu(])0 1379 y(is)i(an)f(instance)i(of)e([ass)882 1394
+y Fn(ns)954 1379 y Fu(])h(b)s(ecause)i Fs(x)45 b Fu(is)34
+b(instan)m(tiated)f(to)h Fr(x)p Fu(,)h Fs(a)41 b Fu(to)33
+b Fr(x)p Fu(+)p Fr(1)p Fu(,)i Fs(s)42 b Fu(to)34 b Fs(s)3045
+1394 y Fn(0)3084 1379 y Fu(,)h(and)f(the)0 1499 y(v)-5
+b(alue)32 b Ft(A)p Fu([)-17 b([)p Fr(x)p Fu(+)p Fr(1)p
+Fu(])g(])q Fs(s)633 1514 y Fn(0)705 1499 y Fu(is)32 b(determined)h(to)f
+(b)s(e)h Fw(1)p Fu(.)146 1619 y(Similarly)23 b([skip)753
+1634 y Fn(ns)824 1619 y Fu(])j(is)g(an)g(axiom)f(and,)j(in)m(tuitiv)m
+(ely)-8 b(,)26 b(it)f(sa)m(ys)i(that)f Fr(skip)i Fu(do)s(es)e(not)h(c)m
+(hange)0 1740 y(the)33 b(state.)44 b(Letting)32 b Fs(s)836
+1755 y Fn(0)908 1740 y Fu(b)s(e)h(as)f(ab)s(o)m(v)m(e)i(w)m(e)f(obtain)
+244 1931 y Ft(h)p Fr(skip)p Fu(,)g Fs(s)595 1946 y Fn(0)635
+1931 y Ft(i)f(!)g Fs(s)886 1946 y Fn(0)0 2122 y Fu(as)h(an)f(instance)h
+(of)f(the)h(axiom)e([skip)1402 2137 y Fn(ns)1474 2122
+y Fu(].)146 2242 y(In)m(tuitiv)m(ely)-8 b(,)35 b(the)f(rule)g([comp)
+1263 2257 y Fn(ns)1334 2242 y Fu(])g(sa)m(ys)i(that)e(to)g(execute)i
+Fs(S)2356 2257 y Fn(1)2395 2242 y Fu(;)p Fs(S)2489 2257
+y Fn(2)2563 2242 y Fu(from)d(state)i Fs(s)42 b Fu(w)m(e)35
+b(m)m(ust)0 2362 y(\014rst)k(execute)i Fs(S)630 2377
+y Fn(1)708 2362 y Fu(from)d Fs(s)8 b Fu(.)63 b(Assuming)38
+b(that)h(this)f(yields)h(a)g(\014nal)f(state)h Fs(s)2836
+2326 y Fi(0)2898 2362 y Fu(w)m(e)h(shall)e(then)0 2483
+y(execute)26 b Fs(S)408 2498 y Fn(2)472 2483 y Fu(from)d
+Fs(s)742 2447 y Fi(0)765 2483 y Fu(.)41 b(The)25 b(premises)f(of)g(the)
+h(rule)f(are)g(concerned)i(with)e(the)g(t)m(w)m(o)h(statemen)m(ts)0
+2603 y Fs(S)67 2618 y Fn(1)134 2603 y Fu(and)i Fs(S)385
+2618 y Fn(2)451 2603 y Fu(whereas)i(the)f(conclusion)f(expresses)j(a)d
+(prop)s(ert)m(y)h(of)f(the)h(comp)s(osite)e(statemen)m(t)0
+2723 y(itself.)42 b(The)34 b(follo)m(wing)c(is)i(an)g
+Fs(instanc)-5 b(e)39 b Fu(of)32 b(the)h(rule:)254 2896
+y Ft(h)p Fr(skip)p Fu(,)g Fs(s)605 2911 y Fn(0)645 2896
+y Ft(i)f(!)g Fs(s)896 2911 y Fn(0)936 2896 y Fu(,)g Ft(h)p
+Fr(x)h Fu(:=)f Fr(x)p Fu(+)p Fr(1)p Fu(,)h Fs(s)1539
+2911 y Fn(0)1579 2896 y Ft(i)f(!)g Fs(s)1830 2911 y Fn(0)1870
+2896 y Fu([)p Fr(x)p Ft(7!)p Fw(1)p Fu(])p 254 2960 1878
+4 v 492 3064 a Ft(h)p Fr(skip)p Fu(;)i Fr(x)e Fu(:=)h
+Fr(x)p Fu(+)p Fr(1)p Fu(,)g Fs(s)1301 3079 y Fn(0)1340
+3064 y Ft(i)g(!)f Fs(s)1592 3079 y Fn(0)1631 3064 y Fu([)p
+Fr(x)p Ft(7!)p Fw(1)p Fu(])0 3241 y(Here)j Fs(S)299 3256
+y Fn(1)372 3241 y Fu(is)f(instan)m(tiated)f(to)g Fr(skip)p
+Fu(,)j Fs(S)1467 3256 y Fn(2)1540 3241 y Fu(to)e Fr(x)g
+Fu(:=)g Fr(x)g Fu(+)g Fr(1)p Fu(,)h Fs(s)42 b Fu(and)34
+b Fs(s)2512 3205 y Fi(0)2569 3241 y Fu(are)g(b)s(oth)g(instan)m(tiated)
+0 3361 y(to)e Fs(s)167 3376 y Fn(0)239 3361 y Fu(and)h
+Fs(s)477 3325 y Fi(00)552 3361 y Fu(is)f(instan)m(tiated)g(to)g
+Fs(s)1357 3376 y Fn(0)1397 3361 y Fu([)p Fr(x)p Ft(7!)p
+Fw(1)p Fu(].)43 b(Similarly)254 3540 y Ft(h)p Fr(skip)p
+Fu(,)33 b Fs(s)605 3555 y Fn(0)645 3540 y Ft(i)f(!)g
+Fs(s)896 3555 y Fn(0)936 3540 y Fu([)p Fr(x)p Ft(7!)p
+Fw(5)p Fu(],)g Ft(h)p Fr(x)h Fu(:=)f Fr(x)p Fu(+)p Fr(1)p
+Fu(,)h Fs(s)1800 3555 y Fn(0)1840 3540 y Fu([)p Fr(x)p
+Ft(7!)p Fw(5)p Fu(])p Ft(i)f(!)h Fs(s)2353 3555 y Fn(0)p
+254 3603 2139 4 v 753 3708 a Ft(h)p Fr(skip)p Fu(;)h
+Fr(x)f Fu(:=)f Fr(x)p Fu(+)p Fr(1)p Fu(,)h Fs(s)1562
+3723 y Fn(0)1602 3708 y Ft(i)f(!)g Fs(s)1853 3723 y Fn(0)0
+3886 y Fu(is)37 b(an)g(instance)g(of)g([comp)998 3901
+y Fn(ns)1069 3886 y Fu(])g(although)f(it)h(is)f(less)i(in)m(teresting)f
+(b)s(ecause)h(its)f(premises)g(can)0 4007 y(nev)m(er)d(b)s(e)f(deriv)m
+(ed)g(from)f(the)h(axioms)e(and)i(rules)f(of)g(T)-8 b(able)33
+b(2.1.)146 4127 y(F)-8 b(or)24 b(the)g Fr(if)p Fu(-construct)i(w)m(e)f
+(ha)m(v)m(e)g(t)m(w)m(o)g(rules.)41 b(The)25 b(\014rst)g(one,)h([if)
+2505 4091 y Fn(tt)2493 4152 y(ns)2563 4127 y Fu(],)g(sa)m(ys)g(that)e
+(to)f(execute)0 4247 y Fr(if)41 b Fs(b)46 b Fr(then)41
+b Fs(S)546 4262 y Fn(1)625 4247 y Fr(else)g Fs(S)937
+4262 y Fn(2)1016 4247 y Fu(w)m(e)h(simply)c(execute)k
+Fs(S)1911 4262 y Fn(1)1991 4247 y Fu(pro)m(vided)e(that)g
+Fs(b)46 b Fu(ev)-5 b(aluates)40 b(to)g Fw(tt)f Fu(in)0
+4368 y(the)46 b(state.)81 b(The)47 b(other)e(rule,)j([if)1311
+4332 y Fn(\013)1299 4392 y(ns)1369 4368 y Fu(],)h(sa)m(ys)d(that)f(if)f
+Fs(b)51 b Fu(ev)-5 b(aluates)45 b(to)g Fw(\013)h Fu(then)g(to)e
+(execute)0 4488 y Fr(if)33 b Fs(b)38 b Fr(then)c Fs(S)523
+4503 y Fn(1)595 4488 y Fr(else)f Fs(S)899 4503 y Fn(2)980
+4488 y Fu(w)m(e)42 b(just)g(execute)h Fs(S)1759 4503
+y Fn(2)1799 4488 y Fu(.)69 b(T)-8 b(aking)41 b Fs(s)2277
+4503 y Fn(0)2358 4488 y Fr(x)h Fu(=)f Fw(0)g Fu(the)h(follo)m(wing)d
+(is)h(an)0 4609 y(instance)33 b(of)f(the)h(rule)f([if)951
+4572 y Fn(tt)939 4633 y(ns)1009 4609 y Fu(]:)912 4787
+y Ft(h)p Fr(skip)p Fu(,)h Fs(s)1263 4802 y Fn(0)1303
+4787 y Ft(i)f(!)g Fs(s)1554 4802 y Fn(0)p 254 4850 1999
+4 v 254 4955 a Ft(h)p Fr(if)h(x)f Fu(=)h Fr(0)g(then)g(skip)h(else)f(x)
+g Fu(:=)g Fr(x)p Fu(+)p Fr(1)p Fu(,)g Fs(s)1922 4970
+y Fn(0)1961 4955 y Ft(i)f(!)h Fs(s)2213 4970 y Fn(0)0
+5133 y Fu(b)s(ecause)40 b Ft(B)t Fu([)-17 b([)p Fr(x)39
+b Fu(=)g Fr(0)p Fu(])-17 b(])q Fs(s)815 5148 y Fn(0)893
+5133 y Fu(=)39 b Fw(tt)p Fu(.)61 b(Ho)m(w)m(ev)m(er,)43
+b(had)c(it)f(b)s(een)h(the)h(case)f(that)g Fs(s)2801
+5148 y Fn(0)2879 5133 y Fr(x)g Ft(6)p Fu(=)g Fw(0)g Fu(then)g(it)0
+5254 y(w)m(ould)31 b(not)g(b)s(e)h(an)f(instance)g(of)g(the)h(rule)f
+([if)1667 5218 y Fn(tt)1655 5278 y(ns)1725 5254 y Fu(])g(b)s(ecause)i
+(then)f Ft(B)s Fu([)-17 b([)q Fr(x)31 b Fu(=)g Fr(0)p
+Fu(])-17 b(])q Fs(s)2796 5269 y Fn(0)2867 5254 y Fu(w)m(ould)31
+b(amoun)m(t)0 5374 y(to)26 b Fw(\013)p Fu(.)41 b(F)-8
+b(urthermore)26 b(it)f(w)m(ould)g(not)h(b)s(e)g(an)g(instance)h(of)e
+(the)h(rule)g([if)2520 5338 y Fn(\013)2508 5399 y(ns)2578
+5374 y Fu(])g(b)s(ecause)h(the)g(premise)0 5494 y(has)33
+b(the)g(wrong)g(form.)p eop
+%%Page: 22 32
+22 31 bop 251 130 a Fw(22)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 430 515 a Fu(Finally)-8
+b(,)28 b(w)m(e)k(ha)m(v)m(e)g(one)f(rule)f(and)h(one)g(axiom)e
+(expressing)j(ho)m(w)f(to)f(execute)j(the)e Fr(while)p
+Fu(-)283 636 y(construct.)60 b(In)m(tuitiv)m(ely)-8 b(,)38
+b(the)g(meaning)e(of)h(the)h(construct)g Fr(while)h Fs(b)k
+Fr(do)38 b Fs(S)50 b Fu(in)36 b(the)i(state)g Fs(s)283
+756 y Fu(can)33 b(b)s(e)g(explained)f(as)h(follo)m(ws:)429
+955 y Ft(\017)48 b Fu(If)29 b(the)g(test)g Fs(b)35 b
+Fu(ev)-5 b(aluates)28 b(to)h(true)g(in)e(the)i(state)g
+Fs(s)37 b Fu(then)29 b(w)m(e)h(\014rst)f(execute)i(the)e(b)s(o)s(dy)f
+(of)527 1076 y(the)33 b(lo)s(op)e(and)i(then)g(con)m(tin)m(ue)g(with)g
+(the)g(lo)s(op)e(itself)g(from)g(the)i(state)g(so)g(obtained.)429
+1278 y Ft(\017)48 b Fu(If)35 b(the)h(test)g Fs(b)41 b
+Fu(ev)-5 b(aluates)35 b(to)g(false)f(in)h(the)g(state)h
+Fs(s)43 b Fu(then)36 b(the)f(execution)h(of)f(the)g(lo)s(op)527
+1398 y(terminates.)283 1597 y(The)47 b(rule)d([while)966
+1561 y Fn(tt)954 1622 y(ns)1025 1597 y Fu(])h(formalizes)e(the)j
+(\014rst)f(case)h(where)h Fs(b)k Fu(ev)-5 b(aluates)45
+b(to)g Fw(tt)f Fu(and)h(it)f(sa)m(ys)283 1717 y(that)49
+b(then)h(w)m(e)f(ha)m(v)m(e)i(to)d(execute)j Fs(S)60
+b Fu(follo)m(w)m(ed)48 b(b)m(y)i Fr(while)34 b Fs(b)k
+Fr(do)33 b Fs(S)61 b Fu(again.)91 b(The)49 b(axiom)283
+1838 y([while)545 1802 y Fn(\013)533 1862 y(ns)604 1838
+y Fu(])33 b(formalizes)e(the)j(second)g(p)s(ossibilit)m(y)d(and)j
+(states)g(that)f(if)f Fs(b)39 b Fu(ev)-5 b(aluates)33
+b(to)g Fw(\013)g Fu(then)283 1958 y(w)m(e)41 b(terminate)d(the)h
+(execution)h(of)f(the)h Fr(while)p Fu(-construct)h(lea)m(ving)d(the)i
+(state)f(unc)m(hanged.)283 2079 y(Note)33 b(that)f(the)h(rule)f([while)
+1355 2042 y Fn(tt)1343 2103 y(ns)1413 2079 y Fu(])g(sp)s(eci\014es)i
+(the)f(meaning)e(of)g(the)i Fr(while)p Fu(-construct)h(in)e(terms)283
+2199 y(of)d(the)h(meaning)e(of)h(the)h(v)m(ery)h(same)e(construct)i(so)
+f(that)f(w)m(e)h(do)g Fs(not)38 b Fu(ha)m(v)m(e)31 b(a)e(comp)s
+(ositional)283 2319 y(de\014nition)j(of)g(the)h(seman)m(tics)g(of)f
+(statemen)m(ts.)430 2440 y(When)e(w)m(e)g(use)g(the)f(axioms)f(and)h
+(rules)g(to)f(deriv)m(e)i(a)f(transition)e Ft(h)p Fs(S)12
+b Fu(,)28 b Fs(s)8 b Ft(i)29 b(!)g Fs(s)3293 2404 y Fi(0)3345
+2440 y Fu(w)m(e)h(obtain)283 2560 y(a)41 b Fs(derivation)h(tr)-5
+b(e)g(e)p Fu(.)68 b(The)42 b Fs(r)-5 b(o)g(ot)50 b Fu(of)40
+b(the)h(deriv)-5 b(ation)40 b(tree)h(is)f Ft(h)p Fs(S)12
+b Fu(,)41 b Fs(s)8 b Ft(i)40 b(!)h Fs(s)3074 2524 y Fi(0)3138
+2560 y Fu(and)g(the)g Fs(le)-5 b(aves)283 2680 y Fu(are)37
+b(instances)g(of)e(axioms.)53 b(The)37 b Fs(internal)h(no)-5
+b(des)44 b Fu(are)36 b(conclusions)g(of)f(instan)m(tiated)h(rules)283
+2801 y(and)k(they)h(ha)m(v)m(e)g(the)f(corresp)s(onding)g(premises)f
+(as)h(their)f(immediate)e(sons.)66 b(W)-8 b(e)40 b(request)283
+2921 y(that)c(all)e(the)j(instan)m(tiated)e(conditions)g(of)h(axioms)f
+(and)h(rules)g(m)m(ust)g(b)s(e)g(satis\014ed.)55 b(When)283
+3042 y(displa)m(ying)37 b(a)h(deriv)-5 b(ation)37 b(tree)i(it)e(is)g
+(common)g(to)h(ha)m(v)m(e)i(the)e(ro)s(ot)g(at)f(the)i(b)s(ottom)e
+(rather)283 3162 y(than)28 b(at)e(the)i(top;)g(hence)h(the)e(son)h(is)e
+Fs(ab)-5 b(ove)34 b Fu(its)26 b(father.)42 b(A)27 b(deriv)-5
+b(ation)25 b(tree)j(is)e(called)g Fs(simple)283 3282
+y Fu(if)32 b(it)f(is)i(an)f(instance)h(of)f(an)g(axiom,)g(otherwise)h
+(it)e(is)h(called)g Fs(c)-5 b(omp)g(osite)7 b Fu(.)283
+3505 y Fw(Example)37 b(2.1)49 b Fu(Let)33 b(us)g(\014rst)g(consider)g
+(the)g(statemen)m(t)g(of)f(Chapter)h(1:)527 3704 y(\()p
+Fr(z)p Fu(:=)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(y)p Fu(\);)g
+Fr(y)p Fu(:=)p Fr(z)283 3903 y Fu(Let)i Fs(s)508 3918
+y Fn(0)582 3903 y Fu(b)s(e)f(the)h(state)f(that)g(maps)g(all)e(v)-5
+b(ariables)33 b(except)j Fr(x)f Fu(and)f Fr(y)h Fu(to)e
+Fw(0)i Fu(and)f(has)h Fs(s)3436 3918 y Fn(0)3508 3903
+y Fr(x)d Fu(=)h Fw(5)283 4023 y Fu(and)g Fs(s)521 4038
+y Fn(0)593 4023 y Fr(y)g Fu(=)f Fw(7)p Fu(.)44 b(Then)34
+b(the)f(follo)m(wing)c(is)k(an)f(example)g(of)g(a)g(deriv)-5
+b(ation)31 b(tree:)577 4217 y Ft(h)p Fr(z)p Fu(:=)p Fr(x)p
+Fu(,)i Fs(s)929 4232 y Fn(0)969 4217 y Ft(i)f(!)g Fs(s)1220
+4232 y Fn(1)1577 4217 y Ft(h)p Fr(x)p Fu(:=)p Fr(y)p
+Fu(,)h Fs(s)1929 4232 y Fn(1)1968 4217 y Ft(i)f(!)h Fs(s)2220
+4232 y Fn(2)p 527 4303 1782 4 v 944 4505 a Ft(h)p Fr(z)p
+Fu(:=)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(y)p Fu(,)g Fs(s)1561
+4520 y Fn(0)1601 4505 y Ft(i)f(!)g Fs(s)1852 4520 y Fn(2)2576
+4505 y Ft(h)p Fr(y)p Fu(:=)p Fr(z)p Fu(,)h Fs(s)2928
+4520 y Fn(2)2968 4505 y Ft(i)f(!)g Fs(s)3219 4520 y Fn(3)p
+527 4591 2782 4 v 1274 4793 a Ft(h)p Fu(\()p Fr(z)p Fu(:=)p
+Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(y)p Fu(\);)g Fr(y)p Fu(:=)p
+Fr(z)p Fu(,)g Fs(s)2232 4808 y Fn(0)2271 4793 y Ft(i)g(!)f
+Fs(s)2523 4808 y Fn(3)283 4985 y Fu(where)i(w)m(e)g(ha)m(v)m(e)g(used)g
+(the)f(abbreviations:)577 5156 y Fs(s)625 5171 y Fn(1)764
+5156 y Fu(=)100 b Fs(s)988 5171 y Fn(0)1027 5156 y Fu([)p
+Fr(z)p Ft(7!)p Fw(5)p Fu(])577 5324 y Fs(s)625 5339 y
+Fn(2)764 5324 y Fu(=)g Fs(s)988 5339 y Fn(1)1027 5324
+y Fu([)p Fr(x)p Ft(7!)p Fw(7)p Fu(])577 5492 y Fs(s)625
+5507 y Fn(3)764 5492 y Fu(=)g Fs(s)988 5507 y Fn(2)1027
+5492 y Fu([)p Fr(y)p Ft(7!)p Fw(5)p Fu(])p eop
+%%Page: 23 33
+23 32 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216
+b(23)p 0 193 3473 4 v 0 515 a Fu(The)40 b(deriv)-5 b(ation)37
+b(tree)j(has)g(three)f(lea)m(v)m(es)i(denoted)f Ft(h)o
+Fr(z)p Fu(:=)p Fr(x)p Fu(,)i Fs(s)2331 530 y Fn(0)2370
+515 y Ft(i)d(!)g Fs(s)2635 530 y Fn(1)2674 515 y Fu(,)i
+Ft(h)p Fr(x)p Fu(:=)p Fr(y)p Fu(,)g Fs(s)3102 530 y Fn(1)3141
+515 y Ft(i)e(!)g Fs(s)3406 530 y Fn(2)3445 515 y Fu(,)0
+636 y(and)28 b Ft(h)p Fr(y)p Fu(:=)p Fr(z)p Fu(,)h Fs(s)533
+651 y Fn(2)573 636 y Ft(i)e(!)h Fs(s)815 651 y Fn(3)854
+636 y Fu(,)h(corresp)s(onding)f(to)g(three)g(applications)e(of)i(the)g
+(axiom)e([ass)3136 651 y Fn(ns)3208 636 y Fu(].)42 b(The)0
+756 y(rule)32 b([comp)450 771 y Fn(ns)521 756 y Fu(])h(has)g(b)s(een)g
+(applied)e(t)m(wice.)44 b(One)33 b(instance)g(is)254
+916 y Ft(h)p Fr(z)p Fu(:=)p Fr(x)p Fu(,)g Fs(s)606 931
+y Fn(0)645 916 y Ft(i)f(!)h Fs(s)897 931 y Fn(1)936 916
+y Fu(,)g Ft(h)o Fr(x)p Fu(:=)p Fr(y)p Fu(,)h Fs(s)1348
+931 y Fn(1)1387 916 y Ft(i)e(!)h Fs(s)1639 931 y Fn(2)p
+254 980 1425 4 v 492 1084 a Ft(h)p Fr(z)p Fu(:=)p Fr(x)p
+Fu(;)g Fr(x)p Fu(:=)p Fr(y)p Fu(,)g Fs(s)1109 1099 y
+Fn(0)1149 1084 y Ft(i)f(!)g Fs(s)1400 1099 y Fn(2)0 1245
+y Fu(whic)m(h)j(has)g(b)s(een)g(used)h(to)e(com)m(bine)g(the)g(lea)m(v)
+m(es)i Ft(h)p Fr(z)p Fu(:=)p Fr(x)p Fu(,)f Fs(s)2224
+1260 y Fn(0)2264 1245 y Ft(i)f(!)g Fs(s)2519 1260 y Fn(1)2593
+1245 y Fu(and)g Ft(h)p Fr(x)p Fu(:=)p Fr(y)p Fu(,)h Fs(s)3138
+1260 y Fn(1)3178 1245 y Ft(i)f(!)g Fs(s)3433 1260 y Fn(2)0
+1365 y Fu(with)e(the)h(in)m(ternal)f(no)s(de)g(lab)s(elled)f
+Ft(h)o Fr(z)p Fu(:=)p Fr(x)p Fu(;)j Fr(x)p Fu(:=)p Fr(y)p
+Fu(,)f Fs(s)1964 1380 y Fn(0)2003 1365 y Ft(i)f(!)h Fs(s)2255
+1380 y Fn(2)2294 1365 y Fu(.)44 b(The)33 b(other)g(instance)g(is)254
+1525 y Ft(h)p Fr(z)p Fu(:=)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p
+Fr(y)p Fu(,)g Fs(s)871 1540 y Fn(0)910 1525 y Ft(i)g(!)f
+Fs(s)1162 1540 y Fn(2)1201 1525 y Fu(,)h Ft(h)p Fr(y)p
+Fu(:=)p Fr(z)p Fu(,)g Fs(s)1613 1540 y Fn(2)1652 1525
+y Ft(i)g(!)f Fs(s)1904 1540 y Fn(3)p 254 1589 1690 4
+v 454 1693 a Ft(h)p Fu(\()p Fr(z)p Fu(:=)p Fr(x)p Fu(;)h
+Fr(x)p Fu(:=)p Fr(y)p Fu(\);)g Fr(y)p Fu(:=)p Fr(z)p
+Fu(,)g Fs(s)1412 1708 y Fn(0)1452 1693 y Ft(i)f(!)g Fs(s)1703
+1708 y Fn(3)0 1854 y Fu(whic)m(h)h(has)f(b)s(een)i(used)f(to)f(com)m
+(bine)g(the)g(in)m(ternal)f(no)s(de)i Ft(h)p Fr(z)p Fu(:=)p
+Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(y)p Fu(,)f Fs(s)2785
+1869 y Fn(0)2825 1854 y Ft(i)g(!)g Fs(s)3076 1869 y Fn(2)3148
+1854 y Fu(and)g(the)0 1974 y(leaf)g Ft(h)o Fr(y)p Fu(:=)p
+Fr(z)p Fu(,)h Fs(s)533 1989 y Fn(2)573 1974 y Ft(i)f(!)g
+Fs(s)824 1989 y Fn(3)896 1974 y Fu(with)h(the)g(ro)s(ot)e
+Ft(h)p Fu(\()p Fr(z)p Fu(:=)p Fr(x)p Fu(;)i Fr(x)p Fu(:=)p
+Fr(y)p Fu(\);)g Fr(y)p Fu(:=)p Fr(z)p Fu(,)g Fs(s)2453
+1989 y Fn(0)2493 1974 y Ft(i)f(!)g Fs(s)2744 1989 y Fn(3)2784
+1974 y Fu(.)587 b Fh(2)146 2161 y Fu(Consider)37 b(no)m(w)f(the)h
+(problem)d(of)i(constructing)g(a)g(deriv)-5 b(ation)34
+b(tree)i(for)g(a)f(giv)m(en)h(state-)0 2282 y(men)m(t)43
+b Fs(S)54 b Fu(and)43 b(state)g Fs(s)8 b Fu(.)74 b(The)43
+b(b)s(est)h(w)m(a)m(y)g(to)e(approac)m(h)h(this)f(is)h(to)f(try)h(to)f
+(construct)i(the)0 2402 y(tree)37 b(from)f(the)i(ro)s(ot)e(up)m(w)m
+(ards.)58 b(So)37 b(w)m(e)h(will)c(start)j(b)m(y)h(\014nding)f(an)g
+(axiom)e(or)i(rule)f(with)h(a)0 2523 y(conclusion)g(where)j(the)e
+(left-hand)f(side)h(matc)m(hes)h(the)f(con\014guration)f
+Ft(h)p Fs(S)12 b Fu(,)38 b Fs(s)8 b Ft(i)p Fu(.)59 b(There)39
+b(are)0 2643 y(t)m(w)m(o)33 b(cases:)145 2816 y Ft(\017)49
+b Fu(If)43 b(it)e(is)h(an)h Fs(axiom)49 b Fu(and)43 b(if)f(the)h
+(conditions)f(of)g(the)h(axiom)e(are)i(satis\014ed)g(then)g(w)m(e)244
+2936 y(can)37 b(determine)g(the)h(\014nal)f(state)g(and)h(the)f
+(construction)h(of)f(the)g(deriv)-5 b(ation)36 b(tree)i(is)244
+3057 y(completed.)145 3250 y Ft(\017)49 b Fu(If)28 b(it)g(is)g(a)h
+Fs(rule)36 b Fu(then)29 b(the)g(next)h(step)f(is)g(to)f(try)h(to)f
+(construct)i(deriv)-5 b(ation)27 b(trees)j(for)e(the)244
+3370 y(premises)33 b(of)f(the)h(rule.)44 b(When)34 b(this)e(has)i(b)s
+(een)f(done,)h(it)d(m)m(ust)i(b)s(e)g(c)m(hec)m(k)m(ed)j(that)d(the)244
+3490 y(conditions)e(of)g(the)i(rule)e(are)h(ful\014lled,)f(and)h(only)f
+(then)i(can)f(w)m(e)h(determine)f(the)g(\014nal)244 3611
+y(state)h(corresp)s(onding)f(to)h Ft(h)o Fs(S)12 b Fu(,)33
+b Fs(s)8 b Ft(i)p Fu(.)0 3784 y(Often)25 b(there)h(will)d(b)s(e)i(more)
+f(than)i(one)f(axiom)e(or)i(rule)g(that)g(matc)m(hes)g(a)g(giv)m(en)g
+(con\014guration)0 3904 y(and)j(then)h(the)f(v)-5 b(arious)28
+b(p)s(ossibilities)d(ha)m(v)m(e)k(to)f(b)s(e)g(insp)s(ected)h(in)e
+(order)h(to)g(\014nd)g(a)g(deriv)-5 b(ation)0 4024 y(tree.)53
+b(W)-8 b(e)36 b(shall)e(see)i(later)f(that)g(for)g Fw(While)f
+Fu(there)i(will)d(b)s(e)j(at)f(most)g(one)h(deriv)-5
+b(ation)34 b(tree)0 4145 y(for)27 b(eac)m(h)i(transition)e
+Ft(h)o Fs(S)12 b Fu(,)28 b Fs(s)8 b Ft(i)28 b(!)g Fs(s)1251
+4109 y Fi(0)1302 4145 y Fu(but)g(that)g(this)g(need)h(not)f(hold)f(in)g
+(extensions)i(of)f Fw(While)p Fu(.)0 4332 y Fw(Example)37
+b(2.2)48 b Fu(Consider)33 b(the)g(factorial)e(statemen)m(t:)244
+4505 y Fr(y)p Fu(:=)p Fr(1)p Fu(;)i Fr(while)h Ft(:)p
+Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
+Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p
+Fr(x)p Ft(\000)p Fr(1)p Fu(\))0 4678 y(and)g(let)f Fs(s)40
+b Fu(b)s(e)33 b(a)f(state)h(with)f Fs(s)41 b Fr(x)33
+b Fu(=)f Fw(3)p Fu(.)44 b(In)33 b(this)f(example)g(w)m(e)i(shall)d(sho)
+m(w)i(that)269 4845 y Ft(h)o Fr(y)p Fu(:=)p Fr(1)p Fu(;)h
+Fr(while)f Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g
+Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h
+Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(\),)h Fs(s)8
+b Ft(i)32 b(!)g Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(6)p
+Fu(][)p Fr(x)p Ft(7!)p Fw(1)p Fu(])277 b(\(*\))0 5013
+y(T)-8 b(o)42 b(do)f(so)h(w)m(e)g(shall)e(sho)m(w)j(that)e(\(*\))g(can)
+h(b)s(e)g(obtained)e(from)h(the)h(transition)d(system)k(of)0
+5133 y(T)-8 b(able)37 b(2.1.)56 b(This)37 b(is)g(done)g(b)m(y)h
+(constructing)g(a)e(deriv)-5 b(ation)36 b(tree)h(with)g(the)g
+(transition)f(\(*\))0 5254 y(as)d(its)f(ro)s(ot.)146
+5374 y(Rather)26 b(than)g(presen)m(ting)h(the)f(complete)g(deriv)-5
+b(ation)24 b(tree)j Fs(T)39 b Fu(in)25 b(one)h(go,)h(w)m(e)g(shall)e
+(build)0 5494 y(it)i(in)h(an)g(up)m(w)m(ards)j(manner.)41
+b(Initially)-8 b(,)27 b(w)m(e)i(only)f(kno)m(w)i(that)e(the)h(ro)s(ot)e
+(of)h Fs(T)42 b Fu(is)28 b(of)g(the)h(form:)p eop
+%%Page: 24 34
+24 33 bop 251 130 a Fw(24)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(h)p Fr(y)p
+Fu(:=)p Fr(1)p Fu(;)c Fr(while)h Ft(:)p Fu(\()p Fr(x)p
+Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p
+Fr(y)g Fo(?)g Fr(x)p Fu(;)f Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)33 b(!)f Fs(s)2808 530
+y Fn(61)283 700 y Fu(Ho)m(w)m(ev)m(er,)j(the)e(statemen)m(t)527
+885 y Fr(y)p Fu(:=)p Fr(1)p Fu(;)g Fr(while)h Ft(:)q
+Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
+Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p
+Fr(x)p Ft(\000)p Fr(1)p Fu(\))283 1070 y(is)38 b(of)f(the)h(form)e
+Fs(S)978 1085 y Fn(1)1017 1070 y Fu(;)k Fs(S)1151 1085
+y Fn(2)1228 1070 y Fu(so)e(the)g(only)f(rule)g(that)h(could)f(ha)m(v)m
+(e)i(b)s(een)f(used)h(to)e(pro)s(duce)h(the)283 1190
+y(ro)s(ot)32 b(of)g Fs(T)46 b Fu(is)32 b([comp)1072 1205
+y Fn(ns)1143 1190 y Fu(].)43 b(Therefore)34 b Fs(T)46
+b Fu(m)m(ust)32 b(ha)m(v)m(e)i(the)f(form:)813 1372 y
+Ft(h)p Fr(y)p Fu(:=)p Fr(1)p Fu(,)g Fs(s)8 b Ft(i!)p
+Fs(s)1352 1387 y Fn(13)2411 1372 y Fs(T)2494 1387 y Fn(1)p
+527 1459 2325 4 v 577 1664 a Ft(h)p Fr(y)p Fu(:=)p Fr(1)p
+Fu(;)33 b Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p
+Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p
+Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
+Fu(\),)h Fs(s)8 b Ft(i!)o Fs(s)2727 1679 y Fn(61)283
+1842 y Fu(for)32 b(some)h(state)g Fs(s)964 1857 y Fn(13)1071
+1842 y Fu(and)g(some)f(deriv)-5 b(ation)31 b(tree)i Fs(T)2241
+1857 y Fn(1)2313 1842 y Fu(whic)m(h)h(has)f(ro)s(ot)552
+2009 y Ft(h)p Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p
+Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p
+Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(\),)h Fs(s)2251 2024 y Fn(13)2326 2009 y Ft(i)o(!)p
+Fs(s)2512 2024 y Fn(61)3582 2009 y Fu(\(**\))283 2177
+y(Since)d Ft(h)p Fr(y)p Fu(:=)p Fr(1)p Fu(,)g Fs(s)8
+b Ft(i)31 b(!)f Fs(s)1134 2192 y Fn(13)1239 2177 y Fu(has)h(to)f(b)s(e)
+h(an)g(instance)g(of)f(the)h(axiom)e([ass)2886 2192 y
+Fn(ns)2958 2177 y Fu(])h(w)m(e)i(get)e(that)h Fs(s)3575
+2192 y Fn(13)3680 2177 y Fu(=)283 2297 y Fs(s)8 b Fu([)p
+Fr(y)p Ft(7!)q Fw(1)p Fu(].)430 2418 y(The)34 b(missing)e(part)h
+Fs(T)1275 2433 y Fn(1)1348 2418 y Fu(of)g Fs(T)47 b Fu(is)33
+b(a)g(deriv)-5 b(ation)32 b(tree)i(with)f(ro)s(ot)g(\(**\).)45
+b(Since)34 b(the)g(state-)283 2538 y(men)m(t)39 b(of)e(\(**\))h(has)g
+(the)h(form)e Fr(while)i Fs(b)44 b Fr(do)39 b Fs(S)50
+b Fu(the)38 b(deriv)-5 b(ation)37 b(tree)i Fs(T)3003
+2553 y Fn(1)3080 2538 y Fu(m)m(ust)g(ha)m(v)m(e)g(b)s(een)283
+2658 y(constructed)48 b(b)m(y)f(applying)e(either)h(the)g(rule)g
+([while)2326 2622 y Fn(tt)2314 2683 y(ns)2384 2658 y
+Fu(])h(or)e(the)i(axiom)d([while)3337 2622 y Fn(\013)3325
+2683 y(ns)3396 2658 y Fu(].)84 b(Since)283 2779 y Ft(B)t
+Fu([)-17 b([)q Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q
+Fs(s)796 2794 y Fn(13)904 2779 y Fu(=)33 b Fw(tt)f Fu(w)m(e)j(see)f
+(that)f(only)g(the)h(rule)f([while)2490 2743 y Fn(tt)2478
+2804 y(ns)2548 2779 y Fu(])h(could)f(ha)m(v)m(e)h(b)s(een)g(applied)f
+(so)283 2899 y Fs(T)366 2914 y Fn(1)439 2899 y Fu(will)d(ha)m(v)m(e)k
+(the)f(form:)813 3071 y Fs(T)896 3086 y Fn(2)2221 3071
+y Fs(T)2304 3086 y Fn(3)p 527 3158 2135 4 v 577 3363
+a Ft(h)p Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p
+Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p
+Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
+Fu(\),)h Fs(s)2276 3378 y Fn(13)2351 3363 y Ft(i)o(!)p
+Fs(s)2537 3378 y Fn(61)283 3541 y Fu(where)g Fs(T)648
+3556 y Fn(2)720 3541 y Fu(is)e(a)h(deriv)-5 b(ation)31
+b(tree)i(with)f(ro)s(ot)527 3726 y Ft(h)p Fr(y)p Fu(:=)p
+Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(,)h Fs(s)1373 3741 y Fn(13)1448 3726 y Ft(i!)o
+Fs(s)1634 3741 y Fn(32)283 3910 y Fu(and)f Fs(T)556 3925
+y Fn(3)628 3910 y Fu(is)f(a)h(deriv)-5 b(ation)31 b(tree)i(with)f(ro)s
+(ot)552 4078 y Ft(h)p Fr(while)i Ft(:)p Fu(\()p Fr(x)p
+Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p
+Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(\),)h Fs(s)2251 4093 y Fn(32)2326 4078 y Ft(i)o(!)p
+Fs(s)2512 4093 y Fn(61)3534 4078 y Fu(\(***\))283 4246
+y(for)e(some)h(state)g Fs(s)964 4261 y Fn(32)1039 4246
+y Fu(.)430 4366 y(Using)h(that)g(the)h(form)e(of)h(the)h(statemen)m(t)g
+Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)p Fu(:=)p
+Fr(x)p Ft(\000)p Fr(1)f Fu(is)f Fs(S)2962 4381 y Fn(1)3002
+4366 y Fu(;)p Fs(S)3096 4381 y Fn(2)3169 4366 y Fu(it)g(is)g(no)m(w)h
+(easy)283 4486 y(to)e(see)g(that)g(the)g(deriv)-5 b(ation)31
+b(tree)i Fs(T)1676 4501 y Fn(2)1748 4486 y Fu(is)577
+4658 y Ft(h)p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(,)g
+Fs(s)1029 4673 y Fn(13)1104 4658 y Ft(i!)o Fs(s)1290
+4673 y Fn(33)1682 4658 y Ft(h)p Fr(x)p Fu(:=)p Fr(x)p
+Ft(\000)p Fr(1)p Fu(,)h Fs(s)2163 4673 y Fn(33)2238 4658
+y Ft(i!)o Fs(s)2424 4673 y Fn(32)p 527 4745 2022 4 v
+947 4950 a Ft(h)p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p
+Fu(;)f Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(,)h
+Fs(s)1793 4965 y Fn(13)1868 4950 y Ft(i!)o Fs(s)2054
+4965 y Fn(32)283 5133 y Fu(where)40 b Fs(s)619 5148 y
+Fn(33)731 5133 y Fu(=)e Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p
+Fw(3)p Fu(])38 b(and)g Fs(s)1435 5148 y Fn(32)1548 5133
+y Fu(=)f Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(3)p Fu(][)p
+Fr(x)p Ft(7!)q Fw(2)p Fu(].)59 b(The)39 b(lea)m(v)m(es)g(of)e
+Fs(T)3008 5148 y Fn(2)3086 5133 y Fu(are)h(instances)g(of)283
+5254 y([ass)435 5269 y Fn(ns)507 5254 y Fu(])33 b(and)g(they)g(are)g
+(com)m(bined)f(using)g([comp)2085 5269 y Fn(ns)2156 5254
+y Fu(].)44 b(So)32 b(no)m(w)i Fs(T)2676 5269 y Fn(2)2748
+5254 y Fu(is)e(fully)f(constructed.)430 5374 y(In)k(a)g(similar)d(w)m
+(a)m(y)k(w)m(e)g(can)f(construct)i(the)e(deriv)-5 b(ation)34
+b(tree)h Fs(T)2831 5389 y Fn(3)2906 5374 y Fu(with)f(ro)s(ot)h(\(***\))
+f(and)283 5494 y(w)m(e)g(get:)p eop
+%%Page: 25 35
+25 34 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216
+b(25)p 0 193 3473 4 v 294 500 a Ft(h)o Fr(y)p Fu(:=)p
+Fr(y)p Fo(?)q Fr(x)p Fu(,)33 b Fs(s)746 515 y Fn(32)820
+500 y Ft(i!)p Fs(s)1007 515 y Fn(62)1399 500 y Ft(h)p
+Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(,)h Fs(s)1880
+515 y Fn(62)1954 500 y Ft(i!)p Fs(s)2141 515 y Fn(61)p
+244 587 2022 4 v 664 788 a Ft(h)o Fr(y)p Fu(:=)p Fr(y)p
+Fo(?)q Fr(x)p Fu(;)f Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(,)g Fs(s)1509 803 y Fn(32)1584 788 y Ft(i!)p
+Fs(s)1771 803 y Fn(61)2533 788 y Fs(T)2616 803 y Fn(4)p
+244 875 2462 4 v 457 1079 a Ft(h)p Fr(while)h Ft(:)p
+Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
+Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p
+Fr(x)p Ft(\000)p Fr(1)p Fu(\),)h Fs(s)2156 1094 y Fn(32)2231
+1079 y Ft(i)o(!)p Fs(s)2417 1094 y Fn(61)0 1294 y Fu(where)39
+b Fs(s)335 1309 y Fn(62)447 1294 y Fu(=)e Fs(s)8 b Fu([)p
+Fr(y)p Ft(7!)p Fw(6)p Fu(][)p Fr(x)p Ft(7!)p Fw(2)p Fu(],)39
+b Fs(s)1244 1309 y Fn(61)1356 1294 y Fu(=)e Fs(s)8 b
+Fu([)p Fr(y)p Ft(7!)p Fw(6)p Fu(][)p Fr(x)p Ft(7!)p Fw(1)p
+Fu(])38 b(and)f Fs(T)2354 1309 y Fn(4)2431 1294 y Fu(is)g(a)g(deriv)-5
+b(ation)36 b(tree)i(with)0 1415 y(ro)s(ot)244 1631 y
+Ft(h)p Fr(while)33 b Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p
+Fu(\))g Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p
+Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
+Fu(\),)h Fs(s)1943 1646 y Fn(61)2017 1631 y Ft(i!)p Fs(s)2204
+1646 y Fn(61)146 1847 y Fu(Finally)-8 b(,)28 b(w)m(e)i(see)h(that)e
+(the)h(deriv)-5 b(ation)27 b(tree)j Fs(T)1892 1862 y
+Fn(4)1961 1847 y Fu(is)f(an)h(instance)f(of)g(the)h(axiom)e([while)3387
+1810 y Fn(\013)3375 1871 y(ns)3445 1847 y Fu(])0 1967
+y(b)s(ecause)h Ft(B)s Fu([)-17 b([)q Ft(:)p Fu(\()p Fr(x)p
+Fu(=)p Fr(1)p Fu(\)])g(])q Fs(s)868 1982 y Fn(61)971
+1967 y Fu(=)27 b Fw(\013)p Fu(.)42 b(This)28 b(completes)f(the)h
+(construction)g(of)f(the)h(deriv)-5 b(ation)26 b(tree)0
+2087 y Fs(T)46 b Fu(for)32 b(\(*\).)2981 b Fh(2)0 2333
+y Fw(Exercise)36 b(2.3)49 b Fu(Consider)33 b(the)g(statemen)m(t)244
+2549 y Fr(z)p Fu(:=)p Fr(0)p Fu(;)g Fr(while)h(y)p Ft(\024)q
+Fr(x)e(do)h Fu(\()p Fr(z)p Fu(:=)p Fr(z)p Fu(+)p Fr(1)p
+Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(y)p Fu(\))0
+2765 y(Construct)39 b(a)e(deriv)-5 b(ation)36 b(tree)i(for)f(this)g
+(statemen)m(t)h(when)h(executed)g(in)e(a)g(state)h(where)h
+Fr(x)0 2886 y Fu(has)33 b(the)g(v)-5 b(alue)32 b Fw(17)h
+Fu(and)f Fr(y)h Fu(has)g(the)g(v)-5 b(alue)32 b Fw(5)p
+Fu(.)1709 b Fh(2)146 3132 y Fu(W)-8 b(e)33 b(shall)f(in)m(tro)s(duce)h
+(the)g(follo)m(wing)d(terminology:)41 b(The)34 b(execution)g(of)e(a)g
+(statemen)m(t)i Fs(S)0 3252 y Fu(on)e(a)h(state)g Fs(s)145
+3468 y Ft(\017)49 b Fs(terminates)40 b Fu(if)32 b(and)g(only)g(if)g
+(there)h(is)f(a)g(state)h Fs(s)2032 3432 y Fi(0)2088
+3468 y Fu(suc)m(h)h(that)f Ft(h)o Fs(S)12 b Fu(,)33 b
+Fs(s)8 b Ft(i)32 b(!)g Fs(s)2984 3432 y Fi(0)3008 3468
+y Fu(,)g(and)145 3684 y Ft(\017)49 b Fs(lo)-5 b(ops)40
+b Fu(if)31 b(and)i(only)f(if)f(there)j(is)e Fs(no)38
+b Fu(state)33 b Fs(s)1854 3648 y Fi(0)1910 3684 y Fu(suc)m(h)h(that)e
+Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)2806
+3648 y Fi(0)2829 3684 y Fu(.)0 3900 y(W)-8 b(e)40 b(shall)e(sa)m(y)j
+(that)e(a)g(statemen)m(t)h Fs(S)51 b(always)41 b(terminates)47
+b Fu(if)39 b(its)g(execution)h(on)f(a)h(state)g Fs(s)0
+4021 y Fu(terminates)31 b(for)g(all)f(c)m(hoices)j(of)e
+Fs(s)8 b Fu(,)32 b(and)g Fs(always)i(lo)-5 b(ops)39 b
+Fu(if)31 b(its)g(execution)i(on)f(a)f(state)i Fs(s)39
+b Fu(lo)s(ops)0 4141 y(for)32 b(all)f(c)m(hoices)i(of)f
+Fs(s)8 b Fu(.)0 4390 y Fw(Exercise)36 b(2.4)49 b Fu(Consider)33
+b(the)g(follo)m(wing)d(statemen)m(ts)145 4606 y Ft(\017)49
+b Fr(while)34 b Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f
+Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(;)g
+Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(\))145 4822
+y Ft(\017)49 b Fr(while)34 b(1)p Ft(\024)p Fr(x)f(do)g
+Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)q Fr(x)p Fu(;)f Fr(x)p
+Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(\))145 5038 y Ft(\017)49
+b Fr(while)34 b(true)f(do)g(skip)0 5254 y Fu(F)-8 b(or)28
+b(eac)m(h)j(statemen)m(t)e(determine)g(whether)i(or)e(not)g(it)f(alw)m
+(a)m(ys)i(terminates)f(and)g(whether)i(or)0 5374 y(not)k(it)f(alw)m(a)m
+(ys)i(lo)s(ops.)50 b(T)-8 b(ry)36 b(to)f(argue)g(for)f(y)m(our)i(answ)m
+(ers)h(using)e(the)g(axioms)f(and)i(rules)f(of)0 5494
+y(T)-8 b(able)32 b(2.1.)2978 b Fh(2)p eop
+%%Page: 26 36
+26 35 bop 251 130 a Fw(26)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fp(Prop)t(erties)46
+b(of)f(the)h(seman)l(tics)283 700 y Fu(The)32 b(transition)d(system)j
+(giv)m(es)f(us)g(a)g(w)m(a)m(y)h(of)e(arguing)f(ab)s(out)i(statemen)m
+(ts)g(and)g(their)f(prop-)283 820 y(erties.)44 b(As)31
+b(an)g(example)f(w)m(e)i(ma)m(y)f(b)s(e)g(in)m(terested)h(in)e(whether)
+j(t)m(w)m(o)e(statemen)m(ts)h Fs(S)3391 835 y Fn(1)3462
+820 y Fu(and)f Fs(S)3717 835 y Fn(2)283 941 y Fu(are)i
+Fs(semantic)-5 b(al)5 b(ly)34 b(e)-5 b(quivalent)p Fu(;)32
+b(b)m(y)h(this)g(w)m(e)g(mean)f(that)h(for)f(all)e(states)k
+Fs(s)40 b Fu(and)33 b Fs(s)3303 905 y Fi(0)527 1140 y
+Ft(h)p Fs(S)633 1155 y Fn(1)672 1140 y Fu(,)g Fs(s)8
+b Ft(i)32 b(!)g Fs(s)1031 1104 y Fi(0)1087 1140 y Fu(if)g(and)g(only)h
+(if)e Ft(h)p Fs(S)1776 1155 y Fn(2)1815 1140 y Fu(,)i
+Fs(s)8 b Ft(i)32 b(!)g Fs(s)2174 1104 y Fi(0)p 283 1339
+3473 5 v 283 1509 a Fw(Lemma)38 b(2.5)49 b Fu(The)33
+b(statemen)m(t)527 1708 y Fr(while)h Fs(b)39 b Fr(do)33
+b Fs(S)283 1907 y Fu(is)g(seman)m(tically)d(equiv)-5
+b(alen)m(t)33 b(to)520 2098 y Fr(if)g Fs(b)38 b Fr(then)c
+Fu(\()p Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)k Fr(do)33
+b Fs(S)12 b Fu(\))33 b Fr(else)g(skip)p Fu(.)p 283 2219
+V 283 2418 a Fw(Pro)s(of:)38 b Fu(The)33 b(pro)s(of)f(is)g(in)g(t)m(w)m
+(o)h(stages.)44 b(W)-8 b(e)33 b(shall)f(\014rst)h(pro)m(v)m(e)g(that)g
+(if)552 2585 y Ft(h)p Fr(while)h Fs(b)k Fr(do)33 b Fs(S)12
+b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1524 2549 y Fi(00)3631
+2585 y Fu(\(*\))283 2753 y(then)552 2920 y Ft(h)p Fr(if)h
+Fs(b)38 b Fr(then)c Fu(\()p Fs(S)12 b Fu(;)32 b Fr(while)i
+Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(\))32 b Fr(else)i(skip)p
+Fu(,)f Fs(s)8 b Ft(i)33 b(!)f Fs(s)2658 2884 y Fi(00)3582
+2920 y Fu(\(**\))283 3088 y(Th)m(us,)j(if)d(the)h(execution)h(of)e(the)
+h(lo)s(op)f(terminates)g(then)h(so)g(do)s(es)h(its)e(one-lev)m(el)g
+(unfolding.)283 3208 y(Later)26 b(w)m(e)g(shall)f(sho)m(w)h(that)g(if)e
+(the)i(unfolded)f(lo)s(op)f(terminates)h(then)h(so)g(will)d(the)j(lo)s
+(op)e(itself;)283 3329 y(the)33 b(conjunction)g(of)f(these)i(results)f
+(then)g(pro)m(v)m(e)h(the)f(lemma.)430 3449 y(Because)44
+b(\(*\))f(holds)f(w)m(e)i(kno)m(w)g(that)f(w)m(e)h(ha)m(v)m(e)g(a)f
+(deriv)-5 b(ation)41 b(tree)j Fs(T)56 b Fu(for)42 b(it.)74
+b(It)43 b(can)283 3570 y(ha)m(v)m(e)g(one)e(of)f(t)m(w)m(o)i(forms)e
+(dep)s(ending)h(on)g(whether)h(it)e(has)h(b)s(een)g(constructed)i
+(using)d(the)283 3690 y(rule)30 b([while)738 3654 y Fn(tt)726
+3715 y(ns)796 3690 y Fu(])g(or)f(the)h(axiom)e([while)1683
+3654 y Fn(\013)1671 3715 y(ns)1742 3690 y Fu(].)42 b(In)30
+b(the)h(\014rst)f(case)g(the)g(deriv)-5 b(ation)28 b(tree)j
+Fs(T)42 b Fu(has)30 b(the)283 3810 y(form:)813 3982 y
+Fs(T)896 3997 y Fn(1)1253 3982 y Fs(T)1336 3997 y Fn(2)p
+527 4068 1168 4 v 604 4273 a Ft(h)o Fr(while)k Fs(b)39
+b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)h
+Fs(s)1576 4237 y Fi(00)283 4471 y Fu(where)e Fs(T)645
+4486 y Fn(1)714 4471 y Fu(is)e(a)g(deriv)-5 b(ation)28
+b(tree)i(with)f(ro)s(ot)g Ft(h)o Fs(S)12 b Fu(,)30 b
+Fs(s)8 b Ft(i)o(!)p Fs(s)2355 4435 y Fi(0)2408 4471 y
+Fu(and)29 b Fs(T)2677 4486 y Fn(2)2746 4471 y Fu(is)g(a)g(deriv)-5
+b(ation)28 b(tree)i(with)283 4591 y(ro)s(ot)h Ft(h)p
+Fr(while)h Fs(b)38 b Fr(do)31 b Fs(S)12 b Fu(,)32 b Fs(s)1207
+4555 y Fi(0)1230 4591 y Ft(i!)o Fs(s)1416 4555 y Fi(00)1459
+4591 y Fu(.)43 b(F)-8 b(urthermore,)31 b Ft(B)s Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(])q Fs(s)39 b Fu(=)31 b Fw(tt)p
+Fu(.)42 b(Using)31 b(the)h(deriv)-5 b(ation)30 b(trees)283
+4711 y Fs(T)366 4726 y Fn(1)439 4711 y Fu(and)j Fs(T)712
+4726 y Fn(2)785 4711 y Fu(as)g(the)h(premises)f(for)g(the)g(rules)g
+([comp)2278 4726 y Fn(ns)2349 4711 y Fu(])g(w)m(e)h(can)g(construct)g
+(the)f(deriv)-5 b(ation)283 4832 y(tree:)813 5003 y Fs(T)896
+5018 y Fn(1)1327 5003 y Fs(T)1410 5018 y Fn(2)p 527 5090
+1241 4 v 577 5294 a Ft(h)p Fs(S)12 b Fu(;)32 b Fr(while)i
+Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32
+b(!)h Fs(s)1676 5258 y Fi(00)283 5494 y Fu(Using)g(that)f
+Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])q Fs(s)40
+b Fu(=)33 b Fw(tt)e Fu(w)m(e)j(can)f(use)g(the)g(rule)f([if)2223
+5458 y Fn(tt)2211 5519 y(ns)2282 5494 y Fu(])g(to)g(construct)i(the)f
+(deriv)-5 b(ation)31 b(tree)p eop
+%%Page: 27 37
+27 36 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216
+b(27)p 0 193 3473 4 v 530 500 a Fs(T)613 515 y Fn(1)2051
+500 y Fs(T)2134 515 y Fn(2)p 244 587 2248 4 v 797 791
+a Ft(h)p Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)39 b Fr(do)33
+b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1896
+755 y Fi(00)p 244 878 V 294 1083 a Ft(h)o Fr(if)h Fs(b)39
+b Fr(then)34 b Fu(\()p Fs(S)12 b Fu(;)32 b Fr(while)i
+Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\))33 b Fr(else)g(skip)p
+Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)2399 1047 y Fi(00)0
+1267 y Fu(thereb)m(y)i(sho)m(wing)f(that)f(\(**\))g(holds.)146
+1388 y(Alternativ)m(ely)-8 b(,)27 b(the)f(deriv)-5 b(ation)25
+b(tree)h Fs(T)39 b Fu(is)26 b(an)g(instance)g(of)f([while)2621
+1352 y Fn(\013)2609 1412 y(ns)2680 1388 y Fu(].)41 b(Then)27
+b Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41
+b Fu(=)32 b Fw(\013)0 1508 y Fu(and)h(w)m(e)g(m)m(ust)g(ha)m(v)m(e)h
+(that)e Fs(s)1059 1472 y Fi(00)1102 1508 y Fu(=)p Fs(s)8
+b Fu(.)43 b(So)33 b Fs(T)45 b Fu(simply)31 b(is)244 1694
+y Ft(h)p Fr(while)i Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32
+b Fs(s)8 b Ft(i)33 b(!)f Fs(s)0 1880 y Fu(Using)g(the)h(axiom)e([skip)
+930 1895 y Fn(ns)1002 1880 y Fu(])h(w)m(e)i(get)e(a)h(deriv)-5
+b(ation)31 b(tree)244 2066 y Ft(h)p Fr(skip)p Fu(,)i
+Fs(s)8 b Ft(i!)p Fs(s)782 2030 y Fi(00)0 2252 y Fu(and)33
+b(w)m(e)g(can)g(no)m(w)g(apply)g(the)g(rule)f([if)1444
+2216 y Fn(\013)1432 2276 y(ns)1502 2252 y Fu(])h(to)f(construct)h(a)g
+(deriv)-5 b(ation)31 b(tree)i(for)f(\(**\):)1045 2435
+y Ft(h)p Fr(skip)p Fu(,)h Fs(s)8 b Ft(i)33 b(!)f Fs(s)1648
+2399 y Fi(00)p 244 2521 V 294 2726 a Ft(h)o Fr(if)h Fs(b)39
+b Fr(then)34 b Fu(\()p Fs(S)12 b Fu(;)32 b Fr(while)i
+Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\))33 b Fr(else)g(skip)p
+Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)2399 2690 y Fi(00)0
+2905 y Fu(This)h(completes)f(the)h(\014rst)g(part)g(of)f(the)h(pro)s
+(of.)146 3026 y(F)-8 b(or)38 b(the)h(second)h(stage)f(of)f(the)h(pro)s
+(of)e(w)m(e)j(assume)f(that)f(\(**\))g(holds)g(and)h(shall)e(pro)m(v)m
+(e)0 3146 y(that)29 b(\(*\))g(holds.)42 b(So)29 b(w)m(e)h(ha)m(v)m(e)g
+(a)f(deriv)-5 b(ation)27 b(tree)j Fs(T)42 b Fu(for)29
+b(\(**\))f(and)h(m)m(ust)g(construct)i(one)e(for)0 3266
+y(\(*\).)46 b(Only)34 b(t)m(w)m(o)g(rules)g(could)f(giv)m(e)h(rise)f
+(to)h(the)g(deriv)-5 b(ation)32 b(tree)i Fs(T)47 b Fu(for)33
+b(\(**\),)g(namely)g([if)3387 3230 y Fn(tt)3375 3291
+y(ns)3445 3266 y Fu(])0 3387 y(or)f([if)216 3351 y Fn(\013)204
+3411 y(ns)274 3387 y Fu(].)44 b(In)33 b(the)g(\014rst)g(case,)h
+Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41
+b Fu(=)32 b Fw(tt)g Fu(and)g(w)m(e)i(ha)m(v)m(e)g(a)e(deriv)-5
+b(ation)31 b(tree)i Fs(T)2975 3402 y Fn(1)3047 3387 y
+Fu(with)g(ro)s(ot)244 3573 y Ft(h)p Fs(S)12 b Fu(;)32
+b Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8
+b Ft(i!)o Fs(s)1277 3536 y Fi(00)0 3759 y Fu(The)34 b(statemen)m(t)g
+(has)f(the)h(general)f(form)e Fs(S)1632 3774 y Fn(1)1672
+3759 y Fu(;)i Fs(S)1799 3774 y Fn(2)1872 3759 y Fu(and)g(the)h(only)e
+(rule)h(that)g(could)g(giv)m(e)g(this)0 3879 y(is)f([comp)353
+3894 y Fn(ns)424 3879 y Fu(].)44 b(Therefore)33 b(there)h(are)e(deriv)
+-5 b(ation)31 b(trees)j Fs(T)2150 3894 y Fn(2)2222 3879
+y Fu(and)e Fs(T)2494 3894 y Fn(3)2566 3879 y Fu(for)244
+4065 y Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i!)p Fs(s)644
+4029 y Fi(0)667 4065 y Fu(,)33 b(and)244 4232 y Ft(h)p
+Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)964
+4196 y Fi(0)988 4232 y Ft(i!)o Fs(s)1174 4196 y Fi(00)0
+4418 y Fu(for)d(some)g(state)g Fs(s)670 4382 y Fi(0)693
+4418 y Fu(.)43 b(It)29 b(is)g(no)m(w)g(straigh)m(tforw)m(ard)g(to)g
+(use)h(the)f(rule)g([while)2741 4382 y Fn(tt)2729 4443
+y(ns)2799 4418 y Fu(])h(to)e(com)m(bine)h Fs(T)3433 4433
+y Fn(2)0 4539 y Fu(and)k Fs(T)273 4554 y Fn(3)345 4539
+y Fu(to)f(a)g(deriv)-5 b(ation)31 b(tree)i(for)f(\(*\).)146
+4659 y(In)i(the)g(second)h(case,)f Ft(B)t Fu([)-17 b([)q
+Fs(b)6 b Fu(])-17 b(])p Fs(s)42 b Fu(=)33 b Fw(\013)h
+Fu(and)f Fs(T)47 b Fu(is)33 b(constructed)i(using)e(the)h(rule)f([if)
+3124 4623 y Fn(\013)3112 4684 y(ns)3182 4659 y Fu(].)46
+b(This)0 4780 y(means)33 b(that)f(w)m(e)i(ha)m(v)m(e)f(a)g(deriv)-5
+b(ation)31 b(tree)i(for)244 4965 y Ft(h)p Fr(skip)p Fu(,)g
+Fs(s)8 b Ft(i!)p Fs(s)782 4929 y Fi(00)0 5151 y Fu(and)36
+b(according)f(to)h(axiom)e([skip)1249 5166 y Fn(ns)1321
+5151 y Fu(])i(it)f(m)m(ust)h(b)s(e)g(the)g(case)h(that)f
+Fs(s)8 b Fu(=)p Fs(s)2634 5115 y Fi(00)2676 5151 y Fu(.)54
+b(But)36 b(then)g(w)m(e)h(can)0 5272 y(use)f(the)f(axiom)e([while)895
+5236 y Fn(\013)883 5296 y(ns)953 5272 y Fu(])i(to)f(construct)i(a)e
+(deriv)-5 b(ation)33 b(tree)i(for)f(\(*\).)50 b(This)35
+b(completes)f(the)0 5392 y(pro)s(of.)3148 b Fh(2)p eop
+%%Page: 28 38
+28 37 bop 251 130 a Fw(28)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 283 515 a(Exercise)g(2.6)49
+b Fu(Pro)m(v)m(e)42 b(that)f(the)h(t)m(w)m(o)g(statemen)m(ts)g
+Fs(S)2359 530 y Fn(1)2398 515 y Fu(;\()p Fs(S)2530 530
+y Fn(2)2570 515 y Fu(;)p Fs(S)2664 530 y Fn(3)2703 515
+y Fu(\))f(and)g(\()p Fs(S)3085 530 y Fn(1)3125 515 y
+Fu(;)p Fs(S)3219 530 y Fn(2)3258 515 y Fu(\);)p Fs(S)3390
+530 y Fn(3)3470 515 y Fu(are)h(se-)283 636 y(man)m(tically)21
+b(equiv)-5 b(alen)m(t.)40 b(Construct)25 b(a)e(statemen)m(t)h(sho)m
+(wing)f(that)g Fs(S)2843 651 y Fn(1)2882 636 y Fu(;)p
+Fs(S)2976 651 y Fn(2)3039 636 y Fu(is)g(not,)i(in)d(general,)283
+756 y(seman)m(tically)31 b(equiv)-5 b(alen)m(t)33 b(to)f
+Fs(S)1492 771 y Fn(2)1531 756 y Fu(;)p Fs(S)1625 771
+y Fn(1)1664 756 y Fu(.)1990 b Fh(2)283 970 y Fw(Exercise)37
+b(2.7)49 b Fu(Extend)34 b(the)f(language)e Fw(While)g
+Fu(with)h(the)h(statemen)m(t)527 1163 y Fr(repeat)h Fs(S)45
+b Fr(until)34 b Fs(b)283 1355 y Fu(and)39 b(de\014ne)h(the)f(relation)e
+Ft(!)h Fu(for)g(it.)61 b(\(The)39 b(seman)m(tics)g(of)f(the)h
+Fr(repeat)p Fu(-construct)i(is)d(not)283 1476 y(allo)m(w)m(ed)45
+b(to)g(rely)g(on)g(the)h(existence)h(of)e(a)g Fr(while)p
+Fu(-construct)i(in)e(the)h(language.\))80 b(Pro)m(v)m(e)283
+1596 y(that)44 b Fr(repeat)i Fs(S)56 b Fr(until)45 b
+Fs(b)50 b Fu(and)44 b Fs(S)12 b Fu(;)44 b Fr(if)h Fs(b)50
+b Fr(then)45 b(skip)g(else)g Fu(\()p Fr(repeat)h Fs(S)56
+b Fr(until)45 b Fs(b)6 b Fu(\))44 b(are)283 1717 y(seman)m(tically)31
+b(equiv)-5 b(alen)m(t.)2381 b Fh(2)283 1931 y Fw(Exercise)37
+b(2.8)49 b Fu(Another)33 b(iterativ)m(e)f(construct)h(is)527
+2123 y Fr(for)h Fs(x)44 b Fu(:=)32 b Fs(a)995 2138 y
+Fn(1)1068 2123 y Fr(to)h Fs(a)1260 2138 y Fn(2)1332 2123
+y Fr(do)g Fs(S)283 2316 y Fu(Extend)h(the)f(language)f
+Fw(While)e Fu(with)i(this)g(statemen)m(t)h(and)g(de\014ne)h(the)e
+(relation)f Ft(!)h Fu(for)g(it.)283 2436 y(Ev)-5 b(aluate)33
+b(the)g(statemen)m(t)527 2629 y Fr(y)p Fu(:=)p Fr(1)p
+Fu(;)g Fr(for)h(z)p Fu(:=)p Fr(1)f(to)g(x)g(do)g Fu(\()p
+Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p
+Fr(x)p Ft(\000)p Fr(1)p Fu(\))283 2822 y(from)38 b(a)h(state)h(where)g
+Fr(x)f Fu(has)h(the)f(v)-5 b(alue)39 b(5.)63 b(Hin)m(t:)56
+b(Y)-8 b(ou)39 b(ma)m(y)g(need)h(to)f(assume)g(that)g(y)m(ou)283
+2942 y(ha)m(v)m(e)30 b(an)f(\\in)m(v)m(erse")h(to)e Ft(N)14
+b Fu(,)30 b(so)f(that)f(there)h(is)g(a)f(n)m(umeral)g(for)g(eac)m(h)h
+(n)m(um)m(b)s(er)g(that)g(ma)m(y)f(arise)283 3062 y(during)41
+b(the)g(computation.)67 b(\(The)42 b(seman)m(tics)f(of)f(the)i
+Fr(for)p Fu(-construct)g(is)e(not)h(allo)m(w)m(ed)f(to)283
+3183 y(rely)33 b(on)f(the)h(existence)h(of)f(a)f Fr(while)p
+Fu(-construct)i(in)e(the)h(language.\))855 b Fh(2)430
+3397 y Fu(In)31 b(the)f(ab)s(o)m(v)m(e)i(pro)s(of)d(w)m(e)j(used)f(T)-8
+b(able)30 b(2.1)g(to)g(insp)s(ect)h(the)g(structure)h(of)e(the)g(deriv)
+-5 b(ation)283 3517 y(tree)30 b(for)e(a)g(certain)g(transition)f(kno)m
+(wn)j(to)f(hold.)41 b(In)29 b(the)g(pro)s(of)f(of)g(the)h(next)h
+(result)f(w)m(e)g(shall)283 3638 y(com)m(bine)34 b(this)g(with)h(an)f
+Fs(induction)i(on)g(the)h(shap)-5 b(e)36 b(of)g(the)g(derivation)g(tr)
+-5 b(e)g(e)p Fu(.)49 b(The)36 b(idea)e(can)283 3758 y(b)s(e)f
+(summarized)f(as)g(follo)m(ws:)p 283 3888 3470 4 v 283
+3904 V 281 4112 4 208 v 298 4112 V 967 4033 a Fw(Induction)g(on)h(the)f
+(Shap)s(e)i(of)f(Deriv)-6 b(ation)31 b(T)-9 b(rees)p
+3735 4112 V 3752 4112 V 283 4115 3470 4 v 281 4484 4
+370 v 298 4484 V 350 4281 a Fu(1:)143 b(Pro)m(v)m(e)24
+b(that)f(the)h(prop)s(ert)m(y)g(holds)f(for)f(all)f(the)j(simple)e
+(deriv)-5 b(ation)21 b(trees)j(b)m(y)h(sho)m(wing)569
+4401 y(that)32 b(it)g(holds)g(for)g(the)h Fs(axioms)40
+b Fu(of)32 b(the)h(transition)e(system.)p 3735 4484 V
+3752 4484 V 281 5013 4 529 v 298 5013 V 350 4569 a(2:)143
+b(Pro)m(v)m(e)31 b(that)g(the)f(prop)s(ert)m(y)h(holds)f(for)g(all)e
+(comp)s(osite)h(deriv)-5 b(ation)29 b(trees:)43 b(F)-8
+b(or)30 b(eac)m(h)569 4689 y Fs(rule)50 b Fu(assume)44
+b(that)f(the)g(prop)s(ert)m(y)h(holds)e(for)h(its)f(premises)h(\(this)g
+(is)g(called)e(the)569 4809 y Fs(induction)29 b(hyp)-5
+b(othesis)p Fu(\))27 b(and)g(pro)m(v)m(e)i(that)e(it)g(also)f(holds)h
+(for)g(the)h(conclusion)e(of)h(the)569 4930 y(rule)32
+b(pro)m(vided)h(that)f(the)h(conditions)f(of)g(the)h(rule)f(are)h
+(satis\014ed.)p 3735 5013 V 3752 5013 V 283 5016 3470
+4 v 283 5033 V 283 5181 a(T)-8 b(o)28 b(form)m(ulate)f(the)h(theorem)f
+(w)m(e)i(shall)e(sa)m(y)h(that)g(the)g(seman)m(tics)g(of)f(T)-8
+b(able)28 b(2.1)f(is)h Fs(determin-)283 5302 y(istic)39
+b Fu(if)31 b(for)h(all)f(c)m(hoices)i(of)f Fs(S)12 b
+Fu(,)32 b Fs(s)8 b Fu(,)33 b Fs(s)1594 5266 y Fi(0)1650
+5302 y Fu(and)g Fs(s)1888 5266 y Fi(00)1963 5302 y Fu(w)m(e)g(ha)m(v)m
+(e)h(that)527 5494 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8
+b Ft(i)32 b(!)g Fs(s)992 5458 y Fi(0)1048 5494 y Fu(and)h
+Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1702
+5458 y Fi(00)1777 5494 y Fu(imply)f Fs(s)2099 5458 y
+Fi(0)2155 5494 y Fu(=)h Fs(s)2311 5458 y Fi(00)p eop
+%%Page: 29 39
+29 38 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216
+b(29)p 0 193 3473 4 v 0 515 a Fu(This)22 b(means)g(that)f(for)h(ev)m
+(ery)h(statemen)m(t)g Fs(S)33 b Fu(and)22 b(initial)c(state)k
+Fs(s)30 b Fu(w)m(e)23 b(can)f(uniquely)g(determine)0
+636 y(a)32 b(\014nal)g(state)h Fs(s)585 600 y Fi(0)641
+636 y Fu(if)e(\(and)i(only)f(if)7 b(\))31 b(the)i(execution)h(of)e
+Fs(S)44 b Fu(terminates.)p 0 759 3473 5 v 0 949 a Fw(Theorem)37
+b(2.9)49 b Fu(The)34 b(natural)d(seman)m(tics)i(of)f(T)-8
+b(able)32 b(2.1)g(is)g(deterministic.)p 0 1069 V 0 1286
+a Fw(Pro)s(of:)37 b Fu(W)-8 b(e)33 b(assume)g(that)g
+Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i!)o Fs(s)1456
+1250 y Fi(0)1512 1286 y Fu(and)33 b(shall)e(pro)m(v)m(e)j(that)244
+1503 y(if)d Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i!)p
+Fs(s)733 1466 y Fi(00)808 1503 y Fu(then)33 b Fs(s)1078
+1466 y Fi(0)1134 1503 y Fu(=)f Fs(s)1290 1466 y Fi(00)1333
+1503 y Fu(.)0 1719 y(W)-8 b(e)33 b(shall)e(pro)s(ceed)j(b)m(y)f
+(induction)f(on)g(the)h(shap)s(e)g(of)f(the)h(deriv)-5
+b(ation)31 b(tree)i(for)f Ft(h)p Fs(S)12 b Fu(,)33 b
+Fs(s)8 b Ft(i)o(!)p Fs(s)3384 1683 y Fi(0)3407 1719 y
+Fu(.)0 1887 y Fw(The)34 b(case)h Fu([ass)611 1902 y Fn(ns)683
+1887 y Fu(]:)46 b(Then)36 b Fs(S)45 b Fu(is)34 b Fs(x)12
+b Fu(:=)p Fs(a)41 b Fu(and)34 b Fs(s)1730 1851 y Fi(0)1787
+1887 y Fu(is)g Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17
+b([)q Fs(a)7 b Fu(])-17 b(])p Fs(s)8 b Fu(].)48 b(The)35
+b(only)f(axiom)e(or)i(rule)0 2007 y(that)39 b(could)f(b)s(e)i(used)g
+(to)f(giv)m(e)g Ft(h)o Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(,)41
+b Fs(s)8 b Ft(i!)o Fs(s)1743 1971 y Fi(00)1825 2007 y
+Fu(is)39 b([ass)2082 2022 y Fn(ns)2154 2007 y Fu(])g(so)g(it)f(follo)m
+(ws)g(that)h Fs(s)3043 1971 y Fi(00)3124 2007 y Fu(m)m(ust)g(b)s(e)0
+2128 y Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 b([)q
+Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])32 b(and)h(thereb)m(y)h
+Fs(s)1141 2091 y Fi(0)1197 2128 y Fu(=)f Fs(s)1354 2091
+y Fi(00)1396 2128 y Fu(.)0 2295 y Fw(The)g(case)g Fu([skip)654
+2310 y Fn(ns)726 2295 y Fu(]:)43 b(Analogous.)0 2463
+y Fw(The)33 b(case)g Fu([comp)711 2478 y Fn(ns)782 2463
+y Fu(]:)43 b(Assume)34 b(that)244 2679 y Ft(h)p Fs(S)350
+2694 y Fn(1)389 2679 y Fu(;)p Fs(S)483 2694 y Fn(2)522
+2679 y Fu(,)f Fs(s)8 b Ft(i!)o Fs(s)816 2643 y Fi(0)0
+2896 y Fu(holds)32 b(b)s(ecause)244 3113 y Ft(h)p Fs(S)350
+3128 y Fn(1)389 3113 y Fu(,)h Fs(s)8 b Ft(i)o(!)p Fs(s)683
+3128 y Fn(0)755 3113 y Fu(and)33 b Ft(h)o Fs(S)1050 3128
+y Fn(2)1090 3113 y Fu(,)f Fs(s)1197 3128 y Fn(0)1237
+3113 y Ft(i!)o Fs(s)1423 3076 y Fi(0)0 3329 y Fu(for)c(some)h
+Fs(s)434 3344 y Fn(0)474 3329 y Fu(.)42 b(The)30 b(only)e(rule)g(that)h
+(could)f(b)s(e)h(applied)f(to)h(giv)m(e)f Ft(h)p Fs(S)2490
+3344 y Fn(1)2529 3329 y Fu(;)p Fs(S)2623 3344 y Fn(2)2663
+3329 y Fu(,)h Fs(s)8 b Ft(i!)p Fs(s)2954 3293 y Fi(00)3025
+3329 y Fu(is)28 b([comp)3374 3344 y Fn(ns)3445 3329 y
+Fu(])0 3450 y(so)33 b(there)g(is)f(a)g(state)h Fs(s)835
+3465 y Fn(1)907 3450 y Fu(suc)m(h)i(that)244 3666 y Ft(h)p
+Fs(S)350 3681 y Fn(1)389 3666 y Fu(,)e Fs(s)8 b Ft(i)o(!)p
+Fs(s)683 3681 y Fn(1)755 3666 y Fu(and)33 b Ft(h)o Fs(S)1050
+3681 y Fn(2)1090 3666 y Fu(,)f Fs(s)1197 3681 y Fn(1)1237
+3666 y Ft(i!)o Fs(s)1423 3630 y Fi(00)0 3883 y Fu(The)47
+b(induction)d(h)m(yp)s(othesis)j(can)f(b)s(e)g(applied)e(to)i(the)g
+(premise)f Ft(h)p Fs(S)2637 3898 y Fn(1)2676 3883 y Fu(,)k
+Fs(s)8 b Ft(i!)p Fs(s)2987 3898 y Fn(0)3072 3883 y Fu(and)46
+b(from)0 4003 y Ft(h)p Fs(S)106 4018 y Fn(1)145 4003
+y Fu(,)33 b Fs(s)8 b Ft(i)o(!)p Fs(s)439 4018 y Fn(1)512
+4003 y Fu(w)m(e)34 b(get)g Fs(s)868 4018 y Fn(0)941 4003
+y Fu(=)f Fs(s)1098 4018 y Fn(1)1138 4003 y Fu(.)46 b(Similarly)-8
+b(,)29 b(the)34 b(induction)f(h)m(yp)s(othesis)h(can)g(b)s(e)f(applied)
+g(to)0 4123 y(the)g(premise)f Ft(h)p Fs(S)632 4138 y
+Fn(2)671 4123 y Fu(,)h Fs(s)779 4138 y Fn(0)818 4123
+y Ft(i!)p Fs(s)1005 4087 y Fi(0)1061 4123 y Fu(and)f(from)g
+Ft(h)o Fs(S)1586 4138 y Fn(2)1626 4123 y Fu(,)g Fs(s)1733
+4138 y Fn(0)1773 4123 y Ft(i!)o Fs(s)1959 4087 y Fi(00)2034
+4123 y Fu(w)m(e)i(get)e Fs(s)2388 4087 y Fi(0)2444 4123
+y Fu(=)h Fs(s)2601 4087 y Fi(00)2676 4123 y Fu(as)f(required.)0
+4291 y Fw(The)h(case)g Fu([if)553 4255 y Fn(tt)541 4316
+y(ns)611 4291 y Fu(]:)44 b(Assume)33 b(that)244 4508
+y Ft(h)p Fr(if)g Fs(b)38 b Fr(then)c Fs(S)806 4523 y
+Fn(1)877 4508 y Fr(else)g Fs(S)1182 4523 y Fn(2)1221
+4508 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)g Fs(s)1580 4472 y
+Fi(0)0 4724 y Fu(holds)g(b)s(ecause)244 4941 y Ft(B)s
+Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32
+b Fw(tt)g Fu(and)h Ft(h)p Fs(S)1043 4956 y Fn(1)1082
+4941 y Fu(,)f Fs(s)8 b Ft(i!)p Fs(s)1376 4905 y Fi(0)0
+5158 y Fu(F)-8 b(rom)45 b Ft(B)s Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(])p Fs(s)54 b Fu(=)46 b Fw(tt)g Fu(w)m(e)h(get)f(that)g
+(the)h(only)e(rule)h(that)g(could)g(b)s(e)g(applied)f(to)h(giv)m(e)g
+(the)0 5278 y(alternativ)m(e)32 b Ft(h)o Fr(if)i Fs(b)k
+Fr(then)c Fs(S)1050 5293 y Fn(1)1121 5278 y Fr(else)g
+Fs(S)1426 5293 y Fn(2)1465 5278 y Fu(,)f Fs(s)8 b Ft(i)32
+b(!)g Fs(s)1824 5242 y Fi(00)1899 5278 y Fu(is)g([if)2094
+5242 y Fn(tt)2082 5303 y(ns)2153 5278 y Fu(].)43 b(So)33
+b(it)e(m)m(ust)i(b)s(e)g(the)g(case)g(that)244 5494 y
+Ft(h)p Fs(S)350 5509 y Fn(1)389 5494 y Fu(,)g Fs(s)8
+b Ft(i)32 b(!)g Fs(s)748 5458 y Fi(00)p eop
+%%Page: 30 40
+30 39 bop 251 130 a Fw(30)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(But)30
+b(then)h(the)f(induction)f(h)m(yp)s(othesis)i(can)f(b)s(e)g(applied)e
+(to)i(the)g(premise)f Ft(h)p Fs(S)3155 530 y Fn(1)3194
+515 y Fu(,)i Fs(s)8 b Ft(i)29 b(!)h Fs(s)3546 479 y Fi(0)3599
+515 y Fu(and)283 636 y(from)i Ft(h)p Fs(S)620 651 y Fn(1)659
+636 y Fu(,)g Fs(s)8 b Ft(i)33 b(!)f Fs(s)1018 600 y Fi(00)1093
+636 y Fu(w)m(e)i(get)e Fs(s)1447 600 y Fi(0)1503 636
+y Fu(=)g Fs(s)1659 600 y Fi(00)1702 636 y Fu(.)283 803
+y Fw(The)h(case)g Fu([if)836 767 y Fn(\013)824 828 y(ns)895
+803 y Fu(]:)43 b(Analogous.)283 971 y Fw(The)33 b(case)g
+Fu([while)1001 935 y Fn(tt)989 996 y(ns)1060 971 y Fu(]:)44
+b(Assume)33 b(that)527 1198 y Ft(h)p Fr(while)h Fs(b)k
+Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g
+Fs(s)1499 1162 y Fi(0)283 1425 y Fu(b)s(ecause)527 1652
+y Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)41
+b Fu(=)32 b Fw(tt)p Fu(,)g Ft(h)o Fs(S)12 b Fu(,)33 b
+Fs(s)8 b Ft(i!)o Fs(s)1457 1667 y Fn(0)1529 1652 y Fu(and)33
+b Ft(h)p Fr(while)h Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33
+b Fs(s)2440 1667 y Fn(0)2479 1652 y Ft(i!)o Fs(s)2665
+1615 y Fi(0)283 1879 y Fu(The)40 b(only)e(rule)h(that)f(could)g(b)s(e)h
+(applied)f(to)g(giv)m(e)h Ft(h)p Fr(while)h Fs(b)k Fr(do)c
+Fs(S)12 b Fu(,)38 b Fs(s)8 b Ft(i)39 b(!)f Fs(s)3223
+1842 y Fi(00)3304 1879 y Fu(is)g([while)3670 1842 y Fn(tt)3658
+1903 y(ns)3729 1879 y Fu(])283 1999 y(b)s(ecause)c Ft(B)t
+Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)41 b Fu(=)32
+b Fw(tt)g Fu(and)g(this)h(means)f(that)527 2226 y Ft(h)p
+Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)o(!)p Fs(s)927 2241
+y Fn(1)999 2226 y Fu(and)33 b Ft(h)o Fr(while)h Fs(b)39
+b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)1909 2241 y Fn(1)1949
+2226 y Ft(i)g(!)g Fs(s)2200 2190 y Fi(00)283 2453 y Fu(m)m(ust)46
+b(hold)e(for)h(some)g Fs(s)1234 2468 y Fn(1)1273 2453
+y Fu(.)81 b(Again)44 b(the)i(induction)e(h)m(yp)s(othesis)i(can)f(b)s
+(e)h(applied)e(to)g(the)283 2573 y(premise)33 b Ft(h)o
+Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i!)o Fs(s)1041 2588 y
+Fn(0)1113 2573 y Fu(and)33 b(from)e Ft(h)p Fs(S)12 b
+Fu(,)33 b Fs(s)8 b Ft(i)o(!)p Fs(s)1933 2588 y Fn(1)2005
+2573 y Fu(w)m(e)34 b(get)e Fs(s)2359 2588 y Fn(0)2431
+2573 y Fu(=)h Fs(s)2588 2588 y Fn(1)2627 2573 y Fu(.)44
+b(Th)m(us)34 b(w)m(e)f(ha)m(v)m(e)527 2800 y Ft(h)p Fr(while)h
+Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)1248 2815
+y Fn(0)1287 2800 y Ft(i!)p Fs(s)1474 2764 y Fi(0)1530
+2800 y Fu(and)f Ft(h)p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12
+b Fu(,)33 b Fs(s)2440 2815 y Fn(0)2479 2800 y Ft(i!)p
+Fs(s)2666 2764 y Fi(00)283 3027 y Fu(Since)44 b Ft(h)o
+Fr(while)g Fs(b)49 b Fr(do)44 b Fs(S)12 b Fu(,)42 b Fs(s)1310
+3042 y Fn(0)1350 3027 y Ft(i!)o Fs(s)1536 2991 y Fi(0)1602
+3027 y Fu(is)h(a)f(premise)h(of)f(\(the)i(instance)f(of)7
+b(\))42 b([while)3327 2991 y Fn(tt)3315 3051 y(ns)3386
+3027 y Fu(])h(w)m(e)h(can)283 3147 y(apply)37 b(the)h(induction)e(h)m
+(yp)s(othesis)j(to)d(it.)57 b(F)-8 b(rom)35 b Ft(h)p
+Fr(while)k Fs(b)k Fr(do)37 b Fs(S)12 b Fu(,)37 b Fs(s)2925
+3162 y Fn(0)2965 3147 y Ft(i!)o Fs(s)3151 3111 y Fi(00)3231
+3147 y Fu(w)m(e)h(therefore)283 3268 y(get)33 b Fs(s)494
+3231 y Fi(0)550 3268 y Fu(=)f Fs(s)706 3231 y Fi(00)781
+3268 y Fu(as)h(required.)283 3435 y Fw(The)g(case)g Fu([while)1001
+3399 y Fn(\013)989 3460 y(ns)1060 3435 y Fu(]:)44 b(Straigh)m(tforw)m
+(ard.)1826 b Fh(2)283 3784 y Fw(Exercise)37 b(2.10)49
+b Fu(*)83 b(Pro)m(v)m(e)43 b(that)e Fr(repeat)i Fs(S)53
+b Fr(until)43 b Fs(b)48 b Fu(\(as)41 b(de\014ned)i(in)e(Exercise)i
+(2.7\))e(is)283 3904 y(seman)m(tically)k(equiv)-5 b(alen)m(t)47
+b(to)g Fs(S)12 b Fu(;)32 b Fr(while)i Ft(:)p Fs(b)39
+b Fr(do)33 b Fs(S)12 b Fu(.)86 b(Argue)47 b(that)f(this)h(means)g(that)
+f(the)283 4025 y(extended)35 b(seman)m(tics)e(is)f(deterministic.)1860
+b Fh(2)430 4286 y Fu(It)42 b(is)f(w)m(orth)i(observing)f(that)g(w)m(e)h
+(could)e(not)h(pro)m(v)m(e)i(Theorem)e(2.9)f(using)h(structural)283
+4406 y(induction)h(on)g(the)h(statemen)m(t)h Fs(S)12
+b Fu(.)43 b(The)h(reason)h(is)e(that)g(the)h(rule)f([while)3160
+4370 y Fn(tt)3148 4431 y(ns)3219 4406 y Fu(])g(de\014nes)i(the)283
+4527 y(seman)m(tics)30 b(of)f Fr(while)i Fs(b)k Fr(do)30
+b Fs(S)41 b Fu(in)29 b(terms)g(of)g(itself.)41 b(Structural)29
+b(induction)g(w)m(orks)i(\014ne)f(when)283 4647 y(the)k(seman)m(tics)f
+(is)f(de\014ned)i Fs(c)-5 b(omp)g(ositional)5 b(ly)40
+b Fu(\(as)33 b(e.g.)45 b Ft(A)32 b Fu(and)h Ft(B)j Fu(in)c(Chapter)i
+(1\).)43 b(But)33 b(the)283 4768 y(natural)i(seman)m(tics)h(of)f(T)-8
+b(able)35 b(2.1)g(is)g Fs(not)45 b Fu(de\014ned)38 b(comp)s
+(ositionally)31 b(b)s(ecause)37 b(of)e(the)h(rule)283
+4888 y([while)545 4852 y Fn(tt)533 4913 y(ns)604 4888
+y Fu(].)430 5013 y(Basically)-8 b(,)46 b(induction)e(on)h(the)g(shap)s
+(e)h(of)e(deriv)-5 b(ation)44 b(trees)i(is)e(a)h(kind)g(of)f
+(structural)283 5133 y(induction)g(on)g(the)g(deriv)-5
+b(ation)43 b(trees:)68 b(In)44 b(the)h Fs(b)-5 b(ase)45
+b(c)-5 b(ase)51 b Fu(w)m(e)45 b(sho)m(w)g(that)f(the)h(prop)s(ert)m(y)
+283 5254 y(holds)40 b(for)g(the)g(simple)e(deriv)-5 b(ation)39
+b(trees.)66 b(In)41 b(the)f Fs(induction)h(step)46 b
+Fu(w)m(e)41 b(assume)g(that)e(the)283 5374 y(prop)s(ert)m(y)d(holds)e
+(for)g(the)h(immediate)d(constituen)m(ts)j(of)g(a)f(deriv)-5
+b(ation)33 b(tree)i(and)f(sho)m(w)i(that)283 5494 y(it)c(also)g(holds)g
+(for)g(the)h(comp)s(osite)e(deriv)-5 b(ation)31 b(tree.)p
+eop
+%%Page: 31 41
+31 40 bop 0 130 a Fw(2.1)112 b(Natural)37 b(seman)m(tics)2216
+b(31)p 0 193 3473 4 v 0 515 a Fp(The)44 b(seman)l(tic)j(function)d
+FC(S)1440 533 y Fk(ns)0 700 y Fu(The)37 b Fs(me)-5 b(aning)44
+b Fu(of)36 b(statemen)m(ts)h(can)g(no)m(w)g(b)s(e)g(summarized)e(as)i
+(a)f(\(partial\))e(function)i(from)0 820 y Fw(State)d
+Fu(to)f Fw(State)p Fu(.)43 b(W)-8 b(e)33 b(de\014ne)244
+1017 y Ft(S)312 1032 y Fn(ns)383 1017 y Fu(:)43 b Fw(Stm)32
+b Ft(!)g Fu(\()p Fw(State)h Fo(,)-17 b Ft(!)32 b Fw(State)p
+Fu(\))0 1214 y(and)h(this)f(means)h(that)f(for)g(ev)m(ery)i(statemen)m
+(t)f Fs(S)45 b Fu(w)m(e)33 b(ha)m(v)m(e)h(a)f(partial)d(function)244
+1411 y Ft(S)312 1426 y Fn(ns)383 1411 y Fu([)-17 b([)p
+Fs(S)12 b Fu(])-17 b(])33 b Ft(2)g Fw(State)g Fo(,)-17
+b Ft(!)33 b Fw(State)p Fu(.)0 1607 y(It)g(is)f(giv)m(en)g(b)m(y)244
+1861 y Ft(S)312 1876 y Fn(ns)383 1861 y Fu([)-17 b([)p
+Fs(S)12 b Fu(])-17 b(])q Fs(s)40 b Fu(=)714 1715 y Fg(\()822
+1800 y Fs(s)870 1763 y Fi(0)1148 1800 y Fu(if)31 b Ft(h)p
+Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1702
+1763 y Fi(0)822 1920 y Fu(undef)p 822 1933 243 4 v 91
+w(otherwise)0 2114 y(Note)e(that)g Ft(S)510 2129 y Fn(ns)611
+2114 y Fu(is)g(a)g(w)m(ell-de\014ned)g(partial)e(function)h(b)s(ecause)
+j(of)e(Theorem)g(2.9.)42 b(The)31 b(need)0 2234 y(for)36
+b(partialit)m(y)f(is)h(demonstrated)h(b)m(y)h(the)f(statemen)m(t)g
+Fr(while)d(true)f(do)g(skip)38 b Fu(that)f(alw)m(a)m(ys)0
+2355 y(lo)s(ops)32 b(\(see)h(Exercise)h(2.4\);)e(w)m(e)i(then)f(ha)m(v)
+m(e)244 2552 y Ft(S)312 2567 y Fn(ns)383 2552 y Fu([)-17
+b([)p Fr(while)34 b(true)g(do)f(skip)p Fu(])-17 b(])34
+b Fs(s)41 b Fu(=)32 b(undef)p 1546 2565 236 4 v 0 2748
+a(for)g(all)f(states)i Fs(s)8 b Fu(.)0 2968 y Fw(Exercise)36
+b(2.11)49 b Fu(The)38 b(seman)m(tics)g(of)e(arithmetic)f(expressions)k
+(is)e(giv)m(en)g(b)m(y)h(the)g(function)0 3088 y Ft(A)p
+Fu(.)61 b(W)-8 b(e)39 b(can)g(also)f(use)h(an)g(op)s(erational)d
+(approac)m(h)j(and)g(de\014ne)g(a)g(natural)e(seman)m(tics)i(for)0
+3208 y(the)33 b(arithmetic)d(expressions.)46 b(It)32
+b(will)f(ha)m(v)m(e)j(t)m(w)m(o)f(kinds)g(of)f(con\014gurations:)294
+3397 y Ft(h)o Fs(a)7 b Fu(,)33 b Fs(s)8 b Ft(i)100 b
+Fu(denoting)32 b(that)g Fs(a)40 b Fu(has)33 b(to)f(b)s(e)h(ev)-5
+b(aluated)32 b(in)g(state)h Fs(s)8 b Fu(,)33 b(and)294
+3564 y Fs(z)302 b Fu(denoting)32 b(the)h(\014nal)f(v)-5
+b(alue)32 b(\(an)g(elemen)m(t)g(of)g Fw(Z)p Fu(\).)0
+3754 y(The)i(transition)c(relation)h Ft(!)1103 3769 y
+Fn(Aexp)1300 3754 y Fu(has)i(the)g(form)244 3951 y Ft(h)p
+Fs(a)7 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)618 3966 y Fn(Aexp)816
+3951 y Fs(z)0 4147 y Fu(where)e(the)g(idea)e(is)h(that)f
+Fs(a)38 b Fu(ev)-5 b(aluates)29 b(to)h Fs(z)42 b Fu(in)29
+b(state)i Fs(s)8 b Fu(.)42 b(Some)30 b(example)f(axioms)g(and)h(rules)0
+4268 y(are)244 4465 y Ft(h)p Fs(n)7 b Fu(,)32 b Fs(s)8
+b Ft(i)33 b(!)623 4480 y Fn(Aexp)821 4465 y Ft(N)14 b
+Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])244 4679 y Ft(h)p
+Fs(x)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)618 4694 y Fn(Aexp)815
+4679 y Fs(s)41 b(x)254 4885 y Ft(h)p Fs(a)350 4900 y
+Fn(1)389 4885 y Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)668 4900
+y Fn(Aexp)865 4885 y Fs(z)917 4900 y Fn(1)957 4885 y
+Fu(,)g Ft(h)p Fs(a)1112 4900 y Fn(2)1152 4885 y Fu(,)g
+Fs(s)8 b Ft(i)33 b(!)1430 4900 y Fn(Aexp)1628 4885 y
+Fs(z)1680 4900 y Fn(2)p 254 4948 1466 4 v 536 5053 a
+Ft(h)p Fs(a)632 5068 y Fn(1)704 5053 y Fu(+)f Fs(a)869
+5068 y Fn(2)909 5053 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)1188
+5068 y Fn(Aexp)1385 5053 y Fs(z)1826 4971 y Fu(where)i
+Fs(z)45 b Fu(=)32 b Fs(z)2353 4986 y Fn(1)2425 4971 y
+Fu(+)g Fs(z)2585 4986 y Fn(2)0 5234 y Fu(Complete)k(the)h(sp)s
+(eci\014cation)f(of)h(the)g(transition)e(system.)57 b(Use)37
+b(structural)g(induction)e(on)0 5355 y Fw(Aexp)e Fu(to)f(pro)m(v)m(e)i
+(that)f(the)g(meaning)e(of)h Fs(a)40 b Fu(de\014ned)34
+b(b)m(y)g(this)e(relation)f(is)h(the)h(same)g(as)g(that)0
+5475 y(de\014ned)h(b)m(y)f Ft(A)p Fu(.)2820 b Fh(2)p
+eop
+%%Page: 32 42
+32 41 bop 251 130 a Fw(32)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 283 515 a(Exercise)g(2.12)49
+b Fu(In)24 b(a)h(similar)c(w)m(a)m(y)k(w)m(e)h(can)e(sp)s(ecify)h(a)f
+(natural)f(seman)m(tics)i(for)f(the)g(b)s(o)s(olean)283
+636 y(expressions.)46 b(The)33 b(transitions)f(will)e(ha)m(v)m(e)k(the)
+f(form)527 865 y Ft(h)p Fs(b)6 b Fu(,)33 b Fs(s)8 b Ft(i)32
+b(!)896 880 y Fn(Bexp)1090 865 y Fs(t)283 1094 y Fu(where)27
+b Fs(t)34 b Ft(2)25 b Fw(T)p Fu(.)g(Sp)s(ecify)g(the)h(transition)d
+(system)j(and)f(pro)m(v)m(e)h(that)e(the)i(meaning)d(of)i
+Fs(b)30 b Fu(de\014ned)283 1215 y(in)i(this)g(w)m(a)m(y)i(is)e(the)h
+(same)g(as)g(that)f(de\014ned)i(b)m(y)f Ft(B)t Fu(.)1487
+b Fh(2)283 1479 y Fw(Exercise)37 b(2.13)49 b Fu(Determine)i(whether)i
+(or)e(not)h(seman)m(tic)g(equiv)-5 b(alence)52 b(of)f
+Fs(S)3349 1494 y Fn(1)3441 1479 y Fu(and)h Fs(S)3717
+1494 y Fn(2)283 1600 y Fu(amoun)m(ts)33 b(to)f Ft(S)864
+1615 y Fn(ns)935 1600 y Fu([)-17 b([)q Fs(S)1040 1615
+y Fn(1)1079 1600 y Fu(])g(])33 b(=)f Ft(S)1325 1615 y
+Fn(ns)1396 1600 y Fu([)-17 b([)q Fs(S)1501 1615 y Fn(2)1540
+1600 y Fu(])g(])q(.)2076 b Fh(2)283 1964 y Fj(2.2)161
+b(Structural)53 b(op)t(erational)i(seman)l(tics)283 2194
+y Fu(In)34 b(structural)g(op)s(erational)d(seman)m(tics)j(the)g
+(emphasis)f(is)g(on)h(the)g Fs(individual)h(steps)41
+b Fu(of)33 b(the)283 2314 y(execution,)i(that)f(is)f(the)i(execution)f
+(of)f(assignmen)m(ts)i(and)e(tests.)49 b(The)35 b(transition)d
+(relation)283 2435 y(has)h(the)g(form)527 2664 y Ft(h)p
+Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))g Fo(\015)283
+2893 y Fu(where)39 b Fo(\015)j Fu(either)37 b(is)f(of)h(the)g(form)f
+Ft(h)p Fs(S)1675 2857 y Fi(0)1698 2893 y Fu(,)i Fs(s)1811
+2857 y Fi(0)1835 2893 y Ft(i)e Fu(or)h(of)g(the)g(form)f
+Fs(s)2605 2857 y Fi(0)2628 2893 y Fu(.)57 b(The)38 b(transition)e
+(expresses)283 3014 y(the)30 b Fs(\014rst)39 b Fu(step)31
+b(of)e(the)h(execution)g(of)f Fs(S)41 b Fu(from)28 b(state)i
+Fs(s)8 b Fu(.)43 b(There)30 b(are)g(t)m(w)m(o)g(p)s(ossible)f
+(outcomes:)429 3243 y Ft(\017)48 b Fu(If)25 b Fo(\015)k
+Fu(is)24 b(of)g(the)h(form)e Ft(h)p Fs(S)1378 3207 y
+Fi(0)1401 3243 y Fu(,)j Fs(s)1502 3207 y Fi(0)1526 3243
+y Ft(i)e Fu(then)h(the)g(execution)g(of)f Fs(S)36 b Fu(from)23
+b Fs(s)33 b Fu(is)24 b Fs(not)34 b Fu(completed)24 b(and)527
+3363 y(the)42 b(remaining)e(computation)g(is)h(expressed)k(b)m(y)d(the)
+g(in)m(termediate)f(con\014guration)527 3484 y Ft(h)p
+Fs(S)633 3447 y Fi(0)656 3484 y Fu(,)33 b Fs(s)764 3447
+y Fi(0)787 3484 y Ft(i)p Fu(.)429 3713 y Ft(\017)48 b
+Fu(If)32 b Fo(\015)k Fu(is)31 b(of)g(the)g(form)g Fs(s)1362
+3677 y Fi(0)1416 3713 y Fu(then)h(the)g(execution)g(of)f
+Fs(S)43 b Fu(from)30 b Fs(s)40 b(has)f Fu(terminated)30
+b(and)h(the)527 3833 y(\014nal)h(state)h(is)f Fs(s)1129
+3797 y Fi(0)1153 3833 y Fu(.)283 4063 y(W)-8 b(e)33 b(shall)f(sa)m(y)h
+(that)f Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b
+Fu(is)g Fs(stuck)44 b Fu(if)31 b(there)i(is)f(no)h Fo(\015)k
+Fu(suc)m(h)d(that)f Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8
+b Ft(i)32 b(\))g Fo(\015)5 b Fu(.)430 4188 y(The)45 b(de\014nition)f
+(of)g Ft(\))g Fu(is)g(giv)m(en)h(b)m(y)g(the)g(axioms)e(and)i(rules)f
+(of)g(T)-8 b(able)45 b(2.2)f(and)g(the)283 4308 y(general)36
+b(form)g(of)g(these)h(are)g(as)g(in)e(the)i(previous)g(section.)56
+b(Axioms)35 b([ass)3082 4323 y Fn(sos)3178 4308 y Fu(])i(and)f([skip)
+3633 4323 y Fn(sos)3729 4308 y Fu(])283 4429 y(ha)m(v)m(e)46
+b(not)e(c)m(hanged)i(at)d(all)g(b)s(ecause)i(the)g(assignmen)m(t)f(and)
+g Fr(skip)i Fu(statemen)m(ts)f(are)f(fully)283 4549 y(executed)35
+b(in)d(one)h(step.)430 4675 y(The)k(rules)f([comp)1138
+4639 y Fn(1)1126 4699 y(sos)1221 4675 y Fu(])g(and)g([comp)1744
+4639 y Fn(2)1732 4699 y(sos)1827 4675 y Fu(])g(express)j(that)d(to)g
+(execute)i Fs(S)2992 4690 y Fn(1)3031 4675 y Fu(;)p Fs(S)3125
+4690 y Fn(2)3201 4675 y Fu(in)d(state)i Fs(s)44 b Fu(w)m(e)283
+4795 y(\014rst)34 b(execute)g Fs(S)901 4810 y Fn(1)973
+4795 y Fu(one)f(step)g(from)f Fs(s)8 b Fu(.)43 b(Then)34
+b(there)f(are)g(t)m(w)m(o)g(p)s(ossible)f(outcomes:)429
+5024 y Ft(\017)48 b Fu(If)31 b(the)g(execution)h(of)e
+Fs(S)1400 5039 y Fn(1)1470 5024 y Fu(has)i(not)e(b)s(een)i(completed)e
+(w)m(e)i(ha)m(v)m(e)g(to)f(complete)f(it)g(b)s(efore)527
+5145 y(em)m(barking)i(on)h(the)g(execution)g(of)f Fs(S)1922
+5160 y Fn(2)1961 5145 y Fu(.)429 5374 y Ft(\017)48 b
+Fu(If)35 b(the)g(execution)h(of)e Fs(S)1416 5389 y Fn(1)1490
+5374 y Fu(has)i(b)s(een)f(completed)g(w)m(e)h(can)f(start)g(on)f(the)i
+(execution)f(of)527 5494 y Fs(S)594 5509 y Fn(2)634 5494
+y Fu(.)p eop
+%%Page: 33 43
+33 42 bop 0 130 a Fw(2.2)112 b(Structural)37 b(op)s(erational)f(seman)m
+(tics)1506 b(33)p 0 193 3473 4 v 0 419 V 0 2340 4 1922
+v 331 528 a Fu([ass)483 543 y Fn(sos)579 528 y Fu(])348
+b Ft(h)o Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(,)33 b Fs(s)8
+b Ft(i)33 b(\))f Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17
+b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])331 743 y([skip)529
+758 y Fn(sos)624 743 y Fu(])303 b Ft(h)o Fr(skip)p Fu(,)34
+b Fs(s)8 b Ft(i)33 b(\))f Fs(s)331 1035 y Fu([comp)598
+999 y Fn(1)586 1059 y(sos)681 1035 y Fu(])1097 948 y
+Ft(h)p Fs(S)1203 963 y Fn(1)1242 948 y Fu(,)h Fs(s)8
+b Ft(i)32 b(\))g(h)p Fs(S)1659 912 y Fi(0)1659 973 y
+Fn(1)1698 948 y Fu(,)h Fs(s)1806 912 y Fi(0)1829 948
+y Ft(i)p 964 1012 1038 4 v 964 1116 a(h)o Fs(S)1069 1131
+y Fn(1)1109 1116 y Fu(;)p Fs(S)1203 1131 y Fn(2)1242
+1116 y Fu(,)g Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)1659 1080
+y Fi(0)1659 1141 y Fn(1)1698 1116 y Fu(;)p Fs(S)1792
+1131 y Fn(2)1832 1116 y Fu(,)g Fs(s)1939 1080 y Fi(0)1963
+1116 y Ft(i)331 1397 y Fu([comp)598 1361 y Fn(2)586 1422
+y(sos)681 1397 y Fu(])1152 1310 y Ft(h)p Fs(S)1258 1325
+y Fn(1)1297 1310 y Fu(,)h Fs(s)8 b Ft(i)32 b(\))g Fs(s)1656
+1274 y Fi(0)p 964 1374 905 4 v 964 1478 a Ft(h)o Fs(S)1069
+1493 y Fn(1)1109 1478 y Fu(;)p Fs(S)1203 1493 y Fn(2)1242
+1478 y Fu(,)h Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)1659 1493
+y Fn(2)1698 1478 y Fu(,)h Fs(s)1806 1442 y Fi(0)1829
+1478 y Ft(i)331 1682 y Fu([if)428 1646 y Fn(tt)416 1707
+y(sos)510 1682 y Fu(])417 b Ft(h)o Fr(if)34 b Fs(b)k
+Fr(then)c Fs(S)1516 1697 y Fn(1)1587 1682 y Fr(else)g
+Fs(S)1892 1697 y Fn(2)1931 1682 y Fu(,)f Fs(s)8 b Ft(i)32
+b(\))g(h)p Fs(S)2348 1697 y Fn(1)2387 1682 y Fu(,)h Fs(s)8
+b Ft(i)32 b Fu(if)g Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(])p Fs(s)41 b Fu(=)32 b Fw(tt)331 1897 y Fu([if)428
+1861 y Fn(\013)416 1922 y(sos)510 1897 y Fu(])417 b Ft(h)o
+Fr(if)34 b Fs(b)k Fr(then)c Fs(S)1516 1912 y Fn(1)1587
+1897 y Fr(else)g Fs(S)1892 1912 y Fn(2)1931 1897 y Fu(,)f
+Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)2348 1912 y Fn(2)2387
+1897 y Fu(,)h Fs(s)8 b Ft(i)32 b Fu(if)g Ft(B)s Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(\013)331
+2112 y Fu([while)581 2127 y Fn(sos)675 2112 y Fu(])252
+b Ft(h)o Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 b
+Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))1281 2279 y(h)p Fr(if)g
+Fs(b)39 b Fr(then)33 b Fu(\()p Fs(S)12 b Fu(;)33 b Fr(while)g
+Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(\))32 b Fr(else)i(skip)p
+Fu(,)f Fs(s)8 b Ft(i)p 3469 2340 4 1922 v 0 2343 3473
+4 v 574 2504 a Fu(T)-8 b(able)32 b(2.2:)43 b(Structural)32
+b(op)s(erational)e(seman)m(tics)j(for)f Fw(While)0 2798
+y Fu(The)h(\014rst)g(case)g(is)e(captured)i(b)m(y)g(the)g(rule)e([comp)
+1874 2762 y Fn(1)1862 2822 y(sos)1957 2798 y Fu(]:)43
+b(If)32 b(the)h(result)f(of)g(executing)g(the)h(\014rst)0
+2918 y(step)e(of)e Ft(h)p Fs(S)12 b Fu(,)29 b Fs(s)8
+b Ft(i)30 b Fu(is)f(an)h(in)m(termediate)f(con\014guration)g
+Ft(h)o Fs(S)2076 2882 y Fi(0)2076 2943 y Fn(1)2116 2918
+y Fu(,)h Fs(s)2221 2882 y Fi(0)2244 2918 y Ft(i)g Fu(then)g(the)h(next)
+f(con\014guration)0 3039 y(is)g Ft(h)p Fs(S)202 3002
+y Fi(0)202 3063 y Fn(1)241 3039 y Fu(;)p Fs(S)335 3054
+y Fn(2)375 3039 y Fu(,)h Fs(s)481 3002 y Fi(0)504 3039
+y Ft(i)g Fu(sho)m(wing)g(that)f(w)m(e)i(ha)m(v)m(e)h(to)d(complete)g
+(the)h(execution)h(of)e Fs(S)2823 3054 y Fn(1)2893 3039
+y Fu(b)s(efore)h(w)m(e)h(can)0 3159 y(start)f(on)f Fs(S)432
+3174 y Fn(2)471 3159 y Fu(.)43 b(The)32 b(second)g(case)f(ab)s(o)m(v)m
+(e)h(is)e(captured)i(b)m(y)f(the)g(rule)f([comp)2792
+3123 y Fn(2)2780 3184 y(sos)2875 3159 y Fu(]:)43 b(If)30
+b(the)h(result)0 3279 y(of)g(executing)g Fs(S)611 3294
+y Fn(1)682 3279 y Fu(from)e Fs(s)40 b Fu(is)30 b(a)h(\014nal)f(state)i
+Fs(s)1667 3243 y Fi(0)1721 3279 y Fu(then)g(the)f(next)h
+(con\014guration)e(is)h Ft(h)p Fs(S)3118 3294 y Fn(2)3157
+3279 y Fu(,)i Fs(s)3265 3243 y Fi(0)3288 3279 y Ft(i)p
+Fu(,)e(so)0 3400 y(that)h(w)m(e)i(can)f(no)m(w)g(start)g(on)f
+Fs(S)1173 3415 y Fn(2)1212 3400 y Fu(.)146 3524 y(F)-8
+b(rom)47 b(the)i(axioms)e([if)1043 3488 y Fn(tt)1031
+3549 y(sos)1125 3524 y Fu(])h(and)h([if)1503 3488 y Fn(\013)1491
+3549 y(sos)1585 3524 y Fu(])f(w)m(e)h(see)h(that)e(the)g(\014rst)h
+(step)g(in)f(executing)h(a)0 3645 y(conditional)22 b(is)j(to)g(p)s
+(erform)f(the)h(test)h(and)f(to)g(select)h(the)f(appropriate)f(branc)m
+(h.)42 b(Finally)-8 b(,)24 b(the)0 3765 y(axiom)i([while)535
+3780 y Fn(sos)629 3765 y Fu(])h(sho)m(ws)i(that)e(the)h(\014rst)g(step)
+g(in)e(the)i(execution)g(of)f(the)h Fr(while)p Fu(-construct)h(is)0
+3886 y(to)i(unfold)f(it)g(one)h(lev)m(el,)g(that)g(is)f(to)h(rewrite)g
+(it)e(as)j(a)e(conditional.)41 b(The)32 b(test)f(will)e(therefore)0
+4006 y(b)s(e)h(p)s(erformed)g(in)g(the)g(second)i(step)f(of)f(the)g
+(execution)h(\(where)g(one)g(of)f(the)g(axioms)f(for)h(the)0
+4126 y Fr(if)p Fu(-construct)k(is)e(applied\).)42 b(W)-8
+b(e)33 b(shall)e(see)j(an)e(example)h(of)f(this)g(shortly)-8
+b(.)146 4251 y(A)33 b Fs(derivation)h(se)-5 b(quenc)g(e)39
+b Fu(of)32 b(a)g(statemen)m(t)i Fs(S)44 b Fu(starting)32
+b(in)f(state)i Fs(s)41 b Fu(is)32 b(either)145 4476 y
+Ft(\017)49 b Fu(a)32 b Fs(\014nite)40 b Fu(sequence)458
+4700 y Fo(\015)515 4715 y Fn(0)554 4700 y Fu(,)33 b Fo(\015)670
+4715 y Fn(1)709 4700 y Fu(,)g Fo(\015)825 4715 y Fn(2)864
+4700 y Fu(,)g Ft(\001)17 b(\001)g(\001)n Fu(,)33 b Fo(\015)1156
+4715 y Fn(k)244 4925 y Fu(of)24 b(con\014gurations)g(satisfying)g
+Fo(\015)1451 4940 y Fn(0)1515 4925 y Fu(=)g Ft(h)p Fs(S)12
+b Fu(,)24 b Fs(s)8 b Ft(i)p Fu(,)27 b Fo(\015)1969 4940
+y Fn(i)2017 4925 y Ft(\))d Fo(\015)2197 4940 y Fn(i+1)2335
+4925 y Fu(for)h(0)p Ft(\024)p Fu(i)p Fo(<)p Fu(k,)g(k)p
+Ft(\025)q Fu(0,)h(and)f(where)244 5045 y Fo(\015)300
+5060 y Fn(k)374 5045 y Fu(is)32 b(either)g(a)h(terminal)d
+(con\014guration)h(or)i(a)f(stuc)m(k)i(con\014guration,)e(or)g(it)g(is)
+145 5270 y Ft(\017)49 b Fu(an)32 b Fs(in\014nite)40 b
+Fu(sequence)458 5494 y Fo(\015)515 5509 y Fn(0)554 5494
+y Fu(,)33 b Fo(\015)670 5509 y Fn(1)709 5494 y Fu(,)g
+Fo(\015)825 5509 y Fn(2)864 5494 y Fu(,)g Ft(\001)17
+b(\001)g(\001)p eop
+%%Page: 34 44
+34 43 bop 251 130 a Fw(34)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Fu(of)32
+b(con\014gurations)h(satisfying)e Fo(\015)1758 530 y
+Fn(0)1830 515 y Fu(=)i Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8
+b Ft(i)32 b Fu(and)h Fo(\015)2469 530 y Fn(i)2525 515
+y Ft(\))f Fo(\015)2713 530 y Fn(i+1)2860 515 y Fu(for)g(0)p
+Ft(\024)p Fu(i)283 715 y(W)-8 b(e)40 b(shall)d(write)i
+Fo(\015)1004 730 y Fn(0)1082 715 y Ft(\))1181 678 y Fn(i)1244
+715 y Fo(\015)1300 730 y Fn(i)1362 715 y Fu(to)g(indicate)f(that)g
+(there)i(are)e(i)g(steps)i(in)e(the)i(execution)f(from)283
+835 y Fo(\015)339 850 y Fn(0)413 835 y Fu(to)c Fo(\015)591
+850 y Fn(i)649 835 y Fu(and)g(w)m(e)g(write)f Fo(\015)1294
+850 y Fn(0)1367 835 y Ft(\))1467 799 y Fi(\003)1541 835
+y Fo(\015)1597 850 y Fn(i)1655 835 y Fu(to)h(indicate)e(that)h(there)i
+(is)e(a)g(\014nite)g(n)m(um)m(b)s(er)h(of)f(steps.)283
+955 y(Note)i(that)f Fo(\015)792 970 y Fn(0)867 955 y
+Ft(\))966 919 y Fn(i)1025 955 y Fo(\015)1081 970 y Fn(i)1140
+955 y Fu(and)g Fo(\015)1389 970 y Fn(0)1463 955 y Ft(\))1563
+919 y Fi(\003)1637 955 y Fo(\015)1693 970 y Fn(i)1752
+955 y Fu(need)i Fs(not)44 b Fu(b)s(e)36 b(deriv)-5 b(ation)33
+b(sequences:)53 b(they)36 b(will)d(b)s(e)283 1076 y(so)g(if)f(and)g
+(only)g(if)g Fo(\015)1042 1091 y Fn(i)1098 1076 y Fu(is)g(either)h(a)f
+(terminal)e(con\014guration)i(or)g(a)g(stuc)m(k)j(con\014guration.)283
+1298 y Fw(Example)i(2.14)49 b Fu(Consider)33 b(the)g(statemen)m(t)527
+1497 y(\()p Fr(z)g Fu(:=)g Fr(x)p Fu(;)f Fr(x)h Fu(:=)g
+Fr(y)p Fu(\);)g Fr(y)f Fu(:=)h Fr(z)283 1697 y Fu(of)j(Chapter)h(1)f
+(and)g(let)g Fs(s)1252 1712 y Fn(0)1328 1697 y Fu(b)s(e)g(the)h(state)f
+(that)g(maps)g(all)e(v)-5 b(ariables)35 b(except)j Fr(x)e
+Fu(and)h Fr(y)f Fu(to)g Fw(0)283 1817 y Fu(and)d(that)g(has)f
+Fs(s)906 1832 y Fn(0)979 1817 y Fr(x)g Fu(=)h Fw(5)f
+Fu(and)h Fs(s)1497 1832 y Fn(0)1569 1817 y Fr(y)g Fu(=)f
+Fw(7)p Fu(.)44 b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)h(the)f(deriv)-5
+b(ation)31 b(sequence:)527 2016 y Ft(h)p Fu(\()p Fr(z)i
+Fu(:=)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(y)p Fu(\);)h
+Fr(y)g Fu(:=)g Fr(z)p Fu(,)f Fs(s)1680 2031 y Fn(0)1720
+2016 y Ft(i)934 2184 y(\))g(h)p Fr(x)h Fu(:=)f Fr(y)p
+Fu(;)h Fr(y)g Fu(:=)f Fr(z)p Fu(,)h Fs(s)1813 2199 y
+Fn(0)1853 2184 y Fu([)p Fr(z)p Ft(7!)p Fw(5)p Fu(])p
+Ft(i)934 2351 y(\))f(h)p Fr(y)h Fu(:=)f Fr(z)p Fu(,)h(\()p
+Fs(s)1521 2366 y Fn(0)1561 2351 y Fu([)p Fr(z)p Ft(7!)p
+Fw(5)p Fu(]\)[)p Fr(x)p Ft(7!)p Fw(7)p Fu(])p Ft(i)934
+2519 y(\))f Fu(\(\()p Fs(s)1190 2534 y Fn(0)1230 2519
+y Fu([)p Fr(z)p Ft(7!)p Fw(5)p Fu(]\)[)p Fr(x)p Ft(7!)p
+Fw(7)p Fu(]\)[)p Fr(y)p Ft(7!)p Fw(5)p Fu(])283 2718
+y(Corresp)s(onding)c(to)g Fs(e)-5 b(ach)34 b Fu(of)28
+b(these)h(steps)g(w)m(e)g(ha)m(v)m(e)g Fs(derivation)h(tr)-5
+b(e)g(es)36 b Fu(explaining)26 b(wh)m(y)j(they)283 2839
+y(tak)m(e)34 b(place.)43 b(F)-8 b(or)32 b(the)h(\014rst)g(step)527
+3038 y Ft(h)p Fu(\()p Fr(z)g Fu(:=)f Fr(x)p Fu(;)h Fr(x)g
+Fu(:=)f Fr(y)p Fu(\);)h Fr(y)g Fu(:=)g Fr(z)p Fu(,)f
+Fs(s)1680 3053 y Fn(0)1720 3038 y Ft(i)g(\))g(h)p Fr(x)h
+Fu(:=)f Fr(y)p Fu(;)h Fr(y)g Fu(:=)f Fr(z)p Fu(,)h Fs(s)2670
+3053 y Fn(0)2710 3038 y Fu([)p Fr(z)p Ft(7!)p Fw(5)p
+Fu(])p Ft(i)283 3237 y Fu(the)g(deriv)-5 b(ation)31 b(tree)j(is)1314
+3408 y Ft(h)p Fr(z)f Fu(:=)f Fr(x)p Fu(,)h Fs(s)1731
+3423 y Fn(0)1771 3408 y Ft(i)f(\))g Fs(s)2022 3423 y
+Fn(0)2061 3408 y Fu([)p Fr(z)p Ft(7!)p Fw(5)p Fu(])p
+527 3495 2583 4 v 945 3699 a Ft(h)p Fr(z)h Fu(:=)f Fr(x)p
+Fu(;)h Fr(x)g Fu(:=)f Fr(y)p Fu(,)h Fs(s)1692 3714 y
+Fn(0)1732 3699 y Ft(i)f(\))g(h)p Fr(x)h Fu(:=)f Fr(y)p
+Fu(,)h Fs(s)2352 3714 y Fn(0)2392 3699 y Fu([)p Fr(z)p
+Ft(7!)p Fw(5)p Fu(])p Ft(i)p 527 3786 V 577 3991 a(h)p
+Fu(\()p Fr(z)g Fu(:=)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(y)p
+Fu(\);)h Fr(y)g Fu(:=)f Fr(z)p Fu(,)h Fs(s)1730 4006
+y Fn(0)1770 3991 y Ft(i)f(\))g(h)p Fr(x)h Fu(:=)f Fr(y)p
+Fu(;)h Fr(y)g Fu(:=)f Fr(z)p Fu(,)h Fs(s)2720 4006 y
+Fn(0)2760 3991 y Fu([)p Fr(z)p Ft(7!)p Fw(5)p Fu(])p
+Ft(i)283 4193 y Fu(and)41 b(it)e(has)i(b)s(een)g(constructed)h(from)d
+(the)i(axiom)e([ass)2404 4208 y Fn(sos)2500 4193 y Fu(])h(and)g(the)h
+(rules)g([comp)3449 4157 y Fn(1)3437 4218 y(sos)3531
+4193 y Fu(])g(and)283 4313 y([comp)550 4277 y Fn(2)538
+4338 y(sos)633 4313 y Fu(].)49 b(The)36 b(deriv)-5 b(ation)33
+b(tree)i(for)f(the)g(second)i(step)g(is)d(constructed)k(in)c(a)h
+(similar)e(w)m(a)m(y)283 4434 y(using)j(only)g([ass)910
+4449 y Fn(sos)1006 4434 y Fu(])g(and)g([comp)1527 4398
+y Fn(2)1515 4458 y(sos)1610 4434 y Fu(])g(and)g(for)g(the)g(third)g
+(step)h(it)e(simply)f(is)i(an)g(instance)g(of)283 4554
+y([ass)435 4569 y Fn(sos)531 4554 y Fu(].)3096 b Fh(2)283
+4777 y Fw(Example)37 b(2.15)49 b Fu(Assume)37 b(that)f
+Fs(s)45 b Fr(x)36 b Fu(=)h Fw(3)p Fu(.)55 b(The)37 b(\014rst)g(step)g
+(of)f(execution)h(from)e(the)i(con-)283 4897 y(\014guration)527
+5096 y Ft(h)p Fr(y)p Fu(:=)p Fr(1)p Fu(;)c Fr(while)h
+Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
+Fr(y)p Fu(:=)p Fr(y)g Fo(?)g Fr(x)p Fu(;)f Fr(x)p Fu(:=)p
+Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)283 5295
+y Fu(will)31 b(giv)m(e)h(the)h(con\014guration)527 5494
+y Ft(h)p Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p
+Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)g Fo(?)f
+Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
+Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(])p
+Ft(i)p eop
+%%Page: 35 45
+35 44 bop 0 130 a Fw(2.2)112 b(Structural)37 b(op)s(erational)f(seman)m
+(tics)1506 b(35)p 0 193 3473 4 v 0 515 a Fu(This)39 b(is)g(ac)m(hiev)m
+(ed)h(using)e(the)i(axiom)d([ass)1617 530 y Fn(sos)1713
+515 y Fu(])i(and)g(the)g(rule)g([comp)2618 479 y Fn(2)2606
+540 y(sos)2701 515 y Fu(])g(as)g(sho)m(wn)h(b)m(y)g(the)0
+636 y(deriv)-5 b(ation)31 b(tree:)929 798 y Ft(h)p Fr(y)p
+Fu(:=)p Fr(1)p Fu(,)i Fs(s)8 b Ft(i)32 b(\))g Fs(s)8
+b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(])p 244 885 2235 4
+v 294 1089 a Ft(h)o Fr(y)p Fu(:=)p Fr(1)p Fu(;)34 b Fr(while)f
+Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p
+Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p
+Fr(x)p Ft(\000)p Fr(1)p Fu(\),)h Fs(s)8 b Ft(i)32 b(\))362
+1257 y(h)o Fr(while)i Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p
+Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p
+Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
+Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(])p
+Ft(i)0 1440 y Fu(The)43 b(next)h(step)f(of)f(the)h(execution)g(will)d
+(rewrite)i(the)h(lo)s(op)e(as)i(a)f(conditional)e(using)i(the)0
+1561 y(axiom)31 b([while)540 1576 y Fn(sos)634 1561 y
+Fu(])i(so)g(w)m(e)g(get)g(the)g(con\014guration)244 1751
+y Ft(h)p Fr(if)g Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p
+Fu(\))g Fr(then)g Fu(\(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)q
+Fr(x)p Fu(;)f Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
+Fu(\);)1046 1919 y Fr(while)i Ft(:)q Fu(\()p Fr(x)p Fu(=)p
+Fr(1)p Fu(\))e Fr(do)i Fu(\()p Fr(y)p Fu(:=)p Fr(y)p
+Fo(?)p Fr(x)p Fu(;)f Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(\)\))771 2086 y Fr(else)g(skip)p Fu(,)h Fs(s)8
+b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(])p Ft(i)0 2276 y Fu(The)38
+b(follo)m(wing)c(step)k(will)d(p)s(erform)h(the)i(test)g(and)f(yields)g
+(\(according)f(to)h([if)2937 2240 y Fn(tt)2925 2301 y(sos)3019
+2276 y Fu(]\))g(the)h(con-)0 2397 y(\014guration)244
+2587 y Ft(h)p Fu(\()p Fr(y)p Fu(:=)p Fr(y)p Fo(?)p Fr(x)p
+Fu(;)33 b Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(\);)h
+Fr(while)f Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g
+Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h
+Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(\),)h Fs(s)8
+b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(])p Ft(i)0 2777 y Fu(W)-8
+b(e)33 b(can)g(then)g(use)h([ass)890 2792 y Fn(sos)985
+2777 y Fu(],)f([comp)1339 2741 y Fn(2)1327 2802 y(sos)1422
+2777 y Fu(])g(and)f([comp)1938 2741 y Fn(1)1926 2802
+y(sos)2021 2777 y Fu(])h(to)f(obtain)f(the)i(con\014guration)244
+2967 y Ft(h)p Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
+Fu(;)g Fr(while)h Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p
+Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)g Fo(?)f
+Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
+Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(3)p Fu(])p
+Ft(i)0 3157 y Fu(as)33 b(is)f(v)m(eri\014ed)h(b)m(y)h(the)f(deriv)-5
+b(ation)31 b(tree:)1156 3339 y Ft(h)p Fr(y)p Fu(:=)p
+Fr(y)p Fo(?)p Fr(x)p Fu(,)i Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p
+Fw(1)p Fu(])p Ft(i\))o Fs(s)g Fu([)p Fr(y)p Ft(7!)p Fw(3)p
+Fu(])p 204 3426 3066 4 v 723 3630 a Ft(h)p Fr(y)p Fu(:=)p
+Fr(y)p Fo(?)p Fr(x)p Fu(;)33 b Fr(x)p Fu(:=)p Fr(x)p
+Ft(\000)p Fr(1)p Fu(,)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p
+Fw(1)p Fu(])p Ft(i\)h)o Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(,)34 b Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(3)p
+Fu(])p Ft(i)p 204 3717 V 253 3922 a(h)p Fu(\()p Fr(y)p
+Fu(:=)p Fr(y)p Fo(?)p Fr(x)p Fu(;)33 b Fr(x)p Fu(:=)p
+Fr(x)p Ft(\000)p Fr(1)p Fu(\);)h Fr(while)g Ft(:)p Fu(\()p
+Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p
+Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(1)p
+Fu(])p Ft(i)32 b(\))507 4089 y(h)p Fr(x)p Fu(:=)p Fr(x)p
+Ft(\000)p Fr(1)p Fu(;)i Fr(while)g Ft(:)p Fu(\()p Fr(x)p
+Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p
+Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(3)p
+Fu(])p Ft(i)0 4282 y Fu(Using)32 b([ass)426 4297 y Fn(sos)522
+4282 y Fu(])h(and)f([comp)1038 4246 y Fn(2)1026 4307
+y(sos)1121 4282 y Fu(])h(the)g(next)g(con\014guration)f(will)e(then)k
+(b)s(e)244 4473 y Ft(h)p Fr(while)f Ft(:)q Fu(\()p Fr(x)p
+Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p Fr(y)p Fu(:=)p
+Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(\),)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(3)p
+Fu(][)p Fr(x)p Ft(7!)p Fw(2)p Fu(])p Ft(i)0 4663 y Fu(Con)m(tin)m(uing)
+32 b(in)g(this)g(w)m(a)m(y)i(w)m(e)f(ev)m(en)m(tually)h(reac)m(h)f(the)
+g(\014nal)f(state)h Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(6)p
+Fu(][)p Fr(x)p Ft(7!)p Fw(1)p Fu(].)304 b Fh(2)0 4873
+y Fw(Exercise)36 b(2.16)49 b Fu(Construct)34 b(a)e(deriv)-5
+b(ation)31 b(sequence)36 b(for)c(the)h(statemen)m(t)244
+5064 y Fr(z)p Fu(:=)p Fr(0)p Fu(;)g Fr(while)h(y)p Ft(\024)q
+Fr(x)e(do)h Fu(\()p Fr(z)p Fu(:=)p Fr(z)p Fu(+)p Fr(1)p
+Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(y)p Fu(\))0
+5254 y(when)24 b(executed)h(in)d(a)g(state)h(where)h
+Fr(x)f Fu(has)g(the)g(v)-5 b(alue)22 b Fw(17)h Fu(and)g
+Fr(y)g Fu(has)g(the)g(v)-5 b(alue)22 b Fw(5)p Fu(.)40
+b(Determine)0 5374 y(a)33 b(state)g Fs(s)41 b Fu(suc)m(h)35
+b(that)d(the)i(deriv)-5 b(ation)31 b(sequence)36 b(obtained)c(for)h
+(the)g(ab)s(o)m(v)m(e)h(statemen)m(t)f(and)0 5494 y Fs(s)41
+b Fu(is)32 b(in\014nite.)2893 b Fh(2)p eop
+%%Page: 36 46
+36 45 bop 251 130 a Fw(36)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 430 515 a Fu(Giv)m(en)30
+b(a)g(statemen)m(t)h Fs(S)42 b Fu(in)29 b(the)i(language)e
+Fw(While)g Fu(and)h(a)g(state)g Fs(s)39 b Fu(it)29 b(is)h(alw)m(a)m(ys)
+h(p)s(ossible)283 636 y(to)43 b(\014nd)g Fs(at)i(le)-5
+b(ast)44 b(one)50 b Fu(deriv)-5 b(ation)41 b(sequence)46
+b(that)d(starts)g(in)f(the)h(con\014guration)f Ft(h)p
+Fs(S)12 b Fu(,)43 b Fs(s)8 b Ft(i)p Fu(:)283 756 y(simply)29
+b(apply)h(axioms)e(and)j(rules)f(forev)m(er)g(or)g(un)m(til)f(a)g
+(terminal)f(or)i(stuc)m(k)h(con\014guration)e(is)283
+877 y(reac)m(hed.)60 b(Insp)s(ection)37 b(of)g(T)-8 b(able)37
+b(2.2)g(sho)m(ws)i(that)e(there)h(are)f(no)h(stuc)m(k)h
+(con\014gurations)e(in)283 997 y Fw(While)30 b Fu(and)i(Exercise)g
+(2.22)f(b)s(elo)m(w)g(will)e(sho)m(w)k(that)e(there)h(is)f(in)g(fact)g
+(only)g(one)g(deriv)-5 b(ation)283 1117 y(sequence)41
+b(that)c(starts)h(with)f Ft(h)p Fs(S)12 b Fu(,)37 b Fs(s)8
+b Ft(i)p Fu(.)59 b(Ho)m(w)m(ev)m(er,)41 b(some)c(of)g(the)h(constructs)
+h(considered)g(in)283 1238 y(Section)k(2.4)g(that)f(extend)j
+Fw(While)c Fu(will)f(ha)m(v)m(e)45 b(con\014gurations)d(that)h(are)g
+(stuc)m(k)h(or)f(more)283 1358 y(than)33 b(one)g(deriv)-5
+b(ation)31 b(sequence)k(that)e(starts)g(in)e(a)i(giv)m(en)f
+(con\014guration.)430 1496 y(In)j(analogy)f(with)h(the)h(terminology)d
+(of)h(the)i(previous)g(section)f(w)m(e)h(shall)e(sa)m(y)i(that)f(the)
+283 1616 y(execution)f(of)e(a)g(statemen)m(t)h Fs(S)45
+b Fu(on)32 b(a)g(state)h Fs(s)429 1905 y Ft(\017)48 b
+Fs(terminates)e Fu(if)36 b(and)i(only)g(if)e(there)j(is)e(a)g(\014nite)
+h(deriv)-5 b(ation)36 b(sequence)k(starting)d(with)527
+2025 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)o Fu(,)33
+b(and)429 2314 y Ft(\017)48 b Fs(lo)-5 b(ops)54 b Fu(if)46
+b(and)g(only)g(if)f(there)j(is)e(an)g(in\014nite)g(deriv)-5
+b(ation)44 b(sequence)50 b(starting)45 b(with)527 2434
+y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)o Fu(.)283
+2723 y(W)-8 b(e)37 b(shall)d(sa)m(y)j(that)f(the)g(execution)g(of)g
+Fs(S)47 b Fu(on)36 b Fs(s)44 b(terminates)37 b(suc)-5
+b(c)g(essful)5 b(ly)45 b Fu(if)34 b Ft(h)p Fs(S)12 b
+Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))3613 2687 y Fi(\003)3685
+2723 y Fs(s)3733 2687 y Fi(0)283 2844 y Fu(for)k(some)f(state)i
+Fs(s)974 2807 y Fi(0)997 2844 y Fu(;)h(in)d Fw(While)f
+Fu(an)i(execution)g(terminates)f(successfully)i(if)e(and)h(only)f(if)g
+(it)283 2964 y(terminates)e(b)s(ecause)h(there)g(are)f(no)g(stuc)m(k)i
+(con\014gurations.)45 b(Finally)-8 b(,)30 b(w)m(e)k(shall)e(sa)m(y)i
+(that)f(a)283 3084 y(statemen)m(t)e Fs(S)42 b(always)32
+b(terminates)38 b Fu(if)29 b(it)g(terminates)h(on)g(all)e(states,)k
+(and)e Fs(always)i(lo)-5 b(ops)38 b Fu(if)29 b(it)283
+3205 y(lo)s(ops)j(on)g(all)f(states.)283 3570 y Fw(Exercise)37
+b(2.17)49 b Fu(Extend)42 b Fw(While)d Fu(with)i(the)g(construct)h
+Fr(repeat)g Fs(S)53 b Fr(until)42 b Fs(b)k Fu(and)41
+b(sp)s(ec-)283 3690 y(ify)i(the)g(structural)g(op)s(erational)e(seman)m
+(tics)i(for)f(it.)74 b(\(The)44 b(seman)m(tics)f(for)f(the)i
+Fr(repeat)p Fu(-)283 3811 y(construct)34 b(is)e(not)h(allo)m(w)m(ed)e
+(to)i(rely)f(on)h(the)g(existence)h(of)e(a)g Fr(while)p
+Fu(-construct.\))380 b Fh(2)283 4158 y Fw(Exercise)37
+b(2.18)49 b Fu(Extend)42 b Fw(While)c Fu(with)j(the)f(construct)i
+Fr(for)f Fs(x)52 b Fu(:=)41 b Fs(a)2989 4173 y Fn(1)3069
+4158 y Fr(to)g Fs(a)3269 4173 y Fn(2)3349 4158 y Fr(do)g
+Fs(S)52 b Fu(and)283 4279 y(sp)s(ecify)31 b(the)f(structural)f(op)s
+(erational)e(seman)m(tics)j(for)f(it.)42 b(Hin)m(t:)f(Y)-8
+b(ou)30 b(ma)m(y)f(need)i(to)e(assume)283 4399 y(that)j(y)m(ou)g(ha)m
+(v)m(e)h(an)e(\\in)m(v)m(erse")h(to)f Ft(N)15 b Fu(,)31
+b(so)h(that)f(there)h(is)f(a)h(n)m(umeral)e(for)h(eac)m(h)h(n)m(um)m(b)
+s(er)g(that)283 4520 y(ma)m(y)40 b(arise)g(during)f(the)i(computation.)
+64 b(\(The)41 b(seman)m(tics)f(for)g(the)g Fr(for)p Fu(-construct)h(is)
+f(not)283 4640 y(allo)m(w)m(ed)32 b(to)h(rely)f(on)g(the)h(existence)i
+(of)d(a)g Fr(while)p Fu(-construct.\))1080 b Fh(2)283
+5034 y Fp(Prop)t(erties)46 b(of)f(the)h(seman)l(tics)283
+5254 y Fu(F)-8 b(or)44 b(structural)g(op)s(erational)e(seman)m(tics)i
+(it)f(is)h(often)h(useful)f(to)g(conduct)h(pro)s(ofs)f(b)m(y)h(in-)283
+5374 y(duction)40 b(on)g(the)g Fs(length)47 b Fu(of)39
+b(the)h(deriv)-5 b(ation)39 b(sequences.)68 b(The)41
+b(pro)s(of)e(tec)m(hnique)i(ma)m(y)f(b)s(e)283 5494 y(summarized)32
+b(as)h(follo)m(ws:)p eop
+%%Page: 37 47
+37 46 bop 0 130 a Fw(2.2)112 b(Structural)37 b(op)s(erational)f(seman)m
+(tics)1506 b(37)p 0 193 3473 4 v 0 419 3470 4 v 0 436
+V -2 643 4 208 v 15 643 V 544 564 a(Induction)32 b(on)g(the)h(Length)g
+(of)g(Deriv)-6 b(ation)31 b(Sequences)p 3452 643 V 3469
+643 V 0 647 3470 4 v -2 895 4 249 v 15 895 V 66 812 a
+Fu(1:)143 b(Pro)m(v)m(e)34 b(that)f(the)g(prop)s(ert)m(y)g(holds)f(for)
+g(all)f(deriv)-5 b(ation)31 b(sequences)k(of)e(length)f(0.)p
+3452 895 V 3469 895 V -2 1424 4 529 v 15 1424 V 66 980
+a(2:)143 b(Pro)m(v)m(e)35 b(that)d(the)i(prop)s(ert)m(y)f(holds)g(for)f
+(all)f(other)i(deriv)-5 b(ation)31 b(sequences:)47 b(Assume)285
+1100 y(that)39 b(the)h(prop)s(ert)m(y)g(holds)f(for)g(all)e(deriv)-5
+b(ation)38 b(sequences)k(of)d(length)g(at)g(most)g(k)285
+1220 y(\(this)31 b(is)f(called)g(the)h Fs(induction)i(hyp)-5
+b(othesis)p Fu(\))31 b(and)g(sho)m(w)h(that)e(it)g(holds)h(for)f(deriv)
+-5 b(a-)285 1341 y(tion)32 b(sequences)k(of)c(length)g(k+1.)p
+3452 1424 V 3469 1424 V 0 1427 3470 4 v 0 1444 V 0 1640
+a(The)27 b(induction)f(step)h(of)g(a)f(pro)s(of)g(follo)m(wing)d(this)k
+(principle)e(will)f(often)i(b)s(e)h(done)g(b)m(y)h(insp)s(ect-)0
+1760 y(ing)k(either)145 1960 y Ft(\017)49 b Fu(the)33
+b(structure)h(of)e(the)h(syn)m(tactic)g(elemen)m(t,)g(or)145
+2162 y Ft(\017)49 b Fu(the)33 b(deriv)-5 b(ation)31 b(tree)i(v)-5
+b(alidating)29 b(the)k(\014rst)h(transition)c(of)j(the)g(deriv)-5
+b(ation)30 b(sequence.)0 2361 y(Note)j(that)f(the)h(pro)s(of)f(tec)m
+(hnique)i(is)e(a)g(simple)f(application)f(of)i(mathematical)e
+(induction.)146 2482 y(T)-8 b(o)30 b(illustrate)e(the)i(use)h(of)e(the)
+i(pro)s(of)e(tec)m(hnique)i(w)m(e)g(shall)d(pro)m(v)m(e)j(the)f(follo)m
+(wing)e(lemma)0 2602 y(\(to)22 b(b)s(e)h(used)g(in)f(the)h(next)g
+(section\).)40 b(In)m(tuitiv)m(ely)-8 b(,)24 b(the)f(lemma)d(expresses)
+26 b(that)c(the)h(execution)0 2723 y(of)35 b(a)h(comp)s(osite)e
+(construct)j Fs(S)1159 2738 y Fn(1)1198 2723 y Fu(;)p
+Fs(S)1292 2738 y Fn(2)1367 2723 y Fu(can)f(b)s(e)g(split)e(in)m(to)h(t)
+m(w)m(o)h(parts,)h(one)f(corresp)s(onding)g(to)0 2843
+y Fs(S)67 2858 y Fn(1)139 2843 y Fu(and)c(the)h(other)g(corresp)s
+(onding)g(to)f Fs(S)1564 2858 y Fn(2)1603 2843 y Fu(.)p
+0 2963 3473 5 v 0 3134 a Fw(Lemma)37 b(2.19)49 b Fu(If)26
+b Ft(h)p Fs(S)842 3149 y Fn(1)881 3134 y Fu(;)p Fs(S)975
+3149 y Fn(2)1015 3134 y Fu(,)h Fs(s)8 b Ft(i)26 b(\))1282
+3098 y Fn(k)1349 3134 y Fs(s)1397 3098 y Fi(00)1466 3134
+y Fu(then)h(there)g(exists)g(a)f(state)h Fs(s)2544 3098
+y Fi(0)2593 3134 y Fu(and)f(natural)g(n)m(um)m(b)s(ers)0
+3254 y(k)51 3269 y Fn(1)123 3254 y Fu(and)33 b(k)364
+3269 y Fn(2)437 3254 y Fu(suc)m(h)h(that)e Ft(h)p Fs(S)974
+3269 y Fn(1)1013 3254 y Fu(,)h Fs(s)8 b Ft(i)32 b(\))1292
+3218 y Fn(k)1329 3227 y Fd(1)1400 3254 y Fs(s)1448 3218
+y Fi(0)1504 3254 y Fu(and)h Ft(h)o Fs(S)1799 3269 y Fn(2)1839
+3254 y Fu(,)f Fs(s)1946 3218 y Fi(0)1970 3254 y Ft(i)g(\))2141
+3218 y Fn(k)2178 3227 y Fd(2)2249 3254 y Fs(s)2297 3218
+y Fi(00)2372 3254 y Fu(where)i(k)f(=)f(k)2897 3269 y
+Fn(1)2937 3254 y Fu(+k)3064 3269 y Fn(2)3104 3254 y Fu(.)p
+0 3375 V 0 3574 a Fw(Pro)s(of:)44 b Fu(The)39 b(pro)s(of)f(is)g(b)m(y)h
+(induction)f(on)g(the)h(n)m(um)m(b)s(er)g(k,)i(that)d(is)g(b)m(y)h
+(induction)f(on)g(the)0 3695 y(length)32 b(of)g(the)h(deriv)-5
+b(ation)31 b(sequence)k Ft(h)p Fs(S)1545 3710 y Fn(1)1584
+3695 y Fu(;)p Fs(S)1678 3710 y Fn(2)1718 3695 y Fu(,)d
+Fs(s)8 b Ft(i)33 b(\))1996 3659 y Fn(k)2070 3695 y Fs(s)2118
+3659 y Fi(00)2161 3695 y Fu(.)146 3815 y(If)g(k)g(=)f(0)h(then)g(the)g
+(result)f(holds)g(v)-5 b(acuously)d(.)146 3936 y(F)g(or)26
+b(the)h(induction)f(step)i(w)m(e)g(assume)f(that)f(the)h(lemma)e(holds)
+h(for)h(k)33 b Ft(\024)g Fu(k)2889 3951 y Fn(0)2955 3936
+y Fu(and)27 b(w)m(e)h(shall)0 4056 y(pro)m(v)m(e)34 b(it)d(for)h(k)560
+4071 y Fn(0)600 4056 y Fu(+1.)43 b(So)33 b(assume)g(that)244
+4256 y Ft(h)p Fs(S)350 4271 y Fn(1)389 4256 y Fu(;)p
+Fs(S)483 4271 y Fn(2)522 4256 y Fu(,)g Fs(s)8 b Ft(i)32
+b(\))801 4219 y Fn(k)838 4228 y Fd(0)873 4219 y Fn(+1)1000
+4256 y Fs(s)1048 4219 y Fi(00)0 4455 y Fu(This)h(means)f(that)h(the)g
+(deriv)-5 b(ation)31 b(sequence)k(can)e(b)s(e)g(written)f(as)244
+4655 y Ft(h)p Fs(S)350 4670 y Fn(1)389 4655 y Fu(;)p
+Fs(S)483 4670 y Fn(2)522 4655 y Fu(,)h Fs(s)8 b Ft(i)32
+b(\))g Fo(\015)38 b Ft(\))1022 4619 y Fn(k)1059 4628
+y Fd(0)1130 4655 y Fs(s)1178 4619 y Fi(00)0 4854 y Fu(for)29
+b(some)h(con\014guration)f Fo(\015)5 b Fu(.)43 b(No)m(w)30
+b(one)h(of)e(t)m(w)m(o)i(cases)g(applies)e(dep)s(ending)h(on)g(whic)m
+(h)g(of)g(the)0 4975 y(t)m(w)m(o)j(rules)g([comp)685
+4939 y Fn(1)673 4999 y(sos)768 4975 y Fu(])f(and)h([comp)1284
+4939 y Fn(2)1272 4999 y(sos)1367 4975 y Fu(])f(w)m(as)i(used)g(to)e
+(obtain)f Ft(h)p Fs(S)2365 4990 y Fn(1)2404 4975 y Fu(;)p
+Fs(S)2498 4990 y Fn(2)2538 4975 y Fu(,)h Fs(s)8 b Ft(i)33
+b(\))f Fo(\015)5 b Fu(.)146 5095 y(In)33 b(the)g(\014rst)g(case)h
+(where)g([comp)1393 5059 y Fn(1)1381 5120 y(sos)1475
+5095 y Fu(])f(is)f(used)i(w)m(e)f(ha)m(v)m(e)244 5295
+y Ft(h)p Fs(S)350 5310 y Fn(1)389 5295 y Fu(;)p Fs(S)483
+5310 y Fn(2)522 5295 y Fu(,)g Fs(s)8 b Ft(i)32 b(\))g(h)p
+Fs(S)939 5259 y Fi(0)939 5319 y Fn(1)978 5295 y Fu(;)p
+Fs(S)1072 5310 y Fn(2)1112 5295 y Fu(,)g Fs(s)1219 5259
+y Fi(0)1243 5295 y Ft(i)0 5494 y Fu(b)s(ecause)p eop
+%%Page: 38 48
+38 47 bop 251 130 a Fw(38)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(h)p Fs(S)633
+530 y Fn(1)672 515 y Fu(,)c Fs(s)8 b Ft(i)32 b(\))g(h)p
+Fs(S)1089 479 y Fi(0)1089 540 y Fn(1)1128 515 y Fu(,)h
+Fs(s)1236 479 y Fi(0)1259 515 y Ft(i)283 732 y Fu(W)-8
+b(e)33 b(therefore)h(ha)m(v)m(e)527 950 y Ft(h)p Fs(S)633
+913 y Fi(0)633 974 y Fn(1)672 950 y Fu(;)p Fs(S)766 965
+y Fn(2)806 950 y Fu(,)e Fs(s)913 913 y Fi(0)937 950 y
+Ft(i)g(\))1108 913 y Fn(k)1145 922 y Fd(0)1216 950 y
+Fs(s)1264 913 y Fi(00)283 1167 y Fu(and)37 b(the)h(induction)e(h)m(yp)s
+(othesis)i(can)f(b)s(e)g(applied)f(to)g(this)h(deriv)-5
+b(ation)35 b(sequence)k(b)s(ecause)283 1287 y(it)29 b(is)h(shorter)h
+(than)f(the)g(one)h(w)m(e)g(started)f(with.)43 b(This)30
+b(means)g(that)g(there)g(is)g(a)g(state)g Fs(s)3529 1302
+y Fn(0)3599 1287 y Fu(and)283 1408 y(natural)i(n)m(um)m(b)s(ers)h(k)
+1069 1423 y Fn(1)1142 1408 y Fu(and)f(k)1382 1423 y Fn(2)1455
+1408 y Fu(suc)m(h)i(that)527 1625 y Ft(h)p Fs(S)633 1588
+y Fi(0)633 1649 y Fn(1)672 1625 y Fu(,)f Fs(s)780 1588
+y Fi(0)803 1625 y Ft(i)g(\))974 1588 y Fn(k)1011 1597
+y Fd(1)1083 1625 y Fs(s)1131 1640 y Fn(0)1203 1625 y
+Fu(and)f Ft(h)p Fs(S)1498 1640 y Fn(2)1537 1625 y Fu(,)h
+Fs(s)1645 1640 y Fn(0)1685 1625 y Ft(i)f(\))1855 1588
+y Fn(k)1892 1597 y Fd(2)1964 1625 y Fs(s)2012 1588 y
+Fi(00)283 1842 y Fu(where)i(k)616 1857 y Fn(1)656 1842
+y Fu(+k)783 1857 y Fn(2)823 1842 y Fu(=k)950 1857 y Fn(0)990
+1842 y Fu(.)43 b(Using)32 b(that)h Ft(h)p Fs(S)1652 1857
+y Fn(1)1691 1842 y Fu(,)f Fs(s)8 b Ft(i)33 b(\))f(h)p
+Fs(S)2108 1806 y Fi(0)2107 1866 y Fn(1)2147 1842 y Fu(,)h
+Fs(s)2255 1806 y Fi(0)2278 1842 y Ft(i)f Fu(and)h Ft(h)p
+Fs(S)2645 1806 y Fi(0)2644 1866 y Fn(1)2684 1842 y Fu(,)f
+Fs(s)2791 1806 y Fi(0)2815 1842 y Ft(i)g(\))2986 1806
+y Fn(k)3023 1815 y Fd(1)3094 1842 y Fs(s)3142 1857 y
+Fn(0)3214 1842 y Fu(w)m(e)i(get)527 2059 y Ft(h)p Fs(S)633
+2074 y Fn(1)672 2059 y Fu(,)f Fs(s)8 b Ft(i)32 b(\))951
+2023 y Fn(k)988 2032 y Fd(1)1023 2023 y Fn(+1)1150 2059
+y Fs(s)1198 2074 y Fn(0)283 2276 y Fu(W)-8 b(e)34 b(ha)m(v)m(e)g
+(already)f(seen)h(that)f Ft(h)o Fs(S)1551 2291 y Fn(2)1591
+2276 y Fu(,)g Fs(s)1699 2291 y Fn(0)1738 2276 y Ft(i)g(\))1909
+2240 y Fn(k)1946 2249 y Fd(2)2018 2276 y Fs(s)2066 2240
+y Fi(00)2142 2276 y Fu(and)g(since)g(\(k)2660 2291 y
+Fn(1)2700 2276 y Fu(+1\)+k)2990 2291 y Fn(2)3062 2276
+y Fu(=)g(k)3222 2291 y Fn(0)3262 2276 y Fu(+1)g(w)m(e)h(ha)m(v)m(e)283
+2396 y(pro)m(v)m(ed)h(the)e(required)g(result.)430 2520
+y(The)f(second)h(p)s(ossibilit)m(y)c(is)h(that)i([comp)1980
+2483 y Fn(2)1968 2544 y(sos)2062 2520 y Fu(])g(has)f(b)s(een)h(used)h
+(to)e(obtain)f(the)h(deriv)-5 b(ation)283 2640 y Ft(h)p
+Fs(S)389 2655 y Fn(1)428 2640 y Fu(;)p Fs(S)522 2655
+y Fn(2)562 2640 y Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))f Fo(\015)5
+b Fu(.)43 b(Then)34 b(w)m(e)g(ha)m(v)m(e)527 2857 y Ft(h)p
+Fs(S)633 2872 y Fn(1)672 2857 y Fu(,)f Fs(s)8 b Ft(i)32
+b(\))g Fs(s)1031 2821 y Fi(0)283 3074 y Fu(and)h Fo(\015)38
+b Fu(is)32 b Ft(h)p Fs(S)766 3089 y Fn(2)805 3074 y Fu(,)g
+Fs(s)912 3038 y Fi(0)936 3074 y Ft(i)g Fu(so)h(that)527
+3291 y Ft(h)p Fs(S)633 3306 y Fn(2)672 3291 y Fu(,)g
+Fs(s)780 3255 y Fi(0)803 3291 y Ft(i)g(\))974 3255 y
+Fn(k)1011 3264 y Fd(0)1083 3291 y Fs(s)1131 3255 y Fi(00)283
+3508 y Fu(The)h(result)e(no)m(w)i(follo)m(ws)d(b)m(y)j(c)m(ho)s(osing)e
+(k)1862 3523 y Fn(1)1902 3508 y Fu(=1)g(and)g(k)2299
+3523 y Fn(2)2339 3508 y Fu(=k)2466 3523 y Fn(0)2506 3508
+y Fu(.)1148 b Fh(2)283 3842 y Fw(Exercise)37 b(2.20)49
+b Fu(Supp)s(ose)27 b(that)f Ft(h)o Fs(S)1661 3857 y Fn(1)1701
+3842 y Fu(;)p Fs(S)1795 3857 y Fn(2)1834 3842 y Fu(,)h
+Fs(s)8 b Ft(i\))2075 3806 y Fi(\003)2114 3842 y Ft(h)p
+Fs(S)2220 3857 y Fn(2)2259 3842 y Fu(,)28 b Fs(s)2362
+3806 y Fi(0)2385 3842 y Ft(i)p Fu(.)41 b(Sho)m(w)27 b(that)e(it)g(is)h
+Fs(not)35 b Fu(necessarily)283 3962 y(the)e(case)h(that)e
+Ft(h)p Fs(S)975 3977 y Fn(1)1014 3962 y Fu(,)h Fs(s)8
+b Ft(i\))1260 3926 y Fi(\003)1300 3962 y Fs(s)1348 3926
+y Fi(0)1371 3962 y Fu(.)2283 b Fh(2)283 4210 y Fw(Exercise)37
+b(2.21)49 b(\(Essen)m(tial\))30 b Fu(Pro)m(v)m(e)k(that)527
+4427 y(if)e Ft(h)p Fs(S)723 4442 y Fn(1)762 4427 y Fu(,)g
+Fs(s)8 b Ft(i)33 b(\))1040 4391 y Fn(k)1114 4427 y Fs(s)1162
+4391 y Fi(0)1218 4427 y Fu(then)g Ft(h)p Fs(S)1546 4442
+y Fn(1)1585 4427 y Fu(;)p Fs(S)1679 4442 y Fn(2)1719
+4427 y Fu(,)f Fs(s)8 b Ft(i)33 b(\))1997 4391 y Fn(k)2071
+4427 y Ft(h)p Fs(S)2177 4442 y Fn(2)2216 4427 y Fu(,)g
+Fs(s)2324 4391 y Fi(0)2347 4427 y Ft(i)283 4644 y Fu(that)g(is)f(the)h
+(execution)g(of)f Fs(S)1375 4659 y Fn(1)1447 4644 y Fu(is)g(not)h
+(in\015uenced)g(b)m(y)h(the)f(statemen)m(t)g(follo)m(wing)d(it.)240
+b Fh(2)430 4891 y Fu(In)25 b(the)h(previous)g(section)f(w)m(e)h
+(de\014ned)h(a)e(notion)f(of)h(determinism)e(based)j(on)f(the)h
+(natural)283 5012 y(seman)m(tics.)59 b(F)-8 b(or)37 b(the)h(structural)
+f(op)s(erational)e(seman)m(tics)j(w)m(e)g(de\014ne)h(the)f(similar)c
+(notion)283 5132 y(as)g(follo)m(ws.)46 b(The)35 b(seman)m(tics)e(of)h
+(T)-8 b(able)33 b(2.2)g(is)h Fs(deterministic)k Fu(if)33
+b(for)g(all)e(c)m(hoices)k(of)e Fs(S)12 b Fu(,)34 b Fs(s)8
+b Fu(,)34 b Fo(\015)283 5252 y Fu(and)f Fo(\015)529 5216
+y Fi(0)585 5252 y Fu(w)m(e)h(ha)m(v)m(e)f(that)527 5470
+y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))g
+Fo(\015)38 b Fu(and)32 b Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8
+b Ft(i)33 b(\))f Fo(\015)1695 5433 y Fi(0)1751 5470 y
+Fu(imply)e Fo(\015)38 b Fu(=)32 b Fo(\015)2277 5433 y
+Fi(0)p eop
+%%Page: 39 49
+39 48 bop 0 130 a Fw(2.2)112 b(Structural)37 b(op)s(erational)f(seman)m
+(tics)1506 b(39)p 0 193 3473 4 v 0 515 a(Exercise)36
+b(2.22)49 b(\(Essen)m(tial\))d Fu(Sho)m(w)j(that)f(the)g(structural)g
+(op)s(erational)e(seman)m(tics)i(of)0 636 y(T)-8 b(able)38
+b(2.2)g(is)g(deterministic.)60 b(Deduce)39 b(that)f(there)h(is)f
+(exactly)h(one)g(deriv)-5 b(ation)37 b(sequence)0 756
+y(starting)25 b(in)g(a)h(con\014guration)f Ft(h)p Fs(S)12
+b Fu(,)26 b Fs(s)8 b Ft(i)p Fu(.)41 b(Argue)26 b(that)g(a)g(statemen)m
+(t)h Fs(S)37 b Fu(of)26 b Fw(While)e Fu(cannot)j(b)s(oth)0
+877 y(terminate)34 b(and)h(lo)s(op)f(on)h(a)g(state)g
+Fs(s)44 b Fu(and)35 b(hence)h(it)f(cannot)g(b)s(oth)g(b)s(e)g(alw)m(a)m
+(ys)h(terminating)0 997 y(and)d(alw)m(a)m(ys)g(lo)s(oping.)2555
+b Fh(2)146 1166 y Fu(In)31 b(the)g(previous)h(section)e(w)m(e)i
+(de\014ned)g(a)f(notion)e(of)h(t)m(w)m(o)i(statemen)m(ts)g
+Fs(S)2848 1181 y Fn(1)2917 1166 y Fu(and)f Fs(S)3172
+1181 y Fn(2)3242 1166 y Fu(b)s(eing)0 1287 y(seman)m(tically)26
+b(equiv)-5 b(alen)m(t.)41 b(The)29 b(similar)24 b(notion)i(can)i(b)s(e)
+g(de\014ned)h(based)f(on)g(the)g(structural)0 1407 y(op)s(erational)i
+(seman)m(tics:)44 b Fs(S)1060 1422 y Fn(1)1132 1407 y
+Fu(and)32 b Fs(S)1388 1422 y Fn(2)1460 1407 y Fu(are)h
+Fs(semantic)-5 b(al)5 b(ly)34 b(e)-5 b(quivalent)41 b
+Fu(if)31 b(for)h(all)f(states)i Fs(s)145 1567 y Ft(\017)49
+b(h)p Fs(S)350 1582 y Fn(1)389 1567 y Fu(,)32 b Fs(s)8
+b Ft(i)31 b(\))666 1530 y Fi(\003)737 1567 y Fo(\015)37
+b Fu(if)30 b(and)i(only)f(if)f Ft(h)p Fs(S)1509 1582
+y Fn(2)1548 1567 y Fu(,)i Fs(s)8 b Ft(i)32 b(\))1825
+1530 y Fi(\003)1896 1567 y Fo(\015)5 b Fu(,)32 b(whenev)m(er)j
+Fo(\015)h Fu(is)31 b(a)h(con\014guration)f(that)244 1687
+y(is)h(either)g(stuc)m(k)j(or)d(terminal,)e(and)145 1876
+y Ft(\017)49 b Fu(there)30 b(is)e(an)h(in\014nite)f(deriv)-5
+b(ation)28 b(sequence)k(starting)c(in)g Ft(h)p Fs(S)2475
+1891 y Fn(1)2514 1876 y Fu(,)i Fs(s)8 b Ft(i)29 b Fu(if)f(and)h(only)g
+(if)f(there)244 1996 y(is)k(one)h(starting)e(in)h Ft(h)p
+Fs(S)1104 2011 y Fn(2)1143 1996 y Fu(,)h Fs(s)8 b Ft(i)p
+Fu(.)0 2155 y(Note)47 b(that)f(in)g(the)g(\014rst)h(case)h(the)f
+(length)e(of)h(the)h(t)m(w)m(o)g(deriv)-5 b(ation)45
+b(sequences)50 b(ma)m(y)c(b)s(e)0 2276 y(di\013eren)m(t.)0
+2445 y Fw(Exercise)36 b(2.23)49 b Fu(Sho)m(w)f(that)f(the)h(follo)m
+(wing)d(statemen)m(ts)j(of)e Fw(While)g Fu(are)h(seman)m(tically)0
+2566 y(equiv)-5 b(alen)m(t)32 b(in)g(the)h(ab)s(o)m(v)m(e)h(sense:)145
+2725 y Ft(\017)49 b Fs(S)12 b Fu(;)p Fr(skip)33 b Fu(and)g
+Fs(S)145 2914 y Ft(\017)49 b Fr(while)34 b Fs(b)k Fr(do)33
+b Fs(S)45 b Fu(and)32 b Fr(if)h Fs(b)39 b Fr(then)33
+b Fu(\()p Fs(S)12 b Fu(;)33 b Fr(while)h Fs(b)k Fr(do)33
+b Fs(S)12 b Fu(\))32 b Fr(else)i(skip)145 3103 y Ft(\017)49
+b Fs(S)311 3118 y Fn(1)350 3103 y Fu(;\()p Fs(S)482 3118
+y Fn(2)521 3103 y Fu(;)p Fs(S)615 3118 y Fn(3)655 3103
+y Fu(\))32 b(and)h(\()p Fs(S)1020 3118 y Fn(1)1059 3103
+y Fu(;)p Fs(S)1153 3118 y Fn(2)1193 3103 y Fu(\);)p Fs(S)1325
+3118 y Fn(3)0 3262 y Fu(Y)-8 b(ou)42 b(ma)m(y)g(use)i(the)e(result)g
+(of)g(Exercise)i(2.22.)72 b(Discuss)43 b(to)f(what)g(exten)m(t)i(the)f
+(notion)e(of)0 3382 y(seman)m(tic)24 b(equiv)-5 b(alence)25
+b(in)m(tro)s(duced)g(ab)s(o)m(v)m(e)g(is)f(the)i(same)e(as)h(that)f
+(de\014ned)i(from)e(the)h(natural)0 3503 y(seman)m(tics.)2961
+b Fh(2)0 3672 y Fw(Exercise)36 b(2.24)49 b Fu(Pro)m(v)m(e)37
+b(that)f Fr(repeat)h Fs(S)47 b Fr(until)37 b Fs(b)k Fu(\(as)36
+b(de\014ned)h(in)d(Exercise)j(2.17\))e(is)g(se-)0 3793
+y(man)m(tically)30 b(equiv)-5 b(alen)m(t)32 b(to)g Fs(S)12
+b Fu(;)33 b Fr(while)h Ft(:)f Fs(b)38 b Fr(do)33 b Fs(S)12
+b Fu(.)1512 b Fh(2)0 4074 y Fp(The)44 b(seman)l(tic)j(function)d
+FC(S)1440 4092 y Fk(sos)0 4259 y Fu(As)f(in)f(the)h(previous)g(section)
+f(the)h Fs(me)-5 b(aning)50 b Fu(of)42 b(statemen)m(ts)h(can)g(b)s(e)g
+(summarized)e(b)m(y)j(a)0 4379 y(\(partial\))30 b(function)i(from)g
+Fw(State)g Fu(to)g Fw(State)p Fu(:)244 4538 y Ft(S)312
+4553 y Fn(sos)407 4538 y Fu(:)43 b Fw(Stm)32 b Ft(!)g
+Fu(\()p Fw(State)h Fo(,)-17 b Ft(!)32 b Fw(State)p Fu(\))0
+4698 y(It)h(is)f(giv)m(en)g(b)m(y)244 4939 y Ft(S)312
+4954 y Fn(sos)407 4939 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17
+b(])q Fs(s)40 b Fu(=)738 4764 y Fg(8)738 4839 y(<)738
+4988 y(:)853 4854 y Fs(s)901 4818 y Fi(0)1179 4854 y
+Fu(if)31 b Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33
+b(\))1652 4818 y Fi(\003)1724 4854 y Fs(s)1772 4818 y
+Fi(0)853 5022 y Fu(undef)p 853 5035 243 4 v 91 w(otherwise)0
+5180 y(The)h(w)m(ell-de\014nedness)g(of)e(the)h(de\014nition)e(follo)m
+(ws)h(from)f(Exercise)j(2.22.)0 5349 y Fw(Exercise)i(2.25)49
+b Fu(Determine)i(whether)i(or)f(not)g(seman)m(tic)f(equiv)-5
+b(alence)53 b(of)e Fs(S)3066 5364 y Fn(1)3157 5349 y
+Fu(and)h Fs(S)3433 5364 y Fn(2)0 5470 y Fu(amoun)m(ts)32
+b(to)h Ft(S)580 5485 y Fn(sos)676 5470 y Fu([)-17 b([)p
+Fs(S)780 5485 y Fn(1)819 5470 y Fu(])g(])34 b(=)e Ft(S)1066
+5485 y Fn(sos)1161 5470 y Fu([)-17 b([)p Fs(S)1265 5485
+y Fn(2)1305 5470 y Fu(])g(].)2029 b Fh(2)p eop
+%%Page: 40 50
+40 49 bop 251 130 a Fw(40)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fj(2.3)161
+b(An)53 b(equiv)-9 b(alence)55 b(result)283 734 y Fu(W)-8
+b(e)29 b(ha)m(v)m(e)g(giv)m(en)e(t)m(w)m(o)i(de\014nitions)e(of)g(the)h
+(seman)m(tics)g(of)f Fw(While)f Fu(and)i(w)m(e)h(shall)d(no)m(w)i
+(address)283 855 y(the)33 b(question)g(of)g(their)f(equiv)-5
+b(alence.)p 283 975 3473 5 v 283 1142 a Fw(Theorem)38
+b(2.26)49 b Fu(F)-8 b(or)31 b(ev)m(ery)k(statemen)m(t)e
+Fs(S)44 b Fu(of)32 b Fw(While)f Fu(w)m(e)j(ha)m(v)m(e)g
+Ft(S)2863 1157 y Fn(ns)2934 1142 y Fu([)-17 b([)p Fs(S)12
+b Fu(])-17 b(])33 b(=)g Ft(S)3284 1157 y Fn(sos)3380
+1142 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(.)p 283
+1263 V 283 1459 a(This)33 b(result)g(expresses)i(t)m(w)m(o)f(prop)s
+(erties:)429 1655 y Ft(\017)48 b Fu(If)27 b(the)g(execution)g(of)f
+Fs(S)38 b Fu(from)26 b(some)g(state)h(terminates)f(in)g(one)g(of)h(the)
+f(seman)m(tics)h(then)527 1776 y(it)32 b(also)g(terminates)f(in)h(the)h
+(other)g(and)g(the)g(resulting)e(states)j(will)c(b)s(e)j(equal.)429
+1977 y Ft(\017)48 b Fu(If)36 b(the)g(execution)h(of)e
+Fs(S)48 b Fu(from)34 b(some)i(state)g(lo)s(ops)f(in)g(one)h(of)f(the)h
+(seman)m(tics)g(then)h(it)527 2097 y(will)31 b(also)g(lo)s(op)g(in)h
+(the)h(other.)283 2294 y(It)26 b(should)g(b)s(e)g(fairly)e(ob)m(vious)i
+(that)g(the)g(\014rst)g(prop)s(ert)m(y)h(follo)m(ws)d(from)h(the)h
+(theorem)f(b)s(ecause)283 2414 y(there)i(are)f(no)f(stuc)m(k)i
+(con\014gurations)f(in)f(the)h(structural)f(op)s(erational)e(seman)m
+(tics)j(of)f Fw(While)p Fu(.)283 2534 y(F)-8 b(or)40
+b(the)h(other)f(prop)s(ert)m(y)h(supp)s(ose)h(that)e(the)h(execution)g
+(of)e Fs(S)53 b Fu(on)40 b(state)g Fs(s)49 b Fu(lo)s(ops)39
+b(in)h(one)283 2655 y(of)c(the)g(seman)m(tics.)52 b(If)36
+b(it)e(terminates)h(in)g(the)h(other)f(seman)m(tics)h(w)m(e)h(ha)m(v)m
+(e)g(a)e(con)m(tradiction)283 2775 y(with)27 b(the)g(\014rst)g(prop)s
+(ert)m(y)h(b)s(ecause)g(b)s(oth)f(seman)m(tics)g(are)f(deterministic)f
+(\(Theorem)i(2.9)g(and)283 2895 y(Exercise)34 b(2.22\).)43
+b(Hence)34 b Fs(S)44 b Fu(will)31 b(ha)m(v)m(e)j(to)e(lo)s(op)f(on)h
+(state)h Fs(s)41 b Fu(also)32 b(in)f(the)i(other)g(seman)m(tics.)430
+3016 y(The)g(theorem)f(is)f(pro)m(v)m(ed)j(in)d(t)m(w)m(o)h(stages)h
+(as)f(expressed)j(b)m(y)e(Lemma)e(2.27)g(and)h(Lemma)283
+3136 y(2.28)g(b)s(elo)m(w.)44 b(W)-8 b(e)33 b(shall)e(\014rst)i(pro)m
+(v)m(e:)p 283 3257 V 283 3424 a Fw(Lemma)38 b(2.27)49
+b Fu(F)-8 b(or)31 b(ev)m(ery)k(statemen)m(t)e Fs(S)44
+b Fu(of)32 b Fw(While)f Fu(and)i(states)g Fs(s)41 b Fu(and)33
+b Fs(s)3134 3388 y Fi(0)3190 3424 y Fu(w)m(e)g(ha)m(v)m(e)527
+3620 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g
+Fs(s)992 3584 y Fi(0)1048 3620 y Fu(implies)e Ft(h)p
+Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))1763 3584 y
+Fi(\003)1835 3620 y Fs(s)1883 3584 y Fi(0)1907 3620 y
+Fu(.)283 3817 y(So)40 b(if)e(the)i(execution)g(of)f Fs(S)51
+b Fu(from)38 b Fs(s)47 b Fu(terminates)39 b(in)f(the)i(natural)e(seman)
+m(tics)i(then)g(it)e(will)283 3937 y(terminate)32 b(in)g(the)h(same)f
+(state)h(in)f(the)h(structural)f(op)s(erational)e(seman)m(tics.)p
+283 4057 V 283 4254 a Fw(Pro)s(of:)45 b Fu(The)40 b(pro)s(of)e(pro)s
+(ceeds)i(b)m(y)g(induction)e(on)g(the)i(shap)s(e)f(of)f(the)i(deriv)-5
+b(ation)37 b(tree)i(for)283 4374 y Ft(h)p Fs(S)12 b Fu(,)33
+b Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 4338 y Fi(0)772 4374
+y Fu(.)283 4542 y Fw(The)h(case)g Fu([ass)891 4557 y
+Fn(ns)964 4542 y Fu(]:)43 b(W)-8 b(e)33 b(assume)g(that)527
+4738 y Ft(h)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33 b
+Fs(s)8 b Ft(i)32 b(!)g Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o
+Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])283
+4934 y(F)-8 b(rom)32 b([ass)692 4949 y Fn(sos)787 4934
+y Fu(])h(w)m(e)h(get)e(the)h(required)527 5131 y Ft(h)p
+Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33 b Fs(s)8 b Ft(i)32
+b(\))g Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 b([)q
+Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])283 5327 y Fw(The)33
+b(case)g Fu([skip)937 5342 y Fn(ns)1009 5327 y Fu(]:)44
+b(Analogous.)283 5494 y Fw(The)33 b(case)g Fu([comp)994
+5509 y Fn(ns)1065 5494 y Fu(]:)44 b(Assume)33 b(that)p
+eop
+%%Page: 41 51
+41 50 bop 0 130 a Fw(2.3)112 b(An)38 b(equiv)-6 b(alence)37
+b(result)2047 b(41)p 0 193 3473 4 v 244 515 a Ft(h)p
+Fs(S)350 530 y Fn(1)389 515 y Fu(;)p Fs(S)483 530 y Fn(2)522
+515 y Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)881 479 y
+Fi(00)0 711 y Fu(b)s(ecause)244 907 y Ft(h)p Fs(S)350
+922 y Fn(1)389 907 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)748
+871 y Fi(0)804 907 y Fu(and)h Ft(h)o Fs(S)1099 922 y
+Fn(2)1139 907 y Fu(,)f Fs(s)1246 871 y Fi(0)1270 907
+y Ft(i)g(!)g Fs(s)1521 871 y Fi(00)0 1103 y Fu(The)f(induction)e(h)m
+(yp)s(othesis)i(can)f(b)s(e)h(applied)d(to)i(b)s(oth)g(of)f(the)i
+(premises)f Ft(h)p Fs(S)2871 1118 y Fn(1)2910 1103 y
+Fu(,)h Fs(s)8 b Ft(i)29 b(!)h Fs(s)3262 1067 y Fi(0)3315
+1103 y Fu(and)0 1224 y Ft(h)p Fs(S)106 1239 y Fn(2)145
+1224 y Fu(,)j Fs(s)253 1187 y Fi(0)276 1224 y Ft(i)f(!)g
+Fs(s)527 1187 y Fi(00)602 1224 y Fu(and)h(giv)m(es)244
+1420 y Ft(h)p Fs(S)350 1435 y Fn(1)389 1420 y Fu(,)g
+Fs(s)8 b Ft(i)32 b(\))667 1383 y Fi(\003)739 1420 y Fs(s)787
+1383 y Fi(0)843 1420 y Fu(and)h Ft(h)p Fs(S)1139 1435
+y Fn(2)1178 1420 y Fu(,)g Fs(s)1286 1383 y Fi(0)1309
+1420 y Ft(i)f(\))1480 1383 y Fi(\003)1552 1420 y Fs(s)1600
+1383 y Fi(00)0 1616 y Fu(F)-8 b(rom)31 b(Exercise)j(2.21)e(w)m(e)i(get)
+244 1811 y Ft(h)p Fs(S)350 1826 y Fn(1)389 1811 y Fu(;)p
+Fs(S)483 1826 y Fn(2)522 1811 y Fu(,)f Fs(s)8 b Ft(i)32
+b(\))801 1775 y Fi(\003)873 1811 y Ft(h)p Fs(S)979 1826
+y Fn(2)1018 1811 y Fu(,)g Fs(s)1125 1775 y Fi(0)1149
+1811 y Ft(i)0 2007 y Fu(and)h(thereb)m(y)h Ft(h)p Fs(S)648
+2022 y Fn(1)687 2007 y Fu(;)p Fs(S)781 2022 y Fn(2)820
+2007 y Fu(,)f Fs(s)8 b Ft(i)32 b(\))1099 1971 y Fi(\003)1171
+2007 y Fs(s)1219 1971 y Fi(00)1261 2007 y Fu(.)0 2175
+y Fw(The)h(case)g Fu([if)553 2139 y Fn(tt)541 2200 y(ns)611
+2175 y Fu(]:)44 b(Assume)33 b(that)244 2371 y Ft(h)p
+Fr(if)g Fs(b)38 b Fr(then)c Fs(S)806 2386 y Fn(1)877
+2371 y Fr(else)g Fs(S)1182 2386 y Fn(2)1221 2371 y Fu(,)f
+Fs(s)8 b Ft(i)32 b(!)g Fs(s)1580 2335 y Fi(0)0 2567 y
+Fu(b)s(ecause)244 2763 y Ft(B)s Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)h
+Ft(h)p Fs(S)1043 2778 y Fn(1)1082 2763 y Fu(,)f Fs(s)8
+b Ft(i)33 b(!)f Fs(s)1441 2727 y Fi(0)0 2959 y Fu(Since)h
+Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41
+b Fu(=)32 b Fw(tt)g Fu(w)m(e)i(get)244 3155 y Ft(h)p
+Fr(if)f Fs(b)38 b Fr(then)c Fs(S)806 3170 y Fn(1)877
+3155 y Fr(else)g Fs(S)1182 3170 y Fn(2)1221 3155 y Fu(,)f
+Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)1638 3170 y Fn(1)1677
+3155 y Fu(,)h Fs(s)8 b Ft(i)32 b(\))1956 3119 y Fi(\003)2028
+3155 y Fs(s)2076 3119 y Fi(0)0 3351 y Fu(where)39 b(the)f(\014rst)g
+(relationship)e(comes)i(from)e([if)1828 3315 y Fn(tt)1816
+3375 y(sos)1910 3351 y Fu(])i(and)g(the)g(second)h(from)d(the)i
+(induction)0 3471 y(h)m(yp)s(othesis)c(applied)d(to)h(the)h(premise)g
+Ft(h)o Fs(S)1573 3486 y Fn(1)1613 3471 y Fu(,)f Fs(s)8
+b Ft(i)33 b(!)f Fs(s)1972 3435 y Fi(0)1995 3471 y Fu(.)0
+3639 y Fw(The)h(case)g Fu([if)553 3603 y Fn(\013)541
+3663 y(ns)611 3639 y Fu(]:)44 b(Analogous.)0 3806 y Fw(The)33
+b(case)g Fu([while)718 3770 y Fn(tt)706 3831 y(ns)777
+3806 y Fu(]:)43 b(Assume)34 b(that)244 4002 y Ft(h)p
+Fr(while)f Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8
+b Ft(i)33 b(!)f Fs(s)1216 3966 y Fi(00)0 4198 y Fu(b)s(ecause)244
+4394 y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p
+Fs(s)41 b Fu(=)32 b Fw(tt)p Fu(,)g Ft(h)p Fs(S)12 b Fu(,)32
+b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1239 4358 y Fi(0)1295 4394
+y Fu(and)g Ft(h)p Fr(while)i Fs(b)39 b Fr(do)33 b Fs(S)12
+b Fu(,)32 b Fs(s)2205 4358 y Fi(0)2228 4394 y Ft(i)h(!)f
+Fs(s)2480 4358 y Fi(00)0 4590 y Fu(The)i(induction)d(h)m(yp)s(othesis)j
+(can)f(b)s(e)g(applied)e(to)i(b)s(oth)f(of)g(the)h(premises)g
+Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)3259
+4554 y Fi(0)3315 4590 y Fu(and)0 4711 y Ft(h)p Fr(while)i
+Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)721 4675 y
+Fi(0)744 4711 y Ft(i)f(!)g Fs(s)995 4675 y Fi(00)1070
+4711 y Fu(and)h(giv)m(es)244 4907 y Ft(h)p Fs(S)12 b
+Fu(,)32 b Fs(s)8 b Ft(i)32 b(\))628 4870 y Fi(\003)700
+4907 y Fs(s)748 4870 y Fi(0)804 4907 y Fu(and)h Ft(h)o
+Fr(while)h Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)1714
+4870 y Fi(0)1737 4907 y Ft(i)h(\))1908 4870 y Fi(\003)1980
+4907 y Fs(s)2028 4870 y Fi(00)0 5103 y Fu(Using)f(Exercise)i(2.21)e(w)m
+(e)i(get)244 5299 y Ft(h)p Fs(S)12 b Fu(;)32 b Fr(while)i
+Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32
+b(\))1262 5262 y Fi(\003)1334 5299 y Fs(s)1382 5262 y
+Fi(00)0 5494 y Fu(Using)g([while)524 5509 y Fn(sos)619
+5494 y Fu(])g(and)h([if)965 5458 y Fn(tt)953 5519 y(sos)1047
+5494 y Fu(])g(\(with)f Ft(B)s Fu([)-17 b([)q Fs(b)6 b
+Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(tt)p Fu(\))g(w)m(e)i(get)e(the)h
+(\014rst)g(t)m(w)m(o)g(steps)h(of)p eop
+%%Page: 42 52
+42 51 bop 251 130 a Fw(42)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(h)p Fr(while)d
+Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)855
+683 y(\))32 b(h)p Fr(if)h Fs(b)38 b Fr(then)c Fu(\()p
+Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)39 b Fr(do)33 b Fs(S)12
+b Fu(\))32 b Fr(else)h(skip)p Fu(,)h Fs(s)8 b Ft(i)855
+851 y(\))32 b(h)p Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)39
+b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)855 1018
+y(\))955 982 y Fi(\003)1027 1018 y Fs(s)1075 982 y Fi(00)283
+1225 y Fu(and)33 b(w)m(e)h(ha)m(v)m(e)g(already)e(argued)h(for)f(the)h
+(last)e(part.)283 1392 y Fw(The)i(case)g Fu([while)1001
+1356 y Fn(\013)989 1417 y(ns)1060 1392 y Fu(]:)44 b(Straigh)m(tforw)m
+(ard.)1826 b Fh(2)430 1596 y Fu(This)45 b(completes)g(the)g(pro)s(of)f
+(of)h(Lemma)f(2.27.)80 b(The)46 b(second)g(part)f(of)g(the)g(theorem)
+283 1717 y(follo)m(ws)32 b(from:)p 283 1838 3473 5 v
+283 2015 a Fw(Lemma)38 b(2.28)49 b Fu(F)-8 b(or)21 b(ev)m(ery)j
+(statemen)m(t)e Fs(S)34 b Fu(of)21 b Fw(While)p Fu(,)i(states)g
+Fs(s)30 b Fu(and)22 b Fs(s)2878 1979 y Fi(0)2923 2015
+y Fu(and)h(natural)d(n)m(um)m(b)s(er)283 2136 y(k)33
+b(w)m(e)h(ha)m(v)m(e)g(that)527 2342 y Ft(h)p Fs(S)12
+b Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))912 2306 y Fn(k)985
+2342 y Fs(s)1033 2306 y Fi(0)1089 2342 y Fu(implies)e
+Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1885
+2306 y Fi(0)1908 2342 y Fu(.)283 2549 y(So)g(if)e(the)i(execution)g(of)
+f Fs(S)43 b Fu(from)30 b Fs(s)39 b Fu(terminates)31 b(in)g(the)h
+(structural)f(op)s(erational)e(seman)m(tics)283 2669
+y(then)34 b(it)d(will)f(terminate)i(in)g(the)h(same)f(state)h(in)f(the)
+h(natural)e(seman)m(tics.)p 283 2789 V 283 2996 a Fw(Pro)s(of:)38
+b Fu(The)33 b(pro)s(of)f(pro)s(ceeds)h(b)m(y)h(induction)d(on)i(the)f
+(length)g(of)g(the)h(deriv)-5 b(ation)31 b(sequence)283
+3116 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))668
+3080 y Fn(k)742 3116 y Fs(s)790 3080 y Fi(0)813 3116
+y Fu(,)h(that)f(is)g(b)m(y)h(induction)f(on)h(k.)430
+3237 y(If)f(k=0)h(then)g(the)g(result)g(holds)f(v)-5
+b(acuously)d(.)430 3358 y(T)g(o)37 b(pro)m(v)m(e)h(the)g(induction)e
+(step)i(w)m(e)g(assume)f(that)g(the)h(lemma)d(holds)h(for)h(k)c
+Ft(\024)g Fu(k)3522 3373 y Fn(0)3599 3358 y Fu(and)283
+3478 y(w)m(e)j(shall)d(then)i(pro)m(v)m(e)g(that)g(it)e(holds)h(for)g
+(k)1919 3493 y Fn(0)1959 3478 y Fu(+1.)48 b(W)-8 b(e)35
+b(pro)s(ceed)g(b)m(y)g(cases)h(on)f(ho)m(w)g(the)f(\014rst)283
+3599 y(step)40 b(of)f Ft(h)o Fs(S)12 b Fu(,)39 b Fs(s)8
+b Ft(i)39 b(\))1010 3563 y Fn(k)1047 3572 y Fd(0)1082
+3563 y Fn(+1)1215 3599 y Fs(s)1263 3563 y Fi(0)1325 3599
+y Fu(is)g(obtained,)h(that)e(is)h(b)m(y)g(insp)s(ecting)g(the)g(deriv)
+-5 b(ation)37 b(tree)i(for)283 3719 y(the)33 b(\014rst)h(step)f(of)f
+(computation)f(in)h(the)h(structural)f(op)s(erational)e(seman)m(tics.)
+283 3887 y Fw(The)j(case)g Fu([ass)891 3902 y Fn(sos)987
+3887 y Fu(]:)44 b(Straigh)m(tforw)m(ard)32 b(\(and)g(k)2065
+3902 y Fn(0)2138 3887 y Fu(=)g(0\).)283 4054 y Fw(The)h(case)g
+Fu([skip)937 4069 y Fn(sos)1033 4054 y Fu(]:)44 b(Straigh)m(tforw)m
+(ard)31 b(\(and)i(k)2111 4069 y Fn(0)2183 4054 y Fu(=)g(0\).)283
+4222 y Fw(The)g(cases)h Fu([comp)1051 4186 y Fn(1)1039
+4247 y(sos)1134 4222 y Fu(])e(and)h([comp)1650 4186 y
+Fn(2)1638 4247 y(sos)1733 4222 y Fu(]:)43 b(In)33 b(b)s(oth)f(cases)i
+(w)m(e)g(assume)f(that)527 4428 y Ft(h)p Fs(S)633 4443
+y Fn(1)672 4428 y Fu(;)p Fs(S)766 4443 y Fn(2)806 4428
+y Fu(,)f Fs(s)8 b Ft(i)33 b(\))1084 4392 y Fn(k)1121
+4401 y Fd(0)1156 4392 y Fn(+1)1283 4428 y Fs(s)1331 4392
+y Fi(00)283 4635 y Fu(W)-8 b(e)40 b(can)f(no)m(w)h(apply)e(Lemma)g
+(2.19)g(and)h(get)g(that)g(there)g(exists)h(a)e(state)i
+Fs(s)3189 4599 y Fi(0)3251 4635 y Fu(and)f(natural)283
+4755 y(n)m(um)m(b)s(ers)34 b(k)728 4770 y Fn(1)800 4755
+y Fu(and)f(k)1041 4770 y Fn(2)1113 4755 y Fu(suc)m(h)h(that)527
+4961 y Ft(h)p Fs(S)633 4976 y Fn(1)672 4961 y Fu(,)f
+Fs(s)8 b Ft(i)32 b(\))951 4925 y Fn(k)988 4934 y Fd(1)1059
+4961 y Fs(s)1107 4925 y Fi(0)1163 4961 y Fu(and)h Ft(h)p
+Fs(S)1459 4976 y Fn(2)1498 4961 y Fu(,)g Fs(s)1606 4925
+y Fi(0)1629 4961 y Ft(i)f(\))1800 4925 y Fn(k)1837 4934
+y Fd(2)1908 4961 y Fs(s)1956 4925 y Fi(00)283 5168 y
+Fu(where)c(k)610 5183 y Fn(1)650 5168 y Fu(+k)777 5183
+y Fn(2)817 5168 y Fu(=k)944 5183 y Fn(0)984 5168 y Fu(+1.)41
+b(The)28 b(induction)d(h)m(yp)s(othesis)j(can)f(no)m(w)g(b)s(e)g
+(applied)f(to)g(eac)m(h)h(of)g(these)283 5288 y(deriv)-5
+b(ation)31 b(sequences)36 b(b)s(ecause)e(k)1596 5303
+y Fn(1)1669 5288 y Ft(\024)f Fu(k)1830 5303 y Fn(0)1902
+5288 y Fu(and)g(k)2143 5303 y Fn(2)2215 5288 y Ft(\024)g
+Fu(k)2376 5303 y Fn(0)2416 5288 y Fu(.)43 b(So)33 b(w)m(e)h(get)527
+5494 y Ft(h)p Fs(S)633 5509 y Fn(1)672 5494 y Fu(,)f
+Fs(s)8 b Ft(i)32 b(!)g Fs(s)1031 5458 y Fi(0)1087 5494
+y Fu(and)h Ft(h)p Fs(S)1383 5509 y Fn(2)1422 5494 y Fu(,)g
+Fs(s)1530 5458 y Fi(0)1553 5494 y Ft(i)f(!)g Fs(s)1804
+5458 y Fi(00)p eop
+%%Page: 43 53
+43 52 bop 0 130 a Fw(2.3)112 b(An)38 b(equiv)-6 b(alence)37
+b(result)2047 b(43)p 0 193 3473 4 v 0 515 a Fu(Using)32
+b([comp)529 530 y Fn(ns)600 515 y Fu(])h(w)m(e)g(no)m(w)h(get)e(the)h
+(required)g Ft(h)p Fs(S)1825 530 y Fn(1)1864 515 y Fu(;)p
+Fs(S)1958 530 y Fn(2)1998 515 y Fu(,)f Fs(s)8 b Ft(i)33
+b(!)f Fs(s)2357 479 y Fi(00)2399 515 y Fu(.)0 683 y Fw(The)h(case)g
+Fu([if)553 647 y Fn(tt)541 708 y(sos)635 683 y Fu(]:)44
+b(Assume)33 b(that)f Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(])p Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)g(that)244 902
+y Ft(h)p Fr(if)h Fs(b)38 b Fr(then)c Fs(S)806 917 y Fn(1)877
+902 y Fr(else)g Fs(S)1182 917 y Fn(2)1221 902 y Fu(,)f
+Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)1638 917 y Fn(1)1677
+902 y Fu(,)h Fs(s)8 b Ft(i)32 b(\))1956 865 y Fn(k)1993
+874 y Fd(0)2065 902 y Fs(s)2113 865 y Fi(0)0 1120 y Fu(The)d(induction)
+d(h)m(yp)s(othesis)j(can)f(b)s(e)g(applied)f(to)g(the)h(deriv)-5
+b(ation)27 b(sequence)j Ft(h)p Fs(S)2975 1135 y Fn(1)3014
+1120 y Fu(,)j Fs(s)8 b Ft(i)32 b(\))3293 1084 y Fn(k)3330
+1093 y Fd(0)3401 1120 y Fs(s)3449 1084 y Fi(0)0 1240
+y Fu(and)h(giv)m(es)244 1459 y Ft(h)p Fs(S)350 1474 y
+Fn(1)389 1459 y Fu(,)g Fs(s)8 b Ft(i)32 b(!)g Fs(s)748
+1423 y Fi(0)0 1678 y Fu(The)i(result)e(no)m(w)h(follo)m(ws)f(using)g
+([if)1348 1641 y Fn(tt)1336 1702 y(ns)1406 1678 y Fu(].)0
+1845 y Fw(The)h(case)g Fu([if)553 1809 y Fn(\013)541
+1870 y(sos)635 1845 y Fu(]:)44 b(Analogous.)0 2013 y
+Fw(The)33 b(case)g Fu([while)706 2028 y Fn(sos)800 2013
+y Fu(]:)44 b(W)-8 b(e)33 b(ha)m(v)m(e)244 2231 y Ft(h)p
+Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8
+b Ft(i)571 2399 y(\))33 b(h)o Fr(if)g Fs(b)39 b Fr(then)33
+b Fu(\()p Fs(S)12 b Fu(;)33 b Fr(while)h Fs(b)k Fr(do)33
+b Fs(S)12 b Fu(\))32 b Fr(else)i(skip)p Fu(,)g Fs(s)8
+b Ft(i)571 2567 y(\))671 2530 y Fn(k)708 2539 y Fd(0)780
+2567 y Fs(s)828 2530 y Fi(00)0 2785 y Fu(The)46 b(induction)e(h)m(yp)s
+(othesis)i(can)f(b)s(e)g(applied)f(to)g(the)h(k)2204
+2800 y Fn(0)2289 2785 y Fu(last)f(steps)i(of)f(the)g(deriv)-5
+b(ation)0 2905 y(sequence)35 b(and)e(giv)m(es)244 3124
+y Ft(h)p Fr(if)g Fs(b)38 b Fr(then)c Fu(\()p Fs(S)12
+b Fu(;)32 b Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\))33
+b Fr(else)g(skip)p Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)2349
+3088 y Fi(00)0 3343 y Fu(and)h(from)e(Lemma)g(2.5)h(w)m(e)i(get)f(the)g
+(required)269 3510 y Ft(h)o Fr(while)h Fs(b)39 b Fr(do)33
+b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1241
+3474 y Fi(00)3398 3510 y Fh(2)0 3789 y Fw(Pro)s(of)43
+b(of)g(Theorem)g(2.26:)98 b Fu(F)-8 b(or)36 b(an)i(arbitrary)e
+(statemen)m(t)i Fs(S)49 b Fu(and)38 b(state)g Fs(s)45
+b Fu(it)37 b(follo)m(ws)0 3909 y(from)27 b(Lemmas)g(2.27)g(and)h(2.28)g
+(that)g(if)f Ft(S)1555 3924 y Fn(ns)1627 3909 y Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q Fs(s)36 b Fu(=)27 b Fs(s)1996
+3873 y Fi(0)2048 3909 y Fu(then)h Ft(S)2333 3924 y Fn(sos)2428
+3909 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])p Fs(s)36
+b Fu(=)28 b Fs(s)2798 3873 y Fi(0)2850 3909 y Fu(and)g(vice)g(v)m
+(ersa.)0 4029 y(This)35 b(su\016ces)i(for)d(sho)m(wing)h(that)f(the)h
+(functions)g Ft(S)1958 4044 y Fn(ns)2029 4029 y Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(])35 b(and)g Ft(S)2465 4044
+y Fn(sos)2560 4029 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])35 b(m)m(ust)g(b)s(e)g(equal:)48 b(if)0 4150 y(one)31
+b(is)f(de\014ned)i(on)e(a)h(state)f Fs(s)39 b Fu(then)31
+b(so)g(is)f(the)h(other,)g(and)g(therefore,)g(if)f(one)h(is)f(not)g
+(de\014ned)0 4270 y(on)i(a)h(state)g Fs(s)40 b Fu(then)34
+b(neither)e(is)g(the)h(other.)1794 b Fh(2)0 4523 y Fw(Exercise)36
+b(2.29)49 b Fu(Consider)28 b(the)g(extension)h(of)e(the)h(language)e
+Fw(While)g Fu(with)h(the)h(statemen)m(t)0 4643 y Fr(repeat)47
+b Fs(S)58 b Fr(until)47 b Fs(b)6 b Fu(.)83 b(The)46 b(natural)f(seman)m
+(tics)h(of)f(the)h(construct)h(w)m(as)g(considered)f(in)0
+4763 y(Exercise)30 b(2.7)d(and)i(the)f(structural)h(op)s(erational)c
+(seman)m(tics)k(in)e(Exercise)j(2.17.)41 b(Mo)s(dify)28
+b(the)0 4884 y(pro)s(of)k(of)g(Theorem)h(2.26)f(so)g(that)h(the)g
+(theorem)f(applies)g(to)g(the)h(extended)i(language.)106
+b Fh(2)0 5133 y Fw(Exercise)36 b(2.30)49 b Fu(Consider)28
+b(the)g(extension)h(of)e(the)h(language)e Fw(While)g
+Fu(with)h(the)h(statemen)m(t)0 5254 y Fr(for)j Fs(x)43
+b Fu(:=)30 b Fs(a)462 5269 y Fn(1)532 5254 y Fr(to)h
+Fs(a)722 5269 y Fn(2)792 5254 y Fr(do)g Fs(S)12 b Fu(.)31
+b(The)g(natural)f(seman)m(tics)h(of)f(the)h(construct)g(w)m(as)h
+(considered)f(in)0 5374 y(Exercise)f(2.8)d(and)i(the)f(structural)h(op)
+s(erational)c(seman)m(tics)k(in)e(Exercise)j(2.18.)41
+b(Mo)s(dify)28 b(the)0 5494 y(pro)s(of)k(of)g(Theorem)h(2.26)f(so)g
+(that)h(the)g(theorem)f(applies)g(to)g(the)h(extended)i(language.)106
+b Fh(2)p eop
+%%Page: 44 54
+44 53 bop 251 130 a Fw(44)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 430 515 a Fu(The)h(pro)s(of)e(tec)m
+(hnique)j(emplo)m(y)m(ed)e(in)g(the)g(pro)s(of)f(of)h(Theorem)h(2.26)e
+(ma)m(y)h(b)s(e)g(summa-)283 636 y(rized)c(as)g(follo)m(ws:)p
+283 765 3470 4 v 283 782 V 281 990 4 208 v 298 990 V
+1371 911 a Fw(Pro)s(of)f(Summary)h(for)f(While)p Fu(:)p
+3735 990 V 3752 990 V 281 1197 V 298 1197 V 997 1118
+a Fw(Equiv)-6 b(alence)32 b(of)g(t)m(w)m(o)g(Op)s(erational)g(Seman)m
+(tics)p 3735 1197 V 3752 1197 V 283 1201 3470 4 v 281
+1690 4 490 v 298 1690 V 350 1366 a Fu(1:)143 b(Pro)m(v)m(e)24
+b(b)m(y)h Fs(induction)h(on)f(the)i(shap)-5 b(e)25 b(of)h(derivation)g
+(tr)-5 b(e)g(es)31 b Fu(that)23 b(for)g(eac)m(h)h(deriv)-5
+b(ation)569 1487 y(tree)46 b(in)e(the)i(natural)e(seman)m(tics)h(there)
+h(is)f(a)g(corresp)s(onding)g(\014nite)g(deriv)-5 b(ation)569
+1607 y(sequence)35 b(in)d(the)h(structural)f(op)s(erational)e(seman)m
+(tics.)p 3735 1690 V 3752 1690 V 281 2099 4 409 v 298
+2099 V 350 1775 a(2:)143 b(Pro)m(v)m(e)45 b(b)m(y)g Fs(induction)g(on)g
+(the)h(length)f(of)g(derivation)f(se)-5 b(quenc)g(es)52
+b Fu(that)43 b(for)h(eac)m(h)569 1895 y(\014nite)33 b(deriv)-5
+b(ation)31 b(sequence)36 b(in)c(the)i(structural)f(op)s(erational)d
+(seman)m(tics)j(there)h(is)569 2015 y(a)e(corresp)s(onding)h(deriv)-5
+b(ation)30 b(tree)k(in)d(the)i(natural)f(seman)m(tics.)p
+3735 2099 V 3752 2099 V 283 2102 3470 4 v 283 2119 V
+283 2314 a(When)41 b(pro)m(ving)e(the)h(equiv)-5 b(alence)40
+b(of)f(t)m(w)m(o)h(op)s(erational)d(seman)m(tics)j(for)f(a)g(language)f
+(with)283 2435 y(additional)29 b(programming)f(constructs)k(one)g(ma)m
+(y)f(need)h(to)f(amend)g(the)g(ab)s(o)m(v)m(e)h(pro)s(of)e(tec)m(h-)283
+2555 y(nique.)70 b(One)41 b(reason)h(is)f(that)g(the)g(equiv)-5
+b(alence)42 b(result)f(ma)m(y)g(ha)m(v)m(e)h(to)f(b)s(e)g(expressed)j
+(dif-)283 2675 y(feren)m(tly)37 b(from)e(that)h(of)g(Theorem)h(2.26)e
+(\(as)i(will)d(b)s(e)i(the)h(case)g(if)e(the)i(extended)h(language)283
+2796 y(is)43 b(non-deterministic\).)75 b(Also)43 b(one)g(migh)m(t)f(w)m
+(an)m(t)j(to)e(consider)h(only)f(some)g(of)g(the)h(\014nite)283
+2916 y(deriv)-5 b(ation)31 b(sequences,)36 b(for)c(example)g(those)i
+(ending)e(in)g(a)g(terminal)e(con\014guration.)283 3242
+y Fj(2.4)161 b(Extensions)53 b(of)g(While)283 3461 y
+Fu(In)29 b(order)f(to)f(illustrate)f(the)i(p)s(o)m(w)m(er)h(and)f(w)m
+(eakness)j(of)d(the)g(t)m(w)m(o)h(approac)m(hes)g(to)e(op)s(erational)
+283 3582 y(seman)m(tics)38 b(w)m(e)h(shall)d(consider)i(v)-5
+b(arious)37 b(extensions)i(of)e(the)h(language)e Fw(While)p
+Fu(.)57 b(F)-8 b(or)37 b(eac)m(h)283 3702 y(extension)d(w)m(e)f(shall)f
+(sho)m(w)h(ho)m(w)h(to)e(mo)s(dify)f(the)i(op)s(erational)d(seman)m
+(tics.)283 3984 y Fp(Ab)t(ortion)283 4169 y Fu(W)-8 b(e)35
+b(\014rst)f(extend)h Fw(While)d Fu(with)h(the)h(simple)e(statemen)m(t)i
+Fr(abort)p Fu(.)48 b(The)35 b(idea)e(is)g(that)h Fr(abort)283
+4289 y Fs(stops)52 b Fu(the)44 b(execution)g(of)g(the)g(complete)f
+(program.)75 b(This)44 b(means)f(that)h Fr(abort)h Fu(b)s(eha)m(v)m(es)
+283 4410 y(di\013eren)m(tly)30 b(from)f Fr(while)i(true)g(do)f(skip)h
+Fu(in)e(that)h(it)f(causes)i(the)f(execution)h(to)f(stop)g(rather)283
+4530 y(than)25 b(lo)s(op.)39 b(Also)24 b Fr(abort)h Fu(b)s(eha)m(v)m
+(es)i(di\013eren)m(tly)d(from)f Fr(skip)i Fu(b)s(ecause)h(a)e(statemen)
+m(t)h(follo)m(wing)283 4651 y Fr(abort)34 b Fu(will)d(nev)m(er)j(b)s(e)
+e(executed)j(whereas)f(one)f(follo)m(wing)d Fr(skip)k
+Fu(certainly)d(will.)430 4771 y(F)-8 b(ormally)g(,)29
+b(the)k(new)h(syn)m(tax)g(of)e(statemen)m(ts)i(is)e(giv)m(en)g(b)m(y:)
+577 4928 y Fs(S)112 b Fu(::=)99 b Fs(x)45 b Fu(:=)32
+b Fs(a)40 b Ft(j)32 b Fr(skip)i Ft(j)e Fs(S)1713 4943
+y Fn(1)1785 4928 y Fu(;)g Fs(S)1911 4943 y Fn(2)1983
+4928 y Ft(j)g Fr(if)h Fs(b)39 b Fr(then)33 b Fs(S)2566
+4943 y Fn(1)2638 4928 y Fr(else)h Fs(S)2943 4943 y Fn(2)795
+5095 y Ft(j)150 b Fr(while)34 b Fs(b)39 b Fr(do)33 b
+Fs(S)44 b Ft(j)32 b Fr(abort)283 5254 y Fu(W)-8 b(e)31
+b(shall)d(not)h(rep)s(eat)h(the)g(de\014nitions)f(of)h(the)g(sets)h(of)
+e(con\014gurations)g(but)h(tacitly)e(assume)283 5374
+y(that)k(they)g(are)g(mo)s(di\014ed)e(so)h(as)h(to)f(corresp)s(ond)h
+(to)g(the)f(extended)j(syn)m(tax.)45 b(The)32 b(task)g(that)283
+5494 y(remains,)g(therefore,)h(is)g(to)f(de\014ne)i(the)f(new)g
+(transition)e(relations)g Ft(!)h Fu(and)h Ft(\))p Fu(.)p
+eop
+%%Page: 45 55
+45 54 bop 0 130 a Fw(2.4)112 b(Extensions)37 b(of)h(While)2119
+b(45)p 0 193 3473 4 v 146 515 a Fu(The)26 b(fact)f(that)g
+Fr(abort)h Fu(stops)g(the)g(execution)g(of)e(the)i(program)e(is)g(mo)s
+(delled)f(b)m(y)j(ensuring)0 636 y(that)40 b(the)h(con\014gurations)f
+(of)g(the)h(form)e Ft(h)p Fr(abort)p Fu(,)44 b Fs(s)8
+b Ft(i)40 b Fu(are)h Fs(stuck)11 b Fu(.)67 b(Therefore)41
+b(the)g Fs(natur)-5 b(al)0 756 y(semantics)47 b Fu(of)39
+b(the)h(extended)i(language)c(is)i(still)d(de\014ned)k(b)m(y)g(the)f
+(transition)e(relation)g Ft(!)0 877 y Fu(of)31 b(T)-8
+b(able)31 b(2.1.)43 b(So)31 b(although)g(the)h(language)e(and)i(thereb)
+m(y)h(the)f(set)g(of)f(con\014gurations)g(ha)m(v)m(e)0
+997 y(b)s(een)c(extended)h(w)m(e)f(do)f(not)f(mo)s(dify)g(the)h
+(de\014nition)f(of)g(the)i(transition)d(relation.)39
+b(Similarly)-8 b(,)0 1117 y(the)40 b Fs(structur)-5 b(al)43
+b(op)-5 b(er)g(ational)40 b(semantics)47 b Fu(of)39 b(the)h(extended)i
+(language)d(is)g(still)e(de\014ned)k(b)m(y)0 1238 y(T)-8
+b(able)32 b(2.2.)146 1358 y(F)-8 b(rom)39 b(the)i(structural)g(op)s
+(erational)d(seman)m(tics)i(p)s(oin)m(t)g(of)g(view)h(it)e(is)h(clear)g
+(no)m(w)i(that)0 1478 y Fr(abort)34 b Fu(and)f Fr(skip)g
+Fu(cannot)g(b)s(e)g(seman)m(tically)d(equiv)-5 b(alen)m(t.)44
+b(This)32 b(is)h(b)s(ecause)244 1648 y Ft(h)p Fr(skip)p
+Fu(,)g Fs(s)8 b Ft(i)33 b(\))f Fs(s)0 1818 y Fu(is)g(the)h(only)f
+(deriv)-5 b(ation)31 b(sequence)k(for)d Fr(skip)i Fu(starting)e(in)f
+Fs(s)41 b Fu(and)244 1989 y Ft(h)p Fr(abort)p Fu(,)34
+b Fs(s)8 b Ft(i)0 2159 y Fu(is)28 b(the)h(only)g(deriv)-5
+b(ation)27 b(sequence)k(for)e Fr(abort)h Fu(starting)d(in)h
+Fs(s)8 b Fu(.)43 b(Similarly)-8 b(,)25 b Fr(abort)30
+b Fu(cannot)f(b)s(e)0 2279 y(seman)m(tically)i(equiv)-5
+b(alen)m(t)32 b(to)g Fr(while)i(true)g(do)f(skip)g Fu(b)s(ecause)244
+2449 y Ft(h)p Fr(while)g(true)h(do)f(skip)p Fu(,)h Fs(s)8
+b Ft(i)571 2617 y(\))33 b(h)o Fr(if)g(true)h(then)g Fu(\()p
+Fr(skip)p Fu(;)f Fr(while)h(true)g(do)f(skip)p Fu(\))g
+Fr(else)h(skip)p Fu(,)f Fs(s)8 b Ft(i)571 2784 y(\))33
+b(h)o Fr(skip)p Fu(;)h Fr(while)g(true)f(do)h(skip)p
+Fu(,)f Fs(s)8 b Ft(i)571 2952 y(\))33 b(h)o Fr(while)h(true)g(do)f
+(skip)p Fu(,)h Fs(s)8 b Ft(i)571 3119 y(\))33 b(\001)17
+b(\001)g(\001)0 3289 y Fu(is)27 b(an)h(in\014nite)f(deriv)-5
+b(ation)26 b(sequence)31 b(for)c Fr(while)i(true)g(do)f(skip)h
+Fu(whereas)g Fr(abort)h Fu(has)e(none.)0 3410 y(Th)m(us)d(w)m(e)f
+(shall)d(claim)g(that)i(the)g(structural)g(op)s(erational)e(seman)m
+(tics)i(captures)h(the)f(informal)0 3530 y(explanation)31
+b(giv)m(en)i(earlier.)146 3651 y(F)-8 b(rom)32 b(the)i(natural)d(seman)
+m(tics)j(p)s(oin)m(t)e(of)h(view)g(it)f(is)h(also)f(clear)h(that)g
+Fr(skip)h Fu(and)f Fr(abort)0 3771 y Fu(cannot)25 b(b)s(e)g(seman)m
+(tically)e(equiv)-5 b(alen)m(t.)40 b(Ho)m(w)m(ev)m(er,)29
+b(it)24 b(turns)h(out)f(that)h Fr(while)34 b(true)f(do)g(skip)0
+3891 y Fu(and)25 b Fr(abort)i Fs(ar)-5 b(e)32 b Fu(seman)m(tically)23
+b(equiv)-5 b(alen)m(t!)41 b(The)26 b(reason)g(is)e(that)h(in)g(the)g
+(natural)f(seman)m(tics)0 4012 y(w)m(e)39 b(are)f(only)f(concerned)j
+(with)d(executions)i(that)f(terminate)f(prop)s(erly)-8
+b(.)58 b(So)38 b(if)f(w)m(e)i(do)f(not)0 4132 y(ha)m(v)m(e)31
+b(a)e(deriv)-5 b(ation)28 b(tree)i(for)f Ft(h)p Fs(S)12
+b Fu(,)29 b Fs(s)8 b Ft(i)30 b(!)f Fs(s)1549 4096 y Fi(0)1602
+4132 y Fu(then)h(w)m(e)g(cannot)g(tell)e(whether)j(it)d(is)h(b)s
+(ecause)i(w)m(e)0 4253 y(en)m(tered)39 b(a)e(stuc)m(k)j
+(con\014guration)c(or)h(a)h(lo)s(oping)d(execution.)59
+b(W)-8 b(e)38 b(can)g(summarize)e(this)h(as)0 4373 y(follo)m(ws:)p
+0 4503 3472 4 v 0 4519 V -2 4727 4 208 v 15 4727 V 283
+4648 a Fw(Natural)32 b(Seman)m(tics)g(v)m(ersus)h(Structural)f(Op)s
+(erational)g(Seman)m(tics)p 3453 4727 V 3470 4727 V 0
+4730 3472 4 v -2 5099 4 370 v 15 5099 V 66 4896 a Ft(\017)100
+b Fu(In)27 b(a)g(natural)e(seman)m(tics)i(w)m(e)h(cannot)f(distinguish)
+f(b)s(et)m(w)m(een)j Fs(lo)-5 b(oping)34 b Fu(and)27
+b Fs(abnormal)216 5016 y(termination)p Fu(.)p 3453 5099
+V 3470 5099 V -2 5508 4 409 v 15 5508 V 66 5184 a Ft(\017)100
+b Fu(In)32 b(a)g(structural)g(op)s(erational)e(seman)m(tics)i
+Fs(lo)-5 b(oping)40 b Fu(is)32 b(re\015ected)i(b)m(y)f(in\014nite)e
+(deriv)-5 b(a-)216 5304 y(tion)22 b(sequences)27 b(and)c
+Fs(abnormal)i(termination)30 b Fu(b)m(y)24 b(\014nite)f(deriv)-5
+b(ation)22 b(sequences)27 b(end-)216 5424 y(ing)k(in)h(a)h(stuc)m(k)h
+(con\014guration.)p 3453 5508 V 3470 5508 V 0 5511 3472
+4 v 0 5528 V eop
+%%Page: 46 56
+46 55 bop 251 130 a Fw(46)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(W)-8 b(e)41
+b(should)f(note,)j(ho)m(w)m(ev)m(er,)i(that)40 b(if)f(abnormal)g
+(termination)f(is)h(mo)s(delled)g(b)m(y)i(\\normal)283
+636 y(termination")22 b(in)i(a)h(sp)s(ecial)e(error)i(con\014guration)f
+(\(included)g(in)g(the)h(set)h(of)e(terminal)e(con\014g-)283
+756 y(urations\))34 b(then)g(w)m(e)h(can)f(distinguish)f(b)s(et)m(w)m
+(een)j(the)e(three)h(statemen)m(ts)f(in)g(b)s(oth)f(seman)m(tic)283
+877 y(st)m(yles.)283 1092 y Fw(Exercise)k(2.31)49 b Fu(Theorem)30
+b(2.26)f(expresses)k(that)d(the)g(natural)f(seman)m(tics)h(and)g(the)g
+(struc-)283 1213 y(tural)41 b(op)s(erational)e(seman)m(tics)j(of)f
+Fw(While)f Fu(are)i(equiv)-5 b(alen)m(t.)70 b(Discuss)42
+b(whether)h(or)f(not)f(a)283 1333 y(similar)30 b(result)i(holds)h(for)f
+Fw(While)f Fu(extended)j(with)e Fr(abort)p Fu(.)1159
+b Fh(2)283 1549 y Fw(Exercise)37 b(2.32)49 b Fu(Extend)34
+b Fw(While)d Fu(with)h(the)h(statemen)m(t)527 1743 y
+Fr(assert)h Fs(b)39 b Fr(before)34 b Fs(S)283 1937 y
+Fu(The)23 b(idea)e(is)h(that)f(if)g Fs(b)28 b Fu(ev)-5
+b(aluates)21 b(to)h(true)g(then)g(w)m(e)h(execute)h Fs(S)34
+b Fu(and)22 b(otherwise)g(the)g(execution)283 2057 y(of)48
+b(the)h(complete)e(program)g(ab)s(orts.)90 b(Extend)49
+b(the)g(structural)f(op)s(erational)e(seman)m(tics)283
+2178 y(of)40 b(T)-8 b(able)39 b(2.2)h(to)f(express)j(this)e(\(without)f
+(assuming)g(that)h Fw(While)e Fu(con)m(tains)i(the)g
+Fr(abort)p Fu(-)283 2298 y(statemen)m(t\).)k(Sho)m(w)31
+b(that)f Fr(assert)h(true)g(before)h Fs(S)42 b Fu(is)30
+b(seman)m(tically)e(equiv)-5 b(alen)m(t)30 b(to)g Fs(S)42
+b Fu(but)283 2419 y(that)i Fr(assert)h(false)f(before)h
+Fs(S)56 b Fu(neither)43 b(is)g(equiv)-5 b(alen)m(t)43
+b(to)g Fr(while)i(true)g(do)f(skip)g Fu(nor)283 2539
+y Fr(skip)p Fu(.)3167 b Fh(2)283 2826 y Fp(Non-determinism)283
+3011 y Fu(The)34 b(second)g(extension)f(of)f Fw(While)f
+Fu(has)i(statemen)m(ts)h(giv)m(en)f(b)m(y)577 3197 y
+Fs(S)112 b Fu(::=)99 b Fs(x)45 b Fu(:=)32 b Fs(a)40 b
+Ft(j)32 b Fr(skip)i Ft(j)e Fs(S)1713 3212 y Fn(1)1785
+3197 y Fu(;)g Fs(S)1911 3212 y Fn(2)1983 3197 y Ft(j)g
+Fr(if)h Fs(b)39 b Fr(then)33 b Fs(S)2566 3212 y Fn(1)2638
+3197 y Fr(else)h Fs(S)2943 3212 y Fn(2)795 3364 y Ft(j)150
+b Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)44 b Ft(j)32
+b Fs(S)1707 3379 y Fn(1)1779 3364 y Fr(or)h Fs(S)1981
+3379 y Fn(2)283 3551 y Fu(The)i(idea)f(is)f(here)i(that)f(in)f
+Fs(S)1400 3566 y Fn(1)1474 3551 y Fr(or)h Fs(S)1677 3566
+y Fn(2)1750 3551 y Fu(w)m(e)h(can)g(non-deterministically)30
+b(c)m(ho)s(ose)35 b(to)f(execute)283 3672 y(either)f
+Fs(S)627 3687 y Fn(1)699 3672 y Fu(or)f Fs(S)885 3687
+y Fn(2)924 3672 y Fu(.)44 b(So)32 b(w)m(e)i(shall)d(exp)s(ect)j(that)e
+(execution)h(of)f(the)h(statemen)m(t)527 3866 y Fr(x)g
+Fu(:=)g Fr(1)f(or)h Fu(\()p Fr(x)g Fu(:=)g Fr(2)p Fu(;)g
+Fr(x)f Fu(:=)h Fr(x)g Fu(+)f Fr(2)p Fu(\))283 4060 y(could)c(result)f
+(in)g(a)g(state)h(where)g Fr(x)g Fu(has)g(the)g(v)-5
+b(alue)27 b Fw(1)p Fu(,)h(but)g(it)f(could)g(as)g(w)m(ell)g(result)h
+(in)e(a)h(state)283 4180 y(where)34 b Fr(x)f Fu(has)g(the)g(v)-5
+b(alue)32 b Fw(4)p Fu(.)430 4301 y(When)c(sp)s(ecifying)f(the)h
+Fs(natur)-5 b(al)31 b(semantics)j Fu(w)m(e)29 b(extend)g(T)-8
+b(able)27 b(2.1)g(with)h(the)g(t)m(w)m(o)g(rules:)527
+4555 y([or)653 4519 y Fn(1)641 4579 y(ns)712 4555 y Fu(])1297
+4468 y Ft(h)p Fs(S)1403 4483 y Fn(1)1442 4468 y Fu(,)33
+b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1801 4432 y Fi(0)p 1160
+4532 802 4 v 1160 4636 a Ft(h)p Fs(S)1266 4651 y Fn(1)1338
+4636 y Fr(or)h Fs(S)1540 4651 y Fn(2)1579 4636 y Fu(,)g
+Fs(s)8 b Ft(i)32 b(!)g Fs(s)1938 4600 y Fi(0)527 4917
+y Fu([or)653 4881 y Fn(2)641 4942 y(ns)712 4917 y Fu(])1297
+4831 y Ft(h)p Fs(S)1403 4846 y Fn(2)1442 4831 y Fu(,)h
+Fs(s)8 b Ft(i)32 b(!)g Fs(s)1801 4794 y Fi(0)p 1160 4894
+V 1160 4998 a Ft(h)p Fs(S)1266 5013 y Fn(1)1338 4998
+y Fr(or)h Fs(S)1540 5013 y Fn(2)1579 4998 y Fu(,)g Fs(s)8
+b Ft(i)32 b(!)g Fs(s)1938 4962 y Fi(0)283 5180 y Fu(Corresp)s(onding)42
+b(to)f(the)g(con\014guration)g Ft(h)o Fr(x)h Fu(:=)f
+Fr(1)h(or)f Fu(\()p Fr(x)h Fu(:=)f Fr(2)p Fu(;)46 b Fr(x)41
+b Fu(:=)g Fr(x)p Fu(+)p Fr(2)p Fu(\),)j Fs(s)8 b Ft(i)41
+b Fu(w)m(e)i(ha)m(v)m(e)283 5300 y(deriv)-5 b(ation)31
+b(trees)j(for)527 5494 y Ft(h)p Fr(x)f Fu(:=)f Fr(1)h(or)g
+Fu(\()p Fr(x)g Fu(:=)f Fr(2)p Fu(;)h Fr(x)g Fu(:=)g Fr(x)p
+Fu(+)p Fr(2)p Fu(\),)f Fs(s)8 b Ft(i)33 b(!)f Fs(s)8
+b Fu([)p Fr(x)p Ft(7!)p Fw(1)p Fu(])p eop
+%%Page: 47 57
+47 56 bop 0 130 a Fw(2.4)112 b(Extensions)37 b(of)h(While)2119
+b(47)p 0 193 3473 4 v 0 515 a Fu(as)33 b(w)m(ell)f(as)244
+712 y Ft(h)p Fr(x)g Fu(:=)h Fr(1)g(or)g Fu(\()p Fr(x)f
+Fu(:=)h Fr(2)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Fu(+)p Fr(2)p
+Fu(\),)h Fs(s)8 b Ft(i)32 b(!)h Fs(s)8 b Fu([)p Fr(x)p
+Ft(7!)p Fw(4)p Fu(])0 910 y(It)39 b(is)f(imp)s(ortan)m(t)f(to)h(note)h
+(that)f(if)g(w)m(e)i(replace)e Fr(x)h Fu(:=)g Fr(1)g
+Fu(b)m(y)g Fr(while)h(true)g(do)f(skip)h Fu(in)e(the)0
+1030 y(ab)s(o)m(v)m(e)33 b(statemen)m(t)g(then)h(w)m(e)f(will)e(only)h
+(ha)m(v)m(e)i(one)e(deriv)-5 b(ation)31 b(tree,)i(namely)f(that)h(for)
+244 1227 y Ft(h)p Fu(\()p Fr(while)g(true)h(do)f(skip)p
+Fu(\))h Fr(or)f Fu(\()p Fr(x)f Fu(:=)h Fr(2)p Fu(;)g
+Fr(x)f Fu(:=)h Fr(x)p Fu(+)p Fr(2)p Fu(\),)g Fs(s)8 b
+Ft(i)32 b(!)g Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p Fw(4)p Fu(])146
+1424 y(T)-8 b(urning)29 b(to)g(the)h Fs(structur)-5 b(al)33
+b(op)-5 b(er)g(ational)31 b(semantics)36 b Fu(w)m(e)30
+b(shall)e(extend)j(T)-8 b(able)29 b(2.2)g(with)0 1545
+y(the)k(t)m(w)m(o)g(axioms:)244 1742 y([or)370 1705 y
+Fn(1)358 1766 y(sos)453 1742 y Fu(])387 b Ft(h)p Fs(S)973
+1757 y Fn(1)1044 1742 y Fr(or)34 b Fs(S)1247 1757 y Fn(2)1286
+1742 y Fu(,)e Fs(s)8 b Ft(i)33 b(\))f(h)p Fs(S)1703 1757
+y Fn(1)1742 1742 y Fu(,)h Fs(s)8 b Ft(i)244 1956 y Fu([or)370
+1920 y Fn(2)358 1981 y(sos)453 1956 y Fu(])387 b Ft(h)p
+Fs(S)973 1971 y Fn(1)1044 1956 y Fr(or)34 b Fs(S)1247
+1971 y Fn(2)1286 1956 y Fu(,)e Fs(s)8 b Ft(i)33 b(\))f(h)p
+Fs(S)1703 1971 y Fn(2)1742 1956 y Fu(,)h Fs(s)8 b Ft(i)0
+2154 y Fu(F)-8 b(or)29 b(the)h(statemen)m(t)h Fr(x)f
+Fu(:=)f Fr(1)h(or)h Fu(\()p Fr(x)f Fu(:=)f Fr(2)p Fu(;)i
+Fr(x)g Fu(:=)e Fr(x)p Fu(+)p Fr(2)p Fu(\))h(w)m(e)h(ha)m(v)m(e)g(t)m(w)
+m(o)g(deriv)-5 b(ation)28 b(sequences:)244 2351 y Ft(h)p
+Fr(x)k Fu(:=)h Fr(1)g(or)g Fu(\()p Fr(x)f Fu(:=)h Fr(2)p
+Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(\),)h Fs(s)8
+b Ft(i)32 b(\))1803 2315 y Fi(\003)1875 2351 y Fs(s)8
+b Fu([)p Fr(x)p Ft(7!)p Fw(1)p Fu(])0 2548 y(and)244
+2745 y Ft(h)p Fr(x)32 b Fu(:=)h Fr(1)g(or)g Fu(\()p Fr(x)f
+Fu(:=)h Fr(2)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Fu(+)p Fr(2)p
+Fu(\),)h Fs(s)8 b Ft(i)32 b(\))1803 2709 y Fi(\003)1875
+2745 y Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p Fw(4)p Fu(])0 2942
+y(If)34 b(w)m(e)h(replace)g Fr(x)f Fu(:=)g Fr(1)h Fu(b)m(y)g
+Fr(while)g(true)h(do)e(skip)i Fu(in)d(the)i(ab)s(o)m(v)m(e)g(statemen)m
+(t)g(then)f(w)m(e)i(still)0 3062 y(ha)m(v)m(e)e(t)m(w)m(o)f(deriv)-5
+b(ation)31 b(sequences.)47 b(One)33 b(is)f(in\014nite)244
+3259 y Ft(h)p Fu(\()p Fr(while)h(true)h(do)f(skip)p Fu(\))h
+Fr(or)f Fu(\()p Fr(x)f Fu(:=)h Fr(2)p Fu(;)g Fr(x)f Fu(:=)h
+Fr(x)p Fu(+)p Fr(2)p Fu(\),)g Fs(s)8 b Ft(i)609 3427
+y(\))65 b(h)p Fr(while)34 b(true)f(do)g(skip)p Fu(,)h
+Fs(s)8 b Ft(i)609 3595 y(\))709 3559 y Fn(3)774 3595
+y Ft(h)p Fr(while)34 b(true)f(do)g(skip)p Fu(,)h Fs(s)8
+b Ft(i)609 3762 y(\))65 b(\001)17 b(\001)g(\001)0 3959
+y Fu(and)33 b(the)g(other)f(is)g(\014nite)244 4156 y
+Ft(h)p Fu(\()p Fr(while)h(true)h(do)f(skip)p Fu(\))h
+Fr(or)f Fu(\()p Fr(x)f Fu(:=)h Fr(2)p Fu(;)g Fr(x)f Fu(:=)h
+Fr(x)p Fu(+)p Fr(2)p Fu(\),)g Fs(s)8 b Ft(i)32 b(\))2475
+4120 y Fi(\003)2547 4156 y Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p
+Fw(4)p Fu(])146 4354 y(Comparing)31 b(the)h(natural)f(seman)m(tics)i
+(and)f(the)g(structural)g(op)s(erational)e(seman)m(tics)i(w)m(e)0
+4474 y(see)42 b(that)e(the)h(latter)f(can)h(c)m(ho)s(ose)g(the)h
+(\\wrong")e(branc)m(h)h(of)g(the)g Fr(or)p Fu(-statemen)m(t)g(whereas)0
+4594 y(the)33 b(\014rst)g(alw)m(a)m(ys)g(c)m(ho)s(oses)h(the)f(\\righ)m
+(t")e(branc)m(h.)45 b(This)33 b(is)f(summarized)f(as)i(follo)m(ws:)p
+0 4743 3472 4 v 0 4760 V -2 4968 4 208 v 15 4968 V 283
+4889 a Fw(Natural)f(Seman)m(tics)g(v)m(ersus)h(Structural)f(Op)s
+(erational)g(Seman)m(tics)p 3453 4968 V 3470 4968 V 0
+4971 3472 4 v -2 5220 4 249 v 15 5220 V 66 5136 a Ft(\017)100
+b Fu(In)33 b(a)f(natural)f(seman)m(tics)i Fs(non-determinism)g(wil)5
+b(l)34 b(suppr)-5 b(ess)35 b(lo)-5 b(oping)p Fu(,)31
+b(if)h(p)s(ossible.)p 3453 5220 V 3470 5220 V -2 5508
+4 289 v 15 5508 V 66 5304 a Ft(\017)100 b Fu(In)44 b(a)f(structural)h
+(op)s(erational)d(seman)m(tics)j Fs(non-determinism)f(do)-5
+b(es)44 b(not)h(suppr)-5 b(ess)216 5424 y(lo)g(oping)p
+Fu(.)p 3453 5508 V 3470 5508 V 0 5511 3472 4 v 0 5528
+V eop
+%%Page: 48 58
+48 57 bop 251 130 a Fw(48)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 283 515 a(Exercise)g(2.33)49
+b Fu(Consider)33 b(the)g(statemen)m(t)527 718 y Fr(x)g
+Fu(:=)g Ft(\000)p Fr(1)p Fu(;)g Fr(while)h(x)p Ft(\024)q
+Fr(0)e(do)h Fu(\()p Fr(x)g Fu(:=)g Fr(x)p Ft(\000)p Fr(1)g(or)g(x)g
+Fu(:=)f(\()p Ft(\000)p Fr(1)p Fu(\))p Fo(?)q Fr(x)p Fu(\))283
+921 y(Giv)m(en)39 b(a)g(state)h Fs(s)47 b Fu(describ)s(e)40
+b(the)f(set)h(of)f(\014nal)f(states)i(that)f(ma)m(y)g(result)g
+(according)g(to)f(the)283 1041 y(natural)32 b(seman)m(tics.)43
+b(F)-8 b(urther)33 b(describ)s(e)g(the)g(set)g(of)f(deriv)-5
+b(ation)31 b(sequences)36 b(that)c(are)g(sp)s(ec-)283
+1162 y(i\014ed)42 b(b)m(y)g(the)g(structural)f(op)s(erational)e(seman)m
+(tics.)70 b(Based)42 b(on)g(this)f(discuss)h(whether)h(or)283
+1282 y(not)35 b(y)m(ou)g(w)m(ould)g(regard)f(the)h(natural)e(seman)m
+(tics)i(as)g(b)s(eing)f(equiv)-5 b(alen)m(t)34 b(to)g(the)h(structural)
+283 1402 y(op)s(erational)c(seman)m(tics)h(for)g(this)h(particular)d
+(statemen)m(t.)1207 b Fh(2)283 1630 y Fw(Exercise)37
+b(2.34)49 b Fu(W)-8 b(e)33 b(shall)e(no)m(w)i(extend)h
+Fw(While)d Fu(with)h(the)h(statemen)m(t)527 1833 y Fr(random)p
+Fu(\()p Fs(x)12 b Fu(\))283 2035 y(and)42 b(the)f(idea)f(is)h(that)g
+(its)f(execution)i(will)d(c)m(hange)j(the)f(v)-5 b(alue)41
+b(of)f Fs(x)53 b Fu(to)41 b(b)s(e)g(an)m(y)g(p)s(ositiv)m(e)283
+2156 y(natural)23 b(n)m(um)m(b)s(er.)41 b(Extend)26 b(the)e(natural)f
+(seman)m(tics)h(as)g(w)m(ell)f(as)h(the)h(structural)e(op)s(erational)
+283 2276 y(seman)m(tics)38 b(to)f(express)j(this.)58
+b(Discuss)38 b(whether)h Fr(random)p Fu(\()p Fs(x)12
+b Fu(\))39 b(is)e(a)h(sup)s(er\015uous)h(construct)283
+2396 y(in)32 b(the)h(case)h(where)g Fw(While)d Fu(is)h(also)f(extended)
+k(with)d(the)h Fr(or)g Fu(construct.)648 b Fh(2)283 2685
+y Fp(P)l(arallelism)283 2870 y Fu(W)-8 b(e)38 b(shall)e(no)m(w)h
+(consider)h(an)f(extension)h(of)e Fw(While)g Fu(with)h(a)g(parallel)d
+(construct.)58 b(So)37 b(no)m(w)283 2990 y(the)c(syn)m(tax)i(of)d
+(expressions)i(is)e(giv)m(en)h(b)m(y)577 3185 y Fs(S)112
+b Fu(::=)99 b Fs(x)45 b Fu(:=)32 b Fs(a)40 b Ft(j)32
+b Fr(skip)i Ft(j)e Fs(S)1713 3200 y Fn(1)1785 3185 y
+Fu(;)g Fs(S)1911 3200 y Fn(2)1983 3185 y Ft(j)g Fr(if)h
+Fs(b)39 b Fr(then)33 b Fs(S)2566 3200 y Fn(1)2638 3185
+y Fr(else)h Fs(S)2943 3200 y Fn(2)795 3352 y Ft(j)150
+b Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)44 b Ft(j)32
+b Fs(S)1707 3367 y Fn(1)1779 3352 y Fr(par)h Fs(S)2032
+3367 y Fn(2)283 3548 y Fu(The)k(idea)f(is)f(that)h(b)s(oth)f(statemen)m
+(ts)i(of)f Fs(S)1923 3563 y Fn(1)1998 3548 y Fr(par)g
+Fs(S)2254 3563 y Fn(2)2330 3548 y Fu(ha)m(v)m(e)h(to)e(b)s(e)h
+(executed)j(but)d(that)f(the)283 3669 y(execution)f(can)f(b)s(e)f
+Fs(interle)-5 b(ave)g(d)p Fu(.)43 b(This)33 b(means)f(that)h(a)f
+(statemen)m(t)h(lik)m(e)527 3871 y Fr(x)g Fu(:=)g Fr(1)f(par)i
+Fu(\()p Fr(x)e Fu(:=)h Fr(2)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p
+Fu(+)p Fr(2)p Fu(\))283 4074 y(can)f(giv)m(e)g(three)g(di\013eren)m(t)f
+(results)h(for)f Fr(x)p Fu(,)h(namely)f Fw(4)p Fu(,)h
+Fw(1)f Fu(and)h Fw(3)p Fu(:)42 b(If)31 b(w)m(e)g(\014rst)g(execute)h
+Fr(x)h Fu(:=)g Fr(1)283 4194 y Fu(and)44 b(then)h Fr(x)e
+Fu(:=)h Fr(2)p Fu(;)50 b Fr(x)44 b Fu(:=)f Fr(x)p Fu(+)p
+Fr(2)h Fu(w)m(e)h(get)f(the)g(\014nal)f(v)-5 b(alue)43
+b Fw(4)p Fu(.)77 b(Alternativ)m(ely)-8 b(,)45 b(if)e(w)m(e)h(\014rst)
+283 4315 y(execute)c Fr(x)e Fu(:=)g Fr(2)p Fu(;)j Fr(x)d
+Fu(:=)g Fr(x)p Fu(+)p Fr(2)g Fu(and)g(then)h Fr(x)f Fu(:=)g
+Fr(1)g Fu(w)m(e)h(get)f(the)g(\014nal)f(v)-5 b(alue)38
+b Fw(1)p Fu(.)59 b(Finally)-8 b(,)37 b(w)m(e)283 4435
+y(ha)m(v)m(e)c(the)e(p)s(ossibilit)m(y)d(of)j(\014rst)g(executing)g
+Fr(x)g Fu(:=)g Fr(2)p Fu(,)g(then)h Fr(x)e Fu(:=)h Fr(1)g
+Fu(and)g(lastly)e Fr(x)k Fu(:=)g Fr(x)p Fu(+)p Fr(2)e
+Fu(and)283 4556 y(w)m(e)j(then)f(get)g(the)g(\014nal)f(v)-5
+b(alue)32 b Fw(3)p Fu(.)430 4676 y(T)-8 b(o)43 b(express)j(this)d(in)g
+(the)h Fs(structur)-5 b(al)45 b(op)-5 b(er)g(ational)44
+b(semantics)51 b Fu(w)m(e)44 b(extend)h(T)-8 b(able)43
+b(2.2)283 4796 y(with)33 b(the)g(follo)m(wing)d(rules:)527
+5059 y([par)707 5023 y Fn(1)695 5084 y(sos)790 5059 y
+Fu(])1485 4973 y Ft(h)p Fs(S)1591 4988 y Fn(1)1630 4973
+y Fu(,)j Fs(s)8 b Ft(i)32 b(\))h(h)o Fs(S)2047 4937 y
+Fi(0)2047 4997 y Fn(1)2087 4973 y Fu(,)f Fs(s)2194 4937
+y Fi(0)2218 4973 y Ft(i)p 1160 5036 1422 4 v 1160 5141
+a(h)p Fs(S)1266 5156 y Fn(1)1338 5141 y Fr(par)h Fs(S)1591
+5156 y Fn(2)1630 5141 y Fu(,)g Fs(s)8 b Ft(i)32 b(\))h(h)o
+Fs(S)2047 5105 y Fi(0)2047 5165 y Fn(1)2119 5141 y Fr(par)g
+Fs(S)2372 5156 y Fn(2)2412 5141 y Fu(,)f Fs(s)2519 5105
+y Fi(0)2543 5141 y Ft(i)527 5421 y Fu([par)707 5385 y
+Fn(2)695 5446 y(sos)790 5421 y Fu(])1445 5335 y Ft(h)o
+Fs(S)1550 5350 y Fn(1)1590 5335 y Fu(,)g Fs(s)8 b Ft(i)33
+b(\))f Fs(s)1949 5299 y Fi(0)p 1160 5398 1096 4 v 1160
+5503 a Ft(h)p Fs(S)1266 5518 y Fn(1)1338 5503 y Fr(par)h
+Fs(S)1591 5518 y Fn(2)1630 5503 y Fu(,)g Fs(s)8 b Ft(i)32
+b(\))h(h)o Fs(S)2047 5518 y Fn(2)2087 5503 y Fu(,)f Fs(s)2194
+5467 y Fi(0)2218 5503 y Ft(i)p eop
+%%Page: 49 59
+49 58 bop 0 130 a Fw(2.4)112 b(Extensions)37 b(of)h(While)2119
+b(49)p 0 193 3473 4 v 244 577 a Fu([par)424 541 y Fn(3)412
+602 y(sos)507 577 y Fu(])1202 490 y Ft(h)p Fs(S)1308
+505 y Fn(2)1347 490 y Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))g(h)p
+Fs(S)1764 454 y Fi(0)1764 515 y Fn(2)1803 490 y Fu(,)h
+Fs(s)1911 454 y Fi(0)1934 490 y Ft(i)p 877 554 1422 4
+v 877 658 a(h)p Fs(S)983 673 y Fn(1)1054 658 y Fr(par)h
+Fs(S)1308 673 y Fn(2)1347 658 y Fu(,)f Fs(s)8 b Ft(i)32
+b(\))g(h)p Fs(S)1764 673 y Fn(1)1836 658 y Fr(par)h Fs(S)2089
+622 y Fi(0)2089 683 y Fn(2)2128 658 y Fu(,)g Fs(s)2236
+622 y Fi(0)2259 658 y Ft(i)244 939 y Fu([par)424 903
+y Fn(4)412 964 y(sos)507 939 y Fu(])1161 853 y Ft(h)p
+Fs(S)1267 868 y Fn(2)1306 853 y Fu(,)g Fs(s)8 b Ft(i)32
+b(\))g Fs(s)1665 816 y Fi(0)p 877 916 1096 4 v 877 1020
+a Ft(h)p Fs(S)983 1035 y Fn(1)1054 1020 y Fr(par)i Fs(S)1308
+1035 y Fn(2)1347 1020 y Fu(,)f Fs(s)8 b Ft(i)32 b(\))g(h)p
+Fs(S)1764 1035 y Fn(1)1803 1020 y Fu(,)h Fs(s)1911 984
+y Fi(0)1934 1020 y Ft(i)0 1212 y Fu(The)g(\014rst)g(t)m(w)m(o)h(rules)e
+(tak)m(e)h(accoun)m(t)h(of)e(the)h(case)g(where)h(w)m(e)g(b)s(egin)d(b)
+m(y)j(executing)f(the)g(\014rst)0 1332 y(step)h(of)e(statemen)m(t)i
+Fs(S)839 1347 y Fn(1)878 1332 y Fu(.)45 b(If)33 b(the)g(execution)h(of)
+e Fs(S)1831 1347 y Fn(1)1903 1332 y Fu(is)h(not)g(fully)e(completed)i
+(w)m(e)h(mo)s(dify)d(the)0 1452 y(con\014guration)h(so)g(as)h(to)f
+(remem)m(b)s(er)g(ho)m(w)h(far)f(w)m(e)i(ha)m(v)m(e)f(reac)m(hed.)45
+b(Otherwise)33 b(only)f Fs(S)3259 1467 y Fn(2)3331 1452
+y Fu(has)0 1573 y(to)38 b(b)s(e)g(executed)j(and)d(w)m(e)h(up)s(date)g
+(the)f(con\014guration)g(accordingly)-8 b(.)59 b(The)39
+b(last)e(t)m(w)m(o)i(rules)0 1693 y(are)33 b(similar)c(but)k(for)f(the)
+h(case)g(where)h(w)m(e)g(b)s(egin)d(b)m(y)j(executing)f(the)g(\014rst)g
+(step)h(of)e Fs(S)3199 1708 y Fn(2)3238 1693 y Fu(.)146
+1815 y(Using)43 b(these)h(rules)f(w)m(e)h(get)f(the)h(follo)m(wing)c
+(deriv)-5 b(ation)42 b(sequences)k(for)c(the)i(example)0
+1935 y(statemen)m(t:)244 2144 y Ft(h)p Fr(x)32 b Fu(:=)h
+Fr(1)g(par)g Fu(\()p Fr(x)g Fu(:=)f Fr(2)p Fu(;)h Fr(x)g
+Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(\),)h Fs(s)8 b Ft(i)33
+b(\))f(h)p Fr(x)g Fu(:=)h Fr(2)p Fu(;)g Fr(x)f Fu(:=)h
+Fr(x)p Fu(+)p Fr(2)p Fu(,)g Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p
+Fw(1)p Fu(])p Ft(i)1755 2312 y(\))32 b(h)p Fr(x)g Fu(:=)h
+Fr(x)p Fu(+)p Fr(2)p Fu(,)g Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p
+Fw(2)p Fu(])p Ft(i)1755 2479 y(\))32 b Fs(s)8 b Fu([)p
+Fr(x)p Ft(7!)p Fw(4)p Fu(])244 2694 y Ft(h)p Fr(x)32
+b Fu(:=)h Fr(1)g(par)g Fu(\()p Fr(x)g Fu(:=)f Fr(2)p
+Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(\),)h Fs(s)8
+b Ft(i)33 b(\))f(h)p Fr(x)g Fu(:=)h Fr(1)g(par)g(x)g
+Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(,)h Fs(s)8 b Fu([)p Fr(x)p
+Ft(7!)p Fw(2)p Fu(])p Ft(i)1755 2862 y(\))32 b(h)p Fr(x)g
+Fu(:=)h Fr(1)p Fu(,)g Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p
+Fw(4)p Fu(])p Ft(i)1755 3029 y(\))32 b Fs(s)8 b Fu([)p
+Fr(x)p Ft(7!)p Fw(1)p Fu(])0 3238 y(and)244 3447 y Ft(h)p
+Fr(x)32 b Fu(:=)h Fr(1)g(par)g Fu(\()p Fr(x)g Fu(:=)f
+Fr(2)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(\),)h
+Fs(s)8 b Ft(i)33 b(\))f(h)p Fr(x)g Fu(:=)h Fr(1)g(par)g(x)g
+Fu(:=)f Fr(x)p Fu(+)p Fr(2)p Fu(,)h Fs(s)8 b Fu([)p Fr(x)p
+Ft(7!)p Fw(2)p Fu(])p Ft(i)1755 3615 y(\))32 b(h)p Fr(x)g
+Fu(:=)h Fr(x)p Fu(+)p Fr(2)p Fu(,)g Fs(s)8 b Fu([)p Fr(x)p
+Ft(7!)p Fw(1)p Fu(])p Ft(i)1755 3783 y(\))32 b Fs(s)8
+b Fu([)p Fr(x)p Ft(7!)p Fw(3)p Fu(])146 3992 y(T)-8 b(urning)34
+b(to)g(the)h Fs(natur)-5 b(al)37 b(semantics)42 b Fu(w)m(e)35
+b(migh)m(t)e(start)h(b)m(y)i(extending)f(T)-8 b(able)34
+b(2.1)g(with)0 4112 y(the)f(t)m(w)m(o)g(rules:)254 4284
+y Ft(h)p Fs(S)360 4299 y Fn(1)399 4284 y Fu(,)f Fs(s)8
+b Ft(i)33 b(!)f Fs(s)758 4247 y Fi(0)781 4284 y Fu(,)h
+Ft(h)p Fs(S)947 4299 y Fn(2)986 4284 y Fu(,)g Fs(s)1094
+4247 y Fi(0)1117 4284 y Ft(i)f(!)g Fs(s)1368 4247 y Fi(00)p
+254 4347 1158 4 v 396 4452 a Ft(h)p Fs(S)502 4467 y Fn(1)574
+4452 y Fr(par)h Fs(S)827 4467 y Fn(2)867 4452 y Fu(,)f
+Fs(s)8 b Ft(i)33 b(!)f Fs(s)1226 4415 y Fi(00)254 4654
+y Ft(h)p Fs(S)360 4669 y Fn(2)399 4654 y Fu(,)g Fs(s)8
+b Ft(i)33 b(!)f Fs(s)758 4618 y Fi(0)781 4654 y Fu(,)h
+Ft(h)p Fs(S)947 4669 y Fn(1)986 4654 y Fu(,)g Fs(s)1094
+4618 y Fi(0)1117 4654 y Ft(i)f(!)g Fs(s)1368 4618 y Fi(00)p
+254 4717 V 396 4822 a Ft(h)p Fs(S)502 4837 y Fn(1)574
+4822 y Fr(par)h Fs(S)827 4837 y Fn(2)867 4822 y Fu(,)f
+Fs(s)8 b Ft(i)33 b(!)f Fs(s)1226 4786 y Fi(00)0 5013
+y Fu(Ho)m(w)m(ev)m(er,)50 b(it)44 b(is)g(easy)i(to)f(see)h(that)e(this)
+h(will)d(not)j(do)g(b)s(ecause)h(the)f(rules)g(only)f(express)0
+5133 y(that)36 b(either)f Fs(S)561 5148 y Fn(1)636 5133
+y Fu(is)g(executed)j(b)s(efore)e Fs(S)1507 5148 y Fn(2)1582
+5133 y Fu(or)g(vice)g(v)m(ersa.)54 b(This)36 b(means)g(that)f(w)m(e)i
+(ha)m(v)m(e)g(lost)0 5254 y(the)h(abilit)m(y)e(to)i Fs(interle)-5
+b(ave)44 b Fu(the)39 b(execution)f(of)g(t)m(w)m(o)g(statemen)m(ts.)61
+b(F)-8 b(urthermore,)39 b(it)d(seems)0 5374 y(imp)s(ossible)28
+b(to)i(b)s(e)h(able)f(to)g(express)i(this)e(in)g(the)h(natural)e(seman)
+m(tics)i(b)s(ecause)h(w)m(e)f(consider)0 5494 y(the)h(execution)g(of)f
+(a)h(statemen)m(t)g(as)f(an)h(atomic)d(en)m(tit)m(y)k(that)e(cannot)h
+(b)s(e)f(split)g(in)m(to)f(smaller)p eop
+%%Page: 50 60
+50 59 bop 251 130 a Fw(50)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(pieces.)45
+b(This)32 b(ma)m(y)h(b)s(e)g(summarized)e(as)i(follo)m(ws:)p
+283 664 3472 4 v 283 681 V 281 889 4 208 v 298 889 V
+567 810 a Fw(Natural)f(Seman)m(tics)f(v)m(ersus)j(Structural)d(Op)s
+(erational)h(Seman)m(tics)p 3736 889 V 3753 889 V 283
+892 3472 4 v 281 1261 4 370 v 298 1261 V 350 1057 a Ft(\017)99
+b Fu(In)42 b(a)f(natural)f(seman)m(tics)h(the)h(execution)g(of)e(the)i
+(immediate)c(constituen)m(ts)43 b(is)d(an)499 1178 y
+Fs(atomic)35 b(entity)41 b Fu(so)33 b(w)m(e)h(cannot)f(express)h(in)m
+(terlea)m(ving)e(of)g(computations.)p 3736 1261 V 3753
+1261 V 281 1549 4 289 v 298 1549 V 350 1345 a Ft(\017)99
+b Fu(In)36 b(a)e(structural)h(op)s(erational)d(seman)m(tics)j(w)m(e)h
+(concen)m(trate)h(on)d(the)i Fs(smal)5 b(l)36 b(steps)43
+b Fu(of)499 1466 y(the)33 b(computation)e(so)i(w)m(e)h(can)f(easily)e
+(express)k(in)m(terlea)m(ving.)p 3736 1549 V 3753 1549
+V 283 1553 3472 4 v 283 1569 V 283 1833 a Fw(Exercise)i(2.35)49
+b Fu(Consider)j(an)f(extension)h(of)f Fw(While)f Fu(that)h(in)g
+(addition)f(to)h(the)h Fr(par)p Fu(-)283 1954 y(construct)34
+b(also)e(con)m(tains)g(the)h(construct)527 2206 y Fr(protect)i
+Fs(S)44 b Fr(end)283 2459 y Fu(The)37 b(idea)f(is)f(that)h(the)g
+(statemen)m(t)h Fs(S)47 b Fu(has)37 b(to)e(b)s(e)h(executed)i(as)f(an)e
+(atomic)f(en)m(tit)m(y)j(so)f(that)283 2579 y(for)c(example)527
+2832 y Fr(x)h Fu(:=)g Fr(1)f(par)i(protect)g Fu(\()p
+Fr(x)f Fu(:=)f Fr(2)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Fu(+)p
+Fr(2)p Fu(\))h Fr(end)283 3085 y Fu(only)26 b(has)g(t)m(w)m(o)g(p)s
+(ossible)g(outcomes)f(namely)g Fw(1)h Fu(and)g Fw(4)p
+Fu(.)41 b(Extend)27 b(the)g(structural)e(op)s(erational)283
+3205 y(seman)m(tics)38 b(to)f(express)i(this.)57 b(Can)38
+b(y)m(ou)g(sp)s(ecify)f(a)g(natural)f(seman)m(tics)i(for)e(the)i
+(extended)283 3325 y(language?)2977 b Fh(2)283 3623 y
+Fw(Exercise)37 b(2.36)49 b Fu(Sp)s(ecify)37 b(a)h(structural)f(op)s
+(erational)e(seman)m(tics)i(for)g(arithmetic)f(expres-)283
+3743 y(sions)42 b(where)h(the)f(individual)d(parts)j(of)g(an)f
+(expression)i(ma)m(y)f(b)s(e)g(computed)g(in)e(parallel.)283
+3863 y(T)-8 b(ry)34 b(to)e(pro)m(v)m(e)i(that)e(y)m(ou)h(still)e
+(obtain)g(the)i(result)g(that)f(w)m(as)i(sp)s(eci\014ed)f(b)m(y)g
+Ft(A)p Fu(.)468 b Fh(2)283 4257 y Fj(2.5)161 b(Blo)t(c)l(ks)54
+b(and)f(pro)t(cedures)283 4496 y Fu(W)-8 b(e)38 b(no)m(w)f(extend)i
+(the)e(language)f Fw(While)f Fu(with)i(blo)s(c)m(ks)g(con)m(taining)e
+(declarations)h(of)h(v)-5 b(ari-)283 4616 y(ables)33
+b(and)g(pro)s(cedures.)44 b(In)33 b(doing)f(so)h(w)m(e)g(in)m(tro)s
+(duce)g(a)f(couple)h(of)f(imp)s(ortan)m(t)e(concepts:)429
+4869 y Ft(\017)48 b Fu(v)-5 b(ariable)31 b(and)i(pro)s(cedure)g(en)m
+(vironmen)m(ts,)h(and)429 5121 y Ft(\017)48 b Fu(lo)s(cations)31
+b(and)i(stores.)283 5374 y(W)-8 b(e)36 b(shall)e(concen)m(trate)j(on)e
+(the)h(natural)e(seman)m(tics)i(and)f(will)f(consider)h(dynamic)g(as)h
+(w)m(ell)283 5494 y(as)d(static)f(scop)s(e)i(and)e(non-recursiv)m(e)i
+(as)f(w)m(ell)f(as)g(recursiv)m(e)i(pro)s(cedures.)p
+eop
+%%Page: 51 61
+51 60 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures)
+1998 b(51)p 0 193 3473 4 v 0 515 a Fp(Blo)t(c)l(ks)45
+b(and)g(simple)g(declarations)0 700 y Fu(W)-8 b(e)37
+b(\014rst)g(extend)h(the)f(language)f Fw(While)f Fu(with)h(blo)s(c)m
+(ks)h(con)m(taining)e(declarations)h(of)g(lo)s(cal)0
+820 y(v)-5 b(ariables.)42 b(The)34 b(new)f(language)f(is)g(called)f
+Fw(Blo)s(c)m(k)h Fu(and)g(its)g(syn)m(tax)i(is)294 1001
+y Fs(S)111 b Fu(::=)100 b Fs(x)44 b Fu(:=)33 b Fs(a)39
+b Ft(j)33 b Fr(skip)g Ft(j)f Fs(S)1429 1016 y Fn(1)1501
+1001 y Fu(;)h Fs(S)1628 1016 y Fn(2)1700 1001 y Ft(j)f
+Fr(if)h Fs(b)38 b Fr(then)c Fs(S)2283 1016 y Fn(1)2355
+1001 y Fr(else)f Fs(S)2659 1016 y Fn(2)511 1168 y Ft(j)151
+b Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)45 b Ft(j)32 b
+Fr(begin)i Fs(D)1729 1183 y Fc(V)1822 1168 y Fs(S)44
+b Fr(end)0 1350 y Fu(where)32 b Fs(D)363 1365 y Fc(V)454
+1350 y Fu(is)d(a)h(meta-v)-5 b(ariable)28 b(ranging)h(o)m(v)m(er)i(the)
+g(syn)m(tactic)g(category)g Fw(Dec)2946 1365 y Fn(V)3034
+1350 y Fu(of)e Fs(variable)0 1471 y(de)-5 b(clar)g(ations)p
+Fu(.)42 b(The)34 b(syn)m(tax)g(of)e(v)-5 b(ariable)31
+b(declarations)g(is)h(giv)m(en)h(b)m(y:)294 1658 y Fs(D)377
+1673 y Fc(V)537 1658 y Fu(::=)100 b Fr(var)33 b Fs(x)45
+b Fu(:=)32 b Fs(a)7 b Fu(;)33 b Fs(D)1378 1673 y Fc(V)1471
+1658 y Ft(j)g Fo(")0 1848 y Fu(where)h Fo(")f Fu(is)g(the)g(empt)m(y)h
+(declaration.)43 b(The)34 b(idea)e(is)h(that)g(the)g(v)-5
+b(ariables)32 b(declared)h(inside)g(a)0 1969 y(blo)s(c)m(k)f
+Fr(begin)i Fs(D)629 1984 y Fc(V)723 1969 y Fs(S)44 b
+Fr(end)33 b Fu(are)g Fs(lo)-5 b(c)g(al)42 b Fu(to)32
+b(it.)43 b(So)32 b(in)g(a)g(statemen)m(t)h(lik)m(e)244
+2157 y Fr(begin)h(var)f(y)g Fu(:=)f Fr(1)p Fu(;)533 2325
+y(\()p Fr(x)g Fu(:=)h Fr(1)p Fu(;)533 2493 y Fr(begin)h(var)f(x)g
+Fu(:=)f Fr(2)p Fu(;)h Fr(y)g Fu(:=)f Fr(x)p Fu(+)p Fr(1)h(end)p
+Fu(;)533 2660 y Fr(x)g Fu(:=)f Fr(y)p Fu(+)p Fr(x)p Fu(\))244
+2828 y Fr(end)0 3017 y Fu(the)d Fr(x)f Fu(in)g Fr(y)g
+Fu(:=)g Fr(x)p Fu(+)p Fr(1)h Fu(relates)f(to)g(the)h(lo)s(cal)d(v)-5
+b(ariable)27 b Fr(x)h Fu(in)m(tro)s(duced)g(b)m(y)i Fr(var)f(x)f
+Fu(:=)g Fr(2)p Fu(,)i(whereas)0 3137 y(the)e Fr(x)g Fu(in)f
+Fr(x)h Fu(:=)g Fr(y)p Fu(+)p Fr(x)g Fu(relates)f(to)h(the)g(global)d(v)
+-5 b(ariable)26 b Fr(x)i Fu(that)g(is)f(also)g(used)i(in)e(the)h
+(statemen)m(t)0 3257 y Fr(x)k Fu(:=)h Fr(1)p Fu(.)43
+b(In)33 b(b)s(oth)f(cases)i(the)e Fr(y)h Fu(refers)g(to)f(the)g
+Fr(y)h Fu(declared)f(in)g(the)h(outer)f(blo)s(c)m(k.)43
+b(Therefore,)0 3378 y(the)37 b(statemen)m(t)g Fr(y)g
+Fu(:=)f Fr(x)p Fu(+)p Fr(1)h Fu(assigns)g Fr(y)f Fu(the)h(v)-5
+b(alue)36 b Fw(3)p Fu(,)i(rather)e(than)h Fw(2)p Fu(,)g(and)g(the)g
+(statemen)m(t)0 3498 y Fr(x)c Fu(:=)f Fr(y)p Fu(+)p Fr(x)h
+Fu(assigns)g Fr(x)g Fu(the)g(v)-5 b(alue)32 b Fw(4)p
+Fu(,)g(rather)h(than)g Fw(5)p Fu(.)146 3619 y(Before)28
+b(going)e(in)m(to)h(the)h(details)e(of)h(ho)m(w)i(to)e(sp)s(ecify)h
+(the)g(seman)m(tics)f(w)m(e)i(shall)d(de\014ne)j(the)0
+3739 y(set)k(D)m(V\()p Fs(D)418 3754 y Fc(V)479 3739
+y Fu(\))g(of)f(v)-5 b(ariables)31 b(declared)i(in)e Fs(D)1646
+3754 y Fc(V)1707 3739 y Fu(:)294 3925 y(D)m(V\()p Fr(var)i
+Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(;)33 b Fs(D)1088 3940
+y Fc(V)1148 3925 y Fu(\))100 b(=)g Ft(f)p Fs(x)12 b Ft(g)31
+b([)i Fu(D)m(V\()p Fs(D)2015 3940 y Fc(V)2076 3925 y
+Fu(\))294 4092 y(D)m(V\()p Fo(")o Fu(\))726 b(=)100 b
+Ft(;)146 4274 y Fu(W)-8 b(e)43 b(next)g(de\014ne)h(the)e
+Fs(natur)-5 b(al)44 b(semantics)p Fu(.)71 b(The)44 b(idea)d(will)f(b)s
+(e)j(to)e(ha)m(v)m(e)j(one)f(transi-)0 4395 y(tion)36
+b(system)i(for)f Fs(e)-5 b(ach)43 b Fu(of)37 b(the)g(syn)m(tactic)h
+(categories)f Fw(Stm)f Fu(and)h Fw(Dec)2692 4410 y Fn(V)2750
+4395 y Fu(.)57 b(F)-8 b(or)36 b(statemen)m(ts)0 4515
+y(the)i(transition)d(system)j(is)f(as)g(in)g(T)-8 b(able)37
+b(2.1)f(but)i(extended)h(with)e(the)g(rule)g(of)g(T)-8
+b(able)37 b(2.3.)0 4635 y(The)28 b(transition)e(system)j(for)d(v)-5
+b(ariable)26 b(declarations)g(has)i(con\014gurations)f(of)g(the)h(t)m
+(w)m(o)g(forms)0 4756 y Ft(h)p Fs(D)122 4771 y Fc(V)183
+4756 y Fu(,)k Fs(s)8 b Ft(i)37 b Fu(and)h Fs(s)45 b Fu(and)37
+b(the)h(idea)f(is)f(that)h(the)h(transition)e(relation)f
+Ft(!)2627 4771 y Fc(D)2728 4756 y Fu(sp)s(eci\014es)j(the)g(rela-)0
+4876 y(tionship)31 b(b)s(et)m(w)m(een)k(initial)29 b(and)k(\014nal)e
+(states)j(as)f(b)s(efore:)244 5065 y Ft(h)p Fs(D)366
+5080 y Fc(V)427 5065 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)705
+5080 y Fc(D)802 5065 y Fs(s)850 5029 y Fi(0)0 5254 y
+Fu(The)g(relation)d Ft(!)654 5269 y Fc(D)749 5254 y Fu(for)h(v)-5
+b(ariable)29 b(declarations)h(is)g(giv)m(en)h(in)f(T)-8
+b(able)30 b(2.4.)43 b(W)-8 b(e)31 b(generalize)f(the)0
+5374 y(substitution)42 b(op)s(eration)f(on)i(states)g(and)g(write)f
+Fs(s)1939 5338 y Fi(0)1962 5374 y Fu([)p Fs(X)16 b Ft(7\000)-15
+b(!)o Fs(s)8 b Fu(])43 b(for)f(the)h(state)g(that)f(is)g(as)h
+Fs(s)3449 5338 y Fi(0)0 5494 y Fu(except)34 b(for)e(v)-5
+b(ariables)32 b(in)f(the)i(set)h Fs(X)48 b Fu(where)34
+b(it)e(is)g(as)h(sp)s(eci\014ed)g(b)m(y)g Fs(s)8 b Fu(.)44
+b(F)-8 b(ormally)g(,)p eop
+%%Page: 52 62
+52 61 bop 251 130 a Fw(52)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 736 4
+318 v 773 605 a Fu([blo)s(c)m(k)1025 620 y Fn(ns)1096
+605 y Fu(])1689 519 y Ft(h)p Fs(D)1811 534 y Fc(V)1872
+519 y Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)2150 534 y Fc(D)2247
+519 y Fs(s)2295 483 y Fi(0)2318 519 y Fu(,)g Ft(h)p Fs(S)12
+b Fu(,)32 b Fs(s)2591 483 y Fi(0)2614 519 y Ft(i)h(!)f
+Fs(s)2866 483 y Fi(00)p 1406 582 1787 4 v 1406 687 a
+Ft(h)o Fr(begin)i Fs(D)1816 702 y Fc(V)1910 687 y Fs(S)44
+b Fr(end)p Fu(,)33 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)2522
+650 y Fi(00)2564 687 y Fu([D)m(V\()p Fs(D)2857 702 y
+Fc(V)2918 687 y Fu(\))p Ft(7\000)-16 b(!)p Fs(s)8 b Fu(])p
+3753 736 4 318 v 283 739 3473 4 v 873 900 a(T)-8 b(able)32
+b(2.3:)43 b(Natural)31 b(seman)m(tics)i(for)f(statemen)m(ts)i(of)e
+Fw(Blo)s(c)m(k)p 283 976 V 283 1508 4 533 v 720 1162
+a Fu([v)-5 b(ar)880 1177 y Fn(ns)951 1162 y Fu(])1382
+1076 y Ft(h)p Fs(D)1504 1091 y Fc(V)1565 1076 y Fu(,)32
+b Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 b([)q Fs(a)7
+b Fu(])-17 b(])q Fs(s)8 b Fu(])p Ft(i)32 b(!)2314 1091
+y Fc(D)2410 1076 y Fs(s)2458 1040 y Fi(0)p 1353 1139
+1158 4 v 1353 1244 a Ft(h)p Fr(var)h Fs(x)45 b Fu(:=)32
+b Fs(a)7 b Fu(;)33 b Fs(D)2003 1259 y Fc(V)2064 1244
+y Fu(,)g Fs(s)8 b Ft(i)32 b(!)2343 1259 y Fc(D)2439 1244
+y Fs(s)2487 1208 y Fi(0)720 1447 y Fu([none)947 1462
+y Fn(ns)1019 1447 y Fu(])297 b Ft(h)p Fo(")p Fu(,)32
+b Fs(s)8 b Ft(i)33 b(!)1706 1462 y Fc(D)1803 1447 y Fs(s)p
+3753 1508 4 533 v 283 1511 3473 4 v 874 1672 a Fu(T)-8
+b(able)32 b(2.4:)43 b(Natural)32 b(seman)m(tics)h(for)f(v)-5
+b(ariable)30 b(declarations)527 1961 y(\()p Fs(s)613
+1925 y Fi(0)637 1961 y Fu([)p Fs(X)16 b Ft(7\000)-16
+b(!)o Fs(s)8 b Fu(]\))33 b Fs(x)44 b Fu(=)1256 1815 y
+Fg(\()1364 1900 y Fs(s)d(x)118 b Fu(if)31 b Fs(x)45 b
+Ft(2)33 b Fs(X)1364 2020 y(s)1412 1984 y Fi(0)1468 2020
+y Fs(x)95 b Fu(if)31 b Fs(x)45 b Ft(62)33 b Fs(X)283
+2180 y Fu(This)c(op)s(eration)d(will)g(ensure)j(that)f(lo)s(cal)d(v)-5
+b(ariables)27 b(are)h(restored)h(to)e(their)h(previous)g(v)-5
+b(alues)283 2301 y(when)34 b(the)f(blo)s(c)m(k)g(is)f(left.)283
+2475 y Fw(Exercise)37 b(2.37)49 b Fu(Use)35 b(the)f(natural)g(seman)m
+(tics)g(of)g(T)-8 b(able)34 b(2.3)f(to)h(sho)m(w)h(that)f(execution)h
+(of)283 2595 y(the)e(statemen)m(t)527 2758 y Fr(begin)h(var)g(y)e
+Fu(:=)h Fr(1)p Fu(;)816 2926 y(\()p Fr(x)g Fu(:=)f Fr(1)p
+Fu(;)816 3093 y Fr(begin)i(var)f(x)g Fu(:=)g Fr(2)p Fu(;)f
+Fr(y)h Fu(:=)g Fr(x)p Fu(+)p Fr(1)g(end)p Fu(;)816 3261
+y Fr(x)g Fu(:=)f Fr(y)p Fu(+)p Fr(x)p Fu(\))527 3429
+y Fr(end)283 3592 y Fu(will)f(lead)h(to)g(a)g(state)h(where)h
+Fr(x)f Fu(has)g(the)g(v)-5 b(alue)32 b Fw(4)p Fu(.)1525
+b Fh(2)430 3766 y Fu(It)32 b(is)f(somewhat)h(harder)g(to)f(sp)s(ecify)i
+(a)e Fs(structur)-5 b(al)35 b(op)-5 b(er)g(ational)33
+b(semantics)39 b Fu(for)31 b(the)i(ex-)283 3886 y(tended)c(language.)41
+b(One)28 b(approac)m(h)g(is)f(to)g(replace)h(states)g(with)g(a)f
+(structure)i(that)e(is)g(similar)283 4007 y(to)34 b(the)g(run-time)f
+(stac)m(ks)i(used)h(in)d(the)h(implemen)m(tation)d(of)i(blo)s(c)m(k)h
+(structured)h(languages.)283 4127 y(Another)43 b(is)f(to)g(extend)h
+(the)g(statemen)m(ts)g(with)f(fragmen)m(ts)g(of)f(the)i(state.)73
+b(Ho)m(w)m(ev)m(er,)47 b(w)m(e)283 4247 y(shall)32 b(not)g(go)g
+(further)h(in)m(to)f(this.)283 4529 y Fp(Pro)t(cedures)283
+4714 y Fu(W)-8 b(e)27 b(shall)f(no)m(w)h(extend)h(the)f(language)e
+Fw(Blo)s(c)m(k)h Fu(with)g(pro)s(cedure)h(declarations.)41
+b(The)27 b(syn)m(tax)283 4834 y(of)33 b(the)g(language)e
+Fw(Pro)s(c)h Fu(is:)577 4989 y Fs(S)189 b Fu(::=)99 b
+Fs(x)45 b Fu(:=)32 b Fs(a)40 b Ft(j)32 b Fr(skip)i Ft(j)e
+Fs(S)1790 5004 y Fn(1)1862 4989 y Fu(;)g Fs(S)1988 5004
+y Fn(2)2060 4989 y Ft(j)g Fr(if)h Fs(b)39 b Fr(then)33
+b Fs(S)2643 5004 y Fn(1)2715 4989 y Fr(else)h Fs(S)3020
+5004 y Fn(2)872 5156 y Ft(j)150 b Fr(while)34 b Fs(b)39
+b Fr(do)33 b Fs(S)44 b Ft(j)32 b Fr(begin)i Fs(D)2089
+5171 y Fc(V)2183 5156 y Fs(D)2266 5171 y Fc(P)2357 5156
+y Fs(S)44 b Fr(end)33 b Ft(j)g Fr(call)g Fs(p)577 5324
+y(D)660 5339 y Fc(V)821 5324 y Fu(::=)99 b Fr(var)34
+b Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(;)32 b Fs(D)1661 5339
+y Fc(V)1755 5324 y Ft(j)g Fo(")577 5492 y Fs(D)660 5507
+y Fc(P)821 5492 y Fu(::=)99 b Fr(proc)34 b Fs(p)k Fr(is)33
+b Fs(S)12 b Fu(;)33 b Fs(D)1721 5507 y Fc(P)1812 5492
+y Ft(j)f Fo(")p eop
+%%Page: 53 63
+53 62 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures)
+1998 b(53)p 0 193 3473 4 v 0 515 a Fu(Here)27 b Fs(p)33
+b Fu(is)26 b(a)g(meta-v)-5 b(ariable)24 b(ranging)i(o)m(v)m(er)h(the)g
+(syn)m(tactic)h(category)f Fw(Pname)f Fu(of)g(pro)s(cedure)0
+636 y(names;)31 b(in)e(the)h(concrete)h(syn)m(tax)h(there)e(need)h(not)
+f(b)s(e)g(an)m(y)g(di\013erence)h(b)s(et)m(w)m(een)g(pro)s(cedure)0
+756 y(names)37 b(and)g(v)-5 b(ariable)36 b(names)h(but)g(in)g(the)g
+(abstract)h(syn)m(tax)g(it)e(is)h(con)m(v)m(enien)m(t)i(to)e(b)s(e)g
+(able)0 877 y(to)c(distinguish)f(b)s(et)m(w)m(een)j(the)f(t)m(w)m(o.)46
+b(F)-8 b(urthermore,)33 b Fs(D)2061 892 y Fc(P)2152 877
+y Fu(is)g(a)g(meta-v)-5 b(ariable)30 b(ranging)i(o)m(v)m(er)0
+997 y(the)h(syn)m(tactic)g(category)g Fw(Dec)1160 1012
+y Fn(P)1245 997 y Fu(of)f Fs(pr)-5 b(o)g(c)g(e)g(dur)g(e)34
+b(de)-5 b(clar)g(ations)p Fu(.)146 1117 y(W)d(e)40 b(shall)d(giv)m(e)i
+(three)h(di\013eren)m(t)f(seman)m(tics)g(of)f(this)h(language.)61
+b(They)40 b(di\013er)f(in)f(their)0 1238 y(c)m(hoice)33
+b(of)f(scop)s(e)h(rules)g(for)f(v)-5 b(ariables)31 b(and)i(pro)s
+(cedures:)145 1436 y Ft(\017)49 b Fu(dynamic)32 b(scop)s(e)h(for)f(v)-5
+b(ariables)31 b(as)i(w)m(ell)f(as)h(pro)s(cedures,)145
+1637 y Ft(\017)49 b Fu(dynamic)32 b(scop)s(e)h(for)f(v)-5
+b(ariables)31 b(but)i(static)f(scop)s(e)i(for)e(pro)s(cedures,)i(and)
+145 1839 y Ft(\017)49 b Fu(static)32 b(scop)s(e)h(for)f(v)-5
+b(ariables)32 b(as)g(w)m(ell)g(as)h(pro)s(cedures.)0
+2037 y(T)-8 b(o)33 b(illustrate)d(the)j(di\013erence)g(consider)g(the)g
+(statemen)m(t)244 2235 y Fr(begin)h(var)f(x)g Fu(:=)f
+Fr(0)p Fu(;)533 2403 y Fr(proc)h(p)g(is)g(x)g Fu(:=)f
+Fr(x)h Fo(?)f Fr(2)p Fu(;)533 2570 y Fr(proc)h(q)g(is)g(call)h(p)p
+Fu(;)533 2738 y Fr(begin)g(var)f(x)g Fu(:=)f Fr(5)p Fu(;)822
+2905 y Fr(proc)h(p)g(is)g(x)g Fu(:=)f Fr(x)h Fu(+)f(1;)822
+3073 y Fr(call)h(q)p Fu(;)g Fr(y)g Fu(:=)f Fr(x)533 3241
+y(end)244 3408 y(end)0 3606 y Fu(If)39 b Fs(dynamic)i(sc)-5
+b(op)g(e)46 b Fu(is)39 b(used)h(for)f(v)-5 b(ariables)38
+b(as)i(w)m(ell)f(as)g(pro)s(cedures)i(then)f(the)g(\014nal)f(v)-5
+b(alue)0 3727 y(of)42 b Fr(y)h Fu(is)f Fw(6)p Fu(.)74
+b(The)44 b(reason)f(is)f(that)h Fr(call)g(q)g Fu(will)e(call)g(the)i
+Fs(lo)-5 b(c)g(al)52 b Fu(pro)s(cedure)44 b Fr(p)e Fu(whic)m(h)i(will)0
+3847 y(up)s(date)31 b(the)g Fs(lo)-5 b(c)g(al)40 b Fu(v)-5
+b(ariable)29 b Fr(x)p Fu(.)43 b(If)30 b(w)m(e)i(use)f(dynamic)f(scop)s
+(e)i(for)e(v)-5 b(ariables)29 b(but)i Fs(static)i(sc)-5
+b(op)g(e)0 3967 y Fu(for)35 b(pro)s(cedures)i(then)f
+Fr(y)g Fu(gets)g(the)g(v)-5 b(alue)35 b Fw(10)p Fu(.)52
+b(The)37 b(reason)f(is)f(that)g(no)m(w)i Fr(call)f(q)g
+Fu(will)d(call)0 4088 y(the)38 b Fs(glob)-5 b(al)47 b
+Fu(pro)s(cedure)39 b Fr(p)f Fu(and)g(it)f(will)e(up)s(date)j(the)g
+Fs(lo)-5 b(c)g(al)47 b Fu(v)-5 b(ariable)36 b Fr(x)p
+Fu(.)60 b(Finally)-8 b(,)36 b(if)h(w)m(e)h(use)0 4208
+y(static)28 b(scop)s(e)h(for)e(v)-5 b(ariables)27 b(as)h(w)m(ell)f(as)i
+(pro)s(cedures)g(then)g Fr(y)f Fu(gets)h(the)f(v)-5 b(alue)28
+b Fw(5)p Fu(.)42 b(The)29 b(reason)0 4329 y(is)39 b(that)g
+Fr(call)h(q)g Fu(no)m(w)g(will)d(call)g(the)j Fs(glob)-5
+b(al)49 b Fu(pro)s(cedure)40 b Fr(p)f Fu(whic)m(h)h(will)d(up)s(date)j
+(the)f Fs(glob)-5 b(al)0 4449 y Fu(v)g(ariable)31 b Fr(x)i
+Fu(so)f(the)h(lo)s(cal)e(v)-5 b(ariable)31 b Fr(x)h Fu(is)g(unc)m
+(hanged.)0 4708 y Fw(Dynamic)37 b(scop)s(e)g(rules)g(for)h(v)-6
+b(ariables)37 b(and)h(pro)s(cedures)0 4893 y Fu(The)44
+b(general)f(idea)f(is)h(that)g(to)g(execute)i(the)e(statemen)m(t)h
+Fr(call)g Fs(p)49 b Fu(w)m(e)44 b(shall)e(execute)j(the)0
+5013 y(b)s(o)s(dy)34 b(of)f(the)i(pro)s(cedure.)48 b(This)34
+b(means)g(that)g(w)m(e)g(ha)m(v)m(e)i(to)d(k)m(eep)j(trac)m(k)e(of)g
+(the)g(asso)s(ciation)0 5133 y(of)k(pro)s(cedure)i(names)f(with)g(pro)s
+(cedure)h(b)s(o)s(dies.)62 b(T)-8 b(o)39 b(facilitate)d(this)j(w)m(e)h
+(shall)d(in)m(tro)s(duce)0 5254 y(the)42 b(notion)f(of)g(a)h
+Fs(pr)-5 b(o)g(c)g(e)g(dur)g(e)42 b(envir)-5 b(onment)p
+Fu(.)70 b(Giv)m(en)42 b(a)f(pro)s(cedure)i(name)e(the)h(pro)s(cedure)0
+5374 y(en)m(vironmen)m(t)25 b Fs(env)709 5389 y Fc(P)792
+5374 y Fu(will)d(return)k(the)f(statemen)m(t)g(that)g(is)f(its)g(b)s(o)
+s(dy)-8 b(.)41 b(So)25 b Fs(env)2844 5389 y Fc(P)2927
+5374 y Fu(is)f(an)h(elemen)m(t)0 5494 y(of)p eop
+%%Page: 54 64
+54 63 bop 251 130 a Fw(54)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 3862
+4 3443 v 654 528 a Fu([ass)806 543 y Fn(ns)878 528 y
+Fu(])372 b Fs(env)1433 543 y Fc(P)1523 528 y Ft(`)33
+b(h)o Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(,)33 b Fs(s)8
+b Ft(i)32 b(!)g Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)p Fu([)-17
+b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])654 743 y([skip)852
+758 y Fn(ns)923 743 y Fu(])327 b Fs(env)1433 758 y Fc(P)1523
+743 y Ft(`)33 b(h)o Fr(skip)p Fu(,)h Fs(s)8 b Ft(i)32
+b(!)g Fs(s)654 1035 y Fu([comp)909 1050 y Fn(ns)980 1035
+y Fu(])1287 948 y Fs(env)1443 963 y Fc(P)1533 948 y Ft(`)h(h)o
+Fs(S)1732 963 y Fn(1)1772 948 y Fu(,)f Fs(s)8 b Ft(i)33
+b(!)f Fs(s)2131 912 y Fi(0)2154 948 y Fu(,)h Fs(env)2370
+963 y Fc(P)2460 948 y Ft(`)f(h)p Fs(S)2659 963 y Fn(2)2698
+948 y Fu(,)h Fs(s)2806 912 y Fi(0)2829 948 y Ft(i)g(!)f
+Fs(s)3081 912 y Fi(00)p 1287 1012 1837 4 v 1695 1116
+a Fs(env)1851 1131 y Fc(P)1942 1116 y Ft(`)g(h)p Fs(S)2141
+1131 y Fn(1)2180 1116 y Fu(;)p Fs(S)2274 1131 y Fn(2)2313
+1116 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)2672 1080 y
+Fi(00)654 1397 y Fu([if)739 1361 y Fn(tt)739 1422 y(ns)809
+1397 y Fu(])1703 1310 y Fs(env)1859 1325 y Fc(P)1949
+1310 y Ft(`)h(h)p Fs(S)2149 1325 y Fn(1)2188 1310 y Fu(,)f
+Fs(s)8 b Ft(i)33 b(!)f Fs(s)2547 1274 y Fi(0)p 1287 1374
+1700 4 v 1287 1478 a Fs(env)1443 1493 y Fc(P)1533 1478
+y Ft(`)h(h)o Fr(if)g Fs(b)39 b Fr(then)33 b Fs(S)2188
+1493 y Fn(1)2260 1478 y Fr(else)h Fs(S)2565 1493 y Fn(2)2604
+1478 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)g Fs(s)2963 1442 y
+Fi(0)1513 1635 y Fu(if)f Ft(B)t Fu([)-17 b([)p Fs(b)6
+b Fu(])-17 b(])q Fs(s)41 b Fu(=)32 b Fw(tt)654 1927 y
+Fu([if)739 1890 y Fn(\013)739 1951 y(ns)809 1927 y Fu(])1703
+1840 y Fs(env)1859 1855 y Fc(P)1949 1840 y Ft(`)h(h)p
+Fs(S)2149 1855 y Fn(2)2188 1840 y Fu(,)f Fs(s)8 b Ft(i)33
+b(!)f Fs(s)2547 1804 y Fi(0)p 1287 1903 V 1287 2008 a
+Fs(env)1443 2023 y Fc(P)1533 2008 y Ft(`)h(h)o Fr(if)g
+Fs(b)39 b Fr(then)33 b Fs(S)2188 2023 y Fn(1)2260 2008
+y Fr(else)h Fs(S)2565 2023 y Fn(2)2604 2008 y Fu(,)f
+Fs(s)8 b Ft(i)32 b(!)g Fs(s)2963 1972 y Fi(0)1513 2165
+y Fu(if)f Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q
+Fs(s)41 b Fu(=)32 b Fw(\013)654 2456 y Fu([while)904
+2420 y Fn(tt)904 2481 y(ns)974 2456 y Fu(])1287 2370
+y Fs(env)1443 2385 y Fc(P)1533 2370 y Ft(`)h(h)o Fs(S)12
+b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)2091 2334 y Fi(0)2115
+2370 y Fu(,)g Fs(env)2330 2385 y Fc(P)2421 2370 y Ft(`)g(h)p
+Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)3235
+2334 y Fi(0)3258 2370 y Ft(i)f(!)g Fs(s)3509 2334 y Fi(00)p
+1287 2433 2266 4 v 1742 2538 a Fs(env)1898 2553 y Fc(P)1989
+2538 y Ft(`)g(h)p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12
+b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)3054 2502 y Fi(00)1513
+2694 y Fu(if)f Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
+b(])q Fs(s)41 b Fu(=)32 b Fw(tt)654 2909 y Fu([while)904
+2873 y Fn(\013)904 2934 y(ns)974 2909 y Fu(])276 b Fs(env)1433
+2924 y Fc(P)1523 2909 y Ft(`)33 b(h)o Fr(while)h Fs(b)39
+b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)h
+Fs(s)1513 3077 y Fu(if)e Ft(B)t Fu([)-17 b([)p Fs(b)6
+b Fu(])-17 b(])q Fs(s)41 b Fu(=)32 b Fw(\013)654 3368
+y Fu([blo)s(c)m(k)906 3383 y Fn(ns)977 3368 y Fu(])1410
+3282 y Ft(h)p Fs(D)1532 3297 y Fc(V)1593 3282 y Fu(,)g
+Fs(s)8 b Ft(i)33 b(!)1871 3297 y Fc(D)1968 3282 y Fs(s)2016
+3246 y Fi(0)2039 3282 y Fu(,)g(up)s(d)2264 3297 y Fn(P)2316
+3282 y Fu(\()p Fs(D)2437 3297 y Fc(P)2496 3282 y Fu(,)g
+Fs(env)2712 3297 y Fc(P)2769 3282 y Fu(\))g Ft(`)f(h)p
+Fs(S)12 b Fu(,)32 b Fs(s)3146 3246 y Fi(0)3170 3282 y
+Ft(i)g(!)g Fs(s)3421 3246 y Fi(00)p 1287 3345 2301 4
+v 1287 3450 a Fs(env)1443 3465 y Fc(P)1533 3450 y Ft(`)h(h)o
+Fr(begin)h Fs(D)2037 3465 y Fc(V)2131 3450 y Fs(D)2214
+3465 y Fc(P)2305 3450 y Fs(S)44 b Fr(end)p Fu(,)34 b
+Fs(s)8 b Ft(i)32 b(!)g Fs(s)2917 3414 y Fi(00)2960 3450
+y Fu([D)m(V\()p Fs(D)3253 3465 y Fc(V)3313 3450 y Fu(\))p
+Ft(7\000)-16 b(!)p Fs(s)8 b Fu(])654 3731 y([call)829
+3694 y Fn(rec)829 3755 y(ns)922 3731 y Fu(])1400 3644
+y Fs(env)1556 3659 y Fc(P)1646 3644 y Ft(`)33 b(h)p Fs(S)12
+b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)h Fs(s)2205 3608 y Fi(0)p
+1287 3707 1055 4 v 1287 3812 a Fs(env)1443 3827 y Fc(P)1533
+3812 y Ft(`)g(h)o Fr(call)h Fs(p)6 b Fu(,)32 b Fs(s)8
+b Ft(i)33 b(!)f Fs(s)2318 3776 y Fi(0)2449 3731 y Fu(where)i
+Fs(env)2887 3746 y Fc(P)2977 3731 y Fs(p)k Fu(=)33 b
+Fs(S)p 3753 3862 4 3443 v 283 3865 3473 4 v 640 4026
+a Fu(T)-8 b(able)32 b(2.5:)44 b(Natural)31 b(seman)m(tics)i(for)f
+Fw(Pro)s(c)g Fu(with)g(dynamic)g(scop)s(e)h(rules)527
+4322 y Fw(En)m(v)719 4337 y Fn(P)804 4322 y Fu(=)f Fw(Pname)h
+Fo(,)-17 b Ft(!)32 b Fw(Stm)430 4552 y Fu(The)45 b(next)g(step)g(will)c
+(b)s(e)k(to)e(extend)j(the)e(natural)f(seman)m(tics)h(to)g(tak)m(e)h
+(the)f(en)m(viron-)283 4672 y(men)m(t)35 b(in)m(to)f(accoun)m(t.)50
+b(W)-8 b(e)35 b(shall)e(extend)j(the)f(transition)e(system)j(for)e
+(statemen)m(ts)h(to)g(ha)m(v)m(e)283 4793 y(transitions)d(of)g(the)h
+(form)527 5023 y Fs(env)683 5038 y Fc(P)774 5023 y Ft(`)f(h)p
+Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1332
+4987 y Fi(0)283 5254 y Fu(The)e(presence)g(of)e(the)h(en)m(vironmen)m
+(t)f(means)h(that)f(w)m(e)h(can)g(alw)m(a)m(ys)g(access)h(it)d(and)h
+(therefore)283 5374 y(get)36 b(hold)g(of)f(the)i(b)s(o)s(dies)e(of)h
+(declared)g(pro)s(cedures.)55 b(The)37 b(result)f(of)f(mo)s(difying)f
+(T)-8 b(able)35 b(2.1)283 5494 y(to)e(incorp)s(orate)e(this)h(extra)h
+(information)d(is)i(sho)m(wn)i(in)e(T)-8 b(able)32 b(2.5.)p
+eop
+%%Page: 55 65
+55 64 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures)
+1998 b(55)p 0 193 3473 4 v 146 515 a Fu(Concerning)39
+b(the)f(rule)g(for)g Fr(begin)h Fs(D)1573 530 y Fc(V)1672
+515 y Fs(D)1755 530 y Fc(P)1852 515 y Fs(S)50 b Fr(end)39
+b Fu(the)f(idea)g(is)f(that)h(w)m(e)i(up)s(date)e(the)0
+636 y(pro)s(cedure)44 b(en)m(vironmen)m(t)f(so)f(that)h(the)g(pro)s
+(cedures)h(declared)f(in)f Fs(D)2666 651 y Fc(P)2767
+636 y Fu(will)e(b)s(e)j(a)m(v)-5 b(ailable)0 756 y(when)41
+b(executing)f Fs(S)12 b Fu(.)39 b(Giv)m(en)h(a)f(global)e(en)m
+(vironmen)m(t)j Fs(env)2234 771 y Fc(P)2331 756 y Fu(and)g(a)f
+(declaration)f Fs(D)3210 771 y Fc(P)3269 756 y Fu(,)j(the)0
+877 y(up)s(dated)33 b(pro)s(cedure)h(en)m(vironmen)m(t,)f(up)s(d)1588
+892 y Fn(P)1640 877 y Fu(\()p Fs(D)1761 892 y Fc(P)1820
+877 y Fu(,)f Fs(env)2035 892 y Fc(P)2093 877 y Fu(\),)h(is)f(sp)s
+(eci\014ed)h(b)m(y:)244 1072 y(up)s(d)409 1087 y Fn(P)461
+1072 y Fu(\()p Fr(proc)h Fs(p)k Fr(is)33 b Fs(S)12 b
+Fu(;)33 b Fs(D)1170 1087 y Fc(P)1228 1072 y Fu(,)g Fs(env)1444
+1087 y Fc(P)1502 1072 y Fu(\))f(=)h(up)s(d)1846 1087
+y Fn(P)1898 1072 y Fu(\()p Fs(D)2019 1087 y Fc(P)2078
+1072 y Fu(,)f Fs(env)2293 1087 y Fc(P)2351 1072 y Fu([)p
+Fs(p)6 b Ft(7!)p Fs(S)12 b Fu(]\))244 1240 y(up)s(d)409
+1255 y Fn(P)461 1240 y Fu(\()p Fo(")p Fu(,)33 b Fs(env)761
+1255 y Fc(P)818 1240 y Fu(\))g(=)f Fs(env)1153 1255 y
+Fc(P)146 1436 y Fu(As)j(the)f(v)-5 b(ariable)32 b(declarations)g(do)i
+(not)g(need)g(to)g(access)h(the)f(pro)s(cedure)h(en)m(vironmen)m(t)0
+1556 y(it)c(is)h(not)g(necessary)j(to)d(extend)i(the)f(transition)e
+(system)i(for)f(declarations)f(with)h(the)h(extra)0 1677
+y(comp)s(onen)m(t.)44 b(So)32 b(for)g(v)-5 b(ariable)31
+b(declarations)g(w)m(e)j(still)c(ha)m(v)m(e)k(transitions)d(of)i(the)g
+(form)244 1873 y Ft(h)p Fs(D)9 b Fu(,)32 b Fs(s)8 b Ft(i)33
+b(!)644 1888 y Fc(D)741 1873 y Fs(s)789 1837 y Fi(0)0
+2069 y Fu(The)h(relation)c(is)i(de\014ned)i(as)f(for)f(the)h(language)f
+Fw(Blo)s(c)m(k)p Fu(,)f(that)h(is)g(b)m(y)i(T)-8 b(able)32
+b(2.4.)146 2189 y(W)-8 b(e)25 b(can)g(no)m(w)g(complete)e(the)i(sp)s
+(eci\014cation)f(of)g(the)h(seman)m(tics)f(of)g(blo)s(c)m(ks)h(and)f
+(pro)s(cedure)0 2309 y(calls.)42 b(Note)31 b(that)g(in)g(the)h(rule)f
+([blo)s(c)m(k)1425 2324 y Fn(ns)1496 2309 y Fu(])g(of)g(T)-8
+b(able)31 b(2.5)g(w)m(e)h(use)g(the)g(up)s(dated)g(en)m(vironmen)m(t)0
+2430 y(when)47 b(executing)f(the)g(b)s(o)s(dy)f(of)g(the)h(blo)s(c)m
+(k.)82 b(In)46 b(the)g(rule)f([call)2495 2394 y Fn(rec)2495
+2454 y(ns)2588 2430 y Fu(])g(for)g(pro)s(cedure)i(calls)0
+2550 y(w)m(e)g(mak)m(e)f(use)i(of)d(the)i(information)c(pro)m(vided)j
+(b)m(y)h(the)g(en)m(vironmen)m(t.)85 b(It)46 b(follo)m(ws)f(that)0
+2671 y(pro)s(cedures)34 b(will)c Fs(always)40 b Fu(b)s(e)33
+b(recursiv)m(e.)0 2889 y Fw(Exercise)j(2.38)49 b Fu(Consider)33
+b(the)g(follo)m(wing)d(statemen)m(t)j(of)f Fw(Pro)s(c)p
+Fu(:)244 3085 y Fr(begin)i(proc)f(fac)h(is)f(begin)h(var)f(z)g
+Fu(:=)f Fr(x)p Fu(;)1381 3252 y Fr(if)h(x)f Fu(=)h Fr(1)g(then)g(skip)
+1381 3420 y(else)g Fu(\()p Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
+Fr(1)p Fu(;)i Fr(call)g(fac)p Fu(;)f Fr(y)g Fu(:=)f Fr(z)p
+Fo(?)p Fr(y)p Fu(\))1092 3588 y Fr(end)p Fu(;)533 3755
+y(\()p Fr(y)g Fu(:=)h Fr(1)p Fu(;)g Fr(call)g(fac)p Fu(\))244
+3923 y Fr(end)0 4119 y Fu(Construct)26 b(a)f(deriv)-5
+b(ation)23 b(tree)j(for)e(the)i(execution)f(of)g(this)g(statemen)m(t)g
+(from)f(a)h(state)g Fs(s)33 b Fu(where)0 4239 y Fs(s)41
+b Fr(x)32 b Fu(=)h Fw(3)p Fu(.)3042 b Fh(2)0 4458 y Fw(Exercise)36
+b(2.39)49 b Fu(Use)34 b(the)f(seman)m(tics)g(to)f(v)m(erify)h(that)f
+(the)h(statemen)m(t)244 4653 y Fr(begin)h(var)f(x)g Fu(:=)f
+Fr(0)p Fu(;)533 4821 y Fr(proc)h(p)g(is)g(x)g Fu(:=)f
+Fr(x)h Fo(?)f Fr(2)p Fu(;)533 4989 y Fr(proc)h(q)g(is)g(call)h(p)p
+Fu(;)533 5156 y Fr(begin)g(var)f(x)g Fu(:=)f Fr(5)p Fu(;)822
+5324 y Fr(proc)h(p)g(is)g(x)g Fu(:=)f Fr(x)h Fu(+)f(1;)822
+5492 y Fr(call)h(q)p Fu(;)g Fr(y)g Fu(:=)f Fr(x)p eop
+%%Page: 56 66
+56 65 bop 251 130 a Fw(56)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 1434
+4 1015 v 955 605 a Fu([call)1130 620 y Fn(ns)1200 605
+y Fu(])1701 519 y Fs(env)1857 483 y Fi(0)1857 543 y Fc(P)1948
+519 y Ft(`)32 b(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33
+b(!)f Fs(s)2506 483 y Fi(0)p 1588 582 1055 4 v 1588 687
+a Fs(env)1744 702 y Fc(P)1834 687 y Ft(`)h(h)p Fr(call)g
+Fs(p)6 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)2619 650
+y Fi(0)1814 843 y Fu(where)i Fs(env)2252 858 y Fc(P)2343
+843 y Fs(p)k Fu(=)32 b(\()p Fs(S)12 b Fu(,)33 b Fs(env)2860
+807 y Fi(0)2860 868 y Fc(P)2918 843 y Fu(\))955 1135
+y([call)1130 1099 y Fn(rec)1130 1159 y(ns)1223 1135 y
+Fu(])1588 1048 y Fs(env)1744 1012 y Fi(0)1744 1073 y
+Fc(P)1802 1048 y Fu([)p Fs(p)6 b Ft(7!)p Fu(\()p Fs(S)12
+b Fu(,)32 b Fs(env)2305 1012 y Fi(0)2305 1073 y Fc(P)2363
+1048 y Fu(\)])g Ft(`)h(h)p Fs(S)12 b Fu(,)32 b Fs(s)8
+b Ft(i)32 b(!)g Fs(s)3018 1012 y Fi(0)p 1588 1112 1454
+4 v 1788 1216 a Fs(env)1944 1231 y Fc(P)2034 1216 y Ft(`)g(h)p
+Fr(call)i Fs(p)6 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)2819
+1180 y Fi(0)1814 1373 y Fu(where)i Fs(env)2252 1388 y
+Fc(P)2343 1373 y Fs(p)k Fu(=)32 b(\()p Fs(S)12 b Fu(,)33
+b Fs(env)2860 1337 y Fi(0)2860 1397 y Fc(P)2918 1373
+y Fu(\))p 3753 1434 4 1015 v 283 1437 3473 4 v 572 1603
+a(T)-8 b(able)32 b(2.6:)43 b(Pro)s(cedure)34 b(calls)d(in)h(case)i(of)e
+(mixed)g(scop)s(e)h(rules)g(\(c)m(ho)s(ose)g(one\))816
+1894 y Fr(end)527 2061 y(end)283 2264 y Fu(considered)h(earlier)d(do)s
+(es)i(indeed)g(assign)f(the)h(exp)s(ected)i(v)-5 b(alue)32
+b(to)g Fr(y)p Fu(.)781 b Fh(2)283 2524 y Fw(Static)37
+b(scop)s(e)h(rules)f(for)g(pro)s(cedures)283 2709 y Fu(W)-8
+b(e)36 b(shall)d(no)m(w)j(mo)s(dify)d(the)i(seman)m(tics)g(of)f
+Fw(Pro)s(c)h Fu(to)f(sp)s(ecify)h(static)g(scop)s(e)g(rules)g(for)f
+(pro-)283 2829 y(cedures.)46 b(The)33 b(\014rst)g(step)h(will)c(b)s(e)j
+(to)f(extend)i(the)f(pro)s(cedure)g(en)m(vironmen)m(t)g
+Fs(env)3367 2844 y Fc(P)3457 2829 y Fu(so)g(that)283
+2949 y(pro)s(cedure)g(names)f(are)f(asso)s(ciated)h(with)f(their)g(b)s
+(o)s(dy)g(as)h(w)m(ell)f(as)h(the)g(pro)s(cedure)g(en)m(viron-)283
+3070 y(men)m(t)h(at)f(the)h(p)s(oin)m(t)f(of)g(declaration.)42
+b(T)-8 b(o)33 b(this)f(end)h(w)m(e)h(de\014ne)527 3273
+y Fw(En)m(v)719 3288 y Fn(P)804 3273 y Fu(=)e Fw(Pname)h
+Fo(,)-17 b Ft(!)32 b Fw(Stm)g Ft(\002)h Fw(En)m(v)1959
+3288 y Fn(P)283 3476 y Fu(This)j(de\014nition)e(ma)m(y)h(seem)g
+(problematic)e(b)s(ecause)k Fw(En)m(v)2495 3491 y Fn(P)2582
+3476 y Fu(is)d(de\014ned)j(in)d(terms)h(of)g(itself.)283
+3596 y(Ho)m(w)m(ev)m(er,)41 b(this)c(is)g(not)h(really)e(a)h(problem)f
+(b)s(ecause)j(a)e(concrete)h(pro)s(cedure)h(en)m(vironmen)m(t)283
+3717 y(alw)m(a)m(ys)31 b(will)d(b)s(e)i(built)f(from)f(smaller)g(en)m
+(vironmen)m(ts)j(starting)e(with)h(the)g(empt)m(y)h(pro)s(cedure)283
+3837 y(en)m(vironmen)m(t.)65 b(The)41 b(function)e(up)s(d)1665
+3852 y Fn(P)1757 3837 y Fu(up)s(dating)f(the)i(pro)s(cedure)h(en)m
+(vironmen)m(t)e(can)h(then)283 3958 y(b)s(e)33 b(rede\014ned)i(as:)527
+4161 y(up)s(d)692 4176 y Fn(P)745 4161 y Fu(\()p Fr(proc)e
+Fs(p)39 b Fr(is)33 b Fs(S)12 b Fu(;)32 b Fs(D)1453 4176
+y Fc(P)1512 4161 y Fu(,)h Fs(env)1728 4176 y Fc(P)1785
+4161 y Fu(\))g(=)f(up)s(d)2129 4176 y Fn(P)2182 4161
+y Fu(\()p Fs(D)2303 4176 y Fc(P)2361 4161 y Fu(,)h Fs(env)2577
+4176 y Fc(P)2635 4161 y Fu([)p Fs(p)6 b Ft(7!)o Fu(\()p
+Fs(S)12 b Fu(,)33 b Fs(env)3138 4176 y Fc(P)3196 4161
+y Fu(\)]\))527 4328 y(up)s(d)692 4343 y Fn(P)745 4328
+y Fu(\()p Fo(")o Fu(,)g Fs(env)1044 4343 y Fc(P)1102
+4328 y Fu(\))f(=)h Fs(env)1437 4343 y Fc(P)430 4531 y
+Fu(The)28 b(seman)m(tics)f(of)g(v)-5 b(ariable)25 b(declarations)h(are)
+i(una\013ected)g(and)f(so)h(is)e(the)i(seman)m(tics)f(of)283
+4652 y(most)f(of)f(the)h(statemen)m(ts.)42 b(Compared)26
+b(with)g(T)-8 b(able)25 b(2.5)g(w)m(e)i(shall)e(only)g(need)i(to)e(mo)s
+(dify)f(the)283 4772 y(rules)36 b(for)g(pro)s(cedure)g(calls.)52
+b(In)36 b(the)h(case)f(where)h(the)g(pro)s(cedures)g(of)e
+Fw(Pro)s(c)g Fu(are)h(assumed)283 4893 y(to)42 b(b)s(e)h
+Fs(non-r)-5 b(e)g(cursive)48 b Fu(w)m(e)c(simply)d(consult)h(the)g(pro)
+s(cedure)i(en)m(vironmen)m(t)e(to)g(determine)283 5013
+y(the)35 b(b)s(o)s(dy)f(of)g(the)g(pro)s(cedure)h(and)f(the)h(en)m
+(vironmen)m(t)f(at)g(the)g(p)s(oin)m(t)g(of)f(declaration.)47
+b(This)283 5133 y(is)35 b(expressed)j(b)m(y)e(the)g(rule)e([call)1505
+5148 y Fn(ns)1575 5133 y Fu(])h(of)g(T)-8 b(able)35 b(2.6.)51
+b(In)35 b(the)h(case)g(where)g(the)g(pro)s(cedures)g(of)283
+5254 y Fw(Pro)s(c)25 b Fu(are)h(assumed)g(to)f(b)s(e)h
+Fs(r)-5 b(e)g(cursive)32 b Fu(w)m(e)27 b(ha)m(v)m(e)g(to)e(mak)m(e)g
+(sure)i(that)e(o)s(ccurrences)i(of)e Fr(call)34 b Fs(p)283
+5374 y Fu(inside)j(the)h(b)s(o)s(dy)f(of)g Fs(p)43 b
+Fu(refer)37 b(to)g(the)h(pro)s(cedure)g(itself.)56 b(W)-8
+b(e)37 b(shall)f(therefore)i(up)s(date)f(the)283 5494
+y(pro)s(cedure)c(en)m(vironmen)m(t)g(to)e(con)m(tain)h(that)g
+(information.)40 b(This)32 b(is)f(expressed)k(b)m(y)e(the)f(rule)p
+eop
+%%Page: 57 67
+57 66 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures)
+1998 b(57)p 0 193 3473 4 v 0 515 a Fu([call)175 479 y
+Fn(rec)175 540 y(ns)268 515 y Fu(])28 b(of)f(T)-8 b(able)27
+b(2.6.)42 b(The)28 b(remaining)d(axioms)i(and)h(rules)f(are)h(as)g(in)f
+(T)-8 b(ables)28 b(2.5)f(\(without)0 636 y([call)175
+600 y Fn(rec)175 660 y(ns)268 636 y Fu(]\))32 b(and)h(2.4.)43
+b(\(Clearly)32 b(a)g(c)m(hoice)h(should)f(b)s(e)h(made)f(b)s(et)m(w)m
+(een)j([call)2752 651 y Fn(ns)2822 636 y Fu(])d(or)g([call)3175
+600 y Fn(rec)3175 660 y(ns)3268 636 y Fu(].\))0 880 y
+Fw(Exercise)k(2.40)49 b Fu(Construct)36 b(a)d(statemen)m(t)i(that)f
+(illustrates)e(the)j(di\013erence)g(b)s(et)m(w)m(een)h(the)0
+1000 y(t)m(w)m(o)26 b(rules)g(for)f(pro)s(cedure)h(call)e(giv)m(en)i
+(in)f(T)-8 b(able)25 b(2.6.)41 b(V)-8 b(alidate)23 b(y)m(our)k(claim)c
+(b)m(y)j(constructing)0 1121 y(deriv)-5 b(ation)31 b(trees)j(for)e(the)
+h(executions)g(of)f(the)h(statemen)m(t)g(from)f(a)g(suitable)g(state.)
+274 b Fh(2)0 1363 y Fw(Exercise)36 b(2.41)49 b Fu(Use)43
+b(the)f(seman)m(tics)g(to)g(v)m(erify)g(that)f(the)h(statemen)m(t)h(of)
+e(Exercise)i(2.39)0 1483 y(assigns)33 b(the)g(exp)s(ected)h(v)-5
+b(alue)32 b(to)g Fr(y)p Fu(.)2048 b Fh(2)0 1755 y Fw(Static)36
+b(scop)s(e)i(rules)f(for)g(v)-6 b(ariables)0 1943 y Fu(W)e(e)34
+b(shall)e(no)m(w)i(mo)s(dify)e(the)i(seman)m(tics)f(of)h
+Fw(Pro)s(c)e Fu(to)h(sp)s(ecify)h(static)f(scop)s(e)i(rules)e(for)g(v)
+-5 b(ari-)0 2064 y(ables)37 b(as)g(w)m(ell)f(as)h(pro)s(cedures.)57
+b(T)-8 b(o)37 b(ac)m(hiev)m(e)h(this)e(w)m(e)i(shall)e(replace)g(the)i
+(states)f(with)g(t)m(w)m(o)0 2184 y(mappings:)h(a)23
+b Fs(variable)j(envir)-5 b(onment)32 b Fu(that)24 b(asso)s(ciates)g(a)f
+Fs(lo)-5 b(c)g(ation)30 b Fu(with)24 b(eac)m(h)g(v)-5
+b(ariable)22 b(and)0 2305 y(a)35 b Fs(stor)-5 b(e)42
+b Fu(that)34 b(asso)s(ciates)h(a)g(v)-5 b(alue)34 b(with)h(eac)m(h)g
+(lo)s(cation.)48 b(F)-8 b(ormally)g(,)33 b(w)m(e)j(de\014ne)g(a)e(v)-5
+b(ariable)0 2425 y(en)m(vironmen)m(t)33 b Fs(env)717
+2440 y Fc(V)810 2425 y Fu(as)f(an)h(elemen)m(t)f(of)244
+2638 y Fw(En)m(v)436 2653 y Fn(V)526 2638 y Fu(=)h Fw(V)-9
+b(ar)32 b Ft(!)g Fw(Lo)s(c)0 2851 y Fu(where)h Fw(Lo)s(c)f
+Fu(is)f(a)g(set)i(of)e(lo)s(cations.)41 b(F)-8 b(or)31
+b(the)h(sak)m(e)h(of)e(simplicit)m(y)e(w)m(e)k(shall)d(tak)m(e)j
+Fw(Lo)s(c)e Fu(=)h Fw(Z)p Fu(.)0 2972 y(A)h(store)g Fs(sto)38
+b Fu(is)32 b(an)h(elemen)m(t)f(of)244 3185 y Fw(Store)g
+Fu(=)h Fw(Lo)s(c)f Ft([)h(f)g Fu(next)g Ft(g)f(!)h Fw(Z)0
+3398 y Fu(where)i(`next')g(is)e(a)h(sp)s(ecial)f(tok)m(en)h(used)h(to)f
+(hold)f(the)h(next)h(free)f(lo)s(cation.)45 b(W)-8 b(e)34
+b(shall)e(need)0 3519 y(a)g(function)244 3732 y(new:)44
+b Fw(Lo)s(c)33 b Ft(!)f Fw(Lo)s(c)0 3945 y Fu(that)37
+b(giv)m(en)h(a)g(lo)s(cation)d(will)g(pro)s(duce)k(the)f(next)g(one.)59
+b(In)38 b(our)g(case)g(where)h Fw(Lo)s(c)f Fu(is)f Fw(Z)h
+Fu(w)m(e)0 4065 y(tak)m(e)33 b(`new')h(to)e(b)s(e)h(the)g(successor)i
+(function)d(on)h(the)g(in)m(tegers.)146 4188 y(So)44
+b(rather)f(than)h(ha)m(ving)f(a)g(single)f(mapping)g
+Fs(s)52 b Fu(from)42 b(v)-5 b(ariables)42 b(to)h(v)-5
+b(alues)44 b(w)m(e)g(ha)m(v)m(e)0 4308 y(split)33 b(it)g(in)m(to)h(t)m
+(w)m(o)h(mappings)e Fs(env)1301 4323 y Fc(V)1395 4308
+y Fu(and)i Fs(sto)40 b Fu(and)35 b(the)f(idea)g(is)g(that)g
+Fs(s)42 b Fu(=)34 b Fs(sto)41 b Ft(\016)34 b Fs(env)3226
+4323 y Fc(V)3286 4308 y Fu(.)48 b(T)-8 b(o)0 4428 y(determine)32
+b(the)h(v)-5 b(alue)32 b(of)g(a)h(v)-5 b(ariable)30 b
+Fs(x)45 b Fu(w)m(e)33 b(shall)f(\014rst)145 4642 y Ft(\017)49
+b Fu(determine)32 b(the)h(lo)s(cation)d Fs(l)43 b Fu(=)32
+b Fs(env)1570 4657 y Fc(V)1663 4642 y Fs(x)44 b Fu(asso)s(ciated)33
+b(with)f Fs(x)44 b Fu(and)33 b(then)145 4855 y Ft(\017)49
+b Fu(determine)32 b(the)h(v)-5 b(alue)32 b Fs(sto)39
+b(l)k Fu(asso)s(ciated)32 b(with)g(the)h(lo)s(cation)d
+Fs(l)10 b Fu(.)0 5068 y(Similarly)-8 b(,)29 b(to)j(assign)g(a)g(v)-5
+b(alue)32 b Fs(v)43 b Fu(to)33 b(a)f(v)-5 b(ariable)31
+b Fs(x)44 b Fu(w)m(e)34 b(shall)d(\014rst)145 5281 y
+Ft(\017)49 b Fu(determine)32 b(the)h(lo)s(cation)d Fs(l)43
+b Fu(=)32 b Fs(env)1570 5296 y Fc(V)1663 5281 y Fs(x)44
+b Fu(asso)s(ciated)33 b(with)f Fs(x)44 b Fu(and)33 b(then)145
+5494 y Ft(\017)49 b Fu(up)s(date)33 b(the)g(store)g(to)f(ha)m(v)m(e)i
+Fs(sto)39 b(l)j Fu(=)33 b Fs(v)11 b Fu(.)p eop
+%%Page: 58 68
+58 67 bop 251 130 a Fw(58)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 1119
+4 700 v 562 605 a Fu([v)-5 b(ar)722 620 y Fn(ns)793 605
+y Fu(])1195 519 y Ft(h)p Fs(D)1317 534 y Fc(V)1378 519
+y Fu(,)32 b Fs(env)1593 534 y Fc(V)1653 519 y Fu([)p
+Fs(x)12 b Ft(7!)p Fs(l)e Fu(],)33 b Fs(sto)6 b Fu([)p
+Fs(l)k Ft(7!)p Fs(v)h Fu(][next)p Ft(7!)p Fu(new)34 b
+Fs(l)10 b Fu(])p Ft(i)33 b(!)3079 534 y Fc(D)3176 519
+y Fu(\()p Fs(env)3370 483 y Fi(0)3370 543 y Fc(V)3430
+519 y Fu(,)f Fs(sto)3617 483 y Fi(0)3641 519 y Fu(\))p
+1195 582 2484 4 v 1465 687 a Ft(h)o Fr(var)i Fs(x)44
+b Fu(:=)32 b Fs(a)7 b Fu(;)33 b Fs(D)2114 702 y Fc(V)2175
+687 y Fu(,)g Fs(env)2391 702 y Fc(V)2451 687 y Fu(,)g
+Fs(sto)6 b Ft(i)32 b(!)2810 702 y Fc(D)2906 687 y Fu(\()p
+Fs(env)3100 650 y Fi(0)3100 711 y Fc(V)3160 687 y Fu(,)h
+Fs(sto)3348 650 y Fi(0)3371 687 y Fu(\))1454 843 y(where)h
+Fs(v)43 b Fu(=)32 b Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
+b(])q(\()p Fs(sto)6 b Ft(\016)p Fs(env)2516 858 y Fc(V)2576
+843 y Fu(\))33 b(and)f Fs(l)43 b Fu(=)32 b Fs(sto)39
+b Fu(next)562 1058 y([none)789 1073 y Fn(ns)861 1058
+y Fu(])297 b Ft(h)p Fo(")p Fu(,)32 b Fs(env)1485 1073
+y Fc(V)1545 1058 y Fu(,)h Fs(sto)6 b Ft(i)32 b(!)1904
+1073 y Fc(D)2000 1058 y Fu(\()p Fs(env)2194 1073 y Fc(V)2254
+1058 y Fu(,)h Fs(sto)6 b Fu(\))p 3753 1119 4 700 v 283
+1122 3473 4 v 542 1283 a(T)-8 b(able)32 b(2.7:)43 b(Natural)31
+b(seman)m(tics)i(for)f(v)-5 b(ariable)31 b(declarations)g(using)i(lo)s
+(cations)430 1570 y(The)44 b(initial)39 b(v)-5 b(ariable)41
+b(en)m(vironmen)m(t)j(could)e(for)g(example)h(map)f(all)f(v)-5
+b(ariables)42 b(to)g(the)283 1690 y(lo)s(cation)35 b
+Fw(0)i Fu(and)h(the)f(initial)d(store)j(could)g(for)f(example)h(map)f
+(`next')j(to)d Fw(1)p Fu(.)58 b(The)38 b(v)-5 b(ariable)283
+1810 y(en)m(vironmen)m(t)23 b(\(and)g(the)g(store\))g(is)f(up)s(dated)h
+(b)m(y)g(the)g(v)-5 b(ariable)21 b(declarations.)39 b(The)23
+b(transition)283 1931 y(system)34 b(for)e(v)-5 b(ariable)31
+b(declarations)g(is)h(therefore)i(mo)s(di\014ed)d(to)h(ha)m(v)m(e)i
+(the)f(form)527 2139 y Ft(h)p Fs(D)649 2154 y Fc(V)710
+2139 y Fu(,)g Fs(env)926 2154 y Fc(V)986 2139 y Fu(,)f
+Fs(sto)6 b Ft(i)33 b(!)1344 2154 y Fc(D)1441 2139 y Fu(\()p
+Fs(env)1635 2102 y Fi(0)1635 2163 y Fc(V)1695 2139 y
+Fu(,)g Fs(sto)1883 2102 y Fi(0)1906 2139 y Fu(\))283
+2346 y(b)s(ecause)g(a)d(v)-5 b(ariable)30 b(declaration)f(will)g(mo)s
+(dify)g(the)i(v)-5 b(ariable)30 b(en)m(vironmen)m(t)h(as)g(w)m(ell)f
+(as)h(the)283 2467 y(store.)42 b(The)25 b(relation)e(is)h(de\014ned)i
+(in)e(T)-8 b(able)24 b(2.7.)40 b(Note)25 b(that)g(w)m(e)g(use)h(`)p
+Fs(sto)k Fu(next')c(to)e(determine)283 2587 y(the)33
+b(lo)s(cation)d Fs(l)43 b Fu(to)32 b(b)s(e)g(asso)s(ciated)g(with)g
+Fs(x)44 b Fu(in)32 b(the)h(v)-5 b(ariable)30 b(en)m(vironmen)m(t.)44
+b(Also)32 b(the)g(store)283 2708 y(is)j(up)s(dated)h(to)f(hold)g(the)g
+(correct)h(v)-5 b(alue)35 b(for)g Fs(l)45 b Fu(as)36
+b(w)m(ell)f(as)g(`next'.)53 b(Finally)33 b(note)i(that)g(the)283
+2828 y(declared)e(v)-5 b(ariables)32 b(will)e(get)i(p)s(ositiv)m(e)g
+(lo)s(cations.)430 2949 y(T)-8 b(o)37 b(obtain)g(static)g(scoping)h
+(for)f(v)-5 b(ariables)36 b(w)m(e)j(shall)d(extend)j(the)f(pro)s
+(cedure)h(en)m(viron-)283 3070 y(men)m(t)28 b(to)f(hold)g(the)h(v)-5
+b(ariable)26 b(en)m(vironmen)m(t)i(at)g(the)g(p)s(oin)m(t)f(of)g
+(declaration.)40 b(Therefore)29 b Fs(env)3698 3085 y
+Fc(P)283 3190 y Fu(will)i(no)m(w)i(b)s(e)g(an)f(elemen)m(t)h(of)527
+3398 y Fw(En)m(v)719 3413 y Fn(P)804 3398 y Fu(=)f Fw(Pname)h
+Fo(,)-17 b Ft(!)32 b Fw(Stm)g Ft(\002)h Fw(En)m(v)1959
+3413 y Fn(V)2049 3398 y Ft(\002)g Fw(En)m(v)2351 3413
+y Fn(P)283 3606 y Fu(The)41 b(pro)s(cedure)g(en)m(vironmen)m(t)f(is)g
+(up)s(dated)g(b)m(y)h(the)f(pro)s(cedure)h(declarations)e(as)h(b)s
+(efore,)283 3726 y(the)d(only)e(di\013erence)i(b)s(eing)e(that)h(the)g
+(curren)m(t)h(v)-5 b(ariable)34 b(en)m(vironmen)m(t)j(is)e(supplied)h
+(as)g(an)283 3846 y(additional)30 b(parameter.)43 b(The)34
+b(function)e(up)s(d)1996 3861 y Fn(P)2081 3846 y Fu(is)g(no)m(w)h
+(de\014ned)h(b)m(y:)527 4054 y(up)s(d)692 4069 y Fn(P)745
+4054 y Fu(\()p Fr(proc)f Fs(p)39 b Fr(is)33 b Fs(S)12
+b Fu(;)32 b Fs(D)1453 4069 y Fc(P)1512 4054 y Fu(,)h
+Fs(env)1728 4069 y Fc(V)1788 4054 y Fu(,)f Fs(env)2003
+4069 y Fc(P)2061 4054 y Fu(\))h(=)764 4222 y(up)s(d)929
+4237 y Fn(P)981 4222 y Fu(\()p Fs(D)1102 4237 y Fc(P)1161
+4222 y Fu(,)f Fs(env)1376 4237 y Fc(V)1436 4222 y Fu(,)h
+Fs(env)1652 4237 y Fc(P)1710 4222 y Fu([)p Fs(p)6 b Ft(7!)o
+Fu(\()p Fs(S)12 b Fu(,)33 b Fs(env)2213 4237 y Fc(V)2273
+4222 y Fu(,)g Fs(env)2489 4237 y Fc(P)2546 4222 y Fu(\)]\))527
+4389 y(up)s(d)692 4404 y Fn(P)745 4389 y Fu(\()p Fo(")o
+Fu(,)g Fs(env)1044 4404 y Fc(V)1104 4389 y Fu(,)g Fs(env)1320
+4404 y Fc(P)1378 4389 y Fu(\))f(=)g Fs(env)1712 4404
+y Fc(P)430 4597 y Fu(Finally)-8 b(,)30 b(the)j(transition)e(system)i
+(for)f(statemen)m(ts)i(will)c(ha)m(v)m(e)k(the)f(form:)527
+4805 y Fs(env)683 4820 y Fc(V)743 4805 y Fu(,)g Fs(env)959
+4820 y Fc(P)1049 4805 y Ft(`)g(h)p Fs(S)12 b Fu(,)32
+b Fs(sto)6 b Ft(i)32 b(!)h Fs(sto)1768 4769 y Fi(0)283
+5013 y Fu(so)26 b(giv)m(en)g(a)g(v)-5 b(ariable)24 b(en)m(vironmen)m(t)
+i(and)g(a)g(pro)s(cedure)g(en)m(vironmen)m(t)h(w)m(e)f(get)g(a)g
+(relationship)283 5133 y(b)s(et)m(w)m(een)37 b(an)d(initial)c(store)k
+(and)h(a)e(\014nal)h(store.)48 b(The)35 b(mo)s(di\014cation)d(of)h(T)-8
+b(ables)34 b(2.5)g(and)g(2.6)283 5254 y(is)h(rather)f(straigh)m(tforw)m
+(ard)g(and)h(is)f(giv)m(en)h(in)f(T)-8 b(able)34 b(2.8.)50
+b(Note)34 b(that)h(in)f(the)h(new)g(rule)f(for)283 5374
+y(blo)s(c)m(ks)d(there)g(is)f(no)g(analogue)g(of)g Fs(s)1615
+5338 y Fi(00)1657 5374 y Fu([D)m(V\()p Fs(D)1950 5389
+y Fc(V)2011 5374 y Fu(\))p Ft(7\000)-16 b(!)o Fs(s)8
+b Fu(])31 b(as)g(the)f(v)-5 b(alues)31 b(of)f(v)-5 b(ariables)29
+b(only)h(can)283 5494 y(b)s(e)j(obtained)f(b)m(y)i(accessing)f(the)g
+(en)m(vironmen)m(t.)p eop
+%%Page: 59 69
+59 68 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures)
+1998 b(59)p 0 193 3473 4 v 0 510 V 0 5220 4 4710 v 193
+620 a Fu([ass)345 635 y Fn(ns)417 620 y Fu(])254 b Fs(env)854
+635 y Fc(V)914 620 y Fu(,)32 b Fs(env)1129 635 y Fc(P)1220
+620 y Ft(`)g(h)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33
+b Fs(sto)6 b Ft(i)32 b(!)g Fs(sto)6 b Fu([)p Fs(l)k Ft(7!)p
+Fs(v)h Fu(])934 787 y(where)34 b Fs(l)43 b Fu(=)32 b
+Fs(env)1548 802 y Fc(V)1641 787 y Fs(x)44 b Fu(and)33
+b Fs(v)43 b Fu(=)32 b Ft(A)p Fu([)-17 b([)p Fs(a)7 b
+Fu(])-17 b(])q(\()p Fs(sto)6 b Ft(\016)p Fs(env)2700
+802 y Fc(V)2760 787 y Fu(\))193 1002 y([skip)391 1017
+y Fn(ns)462 1002 y Fu(])209 b Fs(env)854 1017 y Fc(V)914
+1002 y Fu(,)32 b Fs(env)1129 1017 y Fc(P)1220 1002 y
+Ft(`)g(h)p Fr(skip)p Fu(,)i Fs(sto)6 b Ft(i)32 b(!)g
+Fs(sto)193 1294 y Fu([comp)448 1309 y Fn(ns)519 1294
+y Fu(])708 1207 y Fs(env)864 1222 y Fc(V)924 1207 y Fu(,)g
+Fs(env)1139 1222 y Fc(P)1230 1207 y Ft(`)g(h)p Fs(S)1429
+1222 y Fn(1)1468 1207 y Fu(,)h Fs(sto)6 b Ft(i)32 b(!)g
+Fs(sto)1987 1171 y Fi(0)2011 1207 y Fu(,)65 b Fs(env)2259
+1222 y Fc(V)2319 1207 y Fu(,)33 b Fs(env)2535 1222 y
+Fc(P)2625 1207 y Ft(`)f(h)p Fs(S)2824 1222 y Fn(2)2864
+1207 y Fu(,)g Fs(sto)3051 1171 y Fi(0)3075 1207 y Ft(i)g(!)g
+Fs(sto)3406 1171 y Fi(00)p 708 1270 2741 4 v 1350 1375
+a Fs(env)1506 1390 y Fc(V)1566 1375 y Fu(,)h Fs(env)1782
+1390 y Fc(P)1872 1375 y Ft(`)g(h)p Fs(S)2072 1390 y Fn(1)2111
+1375 y Fu(;)p Fs(S)2205 1390 y Fn(2)2244 1375 y Fu(,)g
+Fs(sto)6 b Ft(i)32 b(!)g Fs(sto)2763 1339 y Fi(00)193
+1656 y Fu([if)278 1620 y Fn(tt)278 1680 y(ns)348 1656
+y Fu(])1124 1569 y Fs(env)1280 1584 y Fc(V)1340 1569
+y Fu(,)h Fs(env)1556 1584 y Fc(P)1646 1569 y Ft(`)f(h)p
+Fs(S)1845 1584 y Fn(1)1884 1569 y Fu(,)h Fs(sto)6 b Ft(i)32
+b(!)h Fs(sto)2404 1533 y Fi(0)p 708 1633 2136 4 v 708
+1737 a Fs(env)864 1752 y Fc(V)924 1737 y Fu(,)f Fs(env)1139
+1752 y Fc(P)1230 1737 y Ft(`)g(h)p Fr(if)h Fs(b)38 b
+Fr(then)c Fs(S)1885 1752 y Fn(1)1957 1737 y Fr(else)f
+Fs(S)2261 1752 y Fn(2)2301 1737 y Fu(,)f Fs(sto)6 b Ft(i)33
+b(!)f Fs(sto)2820 1701 y Fi(0)934 1894 y Fu(if)f Ft(B)t
+Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(\()p Fs(sto)6
+b Ft(\016)p Fs(env)1590 1909 y Fc(V)1650 1894 y Fu(\))32
+b(=)h Fw(tt)193 2185 y Fu([if)278 2149 y Fn(\013)278
+2210 y(ns)348 2185 y Fu(])1124 2099 y Fs(env)1280 2114
+y Fc(V)1340 2099 y Fu(,)g Fs(env)1556 2114 y Fc(P)1646
+2099 y Ft(`)f(h)p Fs(S)1845 2114 y Fn(2)1884 2099 y Fu(,)h
+Fs(sto)6 b Ft(i)32 b(!)h Fs(sto)2404 2063 y Fi(0)p 708
+2162 V 708 2267 a Fs(env)864 2282 y Fc(V)924 2267 y Fu(,)f
+Fs(env)1139 2282 y Fc(P)1230 2267 y Ft(`)g(h)p Fr(if)h
+Fs(b)38 b Fr(then)c Fs(S)1885 2282 y Fn(1)1957 2267 y
+Fr(else)f Fs(S)2261 2282 y Fn(2)2301 2267 y Fu(,)f Fs(sto)6
+b Ft(i)33 b(!)f Fs(sto)2820 2231 y Fi(0)934 2423 y Fu(if)f
+Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(\()p Fs(sto)6
+b Ft(\016)p Fs(env)1590 2438 y Fc(V)1650 2423 y Fu(\))32
+b(=)h Fw(\013)193 2832 y Fu([while)443 2796 y Fn(tt)443
+2857 y(ns)513 2832 y Fu(])969 2637 y Fs(env)1125 2652
+y Fc(V)1185 2637 y Fu(,)g Fs(env)1401 2652 y Fc(P)1491
+2637 y Ft(`)g(h)o Fs(S)12 b Fu(,)33 b Fs(sto)6 b Ft(i)32
+b(!)g Fs(sto)2209 2601 y Fi(0)2233 2637 y Fu(,)708 2746
+y Fs(env)864 2761 y Fc(V)924 2746 y Fu(,)g Fs(env)1139
+2761 y Fc(P)1230 2746 y Ft(`)g(h)p Fr(while)i Fs(b)k
+Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(sto)2124 2710 y Fi(0)2147
+2746 y Ft(i)f(!)h Fs(sto)2479 2710 y Fi(00)p 708 2809
+1814 4 v 719 2914 a Fs(env)875 2929 y Fc(V)935 2914 y
+Fu(,)g Fs(env)1151 2929 y Fc(P)1241 2914 y Ft(`)g(h)p
+Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(sto)6
+b Ft(i)33 b(!)f Fs(sto)2467 2878 y Fi(00)934 3070 y Fu(if)f
+Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(\()p Fs(sto)6
+b Ft(\016)p Fs(env)1590 3085 y Fc(V)1650 3070 y Fu(\))32
+b(=)h Fw(tt)193 3285 y Fu([while)443 3249 y Fn(\013)443
+3310 y(ns)513 3285 y Fu(])158 b Fs(env)854 3300 y Fc(V)914
+3285 y Fu(,)32 b Fs(env)1129 3300 y Fc(P)1220 3285 y
+Ft(`)g(h)p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33
+b Fs(sto)6 b Ft(i)32 b(!)g Fs(sto)934 3453 y Fu(if)f
+Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(\()p Fs(sto)6
+b Ft(\016)p Fs(env)1590 3468 y Fc(V)1650 3453 y Fu(\))32
+b(=)h Fw(\013)193 3862 y Fu([blo)s(c)m(k)445 3877 y Fn(ns)516
+3862 y Fu(])1040 3666 y Ft(h)p Fs(D)1162 3681 y Fc(V)1223
+3666 y Fu(,)f Fs(env)1438 3681 y Fc(V)1499 3666 y Fu(,)g
+Fs(sto)6 b Ft(i)33 b(!)1857 3681 y Fc(D)1954 3666 y Fu(\()p
+Fs(env)2148 3630 y Fi(0)2148 3691 y Fc(V)2208 3666 y
+Fu(,)f Fs(sto)2395 3630 y Fi(0)2419 3666 y Fu(\),)1109
+3775 y Fs(env)1265 3739 y Fi(0)1265 3800 y Fc(V)1325
+3775 y Fu(,)h Fs(env)1541 3739 y Fi(0)1541 3800 y Fc(P)1631
+3775 y Ft(`)f(h)p Fs(S)12 b Fu(,)33 b Fs(sto)2018 3739
+y Fi(0)2041 3775 y Ft(i)f(!)h Fs(sto)2373 3739 y Fi(00)p
+708 3838 2109 4 v 708 3943 a Fs(env)864 3958 y Fc(V)924
+3943 y Fu(,)f Fs(env)1139 3958 y Fc(P)1230 3943 y Ft(`)g(h)p
+Fr(begin)i Fs(D)1734 3958 y Fc(V)1827 3943 y Fs(D)1910
+3958 y Fc(P)2001 3943 y Fs(S)45 b Fr(end)p Fu(,)33 b
+Fs(sto)6 b Ft(i)33 b(!)f Fs(sto)2774 3907 y Fi(00)934
+4100 y Fu(where)i Fs(env)1372 4063 y Fi(0)1372 4124 y
+Fc(P)1462 4100 y Fu(=)f(up)s(d)1736 4115 y Fn(P)1788
+4100 y Fu(\()p Fs(D)1909 4115 y Fc(P)1968 4100 y Fu(,)f
+Fs(env)2183 4063 y Fi(0)2183 4124 y Fc(V)2243 4100 y
+Fu(,)h Fs(env)2459 4115 y Fc(P)2517 4100 y Fu(\))193
+4391 y([call)368 4406 y Fn(ns)437 4391 y Fu(])821 4305
+y Fs(env)977 4269 y Fi(0)977 4330 y Fc(V)1037 4305 y
+Fu(,)g Fs(env)1253 4269 y Fi(0)1253 4330 y Fc(P)1343
+4305 y Ft(`)g(h)o Fs(S)12 b Fu(,)33 b Fs(sto)6 b Ft(i)32
+b(!)g Fs(sto)2061 4269 y Fi(0)p 708 4368 1491 4 v 708
+4473 a Fs(env)864 4488 y Fc(V)924 4473 y Fu(,)g Fs(env)1139
+4488 y Fc(P)1230 4473 y Ft(`)g(h)p Fr(call)i Fs(p)6 b
+Fu(,)32 b Fs(sto)6 b Ft(i)32 b(!)h Fs(sto)2175 4437 y
+Fi(0)934 4629 y Fu(where)h Fs(env)1372 4644 y Fc(P)1462
+4629 y Fs(p)39 b Fu(=)32 b(\()p Fs(S)12 b Fu(,)32 b Fs(env)1979
+4593 y Fi(0)1979 4654 y Fc(V)2039 4629 y Fu(,)h Fs(env)2255
+4593 y Fi(0)2255 4654 y Fc(P)2313 4629 y Fu(\))193 4921
+y([call)368 4885 y Fn(rec)368 4946 y(ns)461 4921 y Fu(])708
+4835 y Fs(env)864 4798 y Fi(0)864 4859 y Fc(V)924 4835
+y Fu(,)f Fs(env)1139 4798 y Fi(0)1139 4859 y Fc(P)1197
+4835 y Fu([)p Fs(p)6 b Ft(7!)p Fu(\()p Fs(S)12 b Fu(,)32
+b Fs(env)1700 4798 y Fi(0)1700 4859 y Fc(V)1760 4835
+y Fu(,)h Fs(env)1976 4798 y Fi(0)1976 4859 y Fc(P)2034
+4835 y Fu(\)])f Ft(`)h(h)p Fs(S)12 b Fu(,)32 b Fs(sto)6
+b Ft(i)32 b(!)h Fs(sto)2850 4798 y Fi(0)p 708 4898 2166
+4 v 1045 5003 a Fs(env)1201 5018 y Fc(V)1261 5003 y Fu(,)g
+Fs(env)1477 5018 y Fc(P)1567 5003 y Ft(`)g(h)o Fr(call)h
+Fs(p)6 b Fu(,)33 b Fs(sto)6 b Ft(i)32 b(!)g Fs(sto)2512
+4966 y Fi(0)934 5159 y Fu(where)i Fs(env)1372 5174 y
+Fc(P)1462 5159 y Fs(p)39 b Fu(=)32 b(\()p Fs(S)12 b Fu(,)32
+b Fs(env)1979 5123 y Fi(0)1979 5184 y Fc(V)2039 5159
+y Fu(,)h Fs(env)2255 5123 y Fi(0)2255 5184 y Fc(P)2313
+5159 y Fu(\))p 3469 5220 4 4710 v 0 5223 3473 4 v 420
+5384 a(T)-8 b(able)32 b(2.8:)44 b(Natural)31 b(seman)m(tics)i(for)f
+Fw(Pro)s(c)g Fu(with)g(static)g(scop)s(e)h(rules)p eop
+%%Page: 60 70
+60 69 bop 251 130 a Fw(60)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v 283 515 a(Exercise)g(2.42)49
+b Fu(Apply)23 b(the)h(natural)f(seman)m(tics)h(of)f(T)-8
+b(able)23 b(2.8)g(to)g(the)h(factorial)d(statemen)m(t)283
+636 y(of)33 b(Exercise)h(2.38)d(and)i(a)f(store)h(where)h(the)f(lo)s
+(cation)d(for)i Fr(x)h Fu(has)g(the)g(v)-5 b(alue)32
+b Fw(3)p Fu(.)456 b Fh(2)283 830 y Fw(Exercise)37 b(2.43)49
+b Fu(V)-8 b(erify)24 b(that)h(the)g(seman)m(tics)g(applied)e(to)i(the)g
+(statemen)m(t)g(of)f(Exercise)i(2.39)283 950 y(giv)m(es)33
+b(the)g(exp)s(ected)i(result.)2318 b Fh(2)283 1144 y
+Fw(Exercise)37 b(2.44)49 b Fu(*)38 b(An)h(alternativ)m(e)g(seman)m
+(tics)g(of)f(the)h(language)f Fw(While)f Fu(is)i(de\014ned)h(b)m(y)283
+1264 y(the)30 b(axioms)e(and)h(rules)g([ass)1341 1279
+y Fn(ns)1413 1264 y Fu(],)h([skip)1695 1279 y Fn(ns)1766
+1264 y Fu(],)g([comp)2105 1279 y Fn(ns)2176 1264 y Fu(],)g([if)2345
+1228 y Fn(tt)2345 1289 y(ns)2415 1264 y Fu(],)g([if)2584
+1228 y Fn(\013)2584 1289 y(ns)2654 1264 y Fu(],)g([while)2988
+1228 y Fn(tt)2988 1289 y(ns)3059 1264 y Fu(])f(and)g([while)3551
+1228 y Fn(\013)3551 1289 y(ns)3621 1264 y Fu(])g(of)283
+1384 y(T)-8 b(able)35 b(2.8.)50 b(F)-8 b(orm)m(ulate)33
+b(and)i(pro)m(v)m(e)i(the)e(equiv)-5 b(alence)35 b(b)s(et)m(w)m(een)i
+(this)e(seman)m(tics)g(and)g(that)283 1505 y(of)e(T)-8
+b(able)32 b(2.1.)2866 b Fh(2)283 1699 y Fw(Exercise)37
+b(2.45)49 b Fu(Mo)s(dify)40 b(the)i(syn)m(tax)h(of)e(pro)s(cedure)h
+(declarations)e(so)h(that)g(pro)s(cedures)283 1819 y(tak)m(e)34
+b(t)m(w)m(o)f Fs(c)-5 b(al)5 b(l-by-value)39 b Fu(parameters:)527
+1996 y Fs(D)610 2011 y Fc(P)702 1996 y Fu(::=)32 b Fr(proc)i
+Fs(p)6 b Fu(\()p Fs(x)1253 2011 y Fn(1)1292 1996 y Fu(,)p
+Fs(x)1376 2011 y Fn(2)1415 1996 y Fu(\))33 b Fr(is)g
+Fs(S)12 b Fu(;)32 b Fs(D)1830 2011 y Fc(P)1921 1996 y
+Ft(j)g Fo(")527 2164 y Fs(S)45 b Fu(::=)32 b Ft(\001)17
+b(\001)g(\001)31 b(j)h Fr(call)i Fs(p)6 b Fu(\()p Fs(a)1387
+2179 y Fn(1)1426 2164 y Fu(,)p Fs(a)1510 2179 y Fn(2)1550
+2164 y Fu(\))283 2342 y(Pro)s(cedure)34 b(en)m(vironmen)m(ts)g(will)c
+(no)m(w)j(b)s(e)g(elemen)m(ts)g(of)527 2519 y Fw(En)m(v)719
+2534 y Fn(P)804 2519 y Fu(=)f Fw(Pname)h Fo(,)-17 b Ft(!)32
+b Fw(V)-9 b(ar)32 b Ft(\002)h Fw(V)-9 b(ar)32 b Ft(\002)h
+Fw(Stm)f Ft(\002)h Fw(En)m(v)2595 2534 y Fn(V)2686 2519
+y Ft(\002)g Fw(En)m(v)2988 2534 y Fn(P)283 2697 y Fu(Mo)s(dify)g(the)h
+(seman)m(tics)g(giv)m(en)g(ab)s(o)m(v)m(e)g(to)g(handle)f(this)g
+(language.)46 b(In)33 b(particular,)g(pro)m(vide)283
+2817 y(new)42 b(rules)g(for)e(pro)s(cedure)i(calls:)59
+b(one)42 b(for)e(non-recursiv)m(e)j(pro)s(cedures)f(and)f(another)g
+(for)283 2937 y(recursiv)m(e)c(pro)s(cedures.)52 b(Construct)37
+b(statemen)m(ts)f(that)f(illustrate)e(ho)m(w)i(the)h(new)g(rules)f(are)
+283 3058 y(used.)3182 b Fh(2)283 3252 y Fw(Exercise)37
+b(2.46)49 b Fu(No)m(w)27 b(consider)g(the)h(language)e
+Fw(Pro)s(c)g Fu(and)h(the)g(task)h(of)e(ac)m(hieving)g
+Fs(mutual)283 3372 y(r)-5 b(e)g(cursion)p Fu(.)43 b(The)34
+b(pro)s(cedure)g(en)m(vironmen)m(t)e(is)h(no)m(w)g(de\014ned)h(to)e(b)s
+(e)h(an)f(elemen)m(t)h(of)527 3549 y Fw(En)m(v)719 3564
+y Fn(P)804 3549 y Fu(=)f Fw(Pname)h Fo(,)-17 b Ft(!)32
+b Fw(Stm)g Ft(\002)h Fw(En)m(v)1959 3564 y Fn(V)2049
+3549 y Ft(\002)g Fw(En)m(v)2351 3564 y Fn(P)2436 3549
+y Ft(\002)g Fw(Dec)2733 3564 y Fn(P)283 3727 y Fu(The)49
+b(idea)e(is)h(that)g(if)e Fs(env)1321 3742 y Fc(P)1427
+3727 y Fs(p)54 b Fu(=)47 b(\()p Fs(S)12 b Fu(,)48 b Fs(env)1990
+3691 y Fi(0)1990 3752 y Fc(V)2050 3727 y Fu(,)k Fs(env)2285
+3691 y Fi(0)2285 3752 y Fc(P)2343 3727 y Fu(,)f Fo(D)2505
+3691 y Fc(?)2502 3752 y(P)2561 3727 y Fu(\))d(then)g
+Fo(D)2968 3691 y Fc(?)2965 3752 y(P)3072 3727 y Fu(con)m(tains)g(all)d
+(the)283 3847 y(pro)s(cedure)34 b(declarations)d(that)i(are)f(made)h
+(in)e(the)i(same)g(blo)s(c)m(k)f(as)h Fs(p)6 b Fu(.)43
+b(De\014ne)33 b(up)s(d)3409 3811 y Fi(0)3409 3872 y Fc(P)3501
+3847 y Fu(b)m(y)527 4025 y(up)s(d)692 3989 y Fi(0)692
+4049 y Fc(P)751 4025 y Fu(\()p Fr(proc)h Fs(p)k Fr(is)33
+b Fs(S)12 b Fu(;)33 b Fs(D)1460 4040 y Fc(P)1518 4025
+y Fu(,)g Fs(env)1734 4040 y Fc(V)1794 4025 y Fu(,)g Fs(env)2010
+4040 y Fc(P)2068 4025 y Fu(,)f Fo(D)2211 3989 y Fc(?)2208
+4049 y(P)2267 4025 y Fu(\))g(=)796 4192 y(up)s(d)961
+4156 y Fi(0)961 4217 y Fc(P)1020 4192 y Fu(\()p Fs(D)1141
+4207 y Fc(P)1200 4192 y Fu(,)g Fs(env)1415 4207 y Fc(V)1475
+4192 y Fu(,)h Fs(env)1691 4207 y Fc(P)1749 4192 y Fu([)p
+Fs(p)6 b Ft(7!)p Fu(\()p Fs(S)12 b Fu(,)32 b Fs(env)2252
+4207 y Fc(V)2312 4192 y Fu(,)h Fs(env)2528 4207 y Fc(P)2586
+4192 y Fu(,)p Fo(D)2697 4156 y Fc(?)2694 4217 y(P)2752
+4192 y Fu(\)],)g Fo(D)2961 4156 y Fc(?)2958 4217 y(P)3017
+4192 y Fu(\))527 4360 y(up)s(d)692 4324 y Fi(0)692 4385
+y Fc(P)751 4360 y Fu(\()p Fo(")p Fu(,)g Fs(env)1051 4375
+y Fc(V)1111 4360 y Fu(,)f Fs(env)1326 4375 y Fc(P)1384
+4360 y Fu(,)p Fo(D)1495 4324 y Fc(?)1492 4385 y(P)1551
+4360 y Fu(\))g(=)h Fs(env)1886 4375 y Fc(P)283 4538 y
+Fu(Next)h(rede\014ne)g(up)s(d)1050 4553 y Fc(P)1141 4538
+y Fu(b)m(y)527 4715 y(up)s(d)692 4730 y Fc(P)751 4715
+y Fu(\()p Fs(D)872 4730 y Fc(P)931 4715 y Fu(,)f Fs(env)1147
+4730 y Fc(V)1207 4715 y Fu(,)f Fs(env)1422 4730 y Fc(P)1480
+4715 y Fu(\))h(=)f(up)s(d)1824 4679 y Fi(0)1824 4740
+y Fc(P)1883 4715 y Fu(\()p Fs(D)2004 4730 y Fc(P)2063
+4715 y Fu(,)g Fs(env)2278 4730 y Fc(V)2338 4715 y Fu(,)h
+Fs(env)2554 4730 y Fc(P)2612 4715 y Fu(,)f Fs(D)2754
+4730 y Fc(P)2813 4715 y Fu(\))283 4893 y(Mo)s(dify)d(the)i(seman)m
+(tics)e(of)g Fw(Pro)s(c)g Fu(so)h(as)g(to)f(obtain)g(m)m(utual)f
+(recursion)i(among)e(pro)s(cedures)283 5013 y(de\014ned)33
+b(in)e(the)h(same)f(blo)s(c)m(k.)43 b(Illustrate)31 b(ho)m(w)h(the)g
+(new)g(rules)f(are)h(used)h(on)e(an)g(in)m(teresting)283
+5133 y(statemen)m(t)j(of)e(y)m(our)h(c)m(hoice.)430 5254
+y(\(Hin)m(t:)39 b(Con)m(vince)26 b(y)m(ourself,)g(that)f([call)1899
+5218 y Fn(rec)1899 5278 y(ns)1992 5254 y Fu(])f(is)g(the)i(only)e(rule)
+g(that)g(needs)j(to)d(b)s(e)h(c)m(hanged;)283 5374 y(then)36
+b(consider)g(whether)h(or)e(not)g(the)h(function)f(up)s(d)2287
+5389 y Fc(P)2381 5374 y Fu(migh)m(t)f(b)s(e)i(useful)f(in)g(the)g(new)i
+(de\014-)283 5494 y(nition)31 b(of)h([call)851 5458 y
+Fn(rec)851 5519 y(ns)944 5494 y Fu(].\))2645 b Fh(2)p
+eop
+%%Page: 61 71
+61 70 bop 0 130 a Fw(2.5)112 b(Blo)s(c)m(ks)37 b(and)h(pro)s(cedures)
+1998 b(61)p 0 193 3473 4 v 0 515 a(Exercise)36 b(2.47)49
+b Fu(W)-8 b(e)46 b(shall)e(consider)i(a)f(v)-5 b(arian)m(t)45
+b(of)g(the)h(seman)m(tics)f(where)i(w)m(e)g(use)f(the)0
+636 y(v)-5 b(ariable)45 b(en)m(vironmen)m(t)i(rather)f(than)h(the)g
+(store)g(to)f(hold)g(the)h(next)g(free)g(lo)s(cation.)83
+b(So)0 756 y(assume)33 b(that)244 960 y Fw(En)m(v)436
+975 y Fn(V)526 960 y Fu(=)g Fw(V)-9 b(ar)32 b Ft([)h(f)f
+Fu(next)h Ft(g)g(!)f Fw(Lo)s(c)0 1163 y Fu(and)244 1366
+y Fw(Store)g Fu(=)h Fw(Lo)s(c)f Ft(!)h Fw(Z)0 1570 y
+Fu(As)j(b)s(efore)f(w)m(e)h(shall)d(write)i Fs(sto)41
+b Ft(\016)35 b Fs(env)1474 1585 y Fc(V)1569 1570 y Fu(for)f(the)i
+(state)f(obtained)g(b)m(y)h(\014rst)f(using)g Fs(env)3291
+1585 y Fc(V)3386 1570 y Fu(to)0 1690 y(\014nd)29 b(the)f(lo)s(cation)e
+(of)h(the)i(v)-5 b(ariable)26 b(and)i(then)h Fs(sto)34
+b Fu(to)27 b(\014nd)i(the)f(v)-5 b(alue)28 b(of)f(the)i(lo)s(cation.)39
+b(The)0 1811 y(clauses)33 b(of)f(T)-8 b(able)33 b(2.7)f(are)g(no)m(w)i
+(replaced)e(b)m(y)254 1996 y Ft(h)p Fs(D)376 2011 y Fc(V)437
+1996 y Fu(,)g Fs(env)652 2011 y Fc(V)712 1996 y Fu([)p
+Fs(x)12 b Ft(7!)p Fs(l)e Fu(][next)p Ft(7!)q Fu(new)33
+b Fs(l)10 b Fu(],)33 b Fs(sto)6 b Fu([)p Fs(l)k Ft(7!)p
+Fs(v)h Fu(])p Ft(i)32 b(!)2138 2011 y Fc(D)2234 1996
+y Fu(\()p Fs(env)2428 1960 y Fi(0)2428 2021 y Fc(V)2488
+1996 y Fu(,)h Fs(sto)2676 1960 y Fi(0)2700 1996 y Fu(\))p
+254 2059 2484 4 v 523 2164 a Ft(h)p Fr(var)g Fs(x)45
+b Fu(:=)32 b Fs(a)7 b Fu(;)33 b Fs(D)1173 2179 y Fc(V)1234
+2164 y Fu(,)g Fs(env)1450 2179 y Fc(V)1510 2164 y Fu(,)f
+Fs(sto)6 b Ft(i)33 b(!)1868 2179 y Fc(D)1965 2164 y Fu(\()p
+Fs(env)2159 2128 y Fi(0)2159 2189 y Fc(V)2219 2164 y
+Fu(,)g Fs(sto)2407 2128 y Fi(0)2430 2164 y Fu(\))513
+2319 y(where)g Fs(v)43 b Fu(=)33 b Ft(A)o Fu([)-17 b([)q
+Fs(a)7 b Fu(])-17 b(])q(\()p Fs(sto)6 b Ft(\016)p Fs(env)1575
+2334 y Fc(V)1635 2319 y Fu(\))32 b(and)h Fs(l)43 b Fu(=)32
+b Fs(env)2227 2334 y Fc(V)2320 2319 y Fu(next)244 2534
+y Ft(h)p Fo(")o Fu(,)h Fs(env)544 2549 y Fc(V)604 2534
+y Fu(,)g Fs(sto)6 b Ft(i)32 b(!)963 2549 y Fc(D)1059
+2534 y Fu(\()p Fs(env)1253 2549 y Fc(V)1313 2534 y Fu(,)h
+Fs(sto)6 b Fu(\))0 2737 y(Construct)25 b(a)f(statemen)m(t)h(that)e
+(computes)i(di\013eren)m(t)f(results)h(under)g(the)f(t)m(w)m(o)h(v)-5
+b(arian)m(ts)23 b(of)h(the)0 2858 y(seman)m(tics.)43
+b(V)-8 b(alidate)29 b(y)m(our)i(claim)d(b)m(y)j(constructing)f(deriv)-5
+b(ation)29 b(trees)j(for)d(the)i(executions)0 2978 y(of)h(the)h
+(statemen)m(t)g(from)e(a)i(suitable)e(state.)1758 b Fh(2)p
+eop
+%%Page: 62 72
+62 71 bop 251 130 a Fw(62)2086 b(2)112 b(Op)s(erational)37
+b(Seman)m(tics)p 251 193 3473 4 v eop
+%%Page: 63 73
+63 72 bop 0 1180 a Fv(Chapter)78 b(3)0 1596 y(Pro)-6
+b(v)-13 b(ably)76 b(Correct)i(Implemen)-6 b(tation)0
+2049 y Fu(A)31 b(formal)e(sp)s(eci\014cation)h(of)h(the)h(seman)m(tics)
+f(of)g(a)f(programming)e(language)i(is)h(useful)g(when)0
+2169 y(implemen)m(ting)c(it.)42 b(In)31 b(particular,)e(it)g(b)s
+(ecomes)i(p)s(ossible)f(to)f(argue)i(ab)s(out)f(the)g(correctness)0
+2290 y(of)38 b(the)i(implemen)m(tation.)59 b(W)-8 b(e)39
+b(shall)f(illustrate)e(this)j(b)m(y)h(sho)m(wing)f(ho)m(w)g(to)g
+(translate)f(the)0 2410 y(language)29 b Fw(While)f Fu(in)m(to)h(a)h
+(structured)h(form)e(of)g(assem)m(bler)h(co)s(de)h(for)e(an)h(abstract)
+g(mac)m(hine)0 2530 y(and)c(w)m(e)h(shall)e(then)i(pro)m(v)m(e)g(that)f
+(the)h(translation)d(is)i(correct.)42 b(The)27 b(idea)e(is)h(that)g(w)m
+(e)h(\014rst)f(de-)0 2651 y(\014ne)h(the)g Fs(me)-5 b(aning)34
+b Fu(of)25 b(the)i(abstract)g(mac)m(hine)f(instructions)g(b)m(y)h(an)f
+(op)s(erational)e(seman)m(tics.)0 2771 y(Then)33 b(w)m(e)g(de\014ne)f
+Fs(tr)-5 b(anslation)34 b(functions)39 b Fu(that)32 b(will)d(map)i
+(expressions)j(and)d(statemen)m(ts)i(in)0 2892 y(the)41
+b Fw(While)d Fu(language)i(in)m(to)f(sequences)44 b(of)c(suc)m(h)h
+(instructions.)67 b(The)41 b(correctness)h(result)0 3012
+y(will)30 b(then)j(state)g(that)g(if)e(w)m(e)145 3218
+y Ft(\017)49 b Fu(translate)32 b(a)g(program)f(in)m(to)h(co)s(de,)h
+(and)145 3424 y Ft(\017)49 b Fu(execute)34 b(the)f(co)s(de)g(on)g(the)g
+(abstract)g(mac)m(hine,)0 3631 y(then)41 b(w)m(e)f(get)g(the)h(same)e
+(result)h(as)g(w)m(as)h(sp)s(eci\014ed)g(b)m(y)g(the)f(seman)m(tic)g
+(functions)f Ft(S)3204 3646 y Fn(ns)3315 3631 y Fu(and)0
+3751 y Ft(S)68 3766 y Fn(sos)195 3751 y Fu(of)33 b(the)g(previous)g(c)m
+(hapter.)0 4087 y Fj(3.1)161 b(The)53 b(abstract)g(mac)l(hine)0
+4308 y Fu(When)33 b(sp)s(ecifying)f(the)g(abstract)h(mac)m(hine)f(it)f
+(is)g(con)m(v)m(enien)m(t)j(\014rst)f(to)f(presen)m(t)i(its)d
+(con\014gu-)0 4428 y(rations)h(and)g(next)i(its)e(instructions)g(and)h
+(their)f(meanings.)146 4549 y(The)i(abstract)f(mac)m(hine)f
+Fw(AM)g Fu(has)h(con\014gurations)f(of)h(the)g(form)e
+Ft(h)p Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 b Fs(s)8 b
+Ft(i)32 b Fu(where)145 4755 y Ft(\017)49 b Fs(c)38 b
+Fu(is)32 b(the)h(sequence)i(of)d(instructions)h(\(or)f(co)s(de\))h(to)f
+(b)s(e)h(executed,)145 4962 y Ft(\017)49 b Fs(e)40 b
+Fu(is)32 b(the)h(ev)-5 b(aluation)31 b(stac)m(k,)i(and)145
+5168 y Ft(\017)49 b Fs(s)40 b Fu(is)33 b(the)g(storage.)0
+5374 y(W)-8 b(e)33 b(use)g(the)g Fs(evaluation)h(stack)43
+b Fu(to)32 b(ev)-5 b(aluate)32 b(arithmetic)e(and)j(b)s(o)s(olean)d
+(expressions.)46 b(F)-8 b(or-)0 5494 y(mally)g(,)30 b(it)i(is)g(a)g
+(list)f(of)h(v)-5 b(alues,)33 b(so)g(writing)1687 5849
+y(63)p eop
+%%Page: 64 74
+64 73 bop 251 130 a Fw(64)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
+b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 527
+515 a(Stac)m(k)c Fu(=)f(\()p Fw(Z)h Ft([)g Fw(T)p Fu(\))1288
+479 y Fc(?)283 703 y Fu(w)m(e)39 b(ha)m(v)m(e)g Fs(e)45
+b Ft(2)38 b Fw(Stac)m(k)p Fu(.)59 b(F)-8 b(or)37 b(the)h(sak)m(e)h(of)e
+(simplicit)m(y)e(w)m(e)k(shall)d(assume)j(that)e(the)h
+Fs(stor)-5 b(age)283 824 y Fu(is)44 b(similar)d(to)j(the)h(state,)i
+(that)d(is)g Fs(s)53 b Ft(2)44 b Fw(State)p Fu(,)j(and)e(it)e(is)h
+(used)h(to)f(hold)f(the)i(v)-5 b(alues)44 b(of)283 944
+y(v)-5 b(ariables.)430 1064 y(The)33 b Fs(instructions)41
+b Fu(of)32 b Fw(AM)g Fu(are)h(giv)m(en)g(b)m(y)g(the)g(abstract)g(syn)m
+(tax)577 1244 y Fs(inst)109 b Fu(::=)100 b Fb(push)p
+Fu(-)p Fs(n)39 b Ft(j)32 b Fb(add)h Ft(j)f Fb(mul)-7
+b(t)33 b Ft(j)g Fb(sub)894 1411 y Ft(j)151 b Fb(tr)n(ue)32
+b Ft(j)g Fb(f)-9 b(alse)32 b Ft(j)h Fb(eq)f Ft(j)g Fb(le)g
+Ft(j)h Fb(and)f Ft(j)h Fb(neg)894 1579 y Ft(j)151 b Fb(fetch)p
+Fu(-)p Fs(x)44 b Ft(j)32 b Fb(store)p Fu(-)p Fs(x)894
+1746 y Ft(j)151 b Fb(noop)33 b Ft(j)f Fb(branch)p Fu(\()p
+Fs(c)6 b Fu(,)32 b Fs(c)6 b Fu(\))32 b Ft(j)g Fb(loop)p
+Fu(\()p Fs(c)6 b Fu(,)33 b Fs(c)6 b Fu(\))577 1914 y
+Fs(c)221 b Fu(::=)100 b Fo(")32 b Ft(j)g Fs(inst)9 b
+Fu(:)p Fs(c)283 2095 y Fu(where)32 b Fo(")e Fu(is)h(the)g(empt)m(y)g
+(sequence.)45 b(W)-8 b(e)31 b(shall)e(write)i Fw(Co)s(de)g
+Fu(for)f(the)h(syn)m(tactic)g(category)g(of)283 2215
+y Fs(se)-5 b(quenc)g(es)40 b(of)f(instructions)p Fu(,)h(so)e
+Fs(c)44 b Fu(is)38 b(a)g(meta-v)-5 b(ariable)35 b(ranging)i(o)m(v)m(er)
+j Fw(Co)s(de)p Fu(.)61 b(Therefore)283 2336 y(w)m(e)34
+b(ha)m(v)m(e)527 2524 y Ft(h)p Fs(c)6 b Fu(,)32 b Fs(e)7
+b Fu(,)33 b Fs(s)8 b Ft(i)33 b(2)f Fw(Co)s(de)h Ft(\002)g
+Fw(Stac)m(k)g Ft(\002)g Fw(State)283 2711 y Fu(A)h(con\014guration)f
+(is)g(a)g Fs(terminal)43 b Fu(\(or)33 b(\014nal\))f(con\014guration)h
+(if)f(its)h(co)s(de)h(comp)s(onen)m(t)f(is)g(the)283
+2832 y(empt)m(y)h(sequence,)h(that)d(is)g(if)g(it)f(has)i(the)g(form)f
+Ft(h)o Fo(")p Fu(,)h Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)o
+Fu(.)430 2952 y(The)33 b(seman)m(tics)f(of)f(the)h(instructions)g(of)f
+(the)i(abstract)f(mac)m(hine)f(is)h(giv)m(en)g(b)m(y)h(an)e
+Fs(op)-5 b(er-)283 3072 y(ational)38 b(semantics)p Fu(.)55
+b(As)37 b(in)e(the)i(previous)g(c)m(hapter)h(it)d(will)g(b)s(e)h(sp)s
+(eci\014ed)i(b)m(y)f(a)f(transition)283 3193 y(system.)69
+b(The)42 b(con\014gurations)e(ha)m(v)m(e)i(the)f(form)e
+Ft(h)p Fs(c)6 b Fu(,)42 b Fs(e)7 b Fu(,)43 b Fs(s)8 b
+Ft(i)41 b Fu(as)g(describ)s(ed)g(ab)s(o)m(v)m(e)h(and)e(the)283
+3313 y(transition)31 b(relation)g Fh(\003)i Fu(sp)s(eci\014es)h(ho)m(w)
+f(to)f(execute)j(the)e(instructions:)527 3501 y Ft(h)p
+Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)33
+b Fh(\003)g Ft(h)o Fs(c)1107 3465 y Fi(0)1130 3501 y
+Fu(,)g Fs(e)1242 3465 y Fi(0)1265 3501 y Fu(,)g Fs(s)1373
+3465 y Fi(0)1396 3501 y Ft(i)283 3689 y Fu(The)40 b(idea)e(is)g(that)g
+Fs(one)i(step)g(of)g(exe)-5 b(cution)45 b Fu(will)36
+b(transform)i(the)h(con\014guration)e Ft(h)p Fs(c)6 b
+Fu(,)40 b Fs(e)7 b Fu(,)40 b Fs(s)8 b Ft(i)283 3809 y
+Fu(in)m(to)46 b Ft(h)o Fs(c)584 3773 y Fi(0)607 3809
+y Fu(,)j Fs(e)735 3773 y Fi(0)759 3809 y Fu(,)g Fs(s)883
+3773 y Fi(0)907 3809 y Ft(i)o Fu(.)84 b(The)47 b(relation)d(is)h
+(de\014ned)i(b)m(y)g(the)f(axioms)f(of)h(T)-8 b(able)45
+b(3.1)h(where)h(w)m(e)283 3930 y(\(am)m(biguously\))35
+b(use)i(the)g(notation)e(`:')50 b(b)s(oth)36 b(for)g(app)s(ending)g(t)m
+(w)m(o)g(instruction)g(sequences)283 4050 y(and)c(for)f(prep)s(ending)g
+(an)g(elemen)m(t)g(to)g(a)g(sequence.)46 b(The)32 b(ev)-5
+b(aluation)30 b(stac)m(k)j(is)d(represen)m(ted)283 4170
+y(as)f(a)g(sequence)i(of)d(elemen)m(ts.)43 b(It)29 b(has)g(the)g(top)g
+(of)f(the)h(stac)m(k)h(to)e(the)h(left)f(and)h(w)m(e)h(shall)d(write)
+283 4291 y Fo(")33 b Fu(for)f(the)h(empt)m(y)g(sequence.)430
+4411 y(In)27 b(addition)e(to)i(the)h(usual)f(arithmetic)e(and)i(b)s(o)s
+(olean)e(op)s(erations)i(w)m(e)h(ha)m(v)m(e)g(six)f(instruc-)283
+4531 y(tions)35 b(that)f(mo)s(dify)f(the)i(ev)-5 b(aluation)33
+b(stac)m(k:)49 b(The)35 b(op)s(eration)e Fb(push)p Fu(-)p
+Fs(n)41 b Fu(pushes)c(a)d(constan)m(t)283 4652 y(v)-5
+b(alue)32 b Fs(n)39 b Fu(on)m(to)31 b(the)i(stac)m(k)g(and)f
+Fb(tr)n(ue)f Fu(and)h Fb(f)-9 b(alse)31 b Fu(push)i(the)g(constan)m(ts)
+g Fw(tt)e Fu(and)h Fw(\013)p Fu(,)g(resp)s(ec-)283 4772
+y(tiv)m(ely)-8 b(,)35 b(on)m(to)g(the)g(stac)m(k.)51
+b(The)36 b(op)s(eration)d Fb(fetch)p Fu(-)p Fs(x)46 b
+Fu(pushes)36 b(the)f(v)-5 b(alue)34 b(b)s(ound)h(to)g
+Fs(x)46 b Fu(on)m(to)283 4893 y(the)25 b(stac)m(k)h(whereas)g
+Fb(store)p Fu(-)p Fs(x)35 b Fu(p)s(ops)25 b(the)f(topmost)g(elemen)m(t)
+g(o\013)g(the)h(stac)m(k)h(and)e(up)s(dates)h(the)283
+5013 y(storage)35 b(so)f(that)g(the)h(p)s(opp)s(ed)f(v)-5
+b(alue)34 b(is)g(b)s(ound)g(to)g Fs(x)12 b Fu(.)48 b(The)35
+b(instruction)e Fb(branch)p Fu(\()p Fs(c)3529 5028 y
+Fn(1)3568 5013 y Fu(,)g Fs(c)3679 5028 y Fn(2)3718 5013
+y Fu(\))283 5133 y(will)e(also)h(c)m(hange)h(the)g(\015o)m(w)g(of)g
+(con)m(trol:)43 b(If)32 b(the)h(top)g(of)f(the)h(stac)m(k)h(is)e(the)h
+(v)-5 b(alue)32 b Fw(tt)g Fu(\(that)g(is)283 5254 y(some)d(b)s(o)s
+(olean)e(expression)j(has)f(b)s(een)h(ev)-5 b(aluated)28
+b(to)g(true\))h(then)h(the)f(stac)m(k)h(is)e(p)s(opp)s(ed)h(and)283
+5374 y Fs(c)334 5389 y Fn(1)408 5374 y Fu(is)35 b(to)g(b)s(e)g
+(executed)i(next.)52 b(Otherwise,)36 b(if)e(the)h(top)g(elemen)m(t)g
+(of)g(the)g(stac)m(k)h(is)f Fw(\013)g Fu(then)h(it)283
+5494 y(will)31 b(b)s(e)i(p)s(opp)s(ed)f(and)h Fs(c)1188
+5509 y Fn(2)1260 5494 y Fu(will)d(b)s(e)j(executed)h(next.)p
+eop
+%%Page: 65 75
+65 74 bop 0 130 a Fw(3.1)112 b(The)38 b(abstract)g(mac)m(hine)2038
+b(65)p 0 193 3473 4 v 0 419 V 0 3830 4 3411 v 416 528
+a Ft(h)o Fb(push)p Fu(-)p Fs(n)7 b Fu(:)p Fs(c)f Fu(,)32
+b Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)525 b Fh(\003)101
+b Ft(h)o Fs(c)6 b Fu(,)32 b Ft(N)15 b Fu([)-17 b([)q
+Fs(n)7 b Fu(])-17 b(]:)p Fs(e)7 b Fu(,)33 b Fs(s)8 b
+Ft(i)416 697 y(h)o Fb(add)p Fu(:)p Fs(c)e Fu(,)33 b Fs(z)829
+712 y Fn(1)869 697 y Fu(:)p Fs(z)948 712 y Fn(2)987 697
+y Fu(:)p Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)421 b Fh(\003)101
+b Ft(h)o Fs(c)6 b Fu(,)32 b(\()p Fs(z)2050 712 y Fn(1)2090
+697 y Fu(+)p Fs(z)2218 712 y Fn(2)2257 697 y Fu(\):)p
+Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)2664 696 y Fu(if)31
+b Fs(z)2805 711 y Fn(1)2844 696 y Fu(,)i Fs(z)2956 711
+y Fn(2)2995 696 y Ft(2)q Fw(Z)416 865 y Ft(h)o Fb(mul)-7
+b(t)p Fu(:)p Fs(c)6 b Fu(,)34 b Fs(z)883 880 y Fn(1)922
+865 y Fu(:)p Fs(z)1001 880 y Fn(2)1040 865 y Fu(:)p Fs(e)7
+b Fu(,)33 b Fs(s)8 b Ft(i)368 b Fh(\003)101 b Ft(h)o
+Fs(c)6 b Fu(,)32 b(\()p Fs(z)2050 880 y Fn(1)2090 865
+y Fo(?)p Fs(z)2191 880 y Fn(2)2230 865 y Fu(\):)p Fs(e)7
+b Fu(,)33 b Fs(s)8 b Ft(i)2664 864 y Fu(if)31 b Fs(z)2805
+879 y Fn(1)2844 864 y Fu(,)i Fs(z)2956 879 y Fn(2)2995
+864 y Ft(2)q Fw(Z)416 1034 y Ft(h)o Fb(sub)p Fu(:)p Fs(c)6
+b Fu(,)32 b Fs(z)808 1049 y Fn(1)848 1034 y Fu(:)p Fs(z)927
+1049 y Fn(2)966 1034 y Fu(:)p Fs(e)7 b Fu(,)33 b Fs(s)8
+b Ft(i)442 b Fh(\003)101 b Ft(h)o Fs(c)6 b Fu(,)32 b(\()p
+Fs(z)2050 1049 y Fn(1)2090 1034 y Ft(\000)p Fs(z)2219
+1049 y Fn(2)2259 1034 y Fu(\):)p Fs(e)7 b Fu(,)33 b Fs(s)8
+b Ft(i)2664 1033 y Fu(if)31 b Fs(z)2805 1048 y Fn(1)2844
+1033 y Fu(,)i Fs(z)2956 1048 y Fn(2)2995 1033 y Ft(2)q
+Fw(Z)416 1201 y Ft(h)o Fb(tr)n(ue)p Fu(:)p Fs(c)6 b Fu(,)32
+b Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)610 b Fh(\003)101
+b Ft(h)o Fs(c)6 b Fu(,)32 b Fw(tt)p Fu(:)p Fs(e)7 b Fu(,)33
+b Fs(s)8 b Ft(i)416 1369 y(h)o Fb(f)-9 b(alse)p Fu(:)p
+Fs(c)6 b Fu(,)33 b Fs(e)7 b Fu(,)32 b Fs(s)8 b Ft(i)586
+b Fh(\003)101 b Ft(h)o Fs(c)6 b Fu(,)32 b Fw(\013)p Fu(:)p
+Fs(e)7 b Fu(,)34 b Fs(s)8 b Ft(i)416 1537 y(h)o Fb(eq)p
+Fu(:)p Fs(c)e Fu(,)33 b Fs(z)763 1552 y Fn(1)802 1537
+y Fu(:)p Fs(z)881 1552 y Fn(2)920 1537 y Fu(:)p Fs(e)7
+b Fu(,)33 b Fs(s)8 b Ft(i)488 b Fh(\003)101 b Ft(h)o
+Fs(c)6 b Fu(,)32 b(\()p Fs(z)2050 1552 y Fn(1)2090 1537
+y Fu(=)p Fs(z)2218 1552 y Fn(2)2257 1537 y Fu(\):)p Fs(e)7
+b Fu(,)33 b Fs(s)8 b Ft(i)2664 1536 y Fu(if)31 b Fs(z)2805
+1551 y Fn(1)2844 1536 y Fu(,)i Fs(z)2956 1551 y Fn(2)2995
+1536 y Ft(2)q Fw(Z)416 1706 y Ft(h)o Fb(le)p Fu(:)p Fs(c)6
+b Fu(,)32 b Fs(z)750 1721 y Fn(1)790 1706 y Fu(:)p Fs(z)869
+1721 y Fn(2)908 1706 y Fu(:)p Fs(e)7 b Fu(,)33 b Fs(s)8
+b Ft(i)500 b Fh(\003)101 b Ft(h)o Fs(c)6 b Fu(,)32 b(\()p
+Fs(z)2050 1721 y Fn(1)2090 1706 y Ft(\024)p Fs(z)2219
+1721 y Fn(2)2259 1706 y Fu(\):)p Fs(e)7 b Fu(,)33 b Fs(s)8
+b Ft(i)2664 1705 y Fu(if)31 b Fs(z)2805 1720 y Fn(1)2844
+1705 y Fu(,)i Fs(z)2956 1720 y Fn(2)2995 1705 y Ft(2)q
+Fw(Z)416 1873 y Ft(h)o Fb(and)p Fu(:)p Fs(c)6 b Fu(,)33
+b Fs(t)817 1888 y Fn(1)857 1873 y Fu(:)p Fs(t)925 1888
+y Fn(2)966 1873 y Fu(:)p Fs(e)7 b Fu(,)33 b Fs(s)8 b
+Ft(i)442 b Fh(\003)921 1957 y Fg(8)921 2031 y(<)921 2181
+y(:)1036 2046 y Ft(h)p Fs(c)5 b Fo(;)17 b Fw(tt)27 b
+Fu(:)h Fs(e)7 b Fo(;)17 b Fs(s)8 b Ft(i)1036 2214 y(h)p
+Fs(c)d Fo(;)17 b Fw(\013)38 b Fu(:)28 b Fs(e)7 b Fo(;)17
+b Fs(s)8 b Ft(i)1647 2046 y Fu(if)31 b Fs(t)1777 2061
+y Fn(1)1818 2046 y Fu(=)p Fw(tt)g Fu(and)i Fs(t)2244
+2061 y Fn(2)2284 2046 y Fu(=)p Fw(tt)1647 2214 y Fu(if)e
+Fs(t)1777 2229 y Fn(1)1818 2214 y Fu(=)p Fw(\013)h Fu(or)h
+Fs(t)2152 2229 y Fn(2)2192 2214 y Fu(=)p Fw(\013)p Fu(,)g
+Fs(t)2434 2229 y Fn(1)2474 2214 y Fu(,)g Fs(t)2575 2229
+y Fn(2)2615 2214 y Ft(2)p Fw(T)416 2483 y Ft(h)o Fb(neg)p
+Fu(:)p Fs(c)6 b Fu(,)32 b Fs(t)9 b Fu(:)p Fs(e)e Fu(,)34
+b Fs(s)8 b Ft(i)594 b Fh(\003)1812 2309 y Fg(8)1812 2384
+y(<)1812 2533 y(:)1927 2399 y Ft(h)p Fs(c)5 b Fo(;)17
+b Fw(\013)38 b Fu(:)28 b Fs(e)7 b Fo(;)17 b Fs(s)8 b
+Ft(i)1927 2566 y(h)p Fs(c)d Fo(;)17 b Fw(tt)27 b Fu(:)h
+Fs(e)7 b Fo(;)17 b Fs(s)8 b Ft(i)2664 2399 y Fu(if)31
+b Fs(t)9 b Fu(=)p Fw(tt)2664 2566 y Fu(if)31 b Fs(t)9
+b Fu(=)p Fw(\013)416 2745 y Ft(h)o Fb(fetch)p Fu(-)p
+Fs(x)j Fu(:)p Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 b Fs(s)8
+b Ft(i)466 b Fh(\003)101 b Ft(h)o Fs(c)6 b Fu(,)32 b(\()p
+Fs(s)41 b(x)12 b Fu(\):)p Fs(e)7 b Fu(,)33 b Fs(s)8 b
+Ft(i)416 2914 y(h)o Fb(store)p Fu(-)p Fs(x)k Fu(:)p Fs(c)6
+b Fu(,)31 b Fs(z)12 b Fu(:)p Fs(e)7 b Fu(,)33 b Fs(s)8
+b Ft(i)392 b Fh(\003)101 b Ft(h)o Fs(c)6 b Fu(,)32 b
+Fs(e)7 b Fu(,)33 b Fs(s)8 b Fu([)p Fs(x)k Ft(7!)p Fs(z)g
+Fu(])p Ft(i)2664 2913 y Fu(if)31 b Fs(z)12 b Ft(2)p Fw(Z)416
+3081 y Ft(h)o Fb(noop)p Fu(:)p Fs(c)6 b Fu(,)33 b Fs(e)7
+b Fu(,)33 b Fs(s)8 b Ft(i)600 b Fh(\003)101 b Ft(h)o
+Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)416
+3339 y(h)o Fb(branch)p Fu(\()p Fs(c)903 3354 y Fn(1)942
+3339 y Fu(,)33 b Fs(c)1053 3354 y Fn(2)1092 3339 y Fu(\):)p
+Fs(c)6 b Fu(,)32 b Fs(t)9 b Fu(:)p Fs(e)e Fu(,)34 b Fs(s)8
+b Ft(i)99 b Fh(\003)1812 3165 y Fg(8)1812 3240 y(<)1812
+3389 y(:)1927 3255 y Ft(h)p Fs(c)2016 3270 y Fn(1)2083
+3255 y Fu(:)28 b Fs(c)6 b Fo(;)17 b Fs(e)7 b Fo(;)17
+b Fs(s)7 b Ft(i)1927 3422 y(h)p Fs(c)2016 3437 y Fn(2)2083
+3422 y Fu(:)28 b Fs(c)6 b Fo(;)17 b Fs(e)7 b Fo(;)17
+b Fs(s)7 b Ft(i)2664 3255 y Fu(if)31 b Fs(t)9 b Fu(=)p
+Fw(tt)2664 3422 y Fu(if)31 b Fs(t)9 b Fu(=)p Fw(\013)416
+3601 y Ft(h)o Fb(loop)p Fu(\()p Fs(c)776 3616 y Fn(1)816
+3601 y Fu(,)32 b Fs(c)926 3616 y Fn(2)965 3601 y Fu(\):)p
+Fs(c)6 b Fu(,)33 b Fs(e)7 b Fu(,)32 b Fs(s)8 b Ft(i)295
+b Fh(\003)921 3769 y Ft(h)o Fs(c)1010 3784 y Fn(1)1049
+3769 y Fu(:)p Fb(branch)p Fu(\()p Fs(c)1525 3784 y Fn(2)1564
+3769 y Fu(:)p Fb(loop)p Fu(\()p Fs(c)1913 3784 y Fn(1)1953
+3769 y Fu(,)32 b Fs(c)2063 3784 y Fn(2)2102 3769 y Fu(\),)h
+Fb(noop)p Fu(\):)p Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33
+b Fs(s)8 b Ft(i)p 3469 3830 V 0 3833 3473 4 v 844 3994
+a Fu(T)-8 b(able)32 b(3.1:)43 b(Op)s(erational)30 b(seman)m(tics)j(for)
+f Fw(AM)146 4287 y Fu(There)43 b(are)f(t)m(w)m(o)h(instructions)f(that)
+f(c)m(hange)i(the)f(\015o)m(w)h(of)e(con)m(trol.)71 b(The)43
+b(instruction)0 4407 y Fb(branch)p Fu(\()p Fs(c)449 4422
+y Fn(1)488 4407 y Fu(,)i Fs(c)611 4422 y Fn(2)650 4407
+y Fu(\))d(will)e(b)s(e)j(used)h(to)e(implemen)m(t)e(the)j(conditional:)
+61 b(as)42 b(describ)s(ed)i(ab)s(o)m(v)m(e)0 4527 y(it)f(will)f(c)m(ho)
+s(ose)i(the)h(co)s(de)f(comp)s(onen)m(t)g Fs(c)1602 4542
+y Fn(1)1685 4527 y Fu(or)g Fs(c)1867 4542 y Fn(2)1950
+4527 y Fu(dep)s(ending)g(on)g(the)g(curren)m(t)h(v)-5
+b(alue)43 b(on)0 4648 y(top)g(of)g(the)h(stac)m(k.)76
+b(If)44 b(the)f(top)g(of)g(the)h(stac)m(k)g(is)f(not)g(a)g(truth)h(v)-5
+b(alue)42 b(the)i(mac)m(hine)f(will)0 4768 y(halt)e(as)i(there)g(is)f
+(no)h(next)g(con\014guration)f(\(since)h(the)g(meaning)e(of)h
+Fb(branch)p Fu(\()p Ft(\001)17 b(\001)g(\001)n Fu(,)p
+Ft(\001)g(\001)g(\001)n Fu(\))43 b(is)0 4889 y(not)i(de\014ned)h(in)e
+(that)h(case\).)82 b(A)45 b(lo)s(oping)d(construct)k(suc)m(h)g(as)g
+(the)f Fr(while)p Fu(-construct)i(of)0 5009 y Fw(While)40
+b Fu(can)i(b)s(e)g(implemen)m(ted)f(using)g(the)h(instruction)f
+Fb(loop)p Fu(\()p Fs(c)2516 5024 y Fn(1)2555 5009 y Fu(,)j
+Fs(c)2677 5024 y Fn(2)2716 5009 y Fu(\).)71 b(The)43
+b(seman)m(tics)0 5129 y(of)35 b(this)g(instruction)f(is)h(de\014ned)i
+(b)m(y)f(rewriting)f(it)f(to)h(a)g(com)m(bination)e(of)i(other)h
+(constructs)0 5250 y(including)29 b(the)i Fb(branch)p
+Fu(-instruction)e(and)h(itself.)42 b(W)-8 b(e)31 b(shall)e(see)j
+(shortly)e(ho)m(w)h(this)f(can)h(b)s(e)0 5370 y(used.)146
+5494 y(The)40 b(op)s(erational)d(seman)m(tics)i(of)f(T)-8
+b(able)38 b(3.1)h(is)f(indeed)h(a)g(structural)g(op)s(erational)d(se-)p
+eop
+%%Page: 66 76
+66 75 bop 251 130 a Fw(66)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
+b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283
+515 a Fu(man)m(tics)29 b(for)g Fw(AM)p Fu(.)g(Corresp)s(onding)g(to)g
+(the)g(deriv)-5 b(ation)28 b(sequences)k(of)d(Chapter)h(2)f(w)m(e)h
+(shall)283 636 y(de\014ne)36 b(a)e Fs(c)-5 b(omputation)36
+b(se)-5 b(quenc)g(e)40 b Fu(for)34 b Fw(AM)p Fu(.)g(Giv)m(en)g(a)g
+(sequence)j Fs(c)i Fu(of)34 b(instructions)g(and)g(a)283
+756 y(storage)f Fs(s)8 b Fu(,)33 b(a)f(computation)f(sequence)k(for)d
+Fs(c)38 b Fu(and)33 b Fs(s)41 b Fu(is)32 b(either)429
+956 y Ft(\017)48 b Fu(a)33 b Fs(\014nite)39 b Fu(sequence)742
+1159 y Fo(\015)798 1174 y Fn(0)837 1159 y Fu(,)33 b Fo(\015)953
+1174 y Fn(1)992 1159 y Fu(,)g Fo(\015)1108 1174 y Fn(2)1148
+1159 y Fu(,)f Ft(\001)17 b(\001)g(\001)31 b Fu(,)i Fo(\015)1472
+1174 y Fn(k)527 1361 y Fu(of)c(con\014gurations)f(satisfying)g
+Fo(\015)1747 1376 y Fn(0)1815 1361 y Fu(=)g Ft(h)p Fs(c)6
+b Fu(,)29 b Fo(")p Fu(,)g Fs(s)8 b Ft(i)29 b Fu(and)g
+Fo(\015)2525 1376 y Fn(i)2577 1361 y Fh(\003)g Fo(\015)2739
+1376 y Fn(i+1)2882 1361 y Fu(for)f(0)p Ft(\024)p Fu(i)p
+Fo(<)p Fu(k,)h(k)p Ft(\025)q Fu(0,)h(and)527 1482 y(where)k(there)f(is)
+g(no)f Fo(\015)38 b Fu(suc)m(h)c(that)e Fo(\015)1868
+1497 y Fn(k)1942 1482 y Fh(\003)h Fo(\015)5 b Fu(,)33
+b(or)f(it)f(is)429 1684 y Ft(\017)48 b Fu(an)33 b Fs(in\014nite)39
+b Fu(sequence)742 1886 y Fo(\015)798 1901 y Fn(0)837
+1886 y Fu(,)33 b Fo(\015)953 1901 y Fn(1)992 1886 y Fu(,)g
+Fo(\015)1108 1901 y Fn(2)1148 1886 y Fu(,)f Ft(\001)17
+b(\001)g(\001)527 2089 y Fu(of)32 b(con\014gurations)h(satisfying)e
+Fo(\015)1758 2104 y Fn(0)1830 2089 y Fu(=)i Ft(h)o Fs(c)6
+b Fu(,)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fu(and)h
+Fo(\015)2558 2104 y Fn(i)2614 2089 y Fh(\003)g Fo(\015)2780
+2104 y Fn(i+1)2927 2089 y Fu(for)f(0)p Ft(\024)p Fu(i.)283
+2289 y(Note)e(that)g(initial)c(con\014gurations)j(alw)m(a)m(ys)h(ha)m
+(v)m(e)h(an)f Fs(empty)38 b Fu(ev)-5 b(aluation)28 b(stac)m(k.)44
+b(A)30 b(compu-)283 2410 y(tation)i(sequence)j(is)429
+2610 y Ft(\017)48 b Fs(terminating)41 b Fu(if)31 b(and)i(only)f(if)g
+(it)f(is)h(\014nite,)h(and)429 2812 y Ft(\017)48 b Fs(lo)-5
+b(oping)40 b Fu(if)32 b(and)h(only)f(if)f(it)h(is)g(in\014nite.)283
+3013 y(A)f(terminating)d(computation)h(sequence)k(ma)m(y)d(end)h(in)f
+(a)g(terminal)e(con\014guration)h(\(that)h(is)283 3133
+y(a)38 b(con\014guration)g(with)g(an)g(empt)m(y)h(co)s(de)f(comp)s
+(onen)m(t\))h(or)f(in)f(a)h(stuc)m(k)i(con\014guration)d(\(for)283
+3253 y(example)c Ft(h)o Fb(add)p Fu(,)g Fo(")p Fu(,)g
+Fs(s)8 b Ft(i)p Fu(\).)283 3478 y Fw(Example)37 b(3.1)49
+b Fu(Consider)33 b(the)g(instruction)f(sequence)527 3678
+y Fb(push)p Fu(-)p Fr(1)p Fu(:)p Fb(fetch)p Fu(-)p Fr(x)p
+Fu(:)p Fb(add)p Fu(:)p Fb(store)p Fu(-)p Fr(x)283 3878
+y Fu(Assuming)h(that)f(the)h(initial)c(storage)j Fs(s)41
+b Fu(has)33 b Fs(s)41 b Fr(x)32 b Fu(=)h Fw(3)f Fu(w)m(e)i(get)527
+4079 y Ft(h)p Fb(push)p Fu(-)p Fr(1)p Fu(:)p Fb(fetch)p
+Fu(-)p Fr(x)p Fu(:)p Fb(add)p Fu(:)p Fb(store)p Fu(-)p
+Fr(x)p Fu(,)d Fo(")p Fu(,)i Fs(s)8 b Ft(i)873 4246 y
+Fh(\003)33 b Ft(h)p Fb(fetch)p Fu(-)p Fr(x)p Fu(:)p Fb(add)p
+Fu(:)p Fb(store)p Fu(-)p Fr(x)p Fu(,)f Fw(1)p Fu(,)h
+Fs(s)8 b Ft(i)873 4414 y Fh(\003)33 b Ft(h)p Fb(add)p
+Fu(:)p Fb(store)p Fu(-)p Fr(x)p Fu(,)f Fw(3)p Fu(:)p
+Fw(1)p Fu(,)h Fs(s)8 b Ft(i)873 4582 y Fh(\003)33 b Ft(h)p
+Fb(store)p Fu(-)p Fr(x)p Fu(,)f Fw(4)p Fu(,)g Fs(s)8
+b Ft(i)873 4749 y Fh(\003)33 b Ft(h)p Fo(")p Fu(,)f Fo(")p
+Fu(,)h Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p Fw(4)p Fu(])p Ft(i)283
+4950 y Fu(The)36 b(computation)c(no)m(w)j(stops)g(b)s(ecause)g(there)g
+(is)f(no)g(next)h(step.)49 b(This)34 b(is)g(an)g(example)f(of)283
+5070 y(a)g(terminating)d(computation)h(sequence.)1820
+b Fh(2)283 5294 y Fw(Example)37 b(3.2)49 b Fu(Consider)33
+b(the)g(co)s(de)527 5494 y Fb(loop)p Fu(\()p Fb(tr)n(ue)p
+Fu(,)g Fb(noop)p Fu(\))p eop
+%%Page: 67 77
+67 76 bop 0 130 a Fw(3.1)112 b(The)38 b(abstract)g(mac)m(hine)2038
+b(67)p 0 193 3473 4 v 0 515 a Fu(W)-8 b(e)33 b(ha)m(v)m(e)244
+681 y Ft(h)p Fb(loop)p Fu(\()p Fb(tr)n(ue)p Fu(,)f Fb(noop)p
+Fu(\),)h Fo(")o Fu(,)g Fs(s)8 b Ft(i)554 848 y Fh(\003)33
+b Ft(h)p Fb(tr)n(ue)p Fu(:)p Fb(branch)p Fu(\()p Fb(noop)p
+Fu(:)p Fb(loop)p Fu(\()p Fb(tr)n(ue)p Fu(,)f Fb(noop)p
+Fu(\),)h Fb(noop)p Fu(\),)f Fo(")p Fu(,)h Fs(s)8 b Ft(i)554
+1016 y Fh(\003)33 b Ft(h)p Fb(branch)p Fu(\()p Fb(noop)p
+Fu(:)p Fb(loop)p Fu(\()p Fb(tr)n(ue)p Fu(,)f Fb(noop)p
+Fu(\),)h Fb(noop)p Fu(\),)g Fw(tt)p Fu(,)f Fs(s)8 b Ft(i)554
+1183 y Fh(\003)33 b Ft(h)p Fb(noop)p Fu(:)p Fb(loop)p
+Fu(\()p Fb(tr)n(ue)p Fu(,)f Fb(noop)p Fu(\),)h Fo(")p
+Fu(,)f Fs(s)8 b Ft(i)554 1351 y Fh(\003)33 b Ft(h)p Fb(loop)p
+Fu(\()p Fb(tr)n(ue)p Fu(,)f Fb(noop)p Fu(\),)h Fo(")o
+Fu(,)g Fs(s)8 b Ft(i)554 1519 y Fh(\003)33 b Ft(\001)17
+b(\001)g(\001)0 1684 y Fu(and)40 b(the)h(unfolding)d(of)i(the)g
+Fb(loop)p Fu(-instruction)f(is)h(rep)s(eated.)67 b(This)40
+b(is)f(an)h(example)g(of)g(a)0 1804 y(lo)s(oping)30 b(computation)h
+(sequence.)2089 b Fh(2)0 1982 y Fw(Exercise)36 b(3.3)49
+b Fu(Consider)33 b(the)g(co)s(de)244 2147 y Fb(push)p
+Fu(-)p Fr(0)p Fu(:)p Fb(store)p Fu(-)p Fr(z)p Fu(:)p
+Fb(fetch)p Fu(-)p Fr(x)p Fu(:)p Fb(store)p Fu(-)p Fr(r)p
+Fu(:)244 2315 y Fb(loop)p Fu(\()p Fb(fetch)p Fu(-)p Fr(r)p
+Fu(:)p Fb(fetch)p Fu(-)p Fr(y)p Fu(:)p Fb(le)p Fu(,)515
+2482 y Fb(fetch)p Fu(-)p Fr(y)p Fu(:)p Fb(fetch)p Fu(-)p
+Fr(r)p Fu(:)p Fb(sub)p Fu(:)p Fb(store)p Fu(-)p Fr(r)p
+Fu(:)515 2650 y Fb(push)p Fu(-)p Fr(1)p Fu(:)p Fb(fetch)p
+Fu(-)p Fr(z)p Fu(:)p Fb(add)p Fu(:)p Fb(store)p Fu(-)p
+Fr(z)p Fu(\))0 2815 y(Determine)f(the)h(function)f(computed)g(b)m(y)i
+(this)e(co)s(de.)1378 b Fh(2)0 3097 y Fp(Prop)t(erties)46
+b(of)f(AM)0 3282 y Fu(The)40 b(seman)m(tics)f(w)m(e)h(ha)m(v)m(e)h(sp)s
+(eci\014ed)e(for)g(the)g(abstract)h(mac)m(hine)e(is)h(concerned)h(with)
+f(the)0 3402 y(execution)27 b(of)g(individual)d(instructions)i(and)h
+(is)f(therefore)i(close)f(in)f(spirit)f(to)h(the)i(structural)0
+3523 y(op)s(erational)j(seman)m(tics)j(studied)g(in)e(Chapter)j(2.)46
+b(When)34 b(pro)m(ving)f(the)h(correctness)i(of)d(the)0
+3643 y(co)s(de)44 b(generation)g(w)m(e)g(shall)f(need)i(a)f(few)g
+(results)g(analogous)f(to)h(those)g(holding)f(for)g(the)0
+3764 y(structural)d(op)s(erational)e(seman)m(tics.)66
+b(As)41 b(their)f(pro)s(ofs)g(follo)m(w)e(the)j(same)f(lines)f(as)i
+(those)0 3884 y(for)32 b(the)h(structural)f(op)s(erational)e(seman)m
+(tics)i(w)m(e)i(shall)d(lea)m(v)m(e)i(them)f(as)g(exercises)i(and)f
+(only)0 4004 y Fs(r)-5 b(eformulate)40 b Fu(the)33 b(pro)s(of)e(tec)m
+(hnique)j(from)e(Section)g(2.2:)p 0 4153 3470 4 v 0 4170
+V -2 4378 4 208 v 15 4378 V 478 4299 a Fw(Induction)g(on)h(the)f
+(Length)h(of)g(Computation)f(Sequences)p 3452 4378 V
+3469 4378 V 0 4381 3470 4 v -2 4630 4 249 v 15 4630 V
+66 4546 a Fu(1:)143 b(Pro)m(v)m(e)34 b(that)f(the)g(prop)s(ert)m(y)g
+(holds)f(for)g(all)f(computation)g(sequences)36 b(of)c(length)g(0.)p
+3452 4630 V 3469 4630 V -2 5159 4 529 v 15 5159 V 66
+4714 a(2:)143 b(Pro)m(v)m(e)41 b(that)f(the)g(prop)s(ert)m(y)g(holds)f
+(for)g(all)f(other)i(computation)e(sequences:)60 b(As-)285
+4834 y(sume)37 b(that)f(the)h(prop)s(ert)m(y)g(holds)g(for)f(all)e
+(computation)h(sequences)40 b(of)c(length)g(at)285 4955
+y(most)31 b(k)g(\(this)g(is)f(called)g(the)i Fs(induction)h(hyp)-5
+b(othesis)p Fu(\))30 b(and)h(sho)m(w)h(that)f(it)f(holds)h(for)285
+5075 y(computation)g(sequences)36 b(of)c(length)g(k+1.)p
+3452 5159 V 3469 5159 V 0 5162 3470 4 v 0 5179 V 0 5374
+a(The)f(induction)d(step)j(of)e(a)g(pro)s(of)g(follo)m(wing)e(this)i
+(tec)m(hnique)j(will)27 b(often)j(b)s(e)f(done)i(b)m(y)f(a)f(case)0
+5494 y(analysis)j(on)g(the)h(\014rst)g(instruction)f(of)g(the)h(co)s
+(de)g(comp)s(onen)m(t)g(of)f(the)h(con\014guration.)p
+eop
+%%Page: 68 78
+68 77 bop 251 130 a Fw(68)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
+b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283
+515 a(Exercise)g(3.4)49 b(\(Essen)m(tial\))30 b Fu(By)j(analogy)f(with)
+g(Exercise)i(2.21)e(pro)m(v)m(e)h(that)527 717 y(if)f
+Ft(h)p Fs(c)707 732 y Fn(1)746 717 y Fu(,)g Fs(e)857
+732 y Fn(1)897 717 y Fu(,)g Fs(s)8 b Ft(i)33 b Fh(\003)1153
+681 y Fn(k)1227 717 y Ft(h)p Fs(c)1317 681 y Fi(0)1340
+717 y Fu(,)f Fs(e)1451 681 y Fi(0)1475 717 y Fu(,)h Fs(s)1583
+681 y Fi(0)1606 717 y Ft(i)f Fu(then)h Ft(h)p Fs(c)1989
+732 y Fn(1)2028 717 y Fu(:)p Fs(c)2106 732 y Fn(2)2145
+717 y Fu(,)g Fs(e)2257 732 y Fn(1)2297 717 y Fu(:)p Fs(e)2376
+732 y Fn(2)2415 717 y Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)2672
+681 y Fn(k)2746 717 y Ft(h)p Fs(c)2836 681 y Fi(0)2858
+717 y Fu(:)p Fs(c)2936 732 y Fn(2)2976 717 y Fu(,)g Fs(e)3087
+681 y Fi(0)3111 717 y Fu(:)p Fs(e)3190 732 y Fn(2)3230
+717 y Fu(,)g Fs(s)3337 681 y Fi(0)3361 717 y Ft(i)283
+919 y Fu(This)25 b(means)g(that)f(w)m(e)i(can)e(extend)i(the)f(co)s(de)
+g(comp)s(onen)m(t)g(as)g(w)m(ell)e(as)i(the)g(stac)m(k)h(comp)s(onen)m
+(t)283 1039 y(without)33 b(c)m(hanging)f(the)h(b)s(eha)m(viour)f(of)g
+(the)h(mac)m(hine.)1349 b Fh(2)283 1265 y Fw(Exercise)37
+b(3.5)49 b(\(Essen)m(tial\))30 b Fu(By)j(analogy)f(with)g(Lemma)f(2.19)
+h(pro)m(v)m(e)i(that)e(if)527 1467 y Ft(h)p Fs(c)617
+1482 y Fn(1)656 1467 y Fu(:)p Fs(c)734 1482 y Fn(2)773
+1467 y Fu(,)h Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)32 b Fh(\003)1142
+1431 y Fn(k)1215 1467 y Ft(h)p Fo(")p Fu(,)g Fs(e)1411
+1431 y Fi(00)1454 1467 y Fu(,)h Fs(s)1562 1431 y Fi(00)1604
+1467 y Ft(i)283 1669 y Fu(then)40 b(there)f(exists)g(a)g
+(con\014guration)e Ft(h)p Fo(")p Fu(,)j Fs(e)1930 1633
+y Fi(0)1953 1669 y Fu(,)g Fs(s)2068 1633 y Fi(0)2092
+1669 y Ft(i)e Fu(and)h(natural)e(n)m(um)m(b)s(ers)j(k)3163
+1684 y Fn(1)3241 1669 y Fu(and)f(k)3488 1684 y Fn(2)3566
+1669 y Fu(with)283 1789 y(k)334 1804 y Fn(1)374 1789
+y Fu(+k)501 1804 y Fn(2)541 1789 y Fu(=k)33 b(suc)m(h)h(that)527
+1991 y Ft(h)p Fs(c)617 2006 y Fn(1)656 1991 y Fu(,)f
+Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)32 b Fh(\003)1024 1955
+y Fn(k)1061 1964 y Fd(1)1133 1991 y Ft(h)p Fo(")o Fu(,)h
+Fs(e)1329 1955 y Fi(0)1353 1991 y Fu(,)f Fs(s)1460 1955
+y Fi(0)1484 1991 y Ft(i)g Fu(and)g Ft(h)p Fs(c)1834 2006
+y Fn(2)1873 1991 y Fu(,)h Fs(e)1985 1955 y Fi(0)2008
+1991 y Fu(,)g Fs(s)2116 1955 y Fi(0)2139 1991 y Ft(i)g
+Fh(\003)2288 1955 y Fn(k)2325 1964 y Fd(2)2397 1991 y
+Ft(h)o Fo(")p Fu(,)g Fs(e)2593 1955 y Fi(00)2635 1991
+y Fu(,)g Fs(s)2743 1955 y Fi(00)2785 1991 y Ft(i)283
+2193 y Fu(This)c(means)f(that)f(the)i(execution)g(of)e(a)h(comp)s
+(osite)f(sequence)j(of)e(instructions)g(can)g(b)s(e)g(split)283
+2313 y(in)m(to)k(t)m(w)m(o)i(pieces.)2739 b Fh(2)430
+2539 y Fu(The)23 b(notion)d(of)i(determinism)e(is)h(de\014ned)i(as)f
+(for)f(the)i(structural)e(op)s(erational)f(seman)m(tics.)283
+2660 y(So)34 b(the)g(seman)m(tics)g(of)g(an)f(abstract)i(mac)m(hine)e
+(is)g Fs(deterministic)39 b Fu(if)32 b(for)i(all)d(c)m(hoices)k(of)e
+Fo(\015)5 b Fu(,)35 b Fo(\015)3733 2624 y Fi(0)283 2780
+y Fu(and)e Fo(\015)529 2744 y Fi(00)572 2780 y Fu(:)527
+2982 y Fo(\015)38 b Fh(\003)33 b Fo(\015)782 2946 y Fi(0)838
+2982 y Fu(and)f Fo(\015)38 b Fh(\003)33 b Fo(\015)1282
+2946 y Fi(00)1357 2982 y Fu(imply)e Fo(\015)1687 2946
+y Fi(0)1742 2982 y Fu(=)i Fo(\015)1907 2946 y Fi(00)283
+3208 y Fw(Exercise)k(3.6)49 b(\(Essen)m(tial\))36 b Fu(Sho)m(w)j(that)f
+(the)h(mac)m(hine)f(seman)m(tics)h(of)f(T)-8 b(able)38
+b(3.1)g(is)g(de-)283 3329 y(terministic.)48 b(Deduce)36
+b(that)e(there)i(is)e(exactly)h(one)g(computation)e(sequence)k
+(starting)d(in)g(a)283 3449 y(con\014guration)e Ft(h)p
+Fs(c)6 b Fu(,)32 b Fs(e)7 b Fu(,)33 b Fs(s)8 b Ft(i)p
+Fu(.)2432 b Fh(2)283 3737 y Fp(The)45 b(execution)h(function)e
+FC(M)283 3922 y Fu(W)-8 b(e)37 b(shall)e(de\014ne)j(the)f
+Fs(me)-5 b(aning)44 b Fu(of)36 b(a)g(sequence)j(of)d(instructions)g(as)
+h(a)f(\(partial\))e(function)283 4043 y(from)e Fw(State)g
+Fu(to)h Fw(State)p Fu(:)527 4244 y Ft(M)p Fu(:)43 b Fw(Co)s(de)33
+b Ft(!)g Fu(\()p Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)p
+Fu(\))283 4446 y(It)g(is)f(giv)m(en)h(b)m(y)527 4730
+y Ft(M)p Fu([)-17 b([)q Fs(c)6 b Fu(])-17 b(])32 b Fs(s)41
+b Fu(=)994 4555 y Fg(8)994 4630 y(<)994 4779 y(:)1110
+4645 y Fs(s)1158 4609 y Fi(0)1428 4645 y Fu(if)32 b Ft(h)o
+Fs(c)6 b Fu(,)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)1969
+4609 y Fi(\003)2041 4645 y Ft(h)o Fo(")p Fu(,)h Fs(e)7
+b Fu(,)33 b Fs(s)2345 4609 y Fi(0)2368 4645 y Ft(i)1110
+4813 y Fu(undef)p 1110 4826 236 4 v 83 w(otherwise)283
+5013 y(The)e(function)f(is)f(w)m(ell-de\014ned)i(b)s(ecause)g(of)e
+(Exercise)j(3.6.)42 b(Note)30 b(that)g(the)g(de\014nition)f(do)s(es)283
+5133 y(not)k(require)g(the)g(stac)m(k)h(comp)s(onen)m(t)e(of)h(the)g
+(terminal)d(con\014guration)i(to)g(b)s(e)h(empt)m(y)g(but)g(it)283
+5254 y(do)s(es)g(require)g(the)g(co)s(de)g(comp)s(onen)m(t)g(to)f(b)s
+(e)h(so.)430 5374 y(The)j(abstract)g(mac)m(hine)g Fw(AM)f
+Fu(ma)m(y)h(seem)g(far)f(remo)m(v)m(ed)h(from)f(more)g(traditional)d
+(ma-)283 5494 y(c)m(hine)h(arc)m(hitectures.)45 b(In)33
+b(the)g(next)h(few)f(exercises)h(w)m(e)g(shall)d(gradually)g(bridge)h
+(this)g(gap.)p eop
+%%Page: 69 79
+69 78 bop 0 130 a Fw(3.2)112 b(Sp)s(eci\014cation)37
+b(of)h(the)f(translation)1596 b(69)p 0 193 3473 4 v 0
+515 a(Exercise)36 b(3.7)49 b(AM)29 b Fu(refers)h(to)f(v)-5
+b(ariables)28 b(b)m(y)i(their)f Fs(name)36 b Fu(rather)29
+b(than)g(b)m(y)i(their)d Fs(addr)-5 b(ess)p Fu(.)0 636
+y(The)34 b(abstract)e(mac)m(hine)g Fw(AM)1153 651 y Fn(1)1225
+636 y Fu(di\013ers)h(from)e Fw(AM)i Fu(in)e(that)145
+805 y Ft(\017)49 b Fu(the)31 b(con\014gurations)g(ha)m(v)m(e)h(the)f
+(form)f Ft(h)o Fs(c)6 b Fu(,)31 b Fs(e)7 b Fu(,)32 b
+Fs(m)7 b Ft(i)30 b Fu(where)i Fs(c)37 b Fu(and)31 b Fs(e)38
+b Fu(are)30 b(as)i(in)e Fw(AM)g Fu(and)244 925 y Fs(m)7
+b Fu(,)33 b(the)g Fs(memory)9 b Fu(,)31 b(is)i(a)f(\(\014nite\))g(list)
+f(of)h(v)-5 b(alues,)33 b(that)f(is)g Fs(m)40 b Ft(2)33
+b Fw(Z)2662 889 y Fc(?)2702 925 y Fu(,)f(and)145 1117
+y Ft(\017)49 b Fu(the)38 b(instructions)f Fb(fetch)p
+Fu(-)p Fs(x)48 b Fu(and)38 b Fb(store)p Fu(-)p Fs(x)48
+b Fu(are)37 b(replaced)h(b)m(y)g(instructions)f Fb(get)p
+Fu(-)p Fs(n)244 1237 y Fu(and)c Fb(put)p Fu(-)p Fs(n)38
+b Fu(where)c Fs(n)40 b Fu(is)32 b(a)g(natural)g(n)m(um)m(b)s(er)h(\(an)
+f(address\).)0 1406 y(Sp)s(ecify)37 b(the)h(op)s(erational)c(seman)m
+(tics)j(of)g(the)g(mac)m(hine.)56 b(Y)-8 b(ou)37 b(ma)m(y)g(write)g
+Fs(m)7 b Fu([)p Fs(n)g Fu(])37 b(to)g(select)0 1527 y(the)30
+b Fo(n)p Fu(th)g(v)-5 b(alue)28 b(in)h(the)h(list)e Fs(m)36
+b Fu(\(when)31 b Fs(n)36 b Fu(is)29 b(p)s(ositiv)m(e)g(but)h(less)f
+(than)h(or)f(equal)g(to)g(the)h(length)0 1647 y(of)i
+Fs(m)7 b Fu(\).)44 b(What)32 b(happ)s(ens)i(if)d(w)m(e)j(reference)g
+(an)f(address)h(that)e(is)g(outside)h(the)g(memory?)104
+b Fh(2)0 1829 y Fw(Exercise)36 b(3.8)49 b Fu(The)37 b(next)h(step)f(is)
+e(to)h(get)h(rid)e(of)h(the)g(op)s(erations)g Fb(branch)p
+Fu(\()p Ft(\001)17 b(\001)g(\001)n Fu(,)p Ft(\001)g(\001)g(\001)n
+Fu(\))36 b(and)0 1950 y Fb(loop)p Fu(\()p Ft(\001)17
+b(\001)g(\001)o Fu(,)p Ft(\001)g(\001)g(\001)n Fu(\).)79
+b(The)46 b(idea)e(is)g(to)g(in)m(tro)s(duce)g(instructions)h(for)f
+Fs(de\014ning)g(lab)-5 b(els)52 b Fu(and)45 b(for)0 2070
+y Fs(jumping)32 b(to)i(lab)-5 b(els)p Fu(.)42 b(The)32
+b(abstract)f(mac)m(hine)f Fw(AM)1932 2085 y Fn(2)2002
+2070 y Fu(di\013ers)h(from)e Fw(AM)2710 2085 y Fn(1)2780
+2070 y Fu(\(of)i(Exercise)h(3.7\))0 2190 y(in)g(that)145
+2359 y Ft(\017)49 b Fu(the)27 b(con\014gurations)f(ha)m(v)m(e)h(the)g
+(form)e Ft(h)p Fs(p)-5 b(c)6 b Fu(,)27 b Fs(c)6 b Fu(,)27
+b Fs(e)7 b Fu(,)28 b Fs(m)7 b Ft(i)26 b Fu(where)i Fs(c)6
+b Fu(,)27 b Fs(e)34 b Fu(and)26 b Fs(m)33 b Fu(are)27
+b(as)f(b)s(efore)244 2480 y(and)i Fs(p)-5 b(c)34 b Fu(is)28
+b(the)h(program)e(coun)m(ter)j(\(a)e(natural)f(n)m(um)m(b)s(er\))i(p)s
+(oin)m(ting)e(to)h(an)g(instruction)244 2600 y(in)k Fs(c)6
+b Fu(,)32 b(and)145 2792 y Ft(\017)49 b Fu(the)38 b(instructions)f
+Fb(branch)p Fu(\()p Ft(\001)17 b(\001)g(\001)n Fu(,)p
+Ft(\001)g(\001)g(\001)o Fu(\))37 b(and)h Fb(loop)p Fu(\()p
+Ft(\001)17 b(\001)g(\001)n Fu(,)p Ft(\001)g(\001)g(\001)n
+Fu(\))38 b(are)f(replaced)h(b)m(y)h(the)f(in-)244 2912
+y(structions)h Fb(label)p Fu(-)p Fs(l)10 b Fu(,)39 b
+Fb(jump)p Fu(-)p Fs(l)49 b Fu(and)38 b Fb(jumpf)-9 b(alse)p
+Fu(-)p Fs(l)48 b Fu(where)40 b Fs(l)49 b Fu(is)38 b(a)g(lab)s(el)e(\(a)
+j(natural)244 3033 y(n)m(um)m(b)s(er\).)0 3201 y(The)31
+b(idea)f(is)f(that)h(w)m(e)h(will)d(execute)k(the)f(instruction)e(in)h
+Fs(c)35 b Fu(that)30 b Fs(p)-5 b(c)36 b Fu(p)s(oin)m(ts)30
+b(to)f(and)i(in)e(most)0 3322 y(cases)41 b(this)e(will)e(cause)j(the)g
+(program)e(coun)m(ter)i(to)f(b)s(e)h(incremen)m(ted)g(b)m(y)g(1.)63
+b(The)41 b(instruc-)0 3442 y(tion)32 b Fb(label)p Fu(-)p
+Fs(l)42 b Fu(has)32 b(no)h(e\013ect)g(except)i(up)s(dating)c(the)i
+(program)e(coun)m(ter.)45 b(The)33 b(instruction)0 3563
+y Fb(jump)p Fu(-)p Fs(l)53 b Fu(will)41 b(mo)m(v)m(e)j(the)f(program)f
+(coun)m(ter)i(to)f(the)h(unique)f(instruction)g Fb(label)p
+Fu(-)p Fs(l)52 b Fu(\(if)42 b(it)0 3683 y(exists\).)51
+b(The)36 b(instruction)d Fb(jumpf)-9 b(alse)p Fu(-)p
+Fs(l)45 b Fu(will)33 b(only)h(mo)m(v)m(e)h(the)g(program)f(coun)m(ter)i
+(to)e(the)0 3803 y(instruction)j Fb(label)p Fu(-)p Fs(l)48
+b Fu(if)37 b(the)i(v)-5 b(alue)38 b(on)g(top)g(of)g(the)h(stac)m(k)h
+(is)e Fw(\013)p Fu(;)j(if)c(it)h(is)g Fw(tt)f Fu(the)i(program)0
+3924 y(coun)m(ter)34 b(will)c(b)s(e)j(incremen)m(ted)g(b)m(y)g(1.)146
+4044 y(Sp)s(ecify)42 b(an)f(op)s(erational)e(seman)m(tics)i(for)g
+Fw(AM)1959 4059 y Fn(2)1999 4044 y Fu(.)69 b(Y)-8 b(ou)42
+b(ma)m(y)f(write)g Fs(c)6 b Fu([)p Fs(p)-5 b(c)6 b Fu(])40
+b(for)h(the)h(in-)0 4164 y(struction)h(in)g Fs(c)49 b
+Fu(p)s(oin)m(ted)43 b(to)g(b)m(y)i Fs(p)-5 b(c)49 b Fu(\(if)42
+b Fs(p)-5 b(c)49 b Fu(is)43 b(p)s(ositiv)m(e)f(and)i(less)g(than)f(or)h
+(equal)f(to)g(the)0 4285 y(length)32 b(of)g Fs(c)6 b
+Fu(\).)43 b(What)33 b(happ)s(ens)g(if)f(the)h(same)f(lab)s(el)f(is)h
+(de\014ned)i(more)e(than)h(once?)295 b Fh(2)0 4467 y
+Fw(Exercise)36 b(3.9)49 b Fu(Finally)-8 b(,)32 b(w)m(e)j(shall)e
+(consider)h(an)h(abstract)f(mac)m(hine)g Fw(AM)2838 4482
+y Fn(3)2911 4467 y Fu(where)h(the)g(la-)0 4587 y(b)s(els)f(of)h(the)g
+(instructions)f Fb(jump)p Fu(-)p Fs(l)45 b Fu(and)35
+b Fb(jumpf)-9 b(alse)p Fu(-)p Fs(l)44 b Fu(of)34 b(Exercise)i(3.8)f
+(are)f Fs(absolute)j(ad-)0 4708 y(dr)-5 b(esses)p Fu(;)32
+b(so)g Fb(jump)p Fu(-7)g(means)g(jump)g(to)g(the)h(7th)f(instruction)g
+(of)g(the)g(co)s(de)h(\(rather)f(than)h(to)0 4828 y(the)26
+b(instruction)f Fb(label)p Fu(-7\).)41 b(Sp)s(ecify)26
+b(the)g(op)s(erational)e(seman)m(tics)i(of)f(the)i(mac)m(hine.)40
+b(What)0 4949 y(happ)s(ens)34 b(if)d(w)m(e)j(jump)e(to)g(an)g
+(instruction)g(that)g(is)h(not)f(in)g(the)h(co)s(de?)779
+b Fh(2)0 5275 y Fj(3.2)161 b(Sp)t(eci\014cation)53 b(of)h(the)f
+(translation)0 5494 y Fu(W)-8 b(e)33 b(shall)e(no)m(w)i(study)h(ho)m(w)
+f(to)g(generate)g(co)s(de)g(for)f(the)h(abstract)g(mac)m(hine.)p
+eop
+%%Page: 70 80
+70 79 bop 251 130 a Fw(70)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
+b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283
+515 a Fp(Expressions)283 700 y Fu(Arithmetic)g(and)h(b)s(o)s(olean)f
+(expressions)j(will)c(b)s(e)i(ev)-5 b(aluated)38 b(on)g(the)h(ev)-5
+b(aluation)36 b(stac)m(k)j(of)283 820 y(the)d(mac)m(hine)e(and)g(the)i
+(co)s(de)e(to)h(b)s(e)g(generated)g(m)m(ust)g(e\013ect)g(this.)50
+b(This)35 b(is)f(accomplished)283 941 y(b)m(y)g(the)f(\(total\))e
+(functions)527 1124 y Ft(C)6 b(A)p Fu(:)44 b Fw(Aexp)32
+b Ft(!)g Fw(Co)s(de)283 1308 y Fu(and)527 1491 y Ft(C)6
+b(B)t Fu(:)44 b Fw(Bexp)32 b Ft(!)g Fw(Co)s(de)283 1674
+y Fu(sp)s(eci\014ed)27 b(in)f(T)-8 b(able)26 b(3.2.)41
+b(Note)26 b(that)g(the)g(co)s(de)h(generated)g(for)e(binary)h
+(expressions)i(consists)p 283 1800 V 283 3694 4 1894
+v 715 1909 a Ft(C)6 b(A)p Fu([)-17 b([)q Fs(n)7 b Fu(])-17
+b(])361 b(=)100 b Fb(push)p Fu(-)p Fs(n)715 2077 y Ft(C)6
+b(A)p Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])366 b(=)100
+b Fb(fetch)p Fu(-)p Fs(x)715 2245 y Ft(C)6 b(A)p Fu([)-17
+b([)q Fs(a)948 2260 y Fn(1)987 2245 y Fu(+)p Fs(a)1120
+2260 y Fn(2)1160 2245 y Fu(])g(])154 b(=)100 b Ft(C)6
+b(A)p Fu([)-17 b([)p Fs(a)1759 2260 y Fn(2)1799 2245
+y Fu(])g(]:)p Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)2096 2260
+y Fn(1)2136 2245 y Fu(])g(]:)p Fb(add)715 2412 y Ft(C)6
+b(A)p Fu([)-17 b([)q Fs(a)948 2427 y Fn(1)1020 2412 y
+Fo(?)32 b Fs(a)1158 2427 y Fn(2)1198 2412 y Fu(])-17
+b(])116 b(=)100 b Ft(C)6 b(A)p Fu([)-17 b([)p Fs(a)1759
+2427 y Fn(2)1799 2412 y Fu(])g(]:)p Ft(C)6 b(A)p Fu([)-17
+b([)q Fs(a)2096 2427 y Fn(1)2136 2412 y Fu(])g(]:)p Fb(mul)-7
+b(t)715 2580 y Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)948 2595
+y Fn(1)987 2580 y Ft(\000)p Fs(a)1121 2595 y Fn(2)1162
+2580 y Fu(])g(])152 b(=)100 b Ft(C)6 b(A)p Fu([)-17 b([)p
+Fs(a)1759 2595 y Fn(2)1799 2580 y Fu(])g(]:)p Ft(C)6
+b(A)p Fu([)-17 b([)q Fs(a)2096 2595 y Fn(1)2136 2580
+y Fu(])g(]:)p Fb(sub)715 2795 y Ft(C)6 b(B)t Fu([)-17
+b([)q Fr(true)p Fu(])g(])230 b(=)100 b Fb(tr)n(ue)715
+2962 y Ft(C)6 b(B)t Fu([)-17 b([)q Fr(false)p Fu(])g(])179
+b(=)100 b Fb(f)-9 b(alse)715 3130 y Ft(C)6 b(B)t Fu([)-17
+b([)q Fs(a)937 3145 y Fn(1)1009 3130 y Fu(=)32 b Fs(a)1174
+3145 y Fn(2)1214 3130 y Fu(])-17 b(])100 b(=)g Ft(C)6
+b(A)p Fu([)-17 b([)p Fs(a)1759 3145 y Fn(2)1799 3130
+y Fu(])g(]:)p Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)2096 3145
+y Fn(1)2136 3130 y Fu(])g(]:)p Fb(eq)715 3298 y Ft(C)6
+b(B)t Fu([)-17 b([)q Fs(a)937 3313 y Fn(1)976 3298 y
+Ft(\024)q Fs(a)1111 3313 y Fn(2)1151 3298 y Fu(])g(])163
+b(=)100 b Ft(C)6 b(A)p Fu([)-17 b([)p Fs(a)1759 3313
+y Fn(2)1799 3298 y Fu(])g(]:)p Ft(C)6 b(A)p Fu([)-17
+b([)q Fs(a)2096 3313 y Fn(1)2136 3298 y Fu(])g(]:)p Fb(le)715
+3465 y Ft(C)6 b(B)t Fu([)-17 b([)q Ft(:)p Fs(b)6 b Fu(])-17
+b(])317 b(=)100 b Ft(C)6 b(B)s Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(])q(:)p Fb(neg)715 3633 y Ft(C)6 b(B)t Fu([)-17
+b([)q Fs(b)931 3648 y Fn(1)970 3633 y Ft(^)p Fs(b)1087
+3648 y Fn(2)1127 3633 y Fu(])g(])187 b(=)100 b Ft(C)6
+b(B)s Fu([)-17 b([)q Fs(b)1742 3648 y Fn(2)1781 3633
+y Fu(])g(])q(:)p Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)2061
+3648 y Fn(1)2101 3633 y Fu(])g(]:)p Fb(and)p 3753 3694
+V 283 3697 3473 4 v 1235 3858 a Fu(T)-8 b(able)33 b(3.2:)43
+b(T)-8 b(ranslation)31 b(of)h(expressions)283 4081 y(of)45
+b(the)f(co)s(de)h(for)f(the)h Fs(right)54 b Fu(argumen)m(t)44
+b(follo)m(w)m(ed)g(b)m(y)h(that)g(for)f(the)h Fs(left)54
+b Fu(argumen)m(t)44 b(and)283 4201 y(\014nally)j(the)h(appropriate)f
+(instruction)f(for)h(the)h(op)s(erator.)88 b(In)48 b(this)g(w)m(a)m(y)g
+(it)f(is)g(ensured)283 4322 y(that)39 b(the)h(argumen)m(ts)f(app)s(ear)
+g(on)g(the)g(ev)-5 b(aluation)38 b(stac)m(k)i(in)e(the)i(order)f
+(required)g(b)m(y)h(the)283 4442 y(instructions)33 b(\(in)e(T)-8
+b(able)33 b(3.1\).)43 b(Note)32 b(that)h Ft(C)6 b(A)32
+b Fu(and)h Ft(C)6 b(B)36 b Fu(are)d(de\014ned)h(comp)s(ositionally)-8
+b(.)283 4644 y Fw(Example)37 b(3.10)49 b Fu(F)-8 b(or)38
+b(the)i(arithmetic)d(expression)j Fr(x)p Fu(+)p Fr(1)g
+Fu(w)m(e)g(calculate)e(the)i(co)s(de)f(as)h(fol-)283
+4764 y(lo)m(ws:)552 4932 y Ft(C)6 b(A)p Fu([)-17 b([)q
+Fr(x)p Fu(+)p Fr(1)p Fu(])g(])33 b(=)g Ft(C)6 b(A)o Fu([)-17
+b([)q Fr(1)p Fu(])g(])q(:)p Ft(C)6 b(A)p Fu([)-17 b([)p
+Fr(x)p Fu(])g(])q(:)p Fb(add)33 b Fu(=)g Fb(push)p Fu(-)p
+Fr(1)p Fu(:)p Fb(fetch)p Fu(-)p Fs(x)12 b Fu(:)p Fb(add)762
+b Fh(2)283 5133 y Fw(Exercise)37 b(3.11)49 b Fu(It)26
+b(is)g(clear)f(that)h Ft(A)p Fu([)-17 b([\()p Fs(a)1809
+5148 y Fn(1)1849 5133 y Fu(+)p Fs(a)1982 5148 y Fn(2)2022
+5133 y Fu(\)+)p Fs(a)2193 5148 y Fn(3)2232 5133 y Fu(])g(])27
+b(equals)f Ft(A)p Fu([)-17 b([)p Fs(a)2759 5148 y Fn(1)2799
+5133 y Fu(+\()p Fs(a)2970 5148 y Fn(2)3010 5133 y Fu(+)p
+Fs(a)3143 5148 y Fn(3)3182 5133 y Fu(\)])g(])q(.)41 b(Sho)m(w)27
+b(that)283 5254 y(it)43 b(is)g Fs(not)53 b Fu(the)45
+b(case)f(that)g Ft(C)6 b(A)o Fu([)-17 b([)q(\()p Fs(a)1581
+5269 y Fn(1)1621 5254 y Fu(+)p Fs(a)1754 5269 y Fn(2)1793
+5254 y Fu(\)+)p Fs(a)1964 5269 y Fn(3)2004 5254 y Fu(])g(])44
+b(equals)g Ft(C)6 b(A)p Fu([)-17 b([)p Fs(a)2624 5269
+y Fn(1)2664 5254 y Fu(+\()p Fs(a)2835 5269 y Fn(2)2875
+5254 y Fu(+)p Fs(a)3008 5269 y Fn(3)3047 5254 y Fu(\)])g(])q(.)76
+b(Nonetheless,)283 5374 y(sho)m(w)31 b(that)e Ft(C)6
+b(A)o Fu([)-17 b([)q(\()p Fs(a)1000 5389 y Fn(1)1040
+5374 y Fu(+)p Fs(a)1173 5389 y Fn(2)1212 5374 y Fu(\)+)p
+Fs(a)1383 5389 y Fn(3)1423 5374 y Fu(])g(])29 b(and)h
+Ft(C)6 b(A)o Fu([)-17 b([)q Fs(a)1908 5389 y Fn(1)1948
+5374 y Fu(+\()p Fs(a)2119 5389 y Fn(2)2158 5374 y Fu(+)p
+Fs(a)2291 5389 y Fn(3)2331 5374 y Fu(\)])g(])29 b(do)g(in)g(fact)g
+Fs(b)-5 b(ehave)35 b Fu(similar)26 b(to)j(one)283 5494
+y(another.)3046 b Fh(2)p eop
+%%Page: 71 81
+71 80 bop 0 130 a Fw(3.2)112 b(Sp)s(eci\014cation)37
+b(of)h(the)f(translation)1596 b(71)p 0 193 3473 4 v 0
+515 a Fp(Statemen)l(ts)0 700 y Fu(The)38 b(translation)e(of)h(statemen)
+m(ts)h(in)m(to)f(abstract)h(mac)m(hine)f(co)s(de)g(is)g(giv)m(en)h(b)m
+(y)g(the)g(\(total\))0 820 y(function)244 1012 y Ft(C)6
+b(S)i Fu(:)43 b Fw(Stm)32 b Ft(!)g Fw(Co)s(de)0 1204
+y Fu(sp)s(eci\014ed)i(in)e(T)-8 b(able)33 b(3.3.)44 b(The)34
+b(co)s(de)g(generated)g(for)e(an)h(arithmetic)e(expression)j
+Fs(a)40 b Fu(ensures)p 0 1336 V 0 2176 4 841 v 432 1445
+a Ft(C)6 b(S)i Fu([)-17 b([)q Fs(x)44 b Fu(:=)32 b Fs(a)7
+b Fu(])-17 b(])757 b(=)100 b Ft(C)6 b(A)p Fu([)-17 b([)p
+Fs(a)7 b Fu(])-17 b(])q(:)p Fb(store)p Fu(-)p Fs(x)432
+1612 y Ft(C)6 b(S)i Fu([)-17 b([)q Fr(skip)p Fu(])g(])834
+b(=)100 b Fb(noop)432 1780 y Ft(C)6 b(S)i Fu([)-17 b([)q
+Fs(S)663 1795 y Fn(1)702 1780 y Fu(;)p Fs(S)796 1795
+y Fn(2)835 1780 y Fu(])g(])799 b(=)100 b Ft(C)6 b(S)i
+Fu([)-17 b([)q Fs(S)2078 1795 y Fn(1)2117 1780 y Fu(])g(]:)p
+Ft(C)6 b(S)j Fu([)-17 b([)p Fs(S)2412 1795 y Fn(2)2452
+1780 y Fu(])g(])432 1948 y Ft(C)6 b(S)i Fu([)-17 b([)q
+Fr(if)33 b Fs(b)38 b Fr(then)c Fs(S)1119 1963 y Fn(1)1190
+1948 y Fr(else)g Fs(S)1495 1963 y Fn(2)1534 1948 y Fu(])-17
+b(])100 b(=)g Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
+b(])q(:)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17 b([)p
+Fs(S)2755 1963 y Fn(1)2795 1948 y Fu(])g(],)p Ft(C)6
+b(S)j Fu([)-17 b([)p Fs(S)3090 1963 y Fn(2)3129 1948
+y Fu(])g(])q(\))432 2115 y Ft(C)6 b(S)i Fu([)-17 b([)q
+Fr(while)33 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17
+b(])464 b(=)100 b Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(],)p Ft(C)6 b(S)i Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(]\))p 3469 2176 V 0 2179 3473
+4 v 742 2340 a(T)-8 b(able)32 b(3.3:)43 b(T)-8 b(ranslation)31
+b(of)h(statemen)m(ts)i(in)d Fw(While)0 2550 y Fu(that)45
+b(the)h(v)-5 b(alue)45 b(of)g(the)h(expression)h(is)e(on)g(top)h(of)f
+(the)g(ev)-5 b(aluation)44 b(stac)m(k)j(when)g(it)d(has)0
+2670 y(b)s(een)e(computed.)70 b(So)41 b(in)f(the)i(co)s(de)f(for)g
+Fs(x)53 b Fu(:=)41 b Fs(a)49 b Fu(it)40 b(su\016ces)j(to)e(app)s(end)h
+(the)f(co)s(de)h(for)f Fs(a)0 2790 y Fu(with)g(the)g(instruction)f
+Fb(store)p Fu(-)p Fs(x)12 b Fu(.)67 b(This)41 b(instruction)f(assigns)h
+Fs(x)53 b Fu(the)41 b(appropriate)f(v)-5 b(alue)0 2911
+y(and)36 b(additionally)d(p)s(ops)j(the)h(stac)m(k.)55
+b(F)-8 b(or)36 b(the)g Fr(skip)p Fu(-statemen)m(t)h(w)m(e)g(generate)g
+(the)g Fb(noop)p Fu(-)0 3031 y(instruction.)42 b(F)-8
+b(or)30 b(sequencing)j(of)d(statemen)m(ts)i(w)m(e)h(just)e(concatenate)
+h(the)g(t)m(w)m(o)f(instruction)0 3152 y(sequences.)73
+b(When)42 b(generating)f(co)s(de)h(for)f(the)h(conditional,)f(the)g(co)
+s(de)h(for)f(the)h(b)s(o)s(olean)0 3272 y(expression)d(will)c(ensure)k
+(that)f(a)f(truth)h(v)-5 b(alue)37 b(will)e(b)s(e)j(placed)f(on)h(top)f
+(of)g(the)h(ev)-5 b(aluation)0 3392 y(stac)m(k)48 b(and)g(the)f
+Fb(branch)p Fu(-instruction)f(will)f(then)i(insp)s(ect)h(\(and)f(p)s
+(op\))g(that)g(v)-5 b(alue)46 b(and)0 3513 y(select)28
+b(the)g(appropriate)e(piece)i(of)f(co)s(de.)42 b(Finally)-8
+b(,)26 b(the)h(co)s(de)h(for)f(the)h Fr(while)p Fu(-construct)h(uses)0
+3633 y(the)38 b Fb(loop)p Fu(-instruction.)56 b(Again)35
+b(w)m(e)k(ma)m(y)d(note)i(that)f Ft(C)6 b(S)45 b Fu(is)36
+b(de\014ned)j(in)d(a)h(comp)s(ositional)0 3754 y(manner.)0
+3966 y Fw(Example)g(3.12)49 b Fu(The)33 b(co)s(de)f(generated)h(for)f
+(the)g(factorial)e(statemen)m(t)j(considered)g(earlier)0
+4087 y(is)f(as)h(follo)m(ws:)244 4279 y Ft(C)6 b(S)i
+Fu([)-17 b([)q Fr(y)p Fu(:=)p Fr(1)p Fu(;)33 b Fr(while)g
+Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p
+Fr(y)p Fu(:=)p Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p
+Fr(x)p Ft(\000)p Fr(1)p Fu(\)])-17 b(])370 4446 y(=)32
+b Ft(C)6 b(S)i Fu([)-17 b([)q Fr(y)p Fu(:=)p Fr(1)p Fu(])g(])q(:)p
+Ft(C)6 b(S)i Fu([)-17 b([)q Fr(while)34 b Ft(:)p Fu(\()p
+Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p
+Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(\)])-17 b(])370 4614 y(=)32 b Ft(C)6 b(A)p
+Fu([)-17 b([)q(1])g(]:)p Fb(store)p Fu(-)p Fr(y)p Fu(:)p
+Fb(loop)p Fu(\()p Ft(C)6 b(B)s Fu([)-17 b([)q Ft(:)p
+Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q(,)p Ft(C)6
+b(S)j Fu([)-17 b([)p Fr(y)p Fu(:=)p Fr(y)33 b Fo(?)f
+Fr(x)p Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p
+Fu(])-17 b(])r(\))370 4782 y(=)32 b Fb(push)p Fu(-)p
+Fr(1)p Fu(:)p Fb(store)p Fu(-)p Fr(y)p Fu(:)p Fb(loop)p
+Fu(\()p Ft(C)6 b(B)s Fu([)-17 b([)p Fr(x)p Fu(=)p Fr(1)p
+Fu(])g(])q(:)p Fb(neg)p Fu(,)p Ft(C)6 b(S)i Fu([)-17
+b([)q Fr(y)p Fu(:=)p Fr(y)33 b Fo(?)f Fr(x)p Fu(])-17
+b(])q(:)p Ft(C)6 b(S)i Fu([)-17 b([)q Fr(x)p Fu(:=)p
+Fr(x)p Ft(\000)p Fr(1)p Fu(])g(])r(\))370 4925 y(.)370
+4958 y(.)370 4991 y(.)370 5159 y(=)32 b Fb(push)p Fu(-)p
+Fr(1)p Fu(:)p Fb(store)p Fu(-)p Fr(y)p Fu(:)p Fb(loop)p
+Fu(\()p Fb(push)p Fu(-)p Fr(1)p Fu(:)p Fb(fetch)p Fu(-)p
+Fr(x)p Fu(:)p Fb(eq)p Fu(:)p Fb(neg)p Fu(,)1478 5326
+y Fb(fetch)p Fu(-)p Fr(x)p Fu(:)p Fb(fetch)p Fu(-)p Fr(y)p
+Fu(:)p Fb(mul)-7 b(t)p Fu(:)p Fb(store)p Fu(-)p Fr(y)p
+Fu(:)1654 5494 y Fb(push)p Fu(-)p Fr(1)p Fu(:)p Fb(fetch)p
+Fu(-)p Fr(x)p Fu(:)p Fb(sub)p Fu(:)p Fb(store)p Fu(-)p
+Fr(x)p Fu(\))412 b Fh(2)p eop
+%%Page: 72 82
+72 81 bop 251 130 a Fw(72)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
+b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283
+515 a(Exercise)g(3.13)49 b Fu(Use)33 b Ft(C)6 b(S)41
+b Fu(to)32 b(generate)h(co)s(de)g(for)f(the)h(statemen)m(t)527
+727 y Fr(z)p Fu(:=)p Fr(0)p Fu(;)g Fr(while)h(y)p Ft(\024)q
+Fr(x)f(do)g Fu(\()p Fr(z)p Fu(:=)p Fr(z)p Fu(+)p Fr(1)p
+Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(y)p Fu(\))283
+939 y(T)-8 b(race)41 b(the)e(computation)f(of)h(the)h(co)s(de)g
+(starting)e(from)g(a)h(storage)h(where)g Fr(x)g Fu(is)f
+Fw(17)g Fu(and)h Fr(y)283 1059 y Fu(is)33 b Fw(5)p Fu(.)3216
+b Fh(2)283 1300 y Fw(Exercise)37 b(3.14)49 b Fu(Extend)34
+b Fw(While)e Fu(with)h(the)h(construct)g Fr(repeat)h
+Fs(S)45 b Fr(until)34 b Fs(b)39 b Fu(and)33 b(sp)s(ecify)283
+1420 y(ho)m(w)h(to)e(generate)h(co)s(de)f(for)g(it.)43
+b(Note)32 b(that)g(the)h(de\014nition)e(has)i(to)f(b)s(e)h(comp)s
+(ositional)c(and)283 1540 y(that)k(it)e(is)h Fs(not)42
+b Fu(necessary)35 b(to)e(extend)h(the)f(instruction)e(set)j(of)e(the)h
+(abstract)g(mac)m(hine.)93 b Fh(2)283 1780 y Fw(Exercise)37
+b(3.15)49 b Fu(Extend)42 b Fw(While)c Fu(with)j(the)f(construct)i
+Fr(for)f Fs(x)52 b Fu(:=)41 b Fs(a)2989 1795 y Fn(1)3069
+1780 y Fr(to)g Fs(a)3269 1795 y Fn(2)3349 1780 y Fr(do)g
+Fs(S)52 b Fu(and)283 1901 y(sp)s(ecify)38 b(ho)m(w)h(to)e(generate)h
+(co)s(de)g(for)f(it.)57 b(As)38 b(in)f(Exercise)i(3.14)e(the)h
+(de\014nition)f(has)g(to)h(b)s(e)283 2021 y(comp)s(ositional)26
+b(but)j(y)m(ou)g(ma)m(y)g(ha)m(v)m(e)h(to)f(in)m(tro)s(duce)f(an)h
+(instruction)f Fb(copy)h Fu(that)f(duplicates)283 2142
+y(the)33 b(elemen)m(t)g(on)f(top)h(of)f(the)h(ev)-5 b(aluation)31
+b(stac)m(k.)1569 b Fh(2)283 2441 y Fp(The)45 b(seman)l(tic)h(function)f
+FC(S)1723 2459 y Fk(am)283 2629 y Fu(The)e(meaning)d(of)i(a)f(statemen)
+m(t)h Fs(S)54 b Fu(can)42 b(no)m(w)g(b)s(e)g(obtained)f(b)m(y)i
+(\014rst)f(translating)e(it)h(in)m(to)283 2749 y(co)s(de)33
+b(for)f Fw(AM)g Fu(and)h(next)g(executing)g(the)g(co)s(de)f(on)h(the)f
+(abstract)h(mac)m(hine.)43 b(The)33 b(e\013ect)g(of)283
+2870 y(this)g(is)f(expressed)j(b)m(y)f(the)f(function)527
+3082 y Ft(S)595 3097 y Fn(am)693 3082 y Fu(:)44 b Fw(Stm)32
+b Ft(!)g Fu(\()p Fw(State)g Fo(,)-17 b Ft(!)33 b Fw(State)p
+Fu(\))283 3294 y(de\014ned)h(b)m(y)527 3505 y Ft(S)595
+3520 y Fn(am)693 3505 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])33 b(=)f(\()p Ft(M)g(\016)h(C)6 b(S)i Fu(\)[)-17
+b([)p Fs(S)12 b Fu(])-17 b(])283 3747 y Fw(Exercise)37
+b(3.16)49 b Fu(Mo)s(dify)27 b(the)h(co)s(de)g(generation)f(so)h(as)g
+(to)f(translate)g Fw(While)f Fu(in)m(to)h(co)s(de)h(for)283
+3868 y(the)40 b(abstract)f(mac)m(hine)g Fw(AM)1424 3883
+y Fn(1)1502 3868 y Fu(of)g(Exercise)h(3.7.)63 b(Y)-8
+b(ou)39 b(ma)m(y)g(assume)g(the)h(existence)h(of)d(a)283
+3988 y(function)527 4200 y Fs(env)11 b Fu(:)43 b Fw(V)-9
+b(ar)32 b Ft(!)g Fw(N)283 4412 y Fu(that)f(maps)g(v)-5
+b(ariables)30 b(to)g(their)h(addresses.)45 b(Apply)31
+b(the)h(co)s(de)f(generation)f(function)h(to)f(the)283
+4532 y(factorial)e(statemen)m(t)j(of)e(Exercise)j(1.1)e(and)g(execute)i
+(the)f(co)s(de)f(so)g(obtained)g(starting)f(from)283
+4652 y(a)k(memory)e(where)j Fr(x)f Fu(is)f Fw(3)p Fu(.)2393
+b Fh(2)283 4893 y Fw(Exercise)37 b(3.17)49 b Fu(Mo)s(dify)27
+b(the)h(co)s(de)g(generation)f(so)h(as)g(to)f(translate)g
+Fw(While)f Fu(in)m(to)h(co)s(de)h(for)283 5013 y(the)36
+b(abstract)f(mac)m(hine)f Fw(AM)1411 5028 y Fn(2)1486
+5013 y Fu(of)g(Exercise)i(3.8.)50 b(Be)35 b(careful)g(to)f(generate)i
+(unique)f(lab)s(els,)283 5133 y(for)e(example)f(b)m(y)i(ha)m(ving)f
+(\\the)g(next)h(un)m(used)h(lab)s(el")c(as)i(an)g(additional)d
+(parameter)j(to)f(the)283 5254 y(co)s(de)44 b(generation)f(functions.)
+76 b(Apply)44 b(the)g(co)s(de)g(generation)e(function)h(to)g(the)h
+(factorial)283 5374 y(statemen)m(t)34 b(and)f(execute)i(the)f(co)s(de)g
+(so)f(obtained)g(starting)f(from)g(a)g(memory)h(where)h
+Fr(x)f Fu(has)283 5494 y(the)g(v)-5 b(alue)32 b Fw(3)p
+Fu(.)2895 b Fh(2)p eop
+%%Page: 73 83
+73 82 bop 0 130 a Fw(3.3)112 b(Correctness)2530 b(73)p
+0 193 3473 4 v 0 515 a Fj(3.3)161 b(Correctness)0 734
+y Fu(The)33 b(correctness)g(of)f(the)g(implemen)m(tation)c(amoun)m(ts)k
+(to)f(sho)m(wing)h(that,)g(if)f(w)m(e)h(\014rst)h(trans-)0
+855 y(late)42 b(a)i(statemen)m(t)f(in)m(to)g(co)s(de)h(for)e
+Fw(AM)i Fu(and)f(then)h(execute)h(that)e(co)s(de,)k(then)d(w)m(e)g(m)m
+(ust)0 975 y(obtain)31 b(the)i(same)g(result)f(as)h(sp)s(eci\014ed)h(b)
+m(y)f(the)g(op)s(erational)d(seman)m(tics)j(of)f Fw(While)p
+Fu(.)0 1263 y Fp(Expressions)0 1447 y Fu(The)40 b(correctness)i(of)d
+(the)g(implemen)m(tation)d(of)j(arithmetic)e(expressions)42
+b(is)c(expressed)k(b)m(y)0 1568 y(the)33 b(follo)m(wing)d(lemma:)p
+0 1688 3473 5 v 0 1854 a Fw(Lemma)37 b(3.18)49 b Fu(F)-8
+b(or)32 b(all)e(arithmetic)h(expressions)j Fs(a)40 b
+Fu(w)m(e)34 b(ha)m(v)m(e)244 2049 y Ft(hC)6 b(A)o Fu([)-17
+b([)q Fs(a)7 b Fu(])-17 b(])q(,)32 b Fo(")p Fu(,)h Fs(s)8
+b Ft(i)32 b Fh(\003)915 2013 y Fi(\003)987 2049 y Ft(h)o
+Fo(")p Fu(,)h Ft(A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17
+b(])q Fs(s)8 b Fu(,)32 b Fs(s)8 b Ft(i)0 2244 y Fu(F)-8
+b(urthermore,)51 b(all)45 b(in)m(termediate)h(con\014gurations)h(of)g
+(this)h(computation)e(sequence)k(will)0 2365 y(ha)m(v)m(e)34
+b(a)e(non-empt)m(y)h(ev)-5 b(aluation)31 b(stac)m(k.)p
+0 2485 V 0 2680 a Fw(Pro)s(of:)40 b Fu(The)d(pro)s(of)d(is)h(b)m(y)h
+(structural)g(induction)e(on)h Fs(a)7 b Fu(.)52 b(Belo)m(w)36
+b(w)m(e)g(shall)e(giv)m(e)h(the)h(pro)s(of)0 2800 y(for)c(three)h
+(illustrativ)m(e)e(cases,)j(lea)m(ving)d(the)i(remaining)d(ones)k(as)f
+(an)f(exercise.)0 2968 y Fw(The)h(case)g Fs(n)7 b Fu(:)44
+b(W)-8 b(e)33 b(ha)m(v)m(e)h Ft(C)6 b(A)o Fu([)-17 b([)q
+Fs(n)7 b Fu(])-17 b(])33 b(=)g Fb(push)p Fu(-)p Fs(n)38
+b Fu(and)33 b(from)e(T)-8 b(able)33 b(3.1)f(w)m(e)h(get)244
+3163 y Ft(h)p Fb(push)p Fu(-)p Fs(n)7 b Fu(,)31 b Fo(")p
+Fu(,)i Fs(s)8 b Ft(i)32 b Fh(\003)h Ft(h)p Fo(")o Fu(,)g
+Ft(N)14 b Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])q(,)32
+b Fs(s)8 b Ft(i)0 3358 y Fu(Since)33 b Ft(A)o Fu([)-17
+b([)q Fs(n)7 b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 b Ft(N)14
+b Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])33 b(\(see)h(T)-8
+b(able)32 b(1.1\))g(w)m(e)i(ha)m(v)m(e)g(completed)e(the)h(pro)s(of)e
+(in)h(this)g(case.)0 3526 y Fw(The)h(case)g Fs(x)12 b
+Fu(:)43 b(W)-8 b(e)33 b(ha)m(v)m(e)h Ft(C)6 b(A)p Fu([)-17
+b([)q Fs(x)12 b Fu(])-17 b(])32 b(=)h Fb(fetch)p Fu(-)p
+Fs(x)44 b Fu(and)32 b(from)g(T)-8 b(able)32 b(3.1)g(w)m(e)i(get)244
+3721 y Ft(h)p Fb(fetch)p Fu(-)p Fs(x)12 b Fu(,)31 b Fo(")p
+Fu(,)i Fs(s)8 b Ft(i)32 b Fh(\003)h Ft(h)p Fo(")o Fu(,)g(\()p
+Fs(s)41 b(x)12 b Fu(\),)32 b Fs(s)8 b Ft(i)0 3916 y Fu(Since)33
+b Ft(A)o Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])p Fs(s)41
+b Fu(=)32 b Fs(s)41 b(x)j Fu(this)32 b(is)g(the)h(required)h(result.)0
+4083 y Fw(The)44 b(case)g Fs(a)535 4098 y Fn(1)574 4083
+y Fu(+)p Fs(a)707 4098 y Fn(2)747 4083 y Fu(:)65 b(W)-8
+b(e)44 b(ha)m(v)m(e)g Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)1486
+4098 y Fn(1)1525 4083 y Fu(+)p Fs(a)1658 4098 y Fn(2)1698
+4083 y Fu(])g(])44 b(=)f Ft(C)6 b(A)p Fu([)-17 b([)q
+Fs(a)2131 4098 y Fn(2)2170 4083 y Fu(])g(])q(:)p Ft(C)6
+b(A)p Fu([)-17 b([)p Fs(a)2467 4098 y Fn(1)2507 4083
+y Fu(])g(])q(:)p Fb(add)p Fu(.)76 b(The)44 b(induction)0
+4204 y(h)m(yp)s(othesis)34 b(applied)d(to)h Fs(a)998
+4219 y Fn(1)1071 4204 y Fu(and)g Fs(a)1317 4219 y Fn(2)1389
+4204 y Fu(giv)m(es)h(that)244 4399 y Ft(hC)6 b(A)o Fu([)-17
+b([)q Fs(a)515 4414 y Fn(1)555 4399 y Fu(])g(],)33 b
+Fo(")p Fu(,)f Fs(s)8 b Ft(i)33 b Fh(\003)954 4363 y Fi(\003)1026
+4399 y Ft(h)p Fo(")o Fu(,)g Ft(A)p Fu([)-17 b([)p Fs(a)1344
+4414 y Fn(1)1384 4399 y Fu(])g(])p Fs(s)8 b Fu(,)33 b
+Fs(s)8 b Ft(i)0 4594 y Fu(and)244 4789 y Ft(hC)e(A)o
+Fu([)-17 b([)q Fs(a)515 4804 y Fn(2)555 4789 y Fu(])g(],)33
+b Fo(")p Fu(,)f Fs(s)8 b Ft(i)33 b Fh(\003)954 4753 y
+Fi(\003)1026 4789 y Ft(h)p Fo(")o Fu(,)g Ft(A)p Fu([)-17
+b([)p Fs(a)1344 4804 y Fn(2)1384 4789 y Fu(])g(])p Fs(s)8
+b Fu(,)33 b Fs(s)8 b Ft(i)0 4984 y Fu(In)46 b(b)s(oth)f(cases)i(all)d
+(in)m(termediate)g(con\014gurations)h(will)e(ha)m(v)m(e)k(a)e(non-empt)
+m(y)h(ev)-5 b(aluation)0 5104 y(stac)m(k.)45 b(Using)32
+b(Exercise)i(3.4)e(w)m(e)i(get)e(that)244 5299 y Ft(hC)6
+b(A)o Fu([)-17 b([)q Fs(a)515 5314 y Fn(2)555 5299 y
+Fu(])g(]:)p Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)852 5314
+y Fn(1)892 5299 y Fu(])g(]:)p Fb(add)p Fu(,)33 b Fo(")p
+Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)1503 5263 y Fi(\003)1575
+5299 y Ft(hC)6 b(A)p Fu([)-17 b([)q Fs(a)1847 5314 y
+Fn(1)1886 5299 y Fu(])g(])q(:)p Fb(add)p Fu(,)33 b Ft(A)p
+Fu([)-17 b([)p Fs(a)2370 5314 y Fn(2)2410 5299 y Fu(])g(])p
+Fs(s)8 b Fu(,)33 b Fs(s)8 b Ft(i)0 5494 y Fu(Applying)32
+b(the)h(exercise)h(once)f(more)f(w)m(e)h(get)g(that)p
+eop
+%%Page: 74 84
+74 83 bop 251 130 a Fw(74)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
+b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 527
+515 a Ft(hC)6 b(A)p Fu([)-17 b([)p Fs(a)798 530 y Fn(1)838
+515 y Fu(])g(])q(:)p Fb(add)p Fu(,)33 b Ft(A)p Fu([)-17
+b([)p Fs(a)1322 530 y Fn(2)1362 515 y Fu(])g(])p Fs(s)8
+b Fu(,)33 b Fs(s)8 b Ft(i)32 b Fh(\003)1704 479 y Fi(\003)1776
+515 y Ft(h)p Fb(add)p Fu(,)h(\()p Ft(A)o Fu([)-17 b([)q
+Fs(a)2272 530 y Fn(1)2312 515 y Fu(])g(])p Fs(s)8 b Fu(\):\()p
+Ft(A)p Fu([)-17 b([)p Fs(a)2674 530 y Fn(2)2714 515 y
+Fu(])g(])q Fs(s)8 b Fu(\),)32 b Fs(s)8 b Ft(i)283 709
+y Fu(Using)33 b(the)g(transition)e(relation)f(for)i Fb(add)h
+Fu(giv)m(en)g(in)f(T)-8 b(able)32 b(3.1)g(w)m(e)i(get)527
+903 y Ft(h)p Fb(add)p Fu(,)f(\()p Ft(A)p Fu([)-17 b([)p
+Fs(a)1023 918 y Fn(1)1063 903 y Fu(])g(])q Fs(s)8 b Fu(\):\()p
+Ft(A)o Fu([)-17 b([)q Fs(a)1426 918 y Fn(2)1465 903 y
+Fu(])g(])q Fs(s)8 b Fu(\),)33 b Fs(s)8 b Ft(i)32 b Fh(\003)h
+Ft(h)p Fo(")o Fu(,)g Ft(A)p Fu([)-17 b([)p Fs(a)2196
+918 y Fn(1)2236 903 y Fu(])g(])p Fs(s)8 b Fu(+)p Ft(A)p
+Fu([)-17 b([)q Fs(a)2572 918 y Fn(2)2611 903 y Fu(])g(])q
+Fs(s)8 b Fu(,)33 b Fs(s)8 b Ft(i)283 1097 y Fu(It)25
+b(is)e(easy)j(to)e(c)m(hec)m(k)i(that)e(all)e(in)m(termediate)h
+(con\014gurations)h(ha)m(v)m(e)h(a)f(non-empt)m(y)h(ev)-5
+b(aluation)283 1217 y(stac)m(k.)45 b(Since)33 b Ft(A)o
+Fu([)-17 b([)q Fs(a)1000 1232 y Fn(1)1040 1217 y Fu(+)p
+Fs(a)1173 1232 y Fn(2)1212 1217 y Fu(])g(])q Fs(s)41
+b Fu(=)32 b Ft(A)o Fu([)-17 b([)q Fs(a)1613 1232 y Fn(1)1653
+1217 y Fu(])g(])p Fs(s)41 b Fu(+)32 b Ft(A)p Fu([)-17
+b([)p Fs(a)2053 1232 y Fn(2)2093 1217 y Fu(])g(])q Fs(s)40
+b Fu(w)m(e)34 b(ha)m(v)m(e)g(the)f(desired)g(result.)336
+b Fh(2)430 1421 y Fu(W)-8 b(e)33 b(ha)m(v)m(e)h(a)e(similar)d(result)k
+(for)f(b)s(o)s(olean)f(expressions:)283 1636 y Fw(Exercise)37
+b(3.19)49 b(\(Essen)m(tial\))30 b Fu(Sho)m(w)k(that)e(for)g(all)e(b)s
+(o)s(olean)h(expressions)k Fs(b)j Fu(w)m(e)c(ha)m(v)m(e)527
+1830 y Ft(hC)6 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
+b(])q(,)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)1181
+1794 y Fi(\003)1253 1830 y Ft(h)o Fo(")p Fu(,)h Ft(B)s
+Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)8 b Fu(,)33
+b Fs(s)8 b Ft(i)283 2024 y Fu(F)-8 b(urthermore,)48 b(sho)m(w)d(that)g
+(all)d(in)m(termediate)i(con\014gurations)g(of)g(this)g(computation)g
+(se-)283 2144 y(quence)35 b(will)30 b(ha)m(v)m(e)k(a)e(non-empt)m(y)h
+(ev)-5 b(aluation)31 b(stac)m(k.)1385 b Fh(2)283 2432
+y Fp(Statemen)l(ts)283 2616 y Fu(When)42 b(form)m(ulating)c(the)j
+(correctness)h(of)e(the)h(result)g(for)f(statemen)m(ts)i(w)m(e)f(ha)m
+(v)m(e)h(a)e(c)m(hoice)283 2737 y(b)s(et)m(w)m(een)35
+b(using)429 2931 y Ft(\017)48 b Fu(the)33 b(natural)f(seman)m(tics,)h
+(or)429 3131 y Ft(\017)48 b Fu(the)33 b(structural)g(op)s(erational)d
+(seman)m(tics.)283 3325 y(Here)e(w)m(e)g(shall)d(use)j(the)f(natural)f
+(seman)m(tics)h(but)g(in)f(the)i(next)f(section)g(w)m(e)h(sk)m(etc)m(h)
+h(the)f(pro)s(of)283 3445 y(in)k(the)h(case)h(where)g(the)f(structural)
+f(op)s(erational)e(seman)m(tics)j(is)f(used.)430 3565
+y(The)k(correctness)i(of)d(the)h(translation)d(of)i(statemen)m(ts)i(is)
+e(expressed)j(b)m(y)f(the)f(follo)m(wing)283 3686 y(theorem:)p
+283 3806 3473 5 v 283 3971 a Fw(Theorem)i(3.20)49 b Fu(F)-8
+b(or)31 b(ev)m(ery)k(statemen)m(t)e Fs(S)44 b Fu(of)32
+b Fw(While)f Fu(w)m(e)j(ha)m(v)m(e)g Ft(S)2863 3986 y
+Fn(ns)2934 3971 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])33
+b(=)g Ft(S)3284 3986 y Fn(am)3383 3971 y Fu([)-17 b([)p
+Fs(S)12 b Fu(])-17 b(])q(.)p 283 4091 V 430 4285 a(This)28
+b(theorem)g(relates)g(the)h(b)s(eha)m(viour)f(of)g(a)g(statemen)m(t)h
+(under)g(the)g(natural)e(seman)m(tics)283 4406 y(with)47
+b(the)g(b)s(eha)m(viour)f(of)g(the)h(co)s(de)g(on)g(the)g(abstract)g
+(mac)m(hine)f(under)h(its)f(op)s(erational)283 4526 y(seman)m(tics.)e
+(In)33 b(analogy)e(with)i(Theorem)g(2.26)e(it)h(expresses)k(t)m(w)m(o)d
+(prop)s(erties:)429 4720 y Ft(\017)48 b Fu(If)27 b(the)g(execution)g
+(of)f Fs(S)38 b Fu(from)26 b(some)g(state)h(terminates)f(in)g(one)g(of)
+h(the)f(seman)m(tics)h(then)527 4840 y(it)32 b(also)g(terminates)f(in)h
+(the)h(other)g(and)g(the)g(resulting)e(states)j(will)c(b)s(e)j(equal.)
+429 5040 y Ft(\017)48 b Fu(F)-8 b(urthermore,)39 b(if)e(the)i
+(execution)g(of)f Fs(S)50 b Fu(from)37 b(some)h(state)g(lo)s(ops)f(in)h
+(one)g(of)g(the)h(se-)527 5161 y(man)m(tics)32 b(then)h(it)f(will)e
+(also)i(lo)s(op)f(in)h(the)h(other.)283 5355 y(The)d(theorem)e(is)f
+(pro)m(v)m(ed)j(in)e(t)m(w)m(o)h(stages)f(as)h(expressed)i(b)m(y)e
+(Lemmas)e(3.21)h(and)g(3.22)g(b)s(elo)m(w.)283 5475 y(W)-8
+b(e)33 b(shall)f(\014rst)h(pro)m(v)m(e:)p eop
+%%Page: 75 85
+75 84 bop 0 130 a Fw(3.3)112 b(Correctness)2530 b(75)p
+0 193 3473 4 v 0 515 3473 5 v 0 683 a(Lemma)37 b(3.21)49
+b Fu(F)-8 b(or)31 b(ev)m(ery)j(statemen)m(t)e Fs(S)44
+b Fu(of)32 b Fw(While)e Fu(and)i(states)h Fs(s)40 b Fu(and)32
+b Fs(s)2844 647 y Fi(0)2867 683 y Fu(,)g(w)m(e)h(ha)m(v)m(e)h(that)244
+880 y(if)d Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33
+b(!)f Fs(s)798 843 y Fi(0)886 880 y Fu(then)i Ft(h)o(C)6
+b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 b Fo(")p
+Fu(,)f Fs(s)8 b Ft(i)33 b Fh(\003)1777 843 y Fi(\003)1849
+880 y Ft(h)p Fo(")o Fu(,)g Fo(")p Fu(,)f Fs(s)2146 843
+y Fi(0)2170 880 y Ft(i)0 1076 y Fu(So)48 b(if)f(the)h(execution)h(of)e
+Fs(S)60 b Fu(from)47 b Fs(s)56 b Fu(terminates)47 b(in)g(the)h(natural)
+f(seman)m(tics)h(then)h(the)0 1197 y(execution)34 b(of)e(the)h(co)s(de)
+g(for)g Fs(S)44 b Fu(from)32 b(storage)g Fs(s)41 b Fu(will)31
+b(terminate)g(and)i(the)h(resulting)d(states)0 1317 y(and)i(storages)g
+(will)d(b)s(e)j(equal.)p 0 1437 V 0 1634 a Fw(Pro)s(of:)e
+Fu(W)-8 b(e)27 b(pro)s(ceed)h(b)m(y)g(induction)e(on)g(the)i(shap)s(e)f
+(of)g(the)g(deriv)-5 b(ation)25 b(tree)j(for)e Ft(h)p
+Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)o(!)p Fs(s)3422 1598
+y Fi(0)3445 1634 y Fu(.)0 1802 y Fw(The)33 b(case)g Fu([ass)608
+1817 y Fn(ns)680 1802 y Fu(]:)44 b(W)-8 b(e)33 b(assume)g(that)244
+1998 y Ft(h)p Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(,)32 b Fs(s)8
+b Ft(i!)p Fs(s)794 1962 y Fi(0)0 2195 y Fu(where)34 b
+Fs(s)330 2159 y Fi(0)353 2195 y Fu(=)p Fs(s)8 b Fu([)p
+Fs(x)k Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q
+Fs(s)8 b Fu(].)43 b(F)-8 b(rom)31 b(T)-8 b(able)33 b(3.3)f(w)m(e)h(ha)m
+(v)m(e)244 2391 y Ft(C)6 b(S)i Fu([)-17 b([)q Fs(x)12
+b Fu(:=)p Fs(a)7 b Fu(])-17 b(])33 b(=)f Ft(C)6 b(A)p
+Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q(:)p Fb(store)p
+Fu(-)p Fs(x)0 2588 y Fu(F)-8 b(rom)31 b(Lemma)g(3.18)h(applied)g(to)g
+Fs(a)40 b Fu(w)m(e)33 b(get)244 2785 y Ft(hC)6 b(A)o
+Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q(,)32 b Fo(")p
+Fu(,)h Fs(s)8 b Ft(i)32 b Fh(\003)915 2749 y Fi(\003)987
+2785 y Ft(h)o Fo(")p Fu(,)h Ft(A)o Fu([)-17 b([)q Fs(a)7
+b Fu(])-17 b(])q Fs(s)8 b Fu(,)32 b Fs(s)8 b Ft(i)0 2981
+y Fu(and)33 b(then)g(Exercise)h(3.4)e(giv)m(es)h(the)g(\014rst)g(part)f
+(of)244 3178 y Ft(hC)6 b(A)o Fu([)-17 b([)q Fs(a)7 b
+Fu(])-17 b(])q(:)p Fb(store)p Fu(-)p Fs(x)12 b Fu(,)31
+b Fo(")p Fu(,)i Fs(s)8 b Ft(i)32 b Fh(\003)1314 3142
+y Fi(\003)1386 3178 y Ft(h)p Fb(store)p Fu(-)p Fs(x)12
+b Fu(,)31 b(\()p Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
+b(])q Fs(s)8 b Fu(\),)33 b Fs(s)8 b Ft(i)1237 3346 y
+Fh(\003)72 b Ft(h)p Fo(")p Fu(,)32 b Fo(")p Fu(,)h Fs(s)8
+b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
+b(])q Fs(s)8 b Fu(])p Ft(i)0 3542 y Fu(and)35 b(the)g(second)h(part)e
+(follo)m(ws)g(from)f(the)i(op)s(erational)d(seman)m(tics)j(for)f
+Fb(store)p Fu(-)p Fs(x)45 b Fu(giv)m(en)35 b(in)0 3663
+y(T)-8 b(able)32 b(3.1.)43 b(Since)33 b Fs(s)766 3626
+y Fi(0)822 3663 y Fu(=)f Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)p
+Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])33
+b(this)f(completes)g(the)h(pro)s(of.)0 3830 y Fw(The)g(case)g
+Fu([skip)654 3845 y Fn(ns)726 3830 y Fu(]:)43 b(Straigh)m(tforw)m(ard.)
+0 3998 y Fw(The)33 b(case)g Fu([comp)711 4013 y Fn(ns)782
+3998 y Fu(]:)43 b(Assume)34 b(that)244 4194 y Ft(h)p
+Fs(S)350 4209 y Fn(1)389 4194 y Fu(;)p Fs(S)483 4209
+y Fn(2)522 4194 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)g Fs(s)881
+4158 y Fi(00)0 4391 y Fu(holds)g(b)s(ecause)244 4588
+y Ft(h)p Fs(S)350 4603 y Fn(1)389 4588 y Fu(,)h Fs(s)8
+b Ft(i)32 b(!)g Fs(s)748 4551 y Fi(0)804 4588 y Fu(and)h
+Ft(h)o Fs(S)1099 4603 y Fn(2)1139 4588 y Fu(,)f Fs(s)1246
+4551 y Fi(0)1270 4588 y Ft(i)g(!)g Fs(s)1521 4551 y Fi(00)0
+4784 y Fu(F)-8 b(rom)31 b(T)-8 b(able)32 b(3.3)g(w)m(e)i(ha)m(v)m(e)244
+4981 y Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)475 4996 y Fn(1)514
+4981 y Fu(;)p Fs(S)608 4996 y Fn(2)647 4981 y Fu(])g(])33
+b(=)g Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)1056 4996 y Fn(1)1096
+4981 y Fu(])g(]:)p Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)1391
+4996 y Fn(2)1430 4981 y Fu(])g(])0 5177 y(W)-8 b(e)44
+b(shall)e(no)m(w)i(apply)g(the)g(induction)e(h)m(yp)s(othesis)j(to)e
+(the)h(premises)g Ft(h)p Fs(S)2850 5192 y Fn(1)2889 5177
+y Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)3248 5141 y Fi(0)3315
+5177 y Fu(and)0 5298 y Ft(h)p Fs(S)106 5313 y Fn(2)145
+5298 y Fu(,)h Fs(s)253 5262 y Fi(0)276 5298 y Ft(i)f(!)g
+Fs(s)527 5262 y Fi(00)602 5298 y Fu(and)h(w)m(e)h(get)244
+5494 y Ft(hC)6 b(S)i Fu([)-17 b([)p Fs(S)513 5509 y Fn(1)553
+5494 y Fu(])g(],)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32
+b Fh(\003)952 5458 y Fi(\003)1024 5494 y Ft(h)p Fo(")o
+Fu(,)h Fo(")o Fu(,)g Fs(s)1321 5458 y Fi(0)1344 5494
+y Ft(i)p eop
+%%Page: 76 86
+76 85 bop 251 130 a Fw(76)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
+b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283
+515 a Fu(and)527 716 y Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)797
+731 y Fn(2)836 716 y Fu(])g(])q(,)32 b Fo(")p Fu(,)g
+Fs(s)1086 680 y Fi(0)1110 716 y Ft(i)g Fh(\003)1259 680
+y Fi(\003)1331 716 y Ft(h)o Fo(")p Fu(,)h Fo(")o Fu(,)g
+Fs(s)1628 680 y Fi(00)1670 716 y Ft(i)283 917 y Fu(Using)g(Exercise)h
+(3.4)e(w)m(e)h(then)h(ha)m(v)m(e)527 1117 y Ft(hC)6 b(S)i
+Fu([)-17 b([)q Fs(S)797 1132 y Fn(1)836 1117 y Fu(])g(])q(:)p
+Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)1131 1132 y Fn(2)1171
+1117 y Fu(])g(],)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32
+b Fh(\003)1570 1081 y Fi(\003)1642 1117 y Ft(hC)6 b(S)i
+Fu([)-17 b([)p Fs(S)1911 1132 y Fn(2)1951 1117 y Fu(])g(],)33
+b Fo(")o Fu(,)g Fs(s)2201 1081 y Fi(0)2224 1117 y Ft(i)g
+Fh(\003)2373 1081 y Fi(\003)2445 1117 y Ft(h)p Fo(")o
+Fu(,)g Fo(")p Fu(,)f Fs(s)2742 1081 y Fi(00)2785 1117
+y Ft(i)283 1318 y Fu(and)h(the)g(result)g(follo)m(ws.)283
+1486 y Fw(The)g(case)g Fu([if)836 1450 y Fn(tt)824 1510
+y(ns)895 1486 y Fu(]:)43 b(Assume)34 b(that)527 1686
+y Ft(h)p Fr(if)f Fs(b)39 b Fr(then)33 b Fs(S)1089 1701
+y Fn(1)1161 1686 y Fr(else)h Fs(S)1466 1701 y Fn(2)1505
+1686 y Fu(,)e Fs(s)8 b Ft(i)33 b(!)f Fs(s)1864 1650 y
+Fi(0)283 1887 y Fu(b)s(ecause)i Ft(B)t Fu([)-17 b([)p
+Fs(b)6 b Fu(])-17 b(])q Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)527
+2088 y Ft(h)p Fs(S)633 2103 y Fn(1)672 2088 y Fu(,)h
+Fs(s)8 b Ft(i)32 b(!)g Fs(s)1031 2052 y Fi(0)283 2288
+y Fu(F)-8 b(rom)32 b(T)-8 b(able)32 b(3.3)g(w)m(e)i(get)e(that)527
+2489 y Ft(C)6 b(S)i Fu([)-17 b([)q Fr(if)33 b Fs(b)38
+b Fr(then)c Fs(S)1214 2504 y Fn(1)1286 2489 y Fr(else)f
+Fs(S)1590 2504 y Fn(2)1630 2489 y Fu(])-17 b(])33 b(=)f
+Ft(C)6 b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(]:)p
+Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)2717
+2504 y Fn(1)2756 2489 y Fu(])g(])q(,)32 b Ft(C)6 b(S)i
+Fu([)-17 b([)q Fs(S)3084 2504 y Fn(2)3123 2489 y Fu(])g(])q(\))283
+2690 y(Using)33 b(Exercises)h(3.19)e(and)h(3.4)f(w)m(e)h(get)g(the)g
+(\014rst)g(part)f(of)527 2890 y Ft(hC)6 b(B)t Fu([)-17
+b([)p Fs(b)6 b Fu(])-17 b(])q(:)p Fb(branch)p Fu(\()p
+Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)1475 2905 y Fn(1)1514
+2890 y Fu(])g(],)33 b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)1842
+2905 y Fn(2)1881 2890 y Fu(])g(])q(\),)32 b Fo(")p Fu(,)g
+Fs(s)8 b Ft(i)819 3058 y Fh(\003)896 3022 y Fi(\003)968
+3058 y Ft(h)p Fb(branch)p Fu(\()p Ft(C)e(S)i Fu([)-17
+b([)q Fs(S)1636 3073 y Fn(1)1675 3058 y Fu(])g(])q(,)32
+b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)2003 3073 y Fn(2)2042
+3058 y Fu(])g(])q(\),)32 b(\()p Ft(B)t Fu([)-17 b([)p
+Fs(b)6 b Fu(])-17 b(])q Fs(s)8 b Fu(\),)32 b Fs(s)8 b
+Ft(i)819 3226 y Fh(\003)72 b Ft(hC)6 b(S)i Fu([)-17 b([)q
+Fs(S)1238 3241 y Fn(1)1277 3226 y Fu(])g(])q(,)32 b Fo(")p
+Fu(,)h Fs(s)8 b Ft(i)819 3393 y Fh(\003)896 3357 y Fi(\003)968
+3393 y Ft(h)p Fo(")p Fu(,)32 b Fo(")p Fu(,)h Fs(s)1266
+3357 y Fi(0)1289 3393 y Ft(i)283 3594 y Fu(The)49 b(second)h(part)d
+(follo)m(ws)g(from)f(the)j(de\014nition)e(of)g(the)h(meaning)f(of)g
+(the)i(instruction)283 3714 y Fb(branch)31 b Fu(in)f(the)h(case)h
+(where)g(the)f(elemen)m(t)g(on)f(top)h(of)f(the)h(ev)-5
+b(aluation)29 b(stac)m(k)j(is)f Fw(tt)e Fu(\(whic)m(h)283
+3835 y(is)39 b(the)h(v)-5 b(alue)38 b(of)h Ft(B)s Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)8 b Fu(\).)64 b(The)40
+b(third)e(part)h(of)g(the)g(computation)f(sequence)k(comes)d(from)283
+3955 y(applying)32 b(the)h(induction)e(h)m(yp)s(othesis)j(to)e(the)h
+(premise)g Ft(h)o Fs(S)2515 3970 y Fn(1)2555 3955 y Fu(,)f
+Fs(s)8 b Ft(i)32 b(!)h Fs(s)2914 3919 y Fi(0)2937 3955
+y Fu(.)283 4123 y Fw(The)g(case)g Fu([if)836 4087 y Fn(\013)824
+4147 y(ns)895 4123 y Fu(]:)43 b(Analogous.)283 4290 y
+Fw(The)33 b(case)g Fu([while)1001 4254 y Fn(tt)989 4315
+y(ns)1060 4290 y Fu(]:)44 b(Assume)33 b(that)527 4491
+y Ft(h)p Fr(while)h Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33
+b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1499 4455 y Fi(00)283 4692
+y Fu(b)s(ecause)i Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
+b(])q Fs(s)41 b Fu(=)32 b Fw(tt)p Fu(,)527 4892 y Ft(h)p
+Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)992 4856
+y Fi(0)1048 4892 y Fu(and)h Ft(h)o Fr(while)h Fs(b)39
+b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)1958 4856 y Fi(0)1982
+4892 y Ft(i)g(!)g Fs(s)2233 4856 y Fi(00)283 5093 y Fu(F)-8
+b(rom)32 b(T)-8 b(able)32 b(3.3)g(w)m(e)i(ha)m(v)m(e)527
+5294 y Ft(C)6 b(S)i Fu([)-17 b([)q Fr(while)34 b Fs(b)k
+Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)g Fb(loop)p
+Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
+b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(]\))283 5494 y(and)33 b(get)p eop
+%%Page: 77 87
+77 86 bop 0 130 a Fw(3.3)112 b(Correctness)2530 b(77)p
+0 193 3473 4 v 244 515 a Ft(h)p Fb(loop)p Fu(\()p Ft(C)6
+b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6
+b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p
+Fu(,)f Fs(s)8 b Ft(i)516 683 y Fh(\003)48 b Ft(h)o(C)6
+b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(]:)p Fb(branch)p
+Fu(\()p Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(]:)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)q
+Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fb(noop)p Fu(\),)g
+Fo(")o Fu(,)g Fs(s)8 b Ft(i)516 851 y Fh(\003)593 814
+y Fi(\003)641 851 y Ft(h)o Fb(branch)p Fu(\()p Ft(C)e(S)i
+Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]:)p Fb(loop)p Fu(\()p
+Ft(C)6 b(B)f Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32
+b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33
+b Fb(noop)p Fu(\),)g(\()p Ft(B)s Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(])p Fs(s)8 b Fu(\),)33 b Fs(s)8 b Ft(i)516
+1018 y Fh(\003)48 b Ft(h)o(C)6 b(S)j Fu([)-17 b([)p Fs(S)12
+b Fu(])-17 b(])q(:)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17
+b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p Fu(,)f Fs(s)8
+b Ft(i)0 1211 y Fu(Here)25 b(the)f(\014rst)g(part)g(follo)m(ws)f(from)g
+(the)h(meaning)e(of)i(the)g Fb(loop)p Fu(-instruction)f(\(see)i(T)-8
+b(able)24 b(3.1\))0 1331 y(and)32 b(the)h(second)h(part)e(from)f
+(Exercises)j(3.19)e(and)g(3.4.)43 b(Since)33 b Ft(B)s
+Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32
+b Fw(tt)f Fu(the)i(third)f(part)0 1451 y(follo)m(ws)38
+b(from)h(the)h(meaning)e(of)h(the)i Fb(branch)p Fu(-instruction.)63
+b(The)41 b(induction)d(h)m(yp)s(othesis)0 1572 y(can)33
+b(no)m(w)f(b)s(e)h(applied)e(to)h(the)h(premises)f Ft(h)p
+Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)2002
+1536 y Fi(0)2058 1572 y Fu(and)g Ft(h)p Fr(while)h Fs(b)38
+b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)2966 1536 y Fi(0)2990
+1572 y Ft(i)g(!)g Fs(s)3241 1536 y Fi(00)3315 1572 y
+Fu(and)0 1692 y(giv)m(es)244 1885 y Ft(hC)6 b(S)i Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b Fo(")p Fu(,)h Fs(s)8
+b Ft(i)32 b Fh(\003)912 1849 y Fi(\003)984 1885 y Ft(h)p
+Fo(")p Fu(,)g Fo(")p Fu(,)h Fs(s)1282 1849 y Fi(0)1305
+1885 y Ft(i)244 2052 y(h)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t
+Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6
+b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p
+Fu(,)f Fs(s)1385 2016 y Fi(0)1409 2052 y Ft(i)g Fh(\003)1557
+2016 y Fi(\003)1629 2052 y Ft(h)p Fo(")p Fu(,)g Fo(")p
+Fu(,)h Fs(s)1927 2016 y Fi(00)1969 2052 y Ft(i)0 2245
+y Fu(so)g(using)f(Exercise)i(3.4)e(w)m(e)i(get)244 2437
+y Ft(hC)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(:)p
+Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)6
+b Fu(])-17 b(])q(,)33 b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12
+b Fu(])-17 b(])q(\),)32 b Fo(")p Fu(,)g Fs(s)8 b Ft(i)578
+2605 y Fh(\003)655 2569 y Fi(\003)727 2605 y Ft(h)p Fb(loop)p
+Fu(\()p Ft(C)e(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33
+b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(\),)32
+b Fo(")p Fu(,)h Fs(s)1869 2569 y Fi(0)1892 2605 y Ft(i)578
+2773 y Fh(\003)655 2736 y Fi(\003)727 2773 y Ft(h)p Fo(")p
+Fu(,)f Fo(")p Fu(,)h Fs(s)1025 2736 y Fi(00)1067 2773
+y Ft(i)0 2965 y Fw(The)28 b(case)g Fu([while)708 2929
+y Fn(\013)696 2990 y(ns)767 2965 y Fu(]:)41 b(Assume)28
+b(that)f Ft(h)p Fr(while)i Fs(b)k Fr(do)28 b Fs(S)12
+b Fu(,)28 b Fs(s)8 b Ft(i)27 b(!)g Fs(s)2366 2929 y Fi(0)2417
+2965 y Fu(holds)h(b)s(ecause)g Ft(B)t Fu([)-17 b([)q
+Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(\013)0
+3085 y Fu(and)h(then)g Fs(s)40 b Fu(=)33 b Fs(s)649 3049
+y Fi(0)672 3085 y Fu(.)44 b(W)-8 b(e)33 b(ha)m(v)m(e)244
+3278 y Ft(h)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17
+b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p Fu(,)f Fs(s)8
+b Ft(i)516 3445 y Fh(\003)48 b Ft(h)o(C)6 b(B)t Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(]:)p Fb(branch)p Fu(\()p Ft(C)6
+b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]:)p Fb(loop)p
+Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(]\),)33 b Fb(noop)p Fu(\),)g Fo(")o Fu(,)g Fs(s)8 b
+Ft(i)516 3613 y Fh(\003)593 3577 y Fi(\003)641 3613 y
+Ft(h)o Fb(branch)p Fu(\()p Ft(C)e(S)i Fu([)-17 b([)q
+Fs(S)12 b Fu(])-17 b(]:)p Fb(loop)p Fu(\()p Ft(C)6 b(B)f
+Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6
+b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fb(noop)p
+Fu(\),)g(\()p Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(])p Fs(s)8 b Fu(\),)33 b Fs(s)8 b Ft(i)516 3781 y Fh(\003)48
+b Ft(h)o Fb(noop)p Fu(,)33 b Fo(")p Fu(,)g Fs(s)8 b Ft(i)516
+3948 y Fh(\003)48 b Ft(h)o Fo(")p Fu(,)33 b Fo(")o Fu(,)g
+Fs(s)8 b Ft(i)0 4141 y Fu(using)36 b(the)h(de\014nitions)f(of)g(the)h
+Fb(loop)p Fu(-,)g Fb(branch)p Fu(-)f(and)g Fb(noop)p
+Fu(-instructions)g(in)g(T)-8 b(able)36 b(3.1)0 4261 y(together)d(with)f
+(Exercises)i(3.19)e(and)h(3.4.)1821 b Fh(2)146 4465 y
+Fu(This)33 b(pro)m(v)m(es)h(Lemma)e(3.21.)42 b(The)34
+b(second)g(part)e(of)g(the)h(theorem)g(follo)m(ws)e(from:)p
+0 4585 3473 5 v 0 4748 a Fw(Lemma)37 b(3.22)49 b Fu(F)-8
+b(or)31 b(ev)m(ery)j(statemen)m(t)e Fs(S)44 b Fu(of)32
+b Fw(While)e Fu(and)i(states)h Fs(s)40 b Fu(and)32 b
+Fs(s)2844 4712 y Fi(0)2867 4748 y Fu(,)g(w)m(e)h(ha)m(v)m(e)h(that)244
+4941 y(if)d Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(],)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)1002
+4905 y Fn(k)1076 4941 y Ft(h)o Fo(")p Fu(,)h Fs(e)7 b
+Fu(,)33 b Fs(s)1380 4905 y Fi(0)1403 4941 y Ft(i)f Fu(then)h
+Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)2161
+4905 y Fi(0)2217 4941 y Fu(and)h Fs(e)40 b Fu(=)32 b
+Fo(")0 5133 y Fu(So)f(if)f(the)i(execution)g(of)f(the)h(co)s(de)f(for)g
+Fs(S)43 b Fu(from)30 b(a)i(storage)f Fs(s)39 b Fu(terminates)31
+b(then)h(the)g(natural)0 5254 y(seman)m(tics)k(of)g Fs(S)48
+b Fu(from)34 b Fs(s)44 b Fu(will)34 b(terminate)h(in)g(a)h(state)g(b)s
+(eing)f(equal)h(to)g(the)g(storage)g(of)g(the)0 5374
+y(terminal)30 b(con\014guration.)p 0 5494 V eop
+%%Page: 78 88
+78 87 bop 251 130 a Fw(78)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
+b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 283
+515 a(Pro)s(of:)29 b Fu(W)-8 b(e)26 b(shall)d(pro)s(ceed)j(b)m(y)g
+(induction)e(on)h(the)h(length)e(k)i(of)e(the)i(computation)d(sequence)
+283 636 y(of)37 b(the)f(abstract)h(mac)m(hine.)55 b(If)37
+b(k)f(=)h(0)f(the)h(result)f(holds)h(v)-5 b(acuously)37
+b(b)s(ecause)g Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)12 b
+Fu(])-17 b(])37 b(=)f Fo(")283 756 y Fu(cannot)d(o)s(ccur.)43
+b(So)32 b(assume)h(that)f(it)f(holds)h(for)g(k)g Ft(\024)h
+Fu(k)2331 771 y Fn(0)2403 756 y Fu(and)f(w)m(e)h(shall)e(pro)m(v)m(e)i
+(that)f(it)f(holds)283 877 y(for)h(k)i(=)e(k)676 892
+y Fn(0)716 877 y Fu(+1.)43 b(W)-8 b(e)33 b(pro)s(ceed)g(b)m(y)h(cases)g
+(on)e(the)h(statemen)m(t)g Fs(S)12 b Fu(.)283 1044 y
+Fw(The)33 b(case)g Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(:)44
+b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)h Ft(C)6 b(S)i Fu([)-17
+b([)q Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])33 b(=)f
+Ft(C)6 b(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q(:)p
+Fb(store)p Fu(-)p Fs(x)43 b Fu(so)33 b(assume)g(that)527
+1245 y Ft(hC)6 b(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
+b(])q(:)p Fb(store)p Fu(-)p Fs(x)12 b Fu(,)32 b Fo(")o
+Fu(,)h Fs(s)8 b Ft(i)32 b Fh(\003)1598 1209 y Fn(k)1635
+1218 y Fd(0)1670 1209 y Fn(+1)1797 1245 y Ft(h)o Fo(")p
+Fu(,)h Fs(e)7 b Fu(,)32 b Fs(s)2100 1209 y Fi(0)2124
+1245 y Ft(i)283 1446 y Fu(Then)41 b(b)m(y)f(Exercise)h(3.5)e(there)h(m)
+m(ust)g(b)s(e)f(a)g(con\014guration)g(of)g(the)g(form)f
+Ft(h)p Fo(")p Fu(,)32 b Fs(e)3297 1409 y Fi(00)3340 1446
+y Fu(,)h Fs(s)3448 1409 y Fi(00)3490 1446 y Ft(i)39 b
+Fu(suc)m(h)283 1566 y(that)527 1767 y Ft(hC)6 b(A)p Fu([)-17
+b([)p Fs(a)7 b Fu(])-17 b(])q(,)33 b Fo(")p Fu(,)f Fs(s)8
+b Ft(i)33 b Fh(\003)1198 1730 y Fn(k)1235 1739 y Fd(1)1307
+1767 y Ft(h)o Fo(")p Fu(,)g Fs(e)1503 1730 y Fi(00)1545
+1767 y Fu(,)g Fs(s)1653 1730 y Fi(00)1695 1767 y Ft(i)527
+1934 y(h)p Fb(store)p Fu(-)p Fs(x)12 b Fu(,)31 b Fs(e)1050
+1898 y Fi(00)1093 1934 y Fu(,)i Fs(s)1201 1898 y Fi(00)1243
+1934 y Ft(i)g Fh(\003)1392 1898 y Fn(k)1429 1907 y Fd(2)1500
+1934 y Ft(h)p Fo(")p Fu(,)g Fs(e)7 b Fu(,)32 b Fs(s)1804
+1898 y Fi(0)1828 1934 y Ft(i)283 2135 y Fu(where)h(k)615
+2150 y Fn(1)687 2135 y Fu(+)e(k)845 2150 y Fn(2)916 2135
+y Fu(=)g(k)1074 2150 y Fn(0)1146 2135 y Fu(+)g(1.)43
+b(F)-8 b(rom)30 b(Lemma)g(3.18)h(and)g(Exercise)i(3.6)e(w)m(e)i(get)e
+(that)h Fs(e)3473 2099 y Fi(00)3547 2135 y Fu(m)m(ust)283
+2255 y(b)s(e)39 b(\()p Ft(A)o Fu([)-17 b([)q Fs(a)7 b
+Fu(])-17 b(])q Fs(s)8 b Fu(\))37 b(and)i Fs(s)1039 2219
+y Fi(00)1119 2255 y Fu(m)m(ust)f(b)s(e)g Fs(s)8 b Fu(.)60
+b(Using)38 b(the)g(seman)m(tics)g(of)g Fb(store)p Fu(-)p
+Fs(x)48 b Fu(w)m(e)39 b(therefore)g(see)283 2376 y(that)33
+b Fs(s)543 2340 y Fi(0)599 2376 y Fu(is)f Fs(s)8 b Fu([)p
+Fs(x)k Ft(7!)o(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])p
+Fs(s)8 b Fu(])33 b(and)g Fs(e)40 b Fu(is)32 b Fo(")o
+Fu(.)44 b(It)32 b(no)m(w)i(follo)m(ws)d(from)g([ass)2748
+2391 y Fn(ns)2820 2376 y Fu(])i(that)f Ft(h)p Fs(x)12
+b Fu(:=)p Fs(a)7 b Fu(,)33 b Fs(s)8 b Ft(i)o(!)p Fs(s)3641
+2340 y Fi(0)3664 2376 y Fu(.)283 2543 y Fw(The)33 b(case)g
+Fr(skip)p Fu(:)45 b(Straigh)m(tforw)m(ard.)283 2711 y
+Fw(The)33 b(case)g Fs(S)806 2726 y Fn(1)846 2711 y Fu(;)p
+Fs(S)940 2726 y Fn(2)979 2711 y Fu(:)44 b(Assume)33 b(that)527
+2912 y Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)797 2927 y Fn(1)836
+2912 y Fu(])g(])q(:)p Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)1131
+2927 y Fn(2)1171 2912 y Fu(])g(],)33 b Fo(")o Fu(,)g
+Fs(s)8 b Ft(i)32 b Fh(\003)1570 2875 y Fn(k)1607 2884
+y Fd(0)1642 2875 y Fn(+1)1769 2912 y Ft(h)o Fo(")p Fu(,)h
+Fs(e)7 b Fu(,)33 b Fs(s)2073 2875 y Fi(00)2115 2912 y
+Ft(i)283 3112 y Fu(Then)c(b)m(y)f(Exercise)g(3.5)f(there)h(m)m(ust)f(b)
+s(e)h(a)e(con\014guration)h(of)f(the)i(form)e Ft(h)p
+Fo(")o Fu(,)i Fs(e)3146 3076 y Fi(0)3170 3112 y Fu(,)g
+Fs(s)3273 3076 y Fi(0)3297 3112 y Ft(i)e Fu(suc)m(h)j(that)527
+3313 y Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)797 3328 y Fn(1)836
+3313 y Fu(])g(])q(,)32 b Fo(")p Fu(,)g Fs(s)8 b Ft(i)33
+b Fh(\003)1235 3277 y Fn(k)1272 3286 y Fd(1)1344 3313
+y Ft(h)p Fo(")o Fu(,)g Fs(e)1540 3277 y Fi(0)1563 3313
+y Fu(,)g Fs(s)1671 3277 y Fi(0)1694 3313 y Ft(i)527 3481
+y(hC)6 b(S)i Fu([)-17 b([)q Fs(S)797 3496 y Fn(2)836
+3481 y Fu(])g(])q(,)32 b Fs(e)985 3444 y Fi(0)1009 3481
+y Fu(,)g Fs(s)1116 3444 y Fi(0)1140 3481 y Ft(i)g Fh(\003)1289
+3444 y Fn(k)1326 3453 y Fd(2)1397 3481 y Ft(h)p Fo(")o
+Fu(,)h Fs(e)7 b Fu(,)33 b Fs(s)1701 3444 y Fi(00)1743
+3481 y Ft(i)283 3681 y Fu(where)e(k)613 3696 y Fn(1)682
+3681 y Fu(+)f(k)839 3696 y Fn(2)908 3681 y Fu(=)f(k)1064
+3696 y Fn(0)1134 3681 y Fu(+)g(1.)42 b(The)31 b(induction)d(h)m(yp)s
+(othesis)j(can)e(no)m(w)h(b)s(e)g(applied)e(to)h(the)h(\014rst)283
+3802 y(of)j(these)g(computation)e(sequences)36 b(b)s(ecause)e(k)2068
+3817 y Fn(1)2141 3802 y Ft(\024)f Fu(k)2302 3817 y Fn(0)2374
+3802 y Fu(and)g(giv)m(es)527 4002 y Ft(h)p Fs(S)633 4017
+y Fn(1)672 4002 y Fu(,)g Fs(s)8 b Ft(i)32 b(!)g Fs(s)1031
+3966 y Fi(0)1087 4002 y Fu(and)h Fs(e)1329 3966 y Fi(0)1385
+4002 y Fu(=)g Fo(")283 4203 y Fu(Th)m(us)49 b(w)m(e)f(ha)m(v)m(e)g
+Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)1212 4218 y Fn(2)1251
+4203 y Fu(])g(])q(,)50 b Fo(")p Fu(,)g Fs(s)1537 4167
+y Fi(0)1561 4203 y Ft(i)c Fh(\003)1724 4167 y Fn(k)1761
+4176 y Fd(2)1847 4203 y Ft(h)p Fo(")o Fu(,)51 b Fs(e)7
+b Fu(,)51 b Fs(s)2187 4167 y Fi(00)2229 4203 y Ft(i)c
+Fu(and)g(since)g(k)2823 4218 y Fn(2)2910 4203 y Ft(\024)h
+Fu(k)3086 4218 y Fn(0)3172 4203 y Fu(the)g(induction)283
+4323 y(h)m(yp)s(othesis)34 b(can)f(b)s(e)g(applied)e(to)h(this)h
+(computation)e(sequence)k(and)e(giv)m(es)527 4524 y Ft(h)p
+Fs(S)633 4539 y Fn(2)672 4524 y Fu(,)g Fs(s)780 4488
+y Fi(0)803 4524 y Ft(i)g(!)f Fs(s)1055 4488 y Fi(00)1130
+4524 y Fu(and)g Fs(e)40 b Fu(=)33 b Fo(")283 4725 y Fu(The)h(rule)e
+([comp)934 4740 y Fn(ns)1005 4725 y Fu(])h(no)m(w)g(giv)m(es)g
+Ft(h)p Fs(S)1613 4740 y Fn(1)1652 4725 y Fu(;)p Fs(S)1746
+4740 y Fn(2)1785 4725 y Fu(,)g Fs(s)8 b Ft(i)32 b(!)g
+Fs(s)2144 4689 y Fi(00)2219 4725 y Fu(as)h(required.)283
+4892 y Fw(The)g(case)g Fr(if)h Fs(b)k Fr(then)c Fs(S)1263
+4907 y Fn(1)1334 4892 y Fr(else)g Fs(S)1639 4907 y Fn(2)1678
+4892 y Fu(:)44 b(The)33 b(co)s(de)g(generated)g(for)g(the)g
+(conditional)d(is)527 5093 y Ft(C)6 b(B)t Fu([)-17 b([)q
+Fs(b)6 b Fu(])-17 b(]:)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i
+Fu([)-17 b([)q Fs(S)1436 5108 y Fn(1)1475 5093 y Fu(])g(])q(,)32
+b Ft(C)6 b(S)i Fu([)-17 b([)q Fs(S)1803 5108 y Fn(2)1842
+5093 y Fu(])g(])q(\))283 5294 y(so)33 b(w)m(e)h(assume)f(that)527
+5494 y Ft(hC)6 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
+b(])q(:)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17 b([)q
+Fs(S)1475 5509 y Fn(1)1514 5494 y Fu(])g(],)33 b Ft(C)6
+b(S)i Fu([)-17 b([)q Fs(S)1842 5509 y Fn(2)1881 5494
+y Fu(])g(])q(\),)32 b Fo(")p Fu(,)g Fs(s)8 b Ft(i)33
+b Fh(\003)2318 5458 y Fn(k)2355 5467 y Fd(0)2390 5458
+y Fn(+1)2517 5494 y Ft(h)p Fo(")o Fu(,)g Fs(e)7 b Fu(,)33
+b Fs(s)2821 5458 y Fi(0)2844 5494 y Ft(i)p eop
+%%Page: 79 89
+79 88 bop 0 130 a Fw(3.3)112 b(Correctness)2530 b(79)p
+0 193 3473 4 v 0 515 a Fu(Then)39 b(b)m(y)h(Exercise)f(3.5)f(there)h(m)
+m(ust)f(b)s(e)h(a)f(con\014guration)f(of)h(the)h(form)e
+Ft(h)p Fo(")o Fu(,)j Fs(e)3008 479 y Fi(00)3051 515 y
+Fu(,)f Fs(s)3165 479 y Fi(00)3208 515 y Ft(i)f Fu(suc)m(h)0
+636 y(that)244 848 y Ft(hC)6 b(B)s Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(],)33 b Fo(")p Fu(,)f Fs(s)8 b Ft(i)33 b
+Fh(\003)897 812 y Fn(k)934 821 y Fd(1)1006 848 y Ft(h)o
+Fo(")p Fu(,)g Fs(e)1202 812 y Fi(00)1244 848 y Fu(,)g
+Fs(s)1352 812 y Fi(00)1395 848 y Ft(i)0 1060 y Fu(and)244
+1272 y Ft(h)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17
+b([)p Fs(S)911 1287 y Fn(1)950 1272 y Fu(])g(])q(,)33
+b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)1278 1287 y Fn(2)1318
+1272 y Fu(])g(]\),)33 b Fs(e)1505 1235 y Fi(00)1547 1272
+y Fu(,)g Fs(s)1655 1235 y Fi(00)1698 1272 y Ft(i)f Fh(\003)1846
+1235 y Fn(k)1883 1244 y Fd(2)1955 1272 y Ft(h)p Fo(")o
+Fu(,)h Fs(e)7 b Fu(,)33 b Fs(s)2259 1235 y Fi(0)2282
+1272 y Ft(i)0 1484 y Fu(where)42 b(k)341 1499 y Fn(1)421
+1484 y Fu(+)e(k)588 1499 y Fn(2)669 1484 y Fu(=)g(k)836
+1499 y Fn(0)916 1484 y Fu(+)h(1.)66 b(F)-8 b(rom)39 b(Exercises)k(3.19)
+d(and)g(3.6)g(w)m(e)i(get)e(that)g Fs(e)3039 1447 y Fi(00)3123
+1484 y Fu(m)m(ust)g(b)s(e)0 1604 y Ft(B)s Fu([)-17 b([)q
+Fs(b)6 b Fu(])-17 b(])q Fs(s)39 b Fu(and)32 b Fs(s)511
+1568 y Fi(00)586 1604 y Fu(m)m(ust)g(b)s(e)g Fs(s)8 b
+Fu(.)43 b(W)-8 b(e)32 b(shall)f(no)m(w)h(assume)h(that)e
+Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40
+b Fu(=)31 b Fw(tt)p Fu(.)43 b(Then)33 b(there)f(m)m(ust)0
+1724 y(b)s(e)h(a)f(con\014guration)g Ft(hC)6 b(S)i Fu([)-17
+b([)p Fs(S)1074 1739 y Fn(1)1113 1724 y Fu(])g(])q(,)33
+b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fu(suc)m(h)i(that)244
+1936 y(\()p Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)512 1951
+y Fn(1)552 1936 y Fu(])g(],)33 b Fo(")p Fu(,)f Fs(s)8
+b Ft(i)33 b Fh(\003)951 1900 y Fn(k)988 1909 y Fd(2)1023
+1900 y Fi(\000)p Fn(1)1150 1936 y Ft(h)o Fo(")p Fu(,)g
+Fs(e)7 b Fu(,)33 b Fs(s)1454 1900 y Fi(0)1477 1936 y
+Ft(i)0 2148 y Fu(The)24 b(induction)d(h)m(yp)s(othesis)j(can)f(no)m(w)g
+(b)s(e)g(applied)e(to)h(this)h(computation)e(sequence)k(b)s(ecause)0
+2269 y(k)51 2284 y Fn(2)123 2269 y Ft(\000)33 b Fu(1)g
+Ft(\024)g Fu(k)476 2284 y Fn(0)548 2269 y Fu(and)g(w)m(e)g(get)244
+2481 y Ft(h)p Fs(S)350 2496 y Fn(1)389 2481 y Fu(,)g
+Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 2444 y Fi(0)804 2481
+y Fu(and)h Fs(e)39 b Fu(=)33 b Fo(")0 2692 y Fu(The)g(rule)e([if)491
+2656 y Fn(tt)479 2717 y(ns)549 2692 y Fu(])h(giv)m(es)g(the)g(required)
+g Ft(h)p Fr(if)g Fs(b)38 b Fr(then)33 b Fs(S)1954 2707
+y Fn(1)2025 2692 y Fr(else)f Fs(S)2328 2707 y Fn(2)2368
+2692 y Fu(,)g Fs(s)8 b Ft(i)31 b(!)g Fs(s)2724 2656 y
+Fi(0)2748 2692 y Fu(.)43 b(The)33 b(case)f(where)0 2813
+y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])q Fs(s)40
+b Fu(=)33 b Fw(\013)f Fu(is)h(similar.)0 2980 y Fw(The)d(case)g
+Fr(while)h Fs(b)36 b Fr(do)30 b Fs(S)12 b Fu(:)29 b(The)i(co)s(de)f
+(for)f(the)h Fr(while)p Fu(-lo)s(op)f(is)g Fb(loop)p
+Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(],)31 b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17
+b(])q(\))29 b(and)0 3101 y(w)m(e)34 b(therefore)f(assume)g(that)244
+3313 y Ft(h)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17
+b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p Fu(,)f Fs(s)8
+b Ft(i)33 b Fh(\003)1534 3277 y Fn(k)1571 3286 y Fd(0)1606
+3277 y Fn(+1)1733 3313 y Ft(h)p Fo(")o Fu(,)g Fs(e)7
+b Fu(,)33 b Fs(s)2037 3277 y Fi(00)2079 3313 y Ft(i)0
+3525 y Fu(Using)48 b(the)g(de\014nition)f(of)g(the)h
+Fb(loop)p Fu(-instruction)f(this)h(means)g(that)g(the)g(computation)0
+3645 y(sequence)35 b(can)e(b)s(e)g(rewritten)g(as)244
+3857 y Ft(h)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17
+b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)i Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fo(")p Fu(,)f Fs(s)8
+b Ft(i)516 4025 y Fh(\003)98 b Ft(hC)6 b(B)s Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(])q(:)p Fb(branch)p Fu(\()p
+Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(:)p
+Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)6
+b Fu(])-17 b(])q(,)33 b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12
+b Fu(])-17 b(])q(\),)32 b Fb(noop)p Fu(\),)h Fo(")p Fu(,)f
+Fs(s)8 b Ft(i)516 4192 y Fh(\003)593 4156 y Fn(k)630
+4165 y Fd(0)691 4192 y Ft(h)p Fo(")o Fu(,)33 b Fs(e)7
+b Fu(,)33 b Fs(s)995 4156 y Fi(00)1037 4192 y Ft(i)0
+4404 y Fu(According)f(to)h(Exercise)h(3.5)e(there)h(will)d(then)j(b)s
+(e)g(a)f(con\014guration)g Ft(h)p Fo(")p Fu(,)g Fs(e)2780
+4368 y Fi(0)2804 4404 y Fu(,)g Fs(s)2911 4368 y Fi(0)2935
+4404 y Ft(i)g Fu(suc)m(h)i(that)244 4616 y Ft(hC)6 b(B)s
+Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fo(")p Fu(,)f
+Fs(s)8 b Ft(i)33 b Fh(\003)897 4580 y Fn(k)934 4589 y
+Fd(1)1006 4616 y Ft(h)o Fo(")p Fu(,)g Fs(e)1202 4580
+y Fi(0)1225 4616 y Fu(,)g Fs(s)1333 4580 y Fi(0)1356
+4616 y Ft(i)0 4828 y Fu(and)244 5040 y Ft(h)p Fb(branch)p
+Fu(\()p Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17
+b(])q(:)p Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)p
+Fs(b)6 b Fu(])-17 b(])q(,)32 b Ft(C)6 b(S)j Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q(\),)32 b Fb(noop)p Fu(\),)h
+Fs(e)2318 5004 y Fi(0)2342 5040 y Fu(,)f Fs(s)2449 5004
+y Fi(0)2473 5040 y Ft(i)g Fh(\003)2621 5004 y Fn(k)2658
+5013 y Fd(2)2730 5040 y Ft(h)p Fo(")o Fu(,)h Fs(e)7 b
+Fu(,)33 b Fs(s)3034 5004 y Fi(00)3076 5040 y Ft(i)0 5252
+y Fu(where)k(k)336 5267 y Fn(1)411 5252 y Fu(+)e(k)573
+5267 y Fn(2)648 5252 y Fu(=)h(k)811 5267 y Fn(0)851 5252
+y Fu(.)51 b(F)-8 b(rom)34 b(Exercises)k(3.19)c(and)i(3.6)f(w)m(e)h(get)
+g Fs(e)2539 5216 y Fi(0)2598 5252 y Fu(=)f Ft(B)s Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)44 b Fu(and)35 b Fs(s)3227
+5216 y Fi(0)3286 5252 y Fu(=)g Fs(s)8 b Fu(.)0 5372 y(W)-8
+b(e)33 b(no)m(w)g(ha)m(v)m(e)h(t)m(w)m(o)f(cases.)146
+5494 y(In)g(the)g(\014rst)g(case)h(assume)f(that)f Ft(B)t
+Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40 b Fu(=)33
+b Fw(\013)p Fu(.)44 b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)p
+eop
+%%Page: 80 90
+80 89 bop 251 130 a Fw(80)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
+b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 527
+515 a Ft(h)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(]:)p Fb(loop)p Fu(\()p Ft(C)6
+b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(C)6
+b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fb(noop)p
+Fu(\),)f Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q
+Fs(s)8 b Fu(,)33 b Fs(s)8 b Ft(i)926 683 y Fh(\003)33
+b Ft(h)p Fb(noop)p Fu(,)g Fo(")o Fu(,)g Fs(s)8 b Ft(i)926
+851 y Fh(\003)33 b Ft(h)p Fo(")o Fu(,)g Fo(")p Fu(,)f
+Fs(s)8 b Ft(i)283 1033 y Fu(so)25 b Fs(e)33 b Fu(=)24
+b Fo(")h Fu(and)g Fs(s)32 b Fu(=)25 b Fs(s)1047 997 y
+Fi(00)1090 1033 y Fu(.)40 b(Using)25 b(rule)f([while)1873
+997 y Fn(\013)1861 1058 y(ns)1932 1033 y Fu(])h(w)m(e)h(get)e
+Ft(h)p Fr(while)i Fs(b)31 b Fr(do)25 b Fs(S)12 b Fu(,)25
+b Fs(s)8 b Ft(i)25 b(!)f Fs(s)3200 997 y Fi(00)3267 1033
+y Fu(as)h(required.)430 1154 y(In)33 b(the)g(second)h(case)f(assume)g
+(that)f Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p
+Fs(s)41 b Fu(=)32 b Fw(tt)p Fu(.)43 b(Then)33 b(w)m(e)h(ha)m(v)m(e)527
+1337 y Ft(h)p Fb(branch)p Fu(\()p Ft(C)6 b(S)i Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(]:)p Fb(loop)p Fu(\()p Ft(C)6
+b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(C)6
+b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\),)33 b Fb(noop)p
+Fu(\),)f Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q
+Fs(s)8 b Fu(,)33 b Fs(s)8 b Ft(i)926 1504 y Fh(\003)163
+b Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]:)p
+Fb(loop)p Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(],)33 b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12
+b Fu(])-17 b(])q(\),)32 b Fo(")p Fu(,)h Fs(s)8 b Ft(i)926
+1672 y Fh(\003)1004 1636 y Fn(k)1041 1645 y Fd(2)1075
+1636 y Fi(\000)p Fn(1)1166 1672 y Ft(h)p Fo(")p Fu(,)32
+b Fs(e)7 b Fu(,)33 b Fs(s)1470 1636 y Fi(00)1513 1672
+y Ft(i)283 1855 y Fu(W)-8 b(e)31 b(then)f(pro)s(ceed)h(v)m(ery)h(m)m
+(uc)m(h)e(as)g(in)g(the)g(case)h(of)f(the)g(comp)s(osition)e(statemen)m
+(t)i(and)g(get)g(a)283 1975 y(con\014guration)i Ft(h)p
+Fo(")p Fu(,)g Fs(e)1070 1939 y Fi(0)1094 1975 y Fu(,)g
+Fs(s)1201 1939 y Fi(0)1225 1975 y Ft(i)g Fu(suc)m(h)i(that)527
+2158 y Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(],)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)1196
+2122 y Fn(k)1233 2131 y Fd(3)1304 2158 y Ft(h)p Fo(")p
+Fu(,)g Fs(e)1500 2122 y Fi(0)1524 2158 y Fu(,)h Fs(s)1632
+2122 y Fi(0)1655 2158 y Ft(i)527 2326 y(h)p Fb(loop)p
+Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(],)33 b Ft(C)6 b(S)i Fu([)-17 b([)p Fs(S)12 b Fu(])-17
+b(])q(\),)32 b Fs(e)1567 2289 y Fi(0)1591 2326 y Fu(,)h
+Fs(s)1699 2289 y Fi(0)1722 2326 y Ft(i)f Fh(\003)1871
+2289 y Fn(k)1908 2298 y Fd(4)1979 2326 y Ft(h)p Fo(")p
+Fu(,)g Fs(e)7 b Fu(,)33 b Fs(s)2283 2289 y Fi(00)2326
+2326 y Ft(i)283 2508 y Fu(where)h(k)616 2523 y Fn(3)689
+2508 y Fu(+)f(k)849 2523 y Fn(4)921 2508 y Fu(=)g(k)1081
+2523 y Fn(2)1153 2508 y Ft(\000)g Fu(1.)44 b(Since)33
+b(k)1689 2523 y Fn(3)1762 2508 y Ft(\024)g Fu(k)1923
+2523 y Fn(0)1995 2508 y Fu(w)m(e)h(can)f(apply)f(the)i(induction)d(h)m
+(yp)s(othesis)j(to)283 2629 y(the)f(\014rst)h(of)e(these)h(computation)
+f(sequences)j(and)e(get)527 2812 y Ft(h)p Fs(S)12 b Fu(,)33
+b Fs(s)8 b Ft(i)32 b(!)g Fs(s)992 2775 y Fi(0)1048 2812
+y Fu(and)h Fs(e)1290 2775 y Fi(0)1346 2812 y Fu(=)f Fo(")283
+2994 y Fu(W)-8 b(e)35 b(can)g(then)f(use)i(that)e(k)1292
+3009 y Fn(4)1366 2994 y Ft(\024)g Fu(k)1528 3009 y Fn(0)1603
+2994 y Fu(and)g(apply)g(the)g(induction)g(h)m(yp)s(othesis)h(to)f(the)h
+(compu-)283 3115 y(tation)d(sequence)j Ft(h)p Fb(loop)p
+Fu(\()p Ft(C)6 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
+b(])q(,)32 b Ft(C)6 b(S)j Fu([)-17 b([)p Fs(S)12 b Fu(])-17
+b(])q(\),)32 b Fo(")p Fu(,)g Fs(s)2116 3079 y Fi(0)2140
+3115 y Ft(i)g Fh(\003)2288 3079 y Fn(k)2325 3088 y Fd(4)2397
+3115 y Ft(h)p Fo(")o Fu(,)h Fs(e)7 b Fu(,)33 b Fs(s)2701
+3079 y Fi(00)2743 3115 y Ft(i)g Fu(and)f(get)527 3298
+y Ft(h)p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33
+b Fs(s)1248 3261 y Fi(0)1271 3298 y Ft(i)g(!)f Fs(s)1523
+3261 y Fi(00)1598 3298 y Fu(and)g Fs(e)40 b Fu(=)33 b
+Fo(")283 3480 y Fu(Using)24 b(rule)f([while)997 3444
+y Fn(tt)985 3505 y(ns)1056 3480 y Fu(])h(w)m(e)h(then)f(get)g
+Ft(h)p Fr(while)h Fs(b)30 b Fr(do)24 b Fs(S)12 b Fu(,)24
+b Fs(s)8 b Ft(i)24 b(!)f Fs(s)2529 3444 y Fi(00)2596
+3480 y Fu(as)h(required.)41 b(This)24 b(completes)283
+3601 y(the)33 b(pro)s(of)f(of)g(the)h(lemma.)2385 b Fh(2)430
+3804 y Fu(The)37 b(pro)s(of)e(tec)m(hnique)j(emplo)m(y)m(ed)e(in)g(the)
+g(ab)s(o)m(v)m(e)h(pro)s(of)f(ma)m(y)g(b)s(e)g(summarized)f(as)i(fol-)
+283 3924 y(lo)m(ws:)p 283 4054 3470 4 v 283 4071 V 281
+4279 4 208 v 298 4279 V 1371 4200 a Fw(Pro)s(of)32 b(Summary)h(for)f
+(While)p Fu(:)p 3735 4279 V 3752 4279 V 281 4486 V 298
+4486 V 1266 4407 a Fw(Correctness)g(of)h(Implemen)m(tation)p
+3735 4486 V 3752 4486 V 283 4490 3470 4 v 281 4979 4
+490 v 298 4979 V 350 4655 a Fu(1:)143 b(Pro)m(v)m(e)24
+b(b)m(y)h Fs(induction)h(on)f(the)i(shap)-5 b(e)25 b(of)h(derivation)g
+(tr)-5 b(e)g(es)31 b Fu(that)23 b(for)g(eac)m(h)h(deriv)-5
+b(ation)569 4775 y(tree)34 b(in)g(the)g(natural)f(seman)m(tics)i(there)
+g(is)e(a)h(corresp)s(onding)g(\014nite)g(computation)569
+4896 y(sequence)h(on)e(the)g(abstract)f(mac)m(hine.)p
+3735 4979 V 3752 4979 V 281 5508 4 529 v 298 5508 V 350
+5063 a(2:)143 b(Pro)m(v)m(e)26 b(b)m(y)f Fs(induction)i(on)g(the)h
+(length)f(of)g(c)-5 b(omputation)27 b(se)-5 b(quenc)g(es)32
+b Fu(that)25 b(for)f(eac)m(h)h(\014-)569 5184 y(nite)h(computation)f
+(sequence)k(obtained)d(from)f(executing)i(a)f(statemen)m(t)h(of)f
+Fw(While)569 5304 y Fu(on)41 b(the)h(abstract)f(mac)m(hine)g(there)h
+(is)e(a)h(corresp)s(onding)h(deriv)-5 b(ation)39 b(tree)j(in)e(the)569
+5424 y(natural)31 b(seman)m(tics.)p 3735 5508 V 3752
+5508 V 283 5511 3470 4 v 283 5528 V eop
+%%Page: 81 91
+81 90 bop 0 130 a Fw(3.4)112 b(An)38 b(alternativ)m(e)e(pro)s(of)i(tec)
+m(hnique)1593 b(81)p 0 193 3473 4 v 0 515 a Fu(Note)28
+b(the)h Fs(similarities)35 b Fu(b)s(et)m(w)m(een)30 b(this)e(pro)s(of)f
+(tec)m(hnique)i(and)f(that)g(for)g(sho)m(wing)g(the)g(equiv-)0
+636 y(alence)j(of)g(t)m(w)m(o)i(op)s(erational)28 b(seman)m(tics)k
+(\(see)h(Section)e(2.3\).)42 b(Again)31 b(one)g(has)h(to)f(b)s(e)h
+(careful)0 756 y(when)47 b(adapting)d(this)i(approac)m(h)g(to)f(a)g
+(language)g(with)g(additional)e(programming)g(con-)0
+877 y(structs)34 b(or)e(a)g(di\013eren)m(t)h(mac)m(hine)f(language.)0
+1091 y Fw(Exercise)k(3.23)49 b Fu(Consider)33 b(the)f(\\optimized")e
+(co)s(de)j(generation)e(function)h Ft(C)6 b(S)3021 1055
+y Fi(0)3077 1091 y Fu(that)32 b(is)f(as)0 1211 y Ft(C)6
+b(S)46 b Fu(of)37 b(T)-8 b(able)38 b(3.3)f(except)j(that)e
+Ft(C)6 b(S)1371 1175 y Fi(0)1394 1211 y Fu([)-17 b([)p
+Fr(skip)p Fu(])g(])40 b(=)e Fo(")o Fu(.)60 b(W)-8 b(ould)37
+b(this)g(complicate)g(the)h(pro)s(of)f(of)0 1332 y(Theorem)c(3.20?)2766
+b Fh(2)0 1546 y Fw(Exercise)36 b(3.24)49 b Fu(Extend)29
+b(the)e(pro)s(of)f(of)h(Theorem)g(3.20)f(to)h(hold)f(for)h(the)g
+Fw(While)e Fu(language)0 1666 y(extended)48 b(with)e
+Fr(repeat)i Fs(S)58 b Fr(until)48 b Fs(b)6 b Fu(.)85
+b(The)47 b(co)s(de)g(generated)g(for)f(this)g(construct)h(w)m(as)0
+1787 y(studied)33 b(in)f(Exercise)i(3.14)e(and)g(its)g(natural)g(seman)
+m(tics)h(in)e(Exercise)j(2.7.)593 b Fh(2)0 2001 y Fw(Exercise)36
+b(3.25)49 b Fu(Pro)m(v)m(e)27 b(that)f(the)g(co)s(de)g(generated)g(for)
+g Fw(AM)2314 2016 y Fn(1)2379 2001 y Fu(in)e(Exercise)j(3.16)f(is)f
+(correct.)0 2121 y(What)33 b(assumptions)f(do)h(y)m(ou)g(need)g(to)g
+(mak)m(e)f(ab)s(out)g Fs(env)11 b Fu(?)1168 b Fh(2)0
+2452 y Fj(3.4)161 b(An)53 b(alternativ)l(e)h(pro)t(of)g(tec)l(hnique)0
+2671 y Fu(In)32 b(Theorem)f(3.20)g(w)m(e)i(pro)m(v)m(ed)g(the)e
+(correctness)j(of)d(the)h(implemen)m(tation)c(with)j(resp)s(ect)i(to)0
+2792 y(the)j(natural)f(seman)m(tics.)53 b(It)36 b(is)f(ob)m(vious)h
+(that)g(the)g(implemen)m(tation)d(will)g(also)i(b)s(e)h(correct)0
+2912 y(with)c(resp)s(ect)i(to)e(the)h(structural)g(op)s(erational)d
+(seman)m(tics,)j(that)f(is)244 3105 y Ft(S)312 3120 y
+Fn(sos)407 3105 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])33
+b(=)g Ft(S)758 3120 y Fn(am)856 3105 y Fu([)-17 b([)p
+Fs(S)12 b Fu(])-17 b(])33 b(for)f(all)f(statemen)m(ts)i
+Fs(S)45 b Fu(of)32 b Fw(While)0 3298 y Fu(b)s(ecause)41
+b(w)m(e)g(sho)m(w)m(ed)h(in)d(Theorem)h(2.26)g(that)f(the)i(natural)e
+(seman)m(tics)h(is)f(equiv)-5 b(alen)m(t)40 b(to)0 3418
+y(the)35 b(structural)f(op)s(erational)e(seman)m(tics.)49
+b(Ho)m(w)m(ev)m(er,)37 b(one)e(migh)m(t)e(argue)h(that)g(it)g(w)m(ould)
+g(b)s(e)0 3538 y(easier)e(to)f(giv)m(e)h(a)g(direct)f(pro)s(of)h(of)f
+(the)h(correctness)i(of)e(the)g(implemen)m(tation)d(with)i(resp)s(ect)0
+3659 y(to)d(the)h(structural)f(op)s(erational)e(seman)m(tics,)j(b)s
+(ecause)h(b)s(oth)e(approac)m(hes)i(are)e(based)i(on)e(the)0
+3779 y(idea)c(of)h(sp)s(ecifying)g(the)g(individual)e(steps)j(of)f(the)
+g(computation.)40 b(W)-8 b(e)25 b(shall)f(commen)m(t)g(up)s(on)0
+3899 y(this)32 b(shortly)-8 b(.)146 4020 y(A)39 b(direct)g(pro)s(of)f
+(of)h(the)g(correctness)i(result)e(with)g(resp)s(ect)h(to)f(the)g
+(structural)g(op)s(era-)0 4140 y(tional)31 b(seman)m(tics)j(could)f
+(pro)s(ceed)h(as)g(follo)m(ws.)45 b(W)-8 b(e)34 b(shall)e(de\014ne)j(a)
+e Fs(bisimulation)40 b Fu(relation)0 4261 y Ft(\031)31
+b Fu(b)s(et)m(w)m(een)i(the)e(con\014gurations)g(of)f(the)h(structural)
+g(op)s(erational)d(seman)m(tics)j(and)g(those)h(of)0
+4381 y(the)h(op)s(erational)d(seman)m(tics)j(for)f Fw(AM)p
+Fu(.)h(It)f(is)g(de\014ned)i(b)m(y)294 4565 y Ft(h)o
+Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)99 b(\031)h(hC)6 b(S)i
+Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 b Fo(")p Fu(,)f
+Fs(s)8 b Ft(i)498 4733 y Fs(s)107 b Ft(\031)100 b(h)p
+Fo(")p Fu(,)32 b Fo(")p Fu(,)h Fs(s)8 b Ft(i)0 4919 y
+Fu(for)30 b(all)f(statemen)m(ts)j Fs(S)42 b Fu(and)31
+b(states)h Fs(s)8 b Fu(.)43 b(The)31 b(\014rst)h(stage)f(will)d(then)k
+(b)s(e)f(to)f(pro)m(v)m(e)i(that)f(when-)0 5039 y(ev)m(er)43
+b Fs(one)48 b Fu(step)43 b(of)e(the)h(structural)g(op)s(erational)d
+(seman)m(tics)j Fs(changes)48 b Fu(the)42 b(con\014guration)0
+5160 y(then)32 b(there)g(is)f(a)f Fs(se)-5 b(quenc)g(e)38
+b Fu(of)31 b(steps)i(in)d(the)i(seman)m(tics)f(of)g Fw(AM)g
+Fu(that)g(will)e(mak)m(e)i(a)g Fs(similar)0 5280 y(change)39
+b Fu(in)32 b(the)h(con\014guration)e(of)i(the)g(abstract)f(mac)m(hine:)
+0 5494 y Fw(Exercise)k(3.26)49 b Fu(*)33 b(Sho)m(w)g(that)f(if)p
+eop
+%%Page: 82 92
+82 91 bop 251 130 a Fw(82)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
+b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v 527
+515 a Fo(\015)583 530 y Fn(sos)711 515 y Ft(\031)c Fo(\015)877
+530 y Fn(am)1008 515 y Fu(and)f Fo(\015)1253 530 y Fn(sos)1381
+515 y Ft(\))g Fo(\015)1569 479 y Fi(0)1569 540 y Fn(sos)283
+774 y Fu(then)i(there)f(exists)g(a)g(con\014guration)e
+Fo(\015)1752 738 y Fi(0)1752 798 y Fn(am)1883 774 y Fu(suc)m(h)j(that)
+527 1032 y Fo(\015)583 1047 y Fn(am)714 1032 y Fh(\003)792
+996 y Fn(+)883 1032 y Fo(\015)939 996 y Fi(0)939 1057
+y Fn(am)1070 1032 y Fu(and)f Fo(\015)1316 996 y Fi(0)1316
+1057 y Fn(sos)1443 1032 y Ft(\031)g Fo(\015)1609 996
+y Fi(0)1609 1057 y Fn(am)283 1291 y Fu(Argue)g(that)g(this)f(means)h
+(that)f(if)f Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32
+b(\))1959 1255 y Fi(\003)2030 1291 y Fs(s)2078 1255 y
+Fi(0)2134 1291 y Fu(then)i Ft(h)o(C)7 b(S)g Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(],)33 b Fo(")p Fu(,)f Fs(s)8
+b Ft(i)33 b Fh(\003)3025 1255 y Fi(\003)3097 1291 y Ft(h)p
+Fo(")o Fu(,)g Fo(")p Fu(,)f Fs(s)3394 1255 y Fi(0)3418
+1291 y Ft(i)o Fu(.)198 b Fh(2)430 1596 y Fu(The)33 b(second)h(part)e
+(of)g(the)h(pro)s(of)e(is)h(to)g(sho)m(w)i(that)e(whenev)m(er)j
+Fw(AM)d Fu(mak)m(es)h(a)f(sequence)283 1717 y(of)f(mo)m(v)m(es)h(from)e
+(a)h(con\014guration)g(with)g(an)g Fs(empty)40 b Fu(ev)-5
+b(aluation)29 b(stac)m(k)k(to)e(another)g(con\014gu-)283
+1837 y(ration)j(with)g(an)h Fs(empty)44 b Fu(ev)-5 b(aluation)33
+b(stac)m(k,)k(then)e(the)h(structural)e(op)s(erational)f(seman)m(tics)
+283 1957 y(can)39 b(mak)m(e)g(a)f(similar)d(c)m(hange)40
+b(of)e(con\014gurations.)60 b(Note)39 b(that)f Fw(AM)h
+Fu(ma)m(y)f(ha)m(v)m(e)i(to)e(mak)m(e)283 2078 y(more)e(than)g(one)h
+(step)g(to)f(arriv)m(e)g(at)g(a)g(con\014guration)g(with)g(an)g(empt)m
+(y)h(stac)m(k,)h(due)f(to)f(the)283 2198 y(w)m(a)m(y)48
+b(it)e(ev)-5 b(aluates)47 b(expressions;)56 b(in)46 b(the)h(structural)
+f(op)s(erational)f(seman)m(tics,)50 b(ho)m(w)m(ev)m(er,)283
+2319 y(expressions)35 b(are)d(ev)-5 b(aluated)33 b(as)f(part)h(of)f(a)g
+(single)g(step.)283 2635 y Fw(Exercise)37 b(3.27)49 b
+Fu(**)32 b(Assume)h(that)g Fo(\015)1734 2650 y Fn(sos)1861
+2635 y Ft(\031)g Fo(\015)2039 2599 y Fn(1)2027 2660 y(am)2158
+2635 y Fu(and)527 2893 y Fo(\015)595 2857 y Fn(1)583
+2918 y(am)714 2893 y Fh(\003)g Fo(\015)892 2857 y Fn(2)880
+2918 y(am)1011 2893 y Fh(\003)g Ft(\001)17 b(\001)g(\001)31
+b Fh(\003)i Fo(\015)1447 2857 y Fn(k)1436 2918 y(am)283
+3152 y Fu(where)e(k)p Fo(>)p Fu(1)e(and)h(only)f Fo(\015)1232
+3116 y Fn(1)1221 3177 y(am)1348 3152 y Fu(and)g Fo(\015)1602
+3116 y Fn(k)1590 3177 y(am)1718 3152 y Fu(ha)m(v)m(e)h(empt)m(y)g(ev)-5
+b(aluation)28 b(stac)m(ks)j(\(that)e(is,)g(are)h(of)e(the)283
+3272 y(form)k Ft(h)p Fs(c)6 b Fu(,)32 b Fo(")o Fu(,)h
+Fs(s)8 b Ft(i)p Fu(\).)43 b(Sho)m(w)34 b(that)e(there)h(exists)h(a)e
+(con\014guration)g Fo(\015)2679 3236 y Fi(0)2679 3297
+y Fn(sos)2806 3272 y Fu(suc)m(h)i(that)527 3531 y Fo(\015)583
+3546 y Fn(sos)711 3531 y Ft(\))e Fo(\015)899 3495 y Fi(0)899
+3555 y Fn(sos)1027 3531 y Fu(and)g Fo(\015)1272 3495
+y Fi(0)1272 3555 y Fn(sos)1400 3531 y Ft(\031)h Fo(\015)1578
+3495 y Fn(k)1566 3555 y(am)283 3789 y Fu(Argue)g(that)g(this)f(means)h
+(that)f(if)f Ft(hC)6 b(S)i Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(],)33 b Fo(")o Fu(,)g Fs(s)8 b Ft(i)32 b Fh(\003)2243
+3753 y Fi(\003)2315 3789 y Ft(h)p Fo(")o Fu(,)h Fo(")o
+Fu(,)g Fs(s)2612 3753 y Fi(0)2635 3789 y Ft(i)g Fu(then)g
+Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32 b(\))3313
+3753 y Fi(\003)3385 3789 y Fs(s)3433 3753 y Fi(0)3456
+3789 y Fu(.)198 b Fh(2)283 4095 y Fw(Exercise)37 b(3.28)49
+b Fu(Sho)m(w)e(that)f(Exercises)i(3.26)d(and)i(3.27)e(together)i
+(constitute)f(a)g(direct)283 4215 y(pro)s(of)32 b(of)g
+Ft(S)717 4230 y Fn(sos)812 4215 y Fu([)-17 b([)q Fs(S)12
+b Fu(])-17 b(])33 b(=)f Ft(S)1163 4230 y Fn(am)1261 4215
+y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 b(for)f(all)e(statemen)m
+(ts)k Fs(S)44 b Fu(of)32 b Fw(While)p Fu(.)912 b Fh(2)430
+4520 y Fu(The)41 b(success)i(of)d(this)g(approac)m(h)h(relies)e(on)i
+(the)f(t)m(w)m(o)h(seman)m(tics)g(pro)s(ceeding)f(in)g
+Fs(lo)-5 b(ck-)283 4641 y(step)p Fu(:)51 b(that)36 b(one)h(is)f(able)f
+(to)h(\014nd)h(con\014gurations)f(in)f(the)i(t)m(w)m(o)g(deriv)-5
+b(ation)35 b(sequences)k(that)283 4761 y(corresp)s(ond)e(to)f(one)g
+(another)g(\(as)h(sp)s(eci\014ed)f(b)m(y)h(the)g(bisim)m(ulation)32
+b(relation\).)52 b(Often)36 b(this)283 4882 y(is)41 b(not)g(p)s
+(ossible)f(and)i(then)f(one)h(has)f(to)g(raise)g(the)g(lev)m(el)g(of)f
+(abstraction)h(for)f(one)i(of)e(the)283 5002 y(seman)m(tics.)h(This)23
+b(is)g(exactly)h(what)f(happ)s(ens)i(when)f(the)g(structural)f(op)s
+(erational)e(seman)m(tics)283 5122 y(is)31 b(replaced)g(b)m(y)h(the)f
+(natural)f(seman)m(tics:)43 b(w)m(e)31 b(do)g(not)g(care)g(ab)s(out)g
+(the)g(individual)d(steps)k(of)283 5243 y(the)h(execution)h(but)f(only)
+f(on)g(the)h(result.)430 5374 y(The)27 b(pro)s(of)f(tec)m(hnique)i
+(emplo)m(y)m(ed)f(in)e(the)i(ab)s(o)m(v)m(e)g(sk)m(etc)m(h)i(of)d(pro)s
+(of)g(ma)m(y)g(b)s(e)h(summarized)283 5494 y(as)33 b(follo)m(ws:)p
+eop
+%%Page: 83 93
+83 92 bop 0 130 a Fw(3.4)112 b(An)38 b(alternativ)m(e)e(pro)s(of)i(tec)
+m(hnique)1593 b(83)p 0 193 3473 4 v 0 419 3470 4 v 0
+436 V -2 643 4 208 v 15 643 V 1088 564 a(Pro)s(of)32
+b(Summary)g(for)h(While)p Fu(:)p 3452 643 V 3469 643
+V -2 851 V 15 851 V 513 772 a Fw(Correctness)g(of)g(Implemen)m(tation)d
+(using)i(Bisim)m(ulation)p 3452 851 V 3469 851 V 0 854
+3470 4 v -2 1464 4 610 v 15 1464 V 66 1020 a Fu(1:)143
+b(Pro)m(v)m(e)36 b(that)e(one)g(step)h(in)e(the)i(structural)f(op)s
+(erational)e(seman)m(tics)i(can)g(b)s(e)h(sim)m(u-)285
+1140 y(lated)j(b)m(y)i(a)f(non-empt)m(y)g(sequence)i(of)d(steps)j(on)d
+(the)i(abstract)f(mac)m(hine.)61 b(Sho)m(w)285 1260 y(that)56
+b(this)f(extends)j(to)d(sequences)k(of)c(steps)i(in)e(the)h(structural)
+g(op)s(erational)285 1381 y(seman)m(tics.)p 3452 1464
+V 3469 1464 V -2 1993 4 529 v 15 1993 V 66 1549 a(2:)143
+b(Pro)m(v)m(e)44 b(that)e(a)f(carefully)g(selected)j(non-empt)m(y)e
+(sequence)i(of)e(steps)h(on)f(the)h(ab-)285 1669 y(stract)d(mac)m(hine)
+e(can)h(b)s(e)g(sim)m(ulated)f(b)m(y)i(a)f(step)g(in)g(the)g
+(structural)g(op)s(erational)285 1789 y(seman)m(tics.)49
+b(Sho)m(w)35 b(that)f(this)g(extends)i(to)e(more)g(general)g(sequences)
+j(of)d(steps)h(on)285 1910 y(the)e(abstract)g(mac)m(hine.)p
+3452 1993 V 3469 1993 V 0 1996 3470 4 v 0 2013 V 0 2209
+a(Again,)41 b(this)g(metho)s(d)f(needs)i(to)e(b)s(e)g(mo)s(di\014ed)g
+(when)h(considering)f(a)g(programming)e(lan-)0 2329 y(guage)32
+b(with)h(additional)c(constructs)34 b(or)f(a)f(di\013eren)m(t)h
+(abstract)g(mac)m(hine.)0 2557 y Fw(Exercise)j(3.29)49
+b Fu(*)34 b(Consider)f(the)h(follo)m(wing,)e(seemingly)g(inno)s(cen)m
+(t,)i(mo)s(di\014cation)d(of)i(the)0 2678 y(structural)e(op)s
+(erational)d(seman)m(tics)j(of)g(T)-8 b(able)30 b(2.2)h(in)f(whic)m(h)h
+([while)2571 2693 y Fn(sos)2666 2678 y Fu(])g(is)f(replaced)h(b)m(y)h
+(the)0 2798 y(t)m(w)m(o)h(axioms:)244 3001 y Ft(h)p Fr(while)g
+Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33
+b(\))f(h)p Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)k Fr(do)33
+b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b Fu(if)g Ft(B)s
+Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32
+b Fw(tt)244 3169 y Ft(h)p Fr(while)h Fs(b)39 b Fr(do)33
+b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))f Fs(s)878
+b Fu(if)32 b Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(])p Fs(s)41 b Fu(=)32 b Fw(\013)0 3372 y Fu(Sho)m(w)h(that)g(the)g
+(mo)s(di\014ed)e(seman)m(tic)h(function,)h Ft(S)1916
+3336 y Fi(0)1916 3397 y Fn(sos)2011 3372 y Fu(,)g(satis\014es)244
+3576 y Ft(S)312 3591 y Fn(sos)407 3576 y Fu([)-17 b([)p
+Fs(S)12 b Fu(])-17 b(])33 b(=)g Ft(S)758 3540 y Fi(0)758
+3600 y Fn(sos)853 3576 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17
+b(])33 b(for)f(all)f(statemen)m(ts)i Fs(S)45 b Fu(of)32
+b Fw(While)0 3779 y Fu(In)m(v)m(estigate)h(whether)h(or)d(not)h(this)g
+(complicates)f(the)h(pro)s(ofs)g(of)g(\(analogues)f(of)7
+b(\))32 b(Exercises)0 3900 y(3.26)g(and)h(3.27.)2801
+b Fh(2)p eop
+%%Page: 84 94
+84 93 bop 251 130 a Fw(84)1535 b(3)112 b(Pro)m(v)-6 b(ably)36
+b(Correct)h(Implemen)m(tation)p 251 193 3473 4 v eop
+%%Page: 85 95
+85 94 bop 0 1184 a Fv(Chapter)78 b(4)0 1604 y(Denotational)g(Seman)-6
+b(tics)0 2062 y Fu(In)45 b(the)g(op)s(erational)d(approac)m(h)j(w)m(e)h
+(w)m(ere)g(in)m(terested)g(in)e Fs(how)54 b Fu(a)45 b(program)e(is)h
+(executed.)0 2182 y(This)37 b(is)g(con)m(trary)h(to)f(the)h
+(denotational)d(approac)m(h)j(where)g(w)m(e)h(are)e(merely)g(in)m
+(terested)h(in)0 2302 y(the)32 b Fs(e\013e)-5 b(ct)40
+b Fu(of)30 b(executing)i(a)f(program.)42 b(By)31 b(e\013ect)h(w)m(e)g
+(here)g(mean)f(an)g(asso)s(ciation)e(b)s(et)m(w)m(een)0
+2423 y(initial)k(states)38 b(and)e(\014nal)g(states.)57
+b(The)38 b(idea)e(then)h(is)g(to)f(de\014ne)i(a)e Fs(semantic)i
+(function)44 b Fu(for)0 2543 y(eac)m(h)27 b Fs(syntactic)j(c)-5
+b(ate)g(gory)p Fu(.)41 b(It)27 b(maps)f(eac)m(h)h Fs(syntactic)j(c)-5
+b(onstruct)36 b Fu(to)26 b(a)h Fs(mathematic)-5 b(al)28
+b(obje)-5 b(ct)p Fu(,)0 2664 y(often)33 b(a)f(function,)g(that)g
+(describ)s(es)i(the)f(e\013ect)g(of)g(executing)g(that)f(construct.)146
+2789 y(The)i(hallmark)c(of)i(denotational)e(seman)m(tics)j(is)f(that)g
+(seman)m(tic)g(functions)h(are)f(de\014ned)0 2909 y Fs(c)-5
+b(omp)g(ositional)5 b(ly)p Fu(,)31 b(that)i(is)145 3137
+y Ft(\017)49 b Fu(there)d(is)e(a)h(seman)m(tic)g(clause)g(for)g(eac)m
+(h)h(of)e(the)i(basis)f(elemen)m(ts)g(of)g(the)h(syn)m(tactic)244
+3257 y(category)-8 b(,)33 b(and)145 3485 y Ft(\017)49
+b Fu(for)32 b(eac)m(h)h(metho)s(d)f(of)f(constructing)i(a)f(comp)s
+(osite)f(elemen)m(t)h(\(in)g(the)g(syn)m(tactic)i(cate-)244
+3605 y(gory\))40 b(there)i(is)e(a)g(seman)m(tic)g(clause)h(de\014ned)h
+(in)e(terms)g(of)h(the)g(seman)m(tic)f(function)244 3726
+y(applied)31 b(to)i(the)g(immediate)c(constituen)m(ts)34
+b(of)e(the)h(comp)s(osite)f(elemen)m(t.)0 3953 y(The)j(functions)e
+Ft(A)h Fu(and)f Ft(B)k Fu(de\014ned)f(in)d(Chapter)h(1)f(are)h
+(examples)g(of)f(denotational)f(de\014ni-)0 4073 y(tions:)51
+b(the)36 b(mathematical)e(ob)5 b(jects)37 b(asso)s(ciated)g(with)f
+(arithmetic)e(expressions)k(are)e(func-)0 4194 y(tions)26
+b(in)f Fw(State)33 b Ft(!)f Fw(Z)27 b Fu(and)f(those)h(asso)s(ciated)g
+(with)e(b)s(o)s(olean)g(expressions)j(are)f(functions)f(in)0
+4314 y Fw(State)33 b Ft(!)f Fw(T)p Fu(.)42 b(The)29 b(functions)f
+Ft(S)1247 4329 y Fn(ns)1347 4314 y Fu(and)g Ft(S)1600
+4329 y Fn(sos)1724 4314 y Fu(asso)s(ciate)g(mathematical)d(ob)5
+b(jects)29 b(with)f(eac)m(h)0 4435 y(statemen)m(t,)43
+b(namely)d(partial)f(functions)h(in)g Fw(State)h Fo(,)-17
+b Ft(!)41 b Fw(State)p Fu(.)68 b(Ho)m(w)m(ev)m(er,)45
+b(they)d(are)e Fs(not)0 4555 y Fu(examples)28 b(of)g(denotational)e
+(de\014nitions)i(b)s(ecause)i(they)f(are)f Fs(not)38
+b Fu(de\014ned)29 b(comp)s(ositionally)-8 b(.)0 4918
+y Fj(4.1)161 b(Direct)53 b(st)l(yle)g(seman)l(tics:)70
+b(sp)t(eci\014cation)0 5147 y Fu(The)32 b(e\013ect)g(of)f(executing)h
+(a)f(statemen)m(t)g Fs(S)43 b Fu(is)31 b(to)g(c)m(hange)h(the)g(state)f
+(so)h(w)m(e)g(shall)e(de\014ne)i(the)0 5267 y(meaning)f(of)h
+Fs(S)45 b Fu(to)32 b(b)s(e)h(a)f(partial)e(function)i(on)h(states:)244
+5494 y Ft(S)312 5509 y Fn(ds)383 5494 y Fu(:)43 b Fw(Stm)32
+b Ft(!)g Fu(\()p Fw(State)h Fo(,)-17 b Ft(!)32 b Fw(State)p
+Fu(\))1687 5849 y(85)p eop
+%%Page: 86 96
+86 95 bop 251 130 a Fw(86)2034 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 1501
+4 1083 v 666 519 a Ft(S)733 534 y Fn(ds)805 519 y Fu([)-17
+b([)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])q Fs(s)40
+b Fu(=)33 b Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17
+b([)q Fs(a)7 b Fu(])-17 b(])p Fs(s)8 b Fu(])666 710 y
+Ft(S)733 725 y Fn(ds)805 710 y Fu([)-17 b([)p Fr(skip)p
+Fu(])g(])34 b(=)f(id)666 901 y Ft(S)733 916 y Fn(ds)805
+901 y Fu([)-17 b([)p Fs(S)909 916 y Fn(1)981 901 y Fu(;)33
+b Fs(S)1108 916 y Fn(2)1147 901 y Fu(])-17 b(])33 b(=)f
+Ft(S)1393 916 y Fn(ds)1464 901 y Fu([)-17 b([)q Fs(S)1569
+916 y Fn(2)1608 901 y Fu(])g(])33 b Ft(\016)g(S)1828
+916 y Fn(ds)1900 901 y Fu([)-17 b([)p Fs(S)2004 916 y
+Fn(1)2043 901 y Fu(])g(])666 1092 y Ft(S)733 1107 y Fn(ds)805
+1092 y Fu([)g([)p Fr(if)33 b Fs(b)39 b Fr(then)33 b Fs(S)1365
+1107 y Fn(1)1437 1092 y Fr(else)h Fs(S)1742 1107 y Fn(2)1781
+1092 y Fu(])-17 b(])33 b(=)f(cond\()p Ft(B)t Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(S)2520 1107 y Fn(ds)2591
+1092 y Fu([)-17 b([)q Fs(S)2696 1107 y Fn(1)2735 1092
+y Fu(])g(],)33 b Ft(S)2900 1107 y Fn(ds)2971 1092 y Fu([)-17
+b([)q Fs(S)3076 1107 y Fn(2)3115 1092 y Fu(])g(]\))666
+1284 y Ft(S)733 1299 y Fn(ds)805 1284 y Fu([)g([)p Fr(while)34
+b Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)g(FIX)f
+Fs(F)1138 1451 y Fu(where)i Fs(F)45 b(g)c Fu(=)33 b(cond\()p
+Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b
+Fs(g)41 b Ft(\016)33 b(S)2453 1466 y Fn(ds)2524 1451
+y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))p
+3753 1501 V 283 1504 3473 4 v 1054 1665 a(T)-8 b(able)33
+b(4.1:)43 b(Denotational)30 b(seman)m(tics)i(for)h Fw(While)283
+1920 y Fu(This)k(is)f(also)g(the)h(functionalit)m(y)e(of)h
+Ft(S)1743 1935 y Fn(ns)1850 1920 y Fu(and)h Ft(S)2112
+1935 y Fn(sos)2244 1920 y Fu(and)f(the)h(need)h(for)e(partialit)m(y)e
+(is)i(again)283 2041 y(demonstrated)26 b(b)m(y)g(the)g(statemen)m(t)f
+Fr(while)i(true)f(do)g(skip)p Fu(.)42 b(The)26 b(de\014nition)e(is)h
+(summarized)283 2161 y(in)38 b(T)-8 b(able)39 b(4.1)f(and)h(w)m(e)g
+(explain)f(it)g(in)g(detail)f(b)s(elo)m(w;)k(in)d(particular,)h(w)m(e)g
+(shall)f(de\014ne)h(the)283 2281 y Fs(auxiliary)c(functions)40
+b Fu(`cond')34 b(and)e(FIX.)430 2402 y(F)-8 b(or)32 b(assignmen)m(t)g
+(the)h(clause)527 2590 y Ft(S)595 2605 y Fn(ds)666 2590
+y Fu([)-17 b([)q Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17
+b(])q Fs(s)40 b Fu(=)33 b Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p
+Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])283
+2778 y(ensures)34 b(that)e(if)f Ft(S)993 2793 y Fn(ds)1064
+2778 y Fu([)-17 b([)q Fs(x)43 b Fu(:=)32 b Fs(a)7 b Fu(])-17
+b(])q Fs(s)40 b Fu(=)32 b Fs(s)1656 2741 y Fi(0)1711
+2778 y Fu(then)h Fs(s)1981 2741 y Fi(0)2036 2778 y Fs(x)44
+b Fu(=)31 b Ft(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])p
+Fs(s)40 b Fu(and)32 b Fs(s)2761 2741 y Fi(0)2817 2778
+y Fs(y)41 b Fu(=)32 b Fs(s)40 b(y)g Fu(for)32 b Fs(y)9
+b Ft(6)p Fu(=)p Fs(x)j Fu(.)43 b(The)283 2898 y(clause)35
+b(for)g Fr(skip)h Fu(expresses)h(that)e(no)g(state)g(c)m(hange)h(tak)m
+(es)g(place:)47 b(the)36 b(function)e(id)g(is)g(the)283
+3018 y(iden)m(tit)m(y)f(function)f(on)g Fw(State)h Fu(so)g
+Ft(S)1637 3033 y Fn(ds)1708 3018 y Fu([)-17 b([)p Fr(skip)p
+Fu(])g(])r Fs(s)41 b Fu(=)32 b Fs(s)8 b Fu(.)430 3139
+y(F)-8 b(or)32 b(sequencing)i(the)f(clause)f(is)527 3327
+y Ft(S)595 3342 y Fn(ds)666 3327 y Fu([)-17 b([)q Fs(S)771
+3342 y Fn(1)843 3327 y Fu(;)32 b Fs(S)969 3342 y Fn(2)1009
+3327 y Fu(])-17 b(])33 b(=)f Ft(S)1255 3342 y Fn(ds)1326
+3327 y Fu([)-17 b([)q Fs(S)1431 3342 y Fn(2)1470 3327
+y Fu(])g(])33 b Ft(\016)f(S)1690 3342 y Fn(ds)1761 3327
+y Fu([)-17 b([)q Fs(S)1866 3342 y Fn(1)1905 3327 y Fu(])g(])283
+3515 y(So)42 b(the)g(e\013ect)h(of)e(executing)i Fs(S)1505
+3530 y Fn(1)1586 3515 y Fu(;)j Fs(S)1726 3530 y Fn(2)1807
+3515 y Fu(is)41 b(the)i(functional)d(comp)s(osition)f(of)i(the)i
+(e\013ect)f(of)283 3635 y(executing)26 b Fs(S)779 3650
+y Fn(1)843 3635 y Fu(and)e(that)h(of)f(executing)i Fs(S)1827
+3650 y Fn(2)1866 3635 y Fu(.)41 b(F)-8 b(unctional)22
+b(comp)s(osition)h(is)h(de\014ned)i(suc)m(h)g(that)283
+3755 y(if)31 b(one)h(of)f(the)h(functions)g(is)f(unde\014ned)j(on)e(a)f
+(giv)m(en)h(argumen)m(t)f(then)i(their)e(comp)s(osition)e(is)283
+3876 y(unde\014ned)35 b(as)e(w)m(ell.)42 b(Giv)m(en)33
+b(a)f(state)h Fs(s)8 b Fu(,)33 b(w)m(e)g(therefore)h(ha)m(v)m(e)527
+4064 y Ft(S)595 4079 y Fn(ds)666 4064 y Fu([)-17 b([)q
+Fs(S)771 4079 y Fn(1)843 4064 y Fu(;)32 b Fs(S)969 4079
+y Fn(2)1009 4064 y Fu(])-17 b(])p Fs(s)846 4228 y Fu(=)99
+b(\()p Ft(S)1127 4243 y Fn(ds)1198 4228 y Fu([)-17 b([)q
+Fs(S)1303 4243 y Fn(2)1342 4228 y Fu(])g(])33 b Ft(\016)g(S)1562
+4243 y Fn(ds)1634 4228 y Fu([)-17 b([)p Fs(S)1738 4243
+y Fn(1)1777 4228 y Fu(])g(])q(\))p Fs(s)846 4735 y Fu(=)1021
+4312 y Fg(8)1021 4386 y(>)1021 4411 y(>)1021 4436 y(>)1021
+4461 y(>)1021 4486 y(>)1021 4511 y(>)1021 4536 y(>)1021
+4561 y(>)1021 4586 y(>)1021 4611 y(>)1021 4635 y(<)1021
+4785 y(>)1021 4810 y(>)1021 4835 y(>)1021 4860 y(>)1021
+4885 y(>)1021 4909 y(>)1021 4934 y(>)1021 4959 y(>)1021
+4984 y(>)1021 5009 y(>)1021 5034 y(:)1137 4399 y Fs(s)1185
+4363 y Fi(00)1455 4399 y Fu(if)32 b(there)h(exists)h
+Fs(s)2112 4363 y Fi(0)2167 4399 y Fu(suc)m(h)g(that)f
+Ft(S)2667 4414 y Fn(ds)2738 4399 y Fu([)-17 b([)p Fs(S)2842
+4414 y Fn(1)2882 4399 y Fu(])g(])p Fs(s)41 b Fu(=)32
+b Fs(s)3156 4363 y Fi(0)1455 4567 y Fu(and)h Ft(S)1713
+4582 y Fn(ds)1784 4567 y Fu([)-17 b([)q Fs(S)1889 4582
+y Fn(2)1928 4567 y Fu(])g(])q Fs(s)2014 4531 y Fi(0)2069
+4567 y Fu(=)33 b Fs(s)2226 4531 y Fi(00)1137 4734 y Fu(undef)p
+1137 4747 236 4 v 83 w(if)f Ft(S)1613 4749 y Fn(ds)1684
+4734 y Fu([)-17 b([)p Fs(S)1788 4749 y Fn(1)1828 4734
+y Fu(])g(])p Fs(s)41 b Fu(=)32 b(undef)p 2054 4747 V
+1455 4902 a(or)h(if)e(there)i(exists)h Fs(s)2231 4866
+y Fi(0)2287 4902 y Fu(suc)m(h)g(that)e Ft(S)2786 4917
+y Fn(ds)2857 4902 y Fu([)-17 b([)q Fs(S)2962 4917 y Fn(1)3001
+4902 y Fu(])g(])p Fs(s)41 b Fu(=)32 b Fs(s)3275 4866
+y Fi(0)1455 5070 y Fu(but)h Ft(S)1702 5085 y Fn(ds)1773
+5070 y Fu([)-17 b([)q Fs(S)1878 5085 y Fn(2)1917 5070
+y Fu(])g(])q Fs(s)2003 5033 y Fi(0)2059 5070 y Fu(=)32
+b(undef)p 2167 5083 V 283 5254 a(It)46 b(follo)m(ws)f(that)h(the)g
+(sequencing)h(construct)g(will)d(only)h(giv)m(e)h(a)f(de\014ned)j
+(result)d(if)g(b)s(oth)283 5374 y(comp)s(onen)m(ts)34
+b(do.)430 5494 y(F)-8 b(or)32 b(conditional)e(the)j(clause)f(is)p
+eop
+%%Page: 87 97
+87 96 bop 0 130 a Fw(4.1)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:)50
+b(sp)s(eci\014cation)1342 b(87)p 0 193 3473 4 v 244 515
+a Ft(S)312 530 y Fn(ds)383 515 y Fu([)-17 b([)p Fr(if)34
+b Fs(b)k Fr(then)c Fs(S)944 530 y Fn(1)1015 515 y Fr(else)g
+Fs(S)1320 530 y Fn(2)1359 515 y Fu(])-17 b(])33 b(=)g(cond\()p
+Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b
+Ft(S)2098 530 y Fn(ds)2169 515 y Fu([)-17 b([)q Fs(S)2274
+530 y Fn(1)2313 515 y Fu(])g(])q(,)32 b Ft(S)2478 530
+y Fn(ds)2549 515 y Fu([)-17 b([)q Fs(S)2654 530 y Fn(2)2693
+515 y Fu(])g(])q(\))0 715 y(and)33 b(the)g(auxiliary)d(function)i
+(`cond')h(has)g(functionalit)m(y)244 915 y(cond:)44 b(\()p
+Fw(State)32 b Ft(!)h Fw(T)p Fu(\))f Ft(\002)h Fu(\()p
+Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)p Fu(\))g Ft(\002)g
+Fu(\()p Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)p Fu(\))515
+1082 y Ft(!)f Fu(\()p Fw(State)h Fo(,)-17 b Ft(!)32 b
+Fw(State)p Fu(\))0 1282 y(and)h(is)f(de\014ned)i(b)m(y)244
+1563 y(cond\()p Fs(p)6 b Fu(,)33 b Fs(g)652 1578 y Fn(1)691
+1563 y Fu(,)f Fs(g)804 1578 y Fn(2)843 1563 y Fu(\))h
+Fs(s)41 b Fu(=)1103 1389 y Fg(8)1103 1464 y(<)1103 1613
+y(:)1218 1479 y Fs(g)1272 1494 y Fn(1)1344 1479 y Fs(s)91
+b Fu(if)31 b Fs(p)39 b(s)h Fu(=)33 b Fw(tt)1218 1646
+y Fs(g)1272 1661 y Fn(2)1344 1646 y Fs(s)91 b Fu(if)31
+b Fs(p)39 b(s)h Fu(=)33 b Fw(\013)0 1845 y Fu(The)e(\014rst)g
+(parameter)f(to)f(`cond')i(is)f(a)g(function)g(that,)g(when)i(supplied)
+e(with)f(an)i(argumen)m(t,)0 1965 y(will)d(select)i(either)g(the)h
+(second)g(or)f(the)g(third)f(parameter)h(of)f(`cond')i(and)f(then)h
+(supply)g(that)0 2085 y(parameter)h(with)g(the)h(same)g(argumen)m(t.)43
+b(Th)m(us)34 b(w)m(e)g(ha)m(v)m(e)244 2285 y Ft(S)312
+2300 y Fn(ds)383 2285 y Fu([)-17 b([)p Fr(if)34 b Fs(b)k
+Fr(then)c Fs(S)944 2300 y Fn(1)1015 2285 y Fr(else)g
+Fs(S)1320 2300 y Fn(2)1359 2285 y Fu(])-17 b(])33 b Fs(s)530
+2450 y Fu(=)99 b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(],)33 b Ft(S)1266 2465 y Fn(ds)1337 2450
+y Fu([)-17 b([)q Fs(S)1442 2465 y Fn(1)1481 2450 y Fu(])g(],)33
+b Ft(S)1646 2465 y Fn(ds)1717 2450 y Fu([)-17 b([)q Fs(S)1822
+2465 y Fn(2)1861 2450 y Fu(])g(])q(\))32 b Fs(s)530 2870
+y Fu(=)705 2546 y Fg(8)705 2621 y(>)705 2646 y(>)705
+2670 y(>)705 2695 y(>)705 2720 y(>)705 2745 y(>)705 2770
+y(<)705 2920 y(>)705 2944 y(>)705 2969 y(>)705 2994 y(>)705
+3019 y(>)705 3044 y(>)705 3069 y(:)821 2617 y Fs(s)869
+2581 y Fi(0)1139 2617 y Fu(if)g Ft(B)s Fu([)-17 b([)q
+Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)h
+Ft(S)1990 2632 y Fn(ds)2061 2617 y Fu([)-17 b([)p Fs(S)2165
+2632 y Fn(1)2205 2617 y Fu(])g(])p Fs(s)41 b Fu(=)32
+b Fs(s)2479 2581 y Fi(0)1139 2785 y Fu(or)h(if)e Ft(B)t
+Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40 b Fu(=)33
+b Fw(\013)g Fu(and)f Ft(S)2087 2800 y Fn(ds)2158 2785
+y Fu([)-17 b([)q Fs(S)2263 2800 y Fn(2)2302 2785 y Fu(])g(])q
+Fs(s)40 b Fu(=)33 b Fs(s)2577 2749 y Fi(0)821 2953 y
+Fu(undef)p 821 2966 236 4 v 83 w(if)f Ft(B)s Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(tt)g
+Fu(and)h Ft(S)1990 2968 y Fn(ds)2061 2953 y Fu([)-17
+b([)p Fs(S)2165 2968 y Fn(1)2205 2953 y Fu(])g(])p Fs(s)41
+b Fu(=)32 b(undef)p 2431 2966 V 1139 3120 a(or)h(if)e
+Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40
+b Fu(=)33 b Fw(\013)g Fu(and)f Ft(S)2087 3135 y Fn(ds)2158
+3120 y Fu([)-17 b([)q Fs(S)2263 3135 y Fn(2)2302 3120
+y Fu(])g(])q Fs(s)40 b Fu(=)33 b(undef)p 2529 3133 V
+0 3313 a(So)f(if)e(the)j(selected)g(branc)m(h)f(giv)m(es)h(a)e
+(de\014ned)j(result)d(then)i(so)f(do)s(es)g(the)h(conditional.)40
+b(Note)0 3434 y(that)32 b(since)h Ft(B)t Fu([)-17 b([)p
+Fs(b)6 b Fu(])-17 b(])33 b(is)g(a)f(total)f(function,)h
+Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)40
+b Fu(cannot)33 b(b)s(e)g(undef)p 2227 3447 V(.)146 3554
+y(De\014ning)38 b(the)i(e\013ect)g(of)e Fr(while)i Fs(b)45
+b Fr(do)39 b Fs(S)51 b Fu(is)38 b(a)h(ma)5 b(jor)38 b(task.)63
+b(T)-8 b(o)39 b(motiv)-5 b(ate)37 b(the)i(actual)0 3674
+y(de\014nition)32 b(w)m(e)h(\014rst)g(observ)m(e)i(that)d(the)h
+(e\013ect)g(of)f Fr(while)i Fs(b)39 b Fr(do)33 b Fs(S)44
+b Fu(m)m(ust)33 b(equal)f(that)h(of)244 3874 y Fr(if)g
+Fs(b)38 b Fr(then)c Fu(\()p Fs(S)12 b Fu(;)32 b Fr(while)i
+Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(\))32 b Fr(else)i(skip)0
+4074 y Fu(Using)e(the)h(parts)g(of)f Ft(S)871 4089 y
+Fn(ds)975 4074 y Fu(that)g(ha)m(v)m(e)i(already)e(b)s(een)h(de\014ned,)
+h(this)f(giv)m(es)269 4241 y Ft(S)337 4256 y Fn(ds)408
+4241 y Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33
+b Fs(S)12 b Fu(])-17 b(])33 b(=)f(cond\()p Ft(B)t Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(S)1758 4256 y Fn(ds)1830
+4241 y Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33
+b Fs(S)12 b Fu(])-17 b(])33 b Ft(\016)f(S)2662 4256 y
+Fn(ds)2733 4241 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(,)32
+b(id\))294 b(\(*\))0 4409 y(Note)35 b(that)f(w)m(e)i(cannot)f(use)h
+(\(*\))e(as)h(the)g(de\014nition)f(of)g Ft(S)2158 4424
+y Fn(ds)2229 4409 y Fu([)-17 b([)q Fr(while)36 b Fs(b)k
+Fr(do)c Fs(S)12 b Fu(])-17 b(])35 b(b)s(ecause)h(then)0
+4529 y Ft(S)68 4544 y Fn(ds)172 4529 y Fu(w)m(ould)c
+Fs(not)42 b Fu(b)s(e)33 b(a)f(comp)s(ositional)d(de\014nition.)43
+b(Ho)m(w)m(ev)m(er,)35 b(\(*\))d(expresses)j(that)244
+4729 y Ft(S)312 4744 y Fn(ds)383 4729 y Fu([)-17 b([)p
+Fr(while)31 b Fs(b)k Fr(do)30 b Fs(S)12 b Fu(])-17 b(])30
+b(m)m(ust)f(b)s(e)g(a)g Fs(\014xe)-5 b(d)32 b(p)-5 b(oint)29
+b Fu(of)f(the)i(functional)e Fs(F)42 b Fu(de\014ned)31
+b(b)m(y)458 4931 y Fs(F)46 b(g)41 b Fu(=)32 b(cond\()p
+Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(g)41
+b Ft(\016)33 b(S)1491 4946 y Fn(ds)1563 4931 y Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))0 5133 y(that)39
+b(is)g Ft(S)391 5148 y Fn(ds)462 5133 y Fu([)-17 b([)q
+Fr(while)41 b Fs(b)k Fr(do)40 b Fs(S)12 b Fu(])-17 b(])40
+b(=)g Fs(F)52 b Fu(\()p Ft(S)1510 5148 y Fn(ds)1581 5133
+y Fu([)-17 b([)q Fr(while)41 b Fs(b)k Fr(do)40 b Fs(S)12
+b Fu(])-17 b(])q(\).)64 b(In)40 b(this)f(w)m(a)m(y)i(w)m(e)g(will)c
+(get)j(a)0 5254 y(comp)s(ositional)28 b(de\014nition)j(of)g
+Ft(S)1231 5269 y Fn(ds)1334 5254 y Fu(b)s(ecause)i(when)g(de\014ning)f
+Fs(F)44 b Fu(w)m(e)33 b(only)e(apply)h Ft(S)3116 5269
+y Fn(ds)3219 5254 y Fu(to)f(the)0 5374 y(immediate)g(constituen)m(ts)k
+(of)f Fr(while)h Fs(b)k Fr(do)c Fs(S)45 b Fu(and)34 b(not)g(to)g(the)g
+(construct)h(itself.)46 b(Th)m(us)35 b(w)m(e)0 5494 y(write)p
+eop
+%%Page: 88 98
+88 97 bop 251 130 a Fw(88)2034 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(S)595
+530 y Fn(ds)666 515 y Fu([)-17 b([)q Fr(while)34 b Fs(b)k
+Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)g(FIX)f Fs(F)704
+683 y Fu(where)i Fs(F)45 b(g)c Fu(=)33 b(cond\()p Ft(B)t
+Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Fs(g)41
+b Ft(\016)33 b(S)2019 698 y Fn(ds)2090 683 y Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))283 897 y(to)i(indicate)e
+(that)i Ft(S)1053 912 y Fn(ds)1125 897 y Fu([)-17 b([)p
+Fr(while)35 b Fs(b)k Fr(do)c Fs(S)12 b Fu(])-17 b(])33
+b(is)h(a)f(\014xed)i(p)s(oin)m(t)d(of)h Fs(F)13 b Fu(.)34
+b(The)h(functionalit)m(y)c(of)i(the)283 1017 y(auxiliary)e(function)h
+(FIX)g(is)527 1231 y(FIX:)h(\(\()p Fw(State)f Fo(,)-17
+b Ft(!)33 b Fw(State)p Fu(\))g Ft(!)f Fu(\()p Fw(State)g
+Fo(,)-17 b Ft(!)33 b Fw(State)p Fu(\)\))f Ft(!)g Fu(\()p
+Fw(State)h Fo(,)-17 b Ft(!)33 b Fw(State)p Fu(\))283
+1477 y Fw(Example)k(4.1)49 b Fu(Consider)33 b(the)g(statemen)m(t)527
+1691 y Fr(while)h Ft(:)q Fu(\()p Fr(x)e Fu(=)h Fr(0)p
+Fu(\))f Fr(do)h(skip)283 1905 y Fu(It)g(is)f(easy)i(to)e(v)m(erify)h
+(that)f(the)h(corresp)s(onding)g(functional)e Fs(F)2633
+1868 y Fi(0)2689 1905 y Fu(is)h(de\014ned)i(b)m(y)527
+2200 y(\()p Fs(F)642 2164 y Fi(0)698 2200 y Fs(g)9 b
+Fu(\))32 b Fs(s)41 b Fu(=)1011 2026 y Fg(8)1011 2101
+y(<)1011 2250 y(:)1126 2116 y Fs(g)g(s)92 b Fu(if)31
+b Fs(s)41 b Fr(x)32 b Ft(6)p Fu(=)h Fw(0)1126 2283 y
+Fs(s)178 b Fu(if)31 b Fs(s)41 b Fr(x)32 b Fu(=)h Fw(0)283
+2496 y Fu(The)h(function)e Fs(g)920 2511 y Fn(1)992 2496
+y Fu(de\014ned)i(b)m(y)527 2791 y Fs(g)581 2806 y Fn(1)653
+2791 y Fs(s)40 b Fu(=)842 2617 y Fg(8)842 2692 y(<)842
+2841 y(:)957 2707 y Fu(undef)p 957 2720 236 4 v 84 w(if)31
+b Fs(s)41 b Fr(x)33 b Ft(6)p Fu(=)f Fw(0)957 2874 y Fs(s)279
+b Fu(if)31 b Fs(s)41 b Fr(x)33 b Fu(=)f Fw(0)283 3091
+y Fu(is)h(a)f(\014xed)i(p)s(oin)m(t)d(of)h Fs(F)1141
+3055 y Fi(0)1197 3091 y Fu(b)s(ecause)577 3386 y(\()p
+Fs(F)692 3350 y Fi(0)748 3386 y Fs(g)802 3401 y Fn(1)841
+3386 y Fu(\))g Fs(s)108 b Fu(=)1235 3212 y Fg(8)1235
+3287 y(<)1235 3436 y(:)1350 3302 y Fs(g)1404 3317 y Fn(1)1475
+3302 y Fs(s)91 b Fu(if)32 b Fs(s)41 b Fr(x)32 b Ft(6)p
+Fu(=)h Fw(0)1350 3469 y Fs(s)216 b Fu(if)32 b Fs(s)41
+b Fr(x)32 b Fu(=)h Fw(0)1059 3739 y Fu(=)1235 3564 y
+Fg(8)1235 3639 y(<)1235 3789 y(:)1350 3654 y Fu(undef)p
+1350 3667 V 84 w(if)e Fs(s)41 b Fr(x)32 b Ft(6)p Fu(=)h
+Fw(0)1350 3822 y Fs(s)279 b Fu(if)31 b Fs(s)41 b Fr(x)32
+b Fu(=)h Fw(0)1059 3947 y Fu(=)100 b Fs(g)1289 3962 y
+Fn(1)1360 3947 y Fs(s)283 4155 y Fu(Next)34 b(w)m(e)g(claim)c(that)i
+(the)h(function)f Fs(g)1741 4170 y Fn(2)1813 4155 y Fu(de\014ned)i(b)m
+(y)527 4369 y Fs(g)581 4384 y Fn(2)653 4369 y Fs(s)40
+b Fu(=)33 b(undef)p 842 4382 V 33 w(for)f(all)f Fs(s)283
+4583 y Fu(cannot)39 b(b)s(e)g(a)f(\014xed)h(p)s(oin)m(t)f(for)g
+Fs(F)1569 4546 y Fi(0)1592 4583 y Fu(.)61 b(The)39 b(reason)g(is)f
+(that)g(if)g Fs(s)2661 4546 y Fi(0)2722 4583 y Fu(is)g(a)g(state)h
+(with)f Fs(s)3434 4546 y Fi(0)3496 4583 y Fr(x)h Fu(=)f
+Fw(0)283 4703 y Fu(then)c(\()p Fs(F)621 4667 y Fi(0)676
+4703 y Fs(g)730 4718 y Fn(2)769 4703 y Fu(\))f Fs(s)888
+4667 y Fi(0)944 4703 y Fu(=)f Fs(s)1100 4667 y Fi(0)1156
+4703 y Fu(whereas)i Fs(g)1579 4718 y Fn(2)1651 4703 y
+Fs(s)1699 4667 y Fi(0)1755 4703 y Fu(=)e(undef)p 1863
+4716 V 1 w(.)1555 b Fh(2)430 4946 y Fu(Unfortunately)-8
+b(,)39 b(this)g(do)s(es)f Fs(not)48 b Fu(su\016ce)40
+b(for)e(de\014ning)h Ft(S)2590 4961 y Fn(ds)2662 4946
+y Fu([)-17 b([)p Fr(while)40 b Fs(b)k Fr(do)39 b Fs(S)12
+b Fu(])-17 b(])q(.)61 b(W)-8 b(e)39 b(face)283 5067 y(t)m(w)m(o)34
+b(problems:)429 5281 y Ft(\017)48 b Fu(there)34 b(are)e(functionals)g
+(that)g(ha)m(v)m(e)i Fs(mor)-5 b(e)34 b(than)h(one)f(\014xe)-5
+b(d)34 b(p)-5 b(oint)p Fu(,)33 b(and)429 5494 y Ft(\017)48
+b Fu(there)34 b(are)e(functionals)g(that)g(ha)m(v)m(e)i
+Fs(no)g(\014xe)-5 b(d)35 b(p)-5 b(oint)41 b Fu(at)32
+b(all.)p eop
+%%Page: 89 99
+89 98 bop 0 130 a Fw(4.1)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:)50
+b(sp)s(eci\014cation)1342 b(89)p 0 193 3473 4 v 0 515
+a Fu(The)39 b(functional)e Fs(F)747 479 y Fi(0)808 515
+y Fu(of)h(Example)f(4.1)h(has)h(more)e(than)h(one)h(\014xed)g(p)s(oin)m
+(t.)60 b(In)38 b(fact,)i Fs(every)0 636 y Fu(function)34
+b Fs(g)438 600 y Fi(0)495 636 y Fu(of)f Fw(State)h Fo(,)-17
+b Ft(!)35 b Fw(State)f Fu(satisfying)f Fs(g)1820 600
+y Fi(0)1877 636 y Fs(s)42 b Fu(=)34 b Fs(s)42 b Fu(if)33
+b Fs(s)42 b Fr(x)35 b Fu(=)f Fw(0)g Fu(will)e(b)s(e)i(a)g(\014xed)h(p)s
+(oin)m(t)0 756 y(of)d Fs(F)188 720 y Fi(0)211 756 y Fu(.)146
+877 y(T)-8 b(o)28 b(giv)m(e)g(an)f(example)h(of)f(a)g(functional)f
+(that)i(has)g(no)g(\014xed)g(p)s(oin)m(ts)g(consider)g
+Fs(F)3102 892 y Fn(1)3169 877 y Fu(de\014ned)0 997 y(b)m(y)244
+1277 y Fs(F)321 1292 y Fn(1)393 1277 y Fs(g)41 b Fu(=)587
+1103 y Fg(8)587 1178 y(<)587 1327 y(:)703 1193 y Fs(g)757
+1208 y Fn(1)879 1193 y Fu(if)31 b Fs(g)41 b Fu(=)33 b
+Fs(g)1217 1208 y Fn(2)703 1360 y Fs(g)757 1375 y Fn(2)879
+1360 y Fu(otherwise)0 1558 y(If)f Fs(g)151 1573 y Fn(1)190
+1558 y Ft(6)p Fu(=)p Fs(g)320 1573 y Fn(2)391 1558 y
+Fu(then)h(clearly)f(there)h(will)d(b)s(e)i(no)h(function)e
+Fs(g)2061 1573 y Fn(0)2133 1558 y Fu(suc)m(h)j(that)e
+Fs(F)2641 1573 y Fn(1)2712 1558 y Fs(g)2766 1573 y Fn(0)2838
+1558 y Fu(=)g Fs(g)3000 1573 y Fn(0)3039 1558 y Fu(.)43
+b(Th)m(us)34 b Fs(F)3433 1573 y Fn(1)0 1678 y Fu(has)f(no)f(\014xed)i
+(p)s(oin)m(ts)e(at)h(all.)0 1900 y Fw(Exercise)j(4.2)49
+b Fu(Determine)32 b(the)h(functional)e Fs(F)45 b Fu(asso)s(ciated)33
+b(with)f(the)h(statemen)m(t)244 2099 y Fr(while)h Ft(:)p
+Fu(\()p Fr(x)p Fu(=)p Fr(0)p Fu(\))f Fr(do)g(x)g Fu(:=)f
+Fr(x)p Ft(\000)p Fr(1)0 2298 y Fu(using)27 b(the)g(seman)m(tic)g
+(equations)h(of)f(T)-8 b(able)26 b(4.1.)42 b(Consider)27
+b(the)h(follo)m(wing)c(partial)h(functions)0 2418 y(of)32
+b Fw(State)h Fo(,)-17 b Ft(!)32 b Fw(State)p Fu(:)244
+2617 y Fs(g)298 2632 y Fn(1)369 2617 y Fs(s)41 b Fu(=)32
+b(undef)p 558 2630 236 4 v 34 w(for)g(all)e Fs(s)244
+2866 y(g)298 2881 y Fn(2)369 2866 y Fs(s)41 b Fu(=)558
+2692 y Fg(8)558 2767 y(<)558 2916 y(:)674 2782 y Fs(s)8
+b Fu([)p Fr(x)p Ft(7!)p Fw(0)p Fu(])83 b(if)31 b Fs(s)41
+b Fr(x)33 b Ft(\025)g Fw(0)674 2949 y Fu(undef)p 674
+2962 V 157 w(if)e Fs(s)41 b Fr(x)33 b Fo(<)f Fw(0)244
+3221 y Fs(g)298 3236 y Fn(3)369 3221 y Fs(s)41 b Fu(=)558
+3046 y Fg(8)558 3121 y(<)558 3271 y(:)674 3136 y Fs(s)8
+b Fu([)p Fr(x)p Ft(7!)p Fw(0)p Fu(])83 b(if)31 b Fs(s)41
+b Fr(x)33 b Ft(\025)g Fw(0)674 3304 y Fs(s)352 b Fu(if)31
+b Fs(s)41 b Fr(x)33 b Fo(<)f Fw(0)244 3476 y Fs(g)298
+3491 y Fn(4)369 3476 y Fs(s)41 b Fu(=)32 b Fs(s)8 b Fu([)p
+Fr(x)p Ft(7!)p Fw(0)p Fu(])33 b(for)f(all)f Fs(s)244
+3643 y(g)298 3658 y Fn(5)369 3643 y Fs(s)41 b Fu(=)32
+b Fs(s)41 b Fu(for)32 b(all)f Fs(s)0 3842 y Fu(Determine)h(whic)m(h)h
+(of)f(these)i(functions)e(are)h(\014xed)g(p)s(oin)m(ts)g(of)f
+Fs(F)13 b Fu(.)955 b Fh(2)0 4064 y Fw(Exercise)36 b(4.3)49
+b Fu(Consider)33 b(the)g(follo)m(wing)d(fragmen)m(t)i(of)g(the)h
+(factorial)d(statemen)m(t)244 4263 y Fr(while)k Ft(:)p
+Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
+Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
+Fr(x)p Ft(\000)p Fr(1)p Fu(\))0 4462 y(Determine)40 b(the)i(functional)
+d Fs(F)54 b Fu(asso)s(ciated)41 b(with)g(this)g(statemen)m(t.)70
+b(Determine)40 b(at)h(least)0 4582 y(t)m(w)m(o)33 b(di\013eren)m(t)g
+(\014xed)h(p)s(oin)m(ts)e(for)g Fs(F)13 b Fu(.)2047 b
+Fh(2)0 4870 y Fp(Requiremen)l(ts)47 b(on)d(the)i(\014xed)e(p)t(oin)l(t)
+0 5055 y Fu(Our)h(solution)e(to)i(the)g(t)m(w)m(o)g(problems)g(listed)e
+(ab)s(o)m(v)m(e)j(will)d(b)s(e)i(to)f(dev)m(elop)i(a)e(framew)m(ork)0
+5175 y(where)145 5374 y Ft(\017)49 b Fu(w)m(e)36 b(imp)s(ose)d
+(requiremen)m(ts)j(on)e(the)i(\014xed)f(p)s(oin)m(ts)g(and)g(sho)m(w)g
+(that)g(there)g(is)g(at)f(most)244 5494 y(one)f(\014xed)g(p)s(oin)m(t)f
+(ful\014lling)d(these)34 b(requiremen)m(ts,)g(and)p eop
+%%Page: 90 100
+90 99 bop 251 130 a Fw(90)2034 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 429 515 a Ft(\017)48
+b Fu(all)35 b(functionals)g(originating)e(from)j(statemen)m(ts)h(in)f
+Fw(While)f Fu(do)i(ha)m(v)m(e)h(a)e(\014xed)i(p)s(oin)m(t)527
+636 y(that)33 b(satis\014es)g(these)h(requiremen)m(ts.)430
+833 y(T)-8 b(o)28 b(motiv)-5 b(ate)26 b(our)i(c)m(hoice)h(of)e
+(requiremen)m(ts)i(let)f(us)h(consider)f(the)h(execution)f(of)g(a)g
+(state-)283 953 y(men)m(t)33 b Fr(while)h Fs(b)k Fr(do)33
+b Fs(S)45 b Fu(from)31 b(a)h(state)h Fs(s)1735 968 y
+Fn(0)1775 953 y Fu(.)43 b(There)34 b(are)f(three)g(p)s(ossible)f
+(outcomes:)367 1151 y Fw(A)p Fu(:)48 b(it)32 b Fs(terminates)8
+b Fu(,)372 1352 y Fw(B)p Fu(:)48 b(it)32 b Fs(lo)-5 b(ops)40
+b(lo)-5 b(c)g(al)5 b(ly)k Fu(,)32 b(that)g(is)g(there)h(is)g(a)f
+(construct)i(in)d Fs(S)45 b Fu(that)32 b(lo)s(ops,)g(or)371
+1553 y Fw(C)p Fu(:)48 b(it)32 b Fs(lo)-5 b(ops)40 b(glob)-5
+b(al)5 b(ly)k Fu(,)32 b(that)g(is)g(the)h(outer)g Fr(while)p
+Fu(-construct)h(lo)s(ops.)283 1751 y(W)-8 b(e)40 b(shall)d(no)m(w)j(in)
+m(v)m(estigate)e(what)i(can)f(b)s(e)g(said)f(ab)s(out)g(the)i
+(functional)d Fs(F)51 b Fu(and)39 b(its)g(\014xed)283
+1871 y(p)s(oin)m(ts)33 b(in)e(eac)m(h)j(of)e(the)h(three)g(cases.)283
+2039 y Fw(The)e(case)h(A)p Fu(:)e(In)h(this)f(case)i(the)f(execution)g
+(of)f Fr(while)i Fs(b)37 b Fr(do)31 b Fs(S)42 b Fu(from)29
+b Fs(s)2975 2054 y Fn(0)3046 2039 y Fu(terminates.)42
+b(This)283 2159 y(means)33 b(that)f(there)i(are)e(states)i
+Fs(s)1531 2174 y Fn(1)1570 2159 y Fu(,)f Ft(\001)17 b(\001)g(\001)n
+Fu(,)33 b Fs(s)1854 2174 y Fn(n)1930 2159 y Fu(suc)m(h)h(that)527
+2438 y Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33
+b Fs(s)802 2453 y Fn(i)859 2438 y Fu(=)967 2264 y Fg(8)967
+2338 y(<)967 2488 y(:)1082 2353 y Fw(tt)83 b Fu(if)31
+b(i)p Fo(<)p Fu(n)1082 2521 y Fw(\013)106 b Fu(if)31
+b(i=n)283 2717 y(and)527 2914 y Ft(S)595 2929 y Fn(ds)666
+2914 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])33 b Fs(s)889
+2929 y Fn(i)945 2914 y Fu(=)g Fs(s)1102 2929 y Fn(i+1)1313
+2914 y Fu(for)f(i)p Fo(<)p Fu(n)283 3111 y(An)c(example)g(of)f(a)g
+(statemen)m(t)i(and)f(a)f(state)h(satisfying)f(these)i(conditions)e(is)
+g(the)h(statemen)m(t)527 3309 y Fr(while)34 b(0)p Ft(\024)q
+Fr(x)f(do)g(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)283 3506
+y Fu(and)h(an)m(y)g(state)g(where)h Fr(x)f Fu(has)g(a)f(non-negativ)m
+(e)h(v)-5 b(alue.)430 3626 y(Let)40 b Fs(g)666 3641 y
+Fn(0)744 3626 y Fu(b)s(e)g(an)m(y)h(\014xed)f(p)s(oin)m(t)f(of)g
+Fs(F)13 b Fu(,)40 b(that)g(is)f(assume)h(that)f Fs(F)53
+b(g)2899 3641 y Fn(0)2978 3626 y Fu(=)39 b Fs(g)3147
+3641 y Fn(0)3186 3626 y Fu(.)65 b(In)40 b(the)g(case)283
+3747 y(where)34 b(i)p Fo(<)p Fu(n)e(w)m(e)i(calculate)577
+3919 y Fs(g)631 3934 y Fn(0)703 3919 y Fs(s)751 3934
+y Fn(i)874 3919 y Fu(=)100 b(\()p Fs(F)45 b(g)1251 3934
+y Fn(0)1290 3919 y Fu(\))33 b Fs(s)1409 3934 y Fn(i)874
+4087 y Fu(=)100 b(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6
+b Fu(])-17 b(])q(,)32 b Fs(g)1596 4102 y Fn(0)1668 4087
+y Ft(\016)g(S)1818 4102 y Fn(ds)1889 4087 y Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(],)33 b(id\))f Fs(s)2291 4102
+y Fn(i)874 4254 y Fu(=)100 b Fs(g)1104 4269 y Fn(0)1175
+4254 y Fu(\()p Ft(S)1281 4269 y Fn(ds)1352 4254 y Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(])33 b Fs(s)1575 4269 y Fn(i)1598
+4254 y Fu(\))874 4422 y(=)100 b Fs(g)1104 4437 y Fn(0)1175
+4422 y Fs(s)1223 4437 y Fn(i+1)283 4612 y Fu(In)33 b(the)g(case)h
+(where)g(i=n)d(w)m(e)j(get)577 4801 y Fs(g)631 4816 y
+Fn(0)703 4801 y Fs(s)751 4816 y Fn(n)894 4801 y Fu(=)99
+b(\()p Fs(F)46 b(g)1271 4816 y Fn(0)1310 4801 y Fu(\))32
+b Fs(s)1428 4816 y Fn(n)894 4969 y Fu(=)99 b(cond\()p
+Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(g)1616
+4984 y Fn(0)1687 4969 y Ft(\016)g(S)1838 4984 y Fn(ds)1909
+4969 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))g
+Fs(s)2310 4984 y Fn(n)894 5136 y Fu(=)99 b(id)32 b Fs(s)1231
+5151 y Fn(n)894 5304 y Fu(=)99 b Fs(s)1117 5319 y Fn(n)283
+5494 y Fu(Th)m(us)35 b Fs(every)41 b Fu(\014xed)34 b(p)s(oin)m(t)d
+Fs(g)1339 5509 y Fn(0)1411 5494 y Fu(of)h Fs(F)45 b Fu(will)31
+b(satisfy)p eop
+%%Page: 91 101
+91 100 bop 0 130 a Fw(4.1)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:)50
+b(sp)s(eci\014cation)1342 b(91)p 0 193 3473 4 v 244 515
+a Fs(g)298 530 y Fn(0)369 515 y Fs(s)417 530 y Fn(0)489
+515 y Fu(=)33 b Fs(s)646 530 y Fn(n)0 716 y Fu(so)j(in)e(this)h(case)h
+(w)m(e)h(do)e(not)g(obtain)g(an)m(y)h(additional)c(requiremen)m(ts)k
+(that)g(will)d(help)i(us)h(to)0 836 y(c)m(ho)s(ose)d(one)g(of)f(the)h
+(\014xed)h(p)s(oin)m(ts)e(as)h(the)g(preferred)h(one.)0
+1004 y Fw(The)41 b(case)h(B)p Fu(:)f(In)g(this)g(case)h(the)g
+(execution)f(of)g Fr(while)h Fs(b)47 b Fr(do)42 b Fs(S)53
+b Fu(from)39 b Fs(s)2833 1019 y Fn(0)2914 1004 y Fu(lo)s(ops)h
+Fs(lo)-5 b(c)g(al)5 b(ly)k Fu(.)0 1124 y(This)33 b(means)f(that)h
+(there)g(are)g(states)g Fs(s)1470 1139 y Fn(1)1510 1124
+y Fu(,)f Ft(\001)17 b(\001)g(\001)n Fu(,)33 b Fs(s)1793
+1139 y Fn(n)1869 1124 y Fu(suc)m(h)h(that)244 1324 y
+Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)486
+1339 y Fn(i)543 1324 y Fu(=)32 b Fw(tt)g Fu(for)g(i)p
+Ft(\024)p Fu(n)0 1524 y(and)244 1787 y Ft(S)312 1802
+y Fn(ds)383 1787 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17
+b(])q Fs(s)573 1802 y Fn(i)629 1787 y Fu(=)738 1612 y
+Fg(8)738 1687 y(<)738 1836 y(:)853 1702 y Fs(s)901 1717
+y Fn(i+1)1172 1702 y Fu(for)32 b(i)p Fo(<)p Fu(n)853
+1870 y(undef)p 853 1883 236 4 v 84 w(for)g(i=n)0 2068
+y(An)c(example)f(of)h(a)f(statemen)m(t)h(and)g(a)g(state)g(satisfying)f
+(these)i(conditions)d(is)i(the)g(statemen)m(t)244 2268
+y Fr(while)34 b(0)p Ft(\024)p Fr(x)f(do)g Fu(\()p Fr(if)g(x)p
+Fu(=)p Fr(0)g(then)h Fu(\()p Fr(while)g(true)f(do)g(skip)p
+Fu(\))1264 2436 y Fr(else)h(x)f Fu(:=)f Fr(x)p Ft(\000)p
+Fr(1)p Fu(\))0 2636 y(and)h(an)m(y)g(state)g(where)h
+Fr(x)f Fu(has)f(a)h(non-negativ)m(e)f(v)-5 b(alue.)146
+2757 y(Let)37 b Fs(g)379 2772 y Fn(0)454 2757 y Fu(b)s(e)f(an)m(y)h
+(\014xed)g(p)s(oin)m(t)f(of)f Fs(F)13 b Fu(,)37 b(that)e(is)h
+Fs(F)49 b(g)2014 2772 y Fn(0)2089 2757 y Fu(=)36 b Fs(g)2255
+2772 y Fn(0)2294 2757 y Fu(.)55 b(In)36 b(the)h(case)g(where)g(i)p
+Fo(<)p Fu(n)e(w)m(e)0 2877 y(obtain)244 3077 y Fs(g)298
+3092 y Fn(0)369 3077 y Fs(s)417 3092 y Fn(i)474 3077
+y Fu(=)d Fs(g)636 3092 y Fn(0)708 3077 y Fs(s)756 3092
+y Fn(i+1)0 3277 y Fu(just)h(as)g(in)f(the)h(previous)g(case.)44
+b(Ho)m(w)m(ev)m(er,)35 b(in)d(the)h(case)g(where)h(i=n)e(w)m(e)h(get)
+294 3469 y Fs(g)348 3484 y Fn(0)419 3469 y Fs(s)467 3484
+y Fn(n)610 3469 y Fu(=)100 b(\()p Fs(F)45 b(g)987 3484
+y Fn(0)1026 3469 y Fu(\))33 b Fs(s)1145 3484 y Fn(n)610
+3637 y Fu(=)100 b(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6
+b Fu(])-17 b(])q(,)32 b Fs(g)1332 3652 y Fn(0)1404 3637
+y Ft(\016)g(S)1554 3652 y Fn(ds)1625 3637 y Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(],)33 b(id\))f Fs(s)2027 3652
+y Fn(n)610 3804 y Fu(=)100 b(\()p Fs(g)878 3819 y Fn(0)949
+3804 y Ft(\016)33 b(S)1099 3819 y Fn(ds)1171 3804 y Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q(\))32 b Fs(s)1431 3819
+y Fn(n)610 3972 y Fu(=)100 b(undef)p 786 3985 V 0 4165
+a(Th)m(us)34 b Fs(any)41 b Fu(\014xed)34 b(p)s(oin)m(t)e
+Fs(g)985 4180 y Fn(0)1056 4165 y Fu(of)g Fs(F)46 b Fu(will)30
+b(satisfy)244 4365 y Fs(g)298 4380 y Fn(0)369 4365 y
+Fs(s)417 4380 y Fn(0)489 4365 y Fu(=)j(undef)p 598 4378
+V 0 4565 a(so,)e(again,)f(in)g(this)g(case)h(w)m(e)h(do)e(not)g(obtain)
+g(an)m(y)h(additional)d(requiremen)m(ts)j(that)f(will)f(help)0
+4686 y(us)k(to)f(c)m(ho)s(ose)i(one)f(of)f(the)h(\014xed)h(p)s(oin)m
+(ts)e(as)h(the)g(preferred)g(one.)0 4853 y Fw(The)27
+b(case)g(C)p Fu(:)g(The)h(p)s(oten)m(tial)d(di\013erence)i(b)s(et)m(w)m
+(een)i(\014xed)f(p)s(oin)m(ts)e(comes)h(to)f(ligh)m(t)f(when)j(w)m(e)0
+4974 y(consider)j(the)h(p)s(ossibilit)m(y)c(that)j(the)g(execution)h
+(of)e Fr(while)j Fs(b)j Fr(do)c Fs(S)42 b Fu(from)30
+b Fs(s)2804 4989 y Fn(0)2874 4974 y Fu(lo)s(ops)g Fs(glob)-5
+b(al)5 b(ly)k Fu(.)0 5094 y(This)33 b(means)f(that)h(there)g(are)g
+(in\014nitely)e(man)m(y)h(states)i Fs(s)2145 5109 y Fn(1)2184
+5094 y Fu(,)f Ft(\001)17 b(\001)g(\001)31 b Fu(suc)m(h)j(that)244
+5294 y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p
+Fs(s)486 5309 y Fn(i)543 5294 y Fu(=)32 b Fw(tt)g Fu(for)g(all)e(i)0
+5494 y(and)p eop
+%%Page: 92 102
+92 101 bop 251 130 a Fw(92)2034 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(S)595
+530 y Fn(ds)666 515 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])p Fs(s)856 530 y Fn(i)913 515 y Fu(=)32 b Fs(s)1069
+530 y Fn(i+1)1216 515 y Fu(for)g(all)e(i.)283 713 y(An)e(example)g(of)f
+(a)g(statemen)m(t)i(and)f(a)f(state)h(satisfying)f(these)i(conditions)e
+(is)g(the)h(statemen)m(t)527 912 y Fr(while)34 b Ft(:)q
+Fu(\()p Fr(x)p Fu(=)p Fr(0)p Fu(\))e Fr(do)h(skip)283
+1110 y Fu(and)g(an)m(y)g(state)g(where)h Fr(x)f Fu(is)f(not)h(equal)f
+(to)g Fw(0)p Fu(.)430 1230 y(Let)g Fs(g)658 1245 y Fn(0)728
+1230 y Fu(b)s(e)g(an)m(y)h(\014xed)g(p)s(oin)m(t)d(of)i
+Fs(F)13 b Fu(,)31 b(that)h(is)f Fs(F)45 b(g)2249 1245
+y Fn(0)2319 1230 y Fu(=)32 b Fs(g)2481 1245 y Fn(0)2520
+1230 y Fu(.)43 b(As)32 b(in)f(the)i(previous)f(cases)h(w)m(e)283
+1350 y(get)527 1549 y Fs(g)581 1564 y Fn(0)653 1549 y
+Fs(s)701 1564 y Fn(i)757 1549 y Fu(=)g Fs(g)920 1564
+y Fn(0)991 1549 y Fs(s)1039 1564 y Fn(i+1)283 1747 y
+Fu(for)f(all)f(i)p Ft(\025)p Fu(0.)43 b(Th)m(us)34 b(w)m(e)g(ha)m(v)m
+(e)527 1945 y Fs(g)581 1960 y Fn(0)653 1945 y Fs(s)701
+1960 y Fn(0)773 1945 y Fu(=)e Fs(g)935 1960 y Fn(0)1007
+1945 y Fs(s)1055 1960 y Fn(i)1111 1945 y Fu(for)g(all)f(i)283
+2143 y(and)38 b(w)m(e)g(cannot)f(determine)f(the)i(v)-5
+b(alue)36 b(of)g Fs(g)2007 2158 y Fn(0)2083 2143 y Fs(s)2131
+2158 y Fn(0)2208 2143 y Fu(in)g(this)h(w)m(a)m(y)-8 b(.)57
+b(This)37 b(is)g(the)g(situation)f(in)283 2263 y(whic)m(h)e(the)f(v)-5
+b(arious)31 b(\014xed)j(p)s(oin)m(ts)e(of)g Fs(F)46 b
+Fu(ma)m(y)32 b(di\013er.)430 2384 y(This)24 b(is)g(not)g(surprising)g
+(b)s(ecause)h(the)g(statemen)m(t)g Fr(while)h Ft(:)p
+Fu(\()p Fr(x)p Fu(=)p Fr(0)p Fu(\))e Fr(do)h(skip)h Fu(of)d(Example)283
+2504 y(4.1)33 b(has)g(the)g(functional)e Fs(F)1318 2468
+y Fi(0)1373 2504 y Fu(giv)m(en)i(b)m(y)527 2784 y(\()p
+Fs(F)642 2748 y Fi(0)698 2784 y Fs(g)9 b Fu(\))32 b Fs(s)41
+b Fu(=)1011 2609 y Fg(8)1011 2684 y(<)1011 2834 y(:)1126
+2699 y Fs(g)g(s)92 b Fu(if)31 b Fs(s)41 b Fr(x)32 b Ft(6)p
+Fu(=)h Fw(0)1126 2867 y Fs(s)178 b Fu(if)31 b Fs(s)41
+b Fr(x)32 b Fu(=)h Fw(0)283 3063 y Fu(and)38 b Fs(any)45
+b Fu(partial)35 b(function)i Fs(g)45 b Fu(of)37 b Fw(State)g
+Fo(,)-17 b Ft(!)37 b Fw(State)g Fu(satisfying)f Fs(g)46
+b(s)f Fu(=)37 b Fs(s)45 b Fu(if)36 b Fs(s)45 b Fr(x)37
+b Fu(=)g Fw(0)g Fu(will)283 3184 y(indeed)29 b(b)s(e)g(a)f(\014xed)i(p)
+s(oin)m(t)e(of)g Fs(F)1461 3148 y Fi(0)1484 3184 y Fu(.)42
+b(Ho)m(w)m(ev)m(er,)32 b(our)d(computational)c(exp)s(erience)30
+b(tells)e(us)h(that)283 3304 y(w)m(e)34 b(w)m(an)m(t)527
+3565 y Ft(S)595 3580 y Fn(ds)666 3565 y Fu([)-17 b([)q
+Fr(while)34 b Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(0)p Fu(\))f
+Fr(do)g(skip)p Fu(])-17 b(])r Fs(s)1772 3580 y Fn(0)1844
+3565 y Fu(=)1952 3390 y Fg(8)1952 3465 y(<)1952 3614
+y(:)2067 3480 y Fu(undef)p 2067 3493 236 4 v 84 w(if)32
+b Fs(s)2524 3495 y Fn(0)2596 3480 y Fr(x)g Ft(6)p Fu(=)h
+Fw(0)2067 3648 y Fs(s)2115 3663 y Fn(0)2386 3648 y Fu(if)f
+Fs(s)2524 3663 y Fn(0)2596 3648 y Fr(x)g Fu(=)h Fw(0)283
+3848 y Fu(in)c(order)g(to)g(record)h(the)f(lo)s(oping.)40
+b(Th)m(us)31 b(our)e(preferred)h(\014xed)h(p)s(oin)m(t)d(of)h
+Fs(F)3095 3812 y Fi(0)3147 3848 y Fu(is)g(the)g(function)283
+3969 y Fs(g)337 3984 y Fn(0)409 3969 y Fu(de\014ned)34
+b(b)m(y)527 4248 y Fs(g)581 4263 y Fn(0)653 4248 y Fs(s)40
+b Fu(=)842 4074 y Fg(8)842 4149 y(<)842 4298 y(:)957
+4164 y Fu(undef)p 957 4177 V 84 w(if)31 b Fs(s)41 b Fr(x)33
+b Ft(6)p Fu(=)f Fw(0)957 4331 y Fs(s)279 b Fu(if)31 b
+Fs(s)41 b Fr(x)33 b Fu(=)f Fw(0)283 4532 y Fu(The)42
+b(prop)s(ert)m(y)f(that)f(distinguishes)g Fs(g)1755 4547
+y Fn(0)1835 4532 y Fu(from)f(some)h(other)h(\014xed)h(p)s(oin)m(t)d
+Fs(g)3148 4496 y Fi(0)3211 4532 y Fu(of)h Fs(F)3407 4496
+y Fi(0)3471 4532 y Fu(is)g(that)283 4652 y(whenev)m(er)c
+Fs(g)766 4667 y Fn(0)837 4652 y Fs(s)41 b Fu(=)32 b Fs(s)1074
+4616 y Fi(0)1130 4652 y Fu(then)h(w)m(e)h(also)d(ha)m(v)m(e)j
+Fs(g)1970 4616 y Fi(0)2026 4652 y Fs(s)40 b Fu(=)33 b
+Fs(s)2263 4616 y Fi(0)2319 4652 y Fu(but)f(not)h(vice)g(v)m(ersa.)430
+4773 y(Generalizing)41 b(this)h(exp)s(erience)j(leads)d(to)h(the)h
+(follo)m(wing)c(requiremen)m(t:)65 b(the)43 b(desired)283
+4893 y(\014xed)34 b(p)s(oin)m(t)e(FIX)g Fs(F)46 b Fu(should)32
+b(b)s(e)h(some)g(partial)d(function)i Fs(g)2525 4908
+y Fn(0)2564 4893 y Fu(:)43 b Fw(State)33 b Fo(,)-17 b
+Ft(!)33 b Fw(State)f Fu(suc)m(h)i(that)429 5091 y Ft(\017)48
+b Fs(g)581 5106 y Fn(0)653 5091 y Fu(is)32 b(a)g(\014xed)i(p)s(oin)m(t)
+e(of)g Fs(F)13 b Fu(,)32 b(that)h(is)f Fs(F)45 b(g)2043
+5106 y Fn(0)2115 5091 y Fu(=)32 b Fs(g)2277 5106 y Fn(0)2316
+5091 y Fu(,)h(and)429 5293 y Ft(\017)48 b Fu(if)32 b
+Fs(g)41 b Fu(is)32 b(another)h(\014xed)g(p)s(oin)m(t)f(of)g
+Fs(F)13 b Fu(,)33 b(that)f(is)g Fs(F)46 b(g)41 b Fu(=)32
+b Fs(g)9 b Fu(,)32 b(then)742 5494 y Fs(g)796 5509 y
+Fn(0)867 5494 y Fs(s)41 b Fu(=)32 b Fs(s)1104 5458 y
+Fi(0)1160 5494 y Fu(implies)e Fs(g)42 b(s)e Fu(=)33 b
+Fs(s)1815 5458 y Fi(0)p eop
+%%Page: 93 103
+93 102 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2183
+b(93)p 0 193 3473 4 v 244 515 a Fu(for)32 b(all)e(c)m(hoices)k(of)e
+Fs(s)41 b Fu(and)32 b Fs(s)1286 479 y Fi(0)1310 515 y
+Fu(.)0 743 y(Note)h(that)f(if)f Fs(g)590 758 y Fn(0)662
+743 y Fs(s)41 b Fu(=)32 b(undef)p 851 756 236 4 v 33
+w(then)h(there)h(are)e(no)h(requiremen)m(ts)g(on)g Fs(g)41
+b(s)8 b Fu(.)0 1009 y Fw(Exercise)36 b(4.4)49 b Fu(Determine)39
+b(whic)m(h)i(of)f(the)h(\014xed)g(p)s(oin)m(ts)f(considered)h(in)e
+(Exercise)j(4.2)e(is)0 1129 y(the)33 b(desired)g(\014xed)h(p)s(oin)m
+(t,)e(if)f(an)m(y)-8 b(.)2122 b Fh(2)0 1391 y Fw(Exercise)36
+b(4.5)49 b Fu(Determine)35 b(the)h(desired)g(\014xed)h(p)s(oin)m(t)e
+(of)g(the)h(functional)e(constructed)j(in)0 1512 y(Exercise)d(4.3.)2862
+b Fh(2)0 1874 y Fj(4.2)161 b(Fixed)54 b(p)t(oin)l(t)g(theory)0
+2102 y Fu(T)-8 b(o)26 b(prepare)h(for)f(a)g(framew)m(ork)g(that)h
+(guaran)m(tees)g(the)g(existence)g(of)f(the)h(desired)g(\014xed)g(p)s
+(oin)m(t)0 2223 y(FIX)35 b Fs(F)47 b Fu(w)m(e)36 b(shall)d(reform)m
+(ulate)h(the)h(requiremen)m(ts)h(to)e(FIX)h Fs(F)47 b
+Fu(in)34 b(a)h(sligh)m(tly)e(more)h(formal)0 2343 y(w)m(a)m(y)-8
+b(.)72 b(The)43 b(\014rst)f(step)h(will)d(b)s(e)i(to)f(formalize)e(the)
+k(requiremen)m(t)f(that)f(FIX)h Fs(F)55 b Fu(shares)43
+b(its)0 2464 y(results)c(with)f(all)f(other)i(\014xed)h(p)s(oin)m(ts.)
+61 b(T)-8 b(o)39 b(do)f(so)h(w)m(e)h(de\014ne)g(an)e
+Fs(or)-5 b(dering)47 b Ft(v)39 b Fu(on)g(partial)0 2584
+y(functions)33 b(of)f Fw(State)g Fo(,)-17 b Ft(!)33 b
+Fw(State)p Fu(.)43 b(W)-8 b(e)33 b(set)244 2811 y Fs(g)298
+2826 y Fn(1)369 2811 y Ft(v)g Fs(g)533 2826 y Fn(2)0
+3039 y Fu(when)38 b(the)f(partial)d(function)j Fs(g)1190
+3054 y Fn(1)1229 3039 y Fu(:)51 b Fw(State)37 b Fo(,)-17
+b Ft(!)37 b Fw(State)f Fs(shar)-5 b(es)38 b(its)h(r)-5
+b(esults)45 b Fu(with)37 b(the)g(partial)0 3159 y(function)32
+b Fs(g)436 3174 y Fn(2)475 3159 y Fu(:)44 b Fw(State)32
+b Fo(,)-17 b Ft(!)33 b Fw(State)f Fu(in)g(the)h(sense)i(that)244
+3386 y(if)c Fs(g)387 3401 y Fn(1)459 3386 y Fs(s)40 b
+Fu(=)33 b Fs(s)696 3350 y Fi(0)752 3386 y Fu(then)g Fs(g)1028
+3401 y Fn(2)1099 3386 y Fs(s)41 b Fu(=)32 b Fs(s)1336
+3350 y Fi(0)0 3613 y Fu(for)g(all)f(c)m(hoices)i(of)f
+Fs(s)41 b Fu(and)32 b Fs(s)1042 3577 y Fi(0)1066 3613
+y Fu(.)0 3880 y Fw(Example)37 b(4.6)48 b Fu(Let)25 b
+Fs(g)875 3895 y Fn(1)914 3880 y Fu(,)h Fs(g)1021 3895
+y Fn(2)1060 3880 y Fu(,)g Fs(g)1167 3895 y Fn(3)1230
+3880 y Fu(and)e Fs(g)1465 3895 y Fn(4)1528 3880 y Fu(b)s(e)h(partial)d
+(functions)i(in)f Fw(State)h Fo(,)-17 b Ft(!)25 b Fw(State)f
+Fu(de\014ned)0 4000 y(as)33 b(follo)m(ws:)244 4227 y
+Fs(g)298 4242 y Fn(1)369 4227 y Fs(s)41 b Fu(=)32 b Fs(s)41
+b Fu(for)32 b(all)f Fs(s)244 4477 y(g)298 4492 y Fn(2)369
+4477 y Fs(s)41 b Fu(=)558 4302 y Fg(8)558 4377 y(<)558
+4527 y(:)674 4392 y Fs(s)278 b Fu(if)32 b Fs(s)40 b Fr(x)33
+b Ft(\025)g Fw(0)674 4560 y Fu(undef)p 674 4573 V 83
+w(otherwise)244 4831 y Fs(g)298 4846 y Fn(3)369 4831
+y Fs(s)41 b Fu(=)558 4657 y Fg(8)558 4732 y(<)558 4881
+y(:)674 4747 y Fs(s)278 b Fu(if)32 b Fs(s)40 b Fr(x)33
+b Fu(=)g Fw(0)674 4914 y Fu(undef)p 674 4927 V 83 w(otherwise)244
+5186 y Fs(g)298 5201 y Fn(4)369 5186 y Fs(s)41 b Fu(=)558
+5011 y Fg(8)558 5086 y(<)558 5235 y(:)674 5101 y Fs(s)278
+b Fu(if)32 b Fs(s)40 b Fr(x)33 b Ft(\024)g Fw(0)674 5269
+y Fu(undef)p 674 5282 V 83 w(otherwise)0 5494 y(Then)h(w)m(e)f(ha)m(v)m
+(e)p eop
+%%Page: 94 104
+94 103 bop 251 130 a Fw(94)2034 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Fs(g)581
+530 y Fn(1)653 515 y Ft(v)d Fs(g)817 530 y Fn(1)856 515
+y Fu(,)527 683 y Fs(g)581 698 y Fn(2)653 683 y Ft(v)g
+Fs(g)817 698 y Fn(1)856 683 y Fu(,)f Fs(g)969 698 y Fn(2)1041
+683 y Ft(v)h Fs(g)1205 698 y Fn(2)1244 683 y Fu(,)527
+851 y Fs(g)581 866 y Fn(3)653 851 y Ft(v)g Fs(g)817 866
+y Fn(1)856 851 y Fu(,)f Fs(g)969 866 y Fn(3)1041 851
+y Ft(v)h Fs(g)1205 866 y Fn(2)1244 851 y Fu(,)g Fs(g)1358
+866 y Fn(3)1429 851 y Ft(v)g Fs(g)1593 866 y Fn(3)1632
+851 y Fu(,)g Fs(g)1746 866 y Fn(3)1817 851 y Ft(v)g Fs(g)1981
+866 y Fn(4)2020 851 y Fu(,)g(and)527 1018 y Fs(g)581
+1033 y Fn(4)653 1018 y Ft(v)g Fs(g)817 1033 y Fn(1)856
+1018 y Fu(,)f Fs(g)969 1033 y Fn(4)1041 1018 y Ft(v)h
+Fs(g)1205 1033 y Fn(4)1244 1018 y Fu(.)283 1228 y(It)f(is)f(neither)g
+(the)h(case)g(that)g Fs(g)1451 1243 y Fn(2)1521 1228
+y Ft(v)g Fs(g)1684 1243 y Fn(4)1754 1228 y Fu(nor)g(that)f
+Fs(g)2191 1243 y Fn(4)2261 1228 y Ft(v)h Fs(g)2424 1243
+y Fn(2)2463 1228 y Fu(.)43 b(Pictorially)-8 b(,)29 b(the)i(ordering)g
+(ma)m(y)283 1348 y(b)s(e)i(expressed)j(as)c(follo)m(ws)1262
+1312 y Fn(1)1301 1348 y Fu(:)1366 1666 y Ft(\017)65 b
+Fs(g)1535 1681 y Fn(1)976 1915 y Ft(\017)g Fs(g)1145
+1930 y Fn(2)1756 1915 y Ft(\017)g Fs(g)1925 1930 y Fn(4)1366
+2164 y Ft(\017)g Fs(g)1535 2179 y Fn(3)1275 2139 y Fq(Q)1192
+2084 y(Q)1108 2028 y(Q)1025 1973 y(Q)1416 2139 y(\021)1499
+2084 y(\021)1582 2028 y(\021)1665 1973 y(\021)1275 1713
+y(\021)1192 1768 y(\021)1108 1823 y(\021)1025 1879 y(\021)1416
+1713 y(Q)1499 1768 y(Q)1582 1823 y(Q)1665 1879 y(Q)283
+2456 y Fu(The)29 b(idea)d(is)h(that)g(the)g(smaller)e(elemen)m(ts)j
+(are)f(at)g(the)g(b)s(ottom)f(of)h(the)g(picture)g(and)h(that)e(the)283
+2577 y(lines)38 b(indicate)f(the)i(order)f(b)s(et)m(w)m(een)i(the)f
+(elemen)m(ts.)61 b(Ho)m(w)m(ev)m(er,)42 b(w)m(e)d(shall)e(not)h(dra)m
+(w)h(lines)283 2697 y(when)e(there)g(already)e(is)h(a)f(\\brok)m(en)i
+(line",)e(so)h(the)g(fact)g(that)g Fs(g)2722 2712 y Fn(3)2796
+2697 y Ft(v)h Fs(g)2964 2712 y Fn(1)3038 2697 y Fu(is)f(left)f
+(implicit)d(in)283 2817 y(the)h(picture.)2905 b Fh(2)283
+3054 y Fw(Exercise)37 b(4.7)49 b Fu(Let)33 b Fs(g)1148
+3069 y Fn(1)1187 3054 y Fu(,)f Fs(g)1300 3069 y Fn(2)1372
+3054 y Fu(and)g Fs(g)1615 3069 y Fn(3)1687 3054 y Fu(b)s(e)h(de\014ned)
+h(as)e(follo)m(ws:)527 3345 y Fs(g)581 3360 y Fn(1)653
+3345 y Fs(s)40 b Fu(=)842 3171 y Fg(8)842 3245 y(<)842
+3395 y(:)957 3260 y Fs(s)279 b Fu(if)31 b Fs(s)41 b Fr(x)33
+b Fu(is)f(ev)m(en)957 3428 y(undef)p 957 3441 236 4 v
+84 w(otherwise)527 3699 y Fs(g)581 3714 y Fn(2)653 3699
+y Fs(s)40 b Fu(=)842 3525 y Fg(8)842 3600 y(<)842 3749
+y(:)957 3615 y Fs(s)279 b Fu(if)31 b Fs(s)41 b Fr(x)33
+b Fu(is)f(a)g(prime)957 3782 y(undef)p 957 3795 V 84
+w(otherwise)527 3922 y Fs(g)581 3937 y Fn(3)653 3922
+y Fs(s)40 b Fu(=)33 b Fs(s)283 4132 y Fu(First,)42 b(determine)d(the)i
+(ordering)e(among)g(these)i(partial)d(functions.)66 b(Next,)42
+b(determine)e(a)283 4252 y(partial)32 b(function)i Fs(g)1037
+4267 y Fn(4)1109 4252 y Fu(suc)m(h)i(that)e Fs(g)1598
+4267 y Fn(4)1670 4252 y Ft(v)h Fs(g)1836 4267 y Fn(1)1875
+4252 y Fu(,)f Fs(g)1990 4267 y Fn(4)2063 4252 y Ft(v)g
+Fs(g)2228 4267 y Fn(2)2301 4252 y Fu(and)g Fs(g)2546
+4267 y Fn(4)2619 4252 y Ft(v)g Fs(g)2784 4267 y Fn(3)2823
+4252 y Fu(.)48 b(Finally)-8 b(,)32 b(determine)h(a)283
+4372 y(partial)c(function)h Fs(g)1030 4387 y Fn(5)1099
+4372 y Fu(suc)m(h)i(that)e Fs(g)1580 4387 y Fn(1)1650
+4372 y Ft(v)h Fs(g)1812 4387 y Fn(5)1851 4372 y Fu(,)g
+Fs(g)1963 4387 y Fn(2)2032 4372 y Ft(v)g Fs(g)2194 4387
+y Fn(5)2264 4372 y Fu(and)f Fs(g)2505 4387 y Fn(5)2575
+4372 y Ft(v)h Fs(g)2737 4387 y Fn(3)2806 4372 y Fu(but)g
+Fs(g)3037 4387 y Fn(5)3106 4372 y Fu(is)f(neither)h(equal)283
+4493 y(to)i Fs(g)457 4508 y Fn(1)496 4493 y Fu(,)f Fs(g)609
+4508 y Fn(2)681 4493 y Fu(nor)g Fs(g)908 4508 y Fn(3)947
+4493 y Fu(.)2707 b Fh(2)283 4729 y Fw(Exercise)37 b(4.8)49
+b(\(Essen)m(tial\))36 b Fu(An)j(alternativ)m(e)f(c)m(haracterization)f
+(of)h(the)h(ordering)f Ft(v)h Fu(on)283 4850 y Fw(State)33
+b Fo(,)-17 b Ft(!)33 b Fw(State)f Fu(is)552 5017 y Fs(g)606
+5032 y Fn(1)678 5017 y Ft(v)h Fs(g)842 5032 y Fn(2)913
+5017 y Fu(if)f(and)g(only)g(if)g(graph\()p Fs(g)1832
+5032 y Fn(1)1871 5017 y Fu(\))g Ft(\022)h Fu(graph\()p
+Fs(g)2387 5032 y Fn(2)2426 5017 y Fu(\))1167 b(\(*\))283
+5185 y(where)39 b(graph\()p Fs(g)9 b Fu(\))36 b(is)h(the)g(graph)g(of)g
+(the)h(partial)d(function)h Fs(g)46 b Fu(as)37 b(de\014ned)i(in)d(App)s
+(endix)i(A.)283 5305 y(Pro)m(v)m(e)c(that)f(\(*\))f(is)g(indeed)h
+(correct.)2028 b Fh(2)p 283 5403 1389 4 v 396 5464 a
+Fm(1)433 5494 y Fk(Suc)n(h)28 b(a)f(diagram)f(is)h(sometimes)h(called)f
+(a)g(Hasse)g(diagram.)p eop
+%%Page: 95 105
+95 104 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2183
+b(95)p 0 193 3473 4 v 146 515 a Fu(The)47 b(set)f Fw(State)f
+Fo(,)-17 b Ft(!)45 b Fw(State)g Fu(equipp)s(ed)h(with)f(the)h(ordering)
+e Ft(v)i Fu(is)f(an)g(example)g(of)g(a)0 636 y(partially)32
+b(ordered)j(set)f(as)h(w)m(e)g(shall)e(see)i(in)f(Lemma)f(4.13)g(b)s
+(elo)m(w.)49 b(In)34 b(general,)h(a)e Fs(p)-5 b(artial)5
+b(ly)0 756 y(or)-5 b(der)g(e)g(d)29 b(set)f Fu(is)e(a)h(pair)g(\()p
+Fs(D)9 b Fu(,)27 b Ft(v)1097 771 y Fc(D)1161 756 y Fu(\))g(where)i
+Fs(D)63 b Fu(is)27 b(a)g(set)h(and)f Ft(v)2218 771 y
+Fc(D)2309 756 y Fu(is)g(a)g(relation)e(on)i Fs(D)36 b
+Fu(satisfying)294 999 y Fs(d)42 b Ft(v)464 1014 y Fc(D)560
+999 y Fs(d)1529 b Fu(\(re\015exivit)m(y\))294 1167 y
+Fs(d)354 1182 y Fn(1)426 1167 y Ft(v)503 1182 y Fc(D)600
+1167 y Fs(d)660 1182 y Fn(2)732 1167 y Fu(and)33 b Fs(d)982
+1182 y Fn(2)1054 1167 y Ft(v)1131 1182 y Fc(D)1228 1167
+y Fs(d)1288 1182 y Fn(3)1360 1167 y Fu(imply)d Fs(d)1693
+1182 y Fn(1)1766 1167 y Ft(v)1843 1182 y Fc(D)1940 1167
+y Fs(d)2000 1182 y Fn(3)2139 1167 y Fu(\(transitivit)m(y\))294
+1335 y Fs(d)354 1350 y Fn(1)426 1335 y Ft(v)503 1350
+y Fc(D)600 1335 y Fs(d)660 1350 y Fn(2)732 1335 y Fu(and)j
+Fs(d)982 1350 y Fn(2)1054 1335 y Ft(v)1131 1350 y Fc(D)1228
+1335 y Fs(d)1288 1350 y Fn(1)1360 1335 y Fu(imply)d Fs(d)1693
+1350 y Fn(1)1766 1335 y Fu(=)i Fs(d)1934 1350 y Fn(2)2139
+1335 y Fu(\(an)m(ti-symmetry\))0 1574 y(The)41 b(relation)d
+Ft(v)650 1589 y Fc(D)754 1574 y Fu(is)i(said)f(to)h(b)s(e)g(a)f
+Fs(p)-5 b(artial)42 b(or)-5 b(der)39 b Fu(on)h Fs(D)49
+b Fu(and)40 b(w)m(e)h(shall)d(often)i(omit)e(the)0 1694
+y(subscript)f Fs(D)45 b Fu(of)35 b Ft(v)733 1709 y Fc(D)832
+1694 y Fu(and)h(write)g Ft(v)q Fu(.)53 b(Occasionally)-8
+b(,)35 b(w)m(e)i(ma)m(y)f(write)g Fs(d)2701 1709 y Fn(1)2773
+1694 y Ft(w)d Fs(d)2943 1709 y Fn(2)3018 1694 y Fu(instead)72
+b(of)0 1815 y Fs(d)60 1830 y Fn(2)132 1815 y Ft(v)33
+b Fs(d)302 1830 y Fn(1)373 1815 y Fu(and)e(w)m(e)h(shall)d(sa)m(y)j
+(that)f Fs(d)1366 1830 y Fn(2)1437 1815 y Fs(shar)-5
+b(es)32 b(its)i(information)e(with)38 b(d)2676 1830 y
+Fn(1)2716 1815 y Fu(.)43 b(An)31 b(elemen)m(t)g Fs(d)41
+b Fu(of)0 1935 y Fs(D)h Fu(satisfying)244 2181 y Fs(d)h
+Ft(v)33 b Fs(d)507 2145 y Fi(0)562 2181 y Fu(for)g(all)d
+Fs(d)907 2145 y Fi(0)963 2181 y Fu(of)i Fs(D)0 2427 y
+Fu(is)g(called)f Fs(a)k(le)-5 b(ast)35 b(element)41 b
+Fu(of)32 b Fs(D)42 b Fu(and)32 b(w)m(e)i(shall)d(sa)m(y)j(that)e(it)g
+(con)m(tains)g Fs(no)j(information)p Fu(.)p 0 2556 3473
+5 v 0 2782 a Fw(F)-9 b(act)37 b(4.9)49 b Fu(If)31 b(a)f(partially)e
+(ordered)j(set)g(\()p Fs(D)9 b Fu(,)30 b Ft(v)q Fu(\))g(has)h(a)f
+(least)g(elemen)m(t)h Fs(d)40 b Fu(then)31 b Fs(d)41
+b Fu(is)30 b(unique.)p 0 2902 V 0 3148 a Fw(Pro)s(of:)51
+b Fu(Assume)45 b(that)g Fs(D)53 b Fu(has)45 b(t)m(w)m(o)g(least)f
+(elemen)m(ts)h Fs(d)2171 3163 y Fn(1)2255 3148 y Fu(and)g
+Fs(d)2517 3163 y Fn(2)2556 3148 y Fu(.)80 b(Since)44
+b Fs(d)2989 3163 y Fn(1)3074 3148 y Fu(is)g(a)g(least)0
+3269 y(elemen)m(t)34 b(w)m(e)h(ha)m(v)m(e)g Fs(d)793
+3284 y Fn(1)867 3269 y Ft(v)f Fs(d)1038 3284 y Fn(2)1078
+3269 y Fu(.)48 b(Since)34 b Fs(d)1469 3284 y Fn(2)1543
+3269 y Fu(is)f(a)h(least)g(elemen)m(t)f(w)m(e)i(also)f(ha)m(v)m(e)h
+Fs(d)2945 3284 y Fn(2)3019 3269 y Ft(v)f Fs(d)3190 3284
+y Fn(1)3230 3269 y Fu(.)47 b(The)0 3389 y(an)m(ti-symmetry)32
+b(of)g(the)h(ordering)e Ft(v)i Fu(then)h(giv)m(es)f(that)f
+Fs(d)2160 3404 y Fn(1)2232 3389 y Fu(=)h Fs(d)2401 3404
+y Fn(2)2440 3389 y Fu(.)931 b Fh(2)146 3601 y Fu(This)30
+b(fact)g(p)s(ermits)f(us)i(to)f(talk)f(ab)s(out)g Fs(the)38
+b Fu(least)29 b(elemen)m(t)h(of)g Fs(D)9 b Fu(,)30 b(if)f(one)h
+(exists,)h(and)f(w)m(e)0 3721 y(shall)h(denote)i(it)f(b)m(y)i
+Ft(?)853 3736 y Fc(D)950 3721 y Fu(or)e(simply)f Ft(?)i
+Fu(\(pronounced)h(\\b)s(ottom"\).)0 4018 y Fw(Example)j(4.10)49
+b Fu(Let)32 b Fs(S)45 b Fu(b)s(e)32 b(a)h(non-empt)m(y)f(set)i(and)e
+(de\014ne)244 4264 y Ft(P)8 b Fu(\()p Fs(S)k Fu(\))33
+b(=)f Ft(f)g Fs(K)47 b Ft(j)32 b Fs(K)47 b Ft(\022)33
+b Fs(S)45 b Ft(g)0 4510 y Fu(Then)34 b(\()p Ft(P)8 b
+Fu(\()p Fs(S)k Fu(\),)32 b Ft(\022)q Fu(\))g(is)g(a)h(partially)d
+(ordered)j(set)g(b)s(ecause)145 4756 y Ft(\017)49 b(\022)33
+b Fu(is)f(re\015exiv)m(e:)45 b Fs(K)i Ft(\022)33 b Fs(K)145
+5002 y Ft(\017)49 b(\022)33 b Fu(is)f(transitiv)m(e:)43
+b(if)31 b Fs(K)1103 5017 y Fn(1)1175 5002 y Ft(\022)i
+Fs(K)1375 5017 y Fn(2)1446 5002 y Fu(and)g Fs(K)1726
+5017 y Fn(2)1797 5002 y Ft(\022)g Fs(K)1997 5017 y Fn(3)2069
+5002 y Fu(then)g Fs(K)2381 5017 y Fn(1)2452 5002 y Ft(\022)g
+Fs(K)2652 5017 y Fn(3)145 5248 y Ft(\017)49 b(\022)33
+b Fu(is)f(an)m(ti-symmetric:)41 b(if)32 b Fs(K)1342 5263
+y Fn(1)1413 5248 y Ft(\022)h Fs(K)1613 5263 y Fn(2)1685
+5248 y Fu(and)f Fs(K)1964 5263 y Fn(2)2036 5248 y Ft(\022)h
+Fs(K)2236 5263 y Fn(1)2307 5248 y Fu(then)g Fs(K)2619
+5263 y Fn(1)2691 5248 y Fu(=)f Fs(K)2889 5263 y Fn(2)0
+5494 y Fu(In)h(the)g(case)g(where)h Fs(S)45 b Fu(=)32
+b Ft(f)p Fu(a,b,c)p Ft(g)h Fu(the)g(ordering)e(can)i(b)s(e)g(depicted)g
+(as)g(follo)m(ws:)p eop
+%%Page: 96 106
+96 105 bop 251 130 a Fw(96)2034 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 1696 540 a Ft(\017)130
+b(f)p Fu(a,b,c)p Ft(g)1032 872 y(\017)g(f)p Fu(a,b)p
+Ft(g)254 b(\017)130 b(f)p Fu(a,c)p Ft(g)266 b(\017)130
+b(f)p Fu(b,c)p Ft(g)1032 1204 y(\017)g(f)p Fu(a)p Ft(g)335
+b(\017)130 b(f)p Fu(b)p Ft(g)331 b(\017)130 b(f)p Fu(c)p
+Ft(g)1696 1537 y(\017)g(;)1605 1503 y Fq(H)1522 1462
+y(H)1439 1420 y(H)1356 1379 y(H)1273 1337 y(H)1190 1296
+y(H)1107 1254 y(H)1082 1242 y(H)p 1720 1478 4 266 v 1746
+1503 a(\010)1829 1462 y(\010)1912 1420 y(\010)1995 1379
+y(\010)2078 1337 y(\010)2161 1296 y(\010)2244 1254 y(\010)2269
+1242 y(\010)p 1056 1146 V 1082 1171 a(\010)1165 1130
+y(\010)1248 1088 y(\010)1331 1047 y(\010)1414 1005 y(\010)1497
+964 y(\010)1580 922 y(\010)1605 910 y(\010)1605 1171
+y(H)1522 1130 y(H)1439 1088 y(H)1356 1047 y(H)1273 1005
+y(H)1190 964 y(H)1107 922 y(H)1082 910 y(H)1746 1171
+y(\010)1829 1130 y(\010)1912 1088 y(\010)1995 1047 y(\010)2078
+1005 y(\010)2161 964 y(\010)2244 922 y(\010)2269 910
+y(\010)2269 1171 y(H)2186 1130 y(H)2103 1088 y(H)2020
+1047 y(H)1937 1005 y(H)1854 964 y(H)1771 922 y(H)1746
+910 y(H)p 2384 1146 V 1082 839 a(\010)1165 798 y(\010)1248
+756 y(\010)1331 715 y(\010)1414 673 y(\010)1497 632 y(\010)1580
+590 y(\010)1605 578 y(\010)p 1720 814 V 2269 839 a(H)2186
+798 y(H)2103 756 y(H)2020 715 y(H)1937 673 y(H)1854 632
+y(H)1771 590 y(H)1746 578 y(H)283 1816 y Fu(Also,)33
+b(\()p Ft(P)8 b Fu(\()p Fs(S)k Fu(\),)32 b Ft(\022)q
+Fu(\))g(has)h(a)f(least)h(elemen)m(t,)f(namely)g Ft(;)p
+Fu(.)1398 b Fh(2)283 2059 y Fw(Exercise)37 b(4.11)49
+b Fu(Sho)m(w)32 b(that)g(\()p Ft(P)8 b Fu(\()p Fs(S)k
+Fu(\),)31 b Ft(\023)q Fu(\))g(is)h(a)f(partially)e(ordered)j(set)g(and)
+g(determine)f(the)283 2180 y(least)i(elemen)m(t.)43 b(Dra)m(w)32
+b(a)h(picture)f(of)g(the)h(ordering)f(when)i Fs(S)44
+b Fu(=)33 b Ft(f)p Fu(a,b,c)p Ft(g)p Fu(.)644 b Fh(2)283
+2423 y Fw(Exercise)37 b(4.12)49 b Fu(Let)33 b Fs(S)44
+b Fu(b)s(e)33 b(a)f(non-empt)m(y)h(set)g(and)g(de\014ne)527
+2637 y Ft(P)605 2652 y Fn(\014n)687 2637 y Fu(\()p Fs(S)12
+b Fu(\))33 b(=)f Ft(f)g Fs(K)47 b Ft(j)32 b Fs(K)47 b
+Fu(is)33 b(\014nite)f(and)g Fs(K)47 b Ft(\022)33 b Fs(S)45
+b Ft(g)283 2852 y Fu(V)-8 b(erify)47 b(that)f(\()p Ft(P)926
+2867 y Fn(\014n)1008 2852 y Fu(\()p Fs(S)12 b Fu(\),)47
+b Ft(\022)p Fu(\))g(and)g(\()p Ft(P)1706 2867 y Fn(\014n)1789
+2852 y Fu(\()p Fs(S)12 b Fu(\),)46 b Ft(\023)p Fu(\))h(are)g(partially)
+d(ordered)j(sets.)87 b(Do)46 b(b)s(oth)283 2972 y(partially)30
+b(ordered)k(sets)f(ha)m(v)m(e)h(a)f(least)f(elemen)m(t)g(for)g(all)f(c)
+m(hoices)i(of)f Fs(S)12 b Fu(?)730 b Fh(2)p 283 3216
+3473 5 v 283 3403 a Fw(Lemma)38 b(4.13)49 b Fu(\()p Fw(State)22
+b Fo(,)-17 b Ft(!)22 b Fw(State)p Fu(,)45 b Ft(v)q Fu(\))22
+b(is)g(a)g(partially)e(ordered)j(set.)41 b(The)23 b(partial)d(function)
+283 3523 y Ft(?)q Fu(:)43 b Fw(State)33 b Fo(,)-17 b
+Ft(!)33 b Fw(State)f Fu(de\014ned)i(b)m(y)527 3737 y
+Ft(?)f Fs(s)41 b Fu(=)32 b(undef)p 826 3750 236 4 v 34
+w(for)g(all)e Fs(s)283 3952 y Fu(is)j(the)g(least)f(elemen)m(t)g(of)g
+Fw(State)h Fo(,)-17 b Ft(!)32 b Fw(State)p Fu(.)p 283
+4072 3473 5 v 283 4286 a Fw(Pro)s(of:)g Fu(W)-8 b(e)27
+b(shall)f(\014rst)i(pro)m(v)m(e)h(that)e Ft(v)h Fu(ful\014ls)e(the)h
+(three)h(requiremen)m(ts)h(to)e(a)g(partial)e(order:)283
+4407 y(Clearly)-8 b(,)43 b Fs(g)49 b Ft(v)42 b Fs(g)49
+b Fu(holds)41 b(b)s(ecause)h Fs(g)50 b(s)f Fu(=)41 b
+Fs(s)1941 4371 y Fi(0)2005 4407 y Fu(trivially)d(implies)g(that)j
+Fs(g)50 b(s)f Fu(=)41 b Fs(s)3290 4371 y Fi(0)3354 4407
+y Fu(so)g Ft(v)h Fu(is)e(a)283 4527 y Fs(r)-5 b(e\015exive)40
+b Fu(ordering.)430 4650 y(T)-8 b(o)30 b(see)h(that)f(it)f(is)h(a)g
+Fs(tr)-5 b(ansitive)37 b Fu(ordering)29 b(assume)i(that)f
+Fs(g)2617 4665 y Fn(1)2686 4650 y Ft(v)h Fs(g)2848 4665
+y Fn(2)2917 4650 y Fu(and)f Fs(g)3158 4665 y Fn(2)3227
+4650 y Ft(v)g Fs(g)3388 4665 y Fn(3)3458 4650 y Fu(and)g(w)m(e)283
+4770 y(shall)j(pro)m(v)m(e)i(that)f Fs(g)1044 4785 y
+Fn(1)1117 4770 y Ft(v)h Fs(g)1283 4785 y Fn(3)1322 4770
+y Fu(.)48 b(Assume)35 b(that)f Fs(g)2027 4785 y Fn(1)2100
+4770 y Fs(s)42 b Fu(=)33 b Fs(s)2339 4734 y Fi(0)2363
+4770 y Fu(.)48 b(F)-8 b(rom)32 b Fs(g)2749 4785 y Fn(1)2822
+4770 y Ft(v)j Fs(g)2988 4785 y Fn(2)3061 4770 y Fu(w)m(e)g(get)f
+Fs(g)3424 4785 y Fn(2)3496 4770 y Fs(s)40 b Fu(=)33 b
+Fs(s)3733 4734 y Fi(0)283 4890 y Fu(and)g(then)g Fs(g)749
+4905 y Fn(2)821 4890 y Ft(v)g Fs(g)985 4905 y Fn(3)1056
+4890 y Fu(giv)m(es)g(that)g Fs(g)1561 4905 y Fn(3)1632
+4890 y Fs(s)41 b Fu(=)32 b Fs(s)1869 4854 y Fi(0)1893
+4890 y Fu(.)430 5013 y(T)-8 b(o)32 b(see)h(that)f(it)f(is)g(an)h
+Fs(anti-symmetric)37 b Fu(ordering)31 b(assume)i(that)e
+Fs(g)2934 5028 y Fn(1)3005 5013 y Ft(v)i Fs(g)3169 5028
+y Fn(2)3240 5013 y Fu(and)f Fs(g)3483 5028 y Fn(2)3554
+5013 y Ft(v)g Fs(g)3717 5028 y Fn(1)283 5133 y Fu(and)40
+b(w)m(e)g(shall)d(then)j(pro)m(v)m(e)g(that)f Fs(g)1634
+5148 y Fn(1)1712 5133 y Fu(=)g Fs(g)1881 5148 y Fn(2)1920
+5133 y Fu(.)62 b(Assume)40 b(that)f Fs(g)2649 5148 y
+Fn(1)2727 5133 y Fs(s)47 b Fu(=)39 b Fs(s)2977 5097 y
+Fi(0)3000 5133 y Fu(.)63 b(Then)40 b Fs(g)3405 5148 y
+Fn(2)3483 5133 y Fs(s)47 b Fu(=)39 b Fs(s)3733 5097 y
+Fi(0)283 5254 y Fu(follo)m(ws)31 b(from)g Fs(g)887 5269
+y Fn(1)957 5254 y Ft(v)i Fs(g)1121 5269 y Fn(2)1191 5254
+y Fu(so)f Fs(g)1364 5269 y Fn(1)1435 5254 y Fu(and)g
+Fs(g)1678 5269 y Fn(2)1749 5254 y Fu(are)f(equal)h(on)g
+Fs(s)8 b Fu(.)43 b(If)32 b Fs(g)2571 5269 y Fn(1)2642
+5254 y Fs(s)39 b Fu(=)32 b(undef)p 2829 5267 236 4 v
+33 w(then)g(it)f(m)m(ust)h(b)s(e)283 5374 y(the)i(case)g(that)f
+Fs(g)925 5389 y Fn(2)997 5374 y Fs(s)41 b Fu(=)33 b(undef)p
+1187 5387 V 34 w(since)h(otherwise)f Fs(g)2184 5389 y
+Fn(2)2256 5374 y Fs(s)42 b Fu(=)32 b Fs(s)2494 5338 y
+Fi(0)2551 5374 y Fu(and)h(the)h(assumption)e Fs(g)3480
+5389 y Fn(2)3552 5374 y Ft(v)i Fs(g)3717 5389 y Fn(1)283
+5494 y Fu(then)g(giv)m(es)f Fs(g)799 5509 y Fn(1)870
+5494 y Fs(s)41 b Fu(=)32 b Fs(s)1107 5458 y Fi(0)1163
+5494 y Fu(whic)m(h)h(is)f(a)h(con)m(tradiction.)42 b(Th)m(us)34
+b Fs(g)2554 5509 y Fn(1)2626 5494 y Fu(and)e Fs(g)2869
+5509 y Fn(2)2941 5494 y Fu(will)e(b)s(e)j(equal)f(on)h
+Fs(s)8 b Fu(.)p eop
+%%Page: 97 107
+97 106 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2183
+b(97)p 0 193 3473 4 v 146 515 a Fu(Finally)-8 b(,)39
+b(w)m(e)i(shall)e(pro)m(v)m(e)i(that)e Ft(?)i Fu(is)e(the)h
+Fs(le)-5 b(ast)42 b(element)48 b Fu(of)40 b Fw(State)g
+Fo(,)-17 b Ft(!)40 b Fw(State)p Fu(.)65 b(It)40 b(is)0
+636 y(easy)35 b(to)f(see)h(that)f Ft(?)h Fu(is)e(indeed)i(an)f(elemen)m
+(t)g(of)f Fw(State)i Fo(,)-17 b Ft(!)34 b Fw(State)g
+Fu(and)g(it)f(is)h(also)f(ob)m(vious)0 756 y(that)f Ft(?)h(v)g
+Fs(g)41 b Fu(holds)33 b(for)f(all)e Fs(g)41 b Fu(since)33
+b Ft(?)g Fs(s)41 b Fu(=)32 b Fs(s)1729 720 y Fi(0)1785
+756 y Fu(v)-5 b(acuously)33 b(implies)d(that)j Fs(g)41
+b(s)f Fu(=)33 b Fs(s)3096 720 y Fi(0)3119 756 y Fu(.)252
+b Fh(2)146 960 y Fu(Ha)m(ving)27 b(in)m(tro)s(duced)g(an)g(ordering)f
+(on)h(the)h(partial)c(functions)j(w)m(e)h(can)g(no)m(w)f(giv)m(e)g(a)g
+(more)0 1080 y(precise)33 b(statemen)m(t)g(of)f(the)h(requiremen)m(ts)h
+(to)e(FIX)h Fs(F)13 b Fu(:)145 1265 y Ft(\017)49 b Fu(FIX)32
+b Fs(F)46 b Fu(is)32 b(a)g Fs(\014xe)-5 b(d)34 b(p)-5
+b(oint)42 b Fu(of)32 b Fs(F)13 b Fu(,)33 b(that)f(is)g
+Fs(F)13 b Fu(\(FIX)33 b Fs(F)13 b Fu(\))32 b(=)g(FIX)h
+Fs(F)13 b Fu(,)33 b(and)145 1462 y Ft(\017)49 b Fu(FIX)32
+b Fs(F)46 b Fu(is)32 b(a)g Fs(le)-5 b(ast)42 b Fu(\014xed)34
+b(p)s(oin)m(t)e(of)g Fs(F)13 b Fu(,)32 b(that)h(is)458
+1660 y(if)f Fs(F)45 b(g)c Fu(=)33 b Fs(g)41 b Fu(then)33
+b(FIX)g Fs(F)45 b Ft(v)33 b Fs(g)9 b Fu(.)0 1902 y Fw(Exercise)36
+b(4.14)49 b Fu(By)30 b(analogy)e(with)h(F)-8 b(act)28
+b(4.9)h(sho)m(w)h(that)f(if)f Fs(F)42 b Fu(has)29 b(a)g(least)g
+(\014xed)h(p)s(oin)m(t)e Fs(g)3433 1917 y Fn(0)0 2023
+y Fu(then)33 b Fs(g)276 2038 y Fn(0)348 2023 y Fu(is)f(unique.)2641
+b Fh(2)146 2227 y Fu(The)30 b(next)f(task)h(will)c(b)s(e)j(to)f(ensure)
+i(that)f(all)d(functionals)i Fs(F)41 b Fu(that)29 b(ma)m(y)f(arise)g
+(do)h(indeed)0 2347 y(ha)m(v)m(e)37 b(least)d(\014xed)j(p)s(oin)m(ts.)
+51 b(W)-8 b(e)35 b(shall)f(do)h(so)h(b)m(y)g(dev)m(eloping)f(a)g
+(general)f(theory)i(that)f(giv)m(es)0 2467 y(more)h(structure)h(to)f
+(the)g(partially)e(ordered)j(sets)g(and)g(that)f(imp)s(oses)f
+(restrictions)h(on)g(the)0 2588 y(functionals)31 b(so)i(that)g(they)g
+(ha)m(v)m(e)h(least)e(\014xed)i(p)s(oin)m(ts.)0 2792
+y Fw(Exercise)i(4.15)49 b Fu(Determine)37 b(the)h(least)f(\014xed)i(p)s
+(oin)m(ts)f(of)f(the)h(functionals)f(considered)h(in)0
+2912 y(Exercises)c(4.2)f(and)f(4.3.)43 b(Compare)33 b(with)f(Exercises)
+i(4.4)e(and)h(4.5.)873 b Fh(2)0 3198 y Fp(Complete)46
+b(partially)h(ordered)e(sets)0 3383 y Fu(Consider)38
+b(a)e(partially)f(ordered)j(set)g(\()p Fs(D)9 b Fu(,)37
+b Ft(v)p Fu(\))g(and)g(assume)h(that)f(w)m(e)h(ha)m(v)m(e)h(a)d(subset)
+j Fs(Y)57 b Fu(of)0 3503 y Fs(D)9 b Fu(.)31 b(W)-8 b(e)32
+b(shall)d(b)s(e)j(in)m(terested)g(in)e(an)h(elemen)m(t)g(of)g
+Fs(D)40 b Fu(that)31 b(summarizes)f(all)f(the)j(information)0
+3623 y(of)c Fs(Y)48 b Fu(and)29 b(this)f(is)g(called)g(an)g
+Fs(upp)-5 b(er)31 b(b)-5 b(ound)39 b Fu(of)28 b Fs(Y)20
+b Fu(;)28 b(formally)-8 b(,)27 b(it)h(is)g(an)g(elemen)m(t)h
+Fs(d)38 b Fu(of)28 b Fs(D)38 b Fu(suc)m(h)0 3744 y(that)244
+3929 y Ft(8)p Fs(d)359 3893 y Fi(0)415 3929 y Ft(2)33
+b Fs(Y)20 b Fu(.)32 b Fs(d)725 3893 y Fi(0)781 3929 y
+Ft(v)h Fs(d)0 4114 y Fu(An)g(upp)s(er)g(b)s(ound)g Fs(d)42
+b Fu(of)32 b Fs(Y)53 b Fu(is)32 b(a)g Fs(le)-5 b(ast)35
+b(upp)-5 b(er)34 b(b)-5 b(ound)33 b Fu(if)e(and)i(only)f(if)244
+4299 y Fs(d)304 4263 y Fi(0)360 4299 y Fu(is)g(an)g(upp)s(er)i(b)s
+(ound)e(of)g Fs(Y)53 b Fu(implies)30 b(that)i Fs(d)43
+b Ft(v)33 b Fs(d)2214 4263 y Fi(0)0 4485 y Fu(Th)m(us)i(a)f(least)g
+(upp)s(er)g(b)s(ound)g(of)g Fs(Y)53 b Fu(will)32 b(add)i(as)g(little)d
+(extra)k(information)30 b(as)k(p)s(ossible)g(to)0 4605
+y(that)e(already)g(presen)m(t)j(in)d(the)h(elemen)m(ts)f(of)h
+Fs(Y)19 b Fu(.)0 4809 y Fw(Exercise)36 b(4.16)49 b Fu(By)31
+b(analogy)f(with)g(F)-8 b(act)30 b(4.9)g(sho)m(w)h(that)g(if)e
+Fs(Y)50 b Fu(has)31 b(a)f(least)g(upp)s(er)h(b)s(ound)0
+4929 y Fs(d)43 b Fu(then)33 b Fs(d)43 b Fu(is)32 b(unique.)2581
+b Fh(2)146 5133 y Fu(If)37 b Fs(Y)56 b Fu(has)37 b(a)f(\(necessarily)h
+(unique\))g(least)f(upp)s(er)h(b)s(ound)g(w)m(e)g(shall)e(denote)j(it)d
+(b)m(y)3284 5067 y Fg(F)3354 5133 y Fs(Y)19 b Fu(.)0
+5254 y(Finally)-8 b(,)30 b(a)i(subset)i Fs(Y)52 b Fu(is)32
+b(called)f(a)i Fs(chain)39 b Fu(if)31 b(it)g(is)h(consisten)m(t)i(in)d
+(the)i(sense)i(that)d(if)f(w)m(e)j(tak)m(e)0 5374 y(an)m(y)28
+b(t)m(w)m(o)f(elemen)m(ts)g(of)g Fs(Y)46 b Fu(then)27
+b(one)h(will)c(share)k(its)e(information)e(with)i(the)h(other;)i
+(formally)-8 b(,)0 5494 y(this)32 b(is)g(expressed)k(b)m(y)p
+eop
+%%Page: 98 108
+98 107 bop 251 130 a Fw(98)2034 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(8)q Fs(d)643
+530 y Fn(1)682 515 y Fu(,)d Fs(d)802 530 y Fn(2)874 515
+y Ft(2)g Fs(Y)20 b Fu(.)32 b Fs(d)1184 530 y Fn(1)1256
+515 y Ft(v)h Fs(d)1426 530 y Fn(2)1498 515 y Fu(or)g
+Fs(d)1678 530 y Fn(2)1750 515 y Ft(v)g Fs(d)1920 530
+y Fn(1)283 758 y Fw(Example)k(4.17)49 b Fu(Consider)d(the)g(partially)d
+(ordered)j(set)g(\()p Ft(P)9 b Fu(\()p Ft(f)p Fu(a,b,c)p
+Ft(g)p Fu(\),)48 b Ft(\022)q Fu(\))d(of)g(Example)283
+879 y(4.10.)e(Then)34 b(the)f(subset)527 1091 y Fs(Y)619
+1106 y Fn(0)691 1091 y Fu(=)f Ft(f)h(;)o Fu(,)g Ft(f)p
+Fu(a)p Ft(g)p Fu(,)f Ft(f)p Fu(a,c)p Ft(g)g(g)283 1304
+y Fu(is)i(a)f(c)m(hain.)48 b(Both)33 b Ft(f)p Fu(a,b,c)p
+Ft(g)h Fu(and)g Ft(f)p Fu(a,c)p Ft(g)g Fu(are)g(upp)s(er)g(b)s(ounds)h
+(of)e Fs(Y)2775 1319 y Fn(0)2848 1304 y Fu(and)h Ft(f)p
+Fu(a,c)p Ft(g)g Fu(is)f(the)h(least)283 1424 y(upp)s(er)k(b)s(ound.)55
+b(The)38 b(elemen)m(t)e Ft(f)p Fu(a,b)p Ft(g)g Fu(is)g
+Fs(not)46 b Fu(an)37 b(upp)s(er)g(b)s(ound)g(b)s(ecause)h
+Ft(f)p Fu(a,c)p Ft(g)e(6\022)h(f)p Fu(a,b)p Ft(g)p Fu(.)283
+1545 y(In)e(general,)f(the)g(least)g(upp)s(er)h(b)s(ound)f(of)g(a)f
+(non-empt)m(y)i(c)m(hain)f(in)f Ft(P)8 b Fu(\()p Ft(f)p
+Fu(a,b,c)p Ft(g)p Fu(\))34 b(will)e(b)s(e)i(the)283 1665
+y(largest)e(elemen)m(t)h(of)f(the)h(c)m(hain.)430 1787
+y(The)47 b(subset)i Ft(f)d(;)p Fu(,)k Ft(f)p Fu(a)p Ft(g)p
+Fu(,)g Ft(f)p Fu(c)p Ft(g)p Fu(,)h Ft(f)p Fu(a,c)p Ft(g)46
+b(g)h Fu(is)f Fs(not)56 b Fu(a)46 b(c)m(hain)h(b)s(ecause)h
+Ft(f)p Fu(a)p Ft(g)e Fu(and)h Ft(f)p Fu(c)p Ft(g)g Fu(are)283
+1908 y(unrelated)42 b(b)m(y)g(the)g(ordering.)69 b(Ho)m(w)m(ev)m(er,)46
+b(it)40 b(do)s(es)i(ha)m(v)m(e)h(a)e(least)g(upp)s(er)h(b)s(ound,)i
+(namely)283 2028 y Ft(f)p Fu(a,c)p Ft(g)p Fu(.)430 2150
+y(The)35 b Fs(subset)43 b Ft(;)34 b Fu(of)g Ft(P)8 b
+Fu(\()p Ft(f)p Fu(a,b,c)p Ft(g)p Fu(\))34 b(is)g(a)g(c)m(hain)g(and)g
+(it)f(has)i(an)m(y)g(elemen)m(t)e(of)h Ft(P)9 b Fu(\()p
+Ft(f)p Fu(a,b,c)p Ft(g)p Fu(\))34 b(as)283 2271 y(an)f(upp)s(er)g(b)s
+(ound.)44 b(Its)33 b(least)f(upp)s(er)h(b)s(ound)g(is)f(the)h
+Fs(element)41 b Ft(;)p Fu(.)981 b Fh(2)283 2512 y Fw(Exercise)37
+b(4.18)49 b Fu(Let)37 b Fs(S)49 b Fu(b)s(e)37 b(a)g(non-empt)m(y)h(set)
+f(and)h(consider)f(the)h(partially)c(ordered)k(set)283
+2632 y(\()p Ft(P)9 b Fu(\()p Fs(S)j Fu(\),)33 b Ft(\022)p
+Fu(\).)45 b(Sho)m(w)34 b(that)f(ev)m(ery)i(subset)f(of)f
+Ft(P)8 b Fu(\()p Fs(S)k Fu(\))33 b(has)g(a)g(least)g(upp)s(er)g(b)s
+(ound.)45 b(Rep)s(eat)33 b(the)283 2753 y(exercise)h(for)e(the)h
+(partially)d(ordered)k(set)f(\()p Ft(P)8 b Fu(\()p Fs(S)k
+Fu(\),)33 b Ft(\023)p Fu(\).)1362 b Fh(2)283 2994 y Fw(Exercise)37
+b(4.19)49 b Fu(Let)37 b Fs(S)49 b Fu(b)s(e)37 b(a)g(non-empt)m(y)h(set)
+f(and)h(consider)f(the)h(partially)c(ordered)k(set)283
+3114 y(\()p Ft(P)399 3129 y Fn(\014n)481 3114 y Fu(\()p
+Fs(S)12 b Fu(\),)31 b Ft(\022)q Fu(\))f(as)i(de\014ned)g(in)e(Exercise)
+j(4.12.)42 b(Sho)m(w)32 b(b)m(y)g(means)f(of)f(an)h(example)f(that)h
+(there)283 3234 y(are)45 b(c)m(hoices)h(of)e Fs(S)57
+b Fu(suc)m(h)46 b(that)f(\()p Ft(P)1605 3249 y Fn(\014n)1688
+3234 y Fu(\()p Fs(S)12 b Fu(\),)44 b Ft(\022)q Fu(\))h(has)g(a)f(c)m
+(hain)h(with)g(no)f(upp)s(er)i(b)s(ound)f(and)283 3355
+y(therefore)34 b(no)e(least)g(upp)s(er)h(b)s(ound.)2051
+b Fh(2)283 3596 y Fw(Example)37 b(4.20)49 b Fu(Let)33
+b Fs(g)1223 3611 y Fn(n)1266 3596 y Fu(:)43 b Fw(State)33
+b Fo(,)-17 b Ft(!)32 b Fw(State)h Fu(b)s(e)g(de\014ned)h(b)m(y)527
+3969 y Fs(g)581 3984 y Fn(n)657 3969 y Fs(s)40 b Fu(=)846
+3719 y Fg(8)846 3794 y(>)846 3819 y(>)846 3844 y(>)846
+3869 y(<)846 4018 y(>)846 4043 y(>)846 4068 y(>)846 4093
+y(:)961 3800 y Fu(undef)p 961 3813 236 4 v 235 w(if)31
+b Fs(s)41 b Fr(x)33 b Fo(>)f Fu(n)961 3968 y Fs(s)8 b
+Fu([)p Fr(x)p Ft(7!\000)p Fw(1)p Fu(])84 b(if)31 b Fw(0)i
+Ft(\024)g Fs(s)40 b Fr(x)33 b Fu(and)g Fs(s)40 b Fr(x)33
+b Ft(\024)g Fu(n)961 4135 y Fs(s)430 b Fu(if)31 b Fs(s)41
+b Fr(x)33 b Fo(<)f Fw(0)283 4341 y Fu(It)38 b(is)f(straigh)m(tforw)m
+(ard)g(to)g(v)m(erify)h(that)f Fs(g)1858 4356 y Fn(n)1939
+4341 y Ft(v)h Fs(g)2108 4356 y Fn(m)2208 4341 y Fu(whenev)m(er)i(n)e
+Ft(\024)f Fu(m)g(b)s(ecause)i Fs(g)3386 4356 y Fn(n)3466
+4341 y Fu(will)d(b)s(e)283 4462 y(unde\014ned)f(for)d(more)g(states)h
+(than)g Fs(g)1680 4477 y Fn(m)1742 4462 y Fu(.)44 b(No)m(w)33
+b(de\014ne)h Fs(Y)2408 4477 y Fn(0)2480 4462 y Fu(to)f(b)s(e)527
+4674 y Fs(Y)619 4689 y Fn(0)691 4674 y Fu(=)f Ft(f)h
+Fs(g)936 4689 y Fn(n)1011 4674 y Ft(j)f Fu(n)h Ft(\025)g
+Fu(0)f Ft(g)283 4887 y Fu(Then)i Fs(Y)630 4902 y Fn(0)702
+4887 y Fu(is)e(a)g(c)m(hain)h(b)s(ecause)h Fs(g)1554
+4902 y Fn(n)1629 4887 y Ft(v)f Fs(g)1793 4902 y Fn(m)1888
+4887 y Fu(whenev)m(er)i(n)e Ft(\024)g Fu(m.)43 b(The)33
+b(partial)d(function)527 5181 y Fs(g)41 b(s)g Fu(=)802
+5007 y Fg(8)802 5081 y(<)802 5231 y(:)918 5096 y Fs(s)8
+b Fu([)p Fr(x)p Ft(7!\000)p Fw(1)p Fu(])83 b(if)32 b
+Fw(0)g Ft(\024)h Fs(s)41 b Fr(x)918 5264 y Fs(s)429 b
+Fu(if)32 b Fs(s)40 b Fr(x)33 b Fo(<)g Fw(0)283 5475 y
+Fu(is)g(the)g(least)f(upp)s(er)h(b)s(ound)g(of)f Fs(Y)19
+b Fu(.)2094 b Fh(2)p eop
+%%Page: 99 109
+99 108 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2183
+b(99)p 0 193 3473 4 v 0 515 a(Exercise)36 b(4.21)49 b
+Fu(Construct)e(a)f(subset)h Fs(Y)66 b Fu(of)45 b Fw(State)h
+Fo(,)-17 b Ft(!)46 b Fw(State)g Fu(suc)m(h)h(that)f Fs(Y)65
+b Fu(has)46 b(no)0 636 y(upp)s(er)33 b(b)s(ound)g(and)g(hence)h(no)e
+(least)g(upp)s(er)h(b)s(ound.)1420 b Fh(2)0 826 y Fw(Exercise)36
+b(4.22)49 b Fu(Let)33 b Fs(g)920 841 y Fn(n)996 826 y
+Fu(b)s(e)f(the)h(partial)e(function)h(de\014ned)i(b)m(y)244
+1083 y Fs(g)298 1098 y Fn(n)373 1083 y Fs(s)41 b Fu(=)562
+909 y Fg(8)562 983 y(<)562 1133 y(:)678 998 y Fs(s)8
+b Fu([)p Fr(y)p Ft(7!)p Fu(\()p Fs(s)40 b Fr(x)p Fu(\)!][)p
+Fr(x)p Ft(7!)q Fw(1)p Fu(])83 b(if)31 b Fw(0)i Fo(<)f
+Fs(s)41 b Fr(x)33 b Fu(and)f Fs(s)41 b Fr(x)33 b Ft(\024)g
+Fu(n)678 1166 y(undef)p 678 1179 236 4 v 597 w(if)e Fs(s)41
+b Fr(x)33 b Ft(\024)g Fw(0)f Fu(or)g Fs(s)41 b Fr(x)33
+b Fo(>)f Fu(n)0 1345 y(\(where)h Fo(m)p Fu(!)f(denotes)h(the)f
+(factorial)d(of)i Fo(m)p Fu(.\))44 b(De\014ne)32 b Fs(Y)2060
+1360 y Fn(0)2131 1345 y Fu(=)f Ft(f)g Fs(g)2373 1360
+y Fn(n)2448 1345 y Ft(j)g Fu(n)h Ft(\025)g Fu(0)g Ft(g)f
+Fu(and)h(sho)m(w)h(that)0 1466 y(it)d(is)h(a)g(c)m(hain.)43
+b(Characterize)32 b(the)f(upp)s(er)h(b)s(ounds)g(of)f
+Fs(Y)2119 1481 y Fn(0)2190 1466 y Fu(and)g(determine)g(the)h(least)f
+(upp)s(er)0 1586 y(b)s(ound.)3103 b Fh(2)146 1777 y Fu(A)33
+b(partially)d(ordered)k(set)g(\()p Fs(D)9 b Fu(,)32 b
+Ft(v)q Fu(\))h(is)f(called)g(a)g Fs(chain)j(c)-5 b(omplete)39
+b Fu(partially)30 b(ordered)k(set)0 1897 y(\(abbreviated)j
+Fs(c)-5 b(cp)g(o)p Fu(\))36 b(whenev)m(er)1262 1831 y
+Fg(F)1331 1897 y Fs(Y)56 b Fu(exists)74 b(for)36 b(all)e(c)m(hains)j
+Fs(Y)20 b Fu(.)37 b(It)f(is)g(a)h Fs(c)-5 b(omplete)37
+b(lattic)-5 b(e)0 2017 y Fu(if)89 1951 y Fg(F)159 2017
+y Fs(Y)52 b Fu(exists)33 b(for)f(all)f(subsets)j Fs(Y)52
+b Fu(of)33 b Fs(D)9 b Fu(.)0 2208 y Fw(Example)37 b(4.23)49
+b Fu(Exercise)35 b(4.18)f(sho)m(ws)i(that)e(\()p Ft(P)8
+b Fu(\()p Fs(S)k Fu(\),)34 b Ft(\022)q Fu(\))g(and)h(\()p
+Ft(P)8 b Fu(\()p Fs(S)k Fu(\),)34 b Ft(\023)q Fu(\))g(are)g(complete)0
+2328 y(lattices,)51 b(and)d(hence)h(ccp)s(o's,)k(for)47
+b(all)f(non-empt)m(y)i(sets)i Fs(S)12 b Fu(.)47 b(Exercise)j(4.19)d
+(sho)m(ws)j(that)0 2449 y(\()p Ft(P)115 2464 y Fn(\014n)198
+2449 y Fu(\()p Fs(S)12 b Fu(\),)32 b Ft(\022)q Fu(\))g(need)i(not)e(b)s
+(e)h(a)f(complete)g(lattice)f(nor)i(a)f(ccp)s(o.)1051
+b Fh(2)p 0 2639 3473 5 v 0 2785 a Fw(F)-9 b(act)37 b(4.24)49
+b Fu(If)33 b(\()p Fs(D)9 b Fu(,)32 b Ft(v)q Fu(\))g(is)g(a)h(ccp)s(o)g
+(then)g(it)e(has)i(a)g(least)f(elemen)m(t)g Ft(?)h Fu(giv)m(en)g(b)m(y)
+g Ft(?)q Fu(=)3174 2719 y Fg(F)3243 2785 y Ft(;)p Fu(.)p
+0 2906 V 0 3081 a Fw(Pro)s(of:)k Fu(It)c(is)f(straigh)m(tforw)m(ard)g
+(to)h(c)m(hec)m(k)h(that)f Ft(;)f Fu(is)g(a)h(c)m(hain)f(and)h(since)g
+(\()p Fs(D)9 b Fu(,)33 b Ft(v)p Fu(\))g(is)f(a)g(ccp)s(o)0
+3201 y(w)m(e)g(get)g(that)514 3135 y Fg(F)583 3201 y
+Ft(;)f Fu(exists.)44 b(Using)31 b(the)h(de\014nition)e(of)1953
+3135 y Fg(F)2022 3201 y Ft(;)h Fu(w)m(e)i(see)f(that)f(for)g(an)m(y)h
+(elemen)m(t)f Fs(d)42 b Fu(of)0 3321 y Fs(D)g Fu(w)m(e)33
+b(ha)m(v)m(e)484 3255 y Fg(F)553 3321 y Ft(;)g(v)g Fs(d)10
+b Fu(.)43 b(This)33 b(means)f(that)1609 3255 y Fg(F)1678
+3321 y Ft(;)g Fu(is)g(the)h(least)g(elemen)m(t)f(of)g
+Fs(D)9 b Fu(.)562 b Fh(2)146 3525 y Fu(Exercise)26 b(4.21)e(sho)m(ws)j
+(that)d Fw(State)h Fo(,)-17 b Ft(!)24 b Fw(State)h Fu(is)f(not)h(a)f
+(complete)g(lattice.)39 b(F)-8 b(ortunately)g(,)0 3645
+y(w)m(e)34 b(ha)m(v)m(e)p 0 3766 V 0 3912 a Fw(Lemma)j(4.25)49
+b Fu(\()p Fw(State)39 b Fo(,)-17 b Ft(!)39 b Fw(State)p
+Fu(,)f Ft(v)q Fu(\))h(is)f(a)g(ccp)s(o.)63 b(The)39 b(least)g(upp)s(er)
+g(b)s(ound)3107 3845 y Fg(F)3176 3912 y Fs(Y)58 b Fu(of)39
+b(a)0 4032 y(c)m(hain)32 b Fs(Y)53 b Fu(is)32 b(giv)m(en)g(b)m(y)244
+4207 y(graph\()526 4141 y Fg(F)595 4207 y Fs(Y)20 b Fu(\))32
+b(=)865 4141 y Fg(S)935 4207 y Ft(f)g Fu(graph\()p Fs(g)9
+b Fu(\))32 b Ft(j)g Fs(g)41 b Ft(2)p Fs(Y)53 b Ft(g)0
+4382 y Fu(that)32 b(is)g(\()347 4316 y Fg(F)417 4382
+y Fs(Y)19 b Fu(\))p Fs(s)41 b Fu(=)32 b Fs(s)783 4346
+y Fi(0)839 4382 y Fu(if)f(and)i(only)f(if)g Fs(g)41 b(s)f
+Fu(=)33 b Fs(s)1745 4346 y Fi(0)1801 4382 y Fu(for)f(some)g
+Fs(g)41 b Ft(2)33 b Fs(Y)20 b Fu(.)p 0 4503 V 0 4678
+a Fw(Pro)s(of:)37 b Fu(The)d(pro)s(of)e(is)g(in)f(three)j(stages:)44
+b(First)32 b(w)m(e)h(pro)m(v)m(e)h(that)269 4779 y Fg(S)338
+4845 y Ft(f)e Fu(graph\()p Fs(g)9 b Fu(\))32 b Ft(j)g
+Fs(g)41 b Ft(2)33 b Fs(Y)52 b Ft(g)2103 b Fu(\(*\))0
+5013 y(is)41 b(indeed)h(a)f(graph)h(of)f(a)g(partial)f(function)h(in)g
+Fw(State)h Fo(,)-17 b Ft(!)41 b Fw(State)p Fu(.)71 b(Secondly)-8
+b(,)44 b(w)m(e)f(pro)m(v)m(e)0 5133 y(that)29 b(this)g(function)g(will)
+d(b)s(e)k(an)f(upp)s(er)h(b)s(ound)f(of)g Fs(Y)49 b Fu(and)29
+b(thirdly)f(that)h(it)f(is)h(less)g(than)h(an)m(y)0 5254
+y(other)j(upp)s(er)g(b)s(ound)g(of)f Fs(Y)19 b Fu(,)33
+b(that)f(is)g(it)g(is)g(the)h(least)f(upp)s(er)h(b)s(ound)g(of)f
+Fs(Y)20 b Fu(.)146 5374 y(T)-8 b(o)25 b(v)m(erify)g(that)g(\(*\))f(sp)s
+(eci\014es)i(a)f Fs(p)-5 b(artial)27 b(function)32 b
+Fu(w)m(e)26 b(only)e(need)i(to)f(sho)m(w)h(that)e(if)g
+Ft(h)p Fs(s)8 b Fu(,)32 b Fs(s)3410 5338 y Fi(0)3434
+5374 y Ft(i)0 5494 y Fu(and)h Ft(h)o Fs(s)8 b Fu(,)33
+b Fs(s)384 5458 y Fi(00)427 5494 y Ft(i)f Fu(are)g(elemen)m(ts)h(of)p
+eop
+%%Page: 100 110
+100 109 bop 251 130 a Fw(100)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Fs(X)49 b
+Fu(=)756 449 y Fg(S)826 515 y Ft(f)32 b Fu(graph\()p
+Fs(g)9 b Fu(\))32 b Ft(j)g Fs(g)9 b Ft(2)p Fs(Y)52 b
+Ft(g)283 710 y Fu(then)35 b Fs(s)555 673 y Fi(0)613 710
+y Fu(=)f Fs(s)771 673 y Fi(00)813 710 y Fu(.)49 b(When)35
+b Ft(h)p Fs(s)8 b Fu(,)34 b Fs(s)1371 673 y Fi(0)1395
+710 y Ft(i)g(2)g Fs(X)51 b Fu(there)35 b(will)c(b)s(e)k(a)f(partial)e
+(function)i Fs(g)41 b Ft(2)33 b Fs(Y)53 b Fu(suc)m(h)36
+b(that)283 830 y Fs(g)k(s)f Fu(=)30 b Fs(s)601 794 y
+Fi(0)625 830 y Fu(.)43 b(Similarly)-8 b(,)27 b(when)32
+b Ft(h)p Fs(s)8 b Fu(,)31 b Fs(s)1573 794 y Fi(00)1616
+830 y Ft(i)f(2)h Fs(X)47 b Fu(then)32 b(there)g(will)c(b)s(e)j(a)g
+(partial)e(function)h Fs(g)3510 794 y Fi(0)3565 830 y
+Ft(2)j Fs(Y)283 950 y Fu(suc)m(h)i(that)d Fs(g)769 914
+y Fi(0)824 950 y Fs(s)41 b Fu(=)32 b Fs(s)1061 914 y
+Fi(00)1104 950 y Fu(.)43 b(Since)33 b Fs(Y)52 b Fu(is)33
+b(a)f(c)m(hain)g(w)m(e)i(will)c(ha)m(v)m(e)k(that)f(either)f
+Fs(g)41 b Ft(v)33 b Fs(g)3281 914 y Fi(0)3337 950 y Fu(or)f
+Fs(g)3510 914 y Fi(0)3565 950 y Ft(v)h Fs(g)9 b Fu(.)283
+1071 y(In)44 b(an)m(y)h(case)f(w)m(e)h(get)f Fs(g)52
+b(s)g Fu(=)43 b Fs(g)1520 1034 y Fi(0)1587 1071 y Fs(s)51
+b Fu(and)44 b(this)g(means)f(that)h Fs(s)2661 1034 y
+Fi(0)2728 1071 y Fu(=)f Fs(s)2895 1034 y Fi(00)2981 1071
+y Fu(as)h(required.)78 b(This)283 1191 y(completes)33
+b(the)g(\014rst)g(part)f(of)g(the)h(pro)s(of.)430 1311
+y(In)g(the)g(second)h(part)e(of)g(the)h(pro)s(of)f(w)m(e)h(de\014ne)h
+(the)f(partial)d(function)j Fs(g)3124 1326 y Fn(0)3195
+1311 y Fu(b)m(y)527 1506 y(graph\()p Fs(g)863 1521 y
+Fn(0)902 1506 y Fu(\))g(=)1081 1439 y Fg(S)1150 1506
+y Ft(f)g Fu(graph\()p Fs(g)9 b Fu(\))31 b Ft(j)i Fs(g)41
+b Ft(2)33 b Fs(Y)52 b Ft(g)283 1700 y Fu(T)-8 b(o)33
+b(sho)m(w)g(that)f Fs(g)933 1715 y Fn(0)1004 1700 y Fu(is)g(an)g(upp)s
+(er)h(b)s(ound)f(of)g Fs(Y)52 b Fu(let)31 b Fs(g)41 b
+Fu(b)s(e)32 b(an)g(elemen)m(t)g(of)g Fs(Y)20 b Fu(.)32
+b(Then)h(w)m(e)h(ha)m(v)m(e)283 1820 y(graph\()p Fs(g)9
+b Fu(\))36 b Ft(\022)g Fu(graph\()p Fs(g)1142 1835 y
+Fn(0)1181 1820 y Fu(\))g(and)g(using)f(the)h(result)g(of)g(Exercise)h
+(4.8)e(w)m(e)i(see)g(that)f Fs(g)44 b Ft(v)37 b Fs(g)3594
+1835 y Fn(0)3669 1820 y Fu(as)283 1940 y(required)d(and)e(w)m(e)i(ha)m
+(v)m(e)g(completed)e(the)h(second)h(part)e(of)g(the)h(pro)s(of.)430
+2061 y(In)26 b(the)h(third)e(part)h(of)g(the)h(pro)s(of)e(w)m(e)i(sho)m
+(w)h(that)e Fs(g)2296 2076 y Fn(0)2361 2061 y Fu(is)g(the)g(least)g
+(upp)s(er)h(b)s(ound)f(of)g Fs(Y)20 b Fu(.)26 b(So)283
+2181 y(let)33 b Fs(g)479 2196 y Fn(1)551 2181 y Fu(b)s(e)h(some)f(upp)s
+(er)h(b)s(ound)f(of)g Fs(Y)19 b Fu(.)34 b(Using)f(the)g(de\014nition)f
+(of)h(an)g(upp)s(er)h(b)s(ound)g(w)m(e)g(get)283 2302
+y(that)29 b Fs(g)38 b Ft(v)30 b Fs(g)735 2317 y Fn(1)803
+2302 y Fu(m)m(ust)f(hold)f(for)h(all)e Fs(g)38 b Ft(2)p
+Fs(Y)20 b Fu(.)29 b(Exercise)i(4.8)d(giv)m(es)i(that)f(graph\()p
+Fs(g)9 b Fu(\))28 b Ft(\022)i Fu(graph\()p Fs(g)3652
+2317 y Fn(1)3691 2302 y Fu(\).)283 2422 y(Hence)k(it)e(m)m(ust)h(b)s(e)
+f(the)h(case)h(that)527 2550 y Fg(S)597 2616 y Ft(f)e
+Fu(graph\()p Fs(g)9 b Fu(\))32 b Ft(j)g Fs(g)41 b Ft(2)33
+b Fs(Y)52 b Ft(g)32 b(\022)h Fu(graph\()p Fs(g)1982 2631
+y Fn(1)2021 2616 y Fu(\))283 2810 y(But)28 b(this)g(is)f(the)h(same)f
+(as)h(graph\()p Fs(g)1604 2825 y Fn(0)1643 2810 y Fu(\))f
+Ft(\022)h Fu(graph\()p Fs(g)2149 2825 y Fn(1)2188 2810
+y Fu(\))g(and)f(Exercise)i(4.8)f(giv)m(es)g(that)f Fs(g)3464
+2825 y Fn(0)3531 2810 y Ft(v)h Fs(g)3690 2825 y Fn(1)3729
+2810 y Fu(.)283 2931 y(This)k(sho)m(ws)h(that)e Fs(g)1048
+2946 y Fn(0)1118 2931 y Fu(is)f(the)i(least)f(upp)s(er)h(b)s(ound)f(of)
+g Fs(Y)50 b Fu(and)32 b(thereb)m(y)h(w)m(e)f(ha)m(v)m(e)g(completed)283
+3051 y(the)h(pro)s(of.)2980 b Fh(2)283 3421 y Fp(Con)l(tin)l(uous)46
+b(functions)283 3606 y Fu(Let)35 b(\()p Fs(D)9 b Fu(,)34
+b Ft(v)p Fu(\))g(and)g(\()p Fs(D)1103 3570 y Fi(0)1126
+3606 y Fu(,)h Ft(v)1265 3570 y Fi(0)1288 3606 y Fu(\))f(b)s(e)g(ccp)s
+(o's)h(and)f(consider)h(a)e(\(total\))g(function)g Fs(f)21
+b Fu(:)46 b Fs(D)d Ft(!)34 b Fs(D)3593 3570 y Fi(0)3616
+3606 y Fu(.)48 b(If)283 3726 y Fs(d)343 3741 y Fn(1)416
+3726 y Ft(v)33 b Fs(d)586 3741 y Fn(2)657 3726 y Fu(then)g(the)f(in)m
+(tuition)e(is)h(that)h Fs(d)1812 3741 y Fn(1)1884 3726
+y Fu(shares)h(its)e(information)e(with)j Fs(d)3122 3741
+y Fn(2)3161 3726 y Fu(.)43 b(So)32 b(when)h(the)283 3847
+y(function)k Fs(f)58 b Fu(has)37 b(b)s(een)h(applied)e(to)h(the)g(t)m
+(w)m(o)h(elemen)m(ts)f Fs(d)2465 3862 y Fn(1)2542 3847
+y Fu(and)g Fs(d)2796 3862 y Fn(2)2872 3847 y Fu(then)h(w)m(e)g(shall)e
+(exp)s(ect)283 3967 y(that)31 b(a)g(similar)c(relationship)i(holds)i(b)
+s(et)m(w)m(een)i(the)e(results.)43 b(That)31 b(is)g(w)m(e)g(shall)f
+(exp)s(ect)i(that)283 4088 y Fs(f)55 b(d)428 4103 y Fn(1)502
+4088 y Ft(v)579 4051 y Fi(0)637 4088 y Fs(f)g(d)782 4103
+y Fn(2)855 4088 y Fu(and)34 b(when)h(this)f(is)g(the)g(case)h(w)m(e)g
+(sa)m(y)g(that)f Fs(f)55 b Fu(is)33 b Fs(monotone)p Fu(.)47
+b(F)-8 b(ormally)g(,)31 b Fs(f)55 b Fu(is)283 4208 y(monotone)32
+b(if)g(and)g(only)g(if)527 4402 y Fs(d)587 4417 y Fn(1)659
+4402 y Ft(v)h Fs(d)829 4417 y Fn(2)902 4402 y Fu(implies)d
+Fs(f)53 b(d)1376 4417 y Fn(1)1448 4402 y Ft(v)1526 4366
+y Fi(0)1581 4402 y Fs(f)h(d)1725 4417 y Fn(2)283 4596
+y Fu(for)32 b(all)f(c)m(hoices)i(of)g Fs(d)1068 4611
+y Fn(1)1140 4596 y Fu(and)f Fs(d)1389 4611 y Fn(2)1429
+4596 y Fu(.)283 4812 y Fw(Example)37 b(4.26)49 b Fu(Consider)24
+b(the)h(ccp)s(o's)g(\()p Ft(P)8 b Fu(\()p Ft(f)p Fu(a,b,c)p
+Ft(g)p Fu(\),)26 b Ft(\022)p Fu(\))e(and)h(\()p Ft(P)8
+b Fu(\()p Ft(f)p Fu(d,e)p Ft(g)p Fu(\),)26 b Ft(\022)p
+Fu(\).)41 b(The)25 b(func-)283 4932 y(tion)32 b Fs(f)535
+4947 y Fn(1)574 4932 y Fu(:)44 b Ft(P)8 b Fu(\()p Ft(f)p
+Fu(a,b,c)p Ft(g)p Fu(\))33 b Ft(!)f(P)8 b Fu(\()p Ft(f)p
+Fu(d,e)p Ft(g)p Fu(\))33 b(de\014ned)h(b)m(y)g(the)f(table)639
+5205 y Fs(X)p 869 5288 4 249 v 209 w Ft(f)p Fu(a,b,c)p
+Ft(g)100 b(f)p Fu(a,b)p Ft(g)i(f)p Fu(a,c)p Ft(g)g(f)p
+Fu(b,c)p Ft(g)h(f)p Fu(a)p Ft(g)f(f)p Fu(b)p Ft(g)d(f)p
+Fu(c)p Ft(g)h(;)p 527 5291 2620 4 v 577 5457 a Fs(f)628
+5472 y Fn(1)700 5457 y Fs(X)p 869 5528 4 237 v 186 w
+Ft(f)p Fu(d,e)p Ft(g)176 b(f)p Fu(d)p Ft(g)137 b(f)p
+Fu(d,e)p Ft(g)100 b(f)p Fu(d,e)p Ft(g)g(f)p Fu(d)p Ft(g)g(f)p
+Fu(d)p Ft(g)f(f)p Fu(e)p Ft(g)h(;)p eop
+%%Page: 101 111
+101 110 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2127
+b(101)p 0 193 3473 4 v 0 515 a Fu(is)32 b(monotone:)43
+b(it)31 b(simply)h(c)m(hanges)h(a's)g(and)g(b's)g(to)g(d's)g(and)g(c's)
+g(to)f(e's.)146 636 y(The)i(function)e Fs(f)780 651 y
+Fn(2)819 636 y Fu(:)44 b Ft(P)8 b Fu(\()p Ft(f)p Fu(a,b,c)p
+Ft(g)p Fu(\))33 b Ft(!)f(P)8 b Fu(\()p Ft(f)p Fu(d,e)p
+Ft(g)p Fu(\))33 b(de\014ned)h(b)m(y)g(the)f(table)355
+917 y Fs(X)p 585 1001 4 249 v 210 w Ft(f)p Fu(a,b,c)p
+Ft(g)100 b(f)p Fu(a,b)p Ft(g)f(f)p Fu(a,c)p Ft(g)g(f)p
+Fu(b,c)p Ft(g)k(f)p Fu(a)p Ft(g)f(f)p Fu(b)p Ft(g)d(f)p
+Fu(c)p Ft(g)146 b(;)p 244 1004 2707 4 v 294 1169 a Fs(f)345
+1184 y Fn(2)417 1169 y Fs(X)p 585 1240 4 237 v 221 w
+Ft(f)p Fu(d)p Ft(g)211 b(f)p Fu(d)p Ft(g)170 b(f)p Fu(d)p
+Ft(g)i(f)p Fu(e)p Ft(g)140 b(f)p Fu(d)p Ft(g)105 b(f)p
+Fu(e)p Ft(g)g(f)p Fu(e)p Ft(g)100 b(f)p Fu(e)p Ft(g)0
+1406 y Fu(is)36 b Fs(not)46 b Fu(monotone)36 b(b)s(ecause)j
+Ft(f)p Fu(b,c)p Ft(g)d(\022)i(f)p Fu(a,b,c)p Ft(g)e Fu(but)h
+Fs(f)2050 1421 y Fn(2)2127 1406 y Ft(f)p Fu(b,c)p Ft(g)f(6\022)i
+Fs(f)2553 1421 y Fn(2)2629 1406 y Ft(f)p Fu(a,b,c)p Ft(g)p
+Fu(.)56 b(In)m(tuitiv)m(ely)-8 b(,)0 1527 y(all)36 b(sets)j(that)f(con)
+m(tain)g(an)g(a)g(are)g(mapp)s(ed)g(to)g Ft(f)p Fu(d)p
+Ft(g)g Fu(whereas)h(the)g(others)g(are)f(mapp)s(ed)g(to)0
+1647 y Ft(f)p Fu(e)p Ft(g)43 b Fu(and)h(since)g(the)g(elemen)m(ts)g
+Ft(f)p Fu(d)p Ft(g)f Fu(and)g Ft(f)p Fu(e)p Ft(g)h Fu(are)f
+(incomparable)f(this)h(do)s(es)h(not)f(giv)m(e)h(a)0
+1767 y(monotone)32 b(function.)42 b(Ho)m(w)m(ev)m(er,)35
+b(if)c(w)m(e)j(c)m(hange)f(the)g(de\014nition)e(suc)m(h)j(that)e(sets)h
+(with)f(an)h(a)0 1888 y(are)e(mapp)s(ed)g(to)g Ft(f)p
+Fu(d)p Ft(g)f Fu(and)i(all)c(other)k(sets)g(to)f Ft(;)f
+Fu(then)i(the)g(function)e(will)f(b)s(e)i(monotone.)75
+b Fh(2)0 2116 y Fw(Exercise)36 b(4.27)49 b Fu(Consider)37
+b(the)g(ccp)s(o)g(\()p Ft(P)9 b Fu(\()p Fw(N)p Fu(\),)36
+b Ft(\022)p Fu(\).)55 b(Determine)36 b(whic)m(h)h(of)f(the)h(follo)m
+(wing)0 2237 y(functions)c(in)e Ft(P)9 b Fu(\()p Fw(N)p
+Fu(\))32 b Ft(!)g(P)8 b Fu(\()p Fw(N)p Fu(\))33 b(are)f(monotone:)145
+2440 y Ft(\017)49 b Fs(f)295 2455 y Fn(1)367 2440 y Fs(X)f
+Fu(=)33 b Fw(N)f Ft(n)g Fs(X)145 2643 y Ft(\017)49 b
+Fs(f)295 2658 y Fn(2)367 2643 y Fs(X)f Fu(=)33 b Fs(X)49
+b Ft([)32 b(f)p Fw(27)p Ft(g)145 2847 y(\017)49 b Fs(f)295
+2862 y Fn(3)367 2847 y Fs(X)f Fu(=)33 b Fs(X)49 b Ft(\\)32
+b(f)p Fw(7)p Fu(,)h Fw(9)p Fu(,)g Fw(13)p Ft(g)145 3050
+y(\017)49 b Fs(f)295 3065 y Fn(4)367 3050 y Fs(X)f Fu(=)33
+b Ft(f)f Fs(n)40 b Ft(2)33 b Fs(X)49 b Ft(j)32 b Fs(n)40
+b Fu(is)32 b(a)g(prime)f Ft(g)145 3254 y(\017)49 b Fs(f)295
+3269 y Fn(5)367 3254 y Fs(X)f Fu(=)33 b Ft(f)f Fw(2)h
+Fo(?)f Fs(n)40 b Ft(j)32 b Fs(n)40 b Ft(2)33 b Fs(X)48
+b Ft(g)2031 b Fh(2)0 3482 y Fw(Exercise)36 b(4.28)49
+b Fu(Determine)32 b(whic)m(h)h(of)f(the)h(follo)m(wing)d(functionals)h
+(of)244 3685 y(\()p Fw(State)h Fo(,)-17 b Ft(!)33 b Fw(State)p
+Fu(\))g Ft(!)f Fu(\()p Fw(State)g Fo(,)-17 b Ft(!)33
+b Fw(State)p Fu(\))0 3889 y(are)g(monotone:)145 4092
+y Ft(\017)49 b Fs(F)321 4107 y Fn(0)393 4092 y Fs(g)41
+b Fu(=)32 b Fs(g)145 4377 y Ft(\017)49 b Fs(F)321 4392
+y Fn(1)393 4377 y Fs(g)41 b Fu(=)587 4203 y Fg(8)587
+4277 y(<)587 4427 y(:)703 4292 y Fs(g)757 4307 y Fn(1)879
+4292 y Fu(if)31 b Fs(g)41 b Fu(=)33 b Fs(g)1217 4307
+y Fn(2)703 4460 y Fs(g)757 4475 y Fn(2)879 4460 y Fu(otherwise)1494
+4377 y(where)h Fs(g)1830 4392 y Fn(1)1902 4377 y Ft(6)p
+Fu(=)e Fs(g)2064 4392 y Fn(2)145 4767 y Ft(\017)49 b
+Fu(\()p Fs(F)359 4731 y Fi(0)415 4767 y Fs(g)9 b Fu(\))32
+b Fs(s)40 b Fu(=)728 4593 y Fg(8)728 4668 y(<)728 4817
+y(:)843 4683 y Fs(g)h(s)91 b Fu(if)32 b Fs(s)40 b Fr(x)33
+b Ft(6)p Fu(=)f Fw(0)843 4850 y Fs(s)177 b Fu(if)32 b
+Fs(s)40 b Fr(x)33 b Fu(=)f Fw(0)3398 4767 y Fh(2)146
+5077 y Fu(The)d(monotone)d(functions)i(ha)m(v)m(e)g(a)f(couple)h(of)f
+(in)m(teresting)g(prop)s(erties.)41 b(First)27 b(w)m(e)h(pro)m(v)m(e)0
+5198 y(that)k(the)h(comp)s(osition)e(of)h(t)m(w)m(o)h(monotone)f
+(functions)g(is)g(a)h(monotone)e(function.)p eop
+%%Page: 102 112
+102 111 bop 251 130 a Fw(102)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 283 515 3473 5 v 283
+689 a(F)-9 b(act)38 b(4.29)49 b Fu(Let)e(\()p Fs(D)9
+b Fu(,)47 b Ft(v)p Fu(\),)k(\()p Fs(D)1476 653 y Fi(0)1499
+689 y Fu(,)g Ft(v)1654 653 y Fi(0)1677 689 y Fu(\))c(and)g(\()p
+Fs(D)2087 653 y Fi(00)2130 689 y Fu(,)j Ft(v)2285 653
+y Fi(00)2327 689 y Fu(\))d(b)s(e)g(ccp)s(o's)h(and)f(let)f
+Fs(f)21 b Fu(:)72 b Fs(D)56 b Ft(!)47 b Fs(D)3733 653
+y Fi(0)283 809 y Fu(and)42 b Fs(f)533 773 y Fi(0)557
+809 y Fu(:)h Fs(D)710 773 y Fi(0)766 809 y Ft(!)32 b
+Fs(D)981 773 y Fi(00)1065 809 y Fu(b)s(e)42 b(monotone)f(functions.)71
+b(Then)43 b Fs(f)2467 773 y Fi(0)2522 809 y Ft(\016)33
+b Fs(f)21 b Fu(:)43 b Fs(D)f Ft(!)32 b Fs(D)3057 773
+y Fi(00)3141 809 y Fu(is)41 b(a)h(monotone)283 930 y(function.)p
+283 1050 V 283 1253 a Fw(Pro)s(of:)33 b Fu(Assume)d(that)f
+Fs(d)1245 1268 y Fn(1)1313 1253 y Ft(v)g Fs(d)1479 1268
+y Fn(2)1519 1253 y Fu(.)42 b(The)30 b(monotonicit)m(y)d(of)h
+Fs(f)50 b Fu(giv)m(es)29 b(that)g Fs(f)50 b(d)3142 1268
+y Fn(1)3210 1253 y Ft(v)3287 1217 y Fi(0)3339 1253 y
+Fs(f)g(d)3479 1268 y Fn(2)3519 1253 y Fu(.)42 b(The)283
+1373 y(monotonicit)m(y)31 b(of)h Fs(f)1036 1337 y Fi(0)1092
+1373 y Fu(then)h(giv)m(es)g Fs(f)1604 1337 y Fi(0)1660
+1373 y Fu(\()p Fs(f)53 b(d)1841 1388 y Fn(1)1881 1373
+y Fu(\))32 b Ft(v)2029 1337 y Fi(00)2104 1373 y Fs(f)2155
+1337 y Fi(0)2211 1373 y Fu(\()p Fs(f)53 b(d)2392 1388
+y Fn(2)2431 1373 y Fu(\))33 b(as)g(required.)683 b Fh(2)430
+1576 y Fu(Next)33 b(w)m(e)g(pro)m(v)m(e)h(that)e(the)h(image)e(of)h(a)g
+(c)m(hain)g(under)h(a)g(monotone)e(function)h(is)g(itself)f(a)283
+1697 y(c)m(hain.)p 283 1817 V 283 1991 a Fw(Lemma)38
+b(4.30)49 b Fu(Let)24 b(\()p Fs(D)9 b Fu(,)23 b Ft(v)q
+Fu(\))h(and)g(\()p Fs(D)1708 1955 y Fi(0)1731 1991 y
+Fu(,)h Ft(v)1861 1955 y Fi(0)1884 1991 y Fu(\))f(b)s(e)g(ccp)s(o's)h
+(and)f(let)f Fs(f)e Fu(:)39 b Fs(D)33 b Ft(!)23 b Fs(D)3095
+1955 y Fi(0)3142 1991 y Fu(b)s(e)h(a)g(monotone)283 2111
+y(function.)42 b(If)30 b Fs(Y)49 b Fu(is)29 b(a)h(c)m(hain)f(in)g
+Fs(D)39 b Fu(then)30 b Ft(f)f Fs(f)51 b(d)39 b Ft(j)30
+b Fs(d)39 b Ft(2)30 b Fs(Y)49 b Ft(g)30 b Fu(is)f(a)g(c)m(hain)h(in)f
+Fs(D)3104 2075 y Fi(0)3127 2111 y Fu(.)42 b(F)-8 b(urthermore,)552
+2212 y Fg(F)621 2243 y Fi(0)645 2279 y Ft(f)32 b Fs(f)53
+b(d)43 b Ft(j)32 b Fs(d)43 b Ft(2)33 b Fs(Y)52 b Ft(g)32
+b(v)1439 2243 y Fi(0)1495 2279 y Fs(f)21 b Fu(\()1584
+2212 y Fg(F)1653 2279 y Fs(Y)e Fu(\))p 283 2399 V 283
+2602 a Fw(Pro)s(of:)42 b Fu(If)37 b Fs(Y)56 b Fu(=)36
+b Ft(;)g Fu(then)h(the)g(result)f(holds)h(immediately)c(since)k
+Ft(?)2868 2566 y Fi(0)2928 2602 y Ft(v)3005 2566 y Fi(0)3065
+2602 y Fs(f)57 b Ft(?)q Fu(.)e(So)36 b(assume)283 2722
+y(that)d Fs(Y)53 b Ft(6)p Fu(=)33 b Ft(;)p Fu(.)45 b(W)-8
+b(e)34 b(shall)e(\014rst)h(pro)m(v)m(e)i(that)e Ft(f)g
+Fs(f)54 b(d)43 b Ft(j)33 b Fs(d)43 b Ft(2)33 b Fs(Y)53
+b Ft(g)33 b Fu(is)g(a)g(c)m(hain)g(in)f Fs(D)3283 2686
+y Fi(0)3306 2722 y Fu(.)46 b(So)33 b(let)f Fs(d)3716
+2686 y Fi(0)3716 2747 y Fn(1)283 2843 y Fu(and)37 b Fs(d)537
+2806 y Fi(0)537 2867 y Fn(2)613 2843 y Fu(b)s(e)f(t)m(w)m(o)h(elemen)m
+(ts)g(of)f Ft(f)g Fs(f)57 b(d)46 b Ft(j)36 b Fs(d)47
+b Ft(2)36 b Fs(Y)56 b Ft(g)p Fu(.)f(Then)37 b(there)g(are)f(elemen)m
+(ts)h Fs(d)3387 2858 y Fn(1)3463 2843 y Fu(and)f Fs(d)3716
+2858 y Fn(2)283 2963 y Fu(in)d Fs(Y)54 b Fu(suc)m(h)35
+b(that)e Fs(d)1017 2927 y Fi(0)1017 2988 y Fn(1)1090
+2963 y Fu(=)h Fs(f)54 b(d)1344 2978 y Fn(1)1417 2963
+y Fu(and)34 b Fs(d)1668 2927 y Fi(0)1668 2988 y Fn(2)1741
+2963 y Fu(=)f Fs(f)55 b(d)1995 2978 y Fn(2)2035 2963
+y Fu(.)46 b(Since)34 b Fs(Y)53 b Fu(is)33 b(a)h(c)m(hain)f(w)m(e)i(ha)m
+(v)m(e)g(that)e(either)283 3083 y Fs(d)343 3098 y Fn(1)416
+3083 y Ft(v)g Fs(d)586 3098 y Fn(2)660 3083 y Fu(or)i
+Fs(d)842 3098 y Fn(2)917 3083 y Ft(v)g Fs(d)1089 3098
+y Fn(1)1129 3083 y Fu(.)51 b(In)35 b(either)g(case)h(w)m(e)g(get)g
+(that)f(the)g(same)g(order)g(holds)g(b)s(et)m(w)m(een)i
+Fs(d)3716 3047 y Fi(0)3716 3108 y Fn(1)283 3204 y Fu(and)g
+Fs(d)537 3168 y Fi(0)537 3228 y Fn(2)613 3204 y Fu(b)s(ecause)h(of)e
+(the)h(monotonicit)m(y)e(of)h Fs(f)21 b Fu(.)56 b(This)36
+b(pro)m(v)m(es)j(that)d Ft(f)g Fs(f)58 b(d)47 b Ft(j)36
+b Fs(d)47 b Ft(2)36 b Fs(Y)57 b Ft(g)36 b Fu(is)g(a)283
+3324 y(c)m(hain.)430 3444 y(T)-8 b(o)46 b(pro)m(v)m(e)g(the)h(second)g
+(part)e(of)g(the)h(lemma)e(consider)i(an)f(arbitrary)g(elemen)m(t)h
+Fs(d)55 b Fu(of)283 3565 y Fs(Y)20 b Fu(.)48 b(Then)g(it)f(will)e(b)s
+(e)j(the)g(case)g(that)g Fs(d)57 b Ft(v)2042 3498 y Fg(F)2111
+3565 y Fs(Y)20 b Fu(.)48 b(The)g(monotonicit)m(y)e(of)h
+Fs(f)68 b Fu(giv)m(es)48 b(that)283 3685 y Fs(f)54 b(d)43
+b Ft(v)537 3649 y Fi(0)593 3685 y Fs(f)21 b Fu(\()682
+3619 y Fg(F)751 3685 y Fs(Y)f Fu(\).)76 b(Since)44 b(this)f(holds)g
+(for)g(all)e Fs(d)54 b Ft(2)44 b Fs(Y)63 b Fu(w)m(e)45
+b(get)e(that)h Fs(f)21 b Fu(\()3012 3619 y Fg(F)3081
+3685 y Fs(Y)e Fu(\))44 b(is)f(an)g(upp)s(er)283 3806
+y(b)s(ound)33 b(on)g Ft(f)f Fs(f)53 b(d)43 b Ft(j)32
+b Fs(d)43 b Ft(2)p Fs(Y)53 b Ft(g)o Fu(,)33 b(that)f(is)1740
+3739 y Fg(F)1810 3769 y Fi(0)1865 3806 y Ft(f)h Fs(f)53
+b(d)43 b Ft(j)32 b Fs(d)43 b Ft(2)p Fs(Y)52 b Ft(g)33
+b(v)2627 3769 y Fi(0)2683 3806 y Fs(f)21 b Fu(\()2772
+3739 y Fg(F)2841 3806 y Fs(Y)f Fu(\).)683 b Fh(2)430
+4009 y Fu(In)40 b(general)f(w)m(e)i(cannot)f(exp)s(ect)h(that)e(a)g
+(monotone)g(function)h(preserv)m(es)i(least)d(upp)s(er)283
+4129 y(b)s(ounds)d(on)f(c)m(hains,)g(that)g(is)1402 4063
+y Fg(F)1471 4093 y Fi(0)1529 4129 y Ft(f)g Fs(f)55 b(d)45
+b Ft(j)35 b Fs(d)44 b Ft(2)q Fs(Y)54 b Ft(g)35 b Fu(=)f
+Fs(f)21 b Fu(\()2428 4063 y Fg(F)2497 4129 y Fs(Y)f Fu(\).)35
+b(This)g(is)f(illustrated)f(b)m(y)i(the)283 4250 y(follo)m(wing)30
+b(example:)283 4477 y Fw(Example)37 b(4.31)49 b Fu(F)-8
+b(rom)29 b(Example)i(4.23)f(w)m(e)i(get)f(that)f(\()p
+Ft(P)9 b Fu(\()p Fw(N)30 b Ft([)h(f)p Fu(a)p Ft(g)p Fu(\),)g
+Ft(\022)p Fu(\))g(is)f(a)h(ccp)s(o.)43 b(No)m(w)283 4597
+y(consider)33 b(the)g(function)f Fs(f)21 b Fu(:)44 b
+Ft(P)8 b Fu(\()p Fw(N)32 b Ft([)h(f)p Fu(a)p Ft(g)p Fu(\))f
+Ft(!)g(P)9 b Fu(\()p Fw(N)32 b Ft([)h(f)p Fu(a)p Ft(g)p
+Fu(\))f(de\014ned)i(b)m(y)527 4887 y Fs(f)54 b(X)48 b
+Fu(=)840 4713 y Fg(8)840 4788 y(<)840 4937 y(:)955 4803
+y Fs(X)379 b Fu(if)32 b Fs(X)48 b Fu(is)32 b(\014nite)955
+4970 y Fs(X)49 b Ft([)33 b(f)p Fu(a)p Ft(g)82 b Fu(if)32
+b Fs(X)48 b Fu(is)32 b(in\014nite)283 5171 y(Clearly)-8
+b(,)34 b Fs(f)54 b Fu(is)33 b(a)h(monotone)e(function:)46
+b(if)32 b Fs(X)1960 5186 y Fn(1)2033 5171 y Ft(\022)i
+Fs(X)2232 5186 y Fn(2)2306 5171 y Fu(then)g(also)f Fs(f)54
+b(X)2898 5186 y Fn(1)2971 5171 y Ft(\022)35 b Fs(f)54
+b(X)3255 5186 y Fn(2)3295 5171 y Fu(.)46 b(Ho)m(w)m(ev)m(er,)283
+5292 y Fs(f)54 b Fu(do)s(es)33 b(not)f(preserv)m(e)i(the)f(least)f(upp)
+s(er)h(b)s(ounds)g(of)f(c)m(hains.)44 b(T)-8 b(o)32 b(see)i(this)e
+(consider)g(the)h(set)527 5494 y Fs(Y)53 b Fu(=)32 b
+Ft(f)g(f)p Fu(0,1,)p Ft(\001)17 b(\001)g(\001)n Fu(,n)p
+Ft(g)33 b(j)f Fu(n)p Ft(\025)q Fu(0)g Ft(g)p eop
+%%Page: 103 113
+103 112 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2127
+b(103)p 0 193 3473 4 v 0 515 a Fu(It)25 b(consists)h(of)f(the)g(elemen)
+m(ts)h Ft(f)p Fu(0)p Ft(g)p Fu(,)g Ft(f)p Fu(0,1)p Ft(g)p
+Fu(,)g Ft(f)p Fu(0,1,2)p Ft(g)p Fu(,)f Ft(\001)17 b(\001)g(\001)24
+b Fu(and)h(it)f(is)h(straigh)m(tforw)m(ard)f(to)h(v)m(erify)0
+636 y(that)40 b(it)f(is)h(a)g(c)m(hain)g(with)g Fw(N)g
+Fu(as)g(its)g(least)f(upp)s(er)i(b)s(ound,)i(that)d(is)2597
+569 y Fg(F)2666 636 y Fs(Y)60 b Fu(=)40 b Fw(N)p Fu(.)g(When)h(w)m(e)0
+756 y(apply)32 b Fs(f)54 b Fu(to)32 b(the)h(elemen)m(ts)g(of)f
+Fs(Y)52 b Fu(w)m(e)34 b(get)244 897 y Fg(F)346 963 y
+Ft(f)e Fs(f)53 b(X)c Ft(j)32 b Fs(X)49 b Ft(2)33 b Fs(Y)52
+b Ft(g)32 b Fu(=)1227 897 y Fg(F)1296 963 y Fs(Y)52 b
+Fu(=)33 b Fw(N)0 1171 y Fu(Ho)m(w)m(ev)m(er,)i(w)m(e)f(also)d(ha)m(v)m
+(e)244 1378 y Fs(f)53 b Fu(\()365 1312 y Fg(F)434 1378
+y Fs(Y)20 b Fu(\))33 b(=)f Fs(f)53 b Fw(N)33 b Fu(=)f
+Fw(N)g Ft([)h(f)p Fu(a)p Ft(g)0 1585 y Fu(sho)m(wing)g(that)f
+Fs(f)54 b Fu(do)s(es)33 b(not)f(preserv)m(e)j(the)e(least)f(upp)s(er)h
+(b)s(ounds)g(of)g(c)m(hains.)542 b Fh(2)146 1819 y Fu(W)-8
+b(e)31 b(shall)e(b)s(e)i(in)m(terested)h(in)e(functions)g(that)h
+(preserv)m(e)h(least)f(upp)s(er)g(b)s(ounds)g(of)f(c)m(hains,)0
+1939 y(that)i(is)g(functions)h Fs(f)53 b Fu(that)33 b(satisfy)244
+2080 y Fg(F)313 2110 y Fi(0)336 2147 y Ft(f)g Fs(f)53
+b(d)43 b Ft(j)32 b Fs(d)43 b Ft(2)p Fs(Y)52 b Ft(g)33
+b Fu(=)f Fs(f)21 b Fu(\()1218 2080 y Fg(F)1287 2147 y
+Fs(Y)f Fu(\))0 2354 y(In)m(tuitiv)m(ely)-8 b(,)54 b(this)c(means)g
+(that)g(w)m(e)i(obtain)d(the)i(same)f(information)d(indep)s(enden)m
+(tly)k(of)0 2474 y(whether)42 b(w)m(e)g(determine)f(the)g(least)g(upp)s
+(er)h(b)s(ound)f(b)s(efore)g(or)f(after)h(applying)f(the)h(func-)0
+2595 y(tion)32 b Fs(f)20 b Fu(.)146 2716 y(W)-8 b(e)31
+b(shall)d(sa)m(y)j(that)f(a)f(function)h Fs(f)21 b Fu(:)42
+b Fs(D)c Ft(!)30 b Fs(D)1815 2680 y Fi(0)1868 2716 y
+Fu(de\014ned)h(on)f(ccp)s(o's)h(\()p Fs(D)9 b Fu(,)30
+b Ft(v)p Fu(\))g(and)g(\()p Fs(D)3253 2680 y Fi(0)3276
+2716 y Fu(,)h Ft(v)3411 2680 y Fi(0)3435 2716 y Fu(\))0
+2836 y(is)h Fs(c)-5 b(ontinuous)32 b Fu(if)g(it)f(is)h(monotone)g(and)
+244 2977 y Fg(F)313 3007 y Fi(0)336 3043 y Ft(f)h Fs(f)53
+b(d)43 b Ft(j)32 b Fs(d)43 b Ft(2)p Fs(Y)52 b Ft(g)33
+b Fu(=)f Fs(f)21 b Fu(\()1218 2977 y Fg(F)1287 3043 y
+Fs(Y)f Fu(\))0 3251 y(holds)40 b(for)g(all)f Fs(non-empty)h
+Fu(c)m(hains)h Fs(Y)19 b Fu(.)41 b(If)1622 3184 y Fg(F)1691
+3251 y Ft(f)f Fs(f)62 b(d)50 b Ft(j)41 b Fs(d)50 b Ft(2)41
+b Fs(Y)61 b Ft(g)40 b Fu(=)g Fs(f)21 b Fu(\()2677 3184
+y Fg(F)2746 3251 y Fs(Y)f Fu(\))41 b(holds)f(for)g(the)0
+3371 y(empt)m(y)33 b(c)m(hain,)g(that)f(is)g Ft(?)h Fu(=)f
+Fs(f)54 b Ft(?)p Fu(,)33 b(then)g(w)m(e)h(shall)d(sa)m(y)i(that)g
+Fs(f)53 b Fu(is)32 b Fs(strict)p Fu(.)0 3606 y Fw(Example)37
+b(4.32)49 b Fu(The)37 b(function)g Fs(f)1353 3621 y Fn(1)1429
+3606 y Fu(of)f(Example)g(4.26)h(is)f(also)g(con)m(tin)m(uous.)57
+b(T)-8 b(o)37 b(see)h(this)0 3726 y(consider)31 b(a)g(non-empt)m(y)g(c)
+m(hain)g Fs(Y)50 b Fu(of)31 b Ft(P)8 b Fu(\()p Ft(f)p
+Fu(a,b,c)p Ft(g)p Fu(\).)43 b(The)32 b(least)f(upp)s(er)g(b)s(ound)g
+(of)g Fs(Y)51 b Fu(will)28 b(b)s(e)0 3846 y(the)33 b(largest)f(elemen)m
+(t,)g(sa)m(y)i Fs(X)1127 3861 y Fn(0)1167 3846 y Fu(,)e(of)g
+Fs(Y)52 b Fu(\(see)34 b(Example)e(4.17\).)43 b(Therefore)34
+b(w)m(e)f(ha)m(v)m(e)294 4051 y Fs(f)345 4066 y Fn(1)417
+4051 y Fu(\()455 3984 y Fg(F)524 4051 y Fs(Y)19 b Fu(\))100
+b(=)h Fs(f)981 4066 y Fn(1)1053 4051 y Fs(X)1141 4066
+y Fn(0)1879 4051 y Fu(b)s(ecause)34 b Fs(X)2328 4066
+y Fn(0)2400 4051 y Fu(=)2508 3984 y Fg(F)2577 4051 y
+Fs(Y)753 4218 y Ft(\022)930 4152 y Fg(F)999 4218 y Ft(f)f
+Fs(f)1132 4233 y Fn(1)1204 4218 y Fs(X)49 b Ft(j)32 b
+Fs(X)49 b Ft(2)33 b Fs(Y)52 b Ft(g)100 b Fu(b)s(ecause)34
+b Fs(X)2328 4233 y Fn(0)2400 4218 y Ft(2)f Fs(Y)0 4424
+y Fu(Using)41 b(that)h Fs(f)555 4439 y Fn(1)636 4424
+y Fu(is)f(monotone)g(w)m(e)i(get)f(from)e(Lemma)h(4.30)g(that)2559
+4358 y Fg(F)2628 4424 y Ft(f)h Fs(f)2771 4439 y Fn(1)2852
+4424 y Fs(X)58 b Ft(j)41 b Fs(X)58 b Ft(2)42 b Fs(Y)62
+b Ft(g)0 4545 y(\022)36 b Fs(f)163 4560 y Fn(1)238 4545
+y Fu(\()276 4478 y Fg(F)345 4545 y Fs(Y)20 b Fu(\).)35
+b(It)g(follo)m(ws)f(that)h Fs(f)1233 4560 y Fn(1)1307
+4545 y Fu(is)g(con)m(tin)m(uous.)52 b(Also,)35 b Fs(f)2243
+4560 y Fn(1)2317 4545 y Fu(is)g(a)g(strict)f(function)h(b)s(ecause)0
+4665 y Fs(f)51 4680 y Fn(1)123 4665 y Ft(;)d Fu(=)h Ft(;)o
+Fu(.)146 4786 y(The)j(function)f Fs(f)56 b Fu(of)35 b(Example)f(4.31)h
+(is)g Fs(not)44 b Fu(a)35 b(con)m(tin)m(uous)h(function)e(b)s(ecause)j
+(there)f(is)0 4907 y(a)c(c)m(hain)h(for)f(whic)m(h)h(it)e(do)s(es)i
+(not)g(preserv)m(e)i(the)e(least)f(upp)s(er)h(b)s(ound.)790
+b Fh(2)0 5140 y Fw(Exercise)36 b(4.33)49 b Fu(Sho)m(w)34
+b(that)e(the)h(functional)e Fs(F)1863 5104 y Fi(0)1919
+5140 y Fu(of)h(Example)g(4.1)g(is)g(con)m(tin)m(uous.)226
+b Fh(2)0 5374 y Fw(Exercise)36 b(4.34)49 b Fu(Assume)33
+b(that)e(\()p Fs(D)9 b Fu(,)31 b Ft(v)q Fu(\))g(and)h(\()p
+Fs(D)1898 5338 y Fi(0)1921 5374 y Fu(,)g Ft(v)2057 5338
+y Fi(0)2081 5374 y Fu(\))f(are)h(ccp)s(o's)g(and)g(that)f
+Fs(f)21 b Fu(:)43 b Fs(D)d Ft(!)31 b Fs(D)3449 5338 y
+Fi(0)0 5494 y Fu(satis\014es)p eop
+%%Page: 104 114
+104 113 bop 251 130 a Fw(104)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 527 449 a Fg(F)597
+479 y Fi(0)620 515 y Ft(f)c Fs(f)54 b(d)42 b Ft(j)32
+b Fs(d)43 b Ft(2)q Fs(Y)52 b Ft(g)32 b Fu(=)g Fs(f)21
+b Fu(\()1501 449 y Fg(F)1570 515 y Fs(Y)f Fu(\))283 721
+y(for)32 b(all)f Fs(non-empty)h Fu(c)m(hains)h Fs(Y)52
+b Fu(of)32 b Fs(D)9 b Fu(.)33 b(Sho)m(w)g(that)f Fs(f)54
+b Fu(is)32 b(monotone.)863 b Fh(2)430 953 y Fu(W)-8 b(e)33
+b(can)h(extend)h(the)e(result)g(of)g(Lemma)f(4.29)h(to)g(sho)m(w)h
+(that)f(the)h(comp)s(osition)c(of)j(t)m(w)m(o)283 1074
+y(con)m(tin)m(uous)h(functions)e(will)f(also)g(b)s(e)i(con)m(tin)m
+(uous:)p 283 1195 3473 5 v 283 1372 a Fw(Lemma)38 b(4.35)49
+b Fu(Let)38 b(\()p Fs(D)9 b Fu(,)38 b Ft(v)p Fu(\),)h(\()p
+Fs(D)1597 1336 y Fi(0)1621 1372 y Fu(,)g Ft(v)1764 1336
+y Fi(0)1788 1372 y Fu(\))e(and)i(\()p Fs(D)2180 1336
+y Fi(00)2222 1372 y Fu(,)g Ft(v)2366 1336 y Fi(00)2408
+1372 y Fu(\))f(b)s(e)g(ccp)s(o's)h(and)f(let)f Fs(f)21
+b Fu(:)54 b Fs(D)47 b Ft(!)38 b Fs(D)3733 1336 y Fi(0)283
+1493 y Fu(and)d Fs(f)526 1456 y Fi(0)550 1493 y Fu(:)43
+b Fs(D)703 1456 y Fi(0)759 1493 y Ft(!)32 b Fs(D)974
+1456 y Fi(00)1051 1493 y Fu(b)s(e)j(con)m(tin)m(uous)g(functions.)50
+b(Then)36 b Fs(f)2449 1456 y Fi(0)2505 1493 y Ft(\016)c
+Fs(f)21 b Fu(:)44 b Fs(D)d Ft(!)32 b Fs(D)3039 1456 y
+Fi(00)3116 1493 y Fu(is)j(a)f(con)m(tin)m(uous)283 1613
+y(function.)p 283 1733 V 283 1939 a Fw(Pro)s(of:)48 b
+Fu(F)-8 b(rom)40 b(Lemma)h(4.29)g(w)m(e)h(get)g(that)g
+Fs(f)2067 1903 y Fi(0)2132 1939 y Ft(\016)g Fs(f)62 b
+Fu(is)42 b(monotone.)70 b(T)-8 b(o)41 b(pro)m(v)m(e)i(that)f(it)e(is)
+283 2060 y(con)m(tin)m(uous)34 b(let)e Fs(Y)52 b Fu(b)s(e)33
+b(a)f(non-empt)m(y)h(c)m(hain)f(in)g Fs(D)9 b Fu(.)33
+b(The)g(con)m(tin)m(uit)m(y)g(of)f Fs(f)53 b Fu(giv)m(es)527
+2199 y Fg(F)597 2230 y Fi(0)620 2266 y Ft(f)32 b Fs(f)54
+b(d)42 b Ft(j)32 b Fs(d)43 b Ft(2)33 b Fs(Y)52 b Ft(g)33
+b Fu(=)f Fs(f)53 b Fu(\()1566 2199 y Fg(F)1636 2266 y
+Fs(Y)19 b Fu(\))283 2472 y(Since)36 b Ft(f)e Fs(f)56
+b(d)46 b Ft(j)34 b Fs(d)45 b Ft(2)36 b Fs(Y)54 b Ft(g)35
+b Fu(is)g(a)g(\(non-empt)m(y\))g(c)m(hain)g(in)f Fs(D)2487
+2436 y Fi(0)2545 2472 y Fu(w)m(e)i(can)g(use)g(the)f(con)m(tin)m(uit)m
+(y)g(of)283 2592 y Fs(f)334 2556 y Fi(0)390 2592 y Fu(and)e(get)527
+2732 y Fg(F)597 2762 y Fi(00)639 2798 y Ft(f)f Fs(f)772
+2762 y Fi(0)828 2798 y Fs(d)888 2762 y Fi(0)944 2798
+y Ft(j)g Fs(d)1064 2762 y Fi(0)1120 2798 y Ft(2)h(f)f
+Fs(f)54 b(d)42 b Ft(j)33 b Fs(d)42 b Ft(2)33 b Fs(Y)52
+b Ft(g)33 b(g)f Fu(=)h Fs(f)2177 2762 y Fi(0)2233 2798
+y Fu(\()2271 2732 y Fg(F)2340 2762 y Fi(0)2364 2798 y
+Ft(f)f Fs(f)53 b(d)43 b Ft(j)32 b Fs(d)43 b Ft(2)33 b
+Fs(Y)52 b Ft(g)p Fu(\))283 3004 y(whic)m(h)34 b(is)e(equiv)-5
+b(alen)m(t)32 b(to)527 3144 y Fg(F)597 3174 y Fi(00)639
+3210 y Ft(f)g Fs(f)772 3174 y Fi(0)828 3210 y Fu(\()p
+Fs(f)53 b(d)10 b Fu(\))33 b Ft(j)f Fs(d)43 b Ft(2)33
+b Fs(Y)52 b Ft(g)32 b Fu(=)h Fs(f)1698 3174 y Fi(0)1753
+3210 y Fu(\()p Fs(f)54 b Fu(\()1913 3144 y Fg(F)1982
+3210 y Fs(Y)20 b Fu(\)\))283 3416 y(This)33 b(pro)m(v)m(es)i(the)e
+(result.)2439 b Fh(2)283 3732 y Fw(Exercise)37 b(4.36)49
+b Fu(Pro)m(v)m(e)34 b(that)e(if)g Fs(f)53 b Fu(and)33
+b Fs(f)1875 3696 y Fi(0)1930 3732 y Fu(are)g(strict)f(functions)h(then)
+g(so)g(is)f Fs(f)3260 3696 y Fi(0)3316 3732 y Ft(\016)g
+Fs(f)21 b Fu(.)205 b Fh(2)430 3964 y Fu(W)-8 b(e)33 b(can)g(no)m(w)g
+(de\014ne)h(the)f(required)g(\014xed)g(p)s(oin)m(t)f(op)s(erator)g
+(FIX:)p 283 4085 V 283 4262 a Fw(Theorem)38 b(4.37)49
+b Fu(Let)29 b Fs(f)21 b Fu(:)42 b Fs(D)d Ft(!)29 b Fs(D)38
+b Fu(b)s(e)30 b(a)f(con)m(tin)m(uous)h(function)g(on)f(the)h(ccp)s(o)g
+(\()p Fs(D)9 b Fu(,)29 b Ft(v)q Fu(\))g(with)283 4382
+y(least)k(elemen)m(t)f Ft(?)q Fu(.)43 b(Then)527 4588
+y(FIX)33 b Fs(f)53 b Fu(=)924 4522 y Fg(F)993 4588 y
+Ft(f)32 b Fs(f)1126 4552 y Fn(n)1202 4588 y Ft(?)h(j)f
+Fu(n)p Ft(\025)q Fu(0)g Ft(g)283 4794 y Fu(de\014nes)j(an)d(elemen)m(t)
+h(of)f Fs(D)41 b Fu(and)33 b(this)f(elemen)m(t)h(is)f(the)h(least)f
+(\014xed)i(p)s(oin)m(t)d(of)h Fs(f)21 b Fu(.)p 283 4915
+V 283 5121 a(Here)34 b(w)m(e)f(ha)m(v)m(e)h(used)g(that)527
+5327 y Fs(f)578 5291 y Fn(0)650 5327 y Fu(=)f(id,)f(and)527
+5494 y Fs(f)578 5458 y Fn(n+1)744 5494 y Fu(=)h Fs(f)53
+b Ft(\016)32 b Fs(f)1069 5458 y Fn(n)1145 5494 y Fu(for)g(n)p
+Ft(\025)q Fu(0)p eop
+%%Page: 105 115
+105 114 bop 0 130 a Fw(4.2)112 b(Fixed)38 b(p)s(oin)m(t)e(theory)2127
+b(105)p 0 193 3473 4 v 0 515 a(Pro)s(of:)33 b Fu(W)-8
+b(e)28 b(\014rst)h(sho)m(w)h(the)f Fs(wel)5 b(l-de\014ne)-5
+b(dness)34 b Fu(of)28 b(FIX)g Fs(f)21 b Fu(.)42 b(Note)29
+b(that)f Fs(f)2724 479 y Fn(0)2792 515 y Ft(?)h Fu(=)f
+Ft(?)h Fu(and)g(that)0 636 y Ft(?)k(v)g Fs(d)43 b Fu(for)32
+b(all)e Fs(d)43 b Ft(2)33 b Fs(D)9 b Fu(.)32 b(By)h(induction)f(on)h(n)
+f(one)h(ma)m(y)f(sho)m(w)i(that)244 801 y Fs(f)295 765
+y Fn(n)371 801 y Ft(?)f(v)g Fs(f)642 765 y Fn(n)717 801
+y Fs(d)0 966 y Fu(for)i(all)f Fs(d)46 b Ft(2)36 b Fs(D)45
+b Fu(since)36 b Fs(f)56 b Fu(is)36 b(monotone.)52 b(It)36
+b(follo)m(ws)e(that)i Fs(f)2233 930 y Fn(n)2312 966 y
+Ft(?)g(v)g Fs(f)2589 930 y Fn(m)2688 966 y Ft(?)g Fu(whenev)m(er)i(n)p
+Ft(\024)q Fu(m.)0 1086 y(Hence)33 b Ft(f)f Fs(f)422 1050
+y Fn(n)497 1086 y Ft(?)h(j)e Fu(n)p Ft(\025)q Fu(0)h
+Ft(g)g Fu(is)f(a)h(\(non-empt)m(y\))g(c)m(hain)g(in)f
+Fs(D)41 b Fu(and)32 b(FIX)g Fs(f)53 b Fu(exists)33 b(b)s(ecause)g
+Fs(D)41 b Fu(is)0 1207 y(a)32 b(ccp)s(o.)146 1327 y(W)-8
+b(e)44 b(next)f(sho)m(w)h(that)f(FIX)g Fs(f)63 b Fu(is)43
+b(a)f Fs(\014xe)-5 b(d)44 b(p)-5 b(oint)p Fu(,)45 b(that)d(is)h
+Fs(f)63 b Fu(\(FIX)43 b Fs(f)21 b Fu(\))43 b(=)f(FIX)33
+b Fs(f)21 b Fu(.)74 b(W)-8 b(e)0 1448 y(calculate:)294
+1585 y Fs(f)53 b Fu(\(FIX)33 b Fs(f)20 b Fu(\))100 b(=)g
+Fs(f)53 b Fu(\()1105 1518 y Fg(F)1174 1585 y Ft(f)32
+b Fs(f)1307 1549 y Fn(n)1383 1585 y Ft(?)h(j)f Fu(n)p
+Ft(\025)q Fu(0)g Ft(g)p Fu(\))325 b(\(de\014nition)31
+b(of)h(FIX)h Fs(f)21 b Fu(\))808 1752 y(=)984 1686 y
+Fg(F)1053 1752 y Ft(f)32 b Fs(f)21 b Fu(\()p Fs(f)1275
+1716 y Fn(n)1351 1752 y Ft(?)p Fu(\))33 b Ft(j)f Fu(n)p
+Ft(\025)q Fu(0)g Ft(g)357 b Fu(\(con)m(tin)m(uit)m(y)32
+b(of)h Fs(f)21 b Fu(\))808 1920 y(=)984 1854 y Fg(F)1053
+1920 y Ft(f)32 b Fs(f)1186 1884 y Fn(n)1262 1920 y Ft(?)h(j)f
+Fu(n)p Ft(\025)q Fu(1)g Ft(g)808 2088 y Fu(=)984 2021
+y Fg(F)1053 2088 y Fu(\()p Ft(f)g Fs(f)1224 2052 y Fn(n)1300
+2088 y Ft(?)h(j)f Fu(n)p Ft(\025)q Fu(1)g Ft(g)g([)h(f?)q(g)p
+Fu(\))99 b(\()2217 2021 y Fg(F)2286 2088 y Fu(\()p Fs(Y)52
+b Ft([)33 b(f?g)p Fu(\))g(=)2903 2021 y Fg(F)2972 2088
+y Fs(Y)2179 2255 y Fu(for)f(all)e(c)m(hains)j Fs(Y)20
+b Fu(\))808 2423 y(=)984 2357 y Fg(F)1053 2423 y Ft(f)32
+b Fs(f)1186 2387 y Fn(n)1262 2423 y Ft(?)h(j)f Fu(n)p
+Ft(\025)q Fu(0)g Ft(g)484 b Fu(\()p Fs(f)2268 2387 y
+Fn(0)2340 2423 y Ft(?)33 b Fu(=)f Ft(?)q Fu(\))808 2591
+y(=)100 b(FIX)32 b Fs(f)961 b Fu(\(de\014nition)31 b(of)h(FIX)h
+Fs(f)21 b Fu(\))146 2749 y(T)-8 b(o)39 b(see)h(that)e(FIX)h
+Fs(f)60 b Fu(is)38 b(the)h Fs(le)-5 b(ast)48 b Fu(\014xed)40
+b(p)s(oin)m(t)e(assume)h(that)g Fs(d)49 b Fu(is)38 b(some)g(other)h
+(\014xed)0 2869 y(p)s(oin)m(t.)i(Clearly)28 b Ft(?)h(v)g
+Fs(d)39 b Fu(so)29 b(the)g(monotonicit)m(y)e(of)h Fs(f)50
+b Fu(giv)m(es)29 b Fs(f)2267 2833 y Fn(n)2339 2869 y
+Ft(?)g(v)g Fs(f)2602 2833 y Fn(n)2678 2869 y Fs(d)39
+b Fu(for)28 b(n)p Ft(\025)q Fu(0)g(and)h(as)g Fs(d)0
+2990 y Fu(w)m(as)34 b(a)f(\014xed)i(p)s(oin)m(t)d(w)m(e)j(obtain)d
+Fs(f)1262 2953 y Fn(n)1339 2990 y Ft(?)h(v)h Fs(d)44
+b Fu(for)33 b(all)e(n)p Ft(\025)q Fu(0.)45 b(Hence)35
+b Fs(d)43 b Fu(is)33 b(an)g(upp)s(er)h(b)s(ound)g(of)0
+3110 y(the)g(c)m(hain)g Ft(f)f Fs(f)561 3074 y Fn(n)637
+3110 y Ft(?)g(j)g Fu(n)p Ft(\025)p Fu(0)f Ft(g)i Fu(and)g(using)g(that)
+g(FIX)e Fs(f)55 b Fu(is)33 b(the)i(least)e(upp)s(er)i(b)s(ound)f(w)m(e)
+h(ha)m(v)m(e)0 3230 y(FIX)d Fs(f)54 b Ft(v)33 b Fs(d)10
+b Fu(.)2913 b Fh(2)0 3491 y Fw(Example)37 b(4.38)49 b
+Fu(Consider)33 b(the)g(function)f Fs(F)1745 3455 y Fi(0)1800
+3491 y Fu(of)g(Example)h(4.1:)244 3737 y(\()p Fs(F)359
+3701 y Fi(0)415 3737 y Fs(g)9 b Fu(\))32 b Fs(s)40 b
+Fu(=)728 3563 y Fg(8)728 3638 y(<)728 3787 y(:)843 3653
+y Fs(g)h(s)91 b Fu(if)32 b Fs(s)40 b Fr(x)33 b Ft(6)p
+Fu(=)f Fw(0)843 3820 y Fs(s)177 b Fu(if)32 b Fs(s)40
+b Fr(x)33 b Fu(=)f Fw(0)0 3984 y Fu(W)-8 b(e)32 b(shall)e(determine)i
+(its)f(least)g(\014xed)i(p)s(oin)m(t)d(using)i(the)g(approac)m(h)g(of)f
+(Theorem)h(4.37.)42 b(The)0 4105 y(least)32 b(elemen)m(t)h
+Ft(?)g Fu(of)g Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)g
+Fu(is)g(giv)m(en)f(b)m(y)i(Lemma)e(4.13)g(and)h(has)g
+Ft(?)g Fs(s)41 b Fu(=)33 b(undef)p 3237 4118 236 4 v
+0 4225 a(for)f(all)f Fs(s)8 b Fu(.)43 b(W)-8 b(e)33 b(then)g(determine)
+f(the)h(elemen)m(ts)g(of)f(the)h(set)h Ft(f)e Fs(F)2406
+4189 y Fi(0)p Fn(n)2501 4225 y Ft(?)h(j)f Fu(n)p Ft(\025)q
+Fu(0)g Ft(g)h Fu(as)f(follo)m(ws:)294 4387 y(\()p Fs(F)409
+4351 y Fi(0)p Fn(0)500 4387 y Ft(?)p Fu(\))h Fs(s)107
+b Fu(=)100 b(\(id)32 b Ft(?)p Fu(\))h Fs(s)663 b Fu(\(de\014nition)32
+b(of)g Fs(F)2634 4351 y Fi(0)p Fn(0)2725 4387 y Ft(?)p
+Fu(\))795 4578 y(=)100 b(undef)p 971 4591 V 768 w(\(de\014nition)32
+b(of)g(id)g(and)g Ft(?)q Fu(\))294 4770 y(\()p Fs(F)409
+4733 y Fi(0)p Fn(1)500 4770 y Ft(?)p Fu(\))h Fs(s)107
+b Fu(=)100 b(\()p Fs(F)1086 4733 y Fi(0)1142 4770 y Ft(?)p
+Fu(\))33 b Fs(s)644 b Fu(\(de\014nition)32 b(of)g Fs(F)2634
+4733 y Fi(0)p Fn(1)2725 4770 y Ft(?)p Fu(\))795 5051
+y(=)971 4877 y Fg(8)971 4951 y(<)971 5101 y(:)1086 4966
+y Ft(?)h Fs(s)91 b Fu(if)32 b Fs(s)40 b Fr(x)33 b Ft(6)p
+Fu(=)f Fw(0)1086 5134 y Fs(s)201 b Fu(if)32 b Fs(s)40
+b Fr(x)33 b Fu(=)f Fw(0)1974 5051 y Fu(\(de\014nition)g(of)g
+Fs(F)2634 5015 y Fi(0)2690 5051 y Ft(?)p Fu(\))795 5403
+y(=)971 5229 y Fg(8)971 5304 y(<)971 5453 y(:)1086 5319
+y Fu(undef)p 1086 5332 V 84 w(if)f Fs(s)41 b Fr(x)33
+b Ft(6)p Fu(=)f Fw(0)1086 5486 y Fs(s)279 b Fu(if)31
+b Fs(s)41 b Fr(x)33 b Fu(=)f Fw(0)1974 5403 y Fu(\(de\014nition)g(of)g
+Ft(?)p Fu(\))p eop
+%%Page: 106 116
+106 115 bop 251 130 a Fw(106)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 577 500 a Fu(\()p Fs(F)692
+464 y Fi(0)p Fn(2)783 500 y Ft(?)q Fu(\))c Fs(s)108 b
+Fu(=)99 b Fs(F)1331 464 y Fi(0)1387 500 y Fu(\()p Fs(F)1502
+464 y Fi(0)p Fn(1)1593 500 y Ft(?)q Fu(\))32 b Fs(s)643
+b Fu(\(de\014nition)31 b(of)i Fs(F)3084 464 y Fi(0)p
+Fn(2)3175 500 y Ft(?)p Fu(\))1079 781 y(=)1254 607 y
+Fg(8)1254 682 y(<)1254 831 y(:)1370 697 y Fu(\()p Fs(F)1485
+661 y Fi(0)p Fn(1)1576 697 y Ft(?)p Fu(\))g Fs(s)91 b
+Fu(if)31 b Fs(s)41 b Fr(x)32 b Ft(6)p Fu(=)h Fw(0)1370
+864 y Fs(s)445 b Fu(if)31 b Fs(s)41 b Fr(x)32 b Fu(=)h
+Fw(0)2424 781 y Fu(\(de\014nition)e(of)i Fs(F)3084 745
+y Fi(0)3107 781 y Fu(\))1079 1134 y(=)1254 959 y Fg(8)1254
+1034 y(<)1254 1183 y(:)1370 1049 y Fu(undef)p 1370 1062
+236 4 v 83 w(if)f Fs(s)40 b Fr(x)33 b Ft(6)p Fu(=)g Fw(0)1370
+1217 y Fs(s)278 b Fu(if)32 b Fs(s)40 b Fr(x)33 b Fu(=)g
+Fw(0)2424 1134 y Fu(\(de\014nition)e(of)i Fs(F)3084 1097
+y Fi(0)p Fn(1)3175 1134 y Ft(?)p Fu(\))765 1318 y(.)765
+1351 y(.)765 1384 y(.)283 1580 y(In)g(general)f(w)m(e)i(ha)m(v)m(e)g
+Fs(F)1187 1544 y Fi(0)p Fn(n)1282 1580 y Ft(?)f Fu(=)f
+Fs(F)1577 1544 y Fi(0)p Fn(n+1)1762 1580 y Ft(?)h Fu(for)f(n)h
+Fo(>)g Fu(0.)43 b(Therefore)527 1707 y Fg(F)597 1774
+y Ft(f)32 b Fs(F)756 1737 y Fi(0)p Fn(n)851 1774 y Ft(?)h(j)f
+Fu(n)p Ft(\025)q Fu(0)g Ft(g)g Fu(=)1425 1707 y Fg(F)1526
+1774 y Ft(f)p Fs(F)1653 1737 y Fi(0)p Fn(0)1744 1774
+y Ft(?)q Fu(,)g Fs(F)1958 1737 y Fi(0)p Fn(1)2049 1774
+y Ft(?)q(g)g Fu(=)h Fs(F)2395 1737 y Fi(0)p Fn(1)2486
+1774 y Ft(?)283 1967 y Fu(b)s(ecause)h Fs(F)721 1931
+y Fi(0)p Fn(0)812 1967 y Ft(?)f Fu(=)g Ft(?)p Fu(.)44
+b(Th)m(us)34 b(the)f(least)f(\014xed)i(p)s(oin)m(t)e(of)g
+Fs(F)2501 1931 y Fi(0)2556 1967 y Fu(will)f(b)s(e)h(the)h(function)552
+2216 y Fs(g)606 2231 y Fn(1)678 2216 y Fs(s)40 b Fu(=)867
+2042 y Fg(8)867 2116 y(<)867 2266 y(:)982 2131 y Fu(undef)p
+982 2144 V 84 w(if)31 b Fs(s)41 b Fr(x)33 b Ft(6)p Fu(=)f
+Fw(0)982 2299 y Fs(s)279 b Fu(if)31 b Fs(s)41 b Fr(x)33
+b Fu(=)f Fw(0)3681 2216 y Fh(2)283 2512 y Fw(Exercise)37
+b(4.39)49 b Fu(Redo)39 b(Exercise)h(4.15)e(using)h(the)g(approac)m(h)g
+(of)g(Theorem)g(4.37,)h(that)e(is)283 2633 y(deduce)d(the)e(general)f
+(form)g(of)g(the)h(iterands,)g Fs(F)2102 2597 y Fn(n)2178
+2633 y Ft(?)p Fu(,)g(for)g(the)g(functional,)e Fs(F)13
+b Fu(,)33 b(of)f(Exercises)283 2753 y(4.2)h(and)f(4.3.)2899
+b Fh(2)283 2968 y Fw(Exercise)37 b(4.40)49 b(\(Essen)m(tial\))36
+b Fu(Let)j Fs(f)20 b Fu(:)56 b Fs(D)47 b Ft(!)38 b Fs(D)47
+b Fu(b)s(e)39 b(a)f(con)m(tin)m(uous)h(function)f(on)g(a)h(ccp)s(o)283
+3088 y(\()p Fs(D)9 b Fu(,)33 b Ft(v)p Fu(\))g(and)g(let)f
+Fs(d)10 b Ft(2)p Fs(D)42 b Fu(satisfy)32 b Fs(f)54 b(d)42
+b Ft(v)33 b Fs(d)10 b Fu(.)44 b(Sho)m(w)33 b(that)g(FIX)f
+Fs(f)54 b Ft(v)33 b Fs(d)10 b Fu(.)821 b Fh(2)430 3303
+y Fu(The)38 b(table)f(b)s(elo)m(w)g(summarizes)g(the)h(dev)m(elopmen)m
+(t)g(w)m(e)h(ha)m(v)m(e)g(p)s(erformed)e(in)g(order)g(to)283
+3424 y(demonstrate)c(the)g(existence)h(of)e(least)h(\014xed)g(p)s(oin)m
+(ts:)p 283 3573 3470 4 v 283 3589 V 281 3797 4 208 v
+298 3797 V 1541 3718 a Fw(Fixed)g(P)m(oin)m(t)d(Theory)p
+3735 3797 V 3752 3797 V 283 3800 3470 4 v 281 4049 4
+249 v 298 4049 V 350 3966 a Fu(1:)143 b(W)-8 b(e)33 b(restrict)f
+(ourselv)m(es)i(to)e Fs(chain)i(c)-5 b(omplete)34 b(p)-5
+b(artial)5 b(ly)35 b(or)-5 b(der)g(e)g(d)34 b(sets)41
+b Fu(|)32 b(ccp)s(o's.)p 3735 4049 V 3752 4049 V 281
+4217 4 168 v 298 4217 V 350 4133 a(2:)143 b(W)-8 b(e)33
+b(restrict)f(ourselv)m(es)i(to)e Fs(c)-5 b(ontinuous)35
+b(functions)40 b Fu(on)33 b(ccp)s(o's.)p 3735 4217 V
+3752 4217 V 281 4505 4 289 v 298 4505 V 350 4301 a(3:)143
+b(W)-8 b(e)26 b(sho)m(w)h(that)f(con)m(tin)m(uous)g(functions)g(on)g
+(ccp)s(o's)h(alw)m(a)m(ys)f(ha)m(v)m(e)i Fs(le)-5 b(ast)28
+b(\014xe)-5 b(d)28 b(p)-5 b(oints)569 4421 y Fu(\(Theorem)33
+b(4.37\).)p 3735 4505 V 3752 4505 V 283 4508 3470 4 v
+283 4525 V 283 4702 a Fw(Exercise)k(4.41)49 b Fu(*)32
+b(Let)h(\()p Fs(D)9 b Fu(,)32 b Ft(v)q Fu(\))g(b)s(e)h(a)f(ccp)s(o)h
+(and)g(de\014ne)h(\()p Fs(D)9 b Ft(!)o Fs(D)g Fu(,)p
+Ft(v)2878 4666 y Fi(0)2901 4702 y Fu(\))33 b(b)m(y)g(setting)527
+4895 y Fs(f)578 4910 y Fn(1)650 4895 y Ft(v)728 4859
+y Fi(0)784 4895 y Fs(f)834 4910 y Fn(2)906 4895 y Fu(if)f(and)g(only)h
+(if)e Fs(f)1540 4910 y Fn(1)1612 4895 y Fs(d)43 b Ft(v)33
+b Fs(f)1865 4910 y Fn(2)1937 4895 y Fs(d)43 b Fu(for)32
+b(all)f Fs(d)42 b Ft(2)33 b Fs(D)283 5089 y Fu(Sho)m(w)h(that)e(\()p
+Fs(D)9 b Ft(!)p Fs(D)g Fu(,)p Ft(v)1160 5052 y Fi(0)1184
+5089 y Fu(\))32 b(is)g(a)h(ccp)s(o)f(and)h(that)f(FIX)h(is)f(\\con)m
+(tin)m(uous")h(in)f(the)h(sense)h(that)527 5282 y(FIX)f(\()770
+5215 y Fg(F)839 5246 y Fi(0)895 5282 y Ft(F)9 b Fu(\))33
+b(=)1155 5215 y Fg(F)1224 5282 y Ft(f)g Fu(FIX)f Fs(f)54
+b Ft(j)32 b Fs(f)53 b Ft(2)33 b(F)42 b(g)283 5475 y Fu(holds)33
+b(for)f(all)e(non-empt)m(y)j(c)m(hains)g Ft(F)42 b(\022)33
+b Fs(D)9 b Ft(!)p Fs(D)41 b Fu(of)32 b(con)m(tin)m(uous)h(functions.)
+538 b Fh(2)p eop
+%%Page: 107 117
+107 116 bop 0 130 a Fw(4.3)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:)
+50 b(existence)1444 b(107)p 0 193 3473 4 v 0 515 a(Exercise)36
+b(4.42)49 b Fu(**)34 b(\(F)-8 b(or)34 b(mathematicians\))e(Giv)m(en)j
+(a)f(ccp)s(o)h(\()p Fs(D)9 b Fu(,)35 b Ft(v)p Fu(\))g(w)m(e)h(de\014ne)
+g(an)e Fs(op)-5 b(en)0 636 y(set)42 b Fu(of)32 b Fs(D)42
+b Fu(to)32 b(b)s(e)h(a)f(subset)i Fs(Y)52 b Fu(of)32
+b Fs(D)42 b Fu(satisfying)70 849 y(\(1\))49 b(if)31 b
+Fs(d)393 864 y Fn(1)433 849 y Ft(2)p Fs(Y)52 b Fu(and)33
+b Fs(d)873 864 y Fn(1)945 849 y Ft(v)g Fs(d)1115 864
+y Fn(2)1187 849 y Fu(then)h Fs(d)1470 864 y Fn(2)1509
+849 y Ft(2)q Fs(Y)19 b Fu(,)33 b(and)70 1063 y(\(2\))49
+b(if)30 b Fs(Y)424 1027 y Fi(0)479 1063 y Fu(is)h(a)h(non-empt)m(y)g(c)
+m(hain)f(satisfying)1834 997 y Fg(F)1903 1063 y Fs(Y)1995
+1027 y Fi(0)2050 1063 y Ft(2)h Fs(Y)52 b Fu(then)32 b(there)g(exists)h
+(an)f(elemen)m(t)244 1184 y Fs(d)43 b Fu(of)32 b Fs(Y)539
+1147 y Fi(0)595 1184 y Fu(whic)m(h)h(also)f(is)g(an)g(elemen)m(t)h(of)f
+Fs(Y)20 b Fu(.)0 1397 y(The)36 b(set)f(of)g(op)s(en)f(sets)i(of)f
+Fs(D)43 b Fu(is)35 b(denoted)h Ft(O)1686 1412 y Fc(D)1750
+1397 y Fu(.)50 b(Sho)m(w)35 b(that)g(this)f(is)h(indeed)g(a)f
+Fs(top)-5 b(olo)g(gy)43 b Fu(on)0 1518 y Fs(D)9 b Fu(,)33
+b(that)f(is)g(sho)m(w)i(that)145 1731 y Ft(\017)49 b(;)32
+b Fu(and)h Fs(D)41 b Fu(are)33 b(mem)m(b)s(ers)f(of)g
+Ft(O)1400 1746 y Fc(D)1464 1731 y Fu(,)g(and)145 1945
+y Ft(\017)49 b Fu(the)33 b(in)m(tersection)f(of)g(t)m(w)m(o)i(op)s(en)e
+(sets)i(is)e(an)h(op)s(en)g(set,)g(and)145 2159 y Ft(\017)49
+b Fu(the)33 b(union)f(of)g(an)m(y)h(collection)e(of)h(op)s(en)h(sets)g
+(is)f(an)h(op)s(en)g(set.)0 2372 y(Let)c(\()p Fs(D)9
+b Fu(,)28 b Ft(v)q Fu(\))g(and)g(\()p Fs(D)797 2336 y
+Fi(0)821 2372 y Fu(,)h Ft(v)955 2336 y Fi(0)978 2372
+y Fu(\))f(b)s(e)h(ccp)s(o's.)43 b(A)28 b(function)g Fs(f)21
+b Fu(:)p Fs(D)9 b Ft(!)p Fs(D)2323 2336 y Fi(0)2375 2372
+y Fu(is)28 b Fs(top)-5 b(olo)g(gic)g(al)5 b(ly-c)-5 b(ontinuous)0
+2493 y Fu(if)31 b(and)i(only)f(if)g(the)h(function)f
+Fs(f)1184 2457 y Fi(\000)p Fn(1)1278 2493 y Fu(:)43 b
+Ft(P)9 b Fu(\()p Fs(D)1547 2457 y Fi(0)1570 2493 y Fu(\))33
+b Ft(!)f(P)8 b Fu(\()p Fs(D)h Fu(\))33 b(de\014ned)h(b)m(y)244
+2706 y Fs(f)295 2670 y Fi(\000)p Fn(1)389 2706 y Fu(\()p
+Fs(Y)519 2670 y Fi(0)542 2706 y Fu(\))e(=)h Ft(f)f Fs(d)43
+b Ft(2)33 b Fs(D)41 b Ft(j)32 b Fs(f)54 b(d)43 b Ft(2)33
+b Fs(Y)1537 2670 y Fi(0)1593 2706 y Ft(g)0 2920 y Fu(maps)24
+b(op)s(en)g(sets)h(to)e(op)s(en)h(sets,)j(that)d(is)f(sp)s(ecializes)g
+(to)h Fs(f)2119 2884 y Fi(\000)p Fn(1)2213 2920 y Fu(:)39
+b Ft(O)2361 2935 y Fc(D)2421 2916 y Fa(0)2471 2920 y
+Ft(!)24 b(O)2677 2935 y Fc(D)2741 2920 y Fu(.)40 b(Sho)m(w)25
+b(that)f Fs(f)44 b Fu(is)24 b(a)0 3041 y(con)m(tin)m(uous)h(function)f
+(b)s(et)m(w)m(een)i Fs(D)33 b Fu(and)25 b Fs(D)1594 3004
+y Fi(0)1641 3041 y Fu(if)e(and)h(only)g(if)f(it)g(is)h(a)g(top)s
+(ologically-con)m(tin)m(uous)0 3161 y(function)32 b(b)s(et)m(w)m(een)j
+Fs(D)41 b Fu(and)33 b Fs(D)1147 3125 y Fi(0)1170 3161
+y Fu(.)2201 b Fh(2)0 3506 y Fj(4.3)161 b(Direct)53 b(st)l(yle)g(seman)l
+(tics:)70 b(existence)0 3730 y Fu(W)-8 b(e)43 b(ha)m(v)m(e)h(no)m(w)g
+(obtained)e(the)h(mathematical)d(foundations)i(needed)i(to)e(pro)m(v)m
+(e)i(that)f(the)0 3850 y(seman)m(tic)33 b(clauses)h(of)f(T)-8
+b(able)33 b(4.1)g(do)h(indeed)f(de\014ne)i(a)e(function.)46
+b(So)33 b(consider)h(once)g(again)0 3970 y(the)f(clause)244
+4184 y Ft(S)312 4199 y Fn(ds)383 4184 y Fu([)-17 b([)p
+Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17
+b(])33 b(=)f(FIX)h Fs(F)480 4352 y Fu(where)h Fs(F)45
+b(g)c Fu(=)33 b(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6
+b Fu(])-17 b(])q(,)33 b Fs(g)41 b Ft(\016)32 b(S)1795
+4367 y Fn(ds)1866 4352 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(],)33 b(id\))0 4565 y(F)-8 b(or)43 b(this)g(to)h(mak)m(e)f(sense)j(w)
+m(e)f(m)m(ust)e(sho)m(w)i(that)f Fs(F)56 b Fu(is)43 b(con)m(tin)m
+(uous.)78 b(T)-8 b(o)44 b(do)f(so)h(w)m(e)h(\014rst)0
+4686 y(observ)m(e)34 b(that)244 4899 y Fs(F)45 b(g)c
+Fu(=)33 b Fs(F)625 4914 y Fn(1)697 4899 y Fu(\()p Fs(F)812
+4914 y Fn(2)884 4899 y Fs(g)9 b Fu(\))0 5113 y(where)244
+5327 y Fs(F)321 5342 y Fn(1)393 5327 y Fs(g)41 b Fu(=)32
+b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33
+b Fs(g)9 b Fu(,)32 b(id\))244 5494 y Fs(F)321 5509 y
+Fn(2)393 5494 y Fs(g)41 b Fu(=)32 b Fs(g)41 b Ft(\016)33
+b(S)824 5509 y Fn(ds)895 5494 y Fu([)-17 b([)p Fs(S)12
+b Fu(])-17 b(])p eop
+%%Page: 108 118
+108 117 bop 251 130 a Fw(108)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(Using)29
+b(Lemma)f(4.35)h(w)m(e)i(then)f(obtain)e(the)i(con)m(tin)m(uit)m(y)f
+(of)g Fs(F)42 b Fu(b)m(y)31 b(sho)m(wing)e(that)g Fs(F)3384
+530 y Fn(1)3453 515 y Fu(and)g Fs(F)3716 530 y Fn(2)283
+636 y Fu(are)k(con)m(tin)m(uous.)44 b(W)-8 b(e)33 b(shall)e(\014rst)i
+(pro)m(v)m(e)h(that)f Fs(F)2121 651 y Fn(1)2193 636 y
+Fu(is)f(con)m(tin)m(uous:)p 283 756 3473 5 v 283 928
+a Fw(Lemma)38 b(4.43)49 b Fu(Let)32 b Fs(g)1157 943 y
+Fn(0)1196 928 y Fu(:)44 b Fw(State)32 b Fo(,)-17 b Ft(!)33
+b Fw(State)p Fu(,)g Fs(p)6 b Fu(:)43 b Fw(State)33 b
+Ft(!)f Fw(T)g Fu(and)h(de\014ne)527 1129 y Fs(F)46 b(g)41
+b Fu(=)32 b(cond\()p Fs(p)6 b Fu(,)33 b Fs(g)9 b Fu(,)32
+b Fs(g)1352 1144 y Fn(0)1391 1129 y Fu(\))283 1329 y(Then)i
+Fs(F)46 b Fu(is)32 b(con)m(tin)m(uous.)p 283 1450 V 283
+1651 a Fw(Pro)s(of:)39 b Fu(W)-8 b(e)33 b(shall)f(\014rst)i(pro)m(v)m
+(e)h(that)e Fs(F)46 b Fu(is)33 b Fs(monotone)7 b Fu(.)45
+b(So)33 b(assume)h(that)f Fs(g)3145 1666 y Fn(1)3217
+1651 y Ft(v)h Fs(g)3382 1666 y Fn(2)3454 1651 y Fu(and)g(w)m(e)283
+1771 y(shall)29 b(sho)m(w)i(that)f Fs(F)45 b(g)1120 1786
+y Fn(1)1192 1771 y Ft(v)33 b Fs(F)45 b(g)1465 1786 y
+Fn(2)1504 1771 y Fu(.)e(It)30 b(su\016ces)i(to)e(consider)g(an)g
+(arbitrary)f(state)i Fs(s)38 b Fu(and)30 b(sho)m(w)283
+1891 y(that)527 2092 y(\()p Fs(F)46 b(g)729 2107 y Fn(1)768
+2092 y Fu(\))32 b Fs(s)41 b Fu(=)32 b Fs(s)1075 2056
+y Fi(0)1131 2092 y Fu(implies)e(\()p Fs(F)46 b(g)1664
+2107 y Fn(2)1703 2092 y Fu(\))32 b Fs(s)41 b Fu(=)32
+b Fs(s)2010 2056 y Fi(0)283 2293 y Fu(If)i Fs(p)40 b(s)i
+Fu(=)34 b Fw(tt)f Fu(then)i(\()p Fs(F)47 b(g)1212 2308
+y Fn(1)1251 2293 y Fu(\))34 b Fs(s)42 b Fu(=)33 b Fs(g)1568
+2308 y Fn(1)1641 2293 y Fs(s)42 b Fu(and)34 b(from)f
+Fs(g)2200 2308 y Fn(1)2273 2293 y Ft(v)h Fs(g)2438 2308
+y Fn(2)2511 2293 y Fu(w)m(e)h(get)f(that)g Fs(g)3087
+2308 y Fn(1)3160 2293 y Fs(s)42 b Fu(=)34 b Fs(s)3400
+2257 y Fi(0)3457 2293 y Fu(implies)283 2413 y Fs(g)337
+2428 y Fn(2)411 2413 y Fs(s)42 b Fu(=)34 b Fs(s)651 2377
+y Fi(0)674 2413 y Fu(.)48 b(Since)34 b(\()p Fs(F)47 b(g)1208
+2428 y Fn(2)1247 2413 y Fu(\))34 b Fs(s)42 b Fu(=)34
+b Fs(g)1565 2428 y Fn(2)1638 2413 y Fs(s)42 b Fu(w)m(e)35
+b(ha)m(v)m(e)h(pro)m(v)m(ed)f(the)g(result.)48 b(So)34
+b(consider)g(the)h(case)283 2534 y(where)30 b Fs(p)35
+b(s)i Fu(=)28 b Fw(\013)p Fu(.)43 b(Then)30 b(\()p Fs(F)41
+b(g)1410 2549 y Fn(1)1449 2534 y Fu(\))29 b Fs(s)37 b
+Fu(=)28 b Fs(g)1751 2549 y Fn(0)1819 2534 y Fs(s)37 b
+Fu(and)28 b(similarly)d(\()p Fs(F)46 b(g)2678 2549 y
+Fn(2)2717 2534 y Fu(\))32 b Fs(s)37 b Fu(=)29 b Fs(g)3023
+2549 y Fn(0)3090 2534 y Fs(s)37 b Fu(and)29 b(the)g(result)283
+2654 y(is)k(immediate.)430 2775 y(T)-8 b(o)29 b(pro)m(v)m(e)h(that)f
+Fs(F)42 b Fu(is)28 b Fs(c)-5 b(ontinuous)37 b Fu(let)29
+b Fs(Y)48 b Fu(b)s(e)30 b(a)e(non-empt)m(y)h(c)m(hain)g(in)g
+Fw(State)j Fo(,)-17 b Ft(!)33 b Fw(State)p Fu(.)283 2895
+y(W)-8 b(e)33 b(m)m(ust)g(sho)m(w)h(that)527 3096 y Fs(F)46
+b Fu(\()675 3029 y Fg(F)744 3096 y Fs(Y)20 b Fu(\))32
+b Ft(v)1016 3029 y Fg(F)1085 3096 y Ft(f)h Fs(F)45 b(g)c
+Ft(j)32 b Fs(g)9 b Ft(2)p Fs(Y)53 b Ft(g)283 3297 y Fu(since)32
+b Fs(F)43 b Fu(\()666 3230 y Fg(F)736 3297 y Fs(Y)19
+b Fu(\))31 b Ft(w)1004 3230 y Fg(F)1073 3297 y Ft(f)g
+Fs(F)44 b(g)39 b Ft(j)30 b Fs(g)9 b Ft(2)p Fs(Y)51 b
+Ft(g)30 b Fu(follo)m(ws)g(from)f(the)i(monotonicit)m(y)e(of)i
+Fs(F)43 b Fu(\(see)32 b(Lemma)283 3417 y(4.30\).)43 b(Th)m(us)34
+b(w)m(e)g(ha)m(v)m(e)g(to)e(sho)m(w)i(that)527 3618 y(graph\()p
+Fs(F)13 b Fu(\()924 3551 y Fg(F)993 3618 y Fs(Y)20 b
+Fu(\)\))32 b Ft(\022)1303 3551 y Fg(S)1373 3618 y Ft(f)g
+Fu(graph\()p Fs(F)45 b(g)9 b Fu(\))32 b Ft(j)g Fs(g)9
+b Ft(2)p Fs(Y)53 b Ft(g)283 3819 y Fu(using)26 b(the)h(c)m
+(haracterization)e(of)h(least)g(upp)s(er)h(b)s(ounds)g(of)f(c)m(hains)g
+(in)g Fw(State)g Fo(,)-17 b Ft(!)26 b Fw(State)h Fu(giv)m(en)283
+3939 y(in)h(Lemma)f(4.25.)42 b(So)28 b(assume)h(that)f(\()p
+Fs(F)41 b Fu(\()1832 3872 y Fg(F)1901 3939 y Fs(Y)20
+b Fu(\)\))28 b Fs(s)37 b Fu(=)28 b Fs(s)2326 3903 y Fi(0)2377
+3939 y Fu(and)h(let)f(us)h(determine)f Fs(g)37 b Ft(2)28
+b Fs(Y)48 b Fu(suc)m(h)283 4059 y(that)30 b(\()p Fs(F)42
+b(g)9 b Fu(\))29 b Fs(s)37 b Fu(=)30 b Fs(s)988 4023
+y Fi(0)1011 4059 y Fu(.)42 b(If)30 b Fs(p)35 b(s)j Fu(=)29
+b Fw(\013)h Fu(w)m(e)g(ha)m(v)m(e)h Fs(F)45 b Fu(\()2047
+3993 y Fg(F)2117 4059 y Fs(Y)19 b Fu(\))33 b Fs(s)k Fu(=)29
+b Fs(g)2515 4074 y Fn(0)2587 4059 y Fs(s)37 b Fu(=)30
+b Fs(s)2818 4023 y Fi(0)2870 4059 y Fu(and)g(clearly)-8
+b(,)29 b(for)g(ev)m(ery)283 4180 y(elemen)m(t)k Fs(g)42
+b Fu(of)33 b(the)h(non-empt)m(y)f(set)h Fs(Y)53 b Fu(w)m(e)34
+b(ha)m(v)m(e)g(\()p Fs(F)46 b(g)9 b Fu(\))32 b Fs(s)41
+b Fu(=)33 b Fs(g)2663 4195 y Fn(0)2735 4180 y Fs(s)41
+b Fu(=)33 b Fs(s)2973 4144 y Fi(0)2996 4180 y Fu(.)46
+b(If)33 b Fs(p)39 b(s)i Fu(=)33 b Fw(tt)f Fu(then)283
+4300 y(w)m(e)i(get)f(\()p Fs(F)45 b Fu(\()775 4234 y
+Fg(F)844 4300 y Fs(Y)20 b Fu(\)\))32 b Fs(s)41 b Fu(=)32
+b(\()1271 4234 y Fg(F)1340 4300 y Fs(Y)20 b Fu(\))33
+b Fs(s)40 b Fu(=)33 b Fs(s)1740 4264 y Fi(0)1795 4300
+y Fu(so)g Ft(h)p Fs(s)8 b Fu(,)33 b Fs(s)2110 4264 y
+Fi(0)2133 4300 y Ft(i)f(2)h Fu(graph\()2585 4234 y Fg(F)2654
+4300 y Fs(Y)20 b Fu(\).)32 b(Since)527 4501 y(graph\()809
+4434 y Fg(F)878 4501 y Fs(Y)20 b Fu(\))32 b(=)1149 4434
+y Fg(S)1218 4501 y Ft(f)g Fu(graph\()p Fs(g)9 b Fu(\))32
+b Ft(j)g Fs(g)9 b Ft(2)p Fs(Y)53 b Ft(g)283 4702 y Fu(\(according)25
+b(to)f(Lemma)g(4.25\))g(w)m(e)i(therefore)f(ha)m(v)m(e)i
+Fs(g)9 b Ft(2)p Fs(Y)44 b Fu(suc)m(h)26 b(that)f Fs(g)33
+b(s)g Fu(=)25 b Fs(s)3148 4665 y Fi(0)3196 4702 y Fu(and)g(it)f(follo)m
+(ws)283 4822 y(that)33 b(\()p Fs(F)45 b(g)9 b Fu(\))32
+b Fs(s)41 b Fu(=)32 b Fs(s)1003 4786 y Fi(0)1027 4822
+y Fu(.)43 b(This)33 b(pro)m(v)m(es)h(the)f(result.)1626
+b Fh(2)283 5130 y Fw(Exercise)37 b(4.44)49 b(\(Essen)m(tial\))29
+b Fu(Pro)m(v)m(e)j(that)f(\(in)g(the)g(setting)g(of)g(Lemma)f(4.43\))g
+Fs(F)44 b Fu(de\014ned)283 5250 y(b)m(y)38 b Fs(F)50
+b(g)c Fu(=)37 b(cond\()p Fs(p)6 b Fu(,)38 b Fs(g)1154
+5265 y Fn(0)1193 5250 y Fu(,)g Fs(g)9 b Fu(\))37 b(is)f(con)m(tin)m
+(uous,)j(that)e(is)f(`cond')i(is)e(con)m(tin)m(uous)i(in)e(its)h
+(second)283 5371 y(and)c(third)f(argumen)m(ts.)2495 b
+Fh(2)p eop
+%%Page: 109 119
+109 118 bop 0 130 a Fw(4.3)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:)
+50 b(existence)1444 b(109)p 0 193 3473 4 v 0 515 3473
+5 v 0 683 a(Lemma)37 b(4.45)49 b Fu(Let)33 b Fs(g)874
+698 y Fn(0)913 683 y Fu(:)43 b Fw(State)33 b Fo(,)-17
+b Ft(!)33 b Fw(State)f Fu(and)h(de\014ne)244 880 y Fs(F)45
+b(g)c Fu(=)33 b Fs(g)41 b Ft(\016)32 b Fs(g)770 895 y
+Fn(0)0 1077 y Fu(Then)i Fs(F)45 b Fu(is)32 b(con)m(tin)m(uous.)p
+0 1198 V 0 1395 a Fw(Pro)s(of:)48 b Fu(W)-8 b(e)43 b(shall)d(\014rst)j
+(pro)m(v)m(e)g(that)f Fs(F)55 b Fu(is)41 b(monotone.)71
+b(If)42 b Fs(g)2373 1410 y Fn(1)2454 1395 y Ft(v)h Fs(g)2628
+1410 y Fn(2)2709 1395 y Fu(then)f(graph\()p Fs(g)3276
+1410 y Fn(1)3315 1395 y Fu(\))g Ft(\022)0 1515 y Fu(graph\()p
+Fs(g)336 1530 y Fn(2)375 1515 y Fu(\))32 b(according)g(to)g(Exercise)i
+(4.8)f(so)f(that)244 1712 y(graph\()p Fs(g)580 1727 y
+Fn(0)619 1712 y Fu(\))g Ft(\005)f Fu(graph\()p Fs(g)1107
+1727 y Fn(1)1146 1712 y Fu(\))i Ft(\022)g Fu(graph\()p
+Fs(g)1663 1727 y Fn(0)1702 1712 y Fu(\))f Ft(\005)f Fu(graph\()p
+Fs(g)2190 1727 y Fn(2)2229 1712 y Fu(\))0 1909 y(and)h(this)g(sho)m(ws)
+i(that)e Fs(F)45 b(g)1033 1924 y Fn(1)1105 1909 y Ft(v)32
+b Fs(F)46 b(g)1378 1924 y Fn(2)1417 1909 y Fu(.)d(Next)33
+b(w)m(e)g(shall)e(pro)m(v)m(e)j(that)e Fs(F)45 b Fu(is)32
+b(con)m(tin)m(uous.)44 b(If)32 b Fs(Y)0 2029 y Fu(is)g(a)g(non-empt)m
+(y)h(c)m(hain)g(then)244 2226 y(graph\()p Fs(F)13 b Fu(\()641
+2160 y Fg(F)710 2226 y Fs(Y)19 b Fu(\)\))33 b(=)f(graph\(\()1338
+2160 y Fg(F)1407 2226 y Fs(Y)20 b Fu(\))32 b Ft(\016)h
+Fs(g)1706 2241 y Fn(0)1745 2226 y Fu(\))910 2394 y(=)f(graph\()p
+Fs(g)1354 2409 y Fn(0)1393 2394 y Fu(\))h Ft(\005)e Fu(graph\()1828
+2328 y Fg(F)1897 2394 y Fs(Y)20 b Fu(\))910 2562 y(=)32
+b(graph\()p Fs(g)1354 2577 y Fn(0)1393 2562 y Fu(\))h
+Ft(\005)1546 2495 y Fg(S)1615 2562 y Ft(f)p Fu(graph\()p
+Fs(g)9 b Fu(\))32 b Ft(j)g Fs(g)9 b Ft(2)p Fs(Y)20 b
+Ft(g)910 2729 y Fu(=)1018 2663 y Fg(S)1087 2729 y Ft(f)p
+Fu(graph\()p Fs(g)1473 2744 y Fn(0)1512 2729 y Fu(\))33
+b Ft(\005)e Fu(graph\()p Fs(g)9 b Fu(\))32 b Ft(j)g Fs(g)9
+b Ft(2)p Fs(Y)20 b Ft(g)910 2897 y Fu(=)32 b(graph\()1300
+2830 y Fg(F)1369 2897 y Ft(f)p Fs(F)46 b(g)41 b Ft(j)32
+b Fs(g)9 b Ft(2)p Fs(Y)19 b Ft(g)p Fu(\))0 3094 y(where)34
+b(w)m(e)f(ha)m(v)m(e)h(used)g(Lemma)d(4.25)h(t)m(wice.)44
+b(Th)m(us)34 b Fs(F)46 b Fu(\()2112 3027 y Fg(F)2181
+3094 y Fs(Y)20 b Fu(\))32 b(=)2451 3027 y Fg(F)2521 3094
+y Ft(f)p Fs(F)45 b(g)c Ft(j)32 b Fs(g)9 b Ft(2)p Fu(Y)p
+Ft(g)p Fu(.)302 b Fh(2)0 3397 y Fw(Exercise)36 b(4.46)49
+b(\(Essen)m(tial\))29 b Fu(Pro)m(v)m(e)k(that)e(\(in)f(the)i(setting)f
+(of)g(Lemma)e(4.45\))i Fs(F)44 b Fu(de\014ned)0 3517
+y(b)m(y)33 b Fs(F)46 b(g)41 b Fu(=)32 b Fs(g)493 3532
+y Fn(0)565 3517 y Ft(\016)g Fs(g)41 b Fu(is)32 b(con)m(tin)m(uous,)i
+(that)e(is)g Ft(\016)h Fu(is)f(con)m(tin)m(uous)h(in)f(b)s(oth)g
+(argumen)m(ts.)260 b Fh(2)146 3737 y Fu(W)-8 b(e)26 b(ha)m(v)m(e)g(no)m
+(w)g(established)f(the)h(results)f(needed)i(to)e(sho)m(w)h(that)f(the)h
+(equations)f(of)g(T)-8 b(able)0 3857 y(4.1)32 b(de\014ne)i(a)e
+(function)g Ft(S)970 3872 y Fn(ds)1041 3857 y Fu(:)p
+0 3978 V 0 4145 a Fw(Prop)s(osition)k(4.47)49 b Fu(The)44
+b(seman)m(tic)e(equations)i(of)f(T)-8 b(able)42 b(4.1)h(de\014ne)h(a)f
+(total)f(function)0 4266 y Ft(S)68 4281 y Fn(ds)172 4266
+y Fu(in)31 b Fw(Stm)h Ft(!)g Fu(\()p Fw(State)h Fo(,)-17
+b Ft(!)32 b Fw(State)p Fu(\).)p 0 4386 V 0 4583 a Fw(Pro)s(of:)37
+b Fu(The)d(pro)s(of)e(is)g(b)m(y)h(structural)f(induction)g(on)g(the)h
+(statemen)m(t)h Fs(S)12 b Fu(.)0 4751 y Fw(The)24 b(case)g
+Fs(x)36 b Fu(:=)23 b Fs(a)7 b Fu(:)40 b(Clearly)23 b(the)h(function)f
+(that)g(maps)h(a)f(state)h Fs(s)32 b Fu(to)23 b(the)i(state)f
+Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17 b([)p Fs(a)7
+b Fu(])-17 b(])q Fs(s)8 b Fu(])0 4871 y(is)32 b(w)m(ell-de\014ned.)0
+5039 y Fw(The)h(case)g Fr(skip)p Fu(:)45 b(Clearly)31
+b(the)i(function)f(id)g(is)g(w)m(ell-de\014ned.)0 5206
+y Fw(The)42 b(case)h Fs(S)542 5221 y Fn(1)582 5206 y
+Fu(;)p Fs(S)676 5221 y Fn(2)715 5206 y Fu(:)63 b(The)43
+b(induction)e(h)m(yp)s(othesis)i(giv)m(es)g(that)f Ft(S)2486
+5221 y Fn(ds)2557 5206 y Fu([)-17 b([)p Fs(S)2661 5221
+y Fn(1)2701 5206 y Fu(])g(])42 b(and)h Ft(S)3048 5221
+y Fn(ds)3119 5206 y Fu([)-17 b([)p Fs(S)3223 5221 y Fn(2)3263
+5206 y Fu(])g(])42 b(are)0 5327 y(w)m(ell-de\014ned)33
+b(and)f(clearly)g(their)g(comp)s(osition)e(will)h(b)s(e)h(w)m
+(ell-de\014ned.)0 5494 y Fw(The)42 b(case)f Fr(if)h Fs(b)47
+b Fr(then)c Fs(S)1023 5509 y Fn(1)1103 5494 y Fr(else)f
+Fs(S)1416 5509 y Fn(2)1456 5494 y Fu(:)60 b(The)43 b(induction)d(h)m
+(yp)s(othesis)i(giv)m(es)g(that)f Ft(S)3220 5509 y Fn(ds)3291
+5494 y Fu([)-17 b([)q Fs(S)3396 5509 y Fn(1)3435 5494
+y Fu(])g(])p eop
+%%Page: 110 120
+110 119 bop 251 130 a Fw(110)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(and)41
+b Ft(S)549 530 y Fn(ds)620 515 y Fu([)-17 b([)q Fs(S)725
+530 y Fn(2)764 515 y Fu(])g(])41 b(are)g(w)m(ell-de\014ned)f(functions)
+h(and)g(clearly)e(this)h(prop)s(ert)m(y)i(is)e(preserv)m(ed)j(b)m(y)283
+636 y(the)33 b(function)g(`cond'.)283 803 y Fw(The)24
+b(case)g Fr(while)g Fs(b)29 b Fr(do)24 b Fs(S)12 b Fu(:)23
+b(The)h(induction)e(h)m(yp)s(othesis)i(giv)m(es)g(that)f
+Ft(S)2903 818 y Fn(ds)2974 803 y Fu([)-17 b([)p Fs(S)12
+b Fu(])-17 b(])24 b(is)f(w)m(ell-de\014ned.)283 924 y(The)34
+b(functions)f Fs(F)982 939 y Fn(1)1053 924 y Fu(and)g
+Fs(F)1320 939 y Fn(2)1392 924 y Fu(de\014ned)h(b)m(y)527
+1121 y Fs(F)604 1136 y Fn(1)676 1121 y Fs(g)41 b Fu(=)33
+b(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)32
+b Fs(g)9 b Fu(,)33 b(id\))527 1288 y Fs(F)604 1303 y
+Fn(2)676 1288 y Fs(g)41 b Fu(=)33 b Fs(g)41 b Ft(\016)32
+b(S)1107 1303 y Fn(ds)1178 1288 y Fu([)-17 b([)q Fs(S)12
+b Fu(])-17 b(])283 1485 y(are)34 b(con)m(tin)m(uous)h(according)e(to)h
+(Lemmas)f(4.43)g(and)h(4.45.)47 b(Th)m(us)35 b(Lemma)e(4.35)g(giv)m(es)
+h(that)283 1606 y Fs(F)47 b(g)c Fu(=)34 b Fs(F)669 1621
+y Fn(1)742 1606 y Fu(\()p Fs(F)857 1621 y Fn(2)931 1606
+y Fs(g)9 b Fu(\))33 b(is)h(con)m(tin)m(uous.)49 b(F)-8
+b(rom)32 b(Theorem)j(4.37)e(w)m(e)i(then)g(ha)m(v)m(e)g(that)f(FIX)g
+Fs(F)47 b Fu(is)283 1726 y(w)m(ell-de\014ned)37 b(and)g(thereb)m(y)i
+(that)d Ft(S)1655 1741 y Fn(ds)1726 1726 y Fu([)-17 b([)q
+Fr(while)38 b Fs(b)k Fr(do)c Fs(S)12 b Fu(])-17 b(])37
+b(is)f(w)m(ell-de\014ned.)56 b(This)37 b(completes)283
+1846 y(the)c(pro)s(of.)2980 b Fh(2)283 2149 y Fw(Example)37
+b(4.48)49 b Fu(Consider)33 b(the)g(denotational)e(seman)m(tics)h(of)g
+(the)h(factorial)e(statemen)m(t:)527 2346 y Ft(S)595
+2361 y Fn(ds)666 2346 y Fu([)-17 b([)q Fr(y)33 b Fu(:=)f
+Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p
+Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p Fr(y)p
+Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(\)])-17 b(])283 2543 y(W)-8 b(e)29 b(shall)d(b)s(e)i(in)m
+(terested)h(in)e(applying)g(this)g(function)h(to)f(a)h(state)g
+Fs(s)2780 2558 y Fn(0)2848 2543 y Fu(where)h Fr(x)f Fu(has)g(the)g(v)-5
+b(alue)283 2663 y Fw(3)p Fu(.)44 b(T)-8 b(o)33 b(do)f(that)g(w)m(e)i
+(shall)d(\014rst)i(apply)g(the)g(clauses)g(of)f(T)-8
+b(able)32 b(4.1)g(and)h(w)m(e)h(then)f(get)f(that)527
+2860 y Ft(S)595 2875 y Fn(ds)666 2860 y Fu([)-17 b([)q
+Fr(y)33 b Fu(:=)f Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p
+Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)p Fu(:=)p
+Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(\)])-17 b(])35 b Fs(s)2705 2875 y Fn(0)764
+3028 y Fu(=)d(\(FIX)g Fs(F)13 b Fu(\))33 b Fs(s)1310
+3043 y Fn(0)1349 3028 y Fu([)p Fr(y)p Ft(7!)p Fw(1)p
+Fu(])283 3225 y(where)527 3484 y Fs(F)46 b(g)41 b(s)g
+Fu(=)912 3310 y Fg(8)912 3384 y(<)912 3534 y(:)1027 3399
+y Fs(g)g Fu(\()p Ft(S)1219 3414 y Fn(ds)1290 3399 y Fu([)-17
+b([)q Fr(y)p Fu(:=)33 b Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)p
+Fu(:=)p Fr(x)p Ft(\000)p Fr(1)p Fu(])-17 b(])34 b Fs(s)8
+b Fu(\))83 b(if)31 b Ft(B)t Fu([)-17 b([)p Ft(:)q Fu(\()p
+Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])33 b Fs(s)41 b Fu(=)32
+b Fw(tt)1027 3567 y Fs(s)1232 b Fu(if)31 b Ft(B)t Fu([)-17
+b([)p Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])33
+b Fs(s)41 b Fu(=)32 b Fw(\013)283 3763 y Fu(or,)h(equiv)-5
+b(alen)m(tly)d(,)527 4041 y Fs(F)46 b(g)41 b(s)g Fu(=)912
+3867 y Fg(8)912 3942 y(<)912 4091 y(:)1027 3957 y Fs(g)g
+Fu(\()p Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fu(\()p Fs(s)41
+b Fr(y)p Fu(\))p Fo(?)p Fu(\()p Fs(s)f Fr(x)p Fu(\)][)p
+Fr(x)p Ft(7!)q Fu(\()p Fs(s)g Fr(x)p Fu(\))p Ft(\000)p
+Fw(1)p Fu(]\))84 b(if)31 b Fs(s)41 b Fr(x)33 b Ft(6)p
+Fu(=)f Fw(1)1027 4124 y Fs(s)1469 b Fu(if)31 b Fs(s)41
+b Fr(x)33 b Fu(=)f Fw(1)283 4320 y Fu(W)-8 b(e)34 b(can)g(no)m(w)g
+(calculate)f(the)g(v)-5 b(arious)33 b(functions)h Fs(F)2246
+4284 y Fn(n)2322 4320 y Ft(?)g Fu(used)h(in)e(the)g(de\014nition)g(of)g
+(FIX)g Fs(F)283 4440 y Fu(in)f(Theorem)h(4.37:)527 4637
+y(\()p Fs(F)642 4601 y Fn(0)714 4637 y Ft(?)q Fu(\))f
+Fs(s)41 b Fu(=)32 b(undef)p 1051 4650 236 4 v 527 4892
+a(\()p Fs(F)642 4856 y Fn(1)714 4892 y Ft(?)q Fu(\))g
+Fs(s)41 b Fu(=)1051 4718 y Fg(8)1051 4792 y(<)1051 4942
+y(:)1166 4807 y Fu(undef)p 1166 4820 V 84 w(if)32 b Fs(s)40
+b Fr(x)33 b Ft(6)p Fu(=)f Fw(1)1166 4975 y Fs(s)279 b
+Fu(if)32 b Fs(s)40 b Fr(x)33 b Fu(=)f Fw(1)527 5325 y
+Fu(\()p Fs(F)642 5289 y Fn(2)714 5325 y Ft(?)q Fu(\))g
+Fs(s)41 b Fu(=)1051 5076 y Fg(8)1051 5150 y(>)1051 5175
+y(>)1051 5200 y(>)1051 5225 y(<)1051 5375 y(>)1051 5400
+y(>)1051 5424 y(>)1051 5449 y(:)1166 5156 y Fu(undef)p
+1166 5169 V 675 w(if)32 b Fs(s)40 b Fr(x)33 b Ft(6)p
+Fu(=)g Fw(1)f Fu(and)h Fs(s)40 b Fr(x)33 b Ft(6)p Fu(=)g
+Fw(2)1166 5324 y Fs(s)8 b Fu([)p Fr(y)p Ft(7!)q Fu(\()p
+Fs(s)40 b Fr(y)p Fu(\))p Fo(?)p Fw(2)p Fu(][)p Fr(x)p
+Ft(7!)p Fw(1)p Fu(])83 b(if)32 b Fs(s)40 b Fr(x)33 b
+Fu(=)g Fw(2)1166 5492 y Fs(s)870 b Fu(if)32 b Fs(s)40
+b Fr(x)33 b Fu(=)g Fw(1)p eop
+%%Page: 111 121
+111 120 bop 0 130 a Fw(4.3)112 b(Direct)36 b(st)m(yle)g(seman)m(tics:)
+50 b(existence)1444 b(111)p 0 193 3473 4 v 0 515 a Fu(Th)m(us)32
+b(if)d Fr(x)h Fu(is)g Fw(1)g Fu(or)g Fw(2)g Fu(then)h(the)f
+Fs(F)1260 479 y Fn(2)1330 515 y Ft(?)g Fu(will)e(giv)m(e)i(the)h
+(correct)g(v)-5 b(alue)29 b(for)h Fr(y)g Fu(and)h(for)e(all)f(other)0
+636 y(v)-5 b(alues)27 b(of)g Fr(x)h Fu(the)g(result)f(is)g
+(unde\014ned.)44 b(This)28 b(is)f(a)g(general)g(pattern:)41
+b(the)28 b(n)m(th)g Fs(iter)-5 b(and)37 b(F)3319 600
+y Fn(n)3395 636 y Ft(?)0 756 y Fu(will)d(determine)h(the)i(correct)g(v)
+-5 b(alue)35 b(if)g(it)g(can)h(b)s(e)g(computed)h(with)e
+Fs(at)k(most)c Fu(n)i Fs(unfoldings)0 877 y Fu(of)i(the)h
+Fr(while)p Fu(-lo)s(op)f(\(that)h(is)f(n)g(ev)-5 b(aluations)39
+b(of)g(the)h(b)s(o)s(olean)e(condition\).)63 b(The)41
+b(general)0 997 y(form)m(ula)31 b(is)269 1227 y(\()p
+Fs(F)384 1191 y Fn(n)460 1227 y Ft(?)p Fu(\))h Fs(s)41
+b Fu(=)796 1052 y Fg(8)796 1127 y(<)796 1277 y(:)912
+1142 y Fu(undef)p 912 1155 236 4 v 989 w(if)31 b Fs(s)41
+b Fr(x)32 b Fo(<)h Fw(1)f Fu(or)h Fs(s)40 b Fr(x)33 b
+Fo(>)f Fu(n)912 1310 y Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p
+Fu(\()p Fs(s)40 b Fr(y)p Fu(\))p Fo(?)p Fs(j)14 b Ft(\001)j(\001)g
+(\001)o Fo(?)p Fw(2)p Fo(?)o Fw(1)p Fu(][)p Fr(x)p Ft(7!)p
+Fw(1)p Fu(])84 b(if)31 b Fs(s)41 b Fr(x)32 b Fu(=)h Fs(j)46
+b Fu(and)33 b Fw(1)p Ft(\024)q Fs(j)46 b Fu(and)33 b
+Fs(j)14 b Ft(\024)q Fu(n)0 1476 y(W)-8 b(e)33 b(then)g(ha)m(v)m(e)244
+1793 y(\(FIX)f Fs(F)13 b Fu(\))33 b Fs(s)40 b Fu(=)823
+1619 y Fg(8)823 1694 y(<)823 1843 y(:)938 1709 y Fu(undef)p
+938 1722 V 1007 w(if)31 b Fs(s)41 b Fr(x)33 b Fo(<)f
+Fw(1)938 1876 y Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fu(\()p
+Fs(s)41 b Fr(y)p Fu(\))p Fo(?)p Fs(n)7 b Ft(\001)17 b(\001)g(\001)n
+Fo(?)p Fw(2)p Fo(?)p Fw(1)p Fu(][)p Fr(x)p Ft(7!)p Fw(1)p
+Fu(])83 b(if)31 b Fs(s)41 b Fr(x)33 b Fu(=)f Fs(n)40
+b Fu(and)33 b Fs(n)7 b Ft(\025)p Fw(1)0 2130 y Fu(So)32
+b(in)f(the)i(state)f Fs(s)702 2145 y Fn(0)773 2130 y
+Fu(where)i Fr(x)e Fu(has)g(the)h(v)-5 b(alue)31 b Fw(3)h
+Fu(w)m(e)h(get)f(that)g(the)g(v)-5 b(alue)32 b(computed)g(b)m(y)h(the)0
+2250 y(factorial)d(statemen)m(t)j(is)244 2505 y(\(FIX)f
+Fs(F)13 b Fu(\))33 b(\()p Fs(s)720 2520 y Fn(0)759 2505
+y Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(]\))g Fr(y)g Fu(=)f
+Fw(1)h Fo(?)f Fw(3)g Fo(?)h Fw(2)f Fo(?)g Fw(1)h Fu(=)f
+Fw(6)0 2760 y Fu(as)h(exp)s(ected.)2879 b Fh(2)0 3061
+y Fw(Exercise)36 b(4.49)49 b Fu(Consider)33 b(the)g(statemen)m(t)244
+3315 y Fr(z)p Fu(:=)p Fr(0)p Fu(;)g Fr(while)h(y)p Ft(\024)q
+Fr(x)e(do)h Fu(\()p Fr(z)p Fu(:=)p Fr(z)p Fu(+)p Fr(1)p
+Fu(;)h Fr(x)p Fu(:=)p Fr(x)p Ft(\000)p Fr(y)p Fu(\))0
+3570 y(and)f(p)s(erform)e(a)h(dev)m(elopmen)m(t)i(analogous)d(to)h
+(that)h(of)f(Example)g(4.48.)694 b Fh(2)0 3871 y Fw(Exercise)36
+b(4.50)49 b Fu(Sho)m(w)30 b(that)f Ft(S)1220 3886 y Fn(ds)1292
+3871 y Fu([)-17 b([)p Fr(while)30 b(true)g(do)g(skip)p
+Fu(])-17 b(])30 b(is)e(the)i(totally)d(unde\014ned)j(func-)0
+3991 y(tion)i Ft(?)p Fu(.)3093 b Fh(2)0 4292 y Fw(Exercise)36
+b(4.51)49 b Fu(Extend)42 b(the)f(language)e(with)h(the)h(statemen)m(t)g
+Fr(repeat)34 b Fs(S)44 b Fr(until)34 b Fs(b)46 b Fu(and)0
+4412 y(giv)m(e)37 b(the)g(new)g(\(comp)s(ositional\))c(clause)k(for)f
+Ft(S)1795 4427 y Fn(ds)1866 4412 y Fu(.)56 b(V)-8 b(alidate)34
+b(the)j(w)m(ell-de\014nedness)i(of)d(the)0 4532 y(extended)f(v)m
+(ersion)e(of)f Ft(S)925 4547 y Fn(ds)996 4532 y Fu(.)2375
+b Fh(2)0 4833 y Fw(Exercise)36 b(4.52)49 b Fu(Extend)37
+b(the)e(language)f(with)g(the)h(statemen)m(t)g Fr(for)h
+Fs(x)47 b Fu(:=)34 b Fs(a)2937 4848 y Fn(1)3012 4833
+y Fr(to)h Fs(a)3206 4848 y Fn(2)3280 4833 y Fr(do)h Fs(S)0
+4953 y Fu(and)f(giv)m(e)g(the)g(new)h(\(comp)s(ositional\))c(clause)j
+(for)f Ft(S)1977 4968 y Fn(ds)2048 4953 y Fu(.)51 b(V)-8
+b(alidate)33 b(the)i(w)m(ell-de\014nedness)i(of)0 5074
+y(the)c(extended)i(v)m(ersion)e(of)f Ft(S)1093 5089 y
+Fn(ds)1164 5074 y Fu(.)2207 b Fh(2)146 5374 y Fu(T)-8
+b(o)31 b(summarize,)f(the)h(w)m(ell-de\014nedness)h(of)e
+Ft(S)1851 5389 y Fn(ds)1952 5374 y Fu(relies)g(on)g(the)h(follo)m(wing)
+d(results)j(estab-)0 5494 y(lished)h(ab)s(o)m(v)m(e:)p
+eop
+%%Page: 112 122
+112 121 bop 251 130 a Fw(112)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 283 419 3470 4 v 283
+436 V 281 643 4 208 v 298 643 V 1371 564 a(Pro)s(of)c(Summary)h(for)f
+(While)p Fu(:)p 3735 643 V 3752 643 V 281 851 V 298 851
+V 961 772 a Fw(W)-9 b(ell)p Fu(-)p Fw(de\014nedness)32
+b(of)h(Denotational)e(Seman)m(tics)p 3735 851 V 3752
+851 V 283 854 3470 4 v 281 1223 4 370 v 298 1223 V 350
+1020 a Fu(1:)143 b(The)34 b(set)g Fw(State)g Fo(,)-17
+b Ft(!)33 b Fw(State)g Fu(equipp)s(ed)h(with)f(an)h(appropriate)e
+(order)i Ft(v)f Fu(is)g(a)g(ccp)s(o)569 1140 y(\(Lemmas)e(4.13)h(and)h
+(4.25\).)p 3735 1223 V 3752 1223 V 281 1511 4 289 v 298
+1511 V 350 1308 a(2:)143 b(Certain)34 b(functions)g(\011:)47
+b(\()p Fw(State)34 b Fo(,)-17 b Ft(!)35 b Fw(State)p
+Fu(\))f Ft(!)g Fu(\()p Fw(State)g Fo(,)-17 b Ft(!)35
+b Fw(State)p Fu(\))f(are)g(con)m(tin-)569 1428 y(uous)f(\(Lemmas)e
+(4.43)h(and)h(4.45\).)p 3735 1511 V 3752 1511 V 281 1799
+V 298 1799 V 350 1596 a(3:)143 b(In)31 b(the)g(de\014nition)f(of)g
+Ft(S)1464 1611 y Fn(ds)1566 1596 y Fu(w)m(e)i(only)e(apply)g(the)i
+(\014xed)g(p)s(oin)m(t)e(op)s(eration)f(to)h(con)m(tin-)569
+1716 y(uous)j(functions)f(\(Prop)s(osition)f(4.47\).)p
+3735 1799 V 3752 1799 V 283 1803 3470 4 v 283 1819 V
+283 2069 a Fp(Prop)t(erties)46 b(of)f(the)h(seman)l(tics)283
+2260 y Fu(In)35 b(the)f(op)s(erational)d(seman)m(tics)j(w)m(e)h
+(de\014ned)g(a)f(notion)f(of)g(t)m(w)m(o)h(statemen)m(ts)h(b)s(eing)e
+(seman-)283 2380 y(tically)46 b(equiv)-5 b(alen)m(t.)87
+b(A)48 b(similar)c(notion)i(can)i(b)s(e)g(de\014ned)g(based)h(on)e(the)
+h(denotational)283 2501 y(seman)m(tics:)c Fs(S)831 2516
+y Fn(1)903 2501 y Fu(and)33 b Fs(S)1160 2516 y Fn(2)1231
+2501 y Fu(are)g Fs(semantic)-5 b(al)5 b(ly)34 b(e)-5
+b(quivalent)41 b Fu(if)32 b(and)g(only)h(if)527 2720
+y Ft(S)595 2735 y Fn(ds)666 2720 y Fu([)-17 b([)q Fs(S)771
+2735 y Fn(1)810 2720 y Fu(])g(])33 b(=)g Ft(S)1056 2735
+y Fn(ds)1128 2720 y Fu([)-17 b([)p Fs(S)1232 2735 y Fn(2)1272
+2720 y Fu(])g(])283 2973 y Fw(Exercise)37 b(4.53)49 b
+Fu(Sho)m(w)f(that)f(the)g(follo)m(wing)e(statemen)m(ts)j(of)f
+Fw(While)e Fu(are)j(seman)m(tically)283 3093 y(equiv)-5
+b(alen)m(t)33 b(in)f(the)h(ab)s(o)m(v)m(e)g(sense:)429
+3312 y Ft(\017)48 b Fs(S)12 b Fu(;)p Fr(skip)34 b Fu(and)f
+Fs(S)429 3531 y Ft(\017)48 b Fs(S)594 3546 y Fn(1)634
+3531 y Fu(;\()p Fs(S)766 3546 y Fn(2)805 3531 y Fu(;)p
+Fs(S)899 3546 y Fn(3)938 3531 y Fu(\))33 b(and)f(\()p
+Fs(S)1303 3546 y Fn(1)1343 3531 y Fu(;)p Fs(S)1437 3546
+y Fn(2)1476 3531 y Fu(\);)p Fs(S)1608 3546 y Fn(3)429
+3749 y Ft(\017)48 b Fr(while)34 b Fs(b)39 b Fr(do)33
+b Fs(S)44 b Fu(and)33 b Fr(if)g Fs(b)38 b Fr(then)c Fu(\()p
+Fs(S)12 b Fu(;)32 b Fr(while)i Fs(b)k Fr(do)c Fs(S)12
+b Fu(\))32 b Fr(else)h(skip)651 b Fh(2)283 3999 y Fw(Exercise)37
+b(4.54)49 b Fu(*)29 b(Pro)m(v)m(e)h(that)f Fr(repeat)i
+Fs(S)41 b Fr(until)30 b Fs(b)35 b Fu(and)29 b Fs(S)12
+b Fu(;)29 b Fr(while)h Ft(:)q Fs(b)35 b Fr(do)29 b Fs(S)41
+b Fu(are)29 b(seman-)283 4120 y(tically)i(equiv)-5 b(alen)m(t)33
+b(using)g(the)h(denotational)d(approac)m(h.)45 b(The)34
+b(seman)m(tics)g(of)e(the)i Fr(repeat)p Fu(-)283 4240
+y(construct)g(is)e(giv)m(en)h(in)f(Exercise)i(4.51.)1917
+b Fh(2)283 4592 y Fj(4.4)161 b(An)53 b(equiv)-9 b(alence)55
+b(result)283 4817 y Fu(Ha)m(ving)33 b(pro)s(duced)h(y)m(et)g(another)g
+(seman)m(tics)f(of)f(the)i(language)e Fw(While)f Fu(w)m(e)k(shall)c(b)s
+(e)j(in)m(ter-)283 4937 y(ested)d(in)e(its)f(relation)g(to)h(the)h(op)s
+(erational)d(seman)m(tics)i(and)g(for)g(this)g(w)m(e)i(shall)d(fo)s
+(cus)h(on)g(the)283 5058 y(structural)k(op)s(erational)d(seman)m(tics.)
+p 283 5181 3473 5 v 283 5374 a Fw(Theorem)38 b(4.55)49
+b Fu(F)-8 b(or)31 b(ev)m(ery)k(statemen)m(t)e Fs(S)44
+b Fu(of)32 b Fw(While)f Fu(w)m(e)j(ha)m(v)m(e)g Ft(S)2863
+5389 y Fn(sos)2958 5374 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17
+b(])33 b(=)g Ft(S)3308 5389 y Fn(ds)3380 5374 y Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q(.)p 283 5494 V eop
+%%Page: 113 123
+113 122 bop 0 130 a Fw(4.4)112 b(An)38 b(equiv)-6 b(alence)37
+b(result)1991 b(113)p 0 193 3473 4 v 0 515 a Fu(Both)25
+b Ft(S)302 530 y Fn(ds)373 515 y Fu([)-17 b([)q Fs(S)12
+b Fu(])-17 b(])25 b(and)g Ft(S)790 530 y Fn(sos)885 515
+y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])25 b(are)g(functions)f(in)g
+Fw(State)h Fo(,)-17 b Ft(!)24 b Fw(State)p Fu(,)j(that)d(is)g(they)i
+(are)e(elemen)m(ts)0 636 y(of)40 b(a)h(partially)c(ordered)42
+b(set.)68 b(T)-8 b(o)41 b(pro)m(v)m(e)h(that)e(t)m(w)m(o)i(elemen)m(ts)
+e Fs(d)2485 651 y Fn(1)2566 636 y Fu(and)g Fs(d)2823
+651 y Fn(2)2904 636 y Fu(of)g(a)g(partially)0 756 y(ordered)30
+b(set)g(are)g(equal)f(it)g(is)g(su\016cien)m(t)i(to)e(pro)m(v)m(e)i
+(that)e Fs(d)2153 771 y Fn(1)2222 756 y Ft(v)h Fs(d)2389
+771 y Fn(2)2458 756 y Fu(and)g(that)f Fs(d)2913 771 y
+Fn(2)2982 756 y Ft(v)h Fs(d)3149 771 y Fn(1)3188 756
+y Fu(.)43 b(Th)m(us)0 877 y(to)32 b(pro)m(v)m(e)i(Theorem)f(4.55)f(w)m
+(e)i(shall)d(sho)m(w)i(that)145 1066 y Ft(\017)49 b(S)312
+1081 y Fn(sos)407 1066 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17
+b(])33 b Ft(v)g(S)759 1081 y Fn(ds)830 1066 y Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(],)33 b(and)145 1264 y Ft(\017)49
+b(S)312 1279 y Fn(ds)383 1264 y Fu([)-17 b([)p Fs(S)12
+b Fu(])-17 b(])33 b Ft(v)g(S)735 1279 y Fn(sos)830 1264
+y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(].)0 1454 y(The)34
+b(\014rst)f(result)f(is)g(expressed)k(b)m(y)d(the)g(follo)m(wing)d
+(lemma:)p 0 1574 3473 5 v 0 1734 a Fw(Lemma)37 b(4.56)49
+b Fu(F)-8 b(or)32 b(ev)m(ery)i(statemen)m(t)f Fs(S)45
+b Fu(of)32 b Fw(While)f Fu(w)m(e)i(ha)m(v)m(e)h Ft(S)2501
+1749 y Fn(sos)2596 1734 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])33 b Ft(v)g(S)2949 1749 y Fn(ds)3020 1734 y Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q(.)p 0 1854 V 0 2044 a
+Fw(Pro)s(of:)37 b Fu(It)c(is)f(su\016cien)m(t)i(to)e(pro)m(v)m(e)i
+(that)e(for)g(all)f(states)i Fs(s)41 b Fu(and)32 b Fs(s)2427
+2007 y Fi(0)269 2211 y Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8
+b Ft(i)32 b(\))653 2175 y Fi(\003)725 2211 y Fs(s)773
+2175 y Fi(0)829 2211 y Fu(implies)e Ft(S)1228 2226 y
+Fn(ds)1299 2211 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q
+Fs(s)40 b Fu(=)33 b Fs(s)1678 2175 y Fi(0)3348 2211 y
+Fu(\(*\))0 2379 y(T)-8 b(o)33 b(do)f(so)h(w)m(e)g(shall)f(need)h(to)f
+(establish)h(the)g(follo)m(wing)c(prop)s(ert)m(y)310
+2538 y Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))f
+Fs(s)775 2502 y Fi(0)1109 2538 y Fu(implies)80 b Ft(S)1558
+2553 y Fn(ds)1629 2538 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])p Fs(s)41 b Fu(=)32 b Fs(s)2008 2502 y Fi(0)310 2706
+y Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(\))f(h)p
+Fs(S)833 2670 y Fi(0)856 2706 y Fu(,)g Fs(s)963 2670
+y Fi(0)987 2706 y Ft(i)83 b Fu(implies)d Ft(S)1558 2721
+y Fn(ds)1629 2706 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])p Fs(s)41 b Fu(=)32 b Ft(S)2028 2721 y Fn(ds)2099
+2706 y Fu([)-17 b([)q Fs(S)2204 2670 y Fi(0)2227 2706
+y Fu(])g(])p Fs(s)2312 2670 y Fi(0)3299 2623 y Fu(\(**\))0
+2872 y(Assuming)39 b(that)g(\(**\))g(holds)h(the)g(pro)s(of)e(of)h
+(\(*\))h(is)f(a)g(straigh)m(tforw)m(ard)g(induction)f(on)i(the)0
+2992 y(length)32 b(k)h(of)f(the)h(deriv)-5 b(ation)31
+b(sequence)k Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32
+b(\))1908 2956 y Fn(k)1981 2992 y Fs(s)2029 2956 y Fi(0)2085
+2992 y Fu(\(see)i(Section)e(2.2\).)146 3113 y(W)-8 b(e)40
+b(no)m(w)g(turn)f(to)g(the)g(pro)s(of)g(of)f(\(**\))h(and)g(for)g(this)
+g(w)m(e)h(shall)e(use)i(induction)e(on)h(the)0 3233 y(shap)s(e)33
+b(of)f(the)h(deriv)-5 b(ation)31 b(tree)i(for)f Ft(h)p
+Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(\))g Fs(s)1820
+3197 y Fi(0)1876 3233 y Fu(or)g Ft(h)p Fs(S)12 b Fu(,)32
+b Fs(s)8 b Ft(i)33 b(\))f(h)p Fs(S)2518 3197 y Fi(0)2541
+3233 y Fu(,)g Fs(s)2648 3197 y Fi(0)2672 3233 y Ft(i)o
+Fu(.)0 3401 y Fw(The)h(case)g Fu([ass)608 3416 y Fn(sos)704
+3401 y Fu(]:)44 b(W)-8 b(e)32 b(ha)m(v)m(e)244 3590 y
+Ft(h)p Fs(x)44 b Fu(:=)32 b Fs(a)7 b Fu(,)33 b Fs(s)8
+b Ft(i)33 b(\))f Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p Fu([)-17
+b([)q Fs(a)7 b Fu(])-17 b(])p Fs(s)8 b Fu(])0 3779 y(and)33
+b(since)g Ft(S)496 3794 y Fn(ds)568 3779 y Fu([)-17 b([)p
+Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])q Fs(s)41
+b Fu(=)32 b Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17
+b([)q Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])32 b(the)h(result)g(follo)m
+(ws.)0 3947 y Fw(The)g(case)g Fu([skip)654 3962 y Fn(sos)749
+3947 y Fu(]:)44 b(Analogous.)0 4114 y Fw(The)33 b(case)g
+Fu([comp)723 4078 y Fn(1)711 4139 y(sos)806 4114 y Fu(]:)43
+b(Assume)34 b(that)244 4304 y Ft(h)p Fs(S)350 4319 y
+Fn(1)389 4304 y Fu(;)p Fs(S)483 4319 y Fn(2)522 4304
+y Fu(,)f Fs(s)8 b Ft(i)32 b(\))g(h)p Fs(S)939 4268 y
+Fi(0)939 4328 y Fn(1)978 4304 y Fu(;)p Fs(S)1072 4319
+y Fn(2)1112 4304 y Fu(,)g Fs(s)1219 4268 y Fi(0)1243
+4304 y Ft(i)0 4493 y Fu(b)s(ecause)39 b Ft(h)o Fs(S)471
+4508 y Fn(1)511 4493 y Fu(,)f Fs(s)8 b Ft(i)37 b(\))g(h)o
+Fs(S)942 4457 y Fi(0)942 4517 y Fn(1)982 4493 y Fu(,)h
+Fs(s)1095 4457 y Fi(0)1118 4493 y Ft(i)p Fu(.)57 b(Then)39
+b(the)e(induction)g(h)m(yp)s(othesis)h(applied)e(to)h(the)g(latter)0
+4613 y(transition)31 b(giv)m(es)i Ft(S)752 4628 y Fn(ds)823
+4613 y Fu([)-17 b([)q Fs(S)928 4628 y Fn(1)967 4613 y
+Fu(])g(])p Fs(s)41 b Fu(=)32 b Ft(S)1261 4628 y Fn(ds)1332
+4613 y Fu([)-17 b([)q Fs(S)1437 4577 y Fi(0)1437 4638
+y Fn(1)1476 4613 y Fu(])g(])q Fs(s)1562 4577 y Fi(0)1618
+4613 y Fu(and)32 b(w)m(e)i(get)244 4802 y Ft(S)312 4817
+y Fn(ds)383 4802 y Fu([)-17 b([)p Fs(S)487 4817 y Fn(1)527
+4802 y Fu(;)p Fs(S)621 4817 y Fn(2)660 4802 y Fu(])g(])33
+b Fs(s)41 b Fu(=)32 b Ft(S)987 4817 y Fn(ds)1058 4802
+y Fu([)-17 b([)q Fs(S)1163 4817 y Fn(2)1202 4802 y Fu(])g(])q(\()p
+Ft(S)1345 4817 y Fn(ds)1417 4802 y Fu([)g([)p Fs(S)1521
+4817 y Fn(1)1560 4802 y Fu(])g(])q Fs(s)8 b Fu(\))811
+4970 y(=)32 b Ft(S)987 4985 y Fn(ds)1058 4970 y Fu([)-17
+b([)q Fs(S)1163 4985 y Fn(2)1202 4970 y Fu(])g(])q(\()p
+Ft(S)1345 4985 y Fn(ds)1417 4970 y Fu([)g([)p Fs(S)1521
+4934 y Fi(0)1521 4995 y Fn(1)1560 4970 y Fu(])g(])q Fs(s)1646
+4934 y Fi(0)1669 4970 y Fu(\))811 5138 y(=)32 b Ft(S)987
+5153 y Fn(ds)1058 5138 y Fu([)-17 b([)q Fs(S)1163 5102
+y Fi(0)1163 5162 y Fn(1)1202 5138 y Fu(;)p Fs(S)1296
+5153 y Fn(2)1335 5138 y Fu(])g(])q Fs(s)1421 5102 y Fi(0)0
+5327 y Fu(as)33 b(required.)0 5494 y Fw(The)g(case)g
+Fu([comp)723 5458 y Fn(2)711 5519 y(sos)806 5494 y Fu(]:)43
+b(Assume)34 b(that)p eop
+%%Page: 114 124
+114 123 bop 251 130 a Fw(114)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Ft(h)p Fs(S)633
+530 y Fn(1)672 515 y Fu(;)p Fs(S)766 530 y Fn(2)806 515
+y Fu(,)c Fs(s)8 b Ft(i)33 b(\))f(h)p Fs(S)1223 530 y
+Fn(2)1262 515 y Fu(,)g Fs(s)1369 479 y Fi(0)1393 515
+y Ft(i)283 747 y Fu(b)s(ecause)44 b Ft(h)p Fs(S)760 762
+y Fn(1)799 747 y Fu(,)g Fs(s)8 b Ft(i\))42 b Fs(s)1147
+711 y Fi(0)1170 747 y Fu(.)72 b(Then)43 b(the)f(induction)f(h)m(yp)s
+(othesis)i(applied)e(to)h(that)f(transition)283 867 y(giv)m(es)33
+b Ft(S)590 882 y Fn(ds)661 867 y Fu([)-17 b([)q Fs(S)766
+882 y Fn(1)805 867 y Fu(])g(])q Fs(s)41 b Fu(=)32 b Fs(s)1080
+831 y Fi(0)1136 867 y Fu(and)g(w)m(e)i(get)527 1099 y
+Ft(S)595 1114 y Fn(ds)666 1099 y Fu([)-17 b([)q Fs(S)771
+1114 y Fn(1)810 1099 y Fu(;)p Fs(S)904 1114 y Fn(2)944
+1099 y Fu(])g(])p Fs(s)41 b Fu(=)32 b Ft(S)1238 1114
+y Fn(ds)1309 1099 y Fu([)-17 b([)q Fs(S)1414 1114 y Fn(2)1453
+1099 y Fu(])g(])q(\()p Ft(S)1596 1114 y Fn(ds)1668 1099
+y Fu([)g([)p Fs(S)1772 1114 y Fn(1)1811 1099 y Fu(])g(])q
+Fs(s)8 b Fu(\))32 b(=)h Ft(S)2144 1114 y Fn(ds)2215 1099
+y Fu([)-17 b([)p Fs(S)2319 1114 y Fn(2)2359 1099 y Fu(])g(])p
+Fs(s)2444 1063 y Fi(0)283 1331 y Fu(where)40 b(the)g(\014rst)f(equalit)
+m(y)f(comes)h(from)e(the)i(de\014nition)f(of)g Ft(S)2659
+1346 y Fn(ds)2769 1331 y Fu(and)h(w)m(e)g(just)h(argued)e(for)283
+1451 y(the)33 b(second)h(equalit)m(y)-8 b(.)43 b(This)33
+b(pro)m(v)m(es)h(the)f(result.)283 1619 y Fw(The)g(case)g
+Fu([if)836 1582 y Fn(tt)824 1643 y(sos)919 1619 y Fu(]:)43
+b(Assume)34 b(that)527 1850 y Ft(h)p Fr(if)f Fs(b)39
+b Fr(then)33 b Fs(S)1089 1865 y Fn(1)1161 1850 y Fr(else)h
+Fs(S)1466 1865 y Fn(2)1505 1850 y Fu(,)e Fs(s)8 b Ft(i)33
+b(\))f(h)p Fs(S)1922 1865 y Fn(1)1961 1850 y Fu(,)h Fs(s)8
+b Ft(i)283 2082 y Fu(b)s(ecause)34 b Ft(B)t Fu([)-17
+b([)p Fs(b)6 b Fu(])-17 b(])33 b Fs(s)41 b Fu(=)32 b
+Fw(tt)p Fu(.)43 b(Then)552 2249 y Ft(S)620 2264 y Fn(ds)691
+2249 y Fu([)-17 b([)q Fr(if)33 b Fs(b)38 b Fr(then)c
+Fs(S)1252 2264 y Fn(1)1324 2249 y Fr(else)f Fs(S)1628
+2264 y Fn(2)1667 2249 y Fu(])-17 b(])q Fs(s)41 b Fu(=)32
+b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33
+b Ft(S)2455 2264 y Fn(ds)2526 2249 y Fu([)-17 b([)p Fs(S)2630
+2264 y Fn(1)2670 2249 y Fu(])g(],)33 b Ft(S)2835 2264
+y Fn(ds)2906 2249 y Fu([)-17 b([)p Fs(S)3010 2264 y Fn(2)3050
+2249 y Fu(])g(]\))p Fs(s)41 b Fu(=)32 b Ft(S)3382 2264
+y Fn(ds)3453 2249 y Fu([)-17 b([)q Fs(S)3558 2264 y Fn(1)3597
+2249 y Fu(])g(])q Fs(s)283 2417 y Fu(as)33 b(required.)283
+2585 y Fw(The)g(case)g Fu([if)836 2549 y Fn(\013)824
+2609 y(sos)919 2585 y Fu(]:)43 b(Analogous.)283 2752
+y Fw(The)33 b(case)g Fu([while)989 2767 y Fn(sos)1084
+2752 y Fu(]:)43 b(Assume)34 b(that)527 2984 y Ft(h)p
+Fr(while)g Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8
+b Ft(i)32 b(\))g(h)p Fr(if)h Fs(b)39 b Fr(then)33 b Fu(\()p
+Fs(S)12 b Fu(;)33 b Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12
+b Fu(\))32 b Fr(else)i(skip)p Fu(,)f Fs(s)8 b Ft(i)283
+3216 y Fu(F)-8 b(rom)41 b(the)i(de\014nition)f(of)g Ft(S)1359
+3231 y Fn(ds)1473 3216 y Fu(w)m(e)h(ha)m(v)m(e)h Ft(S)1929
+3231 y Fn(ds)2000 3216 y Fu([)-17 b([)q Fr(while)43 b
+Fs(b)49 b Fr(do)42 b Fs(S)12 b Fu(])-17 b(])43 b(=)f(FIX)h
+Fs(F)55 b Fu(where)44 b Fs(F)55 b(g)c Fu(=)283 3336 y(cond\()p
+Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(g)41
+b Ft(\016)33 b(S)1012 3351 y Fn(ds)1084 3336 y Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\).)43 b(W)-8
+b(e)33 b(therefore)g(get)527 3568 y Ft(S)595 3583 y Fn(ds)666
+3568 y Fu([)-17 b([)q Fr(while)34 b Fs(b)k Fr(do)33 b
+Fs(S)12 b Fu(])-17 b(])q(=)32 b(\(FIX)h Fs(F)13 b Fu(\))1316
+3735 y(=)32 b Fs(F)46 b Fu(\(FIX)32 b Fs(F)13 b Fu(\))1316
+3903 y(=)32 b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b
+Fu(])-17 b(],)33 b Ft(S)1985 3918 y Fn(ds)2056 3903 y
+Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12
+b Fu(])-17 b(])33 b Ft(\016)f(S)2888 3918 y Fn(ds)2959
+3903 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 b(id\))1316
+4070 y(=)f(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(],)33 b Ft(S)1985 4085 y Fn(ds)2056 4070 y Fu([)-17
+b([)p Fs(S)12 b Fu(;)33 b Fr(while)h Fs(b)k Fr(do)33
+b Fs(S)12 b Fu(])-17 b(])q(,)32 b Ft(S)2959 4085 y Fn(ds)3030
+4070 y Fu([)-17 b([)q Fr(skip)p Fu(])g(])q(\))1316 4238
+y(=)32 b Ft(S)1492 4253 y Fn(ds)1563 4238 y Fu([)-17
+b([)q Fr(if)33 b Fs(b)38 b Fr(then)c Fu(\()p Fs(S)12
+b Fu(;)32 b Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\))33
+b Fr(else)g(skip)p Fu(])-17 b(])283 4470 y(as)33 b(required.)44
+b(This)33 b(completes)f(the)h(pro)s(of)f(of)g(\(**\).)1450
+b Fh(2)430 4679 y Fu(Note)39 b(that)g(\(*\))g(do)s(es)g
+Fs(not)49 b Fu(imply)37 b(that)i Ft(S)2032 4694 y Fn(sos)2127
+4679 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])40 b(=)f
+Ft(S)2491 4694 y Fn(ds)2562 4679 y Fu([)-17 b([)p Fs(S)12
+b Fu(])-17 b(])40 b(as)f(w)m(e)h(ha)m(v)m(e)h(only)d(pro)m(v)m(ed)283
+4799 y(that)26 b Fs(if)46 b Ft(S)662 4814 y Fn(sos)757
+4799 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])p Fs(s)33
+b Ft(6)p Fu(=)26 b(undef)p 1074 4812 236 4 v 26 w Fs(then)33
+b Ft(S)1617 4814 y Fn(sos)1713 4799 y Fu([)-17 b([)p
+Fs(S)12 b Fu(])-17 b(])q Fs(s)33 b Fu(=)25 b Ft(S)2097
+4814 y Fn(ds)2168 4799 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])p Fs(s)8 b Fu(.)42 b(Still)23 b(there)j(is)f(the)h(p)s(ossibilit)m
+(y)d(that)283 4919 y Ft(S)351 4934 y Fn(ds)422 4919 y
+Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])28 b(ma)m(y)f(b)s(e)h(de\014ned)h
+(for)e(more)f(argumen)m(ts)i(than)f Ft(S)2399 4934 y
+Fn(sos)2494 4919 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(].)42 b(Ho)m(w)m(ev)m(er)30 b(this)d(is)g(ruled)g(out)283
+5040 y(b)m(y)34 b(the)f(follo)m(wing)d(lemma:)p 283 5166
+3473 5 v 283 5374 a Fw(Lemma)38 b(4.57)49 b Fu(F)-8 b(or)31
+b(ev)m(ery)k(statemen)m(t)e Fs(S)44 b Fu(of)32 b Fw(While)f
+Fu(w)m(e)j(ha)m(v)m(e)g Ft(S)2785 5389 y Fn(ds)2856 5374
+y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])33 b Ft(v)g(S)3208
+5389 y Fn(sos)3303 5374 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(].)p 283 5494 V eop
+%%Page: 115 125
+115 124 bop 0 130 a Fw(4.4)112 b(An)38 b(equiv)-6 b(alence)37
+b(result)1991 b(115)p 0 193 3473 4 v 0 515 a(Pro)s(of:)37
+b Fu(W)-8 b(e)33 b(pro)s(ceed)h(b)m(y)f(structural)f(induction)g(on)h
+(the)g(statemen)m(t)g Fs(S)12 b Fu(.)0 683 y Fw(The)38
+b(case)g Fs(x)50 b Fu(:=)37 b Fs(a)7 b Fu(:)54 b(Clearly)37
+b Ft(S)1251 698 y Fn(ds)1322 683 y Fu([)-17 b([)q Fs(x)49
+b Fu(:=)38 b Fs(a)7 b Fu(])-17 b(])q Fs(s)46 b Fu(=)37
+b Ft(S)1957 698 y Fn(sos)2052 683 y Fu([)-17 b([)q Fs(x)49
+b Fu(:=)38 b Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(.)59
+b(Note)37 b(that)h(this)f(means)0 803 y(that)32 b Ft(S)279
+818 y Fn(sos)407 803 y Fu(satis\014es)h(the)g(clause)g(de\014ning)f
+Ft(S)1658 818 y Fn(ds)1762 803 y Fu(in)g(T)-8 b(able)32
+b(4.1.)0 971 y Fw(The)h(case)g Fr(skip)p Fu(:)45 b(Clearly)31
+b Ft(S)1138 986 y Fn(ds)1209 971 y Fu([)-17 b([)q Fr(skip)p
+Fu(])g(])r Fs(s)40 b Fu(=)32 b Ft(S)1746 986 y Fn(sos)1841
+971 y Fu([)-17 b([)q Fr(skip)p Fu(])g(])r Fs(s)8 b Fu(.)0
+1139 y Fw(The)28 b(case)h Fs(S)514 1154 y Fn(1)582 1139
+y Fu(;)g Fs(S)705 1154 y Fn(2)745 1139 y Fu(:)41 b(Recall)26
+b(that)i Ft(\016)g Fu(is)g(monotone)f(in)h(b)s(oth)g(argumen)m(ts)g
+(\(Lemma)f(4.45)g(and)0 1259 y(Exercise)34 b(4.46\).)43
+b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)244 1456 y Ft(S)312
+1471 y Fn(ds)383 1456 y Fu([)-17 b([)p Fs(S)487 1471
+y Fn(1)559 1456 y Fu(;)33 b Fs(S)686 1471 y Fn(2)725
+1456 y Fu(])-17 b(])33 b(=)g Ft(S)971 1471 y Fn(ds)1043
+1456 y Fu([)-17 b([)p Fs(S)1147 1471 y Fn(2)1186 1456
+y Fu(])g(])34 b Ft(\016)e(S)1407 1471 y Fn(ds)1478 1456
+y Fu([)-17 b([)p Fs(S)1582 1471 y Fn(1)1622 1456 y Fu(])g(])795
+1623 y Ft(v)32 b(S)971 1638 y Fn(sos)1067 1623 y Fu([)-17
+b([)p Fs(S)1171 1638 y Fn(2)1210 1623 y Fu(])g(])33 b
+Ft(\016)g(S)1431 1638 y Fn(sos)1526 1623 y Fu([)-17 b([)p
+Fs(S)1630 1638 y Fn(1)1670 1623 y Fu(])g(])0 1820 y(b)s(ecause)39
+b(the)g(induction)e(h)m(yp)s(othesis)i(applied)e(to)h
+Fs(S)2004 1835 y Fn(1)2081 1820 y Fu(and)g Fs(S)2343
+1835 y Fn(2)2421 1820 y Fu(giv)m(es)g Ft(S)2733 1835
+y Fn(ds)2804 1820 y Fu([)-17 b([)q Fs(S)2909 1835 y Fn(1)2948
+1820 y Fu(])g(])33 b Ft(v)g(S)3196 1835 y Fn(sos)3291
+1820 y Fu([)-17 b([)q Fs(S)3396 1835 y Fn(1)3435 1820
+y Fu(])g(])0 1940 y(and)44 b Ft(S)269 1955 y Fn(ds)340
+1940 y Fu([)-17 b([)q Fs(S)445 1955 y Fn(2)484 1940 y
+Fu(])g(])33 b Ft(v)g(S)732 1955 y Fn(sos)827 1940 y Fu([)-17
+b([)p Fs(S)931 1955 y Fn(2)971 1940 y Fu(])g(].)78 b(F)-8
+b(urthermore,)46 b(Exercise)f(2.21)f(giv)m(es)g(that)g(if)f
+Ft(h)o Fs(S)3011 1955 y Fn(1)3051 1940 y Fu(,)32 b Fs(s)8
+b Ft(i)32 b(\))3329 1904 y Fi(\003)3401 1940 y Fs(s)3449
+1904 y Fi(0)0 2060 y Fu(then)h Ft(h)p Fs(S)328 2075 y
+Fn(1)400 2060 y Fu(;)f Fs(S)526 2075 y Fn(2)566 2060
+y Fu(,)g Fs(s)8 b Ft(i)33 b(\))844 2024 y Fi(\003)916
+2060 y Ft(h)p Fs(S)1022 2075 y Fn(2)1061 2060 y Fu(,)g
+Fs(s)1169 2024 y Fi(0)1192 2060 y Ft(i)f Fu(and)h(hence)244
+2257 y Ft(S)312 2272 y Fn(sos)407 2257 y Fu([)-17 b([)p
+Fs(S)511 2272 y Fn(2)551 2257 y Fu(])g(])33 b Ft(\016)f(S)771
+2272 y Fn(sos)866 2257 y Fu([)-17 b([)q Fs(S)971 2272
+y Fn(1)1010 2257 y Fu(])g(])33 b Ft(v)g(S)1258 2272 y
+Fn(sos)1353 2257 y Fu([)-17 b([)p Fs(S)1457 2272 y Fn(1)1529
+2257 y Fu(;)33 b Fs(S)1656 2272 y Fn(2)1695 2257 y Fu(])-17
+b(])0 2453 y(and)38 b(this)f(pro)m(v)m(es)i(the)f(result.)58
+b(Note)38 b(that)f(in)g(this)g(case)h Ft(S)2243 2468
+y Fn(sos)2376 2453 y Fu(ful\014ls)e(a)h(w)m(eak)m(er)j(v)m(ersion)e(of)
+0 2574 y(the)33 b(clause)g(de\014ning)f Ft(S)892 2589
+y Fn(ds)996 2574 y Fu(in)g(T)-8 b(able)32 b(4.1.)0 2741
+y Fw(The)d(case)h Fr(if)f Fs(b)35 b Fr(then)30 b Fs(S)961
+2756 y Fn(1)1030 2741 y Fr(else)g Fs(S)1331 2756 y Fn(2)1370
+2741 y Fu(:)42 b(Recall)27 b(that)i(`cond')g(is)g(monotone)f(in)g(its)h
+(second)h(and)0 2862 y(third)i(argumen)m(t)g(\(Lemma)f(4.43)h(and)h
+(Exercise)h(4.44\).)43 b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)244
+3058 y Ft(S)312 3073 y Fn(ds)383 3058 y Fu([)-17 b([)p
+Fr(if)34 b Fs(b)k Fr(then)c Fs(S)944 3073 y Fn(1)1015
+3058 y Fr(else)g Fs(S)1320 3073 y Fn(2)1359 3058 y Fu(])-17
+b(])33 b(=)g(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 b
+Fu(])-17 b(])q(,)32 b Ft(S)2098 3073 y Fn(ds)2169 3058
+y Fu([)-17 b([)q Fs(S)2274 3073 y Fn(1)2313 3058 y Fu(])g(])q(,)32
+b Ft(S)2478 3073 y Fn(ds)2549 3058 y Fu([)-17 b([)q Fs(S)2654
+3073 y Fn(2)2693 3058 y Fu(])g(])q(\))1429 3226 y Ft(v)32
+b Fu(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
+b(])q(,)32 b Ft(S)2098 3241 y Fn(sos)2193 3226 y Fu([)-17
+b([)q Fs(S)2298 3241 y Fn(1)2337 3226 y Fu(])g(])q(,)32
+b Ft(S)2502 3241 y Fn(sos)2597 3226 y Fu([)-17 b([)q
+Fs(S)2702 3241 y Fn(2)2741 3226 y Fu(])g(])q(\))0 3422
+y(b)s(ecause)39 b(the)g(induction)e(h)m(yp)s(othesis)i(applied)e(to)h
+Fs(S)2004 3437 y Fn(1)2081 3422 y Fu(and)g Fs(S)2343
+3437 y Fn(2)2421 3422 y Fu(giv)m(es)g Ft(S)2733 3437
+y Fn(ds)2804 3422 y Fu([)-17 b([)q Fs(S)2909 3437 y Fn(1)2948
+3422 y Fu(])g(])33 b Ft(v)g(S)3196 3437 y Fn(sos)3291
+3422 y Fu([)-17 b([)q Fs(S)3396 3437 y Fn(1)3435 3422
+y Fu(])g(])0 3543 y(and)33 b Ft(S)257 3558 y Fn(ds)329
+3543 y Fu([)-17 b([)p Fs(S)433 3558 y Fn(2)473 3543 y
+Fu(])g(])33 b Ft(v)g(S)720 3558 y Fn(sos)816 3543 y Fu([)-17
+b([)p Fs(S)920 3558 y Fn(2)959 3543 y Fu(])g(])q(.)43
+b(F)-8 b(urthermore,)33 b(it)e(follo)m(ws)g(from)h([if)2405
+3507 y Fn(tt)2393 3568 y(sos)2487 3543 y Fu(])g(and)h([if)2833
+3507 y Fn(\013)2821 3568 y(sos)2915 3543 y Fu(])g(that)244
+3739 y Ft(S)312 3754 y Fn(sos)407 3739 y Fu([)-17 b([)p
+Fr(if)33 b Fs(b)39 b Fr(then)33 b Fs(S)967 3754 y Fn(1)1039
+3739 y Fr(else)h Fs(S)1344 3754 y Fn(2)1383 3739 y Fu(])-17
+b(])q Fs(s)40 b Fu(=)33 b Ft(S)1677 3754 y Fn(sos)1773
+3739 y Fu([)-17 b([)p Fs(S)1877 3754 y Fn(1)1916 3739
+y Fu(])g(])q Fs(s)73 b Fu(if)32 b Ft(B)s Fu([)-17 b([)q
+Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(tt)244
+3907 y Ft(S)312 3922 y Fn(sos)407 3907 y Fu([)-17 b([)p
+Fr(if)33 b Fs(b)39 b Fr(then)33 b Fs(S)967 3922 y Fn(1)1039
+3907 y Fr(else)h Fs(S)1344 3922 y Fn(2)1383 3907 y Fu(])-17
+b(])q Fs(s)40 b Fu(=)33 b Ft(S)1677 3922 y Fn(sos)1773
+3907 y Fu([)-17 b([)p Fs(S)1877 3922 y Fn(2)1916 3907
+y Fu(])g(])q Fs(s)73 b Fu(if)32 b Ft(B)s Fu([)-17 b([)q
+Fs(b)6 b Fu(])-17 b(])p Fs(s)41 b Fu(=)32 b Fw(\013)0
+4104 y Fu(so)h(that)244 4300 y(cond\()p Ft(B)t Fu([)-17
+b([)p Fs(b)6 b Fu(])-17 b(])q(,)33 b Ft(S)804 4315 y
+Fn(sos)899 4300 y Fu([)-17 b([)q Fs(S)1004 4315 y Fn(1)1043
+4300 y Fu(])g(])q(,)32 b Ft(S)1208 4315 y Fn(sos)1303
+4300 y Fu([)-17 b([)q Fs(S)1408 4315 y Fn(2)1447 4300
+y Fu(])g(])q(\))32 b(=)h Ft(S)1731 4315 y Fn(sos)1827
+4300 y Fu([)-17 b([)p Fr(if)33 b Fs(b)39 b Fr(then)33
+b Fs(S)2387 4315 y Fn(1)2459 4300 y Fr(else)h Fs(S)2764
+4315 y Fn(2)2803 4300 y Fu(])-17 b(])0 4497 y(and)39
+b(this)g(pro)m(v)m(es)i(the)f(result.)63 b(Note)39 b(that)g(in)g(this)f
+(case)i Ft(S)2263 4512 y Fn(sos)2397 4497 y Fu(ful\014ls)e(the)i
+(clause)f(de\014ning)0 4617 y Ft(S)68 4632 y Fn(ds)172
+4617 y Fu(in)31 b(T)-8 b(able)33 b(4.1.)0 4785 y Fw(The)g(case)g
+Fr(while)h Fs(b)k Fr(do)33 b Fs(S)12 b Fu(:)33 b(W)-8
+b(e)33 b(ha)m(v)m(e)244 4981 y Ft(S)312 4996 y Fn(ds)383
+4981 y Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33
+b Fs(S)12 b Fu(])-17 b(])33 b(=)f(FIX)h Fs(F)0 5178 y
+Fu(where)i Fs(F)47 b(g)42 b Fu(=)34 b(cond\()p Ft(B)t
+Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q(,)34 b Fs(g)42
+b Ft(\016)34 b(S)1323 5193 y Fn(ds)1395 5178 y Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q(,)34 b(id\))f(and)g(w)m(e)i(recall)e
+(that)g Fs(F)47 b Fu(is)33 b(con)m(tin)m(uous.)48 b(It)34
+b(is)0 5298 y(su\016cien)m(t)g(to)e(pro)m(v)m(e)i(that)244
+5494 y Fs(F)13 b Fu(\()p Fs(S)426 5509 y Fn(sos)521 5494
+y Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12
+b Fu(])-17 b(]\))33 b Ft(v)g Fs(S)1418 5509 y Fn(sos)1512
+5494 y Fu([)-17 b([)q Fr(while)34 b Fs(b)k Fr(do)33 b
+Fs(S)12 b Fu(])-17 b(])p eop
+%%Page: 116 126
+116 125 bop 251 130 a Fw(116)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(b)s(ecause)g(then)f
+(Exercise)h(4.40)e(giv)m(es)h(FIX)f Fs(F)47 b Ft(v)35
+b Fs(S)2201 530 y Fn(sos)2296 515 y Fu([)-17 b([)q Fr(while)35
+b Fs(b)41 b Fr(do)34 b Fs(S)12 b Fu(])-17 b(])35 b(as)g(required.)49
+b(F)-8 b(rom)283 636 y(Exercise)34 b(2.21)e(w)m(e)i(get)602
+795 y Ft(S)670 810 y Fn(sos)765 795 y Fu([)-17 b([)q
+Fr(while)33 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17
+b(])101 b(=)f(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b
+Fu(])-17 b(],)33 b Ft(S)2251 810 y Fn(sos)2347 795 y
+Fu([)-17 b([)p Fs(S)45 b Fu(;)32 b Fr(while)i Fs(b)k
+Fr(do)33 b Fs(S)12 b Fu(])-17 b(])q(,)33 b(id\))1514
+963 y Ft(w)100 b Fu(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(],)33 b Ft(S)2251 978 y Fn(sos)2347 963
+y Fu([)-17 b([)p Fr(while)34 b Fs(b)k Fr(do)c Fs(S)12
+b Fu(])-17 b(])32 b Ft(\016)h(S)3179 978 y Fn(sos)3274
+963 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))283
+1129 y(The)h(induction)e(h)m(yp)s(othesis)i(applied)d(to)i
+Fs(S)43 b Fu(giv)m(es)32 b Ft(S)2259 1144 y Fn(ds)2330
+1129 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])32 b Ft(v)g(S)2681
+1144 y Fn(sos)2776 1129 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])32 b(so)g(using)f(the)h(mono-)283 1249 y(tonicit)m(y)g(of)g
+Ft(\016)h Fu(and)f(`cond')h(w)m(e)h(get)527 1453 y Ft(S)595
+1468 y Fn(sos)690 1453 y Fu([)-17 b([)q Fr(while)34 b
+Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b Ft(w)g
+Fu(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33
+b Ft(S)2043 1468 y Fn(sos)2138 1453 y Fu([)-17 b([)p
+Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17
+b(])33 b Ft(\016)f(S)2970 1468 y Fn(sos)3065 1453 y Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))1372 1620
+y Ft(w)h Fu(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(],)33 b Ft(S)2043 1635 y Fn(sos)2138 1620 y Fu([)-17
+b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17
+b(])33 b Ft(\016)f(S)2970 1635 y Fn(ds)3041 1620 y Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q(,)33 b(id\))1372 1788
+y(=)h Fs(F)13 b Fu(\()p Ft(S)1665 1803 y Fn(sos)1760
+1788 y Fu([)-17 b([)q Fr(while)33 b Fs(b)39 b Fr(do)33
+b Fs(S)12 b Fu(])-17 b(]\))283 1991 y(Note)37 b(that)e(in)h(this)f
+(case)i Ft(S)1326 2006 y Fn(sos)1457 1991 y Fu(also)e(ful\014ls)g(a)g
+(w)m(eak)m(er)j(v)m(ersion)f(of)e(the)i(clause)f(de\014ning)g
+Ft(S)3685 2006 y Fn(ds)283 2112 y Fu(in)c(T)-8 b(able)33
+b(4.1.)2863 b Fh(2)430 2315 y Fu(The)33 b(k)m(ey)h(tec)m(hnique)g(used)
+g(in)e(the)h(pro)s(of)f(can)h(b)s(e)f(summarized)g(as)h(follo)m(ws:)p
+283 2393 3470 4 v 283 2410 V 281 2618 4 208 v 298 2618
+V 1371 2539 a Fw(Pro)s(of)f(Summary)h(for)f(While)p Fu(:)p
+3735 2618 V 3752 2618 V 281 2825 V 298 2825 V 402 2746
+a Fw(Equiv)-6 b(alence)31 b(of)i(Op)s(erational)f(Seman)m(tics)g(and)h
+(Denotational)f(Seman)m(tics)p 3735 2825 V 3752 2825
+V 283 2829 3470 4 v 281 4290 4 1461 v 298 4290 V 350
+2994 a Fu(1:)143 b(Pro)m(v)m(e)23 b(that)g Ft(S)1102
+3009 y Fn(sos)1197 2994 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])23 b Ft(v)f(S)1529 3009 y Fn(ds)1600 2994 y Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(])23 b(b)m(y)g(\014rst)g(using)f
+Fs(induction)j(on)g(the)g(shap)-5 b(e)25 b(of)g(deriva-)569
+3114 y(tion)34 b(tr)-5 b(e)g(es)41 b Fu(to)32 b(sho)m(w)i(that)714
+3318 y Ft(\017)49 b Fu(if)d(a)h(statemen)m(t)h(is)f(executed)i
+Fs(one)f(step)54 b Fu(in)46 b(the)i(structural)f(op)s(erational)813
+3438 y(seman)m(tics)f(and)h(do)s(es)g(not)g(terminate)e(then)i(this)f
+(do)s(es)h(not)g(c)m(hange)g(the)813 3559 y(meaning)31
+b(in)h(the)h(denotational)d(seman)m(tics,)j(and)714 3762
+y Ft(\017)49 b Fu(if)d(a)h(statemen)m(t)h(is)f(executed)i
+Fs(one)f(step)54 b Fu(in)46 b(the)i(structural)f(op)s(erational)813
+3882 y(seman)m(tics)39 b(and)f(do)s(es)i(terminate,)f(then)g(the)h
+(same)e(result)h(is)f(obtained)h(in)813 4003 y(the)33
+b(denotational)d(seman)m(tics.)569 4206 y(and)i(secondly)i(b)m(y)f
+(using)g Fs(induction)h(on)g(the)h(length)g(of)f(derivation)g(se)-5
+b(quenc)g(es)p Fu(.)p 3735 4290 V 3752 4290 V 281 5391
+4 1102 v 298 5391 V 350 4374 a(2:)143 b(Pro)m(v)m(e)34
+b(that)e Ft(S)1123 4389 y Fn(ds)1194 4374 y Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(])33 b Ft(v)g(S)1546 4389
+y Fn(sos)1642 4374 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17
+b(])33 b(b)m(y)h(sho)m(wing)e(that)714 4577 y Ft(\017)49
+b(S)880 4592 y Fn(sos)998 4577 y Fu(ful\014ls)21 b(sligh)m(tly)f(w)m
+(eak)m(er)25 b(v)m(ersions)e(of)f(the)g(clauses)h(de\014ning)f
+Ft(S)3254 4592 y Fn(ds)3348 4577 y Fu(in)f(T)-8 b(able)813
+4698 y(4.1,)32 b(that)g(is)g(if)1027 4901 y Ft(S)1095
+4916 y Fn(ds)1166 4901 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])33 b(=)f(\011\()p Ft(\001)17 b(\001)g(\001)31 b(S)1779
+4916 y Fn(ds)1851 4901 y Fu([)-17 b([)p Fs(S)1955 4865
+y Fi(0)1978 4901 y Fu(])g(])34 b Ft(\001)17 b(\001)g(\001)n
+Fu(\))813 5104 y(then)33 b Ft(S)1103 5119 y Fn(sos)1198
+5104 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])33 b Ft(w)g
+Fu(\011\()p Ft(\001)17 b(\001)g(\001)31 b(S)1813 5119
+y Fn(sos)1908 5104 y Fu([)-17 b([)p Fs(S)2012 5068 y
+Fi(0)2035 5104 y Fu(])g(])34 b Ft(\001)17 b(\001)g(\001)n
+Fu(\))569 5308 y(A)32 b(pro)s(of)g(b)m(y)i Fs(structur)-5
+b(al)35 b(induction)40 b Fu(then)33 b(giv)m(es)g(that)f
+Ft(S)2684 5323 y Fn(ds)2755 5308 y Fu([)-17 b([)q Fs(S)12
+b Fu(])-17 b(])33 b Ft(v)g(S)3108 5323 y Fn(sos)3203
+5308 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q(.)p 3735
+5391 V 3752 5391 V 283 5395 3470 4 v 283 5411 V eop
+%%Page: 117 127
+117 126 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
+b(117)p 0 193 3473 4 v 0 515 a(Exercise)36 b(4.58)49
+b Fu(Giv)m(e)33 b(a)f(detailed)f(argumen)m(t)i(sho)m(wing)f(that)236
+683 y Ft(S)304 698 y Fn(sos)399 683 y Fu([)-17 b([)q
+Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33
+b Ft(w)g Fu(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(],)33 b Ft(S)1751 698 y Fn(sos)1847 683 y Fu([)-17
+b([)p Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17
+b(])33 b Ft(\016)g(S)2679 698 y Fn(sos)2774 683 y Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\).)276 b Fh(2)0
+861 y Fw(Exercise)36 b(4.59)49 b Fu(Extend)24 b(the)e(pro)s(of)g(of)f
+(Theorem)i(4.55)e(so)h(that)g(it)f(applies)g(to)h(the)g(language)0
+981 y(when)34 b(augmen)m(ted)f(with)f Fr(repeat)i Fs(S)44
+b Fr(until)34 b Fs(b)6 b Fu(.)1619 b Fh(2)0 1159 y Fw(Exercise)36
+b(4.60)49 b Fu(Extend)24 b(the)e(pro)s(of)g(of)f(Theorem)i(4.55)e(so)h
+(that)g(it)f(applies)g(to)h(the)g(language)0 1279 y(when)34
+b(augmen)m(ted)f(with)f Fr(for)h Fs(x)12 b Fu(:=)p Fs(a)1376
+1294 y Fn(1)1448 1279 y Fr(to)33 b Fs(a)1640 1294 y Fn(2)1712
+1279 y Fr(do)g Fs(S)12 b Fu(.)1457 b Fh(2)0 1457 y Fw(Exercise)36
+b(4.61)49 b Fu(Com)m(bining)31 b(the)i(results)f(of)g(Theorem)h(2.26)e
+(and)i(Theorem)f(4.55)g(w)m(e)h(get)0 1577 y(that)h Ft(S)281
+1592 y Fn(ns)352 1577 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])35 b(=)f Ft(S)707 1592 y Fn(ds)778 1577 y Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(])34 b(holds)h(for)e(ev)m(ery)k(statemen)m
+(t)e Fs(S)46 b Fu(of)34 b Fw(While)p Fu(.)48 b(Giv)m(e)34
+b(a)g(direct)g(pro)s(of)0 1698 y(of)e(this)g(\(that)h(is)f(without)g
+(using)g(the)h(t)m(w)m(o)g(theorems\).)1329 b Fh(2)0
+2024 y Fj(4.5)161 b(Extensions)52 b(of)i(While)0 2243
+y Fu(W)-8 b(e)23 b(shall)e(conclude)i(this)g(c)m(hapter)g(b)m(y)h
+(considering)e(a)g(couple)h(of)f(extensions)i(of)e(the)h(language)0
+2363 y Fw(While)p Fu(.)88 b(The)49 b(extensions)h(ha)m(v)m(e)f(b)s(een)
+g(c)m(hosen)g(so)f(as)h(to)e(illustrate)f(t)m(w)m(o)j(of)f(the)g(most)0
+2484 y(imp)s(ortan)m(t)31 b(concepts)j(of)e(denotational)f(seman)m
+(tics:)145 2649 y Ft(\017)49 b Fs(lo)-5 b(c)g(ations)p
+Fu(,)32 b(and)145 2840 y Ft(\017)49 b Fs(c)-5 b(ontinuations)p
+Fu(.)0 3005 y(In)32 b(the)g(\014rst)g(case)g Fw(While)e
+Fu(is)h(extended)j(with)d(blo)s(c)m(ks)h(and)g(pro)s(cedures)h(and)e
+(in)g(the)h(second)0 3126 y(case)g(with)f(exceptions.)44
+b(In)31 b(b)s(oth)g(cases)i(w)m(e)f(shall)e(sho)m(w)i(ho)m(w)g(to)f(mo)
+s(dify)e(the)j(seman)m(tics)f(of)0 3246 y(T)-8 b(able)32
+b(4.1.)0 3528 y Fp(The)44 b(concept)h(of)g(lo)t(cations)0
+3713 y Fu(W)-8 b(e)32 b(shall)e(\014rst)i(extend)h Fw(While)d
+Fu(with)h(blo)s(c)m(ks)h(declaring)f(lo)s(cal)e(v)-5
+b(ariables)30 b(and)i(pro)s(cedures.)0 3833 y(The)i(new)f(language)e
+(is)i(called)e Fw(Pro)s(c)h Fu(and)g(its)h(syn)m(tax)h(is)294
+3990 y Fs(S)188 b Fu(::=)100 b Fs(x)44 b Fu(:=)33 b Fs(a)40
+b Ft(j)32 b Fr(skip)h Ft(j)f Fs(S)1506 4005 y Fn(1)1578
+3990 y Fu(;)h Fs(S)1705 4005 y Fn(2)1777 3990 y Ft(j)f
+Fr(if)h Fs(b)38 b Fr(then)c Fs(S)2360 4005 y Fn(1)2432
+3990 y Fr(else)f Fs(S)2736 4005 y Fn(2)588 4158 y Ft(j)151
+b Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)45 b Ft(j)32 b
+Fr(begin)i Fs(D)1806 4173 y Fc(V)1899 4158 y Fs(D)1982
+4173 y Fc(P)2073 4158 y Fs(S)45 b Fr(end)33 b Ft(j)f
+Fr(call)i Fs(p)294 4326 y(D)377 4341 y Fc(V)537 4326
+y Fu(::=)100 b Fr(var)33 b Fs(x)45 b Fu(:=)32 b Fs(a)7
+b Fu(;)33 b Fs(D)1378 4341 y Fc(V)1471 4326 y Ft(j)g
+Fo(")294 4493 y Fs(D)377 4508 y Fc(P)537 4493 y Fu(::=)100
+b Fr(proc)34 b Fs(p)k Fr(is)33 b Fs(S)12 b Fu(;)32 b
+Fs(D)1437 4508 y Fc(P)1529 4493 y Ft(j)g Fo(")0 4652
+y Fu(where)i Fs(D)365 4667 y Fc(V)459 4652 y Fu(and)f
+Fs(D)732 4667 y Fc(P)823 4652 y Fu(are)g(meta-v)-5 b(ariables)31
+b(ranging)g(o)m(v)m(er)j(the)f(syn)m(tactic)h(categories)f
+Fw(Dec)3415 4667 y Fn(V)0 4772 y Fu(of)c(v)-5 b(ariable)27
+b(declarations)h(and)i Fw(Dec)1383 4787 y Fn(P)1464 4772
+y Fu(of)f(pro)s(cedure)h(declarations,)f(resp)s(ectiv)m(ely)-8
+b(,)30 b(and)g Fs(p)35 b Fu(is)0 4893 y(a)c(meta-v)-5
+b(ariable)29 b(ranging)h(o)m(v)m(er)i(the)64 b(syn)m(tactic)32
+b(category)g Fw(Pname)f Fu(of)g(pro)s(cedure)h(names.)0
+5013 y(The)k(idea)f(is)f(that)h(v)-5 b(ariables)34 b(and)i(pro)s
+(cedures)g(are)g(only)e(kno)m(wn)j(inside)d(the)i(blo)s(c)m(k)f(where)0
+5133 y(they)26 b(are)g(declared.)41 b(Pro)s(cedures)28
+b(ma)m(y)d(or)g(ma)m(y)h(not)f(b)s(e)h(recursiv)m(e)h(and)f(w)m(e)g
+(shall)e(emphasize)0 5254 y(the)33 b(di\013erences)h(in)e(the)h(seman)m
+(tics)f(to)h(b)s(e)f(sp)s(eci\014ed)i(b)s(elo)m(w.)146
+5374 y(W)-8 b(e)39 b(shall)d(adopt)i Fs(static)i(sc)-5
+b(op)g(e)39 b(rules)46 b Fu(rather)38 b(than)g(dynamic)f(scop)s(e)i
+(rules.)60 b(Consider)0 5494 y(the)33 b(follo)m(wing)d(statemen)m(t:)p
+eop
+%%Page: 118 128
+118 127 bop 251 130 a Fw(118)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Fr(begin)e(var)g(x)e
+Fu(:=)h Fr(7)p Fu(;)g Fr(proc)g(p)g(is)g(x)g Fu(:=)f
+Fr(0)p Fu(;)816 683 y Fr(begin)i(var)f(x)g Fu(:=)g Fr(5)p
+Fu(;)f Fr(call)i(p)f(end)527 851 y(end)283 1024 y Fu(Using)k(static)g
+(scop)s(e)h(rules)f(the)g(e\013ect)h(of)f(executing)h
+Fr(call)g(p)f Fu(in)g(the)g(inner)g(blo)s(c)m(k)g(will)e(b)s(e)283
+1144 y(to)k(mo)s(dify)e(the)i Fs(glob)-5 b(al)48 b Fu(v)-5
+b(ariable)37 b Fr(x)p Fu(.)63 b(Using)38 b(dynamic)g(scop)s(e)i(rules)f
+(the)g(e\013ect)h(will)c(b)s(e)j(to)283 1264 y(mo)s(dify)31
+b(the)i Fs(lo)-5 b(c)g(al)43 b Fu(v)-5 b(ariable)30 b
+Fr(x)p Fu(.)430 1385 y(T)-8 b(o)48 b(obtain)e(static)h(scop)s(e)i
+(rules)f(w)m(e)g(shall)f(in)m(tro)s(duce)g(the)h(notion)f(of)g
+Fs(lo)-5 b(c)g(ations)8 b Fu(:)73 b(to)283 1505 y(eac)m(h)39
+b(v)-5 b(ariable)35 b(w)m(e)k(asso)s(ciate)e(a)g(unique)g(lo)s(cation)e
+(and)j(to)f(eac)m(h)h(lo)s(cation)d(w)m(e)j(asso)s(ciate)f(a)283
+1625 y(v)-5 b(alue.)43 b(This)31 b(is)f(in)h(con)m(trast)g(to)g(what)g
+(w)m(e)h(did)f(in)f(T)-8 b(able)30 b(4.1)h(where)h(w)m(e)g(emplo)m(y)m
+(ed)f(a)g(direct)283 1746 y(asso)s(ciation)36 b(b)s(et)m(w)m(een)j(v)-5
+b(ariables)35 b(and)i(v)-5 b(alues.)57 b(The)38 b(idea)e(then)i(is)e
+(that)h(whenev)m(er)i(a)e(new)283 1866 y(v)-5 b(ariable)33
+b(is)h(declared)h(it)e(is)h(asso)s(ciated)g(with)g(a)h(new)g(un)m(used)
+h(lo)s(cation)c(and)j(that)f(it)f(is)h(the)283 1987 y(v)-5
+b(alue)31 b(of)f(this)h(lo)s(cation)d(that)j(is)g(c)m(hanged)h(b)m(y)f
+(assignmen)m(t)g(to)g(the)g(v)-5 b(ariable.)41 b(With)31
+b(resp)s(ect)283 2107 y(to)d(the)g(ab)s(o)m(v)m(e)g(statemen)m(t)g
+(this)f(means)h(that)f(the)h(global)d(v)-5 b(ariable)26
+b Fr(x)i Fu(and)f(the)h(lo)s(cal)e(v)-5 b(ariable)283
+2227 y Fr(x)35 b Fu(will)e(ha)m(v)m(e)j(di\013eren)m(t)f(lo)s(cations.)
+48 b(In)35 b(the)h(inner)e(blo)s(c)m(k)h(w)m(e)g(can)g(only)g(directly)
+f(access)i(the)283 2348 y(lo)s(cation)i(of)h(the)h(lo)s(cal)d(v)-5
+b(ariable)38 b(but)i(the)g(pro)s(cedure)g(b)s(o)s(dy)g(for)f
+Fr(p)h Fu(ma)m(y)f(only)g(access)i(the)283 2468 y(lo)s(cation)31
+b(of)h(the)h(global)d(v)-5 b(ariable.)283 2723 y Fw(Stores)38
+b(and)g(v)-6 b(ariable)37 b(en)m(vironmen)m(ts)283 2907
+y Fu(So)32 b(far)e(states)j(in)d Fw(State)i Fu(ha)m(v)m(e)g(b)s(een)g
+(used)h(to)e(asso)s(ciate)g(v)-5 b(alues)31 b(with)g(v)-5
+b(ariables.)42 b(W)-8 b(e)31 b(shall)283 3028 y(no)m(w)48
+b(replace)e(states)h(with)f Fs(stor)-5 b(es)55 b Fu(that)46
+b(map)f(lo)s(cations)g(to)h(v)-5 b(alues)46 b(and)h(with)f
+Fs(variable)283 3148 y(envir)-5 b(onments)40 b Fu(that)32
+b(map)g(v)-5 b(ariables)31 b(to)h(lo)s(cations.)42 b(W)-8
+b(e)33 b(in)m(tro)s(duce)g(the)g(domain)527 3321 y Fw(Lo)s(c)g
+Fu(=)g Fw(Z)283 3494 y Fu(of)g(lo)s(cations)f(whic)m(h)i(for)f(the)h
+(sak)m(e)h(of)e(simplicit)m(y)e(has)j(b)s(een)g(iden)m(ti\014ed)f(with)
+g(the)h(in)m(tegers.)283 3614 y(W)-8 b(e)33 b(shall)f(need)h(an)g(op)s
+(eration)527 3787 y(new:)45 b Fw(Lo)s(c)33 b Ft(!)f Fw(Lo)s(c)283
+3960 y Fu(on)37 b(lo)s(cations)d(that)i(giv)m(en)h(a)f(lo)s(cation)d
+(will)h(giv)m(e)j(the)f(next)i(one;)g(since)f Fw(Lo)s(c)f
+Fu(is)g Fw(Z)h Fu(w)m(e)g(ma)m(y)283 4081 y(tak)m(e)d(`new')g(to)e(b)s
+(e)h(the)g(successor)h(function)f(on)f(the)h(in)m(tegers.)430
+4201 y(W)-8 b(e)33 b(can)g(no)m(w)g(de\014ne)h(a)e(store,)h
+Fs(sto)6 b Fu(,)33 b(as)g(an)f(elemen)m(t)g(of)527 4374
+y Fw(Store)h Fu(=)f Fw(Lo)s(c)h Ft([)g(f)p Fu(next)p
+Ft(g)g(!)f Fw(Z)283 4547 y Fu(where)h(`next')f(is)f(a)g(sp)s(ecial)f
+(tok)m(en)i(used)g(to)f(hold)g(the)g Fs(next)j(fr)-5
+b(e)g(e)33 b(lo)-5 b(c)g(ation)p Fu(.)42 b(Note)31 b(that)g(since)283
+4667 y Fw(Lo)s(c)i Fu(is)f Fw(Z)h Fu(w)m(e)h(ha)m(v)m(e)g(that)e(`)p
+Fs(sto)39 b Fu(next')34 b(is)e(a)g(lo)s(cation.)430 4788
+y(A)g(v)-5 b(ariable)31 b(en)m(vironmen)m(t)i Fs(env)1618
+4803 y Fc(V)1711 4788 y Fu(is)f(an)g(elemen)m(t)h(of)527
+4960 y Fw(En)m(v)719 4975 y Fn(V)810 4960 y Fu(=)f Fw(V)-9
+b(ar)32 b Ft(!)g Fw(Lo)s(c)283 5133 y Fu(Th)m(us)j(the)e(v)-5
+b(ariable)30 b(en)m(vironmen)m(t)j(will)e(assign)h(a)g(lo)s(cation)e
+(to)j(eac)m(h)g(v)-5 b(ariable.)430 5254 y(So,)43 b(rather)e(than)h(ha)
+m(ving)f(a)f(single)h(mapping)e Fs(s)49 b Fu(from)40
+b(v)-5 b(ariables)40 b(to)h(v)-5 b(alues)41 b(w)m(e)i(ha)m(v)m(e)283
+5374 y(split)29 b(it)g(in)m(to)g(t)m(w)m(o)i(mappings)e
+Fs(env)1563 5389 y Fc(V)1653 5374 y Fu(and)h Fs(sto)36
+b Fu(and)30 b(the)h(idea)e(is)h(that)f Fs(s)38 b Fu(=)30
+b Fs(sto)36 b Ft(\016)30 b Fs(env)3436 5389 y Fc(V)3496
+5374 y Fu(.)43 b(This)283 5494 y(motiv)-5 b(ates)32 b(de\014ning)g(the)
+h(function)f(`lo)s(okup')g(b)m(y)p eop
+%%Page: 119 129
+119 128 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
+b(119)p 0 193 3473 4 v 0 419 V 0 1836 4 1418 v 382 519
+a Ft(S)450 483 y Fi(0)450 543 y Fn(ds)521 519 y Fu([)-17
+b([)q Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(])-17 b(])p Fs(env)969
+534 y Fc(V)1062 519 y Fs(sto)39 b Fu(=)32 b Fs(sto)6
+b Fu([)p Fs(l)k Ft(7!A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
+b(])q(\(lo)s(okup)32 b Fs(env)2347 534 y Fc(V)2439 519
+y Fs(sto)6 b Fu(\)])651 686 y(where)34 b Fs(l)42 b Fu(=)33
+b Fs(env)1265 701 y Fc(V)1357 686 y Fs(x)382 878 y Ft(S)450
+841 y Fi(0)450 902 y Fn(ds)521 878 y Fu([)-17 b([)q Fr(skip)p
+Fu(])g(])q Fs(env)957 893 y Fc(V)1050 878 y Fu(=)32 b(id)382
+1069 y Ft(S)450 1033 y Fi(0)450 1093 y Fn(ds)521 1069
+y Fu([)-17 b([)q Fs(S)626 1084 y Fn(1)697 1069 y Fu(;)33
+b Fs(S)824 1084 y Fn(2)863 1069 y Fu(])-17 b(])q Fs(env)1057
+1084 y Fc(V)1150 1069 y Fu(=)32 b(\()p Ft(S)1364 1033
+y Fi(0)1364 1093 y Fn(ds)1435 1069 y Fu([)-17 b([)p Fs(S)1539
+1084 y Fn(2)1579 1069 y Fu(])g(])p Fs(env)1772 1084 y
+Fc(V)1832 1069 y Fu(\))33 b Ft(\016)f Fu(\()p Ft(S)2091
+1033 y Fi(0)2091 1093 y Fn(ds)2162 1069 y Fu([)-17 b([)q
+Fs(S)2267 1084 y Fn(1)2306 1069 y Fu(])g(])q Fs(env)2500
+1084 y Fc(V)2560 1069 y Fu(\))382 1260 y Ft(S)450 1224
+y Fi(0)450 1285 y Fn(ds)521 1260 y Fu([)g([)q Fr(if)33
+b Fs(b)38 b Fr(then)c Fs(S)1082 1275 y Fn(1)1154 1260
+y Fr(else)f Fs(S)1458 1275 y Fn(2)1497 1260 y Fu(])-17
+b(])q Fs(env)1691 1275 y Fc(V)1784 1260 y Fu(=)651 1428
+y(cond\()p Ft(B)t Fu([)g([)p Fs(b)6 b Fu(])-17 b(])q
+Ft(\016)p Fu(\(lo)s(okup)31 b Fs(env)1647 1443 y Fc(V)1707
+1428 y Fu(\),)i Ft(S)1873 1392 y Fi(0)1873 1452 y Fn(ds)1944
+1428 y Fu([)-17 b([)q Fs(S)2049 1443 y Fn(1)2088 1428
+y Fu(])g(])p Fs(env)2281 1443 y Fc(V)2342 1428 y Fu(,)32
+b Ft(S)2469 1392 y Fi(0)2469 1452 y Fn(ds)2540 1428 y
+Fu([)-17 b([)q Fs(S)2645 1443 y Fn(2)2684 1428 y Fu(])g(])q
+Fs(env)2878 1443 y Fc(V)2938 1428 y Fu(\))382 1619 y
+Ft(S)450 1583 y Fi(0)450 1644 y Fn(ds)521 1619 y Fu([)g([)q
+Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 b(])p
+Fs(env)1326 1634 y Fc(V)1419 1619 y Fu(=)32 b(FIX)h Fs(F)618
+1787 y Fu(where)h Fs(F)46 b(g)41 b Fu(=)32 b(cond\()p
+Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Ft(\016)p
+Fu(\(lo)s(okup)32 b Fs(env)2201 1802 y Fc(V)2261 1787
+y Fu(\),)g Fs(g)41 b Ft(\016)33 b Fu(\()p Ft(S)2632 1750
+y Fi(0)2632 1811 y Fn(ds)2704 1787 y Fu([)-17 b([)p Fs(S)12
+b Fu(])-17 b(])q Fs(env)3002 1802 y Fc(V)3062 1787 y
+Fu(\),)32 b(id\))p 3469 1836 V 0 1839 3473 4 v 438 2000
+a(T)-8 b(able)33 b(4.2:)43 b(Denotational)30 b(seman)m(tics)j(for)f
+Fw(While)f Fu(using)h(lo)s(cations)244 2286 y(lo)s(okup)g
+Fs(env)720 2301 y Fc(V)812 2286 y Fs(sto)39 b Fu(=)32
+b Fs(sto)39 b Ft(\016)32 b Fs(env)1480 2301 y Fc(V)0
+2491 y Fu(so)h(that)f(`lo)s(okup)g Fs(env)834 2506 y
+Fc(V)894 2491 y Fu(')h(will)d(transform)i(a)g(store)h(to)f(a)g(state,)i
+(that)e(is)244 2696 y(lo)s(okup:)43 b Fw(En)m(v)794 2711
+y Fn(V)884 2696 y Ft(!)32 b Fw(Store)g Ft(!)h Fw(State)146
+2902 y Fu(Ha)m(ving)e(replaced)g(a)g(one)h(stage)f(mapping)e(with)i(a)g
+(t)m(w)m(o)h(stage)f(mapping)f(w)m(e)i(shall)e(w)m(an)m(t)0
+3022 y(to)38 b(reform)m(ulate)g(the)h(seman)m(tic)f(equations)h(of)f(T)
+-8 b(able)39 b(4.1)f(to)g(use)i(v)-5 b(ariable)37 b(en)m(vironmen)m(ts)
+0 3142 y(and)c(stores.)44 b(The)34 b(new)f(seman)m(tic)f(function)g
+Ft(S)1760 3106 y Fi(0)1760 3167 y Fn(ds)1864 3142 y Fu(has)h
+(functionalit)m(y)244 3347 y Ft(S)312 3311 y Fi(0)312
+3372 y Fn(ds)383 3347 y Fu(:)43 b Fw(Stm)32 b Ft(!)g
+Fw(En)m(v)1009 3362 y Fn(V)1100 3347 y Ft(!)g Fu(\()p
+Fw(Store)g Fo(,)-17 b Ft(!)33 b Fw(Store)p Fu(\))0 3553
+y(so)f(that)g(only)f(the)i(store)f(is)f(up)s(dated)i(during)e(the)h
+(execution)h(of)f(statemen)m(ts.)44 b(The)33 b(clauses)0
+3673 y(de\014ning)41 b Ft(S)445 3637 y Fi(0)445 3698
+y Fn(ds)557 3673 y Fu(are)g(giv)m(en)g(in)f(T)-8 b(able)41
+b(4.2.)68 b(Note)41 b(that)g(in)f(the)i(clause)f(for)f(assignmen)m(t)h
+(the)0 3793 y(v)-5 b(ariable)40 b(en)m(vironmen)m(t)h(is)g(consulted)h
+(to)g(determine)f(the)h(lo)s(cation)d(of)i(the)h(v)-5
+b(ariable)39 b(and)0 3914 y(this)g(lo)s(cation)e(is)i(up)s(dated)h(in)f
+(the)h(store.)64 b(In)40 b(the)g(clauses)g(for)f(the)h(conditional)c
+(and)k(the)0 4034 y Fr(while)p Fu(-construct)35 b(w)m(e)e(use)h(the)f
+(auxiliary)d(function)i(`cond')h(of)g(functionalit)m(y)244
+4239 y(cond:)44 b(\()p Fw(Store)32 b Ft(!)g Fw(T)p Fu(\))h
+Ft(\002)g Fu(\()p Fw(Store)f Fo(,)-17 b Ft(!)33 b Fw(Store)p
+Fu(\))f Ft(\002)h Fu(\()p Fw(Store)f Fo(,)-17 b Ft(!)33
+b Fw(Store)p Fu(\))749 4407 y Ft(!)f Fu(\()p Fw(Store)g
+Fo(,)-17 b Ft(!)33 b Fw(Store)p Fu(\))0 4612 y(and)g(its)f
+(de\014nition)f(is)h(as)h(in)f(Section)g(4.1.)0 4843
+y Fw(Exercise)k(4.62)49 b Fu(W)-8 b(e)34 b(ha)m(v)m(e)g(to)f(mak)m(e)g
+(sure)g(that)g(the)h(clauses)f(of)g(T)-8 b(able)32 b(4.2)h(de\014ne)h
+(a)f(w)m(ell-)0 4964 y(de\014ned)h(function)e Ft(S)786
+4928 y Fi(0)786 4988 y Fn(ds)857 4964 y Fu(.)44 b(T)-8
+b(o)32 b(do)h(so)145 5169 y Ft(\017)49 b Fu(equip)33
+b Fw(Store)f Fo(,)-17 b Ft(!)33 b Fw(Store)f Fu(with)g(a)g(partial)f
+(ordering)h(suc)m(h)i(that)e(it)g(b)s(ecomes)h(a)f(ccp)s(o,)145
+5374 y Ft(\017)49 b Fu(sho)m(w)31 b(that)e Ft(\016)g
+Fu(is)h(con)m(tin)m(uous)g(in)f(b)s(oth)g(of)g(its)h(argumen)m(ts)f
+(and)h(that)g(`cond')g(is)f(con)m(tin-)244 5494 y(uous)k(in)f(its)g
+(second)i(and)e(third)g(argumen)m(t,)h(and)p eop
+%%Page: 120 130
+120 129 bop 251 130 a Fw(120)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 429 515 a Ft(\017)48
+b Fu(sho)m(w)34 b(that)e(the)h(\014xed)h(p)s(oin)m(t)e(op)s(eration)f
+(is)h(only)g(applied)g(to)g(con)m(tin)m(uous)h(functions.)283
+717 y(Conclude)h(that)e Ft(S)991 681 y Fi(0)991 742 y
+Fn(ds)1094 717 y Fu(is)h(a)f(w)m(ell-de\014ned)h(function.)1496
+b Fh(2)283 943 y Fw(Exercise)37 b(4.63)49 b Fu(*)32 b(Pro)m(v)m(e)i
+(that)e(the)h(t)m(w)m(o)h(seman)m(tic)e(functions)h Ft(S)2787
+958 y Fn(ds)2891 943 y Fu(and)g Ft(S)3149 907 y Fi(0)3149
+967 y Fn(ds)3252 943 y Fu(satisfy)527 1144 y Ft(S)595
+1159 y Fn(ds)666 1144 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])33 b Ft(\016)f Fu(\(lo)s(okup)g Fs(env)1437 1159
+y Fc(V)1497 1144 y Fu(\))g(=)h(\(lo)s(okup)f Fs(env)2190
+1159 y Fc(V)2250 1144 y Fu(\))g Ft(\016)g Fu(\()p Ft(S)2508
+1108 y Fi(0)2508 1169 y Fn(ds)2579 1144 y Fu([)-17 b([)q
+Fs(S)12 b Fu(])-17 b(])p Fs(env)2877 1159 y Fc(V)2937
+1144 y Fu(\))283 1346 y(for)44 b(all)e(statemen)m(ts)j
+Fs(S)55 b Fu(of)44 b Fw(While)e Fu(and)i(for)g(all)d
+Fs(env)2326 1361 y Fc(V)2430 1346 y Fu(suc)m(h)46 b(that)e
+Fs(env)3041 1361 y Fc(V)3145 1346 y Fu(is)f(an)h(injectiv)m(e)283
+1466 y(mapping.)3001 b Fh(2)283 1692 y Fw(Exercise)37
+b(4.64)49 b Fu(Ha)m(ving)23 b(replaced)h(a)f(one)h(stage)g(mapping)f
+(with)g(a)g(t)m(w)m(o)i(stage)f(mapping)e(w)m(e)283 1812
+y(migh)m(t)j(consider)h(rede\014ning)g(the)g(seman)m(tic)g(functions)f
+Ft(A)h Fu(and)f Ft(B)t Fu(.)41 b(The)27 b(new)g(functionalities)283
+1933 y(of)33 b Ft(A)f Fu(and)g Ft(B)k Fu(migh)m(t)31
+b(b)s(e)527 2134 y Ft(A)607 2098 y Fi(0)630 2134 y Fu(:)44
+b Fw(Aexp)32 b Ft(!)g Fw(En)m(v)1314 2149 y Fn(V)1405
+2134 y Ft(!)g Fu(\()p Fw(Store)g Ft(!)g Fw(Z)p Fu(\))527
+2302 y Ft(B)596 2266 y Fi(0)619 2302 y Fu(:)44 b Fw(Bexp)32
+b Ft(!)g Fw(En)m(v)1298 2317 y Fn(V)1389 2302 y Ft(!)g
+Fu(\()p Fw(Store)g Ft(!)g Fw(T)p Fu(\))283 2504 y(and)h(the)g(in)m
+(tended)g(relationship)e(is)h(that)527 2705 y Ft(A)607
+2669 y Fi(0)630 2705 y Fu([)-17 b([)q Fs(a)7 b Fu(])-17
+b(])q Fs(env)919 2720 y Fc(V)1011 2705 y Fu(=)33 b Ft(A)o
+Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])33 b Ft(\016)f Fu(\(lo)s(okup)g
+Fs(env)1960 2720 y Fc(V)2020 2705 y Fu(\))527 2873 y
+Ft(B)596 2837 y Fi(0)619 2873 y Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(])p Fs(env)901 2888 y Fc(V)994 2873 y Fu(=)32
+b Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(\016)g
+Fu(\(lo)s(okup)e Fs(env)1925 2888 y Fc(V)1985 2873 y
+Fu(\))283 3074 y(Giv)m(e)40 b(a)g(comp)s(ositional)c(de\014nition)j(of)
+h(the)g(functions)g Ft(A)2479 3038 y Fi(0)2542 3074 y
+Fu(and)g Ft(B)2808 3038 y Fi(0)2871 3074 y Fu(suc)m(h)h(that)f(this)g
+(is)f(the)283 3195 y(case.)3198 b Fh(2)283 3454 y Fw(Up)s(dating)38
+b(the)f(v)-6 b(ariable)37 b(en)m(vironmen)m(t)283 3639
+y Fu(The)g(v)-5 b(ariable)34 b(en)m(vironmen)m(t)j(is)e(up)s(dated)h
+(whenev)m(er)j(w)m(e)e(en)m(ter)f(a)g(blo)s(c)m(k)g(con)m(taining)e(lo)
+s(cal)283 3759 y(declarations.)60 b(T)-8 b(o)38 b(express)i(this)e(w)m
+(e)h(shall)e(in)m(tro)s(duce)h(a)g(seman)m(tic)f(function)h
+Ft(D)3357 3723 y Fn(V)3357 3784 y(ds)3466 3759 y Fu(for)f(the)283
+3880 y(syn)m(tactic)d(category)f(of)f(v)-5 b(ariable)31
+b(declarations.)42 b(It)33 b(has)g(functionalit)m(y)527
+4081 y Ft(D)607 4045 y Fn(V)607 4106 y(ds)678 4081 y
+Fu(:)44 b Fw(Dec)936 4096 y Fn(V)1026 4081 y Ft(!)32
+b Fw(En)m(v)1350 4096 y Fc(V)1443 4081 y Ft(\002)h Fw(Store)g
+Ft(!)f Fw(En)m(v)2169 4096 y Fc(V)2262 4081 y Ft(\002)h
+Fw(Store)283 4283 y Fu(The)i(function)f Ft(D)949 4246
+y Fn(V)949 4307 y(ds)1020 4283 y Fu([)-17 b([)p Fs(D)1140
+4298 y Fc(V)1201 4283 y Fu(])g(])35 b(will)c(tak)m(e)k(a)f(pair)f(as)h
+(argumen)m(ts:)47 b(the)34 b(\014rst)h(comp)s(onen)m(t)f(of)f(that)283
+4403 y(pair)22 b(will)e(b)s(e)i(the)h(curren)m(t)g(v)-5
+b(ariable)21 b(en)m(vironmen)m(t)h(and)h(the)f(second)i(comp)s(onen)m
+(t)e(the)h(curren)m(t)283 4523 y(store.)62 b(The)39 b(function)f(will)e
+(return)j(the)g(up)s(dated)f(v)-5 b(ariable)37 b(en)m(vironmen)m(t)i
+(as)f(w)m(ell)g(as)g(the)283 4644 y(up)s(dated)32 b(store.)44
+b(The)32 b(function)f(is)g(de\014ned)h(b)m(y)h(the)e(seman)m(tic)g
+(clauses)h(of)f(T)-8 b(able)31 b(4.3.)43 b(Note)283 4764
+y(that)36 b(w)m(e)i(pro)s(cess)f(the)g(declarations)e(from)g(left)g(to)
+h(righ)m(t)g(and)g(that)g(w)m(e)h(up)s(date)g(the)f(v)-5
+b(alue)283 4885 y(of)33 b(the)g(tok)m(en)g(`next')h(in)e(the)h(store.)
+430 5005 y(In)28 b(the)h(case)g(where)g(there)g(are)f
+Fs(no)34 b Fu(pro)s(cedure)29 b(declarations)e(in)h(a)g(blo)s(c)m(k)g
+(w)m(e)h(can)f(extend)283 5125 y(the)33 b(seman)m(tic)g(function)f
+Ft(S)1306 5089 y Fi(0)1306 5150 y Fn(ds)1409 5125 y Fu(of)g(T)-8
+b(able)33 b(4.2)f(with)g(a)g(clause)h(lik)m(e)527 5327
+y Ft(S)595 5291 y Fi(0)595 5351 y Fn(ds)666 5327 y Fu([)-17
+b([)q Fr(begin)34 b Fs(D)1076 5342 y Fc(V)1169 5327 y
+Fs(S)45 b Fr(end)p Fu(])-17 b(])q Fs(env)1616 5342 y
+Fc(V)1709 5327 y Fs(sto)38 b Fu(=)33 b Ft(S)2045 5291
+y Fi(0)2045 5351 y Fn(ds)2117 5327 y Fu([)-17 b([)p Fs(S)12
+b Fu(])-17 b(])q Fs(env)2415 5291 y Fi(0)2415 5351 y
+Fc(V)2507 5327 y Fs(sto)2635 5291 y Fi(0)796 5494 y Fu(where)34
+b Ft(D)1158 5458 y Fn(V)1158 5519 y(ds)1229 5494 y Fu([)-17
+b([)p Fs(D)1349 5509 y Fc(V)1410 5494 y Fu(])g(])q(\()p
+Fs(env)1642 5509 y Fc(V)1702 5494 y Fu(,)32 b Fs(sto)6
+b Fu(\))33 b(=)f(\()p Fs(env)2262 5458 y Fi(0)2262 5519
+y Fc(V)2322 5494 y Fu(,)h Fs(sto)2510 5458 y Fi(0)2534
+5494 y Fu(\))p eop
+%%Page: 121 131
+121 130 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
+b(121)p 0 193 3473 4 v 0 419 V 0 1102 4 683 v 382 526
+a Ft(D)462 489 y Fn(V)462 550 y(ds)533 526 y Fu([)-17
+b([)p Fr(var)34 b Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(;)32
+b Fs(D)1181 541 y Fc(V)1242 526 y Fu(])-17 b(])q(\()p
+Fs(env)1474 541 y Fc(V)1534 526 y Fu(,)33 b Fs(sto)6
+b Fu(\))32 b(=)651 693 y Ft(D)730 657 y Fn(V)730 718
+y(ds)802 693 y Fu([)-17 b([)p Fs(D)922 708 y Fc(V)983
+693 y Fu(])g(])q(\()p Fs(env)1215 708 y Fc(V)1275 693
+y Fu([)p Fs(x)12 b Ft(7!)o Fs(l)e Fu(],)33 b Fs(sto)6
+b Fu([)p Fs(l)k Ft(7!)p Fs(v)h Fu(][next)p Ft(7!)q Fu(new)33
+b Fs(l)10 b Fu(]\))651 861 y(where)34 b Fs(l)42 b Fu(=)33
+b Fs(sto)38 b Fu(next)c(and)f Fs(v)43 b Fu(=)32 b Ft(A)p
+Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q(\(lo)s(okup)32
+b Fs(env)2601 876 y Fc(V)2693 861 y Fs(sto)6 b Fu(\))382
+1052 y Ft(D)462 1016 y Fn(V)462 1077 y(ds)533 1052 y
+Fu([)-17 b([)p Fo(")p Fu(])g(])33 b(=)g(id)p 3469 1102
+V 0 1105 3473 4 v 479 1266 a(T)-8 b(able)32 b(4.3:)43
+b(Denotational)30 b(seman)m(tics)j(for)f(v)-5 b(ariable)31
+b(declarations)0 1536 y(Th)m(us)g(w)m(e)e(ev)-5 b(aluate)29
+b(the)g(b)s(o)s(dy)g Fs(S)41 b Fu(in)28 b(an)h(up)s(dated)g(v)-5
+b(ariable)28 b(en)m(vironmen)m(t)h(and)g(an)g(up)s(dated)0
+1657 y(store.)55 b(W)-8 b(e)36 b(shall)f(later)g(mo)s(dify)g(the)h(ab)s
+(o)m(v)m(e)i(clause)e(to)g(tak)m(e)h(the)f(pro)s(cedure)h(declarations)
+0 1777 y(in)m(to)32 b(accoun)m(t.)0 2025 y Fw(Exercise)k(4.65)49
+b Fu(Consider)33 b(the)g(follo)m(wing)d(statemen)m(t)j(of)f
+Fw(Pro)s(c)p Fu(:)244 2241 y Fr(begin)i(var)f(y)g Fu(:=)f
+Fr(0)p Fu(;)h Fr(var)h(x)e Fu(:=)h Fr(1)p Fu(;)533 2409
+y Fr(begin)h(var)f(x)g Fu(:=)f Fr(7)p Fu(;)h Fr(x)g Fu(:=)f
+Fr(x)p Fu(+)p Fr(1)h(end)p Fu(;)533 2576 y Fr(y)g Fu(:=)f
+Fr(x)244 2744 y(end)0 2960 y Fu(Use)g(the)f(seman)m(tic)f(equations)h
+(to)f(sho)m(w)i(that)f(the)g(lo)s(cation)d(for)i Fr(y)h
+Fu(is)f(assigned)h(the)g(v)-5 b(alue)30 b Fw(1)0 3080
+y Fu(in)i(the)h(\014nal)f(store.)2666 b Fh(2)0 3355 y
+Fw(Pro)s(cedure)37 b(en)m(vironmen)m(ts)0 3545 y Fu(T)-8
+b(o)32 b(cater)g(for)g(pro)s(cedures)h(w)m(e)g(shall)e(in)m(tro)s(duce)
+h(the)g(notion)f(of)h(a)g Fs(pr)-5 b(o)g(c)g(e)g(dur)g(e)34
+b(envir)-5 b(onment)p Fu(.)0 3666 y(It)43 b(will)e(b)s(e)j(a)f(total)e
+(function)i(that)g(will)e(asso)s(ciate)i(eac)m(h)h(pro)s(cedure)g(with)
+f(the)h(e\013ect)g(of)0 3786 y(executing)38 b(its)g(b)s(o)s(dy)-8
+b(.)59 b(This)38 b(means)g(that)f(a)h(pro)s(cedure)g(en)m(vironmen)m
+(t,)i Fs(env)2918 3801 y Fc(P)2976 3786 y Fu(,)f(will)c(b)s(e)j(an)0
+3906 y(elemen)m(t)32 b(of)244 4122 y Fw(En)m(v)436 4137
+y Fn(P)520 4122 y Fu(=)h Fw(Pname)f Ft(!)g Fu(\()p Fw(Store)h
+Fo(,)-17 b Ft(!)32 b Fw(Store)p Fu(\))0 4338 y Fw(Remark)24
+b Fu(This)h(notion)e(of)h(pro)s(cedure)h(en)m(vironmen)m(t)g(di\013ers)
+f(from)g(that)g(of)g(the)h(op)s(erational)0 4458 y(approac)m(h.)2984
+b Fh(2)146 4581 y Fu(The)46 b(pro)s(cedure)g(en)m(vironmen)m(t)f(is)f
+(up)s(dated)i(using)e(the)h(seman)m(tic)g(function)f
+Ft(D)3240 4545 y Fn(P)3240 4606 y(ds)3356 4581 y Fu(for)0
+4702 y(pro)s(cedure)34 b(declarations.)42 b(It)33 b(has)g(functionalit)
+m(y)244 4917 y Ft(D)323 4881 y Fn(P)323 4942 y(ds)395
+4917 y Fu(:)43 b Fw(Dec)652 4932 y Fn(P)737 4917 y Ft(!)32
+b Fw(En)m(v)1061 4932 y Fn(V)1151 4917 y Ft(!)g Fw(En)m(v)1475
+4932 y Fn(P)1560 4917 y Ft(!)g Fw(En)m(v)1884 4932 y
+Fn(P)0 5133 y Fu(So)e(giv)m(en)f(the)i(curren)m(t)g(v)-5
+b(ariable)27 b(en)m(vironmen)m(t)k(and)e(the)i(curren)m(t)f(pro)s
+(cedure)h(en)m(vironmen)m(t)0 5254 y(the)k(function)e
+Ft(D)633 5218 y Fn(P)633 5278 y(ds)704 5254 y Fu([)-17
+b([)q Fs(D)825 5269 y Fc(P)883 5254 y Fu(])g(])35 b(will)d(up)s(date)i
+(the)h(pro)s(cedure)g(en)m(vironmen)m(t.)48 b(The)35
+b(v)-5 b(ariable)33 b(en)m(vi-)0 5374 y(ronmen)m(t)e(m)m(ust)g(b)s(e)h
+(a)m(v)-5 b(ailable)29 b(b)s(ecause)j(pro)s(cedures)h(m)m(ust)e(kno)m
+(w)h(the)g(v)-5 b(ariables)30 b(that)h(ha)m(v)m(e)0 5494
+y(b)s(een)i(declared)g(so)g(far.)43 b(An)33 b(example)f(is)g(the)h
+(statemen)m(t)p eop
+%%Page: 122 132
+122 131 bop 251 130 a Fw(122)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 934 4
+516 v 666 526 a Ft(D)745 489 y Fn(P)745 550 y(ds)816
+526 y Fu([)-17 b([)q Fr(proc)34 b Fs(p)k Fr(is)33 b Fs(S)12
+b Fu(;)32 b Fs(D)1524 541 y Fc(P)1583 526 y Fu(])-17
+b(])q Fs(env)1777 541 y Fc(V)1869 526 y Fs(env)2025 541
+y Fc(P)2116 526 y Fu(=)32 b Ft(D)2304 489 y Fn(P)2304
+550 y(ds)2375 526 y Fu([)-17 b([)q Fs(D)2496 541 y Fc(P)2554
+526 y Fu(])g(])q Fs(env)2748 541 y Fc(V)2840 526 y Fu(\()p
+Fs(env)3034 541 y Fc(P)3092 526 y Fu([)p Fs(p)6 b Ft(7!)p
+Fs(g)j Fu(]\))934 693 y(where)34 b Fs(g)41 b Fu(=)33
+b Ft(S)1478 708 y Fn(ds)1550 693 y Fu([)-17 b([)p Fs(S)12
+b Fu(])-17 b(])q Fs(env)1848 708 y Fc(V)1940 693 y Fs(env)2096
+708 y Fc(P)666 884 y Ft(D)745 848 y Fn(P)745 909 y(ds)816
+884 y Fu([)g([)q Fo(")p Fu(])g(])p Fs(env)1093 899 y
+Fc(V)1186 884 y Fu(=)32 b(id)p 3753 934 V 283 937 3473
+4 v 421 1098 a(T)-8 b(able)32 b(4.4:)43 b(Denotational)30
+b(seman)m(tics)j(for)f(non-recursiv)m(e)h(pro)s(cedure)h(declarations)
+527 1360 y Fr(begin)g(var)g(x)e Fu(:=)h Fr(7)p Fu(;)g
+Fr(proc)g(p)g(is)g(x)g Fu(:=)f Fr(0)p Fu(;)816 1527 y
+Fr(begin)i(var)f(x)g Fu(:=)g Fr(5)p Fu(;)f Fr(call)i(p)f(end)527
+1695 y(end)283 1864 y Fu(where)k(the)f(b)s(o)s(dy)g(of)f
+Fr(p)h Fu(m)m(ust)g(kno)m(w)h(that)e(a)h(v)-5 b(ariable)34
+b Fr(x)h Fu(has)h(b)s(een)h(declared)f(in)f(the)h(outer)283
+1984 y(blo)s(c)m(k.)430 2104 y(The)h(seman)m(tic)g(clauses)g
+(de\014ning)g Ft(D)1826 2068 y Fn(P)1826 2129 y(ds)1933
+2104 y Fu(in)f(the)h(case)h(of)e Fs(non-r)-5 b(e)g(cursive)38
+b(pr)-5 b(o)g(c)g(e)g(dur)g(es)36 b Fu(are)283 2225 y(giv)m(en)i(in)e
+(T)-8 b(able)37 b(4.4.)56 b(In)37 b(the)h(clause)f(for)g(pro)s(cedure)h
+(declarations)e(w)m(e)i(use)g(the)f(seman)m(tic)283 2345
+y(function)30 b Ft(S)730 2360 y Fn(ds)831 2345 y Fu(for)f(statemen)m
+(ts)i(\(de\014ned)g(b)s(elo)m(w\))e(to)g(determine)g(the)h(meaning)f
+(of)g(the)h(b)s(o)s(dy)283 2465 y(of)35 b(the)h(pro)s(cedure)g(using)f
+(that)h Fs(env)1652 2480 y Fc(V)1747 2465 y Fu(and)g
+Fs(env)2096 2480 y Fc(P)2189 2465 y Fu(are)f(the)h(en)m(vironmen)m(ts)g
+(at)f(the)h(p)s(oin)m(t)e(of)283 2586 y(declaration.)41
+b(The)30 b(v)-5 b(ariables)28 b(o)s(ccurring)h(in)f(the)h(b)s(o)s(dy)h
+Fs(S)40 b Fu(of)29 b Fs(p)35 b Fu(will)27 b(therefore)j(b)s(e)f(b)s
+(ound)g(to)283 2706 y(the)37 b(lo)s(cations)e(of)h(the)h(v)-5
+b(ariables)35 b(as)h(kno)m(wn)i(at)e(the)h(time)e(of)h(declaration)e
+(but)j(the)g(v)-5 b(alues)283 2827 y(of)39 b(the)g(lo)s(cations)e(will)
+f(not)j(b)s(e)g(kno)m(wn)h(un)m(til)d(the)i(time)f(of)g(call.)60
+b(In)39 b(this)g(w)m(a)m(y)h(w)m(e)f(ensure)283 2947
+y(that)j(w)m(e)g(obtain)f(static)g(scop)s(e)h(for)f(v)-5
+b(ariables.)69 b(Also)41 b(an)g(o)s(ccurrence)i(of)e
+Fr(call)i Fs(p)3433 2911 y Fi(0)3498 2947 y Fu(in)d(the)283
+3067 y(b)s(o)s(dy)g(of)e(the)i(pro)s(cedure)g(will)d(refer)i(to)g(a)g
+(pro)s(cedure)h Fs(p)2439 3031 y Fi(0)2502 3067 y Fu(men)m(tioned)e(in)
+h Fs(env)3259 3082 y Fc(P)3317 3067 y Fu(,)h(that)f(is)g(a)283
+3188 y(pro)s(cedure)k(declared)g(in)e(an)h(outer)g(blo)s(c)m(k)g(or)g
+(in)f(the)i(curren)m(t)g(blo)s(c)m(k)f(but)g(preceding)g(the)283
+3308 y(presen)m(t)32 b(pro)s(cedure.)44 b(In)30 b(this)g(w)m(a)m(y)h(w)
+m(e)g(obtain)e(static)h(scop)s(e)h(for)f(pro)s(cedures.)44
+b(This)30 b(will)e(b)s(e)283 3429 y(illustrated)j(in)h(Exercise)i(4.67)
+e(b)s(elo)m(w.)283 3682 y Fw(The)38 b(seman)m(tic)e(function)h
+Ft(S)1483 3697 y Fn(ds)1592 3682 y Fw(for)g(Pro)s(c)283
+3867 y Fu(The)j(meaning)c(of)i(a)g(statemen)m(t)g(dep)s(ends)i(on)e
+(the)h(v)-5 b(ariables)37 b(and)h(pro)s(cedures)i(that)e(ha)m(v)m(e)283
+3987 y(b)s(een)i(declared.)63 b(Therefore)40 b(the)f(seman)m(tic)g
+(function)f Ft(S)2451 4002 y Fn(ds)2561 3987 y Fu(for)g(statemen)m(ts)i
+(in)e Fw(Pro)s(c)g Fu(will)283 4108 y(ha)m(v)m(e)c(functionalit)m(y)527
+4276 y Ft(S)595 4291 y Fn(ds)666 4276 y Fu(:)44 b Fw(Stm)32
+b Ft(!)g Fw(En)m(v)1293 4291 y Fn(V)1383 4276 y Ft(!)g
+Fw(En)m(v)1707 4291 y Fn(P)1792 4276 y Ft(!)g Fu(\()p
+Fw(Store)g Fo(,)-17 b Ft(!)33 b Fw(Store)p Fu(\))283
+4445 y(The)f(function)d(is)h(de\014ned)i(b)m(y)f(the)f(clauses)h(of)f
+(T)-8 b(able)30 b(4.5.)42 b(In)30 b(most)g(cases)i(the)e(de\014nition)f
+(of)283 4565 y Ft(S)351 4580 y Fn(ds)453 4565 y Fu(is)h(a)g(straigh)m
+(tforw)m(ard)h(mo)s(di\014cation)d(of)i(the)h(clauses)g(of)f
+Ft(S)2648 4529 y Fi(0)2648 4590 y Fn(ds)2719 4565 y Fu(.)43
+b(Note)31 b(that)f(the)h(meaning)283 4686 y(of)i(a)f(pro)s(cedure)h
+(call)e(is)h(obtained)g(b)m(y)i(simply)d(consulting)h(the)h(pro)s
+(cedure)g(en)m(vironmen)m(t.)283 4867 y Fw(Example)k(4.66)49
+b Fu(This)29 b(example)e(sho)m(ws)j(ho)m(w)g(w)m(e)f(obtain)e(static)h
+(scop)s(e)h(rules)g(for)f(the)h(v)-5 b(ari-)283 4988
+y(ables.)44 b(Consider)33 b(the)g(application)d(of)i(the)h(seman)m(tic)
+f(function)g Ft(S)2778 5003 y Fn(ds)2882 4988 y Fu(to)g(the)h(statemen)
+m(t)527 5156 y Fr(begin)h(var)g(x)e Fu(:=)h Fr(7)p Fu(;)g
+Fr(proc)g(p)g(is)g(x)g Fu(:=)f Fr(0)p Fu(;)816 5324 y
+Fr(begin)i(var)f(x)g Fu(:=)g Fr(5)p Fu(;)f Fr(call)i(p)f(end)527
+5492 y(end)p eop
+%%Page: 123 133
+123 132 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
+b(123)p 0 193 3473 4 v 0 419 V 0 2889 4 2471 v 382 519
+a Ft(S)450 534 y Fn(ds)521 519 y Fu([)-17 b([)q Fs(x)12
+b Fu(:=)p Fs(a)7 b Fu(])-17 b(])p Fs(env)969 534 y Fc(V)1062
+519 y Fs(env)1218 534 y Fc(P)1308 519 y Fs(sto)39 b Fu(=)32
+b Fs(sto)6 b Fu([)p Fs(l)k Ft(7!A)p Fu([)-17 b([)q Fs(a)7
+b Fu(])-17 b(]\(lo)s(okup)32 b Fs(env)2593 534 y Fc(V)2686
+519 y Fs(sto)6 b Fu(\)])651 686 y(where)34 b Fs(l)42
+b Fu(=)33 b Fs(env)1265 701 y Fc(V)1357 686 y Fs(x)382
+878 y Ft(S)450 893 y Fn(ds)521 878 y Fu([)-17 b([)q Fr(skip)p
+Fu(])g(])q Fs(env)957 893 y Fc(V)1050 878 y Fs(env)1206
+893 y Fc(P)1296 878 y Fu(=)33 b(id)382 1069 y Ft(S)450
+1084 y Fn(ds)521 1069 y Fu([)-17 b([)q Fs(S)626 1084
+y Fn(1)697 1069 y Fu(;)33 b Fs(S)824 1084 y Fn(2)863
+1069 y Fu(])-17 b(])q Fs(env)1057 1084 y Fc(V)1150 1069
+y Fs(env)1306 1084 y Fc(P)1396 1069 y Fu(=)32 b(\()p
+Ft(S)1610 1084 y Fn(ds)1681 1069 y Fu([)-17 b([)q Fs(S)1786
+1084 y Fn(2)1825 1069 y Fu(])g(])q Fs(env)2019 1084 y
+Fc(V)2111 1069 y Fs(env)2267 1084 y Fc(P)2325 1069 y
+Fu(\))33 b Ft(\016)f Fu(\()p Ft(S)2584 1084 y Fn(ds)2655
+1069 y Fu([)-17 b([)q Fs(S)2760 1084 y Fn(1)2799 1069
+y Fu(])g(])p Fs(env)2992 1084 y Fc(V)3085 1069 y Fs(env)3241
+1084 y Fc(P)3299 1069 y Fu(\))382 1260 y Ft(S)450 1275
+y Fn(ds)521 1260 y Fu([)g([)q Fr(if)33 b Fs(b)38 b Fr(then)c
+Fs(S)1082 1275 y Fn(1)1154 1260 y Fr(else)f Fs(S)1458
+1275 y Fn(2)1497 1260 y Fu(])-17 b(])q Fs(env)1691 1275
+y Fc(V)1784 1260 y Fs(env)1940 1275 y Fc(P)2030 1260
+y Fu(=)651 1428 y(cond\()p Ft(B)t Fu([)g([)p Fs(b)6 b
+Fu(])-17 b(])q Ft(\016)p Fu(\(lo)s(okup)31 b Fs(env)1647
+1443 y Fc(V)1707 1428 y Fu(\),)i Ft(S)1873 1443 y Fn(ds)1944
+1428 y Fu([)-17 b([)q Fs(S)2049 1443 y Fn(1)2088 1428
+y Fu(])g(])p Fs(env)2281 1443 y Fc(V)2374 1428 y Fs(env)2530
+1443 y Fc(P)2588 1428 y Fu(,)1359 1595 y Ft(S)1427 1610
+y Fn(ds)1498 1595 y Fu([)g([)q Fs(S)1603 1610 y Fn(2)1642
+1595 y Fu(])g(])q Fs(env)1836 1610 y Fc(V)1929 1595 y
+Fs(env)2085 1610 y Fc(P)2142 1595 y Fu(\))382 1787 y
+Ft(S)450 1802 y Fn(ds)521 1787 y Fu([)g([)q Fr(while)34
+b Fs(b)k Fr(do)33 b Fs(S)12 b Fu(])-17 b(])p Fs(env)1326
+1802 y Fc(V)1419 1787 y Fs(env)1575 1802 y Fc(P)1665
+1787 y Fu(=)33 b(FIX)f Fs(F)618 1954 y Fu(where)i Fs(F)46
+b(g)41 b Fu(=)32 b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(])p Ft(\016)p Fu(\(lo)s(okup)32 b Fs(env)2201
+1969 y Fc(V)2261 1954 y Fu(\),)1359 2122 y Fs(g)42 b
+Ft(\016)32 b Fu(\()p Ft(S)1634 2137 y Fn(ds)1705 2122
+y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q Fs(env)2003
+2137 y Fc(V)2095 2122 y Fs(env)2251 2137 y Fc(P)2309
+2122 y Fu(\),)33 b(id\))382 2313 y Ft(S)450 2328 y Fn(ds)521
+2313 y Fu([)-17 b([)q Fr(begin)34 b Fs(D)931 2328 y Fc(V)1024
+2313 y Fs(D)1107 2328 y Fc(P)1198 2313 y Fs(S)44 b Fr(end)p
+Fu(])-17 b(])r Fs(env)1645 2328 y Fc(V)1738 2313 y Fs(env)1894
+2328 y Fc(P)1984 2313 y Fs(sto)39 b Fu(=)32 b Ft(S)2321
+2328 y Fn(ds)2392 2313 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])p Fs(env)2690 2277 y Fi(0)2690 2338 y Fc(V)2783 2313
+y Fs(env)2939 2277 y Fi(0)2939 2338 y Fc(P)3029 2313
+y Fs(sto)3157 2277 y Fi(0)651 2481 y Fu(where)34 b Ft(D)1012
+2445 y Fn(V)1012 2505 y(ds)1083 2481 y Fu([)-17 b([)q
+Fs(D)1204 2496 y Fc(V)1265 2481 y Fu(])g(])q(\()p Fs(env)1497
+2496 y Fc(V)1557 2481 y Fu(,)32 b Fs(sto)6 b Fu(\))33
+b(=)f(\()p Fs(env)2117 2445 y Fi(0)2117 2505 y Fc(V)2177
+2481 y Fu(,)h Fs(sto)2365 2445 y Fi(0)2388 2481 y Fu(\))651
+2648 y(and)f Ft(D)920 2612 y Fn(P)920 2673 y(ds)991 2648
+y Fu([)-17 b([)q Fs(D)1112 2663 y Fc(P)1171 2648 y Fu(])g(])p
+Fs(env)1364 2612 y Fi(0)1364 2673 y Fc(V)1457 2648 y
+Fs(env)1613 2663 y Fc(P)1703 2648 y Fu(=)33 b Fs(env)1968
+2612 y Fi(0)1968 2673 y Fc(P)382 2840 y Ft(S)450 2855
+y Fn(ds)521 2840 y Fu([)-17 b([)q Fr(call)33 b Fs(p)6
+b Fu(])-17 b(])q Fs(env)1046 2855 y Fc(V)1138 2840 y
+Fs(env)1294 2855 y Fc(P)1385 2840 y Fu(=)32 b Fs(env)1649
+2855 y Fc(P)1740 2840 y Fs(p)p 3469 2889 V 0 2892 3473
+4 v 801 3053 a Fu(T)-8 b(able)32 b(4.5:)43 b(Denotational)30
+b(seman)m(tics)j(for)f Fw(Pro)s(c)0 3325 y Fu(Assume)49
+b(that)f(the)g(initial)c(en)m(vironmen)m(ts)49 b(are)f
+Fs(env)2033 3340 y Fc(V)2141 3325 y Fu(and)g Fs(env)2502
+3340 y Fc(P)2608 3325 y Fu(and)g(that)g(the)g(initial)0
+3445 y(store)40 b Fs(sto)46 b Fu(has)41 b Fs(sto)46 b
+Fu(next)40 b(=)g Fw(12)p Fu(.)66 b(Then)41 b(the)f(\014rst)h(step)f
+(will)e(b)s(e)i(to)g(up)s(date)g(the)g(v)-5 b(ariable)0
+3565 y(en)m(vironmen)m(t)33 b(with)f(the)h(declarations)f(of)g(the)h
+(outer)f(blo)s(c)m(k:)244 3783 y Ft(D)323 3747 y Fn(V)323
+3808 y(ds)395 3783 y Fu([)-17 b([)p Fr(var)34 b(x)e Fu(:=)h
+Fr(7)p Fu(;])-17 b(])q(\()p Fs(env)1148 3798 y Fc(V)1208
+3783 y Fu(,)32 b Fs(sto)6 b Fu(\))513 3951 y(=)32 b Ft(D)701
+3914 y Fn(V)701 3975 y(ds)772 3951 y Fu([)-17 b([)p Fo(")p
+Fu(])g(])q(\()p Fs(env)1087 3966 y Fc(V)1147 3951 y Fu([)p
+Fr(x)p Ft(7!)p Fw(12)p Fu(],)32 b Fs(sto)6 b Fu([)p Fw(12)p
+Ft(7!)p Fw(7)p Fu(][next)p Ft(7!)q Fw(13)p Fu(]\))513
+4118 y(=)32 b(\()p Fs(env)815 4133 y Fc(V)875 4118 y
+Fu([)p Fr(x)p Ft(7!)p Fw(12)p Fu(],)h Fs(sto)6 b Fu([)p
+Fw(12)p Ft(7!)p Fw(7)p Fu(][next)p Ft(7!)q Fw(13)p Fu(]\))0
+4336 y(Next)33 b(w)m(e)h(up)s(date)f(the)g(pro)s(cedure)g(en)m
+(vironmen)m(t:)244 4553 y Ft(D)323 4517 y Fn(P)323 4578
+y(ds)395 4553 y Fu([)-17 b([)p Fr(proc)34 b(p)f(is)g(x)f
+Fu(:=)h(0;])-17 b(]\()p Fs(env)1415 4568 y Fc(V)1475
+4553 y Fu([)p Fr(x)p Ft(7!)p Fw(12)p Fu(]\))33 b Fs(env)2019
+4568 y Fc(P)513 4721 y Fu(=)f Ft(D)701 4685 y Fn(P)701
+4746 y(ds)772 4721 y Fu([)-17 b([)p Fo(")p Fu(])g(])q(\()p
+Fs(env)1087 4736 y Fc(V)1147 4721 y Fu([)p Fr(x)p Ft(7!)p
+Fw(12)p Fu(]\))32 b(\()p Fs(env)1728 4736 y Fc(P)1786
+4721 y Fu([)p Fr(p)p Ft(7!)p Fs(g)9 b Fu(]\))513 4889
+y(=)32 b Fs(env)777 4904 y Fc(P)835 4889 y Fu([)p Fr(p)p
+Ft(7!)p Fs(g)9 b Fu(])0 5106 y(where)244 5324 y Fs(g)41
+b(sto)e Fu(=)32 b Ft(S)667 5339 y Fn(ds)738 5324 y Fu([)-17
+b([)q Fr(x)32 b Fu(:=)h Fr(0)p Fu(])-17 b(])q(\()p Fs(env)1278
+5339 y Fc(V)1338 5324 y Fu([)p Fr(x)p Ft(7!)p Fw(12)p
+Fu(]\))32 b Fs(env)1881 5339 y Fc(P)1972 5324 y Fs(sto)491
+5492 y Fu(=)g Fs(sto)6 b Fu([)p Fw(12)p Ft(7!)p Fw(0)p
+Fu(])p eop
+%%Page: 124 134
+124 133 bop 251 130 a Fw(124)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 283 515 a Fu(b)s(ecause)44
+b Fr(x)f Fu(is)f(to)g(b)s(e)g(found)g(in)g(lo)s(cation)e
+Fw(12)i Fu(according)g(to)g(the)h(v)-5 b(ariable)40 b(en)m(vironmen)m
+(t.)283 636 y(Then)34 b(w)m(e)g(get)527 798 y Ft(S)595
+813 y Fn(ds)666 798 y Fu([)-17 b([)q Fr(begin)34 b(var)f(x)g
+Fu(:=)f Fr(7)p Fu(;)h Fr(proc)h(p)f(is)g(x)f Fu(:=)h
+Fr(0)p Fu(;)993 965 y Fr(begin)h(var)f(x)g Fu(:=)f Fr(5)p
+Fu(;)h Fr(call)h(p)e(end)i(end)p Fu(])-17 b(])q Fs(env)2653
+980 y Fc(V)2746 965 y Fs(env)2902 980 y Fc(P)2992 965
+y Fs(sto)527 1133 y Fu(=)33 b Ft(S)704 1148 y Fn(ds)775
+1133 y Fu([)-17 b([)p Fr(begin)34 b(var)f(x)g Fu(:=)g
+Fr(5)p Fu(;)g Fr(call)g(p)g(end)p Fu(])-17 b(])34 b(\()p
+Fs(env)2357 1148 y Fc(V)2417 1133 y Fu([)p Fr(x)p Ft(7!)p
+Fw(12)p Fu(]\))f(\()p Fs(env)2999 1148 y Fc(P)3056 1133
+y Fu([)p Fr(p)p Ft(7!)p Fs(g)9 b Fu(]\))1269 1300 y(\()p
+Fs(sto)d Fu([)p Fw(12)p Ft(7!)o Fw(7)p Fu(][next)p Ft(7!)q
+Fw(13)p Fu(]\))283 1462 y(F)-8 b(or)32 b(the)h(v)-5 b(ariable)31
+b(declarations)h(of)g(the)h(inner)f(blo)s(c)m(k)g(w)m(e)i(ha)m(v)m(e)
+527 1624 y Ft(D)607 1588 y Fn(V)607 1649 y(ds)678 1624
+y Fu([)-17 b([)q Fr(var)33 b(x)g Fu(:=)f Fr(5)p Fu(;])-17
+b(])q(\()p Fs(env)1431 1639 y Fc(V)1491 1624 y Fu([)p
+Fr(x)p Ft(7!)p Fw(12)p Fu(],)33 b Fs(sto)6 b Fu([)p Fw(12)p
+Ft(7!)p Fw(7)p Fu(][next)p Ft(7!)q Fw(13)p Fu(]\))796
+1792 y(=)32 b Ft(D)984 1755 y Fn(V)984 1816 y(ds)1055
+1792 y Fu([)-17 b([)q Fo(")p Fu(])g(]\()p Fs(env)1370
+1807 y Fc(V)1430 1792 y Fu([)p Fr(x)p Ft(7!)p Fw(13)p
+Fu(],)33 b Fs(sto)6 b Fu([)p Fw(12)p Ft(7!)p Fw(7)p Fu(][)p
+Fw(13)p Ft(7!)p Fw(5)p Fu(][next)p Ft(7!)q Fw(14)p Fu(]\))796
+1959 y(=)32 b(\()p Fs(env)1098 1974 y Fc(V)1159 1959
+y Fu([)p Fr(x)p Ft(7!)p Fw(13)p Fu(],)g Fs(sto)6 b Fu([)p
+Fw(12)p Ft(7!)p Fw(7)p Fu(][)p Fw(13)p Ft(7!)p Fw(5)p
+Fu(][next)p Ft(7!)q Fw(14)p Fu(]\))283 2121 y(and)527
+2283 y Ft(D)607 2247 y Fn(P)607 2307 y(ds)678 2283 y
+Fu([)-17 b([)q Fo(")o Fu(])g(])q(\()p Fs(env)993 2298
+y Fc(V)1053 2283 y Fu([)p Fr(x)p Ft(7!)p Fw(13)p Fu(]\))33
+b(\()p Fs(env)1635 2298 y Fc(P)1692 2283 y Fu([)p Fr(p)p
+Ft(7!)p Fs(g)9 b Fu(]\))33 b(=)f Fs(env)2286 2298 y Fc(P)2344
+2283 y Fu([)p Fr(p)p Ft(7!)p Fs(g)9 b Fu(])283 2445 y(Th)m(us)35
+b(w)m(e)e(get)527 2606 y Ft(S)595 2621 y Fn(ds)666 2606
+y Fu([)-17 b([)q Fr(begin)34 b(var)f(x)g Fu(:=)f Fr(5)p
+Fu(;)h Fr(call)h(p)f(end)p Fu(])-17 b(])34 b(\()p Fs(env)2249
+2621 y Fc(V)2309 2606 y Fu([)p Fr(x)p Ft(7!)p Fw(12)p
+Fu(]\))e(\()p Fs(env)2890 2621 y Fc(P)2948 2606 y Fu([)p
+Fr(p)p Ft(7!)p Fs(g)9 b Fu(]\))1269 2774 y(\()p Fs(sto)d
+Fu([)p Fw(12)p Ft(7!)o Fw(7)p Fu(][next)p Ft(7!)q Fw(13)p
+Fu(]\))796 2942 y(=)32 b Ft(S)972 2957 y Fn(ds)1043 2942
+y Fu([)-17 b([)q Fr(call)34 b(p)p Fu(])-17 b(]\()p Fs(env)1601
+2957 y Fc(V)1662 2942 y Fu([)p Fr(x)p Ft(7!)p Fw(13)p
+Fu(]\))32 b(\()p Fs(env)2243 2957 y Fc(P)2301 2942 y
+Fu([)p Fr(p)p Ft(7!)p Fs(g)9 b Fu(]\))1269 3109 y(\()p
+Fs(sto)d Fu([)p Fw(12)p Ft(7!)o Fw(7)p Fu(][)p Fw(13)p
+Ft(7!)p Fw(5)p Fu(][next)p Ft(7!)q Fw(14)p Fu(]\))796
+3277 y(=)32 b Fs(g)42 b Fu(\()p Fs(sto)6 b Fu([)p Fw(12)p
+Ft(7!)o Fw(7)p Fu(][)p Fw(13)p Ft(7!)p Fw(5)p Fu(][next)p
+Ft(7!)q Fw(14)p Fu(]\))796 3445 y(=)32 b Fs(sto)6 b Fu([)p
+Fw(12)p Ft(7!)p Fw(0)p Fu(][)p Fw(13)p Ft(7!)p Fw(5)p
+Fu(][next)p Ft(7!)q Fw(14)p Fu(])283 3606 y(so)33 b(w)m(e)h(see)g(that)
+e(in)g(the)h(\014nal)e(store)i(the)g(lo)s(cation)e(for)h(the)h(lo)s
+(cal)d(v)-5 b(ariable)31 b(has)i(the)g(v)-5 b(alue)32
+b Fw(5)283 3727 y Fu(and)h(the)g(one)g(for)f(the)h(global)d(v)-5
+b(ariable)31 b(has)i(the)g(v)-5 b(alue)32 b Fw(0)p Fu(.)1214
+b Fh(2)283 3899 y Fw(Exercise)37 b(4.67)49 b Fu(Consider)33
+b(the)g(follo)m(wing)d(statemen)m(t)j(in)f Fw(Pro)s(c)p
+Fu(:)527 4061 y Fr(begin)i(var)g(x)e Fu(:=)h Fr(0)p Fu(;)816
+4229 y Fr(proc)h(p)f(is)g(x)f Fu(:=)h Fr(x)p Fu(+)p Fr(1)p
+Fu(;)816 4397 y Fr(proc)h(q)f(is)g(call)g(p)p Fu(;)816
+4564 y Fr(begin)h(proc)g(p)e(is)h(x)g Fu(:=)g Fr(7)p
+Fu(;)1105 4732 y Fr(call)h(q)816 4899 y(end)527 5067
+y(end)283 5229 y Fu(Use)i(the)g(seman)m(tic)e(clauses)i(of)e
+Fw(Pro)s(c)h Fu(to)f(illustrate)f(that)i(pro)s(cedures)h(ha)m(v)m(e)g
+(static)f(scop)s(e,)283 5349 y(that)i(is)e(sho)m(w)j(that)e(the)h
+(\014nal)e(store)i(will)d(asso)s(ciate)i(the)g(lo)s(cation)e(of)i
+Fr(x)h Fu(with)e(the)i(v)-5 b(alue)36 b Fw(1)283 5470
+y Fu(\(rather)d(than)g Fw(7)p Fu(\).)2718 b Fh(2)p eop
+%%Page: 125 135
+125 134 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
+b(125)p 0 193 3473 4 v 0 419 V 0 934 4 516 v 382 526
+a Ft(D)462 489 y Fn(P)462 550 y(ds)533 526 y Fu([)-17
+b([)p Fr(proc)34 b Fs(p)k Fr(is)c Fs(S)12 b Fu(;)32 b
+Fs(D)1241 541 y Fc(P)1300 526 y Fu(])-17 b(])p Fs(env)1493
+541 y Fc(V)1586 526 y Fs(env)1742 541 y Fc(P)1832 526
+y Fu(=)33 b Ft(D)2020 489 y Fn(P)2020 550 y(ds)2091 526
+y Fu([)-17 b([)q Fs(D)2212 541 y Fc(P)2271 526 y Fu(])g(])p
+Fs(env)2464 541 y Fc(V)2557 526 y Fu(\()p Fs(env)2751
+541 y Fc(P)2809 526 y Fu([)p Fs(p)6 b Ft(7!)o Fu(FIX)33
+b Fs(F)13 b Fu(]\))651 693 y(where)34 b Fs(F)45 b(g)c
+Fu(=)33 b Ft(S)1304 708 y Fn(ds)1376 693 y Fu([)-17 b([)p
+Fs(S)12 b Fu(])-17 b(])q Fs(env)1674 708 y Fc(V)1766
+693 y Fu(\()p Fs(env)1960 708 y Fc(P)2018 693 y Fu([)p
+Fs(p)6 b Ft(7!)p Fs(g)j Fu(]\))382 884 y Ft(D)462 848
+y Fn(P)462 909 y(ds)533 884 y Fu([)-17 b([)p Fo(")p Fu(])g(])q
+Fs(env)810 899 y Fc(V)902 884 y Fu(=)33 b(id)p 3469 934
+V 0 937 3473 4 v 232 1098 a(T)-8 b(able)32 b(4.6:)43
+b(Denotational)30 b(seman)m(tics)j(for)f(recursiv)m(e)i(pro)s(cedure)g
+(declarations)0 1370 y Fw(Recursiv)m(e)i(pro)s(cedures)0
+1555 y Fu(In)d(the)f(case)h(where)h(pro)s(cedures)f(are)g(allo)m(w)m
+(ed)e(to)h(b)s(e)g Fs(r)-5 b(e)g(cursive)39 b Fu(w)m(e)34
+b(shall)c(b)s(e)j(in)m(terested)g(in)0 1675 y(a)f(function)g
+Fs(g)41 b Fu(in)32 b Fw(Store)h Fo(,)-17 b Ft(!)32 b
+Fw(Store)h Fu(satisfying)244 1859 y Fs(g)41 b Fu(=)32
+b Ft(S)506 1874 y Fn(ds)577 1859 y Fu([)-17 b([)q Fs(S)12
+b Fu(])-17 b(])p Fs(env)875 1874 y Fc(V)968 1859 y Fu(\()p
+Fs(env)1162 1874 y Fc(P)1220 1859 y Fu([)p Fs(p)6 b Ft(7!)o
+Fs(g)j Fu(]\))0 2043 y(since)29 b(this)f(will)f(ensure)j(that)e(the)h
+(meaning)f(of)g(all)e(the)j(recursiv)m(e)i(calls)c(is)h(the)h(same)g
+(as)g(that)0 2164 y(of)g(the)h(pro)s(cedure)g(b)s(eing)f(de\014ned.)44
+b(F)-8 b(or)28 b(this)h(only)g(the)h(clause)f(for)g Ft(D)2599
+2127 y Fn(P)2599 2188 y(ds)2670 2164 y Fu([)-17 b([)q
+Fr(proc)33 b Fs(p)39 b Fr(is)33 b Fs(S)12 b Fu(;)32 b
+Fo(D)3376 2179 y Fc(P)3435 2164 y Fu(])-17 b(])0 2284
+y(needs)42 b(to)e(b)s(e)h(mo)s(di\014ed)f(and)g(the)h(new)h(clause)f
+(is)f(giv)m(en)h(in)f(T)-8 b(able)40 b(4.6.)67 b(W)-8
+b(e)41 b(shall)e(see)j(in)0 2404 y(Exercise)34 b(4.69)e(that)h(this)f
+(is)h(a)f(p)s(ermissible)f(de\014nition,)h(that)h(is)f
+Fs(F)46 b Fu(of)32 b(T)-8 b(able)32 b(4.6)h(is)f(indeed)0
+2525 y(con)m(tin)m(uous.)0 2692 y Fw(Remark)e Fu(Let)g(us)h(brie\015y)f
+(compare)g(the)g(ab)s(o)m(v)m(e)h(seman)m(tics)g(with)f(the)g(op)s
+(erational)e(seman-)0 2813 y(tics)35 b(giv)m(en)g(in)g(Section)g(2.5)g
+(for)f(the)i(same)f(language.)51 b(In)35 b(the)h(op)s(erational)d
+(seman)m(tics)i(the)0 2933 y(p)s(ossibilit)m(y)27 b(of)i(recursion)g
+(is)g(handled)g(b)m(y)h(up)s(dating)e(the)i(en)m(vironmen)m(t)f
+Fs(e)-5 b(ach)32 b(time)f(the)h(pr)-5 b(o-)0 3053 y(c)g(e)g(dur)g(e)42
+b(is)g(c)-5 b(al)5 b(le)-5 b(d)50 b Fu(and,)43 b(except)f(for)e
+(recording)g(the)h(declaration,)h(no)e(action)g(tak)m(es)i(place)0
+3174 y(when)27 b(the)f(pro)s(cedure)g(is)f(declared.)41
+b(In)26 b(the)g(denotational)e(approac)m(h,)j(the)f(situation)e(is)h(v)
+m(ery)0 3294 y(di\013eren)m(t.)66 b(The)41 b(p)s(ossibilit)m(y)c(of)j
+(recursion)g(is)g(handled)f Fs(onc)-5 b(e)41 b(and)g(for)h(al)5
+b(l)p Fu(,)41 b(namely)e Fs(when)0 3415 y(the)c(pr)-5
+b(o)g(c)g(e)g(dur)g(e)34 b(is)h(de)-5 b(clar)g(e)g(d)p
+Fu(.)2340 b Fh(2)0 3617 y Fw(Exercise)36 b(4.68)49 b
+Fu(Consider)33 b(the)g(declaration)e(of)h(the)h(factorial)d(pro)s
+(cedure)244 3801 y Fr(proc)j(fac)h(is)f(begin)h(var)f(z)g
+Fu(:=)f Fr(x)p Fu(;)1092 3969 y Fr(if)h(x)f Fu(=)h Fr(1)g(then)g(skip)
+1092 4136 y(else)g Fu(\()p Fr(x)g Fu(:=)f Fr(x)h Ft(\000)g
+Fr(1)p Fu(;)g Fr(call)h(fac)p Fu(;)f Fr(y)g Fu(:=)f Fr(z)h
+Fo(?)f Fr(y)p Fu(\))803 4304 y Fr(end)p Fu(;)0 4488 y(Assume)39
+b(that)g(the)g(initial)c(en)m(vironmen)m(ts)k(are)g Fs(env)1977
+4503 y Fc(V)2076 4488 y Fu(and)f Fs(env)2427 4503 y Fc(P)2524
+4488 y Fu(and)g(that)h Fs(env)3093 4503 y Fc(V)3192 4488
+y Fr(x)f Fu(=)h Fs(l)3431 4503 y Fn(x)0 4608 y Fu(and)33
+b Fs(env)346 4623 y Fc(V)438 4608 y Fr(y)g Fu(=)f Fs(l)665
+4623 y Fn(y)708 4608 y Fu(.)44 b(Determine)31 b(the)i(up)s(dated)g(pro)
+s(cedure)h(en)m(vironmen)m(t.)586 b Fh(2)146 4811 y Fu(As)31
+b(for)e Fw(While)f Fu(w)m(e)j(m)m(ust)f(ensure)h(that)f(the)g(seman)m
+(tic)g(clauses)g(de\014ne)h(a)f(total)e(function)0 4931
+y Ft(S)68 4946 y Fn(ds)139 4931 y Fu(.)43 b(W)-8 b(e)33
+b(lea)m(v)m(e)h(the)f(details)e(to)h(the)h(exercise)h(b)s(elo)m(w.)0
+5133 y Fw(Exercise)i(4.69)49 b Fu(**)40 b(T)-8 b(o)40
+b(ensure)h(that)f(the)g(clauses)h(for)e Ft(S)2243 5148
+y Fn(ds)2354 5133 y Fu(de\014ne)i(a)f(total)e(function)h(w)m(e)0
+5254 y(m)m(ust)23 b(sho)m(w)h(that)f(FIX)g(is)f(only)h(applied)e(to)i
+(con)m(tin)m(uous)h(functions.)40 b(In)23 b(the)h(case)f(of)g(recursiv)
+m(e)0 5374 y(pro)s(cedures)34 b(this)f(is)f(a)h(rather)g(lab)s(orious)d
+(task.)45 b(First)32 b(one)h(ma)m(y)g(use)h(structural)e(induction)0
+5494 y(to)g(sho)m(w)i(that)e Ft(D)652 5458 y Fn(V)652
+5519 y(ds)756 5494 y Fu(is)g(indeed)h(a)f(w)m(ell-de\014ned)h
+(function.)43 b(Secondly)33 b(one)g(ma)m(y)f(de\014ne)p
+eop
+%%Page: 126 136
+126 135 bop 251 130 a Fw(126)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 527 515 a Fs(env)683
+530 y Fc(P)774 515 y Ft(v)851 479 y Fi(0)907 515 y Fs(env)1063
+479 y Fi(0)1063 540 y Fc(P)1153 515 y Fu(if)c(and)h(only)f(if)f
+Fs(env)1892 530 y Fc(P)1982 515 y Fs(p)39 b Ft(v)33 b
+Fs(env)2337 479 y Fi(0)2337 540 y Fc(P)2427 515 y Fs(p)39
+b Fu(for)32 b(all)e Fs(p)39 b Ft(2)33 b Fw(Pname)283
+712 y Fu(and)j(sho)m(w)g(that)e(\()p Fw(En)m(v)1163 727
+y Fn(P)1215 712 y Fu(,)i Ft(v)1355 676 y Fi(0)1379 712
+y Fu(\))e(is)h(a)g(ccp)s(o.)51 b(Finally)-8 b(,)32 b(one)k(ma)m(y)e
+(use)i(Exercise)h(4.41)d(\(with)g Fs(D)283 833 y Fu(b)s(eing)k
+Fw(Store)f Fo(,)-17 b Ft(!)38 b Fw(Store)p Fu(\))g(to)f(sho)m(w)i(that)
+f(for)g(all)d Fs(env)2370 848 y Fc(V)2468 833 y Ft(2)k
+Fw(En)m(v)2765 848 y Fn(V)2860 833 y Fu(the)g(clauses)f(of)g(T)-8
+b(ables)283 953 y(4.3,)33 b(4.5)f(and)h(4.6)f(do)g(de\014ne)i(con)m
+(tin)m(uous)f(functions)527 1150 y Ft(S)595 1165 y Fn(ds)666
+1150 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])p Fs(env)964
+1165 y Fc(V)1024 1150 y Fu(:)44 b Fw(En)m(v)1287 1165
+y Fn(P)1371 1150 y Ft(!)33 b Fu(\()p Fw(Store)f Fo(,)-17
+b Ft(!)32 b Fw(Store)p Fu(\))527 1318 y Ft(D)607 1282
+y Fn(P)607 1343 y(ds)678 1318 y Fu([)-17 b([)q Fs(D)799
+1333 y Fc(P)857 1318 y Fu(])g(])q Fs(env)1051 1333 y
+Fc(V)1111 1318 y Fu(:)44 b Fw(En)m(v)1374 1333 y Fn(P)1458
+1318 y Ft(!)32 b Fw(En)m(v)1782 1333 y Fn(P)283 1515
+y Fu(This)38 b(is)e(p)s(erformed)g(using)h(m)m(utual)f(structural)g
+(induction)g(on)h(statemen)m(ts)h Fs(S)49 b Fu(and)37
+b(decla-)283 1635 y(rations)32 b Fs(D)692 1650 y Fn(P)744
+1635 y Fu(.)2910 b Fh(2)283 1855 y Fw(Exercise)37 b(4.70)49
+b Fu(Mo)s(dify)43 b(the)h(syn)m(tax)h(of)e(pro)s(cedures)i(so)f(that)f
+(they)i(tak)m(e)f(t)m(w)m(o)h Fs(c)-5 b(al)5 b(l-by-)283
+1976 y(value)40 b Fu(parameters:)527 2173 y Fs(D)610
+2188 y Fc(P)702 2173 y Fu(::=)32 b Fr(proc)i Fs(p)6 b
+Fu(\()p Fs(x)1253 2188 y Fn(1)1292 2173 y Fu(,)p Fs(x)1376
+2188 y Fn(2)1415 2173 y Fu(\))33 b Fr(is)g Fs(S)12 b
+Fu(;)32 b Fs(D)1830 2188 y Fc(P)1921 2173 y Ft(j)g Fo(")527
+2340 y Fs(S)45 b Fu(::=)32 b Ft(\001)17 b(\001)g(\001)31
+b(j)h Fr(call)i Fs(p)6 b Fu(\()p Fs(a)1387 2355 y Fn(1)1426
+2340 y Fu(,)p Fs(a)1510 2355 y Fn(2)1550 2340 y Fu(\))283
+2537 y(The)41 b(meaning)c(of)i(a)g(pro)s(cedure)h(will)d(no)m(w)j(dep)s
+(end)g(up)s(on)g(the)f(v)-5 b(alues)39 b(of)g(its)g(parameters)283
+2658 y(as)34 b(w)m(ell)f(as)h(the)g(state)g(in)f(whic)m(h)h(it)f(is)g
+(executed.)49 b(W)-8 b(e)34 b(therefore)g(c)m(hange)h(the)f
+(de\014nition)e(of)283 2778 y Fw(En)m(v)475 2793 y Fn(P)560
+2778 y Fu(to)g(b)s(e)527 2975 y Fw(En)m(v)719 2990 y
+Fn(P)804 2975 y Fu(=)g Fw(Pname)h Ft(!)f Fu(\(\()p Fw(Z)h
+Ft(\002)g Fw(Z)p Fu(\))g Ft(!)f Fu(\()p Fw(Store)g Fo(,)-17
+b Ft(!)33 b Fw(Store)p Fu(\)\))283 3172 y(so)d(that)f(giv)m(en)h(a)f
+(pair)f(of)h(v)-5 b(alues)29 b(and)g(a)h(store)f(w)m(e)i(can)e
+(determine)g(the)h(\014nal)f(store.)42 b(Mo)s(dify)283
+3293 y(the)h(de\014nition)e(of)g Ft(S)1092 3308 y Fn(ds)1205
+3293 y Fu(to)g(use)i(this)e(pro)s(cedure)i(en)m(vironmen)m(t.)72
+b(Also)41 b(pro)m(vide)h(seman)m(tic)283 3413 y(clauses)36
+b(for)f Ft(D)844 3377 y Fn(P)844 3438 y(ds)950 3413 y
+Fu(in)f(the)i(case)g(of)e(non-recursiv)m(e)j(as)e(w)m(ell)f(as)i
+(recursiv)m(e)g(pro)s(cedures.)53 b(Con-)283 3533 y(struct)34
+b(statemen)m(ts)f(that)g(illustrate)d(ho)m(w)j(the)g(new)h(clauses)f
+(are)g(used.)723 b Fh(2)283 3753 y Fw(Exercise)37 b(4.71)49
+b Fu(*)35 b(Mo)s(dify)f(the)h(seman)m(tics)h(of)e Fw(Pro)s(c)h
+Fu(so)g(that)g(dynamic)f(scop)s(e)i(rules)f(are)283 3874
+y(emplo)m(y)m(ed)e(for)f(v)-5 b(ariables)32 b(as)g(w)m(ell)g(as)h(pro)s
+(cedures.)1492 b Fh(2)283 4161 y Fp(The)45 b(concept)g(of)g(con)l(tin)l
+(uations)283 4346 y Fu(Another)35 b(imp)s(ortan)m(t)c(concept)k(from)d
+(denotational)g(seman)m(tics)i(is)f(that)g(of)g Fs(c)-5
+b(ontinuations)8 b Fu(.)283 4466 y(T)-8 b(o)35 b(illustrate)e(it)h(w)m
+(e)i(shall)d(consider)i(an)g(extension)h(of)e Fw(While)f
+Fu(where)k(exceptions)f(can)f(b)s(e)283 4587 y(raised)e(and)f(handled.)
+44 b(The)33 b(new)h(language)d(is)i(called)e Fw(Exc)h
+Fu(and)h(its)f(syn)m(tax)i(is:)577 4775 y Fs(S)112 b
+Fu(::=)99 b Fs(x)45 b Fu(:=)32 b Fs(a)40 b Ft(j)32 b
+Fr(skip)i Ft(j)e Fs(S)1713 4790 y Fn(1)1785 4775 y Fu(;)g
+Fs(S)1911 4790 y Fn(2)1983 4775 y Ft(j)g Fr(if)h Fs(b)39
+b Fr(then)33 b Fs(S)2566 4790 y Fn(1)2638 4775 y Fr(else)h
+Fs(S)2943 4790 y Fn(2)795 4943 y Ft(j)150 b Fr(while)34
+b Fs(b)39 b Fr(do)33 b Fs(S)44 b Ft(j)32 b Fr(begin)i
+Fs(S)1996 4958 y Fn(1)2068 4943 y Fr(handle)g Fs(e)7
+b Fu(:)44 b Fs(S)2598 4958 y Fn(2)2669 4943 y Fr(end)34
+b Ft(j)e Fr(raise)i Fs(e)283 5133 y Fu(The)c(meta-v)-5
+b(ariable)26 b Fs(e)36 b Fu(ranges)29 b(o)m(v)m(er)h(the)f(syn)m
+(tactic)g(category)g Fw(Exception)56 b Fu(of)29 b(exceptions.)283
+5254 y(The)34 b(statemen)m(t)e Fr(raise)i Fs(e)39 b Fu(is)32
+b(a)f(kind)h(of)g(jump)g(instruction:)42 b(when)33 b(it)e(is)h(encoun)m
+(tered,)i(the)283 5374 y(execution)f(of)d(the)i(encapsulating)f(blo)s
+(c)m(k)g(is)g(stopp)s(ed)h(and)g(the)f(\015o)m(w)h(of)f(con)m(trol)g
+(is)g(giv)m(en)g(to)283 5494 y(the)i(statemen)m(t)h(declaring)d(the)i
+(exception)g Fs(e)7 b Fu(.)44 b(An)33 b(example)f(is)g(the)h(statemen)m
+(t)p eop
+%%Page: 127 137
+127 136 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
+b(127)p 0 193 3473 4 v 244 515 a Fr(begin)34 b(while)g(true)f(do)g(if)g
+(x)p Ft(\024)q Fr(0)1194 683 y(then)h(raise)g(exit)1194
+851 y(else)g(x)f Fu(:=)f Fr(x)p Ft(\000)p Fr(1)533 1018
+y(handle)i(exit)p Fu(:)44 b Fr(y)33 b Fu(:=)g Fr(7)244
+1186 y(end)0 1381 y Fu(Assume)d(that)f Fs(s)614 1396
+y Fn(0)683 1381 y Fu(is)f(the)i(initial)25 b(state)30
+b(and)f(that)g Fs(s)1898 1396 y Fn(0)1967 1381 y Fr(x)g
+Fo(>)g Fw(0)p Fu(.)43 b(Then)30 b(the)g(false)e(branc)m(h)i(of)f(the)0
+1502 y(conditional)h(will)h(b)s(e)h(c)m(hosen)j(and)e(the)g(v)-5
+b(alue)32 b(of)g Fr(x)h Fu(decremen)m(ted.)46 b(Ev)m(en)m(tually)-8
+b(,)33 b Fr(x)g Fu(gets)g(the)0 1622 y(v)-5 b(alue)31
+b Fw(0)g Fu(and)g(the)g(true)h(branc)m(h)g(of)e(the)i(conditional)c
+(will)h(raise)i(the)g(exception)h Fr(exit)p Fu(.)44 b(This)0
+1742 y(will)37 b(cause)k(the)e(execution)h(of)f(the)h
+Fr(while)p Fu(-lo)s(op)f(to)g(b)s(e)h(terminated)e(and)h(con)m(trol)g
+(will)e(b)s(e)0 1863 y(transferred)d(to)f(the)h(handler)g(for)e
+Fr(exit)p Fu(.)48 b(Th)m(us)35 b(the)f(statemen)m(t)g(will)d(terminate)
+h(in)h(a)g(state)0 1983 y(where)h Fr(x)f Fu(has)g(the)g(v)-5
+b(alue)32 b Fw(0)g Fu(and)h Fr(y)g Fu(the)g(v)-5 b(alue)32
+b Fw(7)p Fu(.)146 2103 y(The)39 b(meaning)e(of)g(an)h(exception)h(will)
+c(b)s(e)j(the)h(e\013ect)f(of)g Fs(exe)-5 b(cuting)39
+b(the)h(r)-5 b(emainder)39 b(of)0 2224 y(the)c(pr)-5
+b(o)g(gr)g(am)39 b Fu(starting)32 b(from)f(the)i(handler.)43
+b(Consider)33 b(a)g(statemen)m(t)g(of)f(the)h(form)244
+2419 y(\()p Fr(if)g Fs(b)38 b Fr(then)c Fs(S)805 2434
+y Fn(1)877 2419 y Fr(else)f Fs(S)1181 2434 y Fn(2)1221
+2419 y Fu(\))f(;)h Fs(S)1418 2434 y Fn(3)0 2614 y Fu(In)43
+b(the)h(language)e Fw(While)g Fu(it)g(is)g(eviden)m(t)i(that)f(indep)s
+(enden)m(tly)h(of)f(whether)h(w)m(e)g(execute)0 2735
+y Fs(S)67 2750 y Fn(1)144 2735 y Fu(or)38 b Fs(S)336
+2750 y Fn(2)413 2735 y Fu(w)m(e)h(ha)m(v)m(e)g(to)e(con)m(tin)m(ue)i
+(with)e Fs(S)1606 2750 y Fn(3)1646 2735 y Fu(.)59 b(When)39
+b(w)m(e)g(in)m(tro)s(duce)e(exceptions)i(this)f(do)s(es)0
+2855 y(not)32 b(hold)f(an)m(y)h(longer:)43 b(if)30 b(one)j(of)e(the)h
+(branc)m(hes)i(raises)e(an)g(exception)g(not)g(handled)g(inside)0
+2975 y(that)41 b(branc)m(h,)j(then)d(w)m(e)h(will)d(certainly)h(not)g
+(execute)j Fs(S)2173 2990 y Fn(3)2212 2975 y Fu(.)69
+b(It)41 b(is)f(therefore)i(necessary)h(to)0 3096 y(rewrite)32
+b(the)h(seman)m(tics)f(of)f Fw(While)g Fu(to)h(mak)m(e)g(the)g
+(\\e\013ect)h(of)e(executing)i(the)g(remainder)e(of)0
+3216 y(the)i(program")e(more)h(explicit.)0 3475 y Fw(Con)m(tin)m
+(uation)k(st)m(yle)h(seman)m(tics)f(for)i(While)0 3659
+y Fu(In)26 b(a)f Fs(c)-5 b(ontinuation)27 b(style)i(semantics)j
+Fu(the)26 b(con)m(tin)m(uations)f(describ)s(e)h(the)51
+b Fs(e\013e)-5 b(ct)28 b(of)g(exe)-5 b(cuting)0 3780
+y(the)31 b(r)-5 b(emainder)29 b(of)h(the)h(pr)-5 b(o)g(gr)g(am)p
+Fu(.)41 b(F)-8 b(or)27 b(us)i(a)e Fs(c)-5 b(ontinuation)35
+b(c)e Fu(is)28 b(an)g(elemen)m(t)f(of)h(the)g(domain)244
+3975 y Fw(Con)m(t)k Fu(=)h Fw(State)f Fo(,)-17 b Ft(!)33
+b Fw(State)0 4170 y Fu(and)38 b(is)f(th)m(us)h(a)f(partial)f(function)h
+(from)f Fw(State)h Fu(to)g Fw(State)p Fu(.)59 b(Sometimes)36
+b(one)i(uses)h(partial)0 4291 y(functions)24 b(from)f
+Fw(State)h Fu(to)f(a)h(\\simpler")e(set)i Fw(Ans)g Fu(of)g(answ)m(ers)i
+(but)e(in)f(all)f(cases)j(the)g(purp)s(ose)0 4411 y(of)e(a)g(con)m(tin)
+m(uation)g(is)g(to)g(express)i(the)f(\\outcome")f(of)g(the)h(remainder)
+e(of)h(the)h(program)e(when)0 4531 y(started)33 b(in)f(a)g(giv)m(en)h
+(state.)146 4652 y(Consider)e(a)f(statemen)m(t)g(of)g(the)g(form)f
+Ft(\001)17 b(\001)g(\001)n Fu(;)31 b Fs(S)42 b Fu(;)30
+b Ft(\001)17 b(\001)g(\001)28 b Fu(and)i(let)g(us)h(explain)e(the)h
+(meaning)f(of)0 4772 y Fs(S)47 b Fu(in)34 b(terms)g(of)h(the)g
+(e\013ect)h(of)e(executing)i(the)f(remainder)f(of)g(the)i(program.)49
+b(The)35 b(starting)0 4893 y(p)s(oin)m(t)40 b(will)f(b)s(e)j(the)g(con)
+m(tin)m(uation)e Fs(c)47 b Fu(determining)39 b(the)j(e\013ect)g(of)f
+(executing)h(the)g(part)f(of)0 5013 y(the)35 b(program)f
+Fs(after)45 b(S)12 b Fu(,)35 b(that)g(is)f Fs(c)41 b(s)i
+Fu(is)34 b(the)h(state)h(obtained)e(when)i(the)g(remainder)e(of)g(the)0
+5133 y(program)29 b(is)i(executed)i(from)c(state)j Fs(s)8
+b Fu(.)43 b(W)-8 b(e)31 b(shall)e(then)j(determine)e(the)i(e\013ect)f
+(of)g(executing)0 5254 y Fs(S)45 b Fu(and)32 b(the)i(remainder)e(of)g
+(the)h(program,)f(that)g(is)h(w)m(e)g(shall)f(determine)g(a)h(con)m
+(tin)m(uation)f Fs(c)3450 5218 y Fi(0)0 5374 y Fu(suc)m(h)f(that)e
+Fs(c)476 5338 y Fi(0)529 5374 y Fs(s)37 b Fu(is)29 b(the)h(state)g
+(obtained)f(when)i(executing)f Fs(S)42 b Fu(and)29 b(the)h(part)g(of)f
+(the)h(program)0 5494 y(follo)m(wing)g Fs(S)44 b Fu(from)32
+b(state)h Fs(s)8 b Fu(.)43 b(Pictorially)-8 b(,)30 b(from)p
+eop
+%%Page: 128 138
+128 137 bop 251 130 a Fw(128)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 1501
+4 1083 v 666 519 a Ft(S)733 483 y Fi(0)733 543 y Fn(cs)797
+519 y Fu([)-17 b([)p Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(])-17
+b(])q Fs(c)38 b(s)j Fu(=)32 b Fs(c)38 b Fu(\()p Fs(s)8
+b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17
+b(])q Fs(s)8 b Fu(]\))666 710 y Ft(S)733 674 y Fi(0)733
+735 y Fn(cs)797 710 y Fu([)-17 b([)p Fr(skip)p Fu(])g(])34
+b(=)f(id)666 901 y Ft(S)733 865 y Fi(0)733 926 y Fn(cs)797
+901 y Fu([)-17 b([)p Fs(S)901 916 y Fn(1)973 901 y Fu(;)33
+b Fs(S)1100 916 y Fn(2)1139 901 y Fu(])-17 b(])33 b(=)f
+Ft(S)1385 865 y Fi(0)1385 926 y Fn(cs)1449 901 y Fu([)-17
+b([)p Fs(S)1553 916 y Fn(1)1592 901 y Fu(])g(])34 b Ft(\016)e(S)1813
+865 y Fi(0)1813 926 y Fn(cs)1876 901 y Fu([)-17 b([)q
+Fs(S)1981 916 y Fn(2)2020 901 y Fu(])g(])666 1092 y Ft(S)733
+1056 y Fi(0)733 1117 y Fn(cs)797 1092 y Fu([)g([)p Fr(if)33
+b Fs(b)39 b Fr(then)33 b Fs(S)1357 1107 y Fn(1)1429 1092
+y Fr(else)h Fs(S)1734 1107 y Fn(2)1773 1092 y Fu(])-17
+b(])q Fs(c)38 b Fu(=)32 b(cond\()p Ft(B)t Fu([)-17 b([)q
+Fs(b)6 b Fu(])-17 b(],)33 b Ft(S)2563 1056 y Fi(0)2563
+1117 y Fn(cs)2626 1092 y Fu([)-17 b([)p Fs(S)2730 1107
+y Fn(1)2770 1092 y Fu(])g(])p Fs(c)6 b Fu(,)32 b Ft(S)2985
+1056 y Fi(0)2985 1117 y Fn(cs)3049 1092 y Fu([)-17 b([)p
+Fs(S)3153 1107 y Fn(2)3193 1092 y Fu(])g(])p Fs(c)6 b
+Fu(\))666 1284 y Ft(S)733 1248 y Fi(0)733 1308 y Fn(cs)797
+1284 y Fu([)-17 b([)p Fr(while)34 b Fs(b)39 b Fr(do)33
+b Fs(S)12 b Fu(])-17 b(])33 b(=)f(FIX)g Fs(G)934 1451
+y Fu(where)i(\()p Fs(G)42 b(g)9 b Fu(\))32 b Fs(c)38
+b Fu(=)32 b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(],)33 b Ft(S)2247 1415 y Fi(0)2247 1476 y Fn(cs)2310
+1451 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(]\()p Fs(g)41
+b(c)6 b Fu(\),)32 b Fs(c)6 b Fu(\))p 3753 1501 V 283
+1504 3473 4 v 937 1665 a(T)-8 b(able)32 b(4.7:)43 b(Con)m(tin)m(uation)
+32 b(st)m(yle)h(seman)m(tics)g(for)f Fw(While)769 1959
+y Ft(\001)17 b(\001)g(\001)240 b Fu(;)300 b Fs(S)310
+b Fu(;)275 b Ft(\001)17 b(\001)g(\001)1879 1994 y Fg(|)p
+1916 1994 226 10 v 226 w({z)p 2216 1994 V 226 w(})2154
+2075 y Fs(c)283 2266 y Fu(w)m(e)34 b(w)m(an)m(t)g(to)e(obtain)769
+2491 y Ft(\001)17 b(\001)g(\001)240 b Fu(;)300 b Fs(S)278
+b Fu(;)259 b Ft(\001)17 b(\001)g(\001)1187 2545 y Fg(|)p
+1224 2545 548 10 v 548 w({z)p 1846 2545 V 548 w(})1772
+2657 y Fs(c)1823 2621 y Fi(0)283 2851 y Fu(W)-8 b(e)49
+b(shall)d(de\014ne)j(a)e(seman)m(tic)g(function)h Ft(S)1987
+2815 y Fi(0)1987 2876 y Fn(cs)2098 2851 y Fu(for)f Fw(While)g
+Fu(that)g(ac)m(hiev)m(es)i(this.)89 b(It)47 b(has)283
+2971 y(functionalit)m(y)527 3196 y Ft(S)595 3160 y Fi(0)595
+3221 y Fn(cs)658 3196 y Fu(:)d Fw(Stm)32 b Ft(!)g Fu(\()p
+Fw(Con)m(t)g Ft(!)g Fw(Con)m(t)p Fu(\))283 3421 y(and)j(is)f(de\014ned)
+h(in)f(T)-8 b(able)34 b(4.7.)48 b(The)36 b(clauses)f(for)e(assignmen)m
+(t)h(and)h Fr(skip)g Fu(are)f(straigh)m(tfor-)283 3542
+y(w)m(ard;)g(ho)m(w)m(ev)m(er,)h(note)e(that)g(w)m(e)h(no)m(w)f(use)h
+(id)e(as)h(the)g(iden)m(tit)m(y)g(function)f(on)h Fw(Con)m(t)p
+Fu(,)g(that)f(is)283 3662 y(id)c Fs(c)35 b(s)h Fu(=)29
+b Fs(c)34 b(s)8 b Fu(.)42 b(In)29 b(the)g(clause)g(for)g(comp)s
+(osition)d(the)j(order)g(of)f(the)h(functional)e(comp)s(osition)283
+3783 y(is)33 b Fs(r)-5 b(everse)g(d)42 b Fu(compared)33
+b(with)g(the)g(direct)g(st)m(yle)g(seman)m(tics)h(of)e(T)-8
+b(able)33 b(4.1.)44 b(In)m(tuitiv)m(ely)-8 b(,)32 b(the)283
+3903 y(reason)43 b(is)e(that)h(the)g(con)m(tin)m(uations)f(are)h
+(\\pulled)f(bac)m(kw)m(ards")i(through)f(the)g(t)m(w)m(o)h(state-)283
+4023 y(men)m(ts.)55 b(So)36 b(assuming)f(that)h Fs(c)41
+b Fu(is)36 b(the)g(con)m(tin)m(uation)f(for)h(the)g(remainder)f(of)h
+(the)g(program)283 4144 y(w)m(e)44 b(shall)c(\014rst)j(determine)f(a)g
+(con)m(tin)m(uation)f(for)g Fs(S)2239 4159 y Fn(2)2321
+4144 y Fu(follo)m(w)m(ed)g(b)m(y)i(the)g(remainder)e(of)g(the)283
+4264 y(program)32 b(and)g(next)i(for)e Fs(S)1299 4279
+y Fn(1)1371 4264 y Fu(follo)m(w)m(ed)f(b)m(y)j Fs(S)1950
+4279 y Fn(2)2022 4264 y Fs(and)42 b Fu(the)33 b(remainder)e(of)i(the)g
+(program.)430 4389 y(The)42 b(clause)g(for)f(the)g(conditional)e(is)i
+(straigh)m(tforw)m(ard)g(as)g(the)h(con)m(tin)m(uation)f(applies)283
+4509 y(to)g(b)s(oth)g(branc)m(hes.)72 b(In)41 b(the)h(clause)f(for)g
+(the)h Fr(while)p Fu(-construct)h(w)m(e)f(use)h(the)e(\014xed)i(p)s
+(oin)m(t)283 4630 y(op)s(erator)33 b(as)g(in)g(the)h(direct)f(st)m(yle)
+g(seman)m(tics.)46 b(If)33 b(the)h(test)g(of)f Fr(while)h
+Fs(b)39 b Fr(do)34 b Fs(S)45 b Fu(ev)-5 b(aluates)33
+b(to)283 4750 y Fw(\013)g Fu(then)f(w)m(e)h(return)f(the)g(con)m(tin)m
+(uation)f Fs(c)37 b Fu(for)31 b(the)h(remainder)f(of)g(the)i(program.)
+41 b(If)32 b(the)g(test)283 4870 y(ev)-5 b(aluates)33
+b(to)g Fw(tt)f Fu(then)i Fs(g)41 b(c)e Fu(denotes)34
+b(the)g(e\013ect)g(of)e(executing)i(the)f(remainder)f(of)h(the)g(lo)s
+(op)283 4991 y(follo)m(w)m(ed)j(b)m(y)h(the)g(remainder)e(of)h(the)h
+(program)d(and)j(is)f(the)g(con)m(tin)m(uation)g(to)f(b)s(e)i(used)g
+(for)283 5111 y(the)c(\014rst)h(unfolding)c(of)i(the)h(lo)s(op.)283
+5374 y Fw(Example)k(4.72)49 b Fu(Consider)34 b(the)g(statemen)m(t)g
+Fr(z)g Fu(:=)f Fr(x)p Fu(;)i Fr(x)f Fu(:=)f Fr(y)p Fu(;)i
+Fr(y)e Fu(:=)h Fr(z)g Fu(of)f(Chapter)h(1.)47 b(Let)283
+5494 y(id)32 b(b)s(e)h(the)g(iden)m(tit)m(y)f(function)h(on)f
+Fw(State)p Fu(.)44 b(Then)33 b(w)m(e)h(ha)m(v)m(e)p eop
+%%Page: 129 139
+129 138 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
+b(129)p 0 193 3473 4 v 244 515 a Ft(S)312 479 y Fi(0)312
+540 y Fn(cs)375 515 y Fu([)-17 b([)q Fr(z)32 b Fu(:=)h
+Fr(x)p Fu(;)g Fr(x)g Fu(:=)f Fr(y)p Fu(;)h Fr(y)g Fu(:=)f
+Fr(z)p Fu(])-17 b(])q(id)413 683 y(=)32 b(\()p Ft(S)627
+647 y Fi(0)627 708 y Fn(cs)690 683 y Fu([)-17 b([)q Fr(z)32
+b Fu(:=)h Fr(x)p Fu(])-17 b(])33 b Ft(\016)g(S)1218 647
+y Fi(0)1218 708 y Fn(cs)1282 683 y Fu([)-17 b([)p Fr(x)33
+b Fu(:=)g Fr(y)p Fu(])-17 b(])33 b Ft(\016)f(S)1810 647
+y Fi(0)1810 708 y Fn(cs)1874 683 y Fu([)-17 b([)p Fr(y)33
+b Fu(:=)f Fr(z)p Fu(])-17 b(])q(\))33 b(id)413 851 y(=)f(\()p
+Ft(S)627 814 y Fi(0)627 875 y Fn(cs)690 851 y Fu([)-17
+b([)q Fr(z)32 b Fu(:=)h Fr(x)p Fu(])-17 b(])33 b Ft(\016)g(S)1218
+814 y Fi(0)1218 875 y Fn(cs)1282 851 y Fu([)-17 b([)p
+Fr(x)33 b Fu(:=)g Fr(y)p Fu(])-17 b(])q(\))32 b Fs(g)1752
+866 y Fn(1)681 1018 y Fu(where)i Fs(g)1017 1033 y Fn(1)1089
+1018 y Fs(s)40 b Fu(=)33 b(id\()p Fs(s)8 b Fu([)p Fr(y)p
+Ft(7!)o Fu(\()p Fs(s)41 b Fr(z)p Fu(\)]\))413 1186 y(=)32
+b Ft(S)589 1150 y Fi(0)589 1211 y Fn(cs)652 1186 y Fu([)-17
+b([)q Fr(z)33 b Fu(:=)f Fr(x)p Fu(])-17 b(])q Fs(g)1052
+1201 y Fn(2)681 1354 y Fu(where)34 b Fs(g)1017 1369 y
+Fn(2)1089 1354 y Fs(s)40 b Fu(=)33 b Fs(g)1332 1369 y
+Fn(1)1371 1354 y Fu(\()p Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p
+Fu(\()p Fs(s)40 b Fr(y)p Fu(\)]\))1169 1521 y(=)33 b(id\()p
+Fs(s)8 b Fu([)p Fr(x)p Ft(7!)o Fu(\()p Fs(s)41 b Fr(y)p
+Fu(\)][)p Fr(y)p Ft(7!)p Fu(\()p Fs(s)f Fr(z)p Fu(\)]\))413
+1689 y(=)32 b Fs(g)575 1704 y Fn(3)681 1856 y Fu(where)i
+Fs(g)1017 1871 y Fn(3)1089 1856 y Fs(s)40 b Fu(=)33 b
+Fs(g)1332 1871 y Fn(2)1371 1856 y Fu(\()p Fs(s)8 b Fu([)p
+Fr(z)p Ft(7!)p Fu(\()p Fs(s)40 b Fr(x)p Fu(\)]\))1169
+2024 y(=)33 b(id\()p Fs(s)8 b Fu([)p Fr(z)p Ft(7!)o Fu(\()p
+Fs(s)41 b Fr(x)p Fu(\)][)p Fr(x)p Ft(7!)p Fu(\()p Fs(s)f
+Fr(y)p Fu(\)][)p Fr(y)p Ft(7!)q Fu(\()p Fs(s)g Fr(x)p
+Fu(\)]\))0 2242 y(Note)33 b(that)f(the)h(seman)m(tic)f(function)g(is)h
+(constructed)h(in)e(a)g(\\bac)m(kw)m(ards")i(manner.)258
+b Fh(2)146 2491 y Fu(As)35 b(in)f(the)h(case)g(of)f(the)h(direct)g(st)m
+(yle)g(seman)m(tics)f(w)m(e)i(m)m(ust)f(ensure)g(that)g(the)g(seman)m
+(tic)0 2612 y(clauses)e(de\014ne)h(a)e(total)f(function)h
+Ft(S)1372 2576 y Fi(0)1372 2636 y Fn(cs)1436 2612 y Fu(.)43
+b(W)-8 b(e)33 b(lea)m(v)m(e)g(the)g(details)f(to)g(the)h(exercise)h(b)s
+(elo)m(w.)0 2864 y Fw(Exercise)i(4.73)49 b Fu(**)40 b(T)-8
+b(o)41 b(ensure)h(that)e(the)h(clauses)h(for)e Ft(S)2247
+2828 y Fi(0)2247 2889 y Fn(cs)2351 2864 y Fu(de\014ne)i(a)e(total)f
+(function)h(w)m(e)0 2984 y(m)m(ust)31 b(sho)m(w)h(that)e(FIX)h(is)f
+(only)g(applied)f(to)i(con)m(tin)m(uous)g(functions.)43
+b(First)30 b(one)h(ma)m(y)f(de\014ne)244 3203 y Fs(g)298
+3218 y Fn(1)369 3203 y Ft(v)447 3166 y Fi(0)503 3203
+y Fs(g)557 3218 y Fn(2)628 3203 y Fu(if)i(and)g(only)g(if)g
+Fs(g)1265 3218 y Fn(1)1336 3203 y Fs(c)38 b Ft(v)33 b
+Fs(g)1583 3218 y Fn(2)1655 3203 y Fs(c)38 b Fu(for)32
+b(all)f Fs(c)38 b Ft(2)33 b Fw(Con)m(t)0 3421 y Fu(and)g(sho)m(w)g
+(that)g(\()p Fw(Con)m(t)f Ft(!)g Fw(Con)m(t)p Fu(,)g
+Ft(v)1462 3385 y Fi(0)1485 3421 y Fu(\))h(is)f(a)g(ccp)s(o.)44
+b(Secondly)-8 b(,)33 b(one)g(ma)m(y)f(de\014ne)244 3639
+y([)p Fw(Con)m(t)g Ft(!)g Fw(Con)m(t)p Fu(])h(=)f Ft(f)g
+Fs(g)9 b Fu(:)43 b Fw(Con)m(t)33 b Ft(!)f Fw(Con)m(t)g
+Ft(j)g Fs(g)41 b Fu(is)32 b(con)m(tin)m(uous)i Ft(g)0
+3857 y Fu(and)29 b(sho)m(w)i(that)e(\([)p Fw(Con)m(t)g
+Ft(!)f Fw(Con)m(t)p Fu(],)i Ft(v)1497 3821 y Fi(0)1520
+3857 y Fu(\))f(is)g(a)g(ccp)s(o.)42 b(Finally)-8 b(,)28
+b(one)h(ma)m(y)g(use)h(Exercise)h(4.41)0 3978 y(\(with)26
+b Fs(D)36 b Fu(=)26 b([)p Fw(Con)m(t)g Ft(!)g Fw(Con)m(t)p
+Fu(]\))h(to)f(sho)m(w)i(that)e(the)h(clauses)g(of)f(T)-8
+b(able)27 b(4.7)f(de\014ne)i(a)e(function)244 4196 y
+Ft(S)312 4160 y Fi(0)312 4221 y Fn(cs)375 4196 y Fu(:)43
+b([)p Fw(Con)m(t)33 b Ft(!)f Fw(Con)m(t)p Fu(])0 4414
+y(using)g(structural)h(induction)e(on)i Fs(S)12 b Fu(.)2029
+b Fh(2)0 4664 y Fw(Exercise)36 b(4.74)49 b Fu(*)33 b(Pro)m(v)m(e)h
+(that)e(the)h(t)m(w)m(o)g(seman)m(tic)g(functions)f Ft(S)2504
+4679 y Fn(ds)2608 4664 y Fu(and)g Ft(S)2865 4627 y Fi(0)2865
+4688 y Fn(cs)2961 4664 y Fu(satisfy)244 4882 y Ft(S)312
+4846 y Fi(0)312 4906 y Fn(cs)375 4882 y Fu([)-17 b([)q
+Fs(S)12 b Fu(])-17 b(])p Fs(c)38 b Fu(=)33 b Fs(c)38
+b Ft(\016)32 b(S)942 4897 y Fn(ds)1013 4882 y Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(])0 5100 y(for)32 b(all)f(statemen)m(ts)i
+Fs(S)44 b Fu(of)33 b Fw(While)d Fu(and)j(for)f(all)f(con)m(tin)m
+(uations)h Fs(c)6 b Fu(.)933 b Fh(2)0 5349 y Fw(Exercise)36
+b(4.75)49 b Fu(Extend)26 b(the)g(language)d Fw(While)g
+Fu(with)h(the)h(construct)h Fr(repeat)34 b Fs(S)45 b
+Fr(until)34 b Fs(b)0 5470 y Fu(and)f(giv)m(e)f(the)h(new)h(\(comp)s
+(ositional\))29 b(clause)j(for)g Ft(S)1960 5433 y Fi(0)1960
+5494 y Fn(cs)2024 5470 y Fu(.)1347 b Fh(2)p eop
+%%Page: 130 140
+130 139 bop 251 130 a Fw(130)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v 283 419 V 283 2219
+4 1800 v 666 519 a Ft(S)733 534 y Fn(cs)797 519 y Fu([)-17
+b([)p Fs(x)12 b Fu(:=)p Fs(a)7 b Fu(])-17 b(])q Fs(env)1245
+534 y Fc(E)1336 519 y Fs(c)38 b(s)j Fu(=)32 b Fs(c)38
+b Fu(\()p Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o Fu([)-17 b([)q
+Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(]\))666 710 y Ft(S)733
+725 y Fn(cs)797 710 y Fu([)-17 b([)p Fr(skip)p Fu(])g(])r
+Fs(env)1233 725 y Fc(E)1324 710 y Fu(=)33 b(id)666 901
+y Ft(S)733 916 y Fn(cs)797 901 y Fu([)-17 b([)p Fs(S)901
+916 y Fn(1)973 901 y Fu(;)33 b Fs(S)1100 916 y Fn(2)1139
+901 y Fu(])-17 b(])q Fs(env)1333 916 y Fc(E)1424 901
+y Fu(=)32 b(\()p Ft(S)1638 916 y Fn(cs)1701 901 y Fu([)-17
+b([)q Fs(S)1806 916 y Fn(1)1845 901 y Fu(])g(])q Fs(env)2039
+916 y Fc(E)2098 901 y Fu(\))32 b Ft(\016)g Fu(\()p Ft(S)2356
+916 y Fn(cs)2419 901 y Fu([)-17 b([)q Fs(S)2524 916 y
+Fn(2)2563 901 y Fu(])g(])q Fs(env)2757 916 y Fc(E)2816
+901 y Fu(\))666 1092 y Ft(S)733 1107 y Fn(cs)797 1092
+y Fu([)g([)p Fr(if)33 b Fs(b)39 b Fr(then)33 b Fs(S)1357
+1107 y Fn(1)1429 1092 y Fr(else)h Fs(S)1734 1107 y Fn(2)1773
+1092 y Fu(])-17 b(])q Fs(env)1967 1107 y Fc(E)2058 1092
+y Fs(c)38 b Fu(=)934 1260 y(cond\()p Ft(B)t Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(S)1495 1275 y Fn(cs)1558
+1260 y Fu([)-17 b([)q Fs(S)1663 1275 y Fn(1)1702 1260
+y Fu(])g(])q Fs(env)1896 1275 y Fc(E)1987 1260 y Fs(c)6
+b Fu(,)32 b Ft(S)2165 1275 y Fn(cs)2228 1260 y Fu([)-17
+b([)q Fs(S)2333 1275 y Fn(2)2372 1260 y Fu(])g(])q Fs(env)2566
+1275 y Fc(E)2657 1260 y Fs(c)6 b Fu(\))666 1451 y Ft(S)733
+1466 y Fn(cs)797 1451 y Fu([)-17 b([)p Fr(while)34 b
+Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17 b(])p Fs(env)1602
+1466 y Fc(E)1693 1451 y Fu(=)33 b(FIX)f Fs(G)934 1619
+y Fu(where)i(\()p Fs(G)42 b(g)9 b Fu(\))32 b Fs(c)38
+b Fu(=)32 b(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(],)33 b Ft(S)2247 1634 y Fn(cs)2310 1619 y Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(])p Fs(env)2608 1634 y Fc(E)2699
+1619 y Fu(\()p Fs(g)41 b(c)6 b Fu(\),)33 b Fs(c)6 b Fu(\))666
+1810 y Ft(S)733 1825 y Fn(cs)797 1810 y Fu([)-17 b([)p
+Fr(begin)34 b Fs(S)1190 1825 y Fn(1)1262 1810 y Fr(handle)g
+Fs(e)7 b Fu(:)44 b Fs(S)1792 1825 y Fn(2)1864 1810 y
+Fr(end)p Fu(])-17 b(])q Fs(env)2211 1825 y Fc(E)2302
+1810 y Fs(c)38 b Fu(=)934 1978 y Ft(S)1002 1993 y Fn(cs)1065
+1978 y Fu([)-17 b([)q Fs(S)1170 1993 y Fn(1)1209 1978
+y Fu(])g(])q(\()p Fs(env)1441 1993 y Fc(E)1500 1978 y
+Fu([)p Fs(e)7 b Ft(7!S)1746 1993 y Fn(cs)1810 1978 y
+Fu([)-17 b([)p Fs(S)1914 1993 y Fn(2)1954 1978 y Fu(])g(])p
+Fs(env)2147 1993 y Fc(E)2238 1978 y Fs(c)6 b Fu(]\))33
+b Fs(c)666 2169 y Ft(S)733 2184 y Fn(cs)797 2169 y Fu([)-17
+b([)p Fr(raise)34 b Fs(e)7 b Fu(])-17 b(])q Fs(env)1369
+2184 y Fc(E)1460 2169 y Fs(c)38 b Fu(=)33 b Fs(env)1808
+2184 y Fc(E)1899 2169 y Fs(e)p 3753 2219 V 283 2222 3473
+4 v 991 2383 a Fu(T)-8 b(able)33 b(4.8:)43 b(Con)m(tin)m(uation)31
+b(st)m(yle)j(seman)m(tics)e(for)g Fw(Exc)283 2677 y(The)38
+b(seman)m(tic)e(function)h Ft(S)1483 2692 y Fn(cs)1584
+2677 y Fw(for)g(Exc)283 2871 y Fu(In)30 b(order)g(to)f(k)m(eep)i(trac)m
+(k)f(of)f(the)h(exceptions)h(that)e(ha)m(v)m(e)i(b)s(een)f(in)m(tro)s
+(duced)g(w)m(e)g(shall)e(use)j(an)283 2992 y Fs(exc)-5
+b(eption)34 b(envir)-5 b(onment)p Fu(.)43 b(It)32 b(will)f(b)s(e)h(an)h
+(elemen)m(t,)f Fs(env)2408 3007 y Fc(E)2467 2992 y Fu(,)h(of)527
+3219 y Fw(En)m(v)719 3234 y Fn(E)804 3219 y Fu(=)f Fw(Exception)g
+Ft(!)g Fw(Con)m(t)283 3446 y Fu(Giv)m(en)h(an)f(exception)h(en)m
+(vironmen)m(t)f Fs(env)1853 3461 y Fc(E)1944 3446 y Fu(and)h(an)f
+(exception)h Fs(e)7 b Fu(,)33 b(the)f(e\013ect)h(of)f(executing)283
+3566 y(the)f(remainder)e(of)g(the)i(program)d(starting)h(from)g(the)h
+(handler)g(for)f Fs(e)38 b Fu(will)27 b(then)k(b)s(e)f
+Fs(env)3588 3581 y Fc(E)3677 3566 y Fs(e)7 b Fu(.)430
+3691 y(The)40 b(seman)m(tic)f(function)f Ft(S)1504 3706
+y Fn(cs)1606 3691 y Fu(for)h(the)h(statemen)m(ts)g(of)e(the)i(language)
+e Fw(Exc)g Fu(has)i(func-)283 3812 y(tionalit)m(y)527
+4039 y Ft(S)595 4054 y Fn(cs)658 4039 y Fu(:)k Fw(Stm)32
+b Ft(!)g Fw(En)m(v)1285 4054 y Fn(E)1369 4039 y Ft(!)h
+Fu(\()p Fw(Con)m(t)f Ft(!)g Fw(Con)m(t)p Fu(\))283 4265
+y(The)25 b(function)f(is)f(de\014ned)i(b)m(y)g(the)g(clauses)f(of)g(T)
+-8 b(able)23 b(4.8.)40 b(Most)25 b(of)e(the)h(clauses)h(are)f(straigh)m
+(t-)283 4386 y(forw)m(ard)g(extensions)h(of)e(those)h(giv)m(en)g(for)f
+Fw(While)f Fu(in)g(T)-8 b(able)23 b(4.7.)40 b(The)25
+b(meaning)d(of)h(the)h(blo)s(c)m(k)283 4506 y(construct)33
+b(is)d(to)h(execute)i(the)f(b)s(o)s(dy)f(in)f(the)i(up)s(dated)g(en)m
+(vironmen)m(t.)43 b(Therefore)32 b(the)g(en)m(vi-)283
+4627 y(ronmen)m(t)g(is)g(up)s(dated)g(so)g(that)g Fs(e)39
+b Fu(is)32 b(b)s(ound)g(to)g(the)g(e\013ect)h(of)e(executing)i(the)f
+(remainder)f(of)283 4747 y(the)i(program)d(starting)h(from)f(the)i
+(handler)f(for)g Fs(e)39 b Fu(and)32 b(this)f(is)h(the)g(con)m(tin)m
+(uation)e(obtained)283 4867 y(b)m(y)j(executing)f(\014rst)g
+Fs(S)1120 4882 y Fn(2)1191 4867 y Fu(and)g(then)g(the)g(remainder)f(of)
+g(the)h(program,)e(that)h(is)h Ft(S)3296 4882 y Fn(cs)3360
+4867 y Fu([)-17 b([)p Fs(S)3464 4882 y Fn(2)3504 4867
+y Fu(])g(])p Fs(env)3697 4882 y Fc(E)283 4988 y Fs(c)6
+b Fu(.)48 b(Finally)-8 b(,)31 b(in)i(the)i(clause)f(for)f
+Fr(raise)i Fs(e)41 b Fu(w)m(e)35 b Fs(ignor)-5 b(e)41
+b Fu(the)34 b(con)m(tin)m(uation)f(that)h(is)f(otherwise)283
+5108 y(supplied.)44 b(So)32 b(rather)h(than)f(using)h
+Fs(c)38 b Fu(w)m(e)33 b(c)m(ho)s(ose)h(to)e(use)i Fs(env)2598
+5123 y Fc(E)2689 5108 y Fs(e)7 b Fu(.)283 5374 y Fw(Example)37
+b(4.76)49 b Fu(Let)40 b Fs(env)1332 5389 y Fc(E)1431
+5374 y Fu(b)s(e)g(an)g(initial)c(en)m(vironmen)m(t)k(and)g(assume)h
+(that)e(the)i(initial)283 5494 y(con)m(tin)m(uation)32
+b(is)g(the)h(iden)m(tit)m(y)g(function,)f(id.)42 b(Then)34
+b(w)m(e)g(ha)m(v)m(e)p eop
+%%Page: 131 141
+131 140 bop 0 130 a Fw(4.5)112 b(Extensions)37 b(of)h(While)2063
+b(131)p 0 193 3473 4 v 244 515 a Ft(S)312 530 y Fn(cs)375
+515 y Fu([)-17 b([)q Fr(begin)33 b(while)h(true)g(do)f(if)g(x)p
+Ft(\024)q Fr(0)g(then)g(raise)h(exit)g(else)f(x)g Fu(:=)f
+Fr(x)p Ft(\000)p Fr(1)413 683 y(handle)i(exit)p Fu(:)44
+b Fr(y)33 b Fu(:=)g Fr(7)f(end)p Fu(])-17 b(])r Fs(env)1679
+698 y Fc(E)1770 683 y Fu(id)244 851 y(=)93 b(\(FIX)32
+b Fs(G)9 b Fu(\))33 b(id)0 1054 y(where)h Fs(G)42 b Fu(is)32
+b(de\014ned)i(b)m(y)244 1257 y Fs(G)42 b(g)f(c)d(s)i
+Fu(=)33 b(cond\()p Ft(B)t Fu([)-17 b([)p Fr(true)p Fu(])g(])r(,)957
+1425 y(cond\()p Ft(B)t Fu([)g([)q Fr(x)p Ft(\024)q Fr(0)p
+Fu(])g(],)33 b Fs(c)1630 1440 y Fn(exit)1749 1425 y Fu(,)g
+Fs(S)1876 1440 y Fn(cs)1939 1425 y Fu([)-17 b([)q Fr(x)33
+b Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(])-17 b(])r Fs(env)2570
+1440 y Fc(E)2628 1425 y Fu([)p Fr(exit)p Ft(7!)p Fs(c)3010
+1440 y Fn(exit)3131 1425 y Fu(])32 b(\()p Fs(g)41 b(c)6
+b Fu(\)\),)957 1593 y Fs(c)g Fu(\))32 b Fs(s)610 1850
+y Fu(=)719 1676 y Fg(8)719 1751 y(<)719 1900 y(:)834
+1766 y Fs(c)885 1781 y Fn(exit)1037 1766 y Fs(s)756 b
+Fu(if)31 b Fs(s)41 b Fr(x)32 b Ft(\024)h Fw(0)834 1933
+y Fu(\()p Fs(g)41 b(c)6 b Fu(\))32 b(\()p Fs(s)8 b Fu([)p
+Fr(x)p Ft(7!)p Fu(\()p Fs(s)41 b Fr(x)p Fu(\))p Ft(\000)p
+Fw(1)p Fu(]\))84 b(if)31 b Fs(s)41 b Fr(x)32 b Fo(>)h
+Fw(0)0 2135 y Fu(and)g(the)g(con)m(tin)m(uation)e Fs(c)972
+2150 y Fn(exit)1124 2135 y Fu(asso)s(ciated)i(with)f(the)h(exception)g
+Fr(exit)h Fu(is)e(giv)m(en)g(b)m(y)244 2339 y Fs(c)295
+2354 y Fn(exit)447 2339 y Fs(s)40 b Fu(=)33 b(id)f(\()p
+Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(7)p Fu(]\))32 b(=)h
+Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(7)p Fu(])0 2542 y(Note)36
+b(that)f Fs(G)45 b Fu(ma)m(y)36 b(c)m(ho)s(ose)h(to)e(use)i(the)f
+(\\default")f(con)m(tin)m(uation)f Fs(c)42 b Fu(or)35
+b(the)h(con)m(tin)m(uation)0 2663 y Fs(c)51 2678 y Fn(exit)203
+2663 y Fu(asso)s(ciated)c(with)h(the)g(exception,)g(as)g(appropriate.)
+42 b(W)-8 b(e)33 b(then)g(get)269 2912 y(\(FIX)f Fs(G)9
+b Fu(\))33 b(id)f Fs(s)40 b Fu(=)969 2738 y Fg(8)969
+2812 y(<)969 2962 y(:)1084 2827 y Fs(s)8 b Fu([)p Fr(y)p
+Ft(7!)p Fw(7)p Fu(])344 b(if)32 b Fs(s)40 b Fr(x)33 b
+Ft(\024)g Fw(0)1084 2995 y Fs(s)8 b Fu([)p Fr(x)p Ft(7!)p
+Fw(0)p Fu(][)p Fr(y)p Ft(7!)p Fw(7)p Fu(])83 b(if)32
+b Fs(s)40 b Fr(x)33 b Fo(>)g Fw(0)3398 2912 y Fh(2)0
+3222 y Fw(Exercise)j(4.77)49 b Fu(Sho)m(w)33 b(that)f(FIX)g
+Fs(G)42 b Fu(as)32 b(sp)s(eci\014ed)h(in)f(the)g(ab)s(o)m(v)m(e)h
+(example)f(is)f(indeed)i(the)0 3342 y(least)39 b(\014xed)j(p)s(oin)m
+(t,)f(that)e(is)h(construct)h(the)f(iterands)g Fs(G)2171
+3306 y Fn(n)2254 3342 y Ft(?)h Fu(and)f(sho)m(w)h(that)e(their)h(least)
+0 3463 y(upp)s(er)33 b(b)s(ound)g(is)f(as)h(sp)s(eci\014ed.)2213
+b Fh(2)0 3691 y Fw(Exercise)36 b(4.78)49 b Fu(**)31 b(Extend)j
+(Exercise)f(4.73)e(to)g(sho)m(w)i(the)f(w)m(ell-de\014nedness)h(of)e
+(the)h(func-)0 3811 y(tion)g Ft(S)268 3826 y Fn(cs)364
+3811 y Fu(de\014ned)i(b)m(y)g(the)f(clauses)g(of)f(T)-8
+b(able)32 b(4.8.)1537 b Fh(2)0 4040 y Fw(Exercise)36
+b(4.79)49 b Fu(Supp)s(ose)36 b(that)e(there)i(is)e(a)g(distinguished)g
+(output)h(v)-5 b(ariable)33 b Fr(out)i Ft(2)g Fw(V)-9
+b(ar)0 4160 y Fu(and)38 b(that)f(only)h(the)g(\014nal)f(v)-5
+b(alue)37 b(of)g(this)h(v)-5 b(ariable)36 b(is)h(of)g(in)m(terest.)60
+b(This)38 b(migh)m(t)e(motiv)-5 b(ate)0 4280 y(de\014ning)244
+4484 y Fw(Con)m(t)32 b Fu(=)h Fw(State)f Fo(,)-17 b Ft(!)33
+b Fw(Z)0 4687 y Fu(De\014ne)h(the)h(initial)30 b(con)m(tin)m(uation)j
+Fs(c)1372 4702 y Fn(0)1444 4687 y Ft(2)h Fw(Con)m(t)p
+Fu(.)47 b(What)34 b(c)m(hanges)h(to)f Fw(En)m(v)2808
+4702 y Fn(E)2860 4687 y Fu(,)g(the)g(function-)0 4808
+y(alit)m(y)d(of)h Ft(S)401 4823 y Fn(cs)497 4808 y Fu(and)h(T)-8
+b(able)32 b(4.8)g(are)h(necessary?)1680 b Fh(2)p eop
+%%Page: 132 142
+132 141 bop 251 130 a Fw(132)1978 b(4)112 b(Denotational)36
+b(Seman)m(tics)p 251 193 3473 4 v eop
+%%Page: 133 143
+133 142 bop 0 1185 a Fv(Chapter)78 b(5)0 1606 y(Static)g(Program)f
+(Analysis)0 2063 y Fu(When)41 b(implemen)m(ting)36 b(a)k(programming)d
+(language)h(it)h(is)g(crucial)f(that)i(the)g(implemen)m(ta-)0
+2184 y(tion)30 b(is)h(faithful)f(to)h(the)h(seman)m(tics)g(of)f(the)h
+(language)e(and)i(in)e(Chapter)j(3)e(w)m(e)h(sa)m(w)h(ho)m(w)f(the)0
+2304 y(op)s(erational)27 b(seman)m(tics)j(could)f(b)s(e)h(used)g(to)f
+(pro)m(v)m(e)i(this)e(formally)-8 b(.)40 b(Ho)m(w)m(ev)m(er,)32
+b(it)d(is)g(also)g(im-)0 2425 y(p)s(ortan)m(t)f(that)f(the)h(implemen)m
+(tation)d(is)j(reasonably)f(e\016cien)m(t)i(and)f(it)f(is)g(therefore)i
+(common)0 2545 y(to)f(com)m(bine)f(the)h(co)s(de)h(generation)e(with)g
+(v)-5 b(arious)28 b(analyses)g(collecting)e(information)f(ab)s(out)0
+2665 y(the)34 b(programs.)45 b(In)34 b(this)f(c)m(hapter)i(w)m(e)f
+(shall)e(dev)m(elop)i(one)g(suc)m(h)h(analysis)e(in)f(detail)g(but)i
+(let)0 2786 y(us)f(\014rst)g(consider)g(a)f(couple)h(of)f(example)g
+(analyses.)146 2912 y Fs(Constant)47 b(pr)-5 b(op)g(agation)53
+b Fu(is)46 b(an)g(analysis)g(that)g(determines)h(whether)h(an)e
+(expression)0 3032 y(alw)m(a)m(ys)30 b(ev)-5 b(aluates)30
+b(to)f(a)h(constan)m(t)g(v)-5 b(alue)30 b(and)f(if)g(so)h(determines)g
+(that)f(v)-5 b(alue.)42 b(The)31 b(analysis)0 3152 y(is)44
+b(the)g(basis)g(for)g(an)g(optimization)d(called)i Fs(c)-5
+b(onstant)45 b(folding)51 b Fu(where)46 b(the)e(expression)i(is)0
+3273 y(replaced)30 b(b)m(y)i(the)e(constan)m(t.)44 b(As)31
+b(an)f(example)g(the)g(analysis)g(will)e(detect)j(that)f(the)h(v)-5
+b(alue)30 b(of)0 3393 y Fr(y)j Fu(in)f(the)h(statemen)m(t)244
+3624 y Fr(x)g Fu(:=)f Fr(5)p Fu(;)h Fr(y)g Fu(:=)f Fr(x)h
+Fo(?)f Fr(x)h Fu(+)g Fr(25)0 3854 y Fu(will)d(alw)m(a)m(ys)j(b)s(e)g
+Fw(50)p Fu(.)44 b(It)32 b(is)g(therefore)i(safe)f(to)f(replace)g(the)h
+(statemen)m(t)g(b)m(y)244 4085 y Fr(x)g Fu(:=)f Fr(5)p
+Fu(;)h Fr(y)g Fu(:=)f Fr(50)0 4316 y Fu(and)h(more)f(e\016cien)m(t)h
+(co)s(de)g(can)g(b)s(e)f(generated.)146 4441 y(Another)j(example)f(is)g
+(the)h Fs(dete)-5 b(ction)36 b(of)h(signs)f(analysis)41
+b Fu(where)36 b(the)f(idea)f(is)g(to)g(deter-)0 4562
+y(mine)e(the)i(sign)e(of)h(expressions.)47 b(So)33 b(it)f(will)f(for)i
+(example)f(determine)h(that)g(the)h(v)-5 b(alue)32 b(of)h
+Fr(y)0 4682 y Fu(in)244 4913 y Fr(y)g Fu(:=)f Fr(x)h
+Fo(?)f Fr(x)h Fu(+)f Fr(25)0 5143 y Fu(alw)m(a)m(ys)24
+b(will)e(b)s(e)h(p)s(ositiv)m(e)g(\(indep)s(enden)m(tly)i(of)e(the)h(v)
+-5 b(alue)23 b(assigned)h(to)f Fr(x)p Fu(\).)41 b(This)24
+b(information)0 5264 y(will)30 b(b)s(e)j(useful)g(for)f(an)g
+(optimization)d(kno)m(wn)34 b(as)f Fs(c)-5 b(o)g(de)34
+b(elimination)p Fu(:)42 b(in)32 b(a)g(statemen)m(t)h(as)244
+5494 y Fr(y)g Fu(:=)f Fr(x)h Fo(?)f Fr(x)h Fu(+)f Fr(25)p
+Fu(;)i Fr(while)f(y)g Ft(\024)g Fr(0)g(do)g Ft(\001)17
+b(\001)g(\001)1663 5849 y Fu(133)p eop
+%%Page: 134 144
+134 143 bop 251 130 a Fw(134)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fu(there)48
+b(is)f(no)g(need)h(to)f(generate)h(co)s(de)g(for)e(the)i
+Fr(while)p Fu(-lo)s(op)e(b)s(ecause)j(it)d(will)f(nev)m(er)k(b)s(e)283
+636 y(executed.)430 757 y(The)30 b(example)f(analysis)f(to)h(b)s(e)h
+(dev)m(elop)s(ed)g(in)e(this)h(c)m(hapter)h(is)f(a)g
+Fs(dep)-5 b(endency)31 b(analysis)p Fu(.)283 878 y(Here)38
+b(the)f(idea)g(is)f(to)g(regard)h(some)g(of)f(the)i(v)-5
+b(ariables)35 b(as)i Fs(input)47 b Fu(v)-5 b(ariables)35
+b(and)i(others)h(as)283 998 y Fs(output)k Fu(v)-5 b(ariables.)41
+b(The)32 b(analysis)e(will)f(then)j(determine)e(whether)i(or)f(not)g
+(the)g(\014nal)f(v)-5 b(alues)283 1118 y(of)24 b(the)g(output)g(v)-5
+b(ariables)23 b(only)g(dep)s(end)i(up)s(on)f(the)g(initial)c(v)-5
+b(alues)24 b(of)f(the)h(input)g(v)-5 b(ariables.)39 b(If)283
+1239 y(so)27 b(w)m(e)g(shall)e(sa)m(y)i(that)f(there)h(is)e(a)h
+Fs(functional)i(dep)-5 b(endency)34 b Fu(b)s(et)m(w)m(een)28
+b(the)f(input)e(and)i(output)283 1359 y(v)-5 b(ariables)32
+b(of)g(the)h(statemen)m(t.)44 b(As)33 b(an)f(example)h(consider)f(once)
+i(more)e(the)h(statemen)m(t)527 1568 y Fr(y)g Fu(:=)g
+Fr(x)f Fo(?)h Fr(x)f Fu(+)h Fr(25)283 1776 y Fu(and)26
+b(assume)g(that)g Fr(x)g Fu(is)f(an)h(input)f(v)-5 b(ariable)24
+b(and)i Fr(y)g Fu(an)f(output)h(v)-5 b(ariable.)40 b(Then)26
+b(the)h(analysis)283 1897 y(will)j(conclude)i(that)f(there)h(is)f
+(indeed)h(a)f(functional)f(dep)s(endency)k(b)s(et)m(w)m(een)g(the)e
+(input)f(and)283 2017 y(output)37 b(v)-5 b(ariables)36
+b(for)g(the)i(ab)s(o)m(v)m(e)f(statemen)m(t.)57 b(Ho)m(w)m(ev)m(er,)40
+b(if)c Fr(x)h Fu(is)f Fs(not)46 b Fu(an)37 b(input)g(v)-5
+b(ariable)283 2138 y(then)30 b(the)f(analysis)f(will)f(determine)i
+(that)f(the)i(v)-5 b(alue)28 b(of)g Fr(y)h Fu(is)g(dubious)g(as)g(it)f
+(do)s(es)h(not)g(solely)283 2258 y(dep)s(end)e(on)e(the)g(v)-5
+b(alues)25 b(of)f(the)i(input)e(v)-5 b(ariables.)40 b(In)25
+b(that)g(case)h(the)f(compiler)e(migh)m(t)h(c)m(ho)s(ose)283
+2378 y(to)33 b(issue)g(a)f(w)m(arning)g(as)h(this)f(probably)g(is)h
+(not)f(the)h(in)m(ten)m(tion)f(of)g(the)h(programmer.)430
+2500 y(A)f(more)g(in)m(teresting)g(example)h(program)e(is)h(the)h
+(factorial)d(statemen)m(t:)527 2708 y Fr(y)j Fu(:=)g
+Fr(1)p Fu(;)f Fr(while)i Ft(:)f Fu(\()p Fr(x)g Fu(=)f
+Fr(1)p Fu(\))h Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)h
+Fo(?)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)g Fr(x)f Ft(\000)h
+Fr(1)p Fu(\))283 2917 y(Again)h(assume)h(that)f Fr(x)h
+Fu(is)f(an)g(input)g(v)-5 b(ariable)33 b(and)h(that)h
+Fr(y)f Fu(is)g(an)h(output)f(v)-5 b(ariable.)48 b(Then)283
+3038 y(the)35 b(\014nal)d(v)-5 b(alue)34 b(of)f Fr(y)h
+Fu(only)f(dep)s(ends)i(up)s(on)f(the)g(initial)c(v)-5
+b(alue)33 b(of)g Fr(x)p Fu(.)47 b(Ho)m(w)m(ev)m(er,)37
+b(if)32 b(w)m(e)j(drop)283 3158 y(the)k(initialization)32
+b(of)37 b Fr(y)h Fu(\(and)g(assume)g(that)g Fr(y)g Fu(is)f(not)h(an)f
+(input)h(v)-5 b(ariable\))36 b(and)i(consider)283 3278
+y(the)33 b(statemen)m(t)527 3487 y Fr(while)h Ft(:)f
+Fu(\()p Fr(x)g Fu(=)f Fr(1)p Fu(\))h Fr(do)g Fu(\()p
+Fr(y)g Fu(:=)f Fr(y)h Fo(?)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
+Fr(x)h Ft(\000)g Fr(1)p Fu(\))283 3696 y(then)42 b(the)f(\014nal)f(v)-5
+b(alue)40 b(of)g Fr(y)g Fu(do)s(es)h(not)g(only)f(dep)s(end)i(on)e(the)
+h(initial)c(v)-5 b(alue)40 b(of)g(the)h(input)283 3816
+y(v)-5 b(ariable)23 b Fr(x)p Fu(,)j(but)e(also)f(on)h(the)g(initial)c
+(v)-5 b(alue)23 b(of)h Fr(y)p Fu(,)i(so)e(it)f(is)g Fs(not)34
+b Fu(the)24 b(case)h(that)e(the)i(\014nal)e(v)-5 b(alues)283
+3936 y(of)33 b(the)g(output)f(v)-5 b(ariables)32 b(only)g(dep)s(end)h
+(on)g(the)g(initial)c(v)-5 b(alues)32 b(of)g(the)h(input)f(v)-5
+b(ariables.)430 4058 y(The)38 b(kind)f(of)g(analyses)g(exempli\014ed)g
+(ab)s(o)m(v)m(e)h(can)g(b)s(e)f(sp)s(eci\014ed)h(b)m(y)g(de\014ning)f
+(so-called)283 4178 y Fs(non-standar)-5 b(d)42 b(semantics)47
+b Fu(of)41 b(the)g(programming)d(language.)67 b(These)42
+b(seman)m(tics)f(will)e(b)s(e)283 4299 y(patterned)k(after)e(the)h
+(denotational)e(seman)m(tics)i(of)f(Chapter)h(4)g(but)g(they)g
+(di\013er)f(in)g(that)283 4419 y(they)30 b(do)f Fs(not)39
+b Fu(op)s(erate)29 b(on)f(the)i(exact)g(v)-5 b(alues)29
+b(of)f(v)-5 b(ariables)28 b(and)h(expressions)i(but)e(rather)g(on)283
+4539 y Fs(pr)-5 b(op)g(erties)42 b Fu(of)33 b(the)h(exact)h(v)-5
+b(alues.)47 b(F)-8 b(or)33 b(the)h(constan)m(t)h(propagation)d
+(analysis)h(w)m(e)i(ma)m(y)f(use)283 4660 y(prop)s(erties)f(lik)m(e)527
+4868 y Fb(any)p Fu(,)g Fb(const)p Fu(-)p Fb(0)p Fu(,)f
+Fb(const)p Fu(-)p Fb(1)p Fu(,)g Fb(const)p Fu(-)p Fb(2)p
+Fu(,)g Ft(\001)17 b(\001)g(\001)283 5077 y Fu(F)-8 b(or)32
+b(the)h(detection)g(of)f(signs)h(analysis)e(w)m(e)j(ma)m(y)e(use)i
+(prop)s(erties)e(lik)m(e)527 5286 y Fb(any)p Fu(,)h Fb(pos)p
+Fu(,)f Fb(neg)p Fu(,)h(and)f Fb(zer)n(o)283 5494 y Fu(and)h(for)f(the)h
+(dep)s(endency)i(analysis)d(w)m(e)i(ma)m(y)e(use)i(prop)s(erties)p
+eop
+%%Page: 135 145
+135 144 bop 0 130 a Fw(5.1)112 b(Prop)s(erties)36 b(and)j(prop)s(ert)m
+(y)e(states)1540 b(135)p 0 193 3473 4 v 244 515 a Fb(d)p
+Fu(?)33 b(\(meaning)e(dubious\))h(and)h Fb(ok)g Fu(\(meaning)e(prop)s
+(er\))146 701 y(Usually)-8 b(,)38 b(the)g(analyses)g(will)d(b)s(e)j
+(part)f(of)g(a)g(compiler)e(and)j(it)e(is)h(therefore)h(imp)s(ortan)m
+(t)0 821 y(that)29 b(they)g(alw)m(a)m(ys)h(terminate)d(ev)m(en)k(for)d
+(programs)g(that)g(lo)s(op)f(when)j(executed.)45 b(The)30
+b(price)0 942 y(w)m(e)c(pa)m(y)f(for)f(alw)m(a)m(ys)h(getting)f(answ)m
+(ers)j(is)d(that)g(w)m(e)i(o)s(ccasionally)c(get)j(imprecise)f(answ)m
+(ers.)42 b(So)0 1062 y(in)28 b(the)i(case)g(of)f(constan)m(t)h
+(propagation)d(the)j(prop)s(ert)m(y)g Fb(any)f Fu(means)g(that)g(the)h
+(analysis)e(w)m(as)0 1182 y(not)e(able)f(to)h(detect)h(that)f(the)h(v)
+-5 b(alue)25 b(alw)m(a)m(ys)i(w)m(ould)f(b)s(e)g(constan)m(t.)43
+b(Similarly)-8 b(,)23 b(the)k(prop)s(ert)m(y)0 1303 y
+Fb(any)40 b Fu(for)f(the)h(detection)g(of)g(signs)f(analysis)h(means)f
+(that)h(the)g(analysis)f(w)m(as)i(not)f(able)f(to)0 1423
+y(detect)f(a)e(unique)h(sign)f(for)f(the)i(v)-5 b(alue.)55
+b(F)-8 b(or)35 b(the)i(dep)s(endency)i(analysis)d(the)h(prop)s(ert)m(y)
+g Fb(d)p Fu(?)0 1544 y(means)k(that)h(the)f(analysis)g(w)m(as)h(not)g
+(able)e(to)h(detect)i(that)e(the)h(v)-5 b(alue)41 b(only)f(dep)s(ends)j
+(on)0 1664 y(the)f(input)g(v)-5 b(ariables.)69 b(Note)42
+b(that)g(an)f(analysis)h(that)f(alw)m(a)m(ys)h(returns)h(these)g
+(\\fail-safe")0 1784 y(prop)s(erties)35 b(will)e(b)s(e)j(a)f(safe)h
+(analysis)e(although)h(not)g(a)g(v)m(ery)i(informativ)m(e)c(one.)52
+b(Also)35 b(note)0 1905 y(that)29 b(in)f(the)i(case)g(of)f(the)h(dep)s
+(endency)h(analysis)e(w)m(e)h(could)f(alw)m(a)m(ys)h(exp)s(ect)g(the)g
+(answ)m(er)h Fb(ok)0 2025 y Fu(if)h(all)g(v)-5 b(ariables)32
+b(w)m(ere)j(regarded)f(as)g(input)f(v)-5 b(ariables)32
+b(but)i(again)e(this)h(is)g(not)h(what)g(w)m(e)g(are)0
+2145 y(in)m(terested)g(in.)146 2266 y(The)e(analysis)d(w)m(e)j(shall)d
+(dev)m(elop)i(will)d(detect)j(whether)h(or)e(not)g(a)g(statemen)m(t)h
+Fs(de\014nitely)0 2386 y Fu(has)k(a)f(functional)f(dep)s(endency)k(b)s
+(et)m(w)m(een)f(its)e(input)g(and)h(output)f(v)-5 b(ariables.)48
+b(The)35 b(o)m(v)m(erall)0 2507 y(algorithm)h(op)s(erates)k(as)g(follo)
+m(ws:)56 b(initially)36 b(all)h(input)i(v)-5 b(ariables)39
+b(ha)m(v)m(e)h(the)g(prop)s(ert)m(y)h Fb(ok)0 2627 y
+Fu(and)31 b(all)e(other)h(v)-5 b(ariables)30 b(the)h(prop)s(ert)m(y)h
+Fb(d)p Fu(?.)43 b(Then)32 b(the)f(analysis)f(is)g(p)s(erformed)g(and)h
+(when)0 2747 y(it)g(has)h(terminated)g(the)g(prop)s(erties)g(of)g(the)g
+(output)g(v)-5 b(ariables)31 b(are)h(insp)s(ected.)44
+b(If)32 b(they)h(are)0 2868 y(all)26 b Fb(ok)i Fu(then)h(the)f
+(analysis)g(returns)g(the)h(answ)m(er)g(YES)g(and)f(otherwise)g(NO?.)42
+b(The)29 b(analysis)0 2988 y(is)36 b(guaran)m(teed)h(to)g(giv)m(e)f(an)
+h(answ)m(er)g(within)f(a)g(\014nite)g(amoun)m(t)g(of)h(time)e(\(dep)s
+(ending)h(up)s(on)0 3108 y(the)41 b(statemen)m(t\))g(but)g(the)g(answ)m
+(er)h(will)d(not)h(b)s(e)h(precise)g(in)f(all)f(cases.)69
+b(Ho)m(w)m(ev)m(er,)45 b(it)40 b(will)0 3229 y(alw)m(a)m(ys)33
+b(b)s(e)g Fs(safe)39 b Fu(in)32 b(the)h(sense)h(that)145
+3414 y Ft(\017)49 b Fu(if)21 b(the)i(analysis)f(sa)m(ys)i(YES)f(then)g
+(there)g(is)f(indeed)g(a)h(functional)d(dep)s(endency)25
+b(b)s(et)m(w)m(een)244 3535 y(input)32 b(and)h(output,)g(but)145
+3732 y Ft(\017)49 b Fu(if)33 b(the)i(analysis)f(sa)m(ys)i(NO?)e(then)h
+(there)g(ma)m(y)g(or)f(ma)m(y)g(not)g(b)s(e)h(a)f(functional)f(dep)s
+(en-)244 3853 y(dency)h(b)s(et)m(w)m(een)h(input)d(and)g(output.)0
+4038 y(The)c(analysis)e(will)e(b)s(e)j(sp)s(eci\014ed)g
+Fs(c)-5 b(omp)g(ositional)5 b(ly)34 b Fu(just)27 b(as)g(the)g
+(denotational)e(seman)m(tics)i(of)0 4158 y(Chapter)33
+b(4.)43 b(As)33 b(men)m(tioned)e(ab)s(o)m(v)m(e)i(the)g(main)d
+(di\013erence)j(b)s(et)m(w)m(een)h(the)e(analysis)g(and)g(the)0
+4279 y(denotational)j(seman)m(tics)i(is)f(that)g(the)h(analysis)f(do)s
+(es)h(not)g(op)s(erate)f(on)h(exact)h(v)-5 b(alues)36
+b(but)0 4399 y(rather)31 b(on)g Fs(pr)-5 b(op)g(erties)38
+b Fu(of)31 b(exact)g(v)-5 b(alues.)43 b(Because)33 b(of)d(the)h(close)g
+(corresp)s(ondence)i(b)s(et)m(w)m(een)0 4520 y(the)d(sp)s
+(eci\014cation)g(of)f(the)i(analysis)e(and)h(the)g(denotational)e
+(seman)m(tics)i(w)m(e)h(shall)e(pro)m(v)m(e)i(the)0 4640
+y(safet)m(y)j(of)e(the)h(analysis)f(with)g(resp)s(ect)i(to)e(the)h
+(denotational)e(seman)m(tics.)0 4970 y Fj(5.1)161 b(Prop)t(erties)53
+b(and)g(prop)t(ert)l(y)g(states)0 5189 y Fu(F)-8 b(or)32
+b(the)h(dep)s(endency)i(analysis)d(w)m(e)h(shall)f(b)s(e)g(in)m
+(terested)i(in)e(t)m(w)m(o)h(prop)s(erties:)145 5374
+y Ft(\017)49 b Fb(ok)39 b Fu(meaning)f(that)h(the)g(v)-5
+b(alue)39 b Fs(de\014nitely)47 b Fu(only)39 b(dep)s(ends)h(on)f(the)h
+(initial)35 b(v)-5 b(alues)39 b(of)244 5494 y(the)33
+b(input)f(v)-5 b(ariables,)31 b(and)p eop
+%%Page: 136 146
+136 145 bop 251 130 a Fw(136)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 429 515 a Ft(\017)48
+b Fb(d)p Fu(?)42 b(meaning)e(that)h(the)h(v)-5 b(alue)41
+b Fs(may)49 b Fu(dep)s(end)43 b(on)e(the)h(initial)37
+b(v)-5 b(alues)42 b(of)f(non-input)527 636 y(v)-5 b(ariables,)32
+b(that)g(is)g(the)h(v)-5 b(alue)32 b(ma)m(y)h(b)s(e)f(dubious.)283
+822 y(W)-8 b(e)33 b(shall)f(write)527 1008 y Fw(P)g Fu(=)h
+Ft(f)p Fb(ok)p Fu(,)g Fb(d)p Fu(?)p Ft(g)283 1194 y Fu(for)41
+b(this)g(set)i(of)e(prop)s(erties)g(and)h(w)m(e)g(use)g
+Fs(p)48 b Fu(as)41 b(a)h(meta-v)-5 b(ariable)38 b(ranging)i(o)m(v)m(er)
+j Fw(P)p Fu(.)e(It)g(is)283 1314 y(more)34 b(informativ)m(e)e(to)h(kno)
+m(w)i(that)f(an)g(expression)h(has)f(the)h(prop)s(ert)m(y)f
+Fb(ok)h Fu(than)f Fb(d)p Fu(?.)48 b(As)34 b(a)283 1435
+y(record)g(of)e(this)g(w)m(e)h(de\014ne)h(a)f(partial)d(order)j
+Ft(v)2036 1450 y Fn(P)2121 1435 y Fu(on)f Fw(P)p Fu(:)527
+1621 y Fb(ok)h Ft(v)764 1636 y Fn(P)849 1621 y Fb(d)p
+Fu(?,)98 b Fb(ok)33 b Ft(v)1318 1636 y Fn(P)1403 1621
+y Fb(ok)p Fu(,)98 b Fb(d)p Fu(?)33 b Ft(v)1872 1636 y
+Fn(P)1957 1621 y Fb(d)p Fu(?)283 1807 y(and)g(depicted)g(as)942
+2232 y Ft(\017)65 b Fb(ok)942 1942 y Ft(\017)g Fb(d)p
+Fu(?)p 966 2174 4 225 v 283 2501 a(Th)m(us)35 b(the)e(more)e
+(informativ)m(e)g(prop)s(ert)m(y)i(is)f(at)h(the)g(b)s(ottom)e(of)h
+(the)h(ordering!)43 b(W)-8 b(e)33 b(ha)m(v)m(e)p 283
+2622 3473 5 v 283 2779 a Fw(F)-9 b(act)38 b(5.1)49 b
+Fu(\()p Fw(P)p Fu(,)32 b Ft(v)973 2794 y Fn(P)1026 2779
+y Fu(\))g(is)g(a)g(complete)g(lattice.)42 b(If)33 b Fs(Y)52
+b Fu(is)32 b(a)g(subset)j(of)d Fw(P)g Fu(then)552 2880
+y Fg(F)621 2961 y Fn(P)674 2946 y Fs(Y)52 b Fu(=)32 b
+Fb(d)p Fu(?)h(if)e(and)i(only)f(if)f Fb(d)p Fu(?)i Ft(2)g
+Fs(Y)p 283 3067 V 283 3253 a Fw(Pro)s(of:)g Fu(The)c(pro)s(of)f(is)g
+(straigh)m(tforw)m(ard)g(using)g(the)h(de\014nition)f(of)f(complete)h
+(lattices)g(giv)m(en)283 3373 y(in)k(Chapter)i(4.)2828
+b Fh(2)430 3577 y Fu(It)35 b(is)f(con)m(v)m(enien)m(t)i(to)f(write)f
+Fs(p)1551 3592 y Fn(1)1623 3577 y Ft(t)1690 3592 y Fn(P)1774
+3577 y Fs(p)1830 3592 y Fn(2)1904 3577 y Fu(instead)h(of)2356
+3510 y Fg(F)2426 3592 y Fn(P)2478 3577 y Ft(f)p Fs(p)2584
+3592 y Fn(1)2623 3577 y Fu(,)g Fs(p)2741 3592 y Fn(2)2781
+3577 y Ft(g)p Fu(.)49 b(It)35 b(follo)m(ws)f(from)f(F)-8
+b(act)283 3697 y(5.1)33 b(that)f(the)h(binary)f(op)s(eration)f
+Ft(t)1629 3712 y Fn(P)1714 3697 y Fu(ma)m(y)h(b)s(e)h(giv)m(en)f(b)m(y)
+i(the)f(table)585 3875 y Ft(t)652 3890 y Fn(P)p 752 3911
+4 121 v 803 3875 a Fb(ok)101 b(d)p Fu(?)p 527 3914 661
+4 v 577 3998 a Fb(ok)p 752 4035 4 121 v 100 w(ok)g(d)p
+Fu(?)596 4119 y Fb(d)p Fu(?)p 752 4155 V 109 w Fb(d)p
+Fu(?)109 b Fb(d)p Fu(?)430 4298 y(When)23 b(reasoning)f(ab)s(out)g(the)
+h(safet)m(y)g(of)f(the)h(analysis)e(w)m(e)j(need)f(to)f(b)s(e)h(a)f
+(bit)f(more)h(precise)283 4418 y(ab)s(out)29 b(the)g(meaning)f(of)h
+(the)g(prop)s(erties)g(with)g(resp)s(ect)h(to)e(the)i(v)-5
+b(alues)29 b(of)f(the)i(denotational)283 4539 y(seman)m(tics.)43
+b(While)28 b(it)g(ma)m(y)h(b)s(e)g(in)m(tuitiv)m(ely)f(clear)h(whether)
+h(or)f(not)g(the)h(v)-5 b(alue)28 b(of)h(a)g(v)-5 b(ariable)283
+4659 y(only)42 b(dep)s(ends)h(on)f(the)g(input)f(v)-5
+b(ariables,)43 b(it)e(turns)h(out)g(to)f(b)s(e)h(imp)s(ossible)e(to)h
+(insp)s(ect)h(a)283 4780 y(sp)s(eci\014c)36 b(v)-5 b(alue,)35
+b(for)f(example)g Fw(27)p Fu(,)h(and)g(decide)g(whether)h(or)f(not)f
+(this)g(is)h(indeed)g(the)g(case.)283 4900 y(The)k(reason)g(is)e(that)h
+(w)m(e)g(lose)g(the)g(con)m(text)h(in)e(whic)m(h)i(the)f(v)-5
+b(alue)37 b(arises.)60 b(W)-8 b(e)38 b(shall)e(solv)m(e)283
+5020 y(this)42 b(di\016cult)m(y)f(in)g(Section)h(5.3)f(and)h(to)f
+(prepare)h(for)f(the)h(solution)f(w)m(e)h(shall)f(de\014ne)h(the)283
+5141 y(follo)m(wing)30 b(parameterized)i(relations:)527
+5327 y(rel)p 527 5340 109 4 v 15 x Fn(Aexp)801 5327 y
+Fu(:)43 b Fw(P)32 b Ft(!)g Fu(\()p Fw(Z)h Ft(\002)g Fw(Z)g
+Ft(!)f Fw(T)p Fu(\))527 5494 y(rel)p 527 5507 V 15 x
+Fn(Bexp)798 5494 y Fu(:)43 b Fw(P)32 b Ft(!)g Fu(\()p
+Fw(T)h Ft(\002)g Fw(T)f Ft(!)g Fw(T)p Fu(\))p eop
+%%Page: 137 147
+137 146 bop 0 130 a Fw(5.1)112 b(Prop)s(erties)36 b(and)j(prop)s(ert)m
+(y)e(states)1540 b(137)p 0 193 3473 4 v 0 515 a Fu(F)-8
+b(or)32 b(arithmetic)e(expressions)35 b(the)e(relation)d(is)i
+(de\014ned)i(b)m(y:)244 801 y(rel)p 244 814 109 4 v 352
+816 a Fn(Aexp)517 801 y Fu(\()p Fs(p)6 b Fu(\)\()p Fs(v)743
+816 y Fn(1)782 801 y Fu(,)32 b Fs(v)897 816 y Fn(2)936
+801 y Fu(\))h(=)1115 627 y Fg(8)1115 701 y(<)1115 851
+y(:)1231 716 y Fw(tt)82 b Fs(p)38 b Fu(=)33 b Fb(d)p
+Fu(?)f(or)h Fs(v)1914 731 y Fn(1)1985 716 y Fu(=)f Fs(v)2149
+731 y Fn(2)1231 884 y Fw(\013)105 b Fu(otherwise)0 1087
+y(and)33 b(similarly)c(for)j(b)s(o)s(olean)f(expression:)244
+1372 y(rel)p 244 1385 V 352 1387 a Fn(Bexp)514 1372 y
+Fu(\()p Fs(p)6 b Fu(\)\()p Fs(v)740 1387 y Fn(1)779 1372
+y Fu(,)33 b Fs(v)895 1387 y Fn(2)934 1372 y Fu(\))f(=)1112
+1198 y Fg(8)1112 1273 y(<)1112 1422 y(:)1228 1288 y Fw(tt)82
+b Fs(p)38 b Fu(=)33 b Fb(d)p Fu(?)f(or)h Fs(v)1911 1303
+y Fn(1)1982 1288 y Fu(=)g Fs(v)2147 1303 y Fn(2)1228
+1455 y Fw(\013)105 b Fu(otherwise)0 1658 y(W)-8 b(e)46
+b(shall)f(often)h(omit)e(the)i(subscript)h(when)g(no)f(confusion)f(is)h
+(lik)m(ely)e(to)i(result.)83 b(Eac)m(h)0 1778 y(of)43
+b(the)g(relations)f(tak)m(e)i(a)f(prop)s(ert)m(y)h(and)f(t)m(w)m(o)h(v)
+-5 b(alues)43 b(as)g(parameters.)76 b(In)m(tuitiv)m(ely)-8
+b(,)45 b(the)0 1899 y(prop)s(ert)m(y)37 b(expresses)i(ho)m(w)e(m)m(uc)m
+(h)g(the)g(t)m(w)m(o)g(v)-5 b(alues)36 b(are)g(allo)m(w)m(ed)g(to)f
+(di\013er.)54 b(Th)m(us)38 b Fb(d)p Fu(?)f(puts)0 2019
+y(no)32 b(requiremen)m(ts)i(on)e(the)h(v)-5 b(alues)33
+b(whereas)h Fb(ok)f Fu(requires)g(that)f(the)h(t)m(w)m(o)g(v)-5
+b(alues)33 b(are)f(equal.)0 2139 y(As)h(an)g(aid)e(to)h(readabilit)m(y)
+f(w)m(e)j(shall)d(often)i(write)244 2343 y Fs(v)300 2358
+y Fn(1)371 2343 y Ft(\021)g Fs(v)537 2358 y Fn(2)609
+2343 y Fu(rel)p 609 2356 V 32 w Fs(p)0 2547 y Fu(instead)i(of)g(rel)p
+453 2560 V(\()p Fs(p)6 b Fu(\)\()p Fs(v)788 2562 y Fn(1)827
+2547 y Fu(,)36 b Fs(v)946 2562 y Fn(2)985 2547 y Fu(\))f(and)h(w)m(e)g
+(shall)e(sa)m(y)j(that)e Fs(v)2070 2562 y Fn(1)2144 2547
+y Fs(and)46 b(v)2401 2562 y Fn(2)2475 2547 y Fs(ar)-5
+b(e)37 b(e)-5 b(qual)38 b(as)f(far)g(as)43 b(p)f(is)0
+2668 y(c)-5 b(onc)g(erne)g(d)42 b Fu(\(or)32 b(relativ)m(e)g(to)g
+Fs(p)6 b Fu(\).)0 2928 y Fw(Prop)s(ert)m(y)37 b(states)0
+3113 y Fu(In)49 b(the)g(op)s(erational)d(and)i(denotational)f(seman)m
+(tics)h(a)h(state)f(maps)h(v)-5 b(ariables)47 b(to)h(their)0
+3234 y(v)-5 b(alues.)43 b(In)30 b(the)h(analysis)e(the)i(coun)m
+(terpart)g(of)f(this)g(will)e(b)s(e)i(a)g Fs(pr)-5 b(op)g(erty)33
+b(state)38 b Fu(whic)m(h)31 b(maps)0 3354 y(v)-5 b(ariables)28
+b(to)h(prop)s(erties,)h(that)f(is)f(essen)m(tially)h(a)g(function)g(in)
+f Fw(V)-9 b(ar)29 b Ft(!)f Fw(P)p Fu(.)h(The)h(idea)f(is)g(that)0
+3475 y(the)35 b(initial)c(prop)s(ert)m(y)36 b(state)f(will)e(only)h
+(map)g(the)h(input)f(v)-5 b(ariables)34 b(to)g Fb(ok)i
+Fu(and)f(that)f(if)g(the)0 3595 y(\014nal)40 b(prop)s(ert)m(y)h(state)g
+(is)f(acceptable)h(and)f(maps)g(all)f(output)h(v)-5 b(ariables)40
+b(to)g Fb(ok)h Fu(then)g(the)0 3715 y(output)33 b(of)f(the)h(statemen)m
+(t)g(will)d(de\014nitely)j(b)s(e)f(functionally)f(dep)s(enden)m(t)j(on)
+f(the)g(input.)146 3836 y(T)-8 b(o)42 b(mak)m(e)g(this)f(idea)g(w)m
+(ork)i(w)m(e)g(ha)m(v)m(e)g(to)e(extend)i(the)f(prop)s(ert)m(y)h(state)
+f(to)f(mo)s(del)f(one)0 3956 y(additional)34 b(phenomenon,)j(namely)f
+(the)h(\\\015o)m(w)g(of)f(con)m(trol".)54 b(W)-8 b(e)37
+b(shall)e(illustrate)f(this)i(in)0 4077 y(Example)i(5.3)g(b)s(elo)m(w)g
+(but)g(let)g(us)h(\014rst)g(in)m(tro)s(duce)f(some)g(notation)f(that)h
+(will)e(handle)i(the)0 4197 y(problem.)k(The)32 b(set)g
+Fw(PState)f Fu(of)g(prop)s(ert)m(y)g(states)i(ranged)e(o)m(v)m(er)h(b)m
+(y)g(the)g(meta-v)-5 b(ariable)28 b Fs(ps)8 b Fu(,)0
+4317 y(is)32 b(de\014ned)i(b)m(y)244 4521 y Fw(PState)e
+Fu(=)g(\()p Fw(V)-9 b(ar)32 b Ft([)h(f)p Fu(on-trac)m(k)p
+Ft(g)p Fu(\))g Ft(!)f Fw(P)0 4725 y Fu(where)27 b(`on-trac)m(k')f(is)f
+(a)g(sp)s(ecial)g(tok)m(en)i(used)g(to)e(mo)s(del)f(the)i(\\\015o)m(w)g
+(of)f(con)m(trol".)40 b(If)26 b(`on-trac)m(k')0 4846
+y(is)42 b(mapp)s(ed)h(to)f Fb(ok)i Fu(this)e(means)h(that)g(the)g
+(\\\015o)m(w)g(of)f(con)m(trol")g(only)h(dep)s(ends)h(up)s(on)f(the)0
+4966 y(v)-5 b(alues)33 b(of)g(the)h(input)f(v)-5 b(ariables;)33
+b(if)f(it)g(is)h(mapp)s(ed)g(to)g Fb(d)p Fu(?)h(this)f(need)i(not)e(b)s
+(e)g(the)h(case.)47 b(F)-8 b(or)0 5086 y(a)32 b(prop)s(ert)m(y)i(state)
+f Fs(ps)40 b Ft(2)33 b Fw(PState)f Fu(w)m(e)i(de\014ne)g(the)f(set)244
+5290 y(OK\()p Fs(ps)8 b Fu(\))32 b(=)g Ft(f)h Fs(x)44
+b Ft(2)33 b Fw(V)-9 b(ar)32 b Ft([)h(f)p Fu(on-trac)m(k)p
+Ft(g)f(j)g Fs(ps)41 b(x)j Fu(=)33 b Fb(ok)g Ft(g)0 5494
+y Fu(of)f(\\v)-5 b(ariables")31 b(mapp)s(ed)h(to)g Fb(ok)i
+Fu(and)e(w)m(e)i(sa)m(y)f(that)p eop
+%%Page: 138 148
+138 147 bop 251 130 a Fw(138)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 527 515 a Fs(ps)41
+b Fu(is)32 b Fs(pr)-5 b(op)g(er)43 b Fu(if)31 b(and)i(only)f(if)f
+Fs(ps)8 b Fu(\(on-trac)m(k\))33 b(=)f Fb(ok)p Fu(.)283
+711 y(If)h Fs(ps)40 b Fu(is)32 b(not)h(prop)s(er)g(w)m(e)g(shall)e
+(sometimes)h(sa)m(y)h(that)g(it)e(is)h(improp)s(er.)430
+832 y(The)d(relationship)d(b)s(et)m(w)m(een)31 b(prop)s(ert)m(y)d
+(states)i(and)e(states)h(is)f(giv)m(en)g(b)m(y)h(the)g(parameter-)283
+952 y(ized)k(relation:)527 1148 y(rel)p 527 1161 109
+4 v 15 x Fn(Stm)765 1148 y Fu(:)44 b Fw(PState)32 b Ft(!)g
+Fu(\()p Fw(State)h Ft(\002)g Fw(State)f Ft(!)g Fw(T)p
+Fu(\))283 1344 y(de\014ned)i(b)m(y)527 1700 y(rel)p 527
+1713 V 15 x Fn(Stm)765 1700 y Fu(\()p Fs(ps)8 b Fu(\)\()p
+Fs(s)1025 1715 y Fn(1)1065 1700 y Fu(,)32 b Fs(s)1172
+1715 y Fn(2)1212 1700 y Fu(\))g(=)1391 1451 y Fg(8)1391
+1525 y(>)1391 1550 y(>)1391 1575 y(>)1391 1600 y(<)1391
+1749 y(>)1391 1774 y(>)1391 1799 y(>)1391 1824 y(:)1506
+1531 y Fw(tt)82 b Fu(if)31 b Fs(ps)41 b Fu(on-trac)m(k)33
+b(=)f Fb(d)p Fu(?)1676 1699 y(or)g Ft(8)h Fs(x)44 b Ft(2)33
+b Fw(V)-9 b(ar)32 b Ft(\\)h Fu(OK\()p Fs(ps)8 b Fu(\):)43
+b Fs(s)2822 1714 y Fn(1)2894 1699 y Fs(x)i Fu(=)32 b
+Fs(s)3140 1714 y Fn(2)3212 1699 y Fs(x)1506 1866 y Fw(\013)105
+b Fu(otherwise)283 2056 y(and)39 b(again)d(w)m(e)j(ma)m(y)f(omit)f(the)
+h(subscript)h(when)g(no)f(confusion)g(is)g(lik)m(ely)f(to)h(o)s(ccur.)
+60 b(The)283 2176 y(relation)34 b(expresses)39 b(the)e(exten)m(t)g(to)e
+(whic)m(h)i(t)m(w)m(o)f(states)h(are)f(allo)m(w)m(ed)f(to)g(di\013er)h
+(as)g(far)f(as)h(a)283 2296 y(giv)m(en)30 b(prop)s(ert)m(y)g(state)g
+(is)e(concerned.)45 b(If)29 b Fs(ps)37 b Fu(is)29 b(not)g(prop)s(er)g
+(then)h(rel)p 2766 2309 V -1 w(\()p Fs(ps)8 b Fu(\))29
+b(will)e(hold)i(on)g(an)m(y)283 2417 y(t)m(w)m(o)h(states.)44
+b(Ho)m(w)m(ev)m(er,)32 b(if)c Fs(ps)37 b Fu(is)29 b(prop)s(er)g(then)h
+(rel)p 2031 2430 V -1 w(\()p Fs(ps)8 b Fu(\))29 b(will)e(hold)i(on)g(t)
+m(w)m(o)h(states)g(if)e(they)i(are)283 2537 y(equal)37
+b(on)f(the)g(v)-5 b(ariables)35 b(in)h(OK\()p Fs(ps)8
+b Fu(\).)54 b(Phrased)37 b(di\013eren)m(tly)-8 b(,)37
+b(w)m(e)h(ma)m(y)e(view)g Fs(ps)44 b Fu(as)37 b(a)f(pair)283
+2657 y(of)i(glasses)g(that)f(only)h(allo)m(ws)e(us)i(to)g(see)h(part)e
+(of)g(the)i(states)f(and)g(rel)p 2853 2670 V -1 w(\()p
+Fs(ps)8 b Fu(\)\()p Fs(s)3221 2672 y Fn(1)3261 2657 y
+Fu(,)39 b Fs(s)3375 2672 y Fn(2)3414 2657 y Fu(\))f(means)283
+2778 y(that)32 b Fs(s)542 2793 y Fn(1)614 2778 y Fu(and)g
+Fs(s)851 2793 y Fn(2)922 2778 y Fu(lo)s(ok)f(the)i(same)f(when)h(view)m
+(ed)g(through)f(that)g(pair)f(of)g(glasses.)44 b(Again)31
+b(w)m(e)283 2898 y(shall)h(write)527 3094 y Fs(s)575
+3109 y Fn(1)647 3094 y Ft(\021)h Fs(s)805 3109 y Fn(2)877
+3094 y Fu(rel)p 877 3107 V 32 w Fs(ps)283 3290 y Fu(for)f(rel)p
+432 3303 V(\()p Fs(ps)8 b Fu(\)\()p Fs(s)801 3305 y Fn(1)840
+3290 y Fu(,)33 b Fs(s)948 3305 y Fn(2)987 3290 y Fu(\).)283
+3508 y Fw(Example)k(5.2)49 b Fu(Let)33 b Fs(s)1161 3523
+y Fn(1)1200 3508 y Fu(,)g Fs(s)1308 3523 y Fn(2)1380
+3508 y Fu(and)g Fs(ps)40 b Fu(b)s(e)33 b(giv)m(en)f(b)m(y)527
+3704 y Fs(s)575 3719 y Fn(1)647 3704 y Fr(x)h Fu(=)g
+Fw(1)f Fu(and)h Fs(s)1166 3719 y Fn(1)1238 3704 y Fs(y)41
+b Fu(=)33 b Fw(0)f Fu(for)g Fs(y)42 b Ft(2)33 b Fw(V)-9
+b(ar)p Ft(n)o(f)p Fr(x)p Ft(g)527 3872 y Fs(s)575 3887
+y Fn(2)647 3872 y Fr(x)33 b Fu(=)g Fw(2)f Fu(and)h Fs(s)1166
+3887 y Fn(2)1238 3872 y Fs(y)41 b Fu(=)33 b Fw(0)f Fu(for)g
+Fs(y)42 b Ft(2)33 b Fw(V)-9 b(ar)p Ft(n)o(f)p Fr(x)p
+Ft(g)527 4039 y Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(d)p Fu(?)h(and)f
+Fs(ps)41 b(y)g Fu(=)33 b Fb(ok)g Fu(for)f Fs(y)42 b Ft(2)32
+b Fu(\()p Fw(V)-9 b(ar)32 b Ft([)h(f)p Fu(on-trac)m(k)p
+Ft(g)p Fu(\))p Ft(nf)p Fr(x)p Ft(g)283 4235 y Fu(Then)h
+Fs(s)586 4250 y Fn(1)658 4235 y Ft(\021)f Fs(s)816 4250
+y Fn(2)888 4235 y Fu(rel)p 888 4248 V 32 w Fs(ps)8 b
+Fu(.)2527 b Fh(2)283 4454 y Fw(Example)37 b(5.3)49 b
+Fu(T)-8 b(o)26 b(motiv)-5 b(ate)24 b(the)j(need)g(for)f(improp)s(er)e
+(prop)s(ert)m(y)j(states,)i(that)d(is)f(the)i(need)283
+4574 y(for)32 b(`on-trac)m(k',)i(consider)e(the)h(follo)m(wing)d
+(statemen)m(ts:)527 4770 y Fs(S)594 4785 y Fn(1)634 4770
+y Fu(:)97 b Fr(x)33 b Fu(:=)g Fr(1)527 4937 y Fs(S)594
+4952 y Fn(2)634 4937 y Fu(:)97 b Fr(x)33 b Fu(:=)g Fr(2)283
+5133 y Fu(It)g(w)m(ould)f(b)s(e)g(natural)f(to)h(exp)s(ect)h(that)f
+(the)h(analysis)e(of)h Fs(S)2496 5148 y Fn(1)2567 5133
+y Fu(will)e(map)i(an)m(y)h(prop)s(ert)m(y)f(state)283
+5254 y Fs(ps)46 b Fu(to)36 b(the)i(prop)s(ert)m(y)g(state)g
+Fs(ps)8 b Fu([)p Fr(x)p Ft(7!)o Fb(ok)p Fu(])38 b(since)g(a)f(constan)m
+(t)h(v)-5 b(alue)37 b(cannot)g(dep)s(end)h(on)f(the)283
+5374 y(v)-5 b(alue)31 b(of)f(an)m(y)i(\(non-input\))e(v)-5
+b(ariable.)41 b(A)31 b(similar)d(argumen)m(t)j(holds)f(for)h
+Fs(S)3079 5389 y Fn(2)3118 5374 y Fu(.)43 b(No)m(w)32
+b(consider)283 5494 y(the)h(statemen)m(ts)p eop
+%%Page: 139 149
+139 148 bop 0 130 a Fw(5.1)112 b(Prop)s(erties)36 b(and)j(prop)s(ert)m
+(y)e(states)1540 b(139)p 0 193 3473 4 v 244 515 a Fs(S)311
+530 y Fn(11)385 515 y Fu(:)98 b Fr(if)33 b(x)g Fu(=)f
+Fr(1)h(then)h Fs(S)1226 530 y Fn(1)1297 515 y Fr(else)g
+Fs(S)1602 530 y Fn(1)244 683 y Fs(S)311 698 y Fn(12)385
+683 y Fu(:)98 b Fr(if)33 b(x)g Fu(=)f Fr(1)h(then)h Fs(S)1226
+698 y Fn(1)1297 683 y Fr(else)g Fs(S)1602 698 y Fn(2)0
+874 y Fu(Again)h(w)m(e)i(ma)m(y)f(exp)s(ect)h(that)f(the)h(analysis)e
+(of)h Fs(S)1901 889 y Fn(11)2012 874 y Fu(will)d(map)j(an)m(y)g(prop)s
+(ert)m(y)h(state)g Fs(ps)44 b Fu(to)0 994 y(the)33 b(prop)s(ert)m(y)g
+(state)g Fs(ps)8 b Fu([)p Fr(x)p Ft(7!)p Fb(ok)p Fu(],)34
+b(since)f Fs(S)1601 1009 y Fn(11)1708 994 y Fu(is)f(seman)m(tically)e
+(equiv)-5 b(alen)m(t)33 b(to)f Fs(S)3014 1009 y Fn(1)3053
+994 y Fu(.)146 1114 y(Concerning)d Fs(S)724 1129 y Fn(12)827
+1114 y Fu(it)f(will)e(not)j(alw)m(a)m(ys)g(b)s(e)g(correct)g(for)f(the)
+h(analysis)f(to)g(map)g(a)h(prop)s(ert)m(y)0 1235 y(state)k
+Fs(ps)40 b Fu(to)33 b Fs(ps)8 b Fu([)p Fr(x)p Ft(7!)p
+Fb(ok)p Fu(].)44 b(F)-8 b(or)31 b(an)i(example)f(supp)s(ose)i(that)e
+Fs(ps)8 b Fu(,)33 b Fs(s)2465 1250 y Fn(1)2537 1235 y
+Fu(and)g Fs(s)2775 1250 y Fn(2)2847 1235 y Fu(are)f(suc)m(h)i(that)244
+1425 y Fs(ps)40 b Fr(x)33 b Fu(=)f Fb(d)p Fu(?)h(and)g
+Fs(ps)40 b(y)i Fu(=)32 b Fb(ok)h Fu(for)g Fs(y)41 b Ft(2)33
+b Fu(\()p Fw(V)-9 b(ar)32 b Ft([)h(f)p Fu(on-trac)m(k)p
+Ft(g)p Fu(\))p Ft(nf)p Fr(x)p Ft(g)244 1593 y Fs(s)292
+1608 y Fn(1)364 1593 y Fr(x)g Fu(=)f Fw(1)h Fu(and)f
+Fs(s)882 1608 y Fn(1)954 1593 y Fs(y)42 b Fu(=)32 b Fw(0)h
+Fu(for)f Fs(y)41 b Ft(2)33 b Fw(V)-9 b(ar)p Ft(nf)p Fr(x)p
+Ft(g)244 1761 y Fs(s)292 1776 y Fn(2)364 1761 y Fr(x)33
+b Fu(=)f Fw(2)h Fu(and)f Fs(s)882 1776 y Fn(2)954 1761
+y Fs(y)42 b Fu(=)32 b Fw(0)h Fu(for)f Fs(y)41 b Ft(2)33
+b Fw(V)-9 b(ar)p Ft(nf)p Fr(x)p Ft(g)0 1951 y Fu(Then)34
+b(Example)e(5.2)g(giv)m(es)244 2142 y Fs(s)292 2157 y
+Fn(1)364 2142 y Ft(\021)h Fs(s)522 2157 y Fn(2)594 2142
+y Fu(rel)p 594 2155 109 4 v 32 w Fs(ps)0 2333 y Fu(but)50
+b Ft(S)264 2348 y Fn(ds)335 2333 y Fu([)-17 b([)q Fs(S)440
+2348 y Fn(12)514 2333 y Fu(])g(])q Fs(s)600 2348 y Fn(1)689
+2333 y Ft(\021)51 b(S)885 2348 y Fn(ds)956 2333 y Fu([)-17
+b([)p Fs(S)1060 2348 y Fn(12)1135 2333 y Fu(])g(])q Fs(s)1221
+2348 y Fn(2)1310 2333 y Fu(rel)p 1310 2346 V 49 w Fs(ps)8
+b Fu([)p Fr(x)p Ft(7!)p Fb(ok)p Fu(])51 b Fs(fails)57
+b Fu(b)s(ecause)52 b Ft(S)2627 2348 y Fn(ds)2698 2333
+y Fu([)-17 b([)p Fs(S)2802 2348 y Fn(12)2877 2333 y Fu(])g(])q
+Fs(s)2963 2348 y Fn(1)3052 2333 y Fu(=)50 b Fs(s)3226
+2348 y Fn(1)3315 2333 y Fu(and)0 2453 y Ft(S)68 2468
+y Fn(ds)139 2453 y Fu([)-17 b([)q Fs(S)244 2468 y Fn(12)318
+2453 y Fu(])g(])q Fs(s)404 2468 y Fn(2)476 2453 y Fu(=)32
+b Fs(s)632 2468 y Fn(2)704 2453 y Fu(and)h Fs(s)942 2468
+y Fn(1)1014 2453 y Fr(x)g Ft(6)p Fu(=)f Fs(s)1254 2468
+y Fn(2)1326 2453 y Fr(x)p Fu(.)146 2573 y(Ho)m(w)m(ev)m(er,)j(from)c
+(the)i(p)s(oin)m(t)f(of)g(view)g(of)g(the)h Fs(analysis)40
+b Fu(there)33 b(is)f(no)g(di\013erence)h(b)s(et)m(w)m(een)0
+2694 y Fs(S)67 2709 y Fn(1)137 2694 y Fu(and)d Fs(S)391
+2709 y Fn(2)461 2694 y Fu(b)s(ecause)i(neither)e(the)h(v)-5
+b(alue)30 b(of)g Fr(1)g Fu(nor)h Fr(2)f Fu(dep)s(ends)i(on)f(the)g(v)-5
+b(alues)30 b(of)g(the)h(input)0 2814 y(v)-5 b(ariables.)90
+b(Since)48 b(the)h(analysis)f(is)g(comp)s(ositionally)c(de\014ned)50
+b(this)e(means)g(that)h(there)0 2935 y(can)36 b(b)s(e)g(no)f
+(di\013erence)h(b)s(et)m(w)m(een)i Fs(S)1342 2950 y Fn(11)1452
+2935 y Fu(and)e Fs(S)1712 2950 y Fn(12)1822 2935 y Fu(from)e(the)i(p)s
+(oin)m(t)f(of)g(view)h(of)f(the)h(analysis.)0 3055 y(Therefore)27
+b(w)m(e)g(ha)m(v)m(e)g(to)e(accept)h(that)g(also)f(the)h(analysis)f(of)
+g Fs(S)2284 3070 y Fn(11)2384 3055 y Fu(should)h Fs(not)35
+b Fu(allo)m(w)24 b(mapping)0 3175 y(an)32 b(arbitrary)g(prop)s(ert)m(y)
+h(state)g Fs(ps)41 b Fu(to)32 b Fs(ps)8 b Fu([)p Fr(x)p
+Ft(7!)p Fb(ok)p Fu(].)146 3296 y(The)38 b(di\013erence)g(b)s(et)m(w)m
+(een)h Fs(S)1240 3311 y Fn(1)1316 3296 y Fu(and)e Fs(S)1577
+3311 y Fn(2)1653 3296 y Fu(arises)f(when)i(the)g(\\\015o)m(w)f(of)f
+(con)m(trol")g(do)s(es)i(not)0 3416 y(dep)s(end)25 b(on)e(the)i(input)e
+(v)-5 b(ariables)22 b(and)i(it)f(is)g(here)h(the)h(need)f(for)f(the)i
+(sp)s(ecial)d(tok)m(en)j(`on-trac)m(k')0 3536 y(comes)33
+b(in.)44 b(W)-8 b(e)34 b(shall)e(transform)g(a)g(prop)s(ert)m(y)i
+(state)g(in)m(to)e(an)h(improp)s(er)e(one,)j(b)m(y)g(mapping)0
+3657 y(`on-trac)m(k')39 b(to)f Fb(d)p Fu(?,)i(whenev)m(er)h(the)e
+(\\\015o)m(w)g(of)f(con)m(trol")f(is)h(not)h(\\functionally)d(dep)s
+(enden)m(t")0 3777 y(on)47 b(the)g(input)f(v)-5 b(ariables.)85
+b(Th)m(us)48 b(if)e Fs(ps)55 b Fr(x)46 b Fu(=)h Fb(d)p
+Fu(?)g(then)g(it)f(is)g(the)i(test,)j Fr(x)c Fu(=)f Fr(1)p
+Fu(,)51 b(in)46 b Fs(S)3398 3792 y Fn(11)0 3898 y Fu(and)33
+b Fs(S)257 3913 y Fn(12)365 3898 y Fu(that)g(will)d(b)s(e)k(resp)s
+(onsible)f(for)f(mapping)g Fs(ps)41 b Fu(in)m(to)32 b(the)i(improp)s
+(er)d(prop)s(ert)m(y)j(state)0 4018 y Fs(ps)8 b Fu([on-trac)m(k)p
+Ft(7!)p Fb(d)p Fu(?])39 b(and)g(then)g(the)g(e\013ect)h(of)e(analysing)
+g Fs(S)2235 4033 y Fn(1)2313 4018 y Fu(and)h Fs(S)2576
+4033 y Fn(2)2653 4018 y Fu(do)s(es)h(not)e(matter)g(as)0
+4138 y(long)31 b(as)i(an)g(improp)s(er)e(prop)s(ert)m(y)i(state)g(is)f
+(not)g(mapp)s(ed)h(in)m(to)e(a)i(prop)s(er)f(one.)468
+b Fh(2)146 4350 y Fu(Our)33 b(next)g(task)g(will)d(b)s(e)j(to)f(endo)m
+(w)i Fw(PState)e Fu(with)g(some)g(partially)e(ordered)j(structure)0
+4470 y(and)h(to)h(in)m(v)m(estigate)f(the)h(prop)s(erties)f(of)g(rel)p
+1543 4483 V 1651 4485 a Fn(Stm)1781 4470 y Fu(.)49 b(Concerning)35
+b(the)f(former)g(this)g(will)e(b)s(e)i(an)0 4590 y(instance)f(of)f(a)g
+(general)g(pro)s(cedure:)p 0 4711 3473 5 v 0 4872 a Fw(Lemma)37
+b(5.4)49 b Fu(Assume)43 b(that)f Fs(S)54 b Fu(is)41 b(a)h(non-empt)m(y)
+g(set)h(and)f(that)f(\()p Fs(D)9 b Fu(,)42 b Ft(v)q Fu(\))g(is)f(a)h
+(partially)0 4993 y(ordered)33 b(set.)44 b(Let)33 b Ft(v)795
+4957 y Fi(0)851 4993 y Fu(b)s(e)f(the)h(ordering)f(on)h(the)g(set)g
+Fs(S)12 b Ft(!)o Fs(D)42 b Fu(de\014ned)34 b(b)m(y)244
+5183 y Fs(f)295 5198 y Fn(1)367 5183 y Ft(v)444 5147
+y Fi(0)500 5183 y Fs(f)551 5198 y Fn(2)623 5183 y Fu(if)d(and)i(only)f
+(if)g Fs(f)1256 5198 y Fn(1)1328 5183 y Fs(x)45 b Ft(v)33
+b Fs(f)1579 5198 y Fn(2)1651 5183 y Fs(x)44 b Fu(for)32
+b(all)e Fs(x)45 b Ft(2)33 b Fs(S)0 5374 y Fu(Then)i(\()p
+Fs(S)12 b Ft(!)o Fs(D)d Fu(,)33 b Ft(v)681 5338 y Fi(0)704
+5374 y Fu(\))g(is)g(a)g(partially)e(ordered)j(set.)47
+b(F)-8 b(urthermore,)33 b(\()p Fs(S)12 b Ft(!)o Fs(D)d
+Fu(,)34 b Ft(v)2914 5338 y Fi(0)2938 5374 y Fu(\))f(is)g(a)g(ccp)s(o)h
+(if)0 5494 y Fs(D)42 b Fu(is)32 b(and)g(it)g(is)g(a)g(complete)g
+(lattice)f(if)h Fs(D)41 b Fu(is.)i(In)33 b(b)s(oth)f(cases)i(w)m(e)g
+(ha)m(v)m(e)p eop
+%%Page: 140 150
+140 149 bop 251 130 a Fw(140)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 527 515 a Fu(\()565
+449 y Fg(F)634 479 y Fi(0)658 515 y Fs(Y)19 b Fu(\))33
+b Fs(x)44 b Fu(=)1018 449 y Fg(F)1119 515 y Ft(f)33 b
+Fs(f)53 b(x)44 b Ft(j)33 b Fs(f)53 b Ft(2)33 b Fs(Y)52
+b Ft(g)283 715 y Fu(so)33 b(that)g(least)f(upp)s(er)h(b)s(ounds)g(are)g
+(determined)f(p)s(oin)m(t)m(wise.)p 283 835 3473 5 v
+283 1034 a Fw(Pro)s(of:)48 b Fu(It)41 b(is)g(straigh)m(tforw)m(ard)g
+(to)g(v)m(erify)h(that)f Ft(v)2255 998 y Fi(0)2320 1034
+y Fu(is)g(a)g(partial)e(order)i(so)h(w)m(e)g(omit)d(the)283
+1155 y(details.)50 b(W)-8 b(e)35 b(shall)f(\014rst)h(pro)m(v)m(e)h(the)
+g(lemma)d(in)h(the)h(case)h(where)g Fs(D)44 b Fu(is)34
+b(a)h(complete)f(lattice)283 1275 y(so)f(let)f Fs(Y)52
+b Fu(b)s(e)33 b(a)f(subset)j(of)d Fs(S)44 b Ft(!)32 b
+Fs(D)9 b Fu(.)33 b(Then)g(the)g(form)m(ula)527 1474 y(\()565
+1408 y Fg(F)634 1438 y Fi(0)658 1474 y Fs(Y)19 b Fu(\))33
+b Fs(x)44 b Fu(=)1018 1408 y Fg(F)1119 1474 y Ft(f)33
+b Fs(f)53 b(x)44 b Ft(j)33 b Fs(f)53 b Ft(2)33 b Fs(Y)52
+b Ft(g)283 1674 y Fu(de\014nes)33 b(an)e(elemen)m(t)1094
+1607 y Fg(F)1164 1637 y Fi(0)1187 1674 y Fs(Y)50 b Fu(of)31
+b Fs(S)42 b Ft(!)31 b Fs(D)39 b Fu(b)s(ecause)32 b Fs(D)40
+b Fu(b)s(eing)30 b(a)h(complete)f(lattice)f(means)i(that)283
+1728 y Fg(F)353 1794 y Ft(f)43 b Fs(f)64 b(x)55 b Ft(j)43
+b Fs(f)64 b Ft(2)44 b Fs(Y)63 b Ft(g)43 b Fu(exists)h(for)f(all)e
+Fs(x)55 b Fu(of)43 b Fs(S)12 b Fu(.)43 b(This)g(sho)m(ws)i(that)2834
+1728 y Fg(F)2904 1758 y Fi(0)2927 1794 y Fs(Y)63 b Fu(is)43
+b(a)g Fs(wel)5 b(l-de\014ne)-5 b(d)283 1914 y Fu(elemen)m(t)38
+b(of)e Fs(S)49 b Ft(!)37 b Fs(D)9 b Fu(.)37 b(T)-8 b(o)38
+b(see)g(that)1679 1848 y Fg(F)1748 1878 y Fi(0)1772 1914
+y Fs(Y)56 b Fu(is)37 b(an)g Fs(upp)-5 b(er)39 b(b)-5
+b(ound)48 b Fu(of)36 b Fs(Y)57 b Fu(let)37 b Fs(f)3151
+1929 y Fn(0)3223 1914 y Ft(2)c Fs(Y)56 b Fu(and)38 b(w)m(e)283
+2035 y(shall)c(sho)m(w)i(that)f Fs(f)1023 2050 y Fn(0)1097
+2035 y Ft(v)1175 1999 y Fi(0)1233 1968 y Fg(F)1302 1999
+y Fi(0)1325 2035 y Fs(Y)20 b Fu(.)35 b(This)g(amoun)m(ts)g(to)g
+(considering)f(an)h(arbitrary)f Fs(x)47 b Fu(in)34 b
+Fs(S)47 b Fu(and)283 2155 y(sho)m(wing)527 2354 y Fs(f)578
+2369 y Fn(0)650 2354 y Fs(x)e Ft(v)850 2288 y Fg(F)919
+2354 y Ft(f)32 b Fs(f)53 b(x)45 b Ft(j)32 b Fs(f)53 b
+Ft(2)33 b Fs(Y)53 b Ft(g)283 2554 y Fu(and)34 b(this)g(is)f(immediate)f
+(b)s(ecause)1606 2487 y Fg(F)1709 2554 y Fu(is)h(the)h(least)g(upp)s
+(er)g(b)s(ound)g(op)s(eration)f(in)g Fs(D)9 b Fu(.)34
+b(T)-8 b(o)34 b(see)283 2674 y(that)500 2608 y Fg(F)569
+2638 y Fi(0)592 2674 y Fs(Y)57 b Fu(is)37 b(the)h Fs(le)-5
+b(ast)46 b Fu(upp)s(er)38 b(b)s(ound)g(of)f Fs(Y)57 b
+Fu(let)36 b Fs(f)2261 2689 y Fn(1)2338 2674 y Fu(b)s(e)i(an)f(upp)s(er)
+h(b)s(ound)f(of)g Fs(Y)57 b Fu(and)38 b(w)m(e)283 2794
+y(shall)32 b(sho)m(w)h(that)965 2728 y Fg(F)1034 2758
+y Fi(0)1057 2794 y Fs(Y)52 b Ft(v)1259 2758 y Fi(0)1315
+2794 y Fs(f)1366 2809 y Fn(1)1405 2794 y Fu(.)43 b(This)33
+b(amoun)m(ts)g(to)f(sho)m(wing)527 2927 y Fg(F)597 2994
+y Ft(f)g Fs(f)53 b(x)45 b Ft(j)32 b Fs(f)53 b Ft(2)33
+b Fs(Y)52 b Ft(g)33 b(v)g Fs(f)1462 3009 y Fn(1)1534
+2994 y Fs(x)283 3193 y Fu(for)c(an)g(arbitrary)f Fs(x)41
+b Ft(2)29 b Fs(S)12 b Fu(.)29 b(Ho)m(w)m(ev)m(er,)j(this)d(is)f
+(immediate)f(b)s(ecause)j Fs(f)2856 3208 y Fn(1)2924
+3193 y Fs(x)41 b Fu(m)m(ust)29 b(b)s(e)g(an)g(upp)s(er)283
+3313 y(b)s(ound)j(of)e Ft(f)h Fs(f)52 b(x)43 b Ft(j)31
+b Fs(f)51 b Ft(2)32 b Fs(Y)51 b Ft(g)30 b Fu(and)i(b)s(ecause)1932
+3247 y Fg(F)2032 3313 y Fu(is)f(the)g(least)g(upp)s(er)g(b)s(ound)h(op)
+s(eration)e(in)g Fs(D)9 b Fu(.)430 3434 y(T)-8 b(o)34
+b(pro)m(v)m(e)i(the)f(other)g(part)f(of)g(the)h(lemma)d(assume)j(that)g
+Fs(D)43 b Fu(is)34 b(a)g(ccp)s(o)h(and)g(that)f Fs(Y)54
+b Fu(is)283 3554 y(a)33 b(c)m(hain)f(in)g Fs(S)44 b Ft(!)32
+b Fs(D)9 b Fu(.)33 b(The)h(form)m(ula)527 3753 y(\()565
+3687 y Fg(F)634 3717 y Fi(0)658 3753 y Fs(Y)19 b Fu(\))33
+b Fs(x)44 b Fu(=)1018 3687 y Fg(F)1119 3753 y Ft(f)33
+b Fs(f)53 b(x)44 b Ft(j)33 b Fs(f)53 b Ft(2)33 b Fs(Y)52
+b Ft(g)283 3953 y Fu(de\014nes)43 b(an)e(elemen)m(t)1125
+3886 y Fg(F)1194 3917 y Fi(0)1218 3953 y Fs(Y)60 b Fu(of)41
+b Fs(S)53 b Ft(!)41 b Fs(D)9 b Fu(:)41 b(eac)m(h)h Ft(f)f
+Fs(f)62 b(x)52 b Ft(j)41 b Fs(f)62 b Ft(2)42 b Fs(Y)60
+b Ft(g)41 b Fu(will)e(b)s(e)i(a)g(c)m(hain)g(in)f Fs(D)283
+4073 y Fu(b)s(ecause)32 b Fs(Y)50 b Fu(is)30 b(a)g(c)m(hain)g(and)g
+(hence)i(eac)m(h)1867 4007 y Fg(F)1937 4073 y Ft(f)e
+Fs(f)51 b(x)42 b Ft(j)30 b Fs(f)51 b Ft(2)31 b Fs(Y)50
+b Ft(g)30 b Fu(exists)h(b)s(ecause)g Fs(D)40 b Fu(is)29
+b(a)h(ccp)s(o.)283 4194 y(That)527 4127 y Fg(F)597 4157
+y Fi(0)620 4194 y Fs(Y)52 b Fu(is)32 b(the)h(least)f(upp)s(er)h(b)s
+(ound)g(of)f Fs(Y)52 b Fu(in)32 b Fs(S)45 b Ft(!)32 b
+Fs(D)41 b Fu(follo)m(ws)32 b(as)g(ab)s(o)m(v)m(e.)457
+b Fh(2)430 4397 y Fu(Instan)m(tiating)31 b Fs(S)45 b
+Fu(to)32 b(b)s(e)h Fw(V)-9 b(ar)32 b Ft([)h(f)p Fu(on-trac)m(k)p
+Ft(g)f Fu(and)h Fs(D)41 b Fu(to)32 b(b)s(e)h Fw(P)f Fu(w)m(e)i(get:)p
+283 4517 V 283 4688 a Fw(Corollary)i(5.5)49 b Fu(Let)33
+b Ft(v)1226 4703 y Fn(PS)1349 4688 y Fu(b)s(e)g(the)g(ordering)f(on)g
+Fw(PState)h Fu(de\014ned)h(b)m(y)527 4887 y Fs(ps)625
+4902 y Fn(1)694 4887 y Ft(v)772 4902 y Fn(PS)893 4887
+y Fs(ps)991 4902 y Fn(2)1060 4887 y Fu(if)28 b(and)i(only)g(if)e
+Fs(ps)1729 4902 y Fn(1)1798 4887 y Fs(x)42 b Ft(v)1962
+4902 y Fn(P)2044 4887 y Fs(ps)2142 4902 y Fn(2)2211 4887
+y Fs(x)f Fu(for)30 b(all)d Fs(x)42 b Ft(2)30 b Fw(V)-9
+b(ar)29 b Ft([)h(f)p Fu(on-trac)m(k)p Ft(g)283 5086 y
+Fu(Then)40 b(\()p Fw(PState)p Fu(,)f Ft(v)1057 5101 y
+Fn(PS)1149 5086 y Fu(\))e(is)h(a)g(complete)f(lattice.)59
+b(In)38 b(particular,)g(the)g(least)g(upp)s(er)h(b)s(ound)283
+5140 y Fg(F)353 5221 y Fn(PS)444 5206 y Fs(Y)52 b Fu(of)32
+b(a)h(subset)h Fs(Y)52 b Fu(of)32 b Fw(PState)g Fu(is)g(c)m
+(haracterized)i(b)m(y)552 5374 y(\()590 5308 y Fg(F)659
+5389 y Fn(PS)751 5374 y Fs(Y)19 b Fu(\))33 b Fs(x)44
+b Fu(=)1111 5308 y Fg(F)1180 5389 y Fn(P)1264 5374 y
+Ft(f)33 b Fs(ps)40 b(x)k Ft(j)33 b Fs(ps)40 b Ft(2)33
+b Fs(Y)52 b Ft(g)p 283 5494 V eop
+%%Page: 141 151
+141 150 bop 0 130 a Fw(5.1)112 b(Prop)s(erties)36 b(and)j(prop)s(ert)m
+(y)e(states)1540 b(141)p 0 193 3473 4 v 146 515 a Fu(W)-8
+b(e)28 b(shall)e(write)h Fb(lost)g Fu(for)g(the)h(prop)s(ert)m(y)g
+(state)f Fs(ps)36 b Fu(that)27 b(maps)g(all)e(v)-5 b(ariables)26
+b(to)h Fb(d)p Fu(?)g(and)0 636 y(that)38 b(maps)f(`on-trac)m(k')h(to)g
+Fb(d)p Fu(?.)59 b(Similarly)-8 b(,)35 b(w)m(e)k(shall)d(write)i
+Fb(init)g Fu(for)f(the)h(prop)s(ert)m(y)h(state)0 756
+y(that)c(maps)h(all)d(v)-5 b(ariables)34 b(to)i Fb(ok)g
+Fu(and)f(that)h(maps)f(`on-trac)m(k')h(to)f Fb(ok)p Fu(.)53
+b(Note)36 b(that)f Fb(init)h Fu(is)0 877 y(the)d Fs(le)-5
+b(ast)35 b(element)41 b Fu(of)32 b Fw(PState)p Fu(.)0
+1105 y Fw(Exercise)k(5.6)49 b(\(Essen)m(tial\))31 b Fu(Sho)m(w)i(that)
+244 1308 y Fs(ps)342 1323 y Fn(1)414 1308 y Ft(v)491
+1323 y Fn(PS)615 1308 y Fs(ps)713 1323 y Fn(2)785 1308
+y Fu(if)e(and)i(only)f(if)g(OK\()p Fs(ps)1656 1323 y
+Fn(1)1694 1308 y Fu(\))h Ft(\023)g Fu(OK\()p Fs(ps)2163
+1323 y Fn(2)2202 1308 y Fu(\))0 1512 y(Next)g(sho)m(w)h(that)244
+1715 y(OK\()434 1649 y Fg(F)503 1730 y Fn(PS)627 1715
+y Fs(Y)19 b Fu(\))33 b(=)897 1649 y Fg(T)966 1715 y Ft(f)g
+Fu(OK\()p Fs(ps)8 b Fu(\))32 b Ft(j)g Fs(ps)40 b Ft(2)33
+b Fs(Y)52 b Ft(g)0 1918 y Fu(whenev)m(er)35 b Fs(Y)52
+b Fu(is)32 b(a)h(non-empt)m(y)f(subset)j(of)d Fw(PState)p
+Fu(.)1409 b Fh(2)0 2178 y Fw(Prop)s(erties)36 b(of)i(rel)p
+676 2191 129 4 v 0 2363 a Fu(T)-8 b(o)36 b(study)i(the)e(prop)s(erties)
+h(of)e(the)i(parameterized)f(relation)e(rel)p 2339 2376
+109 4 v 36 w(w)m(e)j(need)h(a)e(notion)f(of)g(an)0 2483
+y(equiv)-5 b(alence)33 b(relation.)41 b(A)33 b(relation)244
+2687 y Fs(R)t Fu(:)g Fs(E)44 b Ft(\002)33 b Fs(E)45 b
+Ft(!)32 b Fw(T)0 2890 y Fu(is)g(an)h Fs(e)-5 b(quivalenc)g(e)33
+b(r)-5 b(elation)40 b Fu(on)32 b(a)g(set)i Fs(E)45 b
+Fu(if)31 b(and)i(only)f(if)294 3085 y Fs(R)t Fu(\()p
+Fs(e)459 3100 y Fn(1)498 3085 y Fu(,)h Fs(e)610 3100
+y Fn(1)650 3085 y Fu(\))1416 b(\(re\015exivit)m(y\))294
+3253 y Fs(R)t Fu(\()p Fs(e)459 3268 y Fn(1)498 3253 y
+Fu(,)33 b Fs(e)610 3268 y Fn(2)650 3253 y Fu(\))f(and)h
+Fs(R)t Fu(\()p Fs(e)1075 3268 y Fn(2)1115 3253 y Fu(,)f
+Fs(e)1226 3268 y Fn(3)1266 3253 y Fu(\))g(imply)f Fs(R)t
+Fu(\()p Fs(e)1775 3268 y Fn(1)1815 3253 y Fu(,)i Fs(e)1927
+3268 y Fn(3)1966 3253 y Fu(\))100 b(\(transitivit)m(y\))294
+3420 y Fs(R)t Fu(\()p Fs(e)459 3435 y Fn(1)498 3420 y
+Fu(,)33 b Fs(e)610 3435 y Fn(2)650 3420 y Fu(\))f(implies)e
+Fs(R)t Fu(\()p Fs(e)1216 3435 y Fn(2)1256 3420 y Fu(,)j
+Fs(e)1368 3435 y Fn(1)1407 3420 y Fu(\))659 b(\(symmetry\))0
+3617 y(for)32 b(all)f Fs(e)337 3632 y Fn(1)376 3617 y
+Fu(,)i Fs(e)488 3632 y Fn(2)560 3617 y Fu(and)g Fs(e)802
+3632 y Fn(3)874 3617 y Fu(of)f Fs(E)12 b Fu(.)0 3845
+y Fw(Exercise)36 b(5.7)49 b Fu(Sho)m(w)39 b(that)f(rel)p
+1115 3858 V 1223 3860 a Fn(Aexp)1388 3845 y Fu(\()p Fs(p)6
+b Fu(\),)39 b(rel)p 1586 3858 V 1694 3860 a Fn(Bexp)1856
+3845 y Fu(\()p Fs(p)6 b Fu(\))38 b(and)g(rel)p 2221 3858
+V 2329 3860 a Fn(Stm)2459 3845 y Fu(\()p Fs(ps)8 b Fu(\))38
+b(are)f(equiv)-5 b(alence)39 b(re-)0 3966 y(lations)31
+b(for)h(all)e(c)m(hoices)k(of)e Fs(p)38 b Ft(2)33 b Fw(P)f
+Fu(and)h Fs(ps)40 b Ft(2)33 b Fw(PState)p Fu(.)1285 b
+Fh(2)146 4194 y Fu(Eac)m(h)33 b(of)e(rel)p 498 4207 V
+606 4209 a Fn(Aexp)771 4194 y Fu(,)h(rel)p 830 4207 V
+938 4209 a Fn(Bexp)1132 4194 y Fu(and)f(rel)p 1320 4207
+V 15 x Fn(Stm)1590 4194 y Fu(are)h(examples)f(of)g(parameterized)g
+(\(equiv)-5 b(alence\))0 4314 y(relations.)42 b(In)33
+b(general)f(a)g Fs(p)-5 b(ar)g(ameterize)g(d)34 b(r)-5
+b(elation)39 b Fu(is)33 b(of)f(the)h(form)244 4518 y
+Ft(R)p Fu(:)44 b Fs(D)d Ft(!)32 b Fu(\()p Fs(E)45 b Ft(\002)33
+b Fs(E)45 b Ft(!)32 b Fw(T)p Fu(\))0 4721 y(where)e(\()p
+Fs(D)9 b Fu(,)30 b Ft(v)p Fu(\))f(is)g(a)g(partially)e(ordered)j(set,)g
+Fs(E)42 b Fu(is)29 b(a)g(set)h(and)f(eac)m(h)h Ft(R)q
+Fu(\()p Fs(d)10 b Fu(\))29 b(is)f(a)h(relation.)41 b(W)-8
+b(e)0 4842 y(shall)31 b(sa)m(y)j(that)e(a)g(parameterized)g(relation)f
+Ft(R)i Fu(is)f(a)g Fs(Kripke-r)-5 b(elation)39 b Fu(if)244
+5045 y Fs(d)304 5060 y Fn(1)376 5045 y Ft(v)33 b Fs(d)546
+5060 y Fn(2)618 5045 y Fu(implies)d(that)j(for)f(all)e
+Fs(e)1497 5060 y Fn(1)1537 5045 y Fu(,)i Fs(e)1648 5060
+y Fn(2)1721 5045 y Ft(2)h Fs(E)12 b Fu(:)949 5213 y(if)32
+b Ft(R)p Fu(\()p Fs(d)1221 5228 y Fn(1)1261 5213 y Fu(\)\()p
+Fs(e)1389 5228 y Fn(1)1428 5213 y Fu(,)h Fs(e)1540 5228
+y Fn(2)1579 5213 y Fu(\))g(then)g Ft(R)q Fu(\()p Fs(d)2055
+5228 y Fn(2)2094 5213 y Fu(\)\()p Fs(e)2222 5228 y Fn(1)2262
+5213 y Fu(,)f Fs(e)2373 5228 y Fn(2)2413 5213 y Fu(\))0
+5416 y(Note)h(that)f(this)g(is)g(a)h(kind)f(of)g(monotonicit)m(y)f
+(prop)s(ert)m(y)-8 b(.)p eop
+%%Page: 142 152
+142 151 bop 251 130 a Fw(142)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 283 515 3473
+5 v 283 702 a(Lemma)i(5.8)49 b Fu(rel)p 873 715 109 4
+v 981 717 a Fn(Stm)1143 702 y Fu(is)32 b(a)g(Kripk)m(e-relation.)p
+283 822 3473 5 v 283 1036 a Fw(Pro)s(of:)38 b Fu(Let)32
+b Fs(ps)896 1051 y Fn(1)968 1036 y Fu(and)h Fs(ps)1256
+1051 y Fn(2)1328 1036 y Fu(b)s(e)g(suc)m(h)h(that)e Fs(ps)1990
+1051 y Fn(1)2062 1036 y Ft(v)2139 1051 y Fn(PS)2263 1036
+y Fs(ps)2361 1051 y Fn(2)2433 1036 y Fu(and)h(assume)g(that)527
+1250 y Fs(s)575 1265 y Fn(1)647 1250 y Ft(\021)g Fs(s)805
+1265 y Fn(2)877 1250 y Fu(rel)p 877 1263 109 4 v 32 w
+Fs(ps)1116 1265 y Fn(1)283 1463 y Fu(holds)g(for)f(all)e(states)k
+Fs(s)1149 1478 y Fn(1)1221 1463 y Fu(and)e Fs(s)1458
+1478 y Fn(2)1498 1463 y Fu(.)43 b(W)-8 b(e)33 b(m)m(ust)g(sho)m(w)527
+1677 y Fs(s)575 1692 y Fn(1)647 1677 y Ft(\021)g Fs(s)805
+1692 y Fn(2)877 1677 y Fu(rel)p 877 1690 V 32 w Fs(ps)1116
+1692 y Fn(2)283 1890 y Fu(If)40 b Fs(ps)486 1905 y Fn(2)565
+1890 y Fu(on-trac)m(k)g(=)g Fb(d)p Fu(?)g(this)f(is)g(immediate)e(from)
+i(the)h(de\014nition)f(of)g(rel)p 2979 1903 V 3087 1905
+a Fn(Stm)3217 1890 y Fu(.)65 b(So)39 b(assume)283 2011
+y(that)33 b Fs(ps)593 2026 y Fn(2)665 2011 y Fu(on-trac)m(k)f(=)h
+Fb(ok)p Fu(.)44 b(In)33 b(this)f(case)i(w)m(e)f(m)m(ust)g(sho)m(w)527
+2224 y Ft(8)q Fs(x)44 b Ft(2)33 b Fu(OK\()p Fs(ps)1059
+2239 y Fn(2)1098 2224 y Fu(\))f Ft(\\)h Fw(V)-9 b(ar)p
+Fu(:)43 b Fs(s)1561 2239 y Fn(1)1633 2224 y Fs(x)i Fu(=)32
+b Fs(s)1879 2239 y Fn(2)1951 2224 y Fs(x)283 2438 y Fu(Since)g
+Fs(ps)635 2453 y Fn(1)706 2438 y Ft(v)784 2453 y Fn(PS)907
+2438 y Fs(ps)1005 2453 y Fn(2)1076 2438 y Fu(and)g Fs(ps)1363
+2453 y Fn(2)1434 2438 y Fu(on-trac)m(k)g(=)g Fb(ok)g
+Fu(it)f(m)m(ust)h(b)s(e)g(the)g(case)h(that)e Fs(ps)3235
+2453 y Fn(1)3306 2438 y Fu(on-trac)m(k)h(is)283 2558
+y Fb(ok)p Fu(.)45 b(F)-8 b(rom)31 b Fs(s)785 2573 y Fn(1)857
+2558 y Ft(\021)i Fs(s)1015 2573 y Fn(2)1087 2558 y Fu(rel)p
+1087 2571 V 32 w Fs(ps)1326 2573 y Fn(1)1397 2558 y Fu(w)m(e)h
+(therefore)f(get)527 2772 y Ft(8)q Fs(x)44 b Ft(2)33
+b Fu(OK\()p Fs(ps)1059 2787 y Fn(1)1098 2772 y Fu(\))f
+Ft(\\)h Fw(V)-9 b(ar)p Fu(:)43 b Fs(s)1561 2787 y Fn(1)1633
+2772 y Fs(x)i Fu(=)32 b Fs(s)1879 2787 y Fn(2)1951 2772
+y Fs(x)283 2986 y Fu(F)-8 b(rom)38 b(Exercise)i(5.6)f(and)g(the)g
+(assumption)f Fs(ps)2090 3001 y Fn(1)2168 2986 y Ft(v)2246
+3001 y Fn(PS)2376 2986 y Fs(ps)2474 3001 y Fn(2)2552
+2986 y Fu(w)m(e)i(get)f(OK\()p Fs(ps)3159 3001 y Fn(1)3198
+2986 y Fu(\))g Ft(\023)g Fu(OK\()p Fs(ps)3679 3001 y
+Fn(2)3718 2986 y Fu(\))283 3106 y(and)33 b(thereb)m(y)h(w)m(e)g(get)f
+(the)g(desired)g(result.)1784 b Fh(2)283 3434 y Fw(Exercise)37
+b(5.9)49 b(\(Essen)m(tial\))29 b Fu(Sho)m(w)k(that)f(rel)p
+1938 3447 V 2046 3449 a Fn(Aexp)2243 3434 y Fu(and)f(rel)p
+2431 3447 V 15 x Fn(Bexp)2734 3434 y Fu(are)g(Kripk)m(e-relations.)74
+b Fh(2)283 3779 y Fj(5.2)161 b(The)53 b(analysis)283
+4002 y Fu(When)43 b(sp)s(ecifying)d(the)i(analysis)f(w)m(e)h(shall)e(b)
+s(e)i(concerned)h(with)e(expressions)i(as)e(w)m(ell)g(as)283
+4123 y(statemen)m(ts.)283 4424 y Fp(Expressions)283 4613
+y Fu(The)c(analysis)e(of)h(an)f(arithmetic)f(expression)j
+Fs(a)43 b Fu(will)33 b(b)s(e)j(sp)s(eci\014ed)h(b)m(y)g(a)e(\(total\))f
+(function)283 4733 y Ft(P)8 b(A)q Fu([)-17 b([)p Fs(a)7
+b Fu(])-17 b(])33 b(from)f(prop)s(ert)m(y)h(states)h(to)e(prop)s
+(erties:)527 4947 y Ft(P)8 b(A)p Fu(:)44 b Fw(Aexp)33
+b Ft(!)f Fu(\()p Fw(PState)g Ft(!)g Fw(P)p Fu(\))283
+5160 y(Similarly)-8 b(,)21 b(the)j(analysis)e(of)g(a)h(b)s(o)s(olean)e
+(expression)k Fs(b)j Fu(will)21 b(b)s(e)i(de\014ned)i(b)m(y)e(a)g
+(\(total\))e(function)283 5281 y Ft(P)8 b(B)t Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(])33 b(from)e(prop)s(ert)m(y)j(states)f(to)f
+(prop)s(erties:)527 5494 y Ft(P)8 b(B)t Fu(:)44 b Fw(Bexp)32
+b Ft(!)h Fu(\()p Fw(PState)f Ft(!)g Fw(P)p Fu(\))p eop
+%%Page: 143 153
+143 152 bop 0 130 a Fw(5.2)112 b(The)38 b(analysis)2439
+b(143)p 0 193 3473 4 v 0 419 V 0 3216 4 2798 v 432 618
+a Ft(P)8 b(A)p Fu([)-17 b([)q Fs(n)7 b Fu(])-17 b(])p
+Fs(ps)382 b Fu(=)1373 444 y Fg(8)1373 519 y(<)1373 668
+y(:)1488 534 y Fb(ok)84 b Fu(if)31 b Fs(ps)41 b Fu(on-trac)m(k)33
+b(=)f Fb(ok)1488 701 y(d)p Fu(?)102 b(otherwise)432 971
+y Ft(P)8 b(A)p Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])p
+Fs(ps)387 b Fu(=)1373 796 y Fg(8)1373 871 y(<)1373 1020
+y(:)1488 886 y Fs(ps)41 b(x)95 b Fu(if)31 b Fs(ps)40
+b Fu(on-trac)m(k)33 b(=)g Fb(ok)1488 1053 y(d)p Fu(?)163
+b(otherwise)432 1233 y Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)684
+1248 y Fn(1)756 1233 y Fu(+)32 b Fs(a)921 1248 y Fn(2)961
+1233 y Fu(])-17 b(])p Fs(ps)110 b Fu(=)99 b(\()p Ft(P)8
+b(A)p Fu([)-17 b([)q Fs(a)1663 1248 y Fn(1)1702 1233
+y Fu(])g(])q Fs(ps)8 b Fu(\))32 b Ft(t)1975 1248 y Fn(P)2059
+1233 y Fu(\()p Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)2349
+1248 y Fn(2)2389 1233 y Fu(])g(])p Fs(ps)8 b Fu(\))432
+1424 y Ft(P)g(A)p Fu([)-17 b([)q Fs(a)684 1439 y Fn(1)756
+1424 y Fo(?)32 b Fs(a)894 1439 y Fn(2)934 1424 y Fu(])-17
+b(])p Fs(ps)137 b Fu(=)99 b(\()p Ft(P)8 b(A)p Fu([)-17
+b([)q Fs(a)1663 1439 y Fn(1)1702 1424 y Fu(])g(])q Fs(ps)8
+b Fu(\))32 b Ft(t)1975 1439 y Fn(P)2059 1424 y Fu(\()p
+Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)2349 1439 y Fn(2)2389
+1424 y Fu(])g(])p Fs(ps)8 b Fu(\))432 1615 y Ft(P)g(A)p
+Fu([)-17 b([)q Fs(a)684 1630 y Fn(1)756 1615 y Ft(\000)33
+b Fs(a)923 1630 y Fn(2)962 1615 y Fu(])-17 b(])q Fs(ps)108
+b Fu(=)99 b(\()p Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)1663
+1630 y Fn(1)1702 1615 y Fu(])g(])q Fs(ps)8 b Fu(\))32
+b Ft(t)1975 1630 y Fn(P)2059 1615 y Fu(\()p Ft(P)8 b(A)p
+Fu([)-17 b([)q Fs(a)2349 1630 y Fn(2)2389 1615 y Fu(])g(])p
+Fs(ps)8 b Fu(\))432 1967 y Ft(P)g(B)t Fu([)-17 b([)p
+Fr(true)p Fu(])g(])r Fs(ps)250 b Fu(=)1373 1793 y Fg(8)1373
+1868 y(<)1373 2017 y(:)1488 1883 y Fb(ok)84 b Fu(if)31
+b Fs(ps)41 b Fu(on-trac)m(k)33 b(=)f Fb(ok)1488 2050
+y(d)p Fu(?)102 b(otherwise)432 2320 y Ft(P)8 b(B)t Fu([)-17
+b([)p Fr(false)p Fu(])g(])r Fs(ps)199 b Fu(=)1373 2145
+y Fg(8)1373 2220 y(<)1373 2369 y(:)1488 2235 y Fb(ok)84
+b Fu(if)31 b Fs(ps)41 b Fu(on-trac)m(k)33 b(=)f Fb(ok)1488
+2402 y(d)p Fu(?)102 b(otherwise)432 2582 y Ft(P)8 b(B)t
+Fu([)-17 b([)p Fs(a)672 2597 y Fn(1)745 2582 y Fu(=)32
+b Fs(a)910 2597 y Fn(2)950 2582 y Fu(])-17 b(])p Fs(ps)121
+b Fu(=)99 b(\()p Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)1663
+2597 y Fn(1)1702 2582 y Fu(])g(])q Fs(ps)8 b Fu(\))32
+b Ft(t)1975 2597 y Fn(P)2059 2582 y Fu(\()p Ft(P)8 b(A)p
+Fu([)-17 b([)q Fs(a)2349 2597 y Fn(2)2389 2582 y Fu(])g(])p
+Fs(ps)8 b Fu(\))432 2773 y Ft(P)g(B)t Fu([)-17 b([)p
+Fs(a)672 2788 y Fn(1)745 2773 y Ft(\024)33 b Fs(a)912
+2788 y Fn(2)951 2773 y Fu(])-17 b(])q Fs(ps)119 b Fu(=)99
+b(\()p Ft(P)8 b(A)p Fu([)-17 b([)q Fs(a)1663 2788 y Fn(1)1702
+2773 y Fu(])g(])q Fs(ps)8 b Fu(\))32 b Ft(t)1975 2788
+y Fn(P)2059 2773 y Fu(\()p Ft(P)8 b(A)p Fu([)-17 b([)q
+Fs(a)2349 2788 y Fn(2)2389 2773 y Fu(])g(])p Fs(ps)8
+b Fu(\))432 2964 y Ft(P)g(B)t Fu([)-17 b([)p Ft(:)33
+b Fs(b)6 b Fu(])-17 b(])q Fs(ps)305 b Fu(=)99 b Ft(P)8
+b(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(ps)432
+3155 y Ft(P)8 b(B)t Fu([)-17 b([)p Fs(b)666 3170 y Fn(1)738
+3155 y Ft(^)33 b Fs(b)888 3170 y Fn(2)928 3155 y Fu(])-17
+b(])p Fs(ps)143 b Fu(=)99 b(\()p Ft(P)8 b(B)t Fu([)-17
+b([)q Fs(b)1646 3170 y Fn(1)1685 3155 y Fu(])g(])p Fs(ps)8
+b Fu(\))33 b Ft(t)1957 3170 y Fn(P)2042 3155 y Fu(\()p
+Ft(P)8 b(B)t Fu([)-17 b([)p Fs(b)2314 3170 y Fn(2)2354
+3155 y Fu(])g(])p Fs(ps)8 b Fu(\))p 3469 3216 V 0 3219
+3473 4 v 1015 3380 a(T)-8 b(able)33 b(5.1:)43 b(Analysis)32
+b(of)g(expressions)0 3651 y(The)c(de\014ning)f(clauses)h(are)f(giv)m
+(en)g(in)f(T)-8 b(able)27 b(5.1.)41 b(The)28 b(clause)f(for)g
+Fs(n)34 b Fu(re\015ects)29 b(that)d(the)i(v)-5 b(alue)0
+3771 y(of)33 b Fs(n)40 b Fu(in)32 b(a)h(prop)s(er)g(prop)s(ert)m(y)h
+(state)g Fs(ps)41 b Fu(do)s(es)33 b(not)g(dep)s(end)h(on)f(an)m(y)h(v)
+-5 b(ariable)32 b(and)h(therefore)0 3892 y(it)j(will)g(ha)m(v)m(e)i
+(the)g(prop)s(ert)m(y)h Fb(ok)p Fu(.)58 b(The)39 b(prop)s(ert)m(y)f(of)
+f(a)g(v)-5 b(ariable)36 b Fs(x)49 b Fu(in)37 b(a)g(prop)s(er)h(prop)s
+(ert)m(y)0 4012 y(state)g Fs(ps)46 b Fu(is)37 b(the)h(prop)s(ert)m(y)g
+(b)s(ound)g(to)g Fs(x)49 b Fu(in)37 b Fs(ps)8 b Fu(,)39
+b(that)e(is)g Fs(ps)46 b(x)12 b Fu(.)59 b(Th)m(us)39
+b(if)d Fs(ps)46 b Fu(is)37 b(the)h(initial)0 4132 y(prop)s(ert)m(y)c
+(state)h(then)f(the)g(in)m(ten)m(tion)f(is)g(that)h Ft(P)8
+b(A)p Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])p Fs(ps)41
+b Fu(is)34 b Fb(ok)g Fu(if)f(and)g(only)h(if)e Fs(x)46
+b Fu(is)33 b(one)h(of)0 4253 y(the)j(input)f(v)-5 b(ariables.)54
+b(F)-8 b(or)36 b(a)g(comp)s(osite)g(expression,)j(lik)m(e)c
+Fs(a)2358 4268 y Fn(1)2435 4253 y Fu(+)h Fs(a)2604 4268
+y Fn(2)2644 4253 y Fu(,)h(the)g(idea)f(is)g(that)g(it)0
+4373 y(can)d(only)f(ha)m(v)m(e)i(the)e(prop)s(ert)m(y)i
+Fb(ok)f Fu(if)e(b)s(oth)h(sub)s(expressions)j(ha)m(v)m(e)f(that)e(prop)
+s(ert)m(y)-8 b(.)44 b(This)33 b(is)0 4494 y(ensured)h(b)m(y)g(the)f
+(binary)f(op)s(eration)f Ft(t)1471 4509 y Fn(P)1555 4494
+y Fu(in)m(tro)s(duced)i(in)f(Section)g(5.1.)0 4693 y
+Fw(Example)37 b(5.10)49 b Fu(If)42 b Fs(ps)50 b Fr(x)43
+b Fu(=)f Fb(ok)h Fu(and)f Fs(ps)50 b Fu(on-trac)m(k)43
+b(=)f Fb(ok)h Fu(then)g Ft(P)8 b(A)p Fu([)-17 b([)q Fr(x)42
+b Fu(+)h Fr(1)p Fu(])-17 b(])p Fs(ps)51 b Fu(=)42 b Fb(ok)0
+4813 y Fu(since)35 b Ft(P)8 b(A)p Fu([)-17 b([)q Fr(x)p
+Fu(])g(])q Fs(ps)42 b Fu(=)35 b Fb(ok)h Fu(and)f Ft(P)8
+b(A)p Fu([)-17 b([)p Fr(1)p Fu(])g(])q Fs(ps)43 b Fu(=)34
+b Fb(ok)p Fu(.)51 b(On)35 b(the)h(other)f(hand,)g(if)f
+Fs(ps)43 b Fr(x)35 b Fu(=)g Fb(d)p Fu(?)g(then)0 4934
+y Ft(P)8 b(A)p Fu([)-17 b([)q Fr(x)32 b Fu(+)h Fr(1)p
+Fu(])-17 b(])q Fs(ps)40 b Fu(=)32 b Fb(d)p Fu(?)h(b)s(ecause)h
+Ft(P)8 b(A)p Fu([)-17 b([)q Fr(x)p Fu(])g(])q Fs(ps)40
+b Fu(=)32 b Fb(d)p Fu(?.)146 5054 y(F)-8 b(urthermore,)32
+b Ft(P)8 b(B)t Fu([)-17 b([)q Fr(x)33 b Fu(=)f Fr(x)p
+Fu(])-17 b(])q Fs(ps)40 b Fu(=)32 b Fb(d)p Fu(?)h(if)e
+Fs(ps)41 b Fr(x)32 b Fu(=)h Fb(d)p Fu(?)f(ev)m(en)i(though)f(the)g
+(test)g Fr(x)g Fu(=)f Fr(x)h Fu(will)0 5175 y(ev)-5 b(aluate)32
+b(to)g Fw(tt)g Fu(indep)s(enden)m(tly)h(of)f(whether)i(or)f(not)f
+Fr(x)h Fu(is)f(initialized)d(prop)s(erly)-8 b(.)359 b
+Fh(2)146 5374 y Fu(The)43 b(functions)f Ft(P)8 b(A)p
+Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])42 b(and)h Ft(P)8
+b(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])42 b(are)g(closely)g
+(connected)h(with)f(the)g(sets)i(of)d(free)0 5494 y(v)-5
+b(ariables)31 b(de\014ned)j(in)e(Chapter)h(1:)p eop
+%%Page: 144 154
+144 153 bop 251 130 a Fw(144)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 283 419 V 283
+1501 4 1083 v 666 519 a Ft(P)8 b(S)g Fu([)-17 b([)p Fs(x)45
+b Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])34 b Fs(ps)40 b Fu(=)32
+b Fs(ps)8 b Fu([)p Fs(x)k Ft(7!P)c(A)p Fu([)-17 b([)p
+Fs(a)7 b Fu(])-17 b(])q Fs(ps)8 b Fu(])666 710 y Ft(P)g(S)g
+Fu([)-17 b([)p Fr(skip)p Fu(])g(])35 b(=)d(id)666 901
+y Ft(P)8 b(S)g Fu([)-17 b([)p Fs(S)915 916 y Fn(1)955
+901 y Fu(;)p Fs(S)1049 916 y Fn(2)1088 901 y Fu(])g(])33
+b(=)g Ft(P)8 b(S)g Fu([)-17 b([)p Fs(S)1516 916 y Fn(2)1556
+901 y Fu(])g(])33 b Ft(\016)f(P)8 b(S)g Fu([)-17 b([)q
+Fs(S)1958 916 y Fn(1)1997 901 y Fu(])g(])666 1092 y Ft(P)8
+b(S)g Fu([)-17 b([)p Fr(if)33 b Fs(b)39 b Fr(then)33
+b Fs(S)1371 1107 y Fn(1)1443 1092 y Fr(else)h Fs(S)1748
+1107 y Fn(2)1787 1092 y Fu(])-17 b(])33 b(=)g(cond)2166
+1107 y Fn(P)2218 1092 y Fu(\()p Ft(P)8 b(B)t Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(],)33 b Ft(P)8 b(S)g Fu([)-17
+b([)q Fs(S)2838 1107 y Fn(1)2877 1092 y Fu(])g(])q(,)32
+b Ft(P)8 b(S)h Fu([)-17 b([)p Fs(S)3224 1107 y Fn(2)3263
+1092 y Fu(])g(])q(\))666 1284 y Ft(P)8 b(S)g Fu([)-17
+b([)p Fr(while)34 b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17
+b(])33 b(=)f(FIX)h Fs(H)934 1451 y Fu(where)h Fs(H)49
+b(h)39 b Fu(=)33 b(cond)1735 1466 y Fn(P)1788 1451 y
+Fu(\()p Ft(P)8 b(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(])q(,)32 b Fs(h)40 b Ft(\016)32 b(P)8 b(S)h Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))p 3753 1501
+V 283 1504 3473 4 v 1088 1665 a(T)-8 b(able)33 b(5.2:)43
+b(Analysis)32 b(of)g(statemen)m(ts)i(in)d Fw(While)283
+1955 y(Exercise)37 b(5.11)49 b(\(Essen)m(tial\))27 b
+Fu(Pro)m(v)m(e)j(that)f(for)g(ev)m(ery)i(arithmetic)c(expression)j
+Fs(a)36 b Fu(w)m(e)31 b(ha)m(v)m(e)527 2169 y Ft(P)8
+b(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(ps)40
+b Fu(=)33 b Fb(ok)g Fu(if)e(and)i(only)f(if)f(FV\()p
+Fs(a)7 b Fu(\))33 b Ft([)g(f)p Fu(on-trac)m(k)p Ft(g)f(\022)h
+Fu(OK\()p Fs(ps)8 b Fu(\))283 2384 y(F)-8 b(orm)m(ulate)32
+b(and)i(pro)m(v)m(e)h(a)e(similar)e(result)i(for)g(b)s(o)s(olean)f
+(expressions.)49 b(Deduce)34 b(that)g(for)f(all)283 2504
+y Fs(a)38 b Fu(of)31 b Fw(Aexp)g Fu(w)m(e)g(get)g Ft(P)8
+b(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(ps)38
+b Fu(=)31 b Fb(d)p Fu(?)g(if)e Fs(ps)39 b Fu(is)30 b(improp)s(er,)g
+(and)h(that)f(for)g(all)f Fs(b)37 b Fu(of)30 b Fw(Bexp)h
+Fu(w)m(e)283 2625 y(get)i Ft(P)8 b(B)t Fu([)-17 b([)q
+Fs(b)6 b Fu(])-17 b(])p Fs(ps)41 b Fu(=)32 b Fb(d)p Fu(?)h(if)e
+Fs(ps)41 b Fu(is)32 b(improp)s(er.)1849 b Fh(2)283 2928
+y Fp(Statemen)l(ts)283 3117 y Fu(T)-8 b(urning)40 b(to)f(statemen)m(ts)
+i(w)m(e)g(shall)d(sp)s(ecify)j(their)e(analysis)g(b)m(y)i(a)e(function)
+g Ft(P)8 b(S)49 b Fu(of)39 b(func-)283 3237 y(tionalit)m(y:)527
+3452 y Ft(P)8 b(S)h Fu(:)43 b Fw(Stm)32 b Ft(!)g Fu(\()p
+Fw(PState)g Ft(!)g Fw(PState)p Fu(\))283 3667 y(The)47
+b(totalit)m(y)d(of)h Ft(P)8 b(S)h Fu([)-17 b([)p Fs(S)12
+b Fu(])-17 b(])46 b(re\015ects)i(that)d(w)m(e)i(shall)d(b)s(e)i(able)f
+(to)g(analyse)h Fs(al)5 b(l)56 b Fu(statemen)m(ts)283
+3787 y(including)27 b(a)i(statemen)m(t)g(lik)m(e)f Fr(while)h(true)h
+(do)f(skip)h Fu(that)e(lo)s(ops.)41 b(The)30 b(de\014nition)d(of)h
+Ft(P)8 b(S)37 b Fu(is)283 3907 y(giv)m(en)30 b(in)e(T)-8
+b(able)28 b(5.2)h(and)g(the)g(clauses)h(for)e(assignmen)m(t,)i
+Fr(skip)g Fu(and)f(comp)s(osition)d(are)j(m)m(uc)m(h)283
+4028 y(as)k(in)f(the)h(direct)g(st)m(yle)g(denotational)e(seman)m(tics)
+h(of)h(Chapter)g(4.)43 b(The)34 b(remaining)c(clauses)283
+4148 y(will)h(b)s(e)i(explained)f(b)s(elo)m(w.)283 4395
+y Fw(Example)37 b(5.12)49 b Fu(Consider)33 b(the)g(statemen)m(t)527
+4609 y Fr(y)g Fu(:=)g Fr(x)283 4824 y Fu(First)j(assume)i(that)e
+Fs(ps)45 b Fu(is)36 b(a)h(prop)s(er)g(prop)s(ert)m(y)g(state)g(with)g
+Fs(ps)44 b Fr(x)37 b Fu(=)g Fb(ok)g Fu(and)g Fs(ps)45
+b Fr(y)37 b Fu(=)g Fb(d)p Fu(?.)283 4945 y(Then)d(w)m(e)g(ha)m(v)m(e)
+527 5159 y(\()p Ft(P)8 b(S)h Fu([)-17 b([)p Fr(y)33 b
+Fu(:=)f Fr(x)p Fu(])-17 b(])q Fs(ps)8 b Fu(\))33 b Fr(x)f
+Fu(=)h Fb(ok)527 5327 y Fu(\()p Ft(P)8 b(S)h Fu([)-17
+b([)p Fr(y)33 b Fu(:=)f Fr(x)p Fu(])-17 b(])q Fs(ps)8
+b Fu(\))33 b Fr(y)f Fu(=)h Fb(ok)527 5494 y Fu(\()p Ft(P)8
+b(S)h Fu([)-17 b([)p Fr(y)33 b Fu(:=)f Fr(x)p Fu(])-17
+b(])q Fs(ps)8 b Fu(\))33 b(on-trac)m(k)f(=)h Fb(ok)p
+eop
+%%Page: 145 155
+145 154 bop 0 130 a Fw(5.2)112 b(The)38 b(analysis)2439
+b(145)p 0 193 3473 4 v 0 515 a Fu(Since)34 b Ft(P)8 b(S)g
+Fu([)-17 b([)q Fr(y)34 b Fu(:=)f Fr(x)p Fu(])-17 b(])q
+Fs(ps)42 b Fu(is)33 b(prop)s(er)h(w)m(e)h(conclude)f(that)g(b)s(oth)f
+Fr(x)h Fu(and)g Fr(y)g Fu(only)f(dep)s(end)i(on)f(the)0
+636 y(input)26 b(v)-5 b(ariables)25 b(after)h Fr(y)g
+Fu(is)g(assigned)h(a)f(v)-5 b(alue)25 b(that)h(only)g(dep)s(ends)i(on)e
+(the)h(input)f(v)-5 b(ariables.)146 756 y(Assume)34 b(next)f(that)g
+Fs(ps)40 b Fr(y)33 b Fu(=)f Fb(ok)h Fu(but)g Fs(ps)41
+b Fr(x)32 b Fu(=)h Fb(d)p Fu(?.)44 b(Then)244 940 y(\()p
+Ft(P)8 b(S)g Fu([)-17 b([)q Fr(y)32 b Fu(:=)h Fr(x)p
+Fu(])-17 b(])q Fs(ps)8 b Fu(\))32 b Fr(y)h Fu(=)f Fb(d)p
+Fu(?)0 1123 y(sho)m(wing)42 b(that)g(when)h(a)f(dubious)g(v)-5
+b(alue)41 b(is)g(used)i(in)f(an)f(assignmen)m(t)h(then)h(the)f
+(assigned)0 1244 y(v)-5 b(ariable)31 b(will)f(get)j(a)f(dubious)h(v)-5
+b(alue)32 b(as)g(w)m(ell.)1676 b Fh(2)0 1445 y Fw(Exercise)36
+b(5.13)49 b Fu(Consider)40 b(the)f(statemen)m(ts)g Fs(S)1843
+1460 y Fn(1)1921 1445 y Fu(and)g Fs(S)2184 1460 y Fn(2)2262
+1445 y Fu(of)g(Example)f(5.3.)62 b(Use)39 b(T)-8 b(ables)0
+1566 y(5.1)37 b(and)h(5.2)f(to)h(c)m(haracterize)g(the)g(b)s(eha)m
+(viour)f(of)h Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)2185 1581
+y Fn(1)2224 1566 y Fu(])g(])38 b(and)g Ft(P)8 b(S)g Fu([)-17
+b([)q Fs(S)2744 1581 y Fn(2)2783 1566 y Fu(])g(])38 b(on)g(prop)s(er)f
+(and)0 1686 y(improp)s(er)31 b(prop)s(ert)m(y)i(states.)45
+b(An)m(ticipating)30 b(Section)j(5.3)f(sho)m(w)i(that)244
+1870 y Fs(s)292 1885 y Fn(1)364 1870 y Ft(\021)f Fs(s)522
+1885 y Fn(2)594 1870 y Fu(rel)p 594 1883 109 4 v 32 w
+Fs(ps)40 b Fu(implies)30 b Ft(S)1264 1885 y Fn(ds)1335
+1870 y Fu([)-17 b([)q Fs(S)1440 1885 y Fn(i)1464 1870
+y Fu(])g(])p Fs(s)1549 1885 y Fn(1)1621 1870 y Ft(\021)33
+b(S)1799 1885 y Fn(ds)1870 1870 y Fu([)-17 b([)q Fs(S)1975
+1885 y Fn(i)1998 1870 y Fu(])g(])q Fs(s)2084 1885 y Fn(2)2156
+1870 y Fu(rel)p 2156 1883 V 32 w Ft(P)8 b(S)g Fu([)-17
+b([)q Fs(S)2547 1885 y Fn(i)2570 1870 y Fu(])g(])q Fs(ps)0
+2053 y Fu(for)32 b(i)g(=)g(1,)g(2)h(and)f(for)g(all)f
+Fs(ps)40 b Ft(2)33 b Fw(PState)p Fu(.)1829 b Fh(2)146
+2255 y Fu(In)40 b(the)g(clause)g(for)g Fr(if)g Fs(b)45
+b Fr(then)c Fs(S)1446 2270 y Fn(1)1525 2255 y Fr(else)g
+Fs(S)1837 2270 y Fn(2)1915 2255 y Fu(w)m(e)g(use)g(the)f(auxiliary)e
+(function)h(cond)3420 2270 y Fn(P)0 2376 y Fu(de\014ned)34
+b(b)m(y)244 2641 y(cond)444 2656 y Fn(P)497 2641 y Fu(\()p
+Fs(f)20 b Fu(,)33 b Fs(h)702 2656 y Fn(1)742 2641 y Fu(,)f
+Fs(h)858 2656 y Fn(2)898 2641 y Fu(\))g Fs(ps)41 b Fu(=)1207
+2466 y Fg(8)1207 2541 y(<)1207 2691 y(:)1323 2556 y Fu(\()p
+Fs(h)1418 2571 y Fn(1)1490 2556 y Fs(ps)8 b Fu(\))32
+b Ft(t)1725 2571 y Fn(PS)1848 2556 y Fu(\()p Fs(h)1943
+2571 y Fn(2)2016 2556 y Fs(ps)8 b Fu(\))82 b(if)32 b
+Fs(f)53 b(ps)41 b Fu(=)32 b Fb(ok)1323 2724 y(lost)692
+b Fu(if)32 b Fs(f)53 b(ps)41 b Fu(=)32 b Fb(d)p Fu(?)0
+2906 y(First)g(consider)h(the)g(case)h(where)g(w)m(e)g(are)f
+(successful)i(in)d(analysing)f(the)j(condition,)d(that)i(is)0
+3026 y(where)39 b Fs(f)59 b(ps)46 b Fu(=)38 b Fb(ok)p
+Fu(.)61 b(F)-8 b(or)37 b(eac)m(h)j(v)-5 b(ariable)36
+b Fs(x)50 b Fu(w)m(e)39 b(can)f(determine)g(the)h(result)f(of)g
+(analysing)0 3147 y(eac)m(h)d(of)g(the)g(branc)m(hes,)h(namely)e(\()p
+Fs(h)1374 3162 y Fn(1)1448 3147 y Fs(ps)8 b Fu(\))35
+b Fs(x)46 b Fu(for)34 b(the)h(true)g(branc)m(h)g(and)g(\()p
+Fs(h)2850 3162 y Fn(2)2924 3147 y Fs(ps)8 b Fu(\))35
+b Fs(x)46 b Fu(for)34 b(the)0 3267 y(false)c(branc)m(h.)44
+b(The)32 b(least)e(upp)s(er)i(b)s(ound)f(of)f(these)i(t)m(w)m(o)g
+(results)f(will)e(b)s(e)i(the)g(new)h(prop)s(ert)m(y)0
+3388 y(b)s(ound)h(to)f Fs(x)12 b Fu(,)32 b(that)h(is)f(the)h(new)g
+(prop)s(ert)m(y)h(state)f(will)d(map)i Fs(x)44 b Fu(to)244
+3571 y(\(\()p Fs(h)377 3586 y Fn(1)449 3571 y Fs(ps)8
+b Fu(\))32 b Fs(x)12 b Fu(\))33 b Ft(t)811 3586 y Fn(P)896
+3571 y Fu(\(\()p Fs(h)1029 3586 y Fn(2)1101 3571 y Fs(ps)8
+b Fu(\))32 b Fs(x)12 b Fu(\))0 3755 y(If)24 b(the)h(analysis)f(of)g
+(the)h(condition)e(is)i(not)f(successful,)k(that)c(is)g
+Fs(f)46 b(ps)32 b Fu(=)24 b Fb(d)p Fu(?,)j(then)e(the)g(analysis)0
+3875 y(of)32 b(the)h(conditional)d(will)g(fail)h(and)h(w)m(e)i(shall)d
+(therefore)i(use)h(the)f(prop)s(ert)m(y)g(state)g Fb(lost)p
+Fu(.)0 4077 y Fw(Example)k(5.14)49 b Fu(Consider)33 b(no)m(w)g(the)g
+(statemen)m(t)244 4260 y Fr(if)g(x)g Fu(=)f Fr(x)h(then)g(z)g
+Fu(:=)g Fr(y)g(else)g(y)g Fu(:=)f Fr(z)0 4444 y Fu(Clearly)-8
+b(,)37 b(the)f(\014nal)g(v)-5 b(alue)36 b(of)g Fr(z)h
+Fu(can)g(b)s(e)f(determined)h(uniquely)f(from)f(the)i(initial)c(v)-5
+b(alue)36 b(of)0 4564 y Fr(y)p Fu(.)53 b(Ho)m(w)m(ev)m(er,)39
+b(if)34 b Fr(z)i Fu(is)f(dubious)h(then)h(the)f(analysis)f(cannot)g
+(giv)m(e)h(this)f(result.)53 b(T)-8 b(o)36 b(see)h(this)0
+4685 y(assume)h(that)f Fs(ps)46 b Fu(is)37 b(a)g(prop)s(er)h(prop)s
+(ert)m(y)g(state)g(suc)m(h)h(that)f Fs(ps)i Fr(x)e Fu(=)f
+Fb(ok)p Fu(,)j Fs(ps)45 b Fr(y)38 b Fu(=)f Fb(ok)h Fu(and)0
+4805 y Fs(ps)i Fr(z)33 b Fu(=)g Fb(d)p Fu(?.)43 b(Then)244
+4989 y(\()p Ft(P)8 b(S)g Fu([)-17 b([)q Fr(if)33 b(x)g
+Fu(=)f Fr(x)h(then)g(z)g Fu(:=)g Fr(y)f(else)i(y)f Fu(:=)f
+Fr(z)p Fu(])-17 b(])q Fs(ps)8 b Fu(\))32 b Fr(z)465 5156
+y Fu(=)g(\(cond)811 5171 y Fn(P)864 5156 y Fu(\()p Ft(P)8
+b(B)t Fu([)-17 b([)p Fr(x)33 b Fu(=)f Fr(x)p Fu(])-17
+b(])q(,)33 b Ft(P)8 b(S)g Fu([)-17 b([)q Fr(z)32 b Fu(:=)h
+Fr(y)p Fu(])-17 b(])q(,)32 b Ft(P)8 b(S)h Fu([)-17 b([)p
+Fr(y)33 b Fu(:=)g Fr(z)p Fu(])-17 b(]\))33 b Fs(ps)8
+b Fu(\))32 b Fr(z)465 5324 y Fu(=)g(\()p Ft(P)8 b(S)g
+Fu([)-17 b([)q Fr(z)33 b Fu(:=)f Fr(y)p Fu(])-17 b(])34
+b Fs(ps)40 b Ft(t)1331 5339 y Fn(P)1416 5324 y Ft(P)8
+b(S)g Fu([)-17 b([)q Fr(y)33 b Fu(:=)f Fr(z)p Fu(])-17
+b(])34 b Fs(ps)8 b Fu(\))32 b Fr(z)465 5492 y Fu(=)g
+Fb(d)p Fu(?)p eop
+%%Page: 146 156
+146 155 bop 251 130 a Fw(146)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fu(b)s(ecause)d
+Ft(P)8 b(B)t Fu([)-17 b([)p Fr(x)31 b Fu(=)g Fr(x)p Fu(])-17
+b(])q Fs(ps)39 b Fu(=)30 b Fb(ok)p Fu(,)i(\()p Ft(P)8
+b(S)g Fu([)-17 b([)q Fr(z)31 b Fu(:=)g Fr(y)p Fu(])-17
+b(])q Fs(ps)8 b Fu(\))30 b Fr(z)h Fu(=)g Fb(ok)g Fu(but)h(\()p
+Ft(P)8 b(S)g Fu([)-17 b([)p Fr(y)32 b Fu(:=)e Fr(z)p
+Fu(])-17 b(])q Fs(ps)8 b Fu(\))31 b Fr(z)g Fu(=)g Fb(d)p
+Fu(?.)283 636 y(So)i(ev)m(en)h(though)e(the)h(false)f(branc)m(h)h(nev)m
+(er)h(will)c(b)s(e)j(executed)h(it)e(will)e(in\015uence)j(the)g(result)
+283 756 y(obtained)g(b)m(y)g(the)g(analysis.)430 877
+y(Similarly)-8 b(,)21 b(ev)m(en)j(if)e Fr(y)h Fu(and)g
+Fr(z)g Fu(are)g(not)g(dubious)g(but)g Fr(x)g Fu(is,)i(the)e(analysis)f
+(cannot)h(determine)283 997 y(that)35 b(the)g(\014nal)f(v)-5
+b(alue)35 b(of)f Fr(z)h Fu(only)f(dep)s(ends)j(on)d(the)i(v)-5
+b(alue)34 b(of)g Fr(y)p Fu(.)51 b(T)-8 b(o)34 b(see)i(this)f(assume)g
+(that)283 1117 y Fs(ps)k Fu(is)31 b(a)f(prop)s(er)h(prop)s(ert)m(y)h
+(state)f(suc)m(h)h(that)f Fs(ps)38 b Fr(x)32 b Fu(=)e
+Fb(d)p Fu(?,)i Fs(ps)38 b Fr(y)31 b Fu(=)g Fb(ok)h Fu(and)f
+Fs(ps)38 b Fr(z)31 b Fu(=)g Fb(ok)p Fu(.)43 b(W)-8 b(e)283
+1238 y(then)34 b(get)527 1440 y Ft(P)8 b(S)h Fu([)-17
+b([)p Fr(if)33 b(x)g Fu(=)f Fr(x)h(then)h(z)f Fu(:=)f
+Fr(y)h(else)g(y)g Fu(:=)g Fr(z)p Fu(])-17 b(])q Fs(ps)710
+1608 y Fu(=)33 b(cond)1019 1623 y Fn(P)1071 1608 y Fu(\()p
+Ft(P)8 b(B)t Fu([)-17 b([)q Fr(x)33 b Fu(=)f Fr(x)p Fu(])-17
+b(])q(,)32 b Ft(P)8 b(S)h Fu([)-17 b([)p Fr(z)33 b Fu(:=)g
+Fr(y)p Fu(])-17 b(],)33 b Ft(P)8 b(S)g Fu([)-17 b([)q
+Fr(y)33 b Fu(:=)f Fr(z)p Fu(])-17 b(])q(\))p Fs(ps)710
+1775 y Fu(=)33 b Fb(lost)283 1978 y Fu(b)s(ecause)j Ft(P)8
+b(B)t Fu([)-17 b([)p Fr(x)34 b Fu(=)g Fr(x)p Fu(])-17
+b(])q Fs(ps)41 b Fu(=)34 b Fb(d)p Fu(?.)48 b(These)35
+b(examples)f(sho)m(w)h(that)f(the)g(result)g(of)f(the)i(analysis)283
+2098 y(is)j(safe)h(but)g(usually)f(somewhat)g(imprecise.)60
+b(More)39 b(complex)f(analyses)h(could)f(do)g(b)s(etter)283
+2218 y(\(for)28 b(example)f(b)m(y)i(trying)e(to)g(predict)h(the)g
+(outcome)f(of)h(tests\))g(but)g(in)f(general)h(no)f(decidable)283
+2339 y(analysis)32 b(can)h(pro)m(vide)g(exact)g(results.)1944
+b Fh(2)283 2566 y Fw(Exercise)37 b(5.15)49 b Fu(Consider)33
+b(the)g(statemen)m(ts)h Fs(S)2109 2581 y Fn(11)2217 2566
+y Fu(and)f Fs(S)2474 2581 y Fn(12)2581 2566 y Fu(of)f(Example)h(5.3.)44
+b(Use)34 b(T)-8 b(ables)283 2686 y(5.1)32 b(and)h(5.2)e(to)h(c)m
+(haracterize)h(the)g(b)s(eha)m(viour)f(of)g Ft(P)8 b(S)g
+Fu([)-17 b([)q Fs(S)2425 2701 y Fn(11)2499 2686 y Fu(])g(])33
+b(and)f Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)3008 2701 y
+Fn(12)3083 2686 y Fu(])g(])32 b(on)g(prop)s(er)h(and)283
+2806 y(improp)s(er)e(prop)s(ert)m(y)j(states.)44 b(An)m(ticipating)31
+b(Section)h(5.3)g(sho)m(w)i(that)527 3009 y Fs(s)575
+3024 y Fn(1)647 3009 y Ft(\021)f Fs(s)805 3024 y Fn(2)877
+3009 y Fu(rel)p 877 3022 109 4 v 32 w Fs(ps)41 b Fu(implies)30
+b Ft(S)1548 3024 y Fn(ds)1619 3009 y Fu([)-17 b([)p Fs(S)1723
+3024 y Fn(i)1747 3009 y Fu(])g(])q Fs(s)1833 3024 y Fn(1)1905
+3009 y Ft(\021)33 b(S)2082 3024 y Fn(ds)2154 3009 y Fu([)-17
+b([)p Fs(S)2258 3024 y Fn(i)2282 3009 y Fu(])g(])p Fs(s)2367
+3024 y Fn(2)2439 3009 y Fu(rel)p 2439 3022 V 32 w Ft(P)8
+b(S)h Fu([)-17 b([)p Fs(S)2830 3024 y Fn(i)2854 3009
+y Fu(])g(])p Fs(ps)283 3211 y Fu(for)29 b(i)e(=)i(11,)g(12)f(and)h(for)
+f(all)f Fs(ps)36 b Ft(2)29 b Fw(PState)p Fu(.)42 b(Finally)26
+b(argue)j(that)f(it)g(w)m(ould)h Fs(not)38 b Fu(b)s(e)29
+b(sensible)283 3331 y(to)k(use)527 3534 y(cond)727 3498
+y Fi(0)727 3558 y Fn(P)780 3534 y Fu(\()p Fs(f)21 b Fu(,)32
+b Fs(h)985 3549 y Fn(1)1025 3534 y Fu(,)h Fs(h)1142 3549
+y Fn(2)1181 3534 y Fu(\))g Fs(ps)40 b Fu(=)33 b(\()p
+Fs(h)1586 3549 y Fn(1)1658 3534 y Fs(ps)8 b Fu(\))32
+b Ft(t)1893 3549 y Fn(PS)2017 3534 y Fu(\()p Fs(h)2112
+3549 y Fn(2)2184 3534 y Fs(ps)8 b Fu(\))283 3736 y(instead)33
+b(of)f(the)h(cond)1099 3751 y Fn(P)1184 3736 y Fu(de\014ned)h(ab)s(o)m
+(v)m(e.)1891 b Fh(2)430 3963 y Fu(In)32 b(the)h(clause)f(for)g(the)g
+Fr(while)p Fu(-lo)s(op)g(w)m(e)h(also)e(use)i(the)g(function)e(cond)
+3080 3978 y Fn(P)3165 3963 y Fu(and)h(otherwise)283 4083
+y(the)23 b(clause)f(is)f(as)h(in)f(the)i(direct)e(st)m(yle)i
+(denotational)d(seman)m(tics)i(of)f(Chapter)i(4.)39 b(In)23
+b(particular)283 4204 y(w)m(e)28 b(use)f(the)g(\014xed)h(p)s(oin)m(t)d
+(op)s(eration)h(FIX)g(as)h(it)e(corresp)s(onds)j(to)e(unfolding)f(the)i
+Fr(while)p Fu(-lo)s(op)283 4324 y(a)40 b(n)m(um)m(b)s(er)h(of)e(times)g
+(|)h(once)g(for)g(eac)m(h)h(time)d(the)j Fs(analysis)47
+b Fu(tra)m(v)m(erses)42 b(the)f(lo)s(op.)64 b(As)41 b(in)283
+4444 y(Chapter)34 b(4)e(the)h(\014xed)h(p)s(oin)m(t)e(is)g(de\014ned)i
+(b)m(y)527 4647 y(FIX)f Fs(H)48 b Fu(=)961 4580 y Fg(F)1030
+4647 y Ft(f)32 b Fs(H)1200 4611 y Fn(n)1276 4647 y Ft(?)h(j)g
+Fu(n)f Ft(\025)h Fu(0)g Ft(g)283 4849 y Fu(where)h(the)f(functionalit)m
+(y)e(of)h Fs(H)49 b Fu(is)527 5051 y Fs(H)16 b Fu(:)33
+b(\()p Fw(PState)f Ft(!)g Fw(PState)p Fu(\))g Ft(!)g
+Fu(\()p Fw(PState)h Ft(!)f Fw(PState)p Fu(\))283 5254
+y(and)25 b(where)h Fw(PState)d Ft(!)h Fw(PState)g Fu(is)g(the)h(set)g
+(of)f(total)f(functions)h(from)f Fw(PState)h Fu(to)g
+Fw(PState)p Fu(.)283 5374 y(In)37 b(order)f(for)f(this)h(to)f(mak)m(e)i
+(sense)g Fs(H)52 b Fu(m)m(ust)36 b(b)s(e)h(a)e(con)m(tin)m(uous)i
+(function)e(on)h(a)g(ccp)s(o)g(with)283 5494 y Ft(?)d
+Fu(as)g(its)f(least)g(elemen)m(t.)44 b(W)-8 b(e)33 b(shall)e(shortly)h
+(v)m(erify)h(that)g(this)f(is)g(indeed)h(the)g(case.)p
+eop
+%%Page: 147 157
+147 156 bop 0 130 a Fw(5.2)112 b(The)38 b(analysis)2439
+b(147)p 0 193 3473 4 v 0 515 a(Example)37 b(5.16)49 b
+Fu(W)-8 b(e)36 b(are)h(no)m(w)g(in)f(a)g(p)s(osition)f(where)j(w)m(e)f
+(can)g(attempt)f(the)h(application)0 636 y(of)32 b(the)h(analysis)f(to)
+g(the)h(factorial)d(statemen)m(t:)244 814 y Ft(P)8 b(S)g
+Fu([)-17 b([)q Fr(y)33 b Fu(:=)f Fr(1)p Fu(;)h Fr(while)h
+Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
+Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
+Fr(x)p Ft(\000)p Fr(1)p Fu(\)])-17 b(])0 993 y(W)-8 b(e)35
+b(shall)f(apply)g(this)h(function)f(to)g(the)i(prop)s(er)e(prop)s(ert)m
+(y)i(state)f Fs(ps)2593 1008 y Fn(0)2667 993 y Fu(that)g(maps)f
+Fr(x)h Fu(to)g Fb(ok)0 1113 y Fu(and)d(all)e(other)h(v)-5
+b(ariables)31 b(\(including)f Fr(y)p Fu(\))i(to)f Fb(d)p
+Fu(?)h(as)g(this)f(corresp)s(onds)i(to)f(viewing)f Fr(x)h
+Fu(as)g(the)0 1234 y(only)g(input)g(v)-5 b(ariable)31
+b(of)h(the)h(statemen)m(t.)146 1354 y(T)-8 b(o)33 b(do)f(so)h(w)m(e)h
+(use)f(the)g(clauses)h(of)e(T)-8 b(ables)32 b(5.1)h(and)f(5.2)g(and)h
+(get)244 1533 y Ft(P)8 b(S)g Fu([)-17 b([)q Fr(y)33 b
+Fu(:=)f Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p Fr(x)p
+Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f
+Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
+Fr(1)p Fu(\)])-17 b(])34 b Fs(ps)2607 1548 y Fn(0)513
+1700 y Fu(=)e(\(FIX)g Fs(H)16 b Fu(\))33 b(\()p Fs(ps)1158
+1715 y Fn(0)1197 1700 y Fu([)p Fr(y)p Ft(7!)p Fb(ok)p
+Fu(]\))0 1879 y(where)244 2057 y Fs(H)48 b(h)40 b Fu(=)33
+b(cond)763 2072 y Fn(P)815 2057 y Fu(\()p Ft(P)8 b(B)t
+Fu([)-17 b([)q Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q(,)33
+b Fs(h)39 b Ft(\016)33 b(P)8 b(S)g Fu([)-17 b([)q Fr(y)32
+b Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f
+Fr(x)p Ft(\000)p Fr(1)p Fu(])-17 b(])r(,)32 b(id\))0
+2236 y(W)-8 b(e)33 b(\014rst)g(simplify)d Fs(H)49 b Fu(and)32
+b(obtain)244 2496 y(\()p Fs(H)48 b(h)7 b Fu(\))33 b Fs(ps)41
+b Fu(=)769 2322 y Fg(8)769 2397 y(<)769 2546 y(:)884
+2412 y Fb(lost)449 b Fu(if)31 b Fs(ps)24 b Fu(on-trac)m(k)16
+b(=)g Fb(d)p Fu(?)34 b(or)e Fs(ps)24 b Fr(x)16 b Fu(=)g
+Fb(d)p Fu(?)884 2579 y(\()p Fs(h)40 b(ps)8 b Fu(\))32
+b Ft(t)1247 2594 y Fn(PS)1371 2579 y Fs(ps)91 b Fu(if)31
+b Fs(ps)24 b Fu(on-trac)m(k)16 b(=)g Fb(ok)34 b Fu(and)f
+Fs(ps)24 b Fr(x)16 b Fu(=)g Fb(ok)0 2762 y Fu(A)m(t)29
+b(this)g(p)s(oin)m(t)f(w)m(e)i(shall)e(pretend)i(that)f(w)m(e)h(ha)m(v)
+m(e)g(sho)m(wn)h(the)e(follo)m(wing)d(prop)s(ert)m(y)k(of)f
+Fs(H)45 b Fu(\(to)0 2882 y(b)s(e)33 b(pro)m(v)m(ed)h(in)e(Exercise)i
+(5.18\):)244 3061 y(if)d Fs(H)421 3025 y Fn(n)497 3061
+y Ft(?)i Fu(=)g Fs(H)804 3025 y Fn(n+1)970 3061 y Ft(?)g
+Fu(for)f(some)g(n)244 3229 y(then)h(FIX)g Fs(H)48 b Fu(=)33
+b Fs(H)988 3192 y Fn(n)1064 3229 y Ft(?)0 3407 y Fu(where)e
+Ft(?)f Fu(is)f(the)h(function)f Ft(?)h Fs(ps)38 b Fu(=)29
+b Fb(init)h Fu(for)f(all)e Fs(ps)8 b Fu(.)43 b(W)-8 b(e)30
+b(can)g(no)m(w)g(calculate)e(the)i(iterands)0 3527 y
+Fs(H)88 3491 y Fn(0)160 3527 y Ft(?)q Fu(,)i Fs(H)385
+3491 y Fn(1)457 3527 y Ft(?)q Fu(,)g Ft(\001)17 b(\001)g(\001)o
+Fu(.)43 b(W)-8 b(e)33 b(obtain)244 3706 y(\()p Fs(H)370
+3670 y Fn(0)442 3706 y Ft(?)p Fu(\))g Fs(ps)40 b Fu(=)33
+b Fb(init)244 3961 y Fu(\()p Fs(H)370 3925 y Fn(1)442
+3961 y Ft(?)p Fu(\))g Fs(ps)40 b Fu(=)829 3786 y Fg(8)829
+3861 y(<)829 4011 y(:)944 3876 y Fb(lost)83 b Fu(if)31
+b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(d)p Fu(?)h(or)f Fs(ps)40
+b Fu(not)33 b(prop)s(er)944 4044 y Fs(ps)212 b Fu(if)31
+b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(ok)h Fu(and)g Fs(ps)40
+b Fu(prop)s(er)244 4315 y(\()p Fs(H)370 4279 y Fn(2)442
+4315 y Ft(?)p Fu(\))33 b Fs(ps)40 b Fu(=)829 4141 y Fg(8)829
+4216 y(<)829 4365 y(:)944 4231 y Fb(lost)83 b Fu(if)31
+b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(d)p Fu(?)h(or)f Fs(ps)40
+b Fu(not)33 b(prop)s(er)944 4398 y Fs(ps)212 b Fu(if)31
+b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(ok)h Fu(and)g Fs(ps)40
+b Fu(prop)s(er)0 4585 y(where)27 b Fs(ps)33 b Fu(is)25
+b(an)h(arbitrary)f(prop)s(ert)m(y)h(state.)42 b(Since)25
+b Fs(H)2027 4549 y Fn(1)2092 4585 y Ft(?)i Fu(=)e Fs(H)2385
+4549 y Fn(2)2450 4585 y Ft(?)h Fu(our)g(assumption)f(ab)s(o)m(v)m(e)0
+4706 y(ensures)35 b(that)d(w)m(e)h(ha)m(v)m(e)h(found)f(the)g(least)f
+(\014xed)i(p)s(oin)m(t)e(for)g Fs(H)16 b Fu(:)244 4966
+y(\(FIX)32 b Fs(H)16 b Fu(\))33 b Fs(ps)40 b Fu(=)884
+4791 y Fg(8)884 4866 y(<)884 5016 y(:)999 4881 y Fb(lost)83
+b Fu(if)31 b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(d)p Fu(?)h(or)f
+Fs(ps)40 b Fu(not)33 b(prop)s(er)999 5049 y Fs(ps)212
+b Fu(if)31 b Fs(ps)41 b Fr(x)33 b Fu(=)f Fb(ok)h Fu(and)g
+Fs(ps)40 b Fu(prop)s(er)0 5232 y(It)e(is)g(no)m(w)h(straigh)m(tforw)m
+(ard)f(to)g(v)m(erify)g(that)g(\(FIX)h Fs(H)16 b Fu(\))38
+b(\()p Fs(ps)2283 5247 y Fn(0)2322 5232 y Fu([)p Fr(y)p
+Ft(7!)p Fb(ok)p Fu(]\))h Fr(y)f Fu(=)g Fb(ok)h Fu(and)g(that)0
+5352 y(\(FIX)32 b Fs(H)16 b Fu(\)\()p Fs(ps)504 5367
+y Fn(0)544 5352 y Fu([)p Fr(y)p Ft(7!)p Fb(ok)p Fu(]\))22
+b(is)g(prop)s(er.)40 b(W)-8 b(e)22 b(conclude)h(that)e(there)i
+Fs(is)30 b Fu(a)22 b(functional)e(dep)s(endency)0 5472
+y(b)s(et)m(w)m(een)35 b(the)e(input)f(v)-5 b(ariable)31
+b Fr(x)h Fu(and)h(the)g(output)g(v)-5 b(ariable)31 b
+Fr(y)p Fu(.)1022 b Fh(2)p eop
+%%Page: 148 158
+148 157 bop 251 130 a Fw(148)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fp(W)-11
+b(ell-de\014nedness)46 b(of)f FC(P)10 b(S)283 700 y Fu(Ha)m(ving)32
+b(sp)s(eci\014ed)h(the)g(analysis)e(w)m(e)j(shall)c(no)m(w)j(sho)m(w)g
+(that)f(it)g(is)f(indeed)i(w)m(ell-de\014ned.)43 b(As)283
+820 y(in)32 b(Chapter)i(4)e(there)h(are)g(three)g(stages:)429
+1024 y Ft(\017)48 b Fu(First)23 b(w)m(e)i(in)m(tro)s(duce)e(a)g
+(partial)f(order)h(on)h Fw(PState)f Ft(!)g Fw(PState)g
+Fu(suc)m(h)i(that)f(it)e(b)s(ecomes)527 1144 y(a)33 b(ccp)s(o.)429
+1348 y Ft(\017)48 b Fu(Then)37 b(w)m(e)f(sho)m(w)g(that)f(certain)g
+(auxiliary)e(functions)i(used)h(in)e(the)i(de\014nition)e(of)h
+Ft(P)8 b(S)527 1468 y Fu(are)33 b(con)m(tin)m(uous.)429
+1671 y Ft(\017)48 b Fu(Finally)32 b(w)m(e)j(sho)m(w)h(that)e(the)g
+(\014xed)i(p)s(oin)m(t)d(op)s(erator)h(only)f(is)h(applied)f(to)h(con)m
+(tin)m(uous)527 1792 y(functions.)283 1995 y(Th)m(us)h(our)d(\014rst)h
+(task)g(is)f(to)h(de\014ne)g(a)g(partial)d(order)j(on)f
+Fw(PState)g Ft(!)g Fw(PState)h Fu(and)f(for)g(this)283
+2116 y(w)m(e)j(use)g(the)g(approac)m(h)f(dev)m(elop)s(ed)h(in)e(Lemma)g
+(5.4.)47 b(Instan)m(tiating)33 b(the)h(non-empt)m(y)g(set)h
+Fs(S)283 2236 y Fu(to)d(the)h(set)g Fw(PState)f Fu(and)h(the)f
+(partially)e(ordered)j(set)g(\()p Fs(D)9 b Fu(,)33 b
+Ft(v)p Fu(\))f(to)g(\()p Fw(PState)p Fu(,)g Ft(v)3294
+2251 y Fn(PS)3385 2236 y Fu(\))g(w)m(e)i(get:)p 283 2356
+3473 5 v 283 2531 a Fw(Corollary)i(5.17)49 b Fu(Let)33
+b Ft(v)g Fu(b)s(e)g(the)g(ordering)f(on)g Fw(PState)g
+Ft(!)g Fw(PState)h Fu(de\014ned)h(b)m(y)527 2734 y Fs(h)584
+2749 y Fn(1)657 2734 y Ft(v)f Fs(h)824 2749 y Fn(2)896
+2734 y Fu(if)e(and)i(only)f(if)f Fs(h)1535 2749 y Fn(1)1608
+2734 y Fs(ps)40 b Ft(v)1815 2749 y Fn(PS)1939 2734 y
+Fs(h)1996 2749 y Fn(2)2069 2734 y Fs(ps)g Fu(for)32 b(all)e(prop)s(ert)
+m(y)k(states)f Fs(ps)283 2938 y Fu(Then)42 b(\()p Fw(PState)d
+Ft(!)h Fw(PState)p Fu(,)h Ft(v)p Fu(\))f(is)g(a)f(complete)h(lattice,)g
+(and)g(hence)h(a)f(ccp)s(o,)i(and)e(the)283 3058 y(form)m(ula)31
+b(for)h(least)g(upp)s(er)h(b)s(ounds)h(is)527 3261 y(\()565
+3195 y Fg(F)667 3261 y Fs(Y)20 b Fu(\))32 b Fs(ps)41
+b Fu(=)1068 3195 y Fg(F)1137 3276 y Fn(PS)1261 3261 y
+Ft(f)32 b Fs(h)40 b(ps)g Ft(j)33 b Fs(h)39 b Ft(2)33
+b Fs(Y)53 b Ft(g)283 3465 y Fu(for)32 b(an)m(y)i(subset)g
+Fs(Y)52 b Fu(of)32 b Fw(PState)g Ft(!)g Fw(PState)p Fu(.)p
+283 3585 V 283 3813 a Fw(Exercise)37 b(5.18)49 b(\(Essen)m(tial\))33
+b Fu(Sho)m(w)j(that)f(the)h(assumption)f(made)g(in)g(Example)g(5.16)f
+(is)283 3934 y(correct.)45 b(That)32 b(is)h(\014rst)g(sho)m(w)g(that)
+527 4137 y Fs(H)16 b Fu(:)33 b(\()p Fw(PState)f Ft(!)g
+Fw(PState)p Fu(\))g Ft(!)g Fu(\()p Fw(PState)h Ft(!)f
+Fw(PState)p Fu(\))283 4341 y(as)d(de\014ned)g(in)f(Example)g(5.16)f(is)
+h(indeed)g(a)g(monotone)g(function.)41 b(Next)29 b(sho)m(w)h(that)e
+(for)f(an)m(y)283 4461 y(monotone)32 b(function)g Fs(H)49
+b Fu(of)32 b(the)h(ab)s(o)m(v)m(e)g(functionalit)m(y)e(if)527
+4664 y Fs(H)615 4628 y Fn(n)691 4664 y Ft(?)i Fu(=)g
+Fs(H)998 4628 y Fn(n+1)1164 4664 y Ft(?)283 4868 y Fu(for)f(some)h(n)g
+(then)g Fs(H)1074 4832 y Fn(n)1150 4868 y Ft(?)g Fu(is)f(the)h(least)f
+(\014xed)i(p)s(oin)m(t)e(of)g Fs(H)16 b Fu(.)1210 b Fh(2)430
+5096 y Fu(Our)37 b(second)i(task)f(is)f(to)g(ensure)i(that)e(the)h
+(function)f Fs(H)53 b Fu(used)39 b(in)e(T)-8 b(able)37
+b(5.2)g(is)g(a)g(con-)283 5216 y(tin)m(uous)45 b(function)e(from)g
+Fw(PState)h Ft(!)f Fw(PState)h Fu(to)g Fw(PState)f Ft(!)h
+Fw(PState)p Fu(.)78 b(F)-8 b(or)43 b(this)h(w)m(e)283
+5337 y(follo)m(w)27 b(the)j(approac)m(h)f(of)f(Section)h(4.3)f(and)h
+(sho)m(w)h(that)e(cond)2571 5352 y Fn(P)2653 5337 y Fu(is)g(con)m(tin)m
+(uous)h(in)f(its)h(second)283 5457 y(argumen)m(t)k(and)f(later)g(that)g
+(comp)s(osition)f(is)h(con)m(tin)m(uous)h(in)f(its)g(\014rst)h(argumen)
+m(t.)p eop
+%%Page: 149 159
+149 158 bop 0 130 a Fw(5.2)112 b(The)38 b(analysis)2439
+b(149)p 0 193 3473 4 v 0 515 3473 5 v 0 697 a(Lemma)37
+b(5.19)49 b Fu(Let)33 b Fs(f)21 b Fu(:)43 b Fw(PState)32
+b Ft(!)h Fw(P)p Fu(,)f Fs(h)1631 712 y Fn(0)1670 697
+y Fu(:)44 b Fw(PState)32 b Ft(!)g Fw(PState)g Fu(and)h(de\014ne)244
+906 y Fs(H)48 b(h)40 b Fu(=)33 b(cond)763 921 y Fn(P)815
+906 y Fu(\()p Fs(f)21 b Fu(,)33 b Fs(h)7 b Fu(,)33 b
+Fs(h)1138 921 y Fn(0)1177 906 y Fu(\))0 1115 y(Then)h
+Fs(H)16 b Fu(:)32 b(\()p Fw(PState)p Ft(!)p Fw(PState)p
+Fu(\))g Ft(!)g Fu(\()p Fw(PState)p Ft(!)o Fw(PState)p
+Fu(\))g(is)g(a)g(con)m(tin)m(uous)i(function.)p 0 1235
+V 0 1444 a Fw(Pro)s(of:)48 b Fu(W)-8 b(e)42 b(shall)e(\014rst)i(pro)m
+(v)m(e)h(that)e Fs(H)58 b Fu(is)41 b Fs(monotone)48 b
+Fu(so)42 b(let)f Fs(h)2505 1459 y Fn(1)2586 1444 y Fu(and)h
+Fs(h)2842 1459 y Fn(2)2923 1444 y Fu(b)s(e)g(suc)m(h)h(that)0
+1565 y Fs(h)57 1580 y Fn(1)129 1565 y Ft(v)33 b Fs(h)296
+1580 y Fn(2)336 1565 y Fu(,)e(that)g(is)g Fs(h)758 1580
+y Fn(1)828 1565 y Fs(ps)39 b Ft(v)1035 1580 y Fn(PS)1157
+1565 y Fs(h)1214 1580 y Fn(2)1285 1565 y Fs(ps)f Fu(for)31
+b(all)e(prop)s(ert)m(y)i(states)h Fs(ps)8 b Fu(.)43 b(W)-8
+b(e)32 b(then)f(ha)m(v)m(e)i(to)d(sho)m(w)0 1685 y(that)38
+b(cond)417 1700 y Fn(P)470 1685 y Fu(\()p Fs(f)21 b Fu(,)39
+b Fs(h)682 1700 y Fn(1)722 1685 y Fu(,)h Fs(h)846 1700
+y Fn(0)885 1685 y Fu(\))e Fs(ps)46 b Ft(v)1175 1700 y
+Fn(PS)1304 1685 y Fu(cond)1504 1700 y Fn(P)1557 1685
+y Fu(\()p Fs(f)21 b Fu(,)40 b Fs(h)1770 1700 y Fn(2)1809
+1685 y Fu(,)g Fs(h)1933 1700 y Fn(0)1973 1685 y Fu(\))e
+Fs(ps)8 b Fu(.)60 b(The)39 b(pro)s(of)e(is)h(b)m(y)h(cases)h(on)e(the)0
+1806 y(v)-5 b(alue)32 b(of)g Fs(f)54 b(ps)8 b Fu(.)43
+b(If)32 b Fs(f)54 b(ps)40 b Fu(=)33 b Fb(ok)g Fu(then)g(the)g(result)g
+(follo)m(ws)e(since)244 2015 y(\()p Fs(h)339 2030 y Fn(1)411
+2015 y Fs(ps)8 b Fu(\))32 b Ft(t)646 2030 y Fn(PS)770
+2015 y Fu(\()p Fs(h)865 2030 y Fn(0)937 2015 y Fs(ps)8
+b Fu(\))32 b Ft(v)1183 2030 y Fn(PS)1307 2015 y Fu(\()p
+Fs(h)1402 2030 y Fn(2)1474 2015 y Fs(ps)8 b Fu(\))32
+b Ft(t)1708 2030 y Fn(PS)1832 2015 y Fu(\()p Fs(h)1927
+2030 y Fn(0)1999 2015 y Fs(ps)8 b Fu(\))0 2224 y(If)33
+b Fs(f)53 b(ps)40 b Fu(=)33 b Fb(d)p Fu(?)g(then)g(the)g(result)f
+(follo)m(ws)g(since)h Fb(lost)f Ft(v)2111 2239 y Fn(PS)2234
+2224 y Fb(lost)p Fu(.)146 2345 y(T)-8 b(o)27 b(see)g(that)f
+Fs(H)42 b Fu(is)26 b Fs(c)-5 b(ontinuous)34 b Fu(let)26
+b Fs(Y)46 b Fu(b)s(e)26 b(a)g(non-empt)m(y)h(c)m(hain)f(in)f
+Fw(PState)h Ft(!)g Fw(PState)p Fu(.)0 2466 y(Using)f(the)g(c)m
+(haracterization)f(of)h(least)f(upp)s(er)i(b)s(ounds)g(in)e
+Fw(PState)g Fu(giv)m(en)h(in)g(Corollary)e(5.17)0 2586
+y(w)m(e)34 b(see)f(that)g(w)m(e)g(m)m(ust)g(sho)m(w)h(that)244
+2795 y(\()p Fs(H)48 b Fu(\()440 2729 y Fg(F)510 2795
+y Fs(Y)19 b Fu(\)\))33 b Fs(ps)40 b Fu(=)948 2729 y Fg(F)1018
+2810 y Fn(PS)1141 2795 y Ft(f)33 b Fu(\()p Fs(H)48 b(h)7
+b Fu(\))33 b Fs(ps)40 b Ft(j)33 b Fs(h)39 b Ft(2)33 b
+Fs(Y)53 b Ft(g)0 3005 y Fu(for)35 b(all)f(prop)s(ert)m(y)i(states)g
+Fs(ps)44 b Fu(in)35 b Fw(PState)p Fu(.)52 b(The)36 b(pro)s(of)f(is)g(b)
+m(y)h(cases)h(on)f(the)g(v)-5 b(alue)35 b(of)g Fs(f)56
+b(ps)8 b Fu(.)0 3125 y(If)33 b Fs(f)53 b(ps)40 b Fu(=)33
+b Fb(d)p Fu(?)g(then)g(w)m(e)g(ha)m(v)m(e)h(\()p Fs(H)49
+b Fu(\()1348 3058 y Fg(F)1417 3125 y Fs(Y)20 b Fu(\)\))32
+b Fs(ps)40 b Fu(=)33 b Fb(lost)f Fu(and)244 3268 y Fg(F)313
+3349 y Fn(PS)437 3334 y Ft(f)g Fu(\()p Fs(H)49 b(h)7
+b Fu(\))33 b Fs(ps)40 b Ft(j)32 b Fs(h)40 b Ft(2)p Fs(Y)53
+b Ft(g)32 b Fu(=)1467 3268 y Fg(F)1536 3349 y Fn(PS)1660
+3334 y Ft(f)h Fb(lost)f Ft(j)g Fs(h)40 b Ft(2)33 b Fs(Y)52
+b Ft(g)1359 3502 y Fu(=)32 b Fb(lost)0 3711 y Fu(where)47
+b(the)g(last)e(equalit)m(y)h(is)f(b)s(ecause)j Fs(Y)65
+b Fu(is)46 b(not)g(empt)m(y)-8 b(.)84 b(Th)m(us)48 b(w)m(e)f(ha)m(v)m
+(e)g(pro)m(v)m(ed)h(the)0 3831 y(required)33 b(result)g(in)f(this)g
+(case.)45 b(If)33 b Fs(f)53 b(ps)41 b Fu(=)33 b Fb(ok)g
+Fu(then)g(the)g(c)m(haracterization)f(of)h(least)f(upp)s(er)0
+3952 y(b)s(ounds)h(in)f Fw(PState)g Fu(giv)m(es:)244
+4161 y(\()p Fs(H)48 b Fu(\()440 4094 y Fg(F)510 4161
+y Fs(Y)19 b Fu(\)\))33 b Fs(ps)40 b Fu(=)32 b(\(\()1024
+4094 y Fg(F)1093 4161 y Fs(Y)20 b Fu(\))33 b Fs(ps)8
+b Fu(\))32 b Ft(t)1490 4176 y Fn(PS)1614 4161 y Fu(\()p
+Fs(h)1709 4176 y Fn(0)1781 4161 y Fs(ps)8 b Fu(\))840
+4328 y(=)32 b(\()986 4262 y Fg(F)1056 4343 y Fn(PS)1179
+4328 y Ft(f)h Fs(h)40 b(ps)g Ft(j)32 b Fs(h)40 b Ft(2)33
+b Fs(Y)52 b Ft(g)p Fu(\))32 b Ft(t)2042 4343 y Fn(PS)2166
+4328 y Fu(\()p Fs(h)2261 4343 y Fn(0)2333 4328 y Fs(ps)8
+b Fu(\))840 4496 y(=)948 4430 y Fg(F)1018 4511 y Fn(PS)1141
+4496 y Ft(f)33 b Fs(h)40 b(ps)g Ft(j)32 b Fs(h)40 b Ft(2)33
+b Fs(Y)52 b Ft([)33 b(f)f Fs(h)2055 4511 y Fn(0)2128
+4496 y Ft(g)g(g)0 4705 y Fu(and)244 4848 y Fg(F)313 4929
+y Fn(PS)437 4914 y Ft(f)g Fu(\()p Fs(H)49 b(h)7 b Fu(\))33
+b Fs(ps)40 b Ft(j)32 b Fs(h)40 b Ft(2)33 b Fs(Y)52 b
+Ft(g)32 b Fu(=)1500 4848 y Fg(F)1569 4929 y Fn(PS)1693
+4914 y Ft(f)g Fu(\()p Fs(h)40 b(ps)8 b Fu(\))32 b Ft(t)2138
+4929 y Fn(PS)2261 4914 y Fu(\()p Fs(h)2356 4929 y Fn(0)2429
+4914 y Fs(ps)8 b Fu(\))32 b Ft(j)g Fs(h)40 b Ft(2)33
+b Fs(Y)52 b Ft(g)1391 5082 y Fu(=)1500 5016 y Fg(F)1569
+5097 y Fn(PS)1693 5082 y Ft(f)32 b Fs(h)40 b(ps)g Ft(j)33
+b Fs(h)39 b Ft(2)33 b Fs(Y)52 b Ft([)33 b(f)g Fs(h)2607
+5097 y Fn(0)2679 5082 y Ft(g)f(g)0 5291 y Fu(where)g(the)f(last)f
+(equalit)m(y)g(follo)m(ws)f(b)s(ecause)j Fs(Y)50 b Fu(is)30
+b(not)h(empt)m(y)-8 b(.)43 b(Th)m(us)32 b(the)f(result)g(follo)m(ws)e
+(in)0 5411 y(this)j(case.)3008 b Fh(2)p eop
+%%Page: 150 160
+150 159 bop 251 130 a Fw(150)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a(Exercise)h(5.20)49
+b Fu(Let)33 b Fs(f)20 b Fu(:)44 b Fw(PState)32 b Ft(!)g
+Fw(P)p Fu(,)g Fs(h)1960 530 y Fn(0)2000 515 y Fu(:)44
+b Fw(PState)32 b Ft(!)g Fw(PState)g Fu(and)h(de\014ne)527
+706 y Fs(H)49 b(h)40 b Fu(=)32 b(cond)1046 721 y Fn(P)1099
+706 y Fu(\()p Fs(f)21 b Fu(,)32 b Fs(h)1304 721 y Fn(0)1344
+706 y Fu(,)h Fs(h)7 b Fu(\))283 897 y(Sho)m(w)32 b(that)e
+Fs(H)16 b Fu(:)30 b(\()p Fw(PState)g Ft(!)f Fw(PState)p
+Fu(\))h Ft(!)g Fu(\()p Fw(PState)g Ft(!)f Fw(PState)p
+Fu(\))h(is)g(a)g(con)m(tin)m(uous)h(func-)283 1018 y(tion.)3202
+b Fh(2)p 283 1230 3473 5 v 283 1392 a Fw(Lemma)38 b(5.21)49
+b Fu(Let)32 b Fs(h)1160 1407 y Fn(0)1200 1392 y Fu(:)44
+b Fw(PState)32 b Ft(!)g Fw(PState)g Fu(and)h(de\014ne)527
+1583 y Fs(H)49 b(h)40 b Fu(=)32 b Fs(h)40 b Ft(\016)32
+b Fs(h)1075 1598 y Fn(0)283 1774 y Fu(Then)i Fs(H)16
+b Fu(:)33 b(\()p Fw(PState)p Ft(!)o Fw(PState)p Fu(\))f
+Ft(!)g Fu(\()p Fw(PState)p Ft(!)o Fw(PState)p Fu(\))h(is)f(a)g(con)m
+(tin)m(uous)h(function.)p 283 1894 V 283 2085 a Fw(Pro)s(of:)50
+b Fu(W)-8 b(e)43 b(shall)e(\014rst)j(sho)m(w)g(that)f
+Fs(H)58 b Fu(is)43 b Fs(monotone)49 b Fu(so)43 b(let)f
+Fs(h)2781 2100 y Fn(1)2864 2085 y Fu(and)h Fs(h)3121
+2100 y Fn(2)3204 2085 y Fu(b)s(e)g(suc)m(h)h(that)283
+2206 y Fs(h)340 2221 y Fn(1)413 2206 y Ft(v)33 b Fs(h)580
+2221 y Fn(2)619 2206 y Fu(,)h(that)g(is)f Fs(h)1049 2221
+y Fn(1)1123 2206 y Fs(ps)41 b Ft(v)1332 2221 y Fn(PS)1457
+2206 y Fs(h)1514 2221 y Fn(2)1587 2206 y Fs(ps)h Fu(for)33
+b(all)f(prop)s(ert)m(y)i(states)h Fs(ps)8 b Fu(.)46 b(Clearly)33
+b(w)m(e)i(then)g(ha)m(v)m(e)283 2326 y Fs(h)340 2341
+y Fn(1)380 2326 y Fu(\()p Fs(h)475 2341 y Fn(0)544 2326
+y Fs(ps)8 b Fu(\))29 b Ft(v)787 2341 y Fn(PS)908 2326
+y Fs(h)965 2341 y Fn(2)1004 2326 y Fu(\()p Fs(h)1099
+2341 y Fn(0)1168 2326 y Fs(ps)8 b Fu(\))30 b(for)e(all)g(prop)s(ert)m
+(y)i(states)g Fs(ps)38 b Fu(and)29 b(thereb)m(y)i(w)m(e)g(ha)m(v)m(e)g
+(pro)m(v)m(ed)f(the)283 2446 y(monotonicit)m(y)h(of)h
+Fs(H)16 b Fu(.)430 2567 y(T)-8 b(o)40 b(pro)m(v)m(e)h(the)f
+Fs(c)-5 b(ontinuity)49 b Fu(let)39 b Fs(Y)59 b Fu(b)s(e)40
+b(a)g(non-empt)m(y)g(c)m(hain)f(in)g Fw(PState)h Ft(!)f
+Fw(PState)p Fu(.)283 2687 y(W)-8 b(e)33 b(m)m(ust)g(sho)m(w)h(that)527
+2878 y(\()p Fs(H)49 b Fu(\()724 2812 y Fg(F)793 2878
+y Fs(Y)20 b Fu(\)\))32 b Fs(ps)40 b Fu(=)33 b(\()1270
+2812 y Fg(F)1339 2878 y Ft(f)f Fs(H)49 b(h)40 b Ft(j)32
+b Fs(h)40 b Ft(2)33 b Fs(Y)52 b Ft(g)p Fu(\))32 b Fs(ps)283
+3069 y Fu(for)h(all)e(prop)s(ert)m(y)j(states)g Fs(ps)8
+b Fu(.)46 b(Using)33 b(the)g(c)m(haracterization)f(of)h(least)g(upp)s
+(er)h(b)s(ounds)g(giv)m(en)283 3190 y(in)e(Corollary)f(5.17)h(w)m(e)i
+(get)527 3381 y(\()p Fs(H)49 b Fu(\()724 3314 y Fg(F)793
+3381 y Fs(Y)20 b Fu(\)\))32 b Fs(ps)40 b Fu(=)33 b(\(\()1308
+3314 y Fg(F)1377 3381 y Fs(Y)20 b Fu(\))32 b Ft(\016)g
+Fs(h)1678 3396 y Fn(0)1718 3381 y Fu(\))h Fs(ps)1123
+3548 y Fu(=)g(\()1270 3482 y Fg(F)1339 3548 y Fs(Y)20
+b Fu(\))32 b(\()p Fs(h)1596 3563 y Fn(0)1668 3548 y Fs(ps)8
+b Fu(\))1123 3716 y(=)1232 3649 y Fg(F)1301 3731 y Fn(PS)1425
+3716 y Ft(f)32 b Fs(h)40 b Fu(\()p Fs(h)1692 3731 y Fn(0)1764
+3716 y Fs(ps)8 b Fu(\))33 b Ft(j)f Fs(h)40 b Ft(2)32
+b Fs(Y)53 b Ft(g)283 3907 y Fu(and)527 4098 y(\()565
+4031 y Fg(F)634 4098 y Ft(f)33 b Fs(H)48 b(h)40 b Ft(j)32
+b Fs(h)40 b Ft(2)33 b Fs(Y)52 b Ft(g)p Fu(\))33 b Fs(ps)40
+b Fu(=)1659 4031 y Fg(F)1729 4113 y Fn(PS)1852 4098 y
+Ft(f)33 b Fu(\()p Fs(H)48 b(h)7 b Fu(\))33 b Fs(ps)40
+b Ft(j)33 b Fs(h)39 b Ft(2)33 b Fs(Y)53 b Ft(g)1551 4265
+y Fu(=)1659 4199 y Fg(F)1729 4280 y Fn(PS)1852 4265 y
+Ft(f)33 b Fu(\()p Fs(h)39 b Ft(\016)33 b Fs(h)2202 4280
+y Fn(0)2241 4265 y Fu(\))g Fs(ps)40 b Ft(j)33 b Fs(h)39
+b Ft(2)33 b Fs(Y)52 b Ft(g)283 4457 y Fu(Hence)34 b(the)f(result)g
+(follo)m(ws.)2352 b Fh(2)430 4660 y Fu(This)33 b(su\016ces)h(for)e(sho)
+m(wing)h(the)g(w)m(ell-de\014nedness)h(of)e Ft(P)8 b(S)h
+Fu(:)p 283 4780 V 283 4942 a Fw(Prop)s(osition)36 b(5.22)49
+b Fu(The)41 b(seman)m(tic)f(function)f Ft(P)8 b(S)h Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q(:)58 b Fw(PState)39 b
+Ft(!)h Fw(PState)g Fu(of)f(T)-8 b(able)283 5063 y(5.2)33
+b(is)f(a)g(w)m(ell-de\014ned)h(function)f(for)g(all)e(statemen)m(ts)k
+Fs(S)44 b Fu(of)32 b(the)h(language)f Fw(While)p Fu(.)p
+283 5183 V 283 5374 a Fw(Pro)s(of:)k Fu(The)c(pro)s(of)e(is)h(b)m(y)h
+(structural)f(induction)f(on)h Fs(S)43 b Fu(and)32 b(only)e(the)i(case)
+g(of)e(the)i Fr(while)p Fu(-)283 5494 y(lo)s(op)g(is)g(in)m(teresting.)
+43 b(W)-8 b(e)33 b(note)f(that)h(the)g(function)f Fs(H)49
+b Fu(used)33 b(in)f(T)-8 b(able)32 b(5.2)g(is)h(giv)m(en)f(b)m(y)p
+eop
+%%Page: 151 161
+151 160 bop 0 130 a Fw(5.2)112 b(The)38 b(analysis)2439
+b(151)p 0 193 3473 4 v 244 515 a Fs(H)48 b Fu(=)33 b
+Fs(H)561 530 y Fn(1)633 515 y Ft(\016)f Fs(H)803 530
+y Fn(2)0 724 y Fu(where)244 932 y Fs(H)332 947 y Fn(1)404
+932 y Fs(h)40 b Fu(=)32 b(cond)802 947 y Fn(P)855 932
+y Fu(\()p Ft(P)8 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
+b(])q(,)32 b Fs(h)7 b Fu(,)33 b(id\))244 1099 y Fs(H)332
+1114 y Fn(2)404 1099 y Fs(h)40 b Fu(=)32 b Fs(h)40 b
+Ft(\016)32 b(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])0 1307 y(As)39 b Fs(H)238 1322 y Fn(1)315 1307 y
+Fu(and)f Fs(H)598 1322 y Fn(2)676 1307 y Fu(are)g(con)m(tin)m(uous)g
+(functions)g(b)m(y)h(Lemmas)e(5.19)h(and)g(5.21)f(w)m(e)i(ha)m(v)m(e)h
+(that)0 1428 y Fs(H)47 b Fu(is)31 b(a)g(con)m(tin)m(uous)g(function)g
+(b)m(y)h(Lemma)e(4.35.)42 b(Hence)32 b(FIX)f Fs(H)48
+b Fu(is)30 b(w)m(ell-de\014ned)i(and)f(this)0 1548 y(completes)h(the)h
+(pro)s(of.)2530 b Fh(2)0 1867 y Fw(Exercise)36 b(5.23)49
+b Fu(Consider)33 b(the)g(statemen)m(t)244 2075 y Fr(z)g
+Fu(:=)f Fr(0)p Fu(;)h Fr(while)h(y)p Ft(\024)q Fr(x)e(do)h
+Fu(\()p Fr(z)g Fu(:=)g Fr(z)p Fu(+)p Fr(1)p Fu(;)g Fr(x)f
+Fu(:=)h Fr(x)p Ft(\000)p Fr(y)p Fu(\))0 2283 y(where)h
+Fr(x)f Fu(and)f Fr(y)h Fu(are)g(input)f(v)-5 b(ariables)31
+b(and)i Fr(z)g Fu(is)f(the)h(output)g(v)-5 b(ariable.)41
+b(Use)34 b(the)f(approac)m(h)0 2404 y(of)e(Example)g(5.16)g(to)h(sho)m
+(w)g(that)g(there)g(is)f(a)h(functional)e(dep)s(endency)k(b)s(et)m(w)m
+(een)g(the)e(input)0 2524 y(and)h(output)f(v)-5 b(ariables.)2489
+b Fh(2)0 2759 y Fw(Exercise)36 b(5.24)49 b Fu(Apply)31
+b(the)g(analysis)f Ft(P)8 b(S)39 b Fu(to)30 b(the)i(statemen)m(t)f
+Fr(while)h(true)f(do)h(skip)f Fu(and)0 2879 y(explain)h(wh)m(y)i(the)f
+(analysis)f(terminates.)1840 b Fh(2)0 3114 y Fw(Exercise)36
+b(5.25)49 b Fu(Extend)g Fw(While)d Fu(with)h(the)h(statemen)m(t)g
+Fr(repeat)34 b Fs(S)45 b Fr(until)33 b Fs(b)54 b Fu(and)47
+b(giv)m(e)0 3235 y(the)38 b(new)g(\(comp)s(ositional\))c(clause)k(for)e
+Ft(P)8 b(S)h Fu(.)58 b(Discuss)38 b(y)m(our)g(extension)g(and)f(v)-5
+b(alidate)36 b(the)0 3355 y(w)m(ell-de\014nedness.)2697
+b Fh(2)0 3590 y Fw(Exercise)36 b(5.26)49 b Fu(Extend)41
+b Fw(While)d Fu(with)i(the)g(statemen)m(t)g Fr(for)g
+Fo(x)g Fu(:=)g Fo(a)2716 3605 y Fn(1)2795 3590 y Fr(to)g
+Fo(a)2988 3605 y Fn(2)3067 3590 y Fr(do)g Fs(S)51 b Fu(and)0
+3711 y(giv)m(e)35 b(the)g(new)h(\(comp)s(ositional\))31
+b(clause)k(for)g Ft(P)8 b(S)g Fu(.)50 b(Discuss)36 b(y)m(our)f
+(extension)h(and)f(v)-5 b(alidate)0 3831 y(the)33 b(w)m
+(ell-de\014nedness.)2529 b Fh(2)0 4066 y Fw(Exercise)36
+b(5.27)49 b(\(Essen)m(tial\))31 b Fu(Sho)m(w)i(that)f(for)g(ev)m(ery)j
+(statemen)m(t)e Fs(S)244 4274 y(ps)40 b Fu(on-trac)m(k)33
+b Ft(v)g Fu(\()p Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)12
+b Fu(])-17 b(])p Fs(ps)8 b Fu(\))33 b(on-trac)m(k)0 4482
+y(so)g(that)g Fs(ps)40 b Fu(m)m(ust)34 b(b)s(e)f(prop)s(er)g(if)e
+Ft(P)8 b(S)h Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q
+Fs(ps)40 b Fu(is.)k(In)33 b(the)h(case)g(of)e Fr(while)i
+Fs(b)39 b Fr(do)33 b Fs(S)45 b Fu(y)m(ou)34 b(should)0
+4602 y(\014rst)f(pro)m(v)m(e)h(that)e(for)g(all)f(n)h
+Ft(\025)h Fu(1:)244 4811 y Fs(ps)40 b Fu(on-trac)m(k)33
+b Ft(v)g Fu(\(\()p Fs(H)1033 4774 y Fn(n)1109 4811 y
+Ft(?)p Fu(\))g Fs(ps)8 b Fu(\))32 b(on-trac)m(k)0 5019
+y(where)i Ft(?)f Fs(ps)490 4983 y Fi(0)546 5019 y Fu(=)f
+Fb(init)h Fu(for)f(all)e Fs(ps)1249 4983 y Fi(0)1305
+5019 y Fu(and)j Fs(H)48 b(h)40 b Fu(=)32 b(cond)2013
+5034 y Fn(P)2066 5019 y Fu(\()p Ft(P)8 b(B)t Fu([)-17
+b([)p Fs(b)6 b Fu(])-17 b(])q(,)33 b Fs(h)39 b Ft(\016)33
+b(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33
+b(id\).)296 b Fh(2)0 5254 y Fw(Exercise)36 b(5.28)49
+b Fu(Sho)m(w)25 b(that)f(there)h(exists)g Fs(h)1702 5269
+y Fn(0)1741 5254 y Fu(:)40 b Fw(PState)23 b Ft(!)h Fw(PState)f
+Fu(suc)m(h)j(that)e Fs(H)40 b Fu(de\014ned)0 5374 y(b)m(y)h
+Fs(H)56 b(h)47 b Fu(=)40 b Fs(h)541 5389 y Fn(0)621 5374
+y Ft(\016)g Fs(h)47 b Fu(is)40 b Fs(not)h(even)47 b Fu(a)40
+b(monotone)f(function)h(from)f Fw(PState)g Ft(!)h Fw(PState)g
+Fu(to)0 5494 y Fw(PState)32 b Ft(!)g Fw(PState)p Fu(.)2543
+b Fh(2)p eop
+%%Page: 152 162
+152 161 bop 251 130 a Fw(152)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a(Remark)30
+b Fu(The)h(example)f(of)f(the)i(ab)s(o)m(v)m(e)g(exercise)g(indicates)f
+(a)g(ma)5 b(jor)29 b(departure)i(from)d(the)283 636 y(secure)46
+b(w)m(orld)d(of)g(Chapter)h(4.)76 b(Luc)m(kily)44 b(an)f(insurance)h(p)
+s(olicy)e(can)i(b)s(e)g(arranged.)76 b(The)283 756 y(premium)31
+b(is)h(to)h(replace)f(all)f(o)s(ccurrences)j(of)527 993
+y Fw(PState)e Ft(!)h Fw(PState)97 b Fu(and)130 b Fw(PState)32
+b Ft(!)g Fw(P)283 1229 y Fu(b)m(y)527 1466 y([)p Fw(PState)h
+Ft(!)f Fw(PState)p Fu(])97 b(and)130 b([)p Fw(PState)32
+b Ft(!)h Fw(P)p Fu(])283 1702 y(where)45 b([)p Fs(D)52
+b Ft(!)42 b Fs(E)12 b Fu(])44 b(=)e Ft(f)h Fs(f)21 b
+Fu(:)64 b Fs(D)52 b Ft(!)43 b Fs(E)55 b Ft(j)43 b Fs(f)64
+b Fu(is)42 b(con)m(tin)m(uous)i Ft(g)p Fu(.)75 b(One)43
+b(can)g(then)h(sho)m(w)g(that)283 1823 y([)p Fs(D)49
+b Ft(!)39 b Fs(E)12 b Fu(])40 b(is)f(a)h(ccp)s(o)g(if)e
+Fs(D)49 b Fu(and)40 b Fs(E)51 b Fu(are)40 b(and)g(that)f(the)h(c)m
+(haracterization)f(of)g(least)g(upp)s(er)283 1943 y(b)s(ounds)c(giv)m
+(en)f(in)g(Lemma)f(5.4)g(still)f(holds.)48 b(F)-8 b(urthermore,)34
+b(one)g(can)g(sho)m(w)i(that)d(Exercise)283 2063 y(5.6)26
+b(ensures)h(that)f Ft(P)8 b(A)p Fu([)-17 b([)p Fs(a)7
+b Fu(])-17 b(])27 b(and)f Ft(P)8 b(B)t Fu([)-17 b([)p
+Fs(b)6 b Fu(])-17 b(])26 b(are)g(con)m(tin)m(uous.)42
+b(Finally)-8 b(,)24 b(the)i(en)m(tire)g(dev)m(elopmen)m(t)283
+2184 y(in)k(this)h(section)g(still)d(carries)j(through)f(although)g
+(there)h(are)g(additional)d(pro)s(of)i(obligations)283
+2304 y(to)i(b)s(e)h(carried)f(out.)43 b(In)32 b(this)g(setting)g(one)g
+(gets)h(that)f(if)f Fs(h)2438 2319 y Fn(0)2478 2304 y
+Fu(:)43 b([)p Fw(PState)32 b Ft(!)g Fw(PState)p Fu(])g(then)g
+Fs(H)283 2424 y Fu(de\014ned)c(b)m(y)f Fs(H)42 b(h)34
+b Fu(=)26 b Fs(h)1099 2439 y Fn(0)1171 2424 y Ft(\016)32
+b Fs(h)h Fu(is)26 b(indeed)g(a)g(con)m(tin)m(uous)h(function)f(from)f
+([)p Fw(PState)g Ft(!)h Fw(PState)p Fu(])283 2545 y(to)33
+b([)p Fw(PState)f Ft(!)g Fw(PState)p Fu(].)2369 b Fh(2)430
+2672 y Fu(T)-8 b(o)30 b(summarize,)f(the)h(w)m(ell-de\014nedness)i(of)e
+Ft(P)8 b(S)38 b Fu(relies)29 b(on)h(the)g(follo)m(wing)d(results)k
+(estab-)283 2792 y(lished)h(ab)s(o)m(v)m(e:)p 283 2922
+3470 4 v 283 2939 V 281 3146 4 208 v 298 3146 V 1371
+3067 a Fw(Pro)s(of)g(Summary)h(for)f(While)p Fu(:)p 3735
+3146 V 3752 3146 V 281 3354 V 298 3354 V 1174 3275 a
+Fw(W)-9 b(ell)p Fu(-)p Fw(de\014nedness)32 b(of)g(Static)g(Analysis)p
+3735 3354 V 3752 3354 V 283 3357 3470 4 v 281 3726 4
+370 v 298 3726 V 350 3523 a Fu(1:)143 b(The)37 b(set)h
+Fw(PState)e Ft(!)g Fw(PState)g Fu(equipp)s(ed)h(with)f(an)h
+(appropriate)f(ordering)f Ft(v)i Fu(is)569 3643 y(a)32
+b(ccp)s(o)h(\(Corollary)e(5.17\).)p 3735 3726 V 3752
+3726 V 281 4014 4 289 v 298 4014 V 350 3811 a(2:)143
+b(Certain)38 b(functions)g(\011:)55 b(\()p Fw(PState)38
+b Ft(!)g Fw(PState)p Fu(\))g Ft(!)g Fu(\()p Fw(PState)g
+Ft(!)g Fw(PState)p Fu(\))g(are)569 3931 y(con)m(tin)m(uous)33
+b(\(Lemmas)f(5.19)g(and)g(5.21\).)p 3735 4014 V 3752
+4014 V 281 4302 V 298 4302 V 350 4099 a(3:)143 b(In)30
+b(the)h(de\014nition)e(of)h Ft(P)8 b(S)39 b Fu(w)m(e)31
+b(only)f(apply)g(the)h(\014xed)g(p)s(oin)m(t)f(op)s(eration)f(to)g(con)
+m(tin-)569 4219 y(uous)k(functions)f(\(Prop)s(osition)f(5.22\).)p
+3735 4302 V 3752 4302 V 283 4306 3470 4 v 283 4322 V
+283 4518 a(Our)h(o)m(v)m(erall)e(algorithm)f(for)i(determining)f
+(whether)j(or)e(not)g(there)h(is)f(a)h(functional)d(dep)s(en-)283
+4638 y(dency)35 b(b)s(et)m(w)m(een)f(input)e(and)h(output)g(v)-5
+b(ariables)31 b(then)i(pro)s(ceeds)h(as)f(follo)m(ws:)333
+4821 y(INPUT:)212 b(a)33 b(statemen)m(t)g Fs(S)44 b Fu(of)32
+b Fw(While)889 4989 y Fu(a)h(set)g Fs(I)48 b Ft(\022)33
+b Fw(V)-9 b(ar)32 b Fu(of)g(input)g(v)-5 b(ariables)889
+5156 y(a)33 b(set)g Fs(O)42 b Ft(\022)33 b Fw(V)-9 b(ar)32
+b Fu(of)g(output)h(v)-5 b(ariables)333 5324 y(OUTPUT:)101
+b(YES,)34 b(if)d(there)i Fs(de\014nitely)41 b Fu(is)32
+b(a)h(functional)e(dep)s(endency)889 5492 y(NO?,)i(if)f(there)h
+Fs(may)i(not)41 b Fu(b)s(e)33 b(a)g(functional)d(dep)s(endency)p
+eop
+%%Page: 153 163
+153 162 bop 0 130 a Fw(5.3)112 b(Safet)m(y)38 b(of)g(the)f(analysis)
+2007 b(153)p 0 193 3473 4 v 50 500 a Fu(METHOD:)100 b(let)32
+b Fs(ps)865 515 y Fc(I)937 500 y Fu(b)s(e)h(uniquely)g(determined)f(b)m
+(y)i(OK\()p Fs(ps)2399 515 y Fc(I)2438 500 y Fu(\))f(=)f
+Fs(I)48 b Ft([)33 b(f)p Fu(on-trac)m(k)p Ft(g)626 668
+y Fu(let)f Fs(ps)865 683 y Fc(O)957 668 y Fu(=)h Ft(P)8
+b(S)g Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])q Fs(ps)1451
+683 y Fc(I)626 835 y Fu(output)33 b(YES)g(if)f(OK\()p
+Fs(ps)1550 850 y Fc(O)1609 835 y Fu(\))g Ft(\023)h Fs(O)42
+b Ft([)33 b(f)p Fu(on-trac)m(k)p Ft(g)626 1003 y Fu(output)g(NO?)g
+(otherwise)0 1289 y Fj(5.3)161 b(Safet)l(y)53 b(of)h(the)f(analysis)0
+1508 y Fu(In)44 b(this)g(section)g(w)m(e)h(shall)d(sho)m(w)j(that)f
+(the)g(analysis)g(functions)g Ft(P)8 b(A)p Fu(,)46 b
+Ft(P)8 b(B)48 b Fu(and)c Ft(P)8 b(S)52 b Fu(are)0 1628
+y(correct)37 b(with)e(resp)s(ect)i(to)f(the)h(seman)m(tic)e(functions)h
+Ft(A)p Fu(,)h Ft(B)i Fu(and)d Ft(S)2526 1643 y Fn(ds)2597
+1628 y Fu(.)54 b(This)36 b(amoun)m(ts)g(to)g(a)0 1749
+y(formalization)29 b(of)k(the)h(considerations)f(that)g(w)m(ere)i
+(already)e(illustrated)e(in)i(Exercises)i(5.13)0 1869
+y(and)e(5.15.)43 b(W)-8 b(e)33 b(b)s(egin)e(with)i(the)g(rather)f
+(simple)f(case)j(of)e(arithmetic)e(expressions.)0 2150
+y Fp(Expressions)0 2334 y Fu(Let)37 b Fs(g)9 b Fu(:)53
+b Fw(State)37 b Ft(!)g Fw(Z)h Fu(b)s(e)f(a)g(function,)i(p)s(erhaps)f
+(of)e(the)i(form)e Ft(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
+b(])39 b(for)d(some)h(arithmetic)0 2455 y(expression)j
+Fs(a)45 b Ft(2)39 b Fw(Aexp)p Fu(,)h(and)e(let)g Fs(h)7
+b Fu(:)55 b Fw(PState)38 b Ft(!)g Fw(P)g Fu(b)s(e)g(another)g
+(function,)i(p)s(erhaps)f(of)0 2575 y(the)c(form)d Ft(P)8
+b(A)p Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])35 b(for)e(some)h
+(arithmetic)e(expression)k Fs(a)41 b Ft(2)34 b Fw(Aexp)p
+Fu(.)48 b(W)-8 b(e)35 b(shall)e(in)m(tro)s(duce)h(a)0
+2696 y(relation)244 2852 y Fs(g)41 b Fu(sat)p 330 2865
+126 4 v 15 x Fn(Aexp)652 2852 y Fs(h)0 3007 y Fu(for)30
+b(expressing)i(when)f(the)g(analysis)f Fs(h)38 b Fu(is)30
+b(correct)h(with)f(resp)s(ect)h(to)f(the)h(seman)m(tics)g
+Fs(g)9 b Fu(.)42 b(It)31 b(is)0 3128 y(de\014ned)j(b)m(y)244
+3284 y Fs(s)292 3299 y Fn(1)364 3284 y Ft(\021)f Fs(s)522
+3299 y Fn(2)594 3284 y Fu(rel)p 594 3297 109 4 v 702
+3299 a Fn(Stm)864 3284 y Fs(ps)41 b Fu(implies)30 b Fs(g)41
+b(s)1460 3299 y Fn(1)1532 3284 y Ft(\021)33 b Fs(g)41
+b(s)1776 3299 y Fn(2)1848 3284 y Fu(rel)p 1848 3297 V
+15 x Fn(Aexp)2154 3284 y Fs(h)f(ps)0 3440 y Fu(for)27
+b(all)f(states)j Fs(s)596 3455 y Fn(1)663 3440 y Fu(and)f
+Fs(s)896 3455 y Fn(2)963 3440 y Fu(and)g(prop)s(ert)m(y)h(states)g
+Fs(ps)8 b Fu(.)41 b(This)28 b(condition)f(sa)m(ys)i(that)f(the)g
+(results)0 3560 y(of)34 b Fs(g)42 b Fu(will)32 b(b)s(e)i(suitably)g
+(related)f(pro)m(vided)i(that)f(the)g(argumen)m(ts)g(are.)48
+b(It)35 b(is)e(p)s(erhaps)i(more)0 3680 y(in)m(tuitiv)m(e)c(when)j
+(rephrased)g(as)244 3836 y(\()p Fs(s)330 3851 y Fn(1)402
+3836 y Ft(\021)f Fs(s)560 3851 y Fn(2)632 3836 y Fu(rel)p
+632 3849 V 740 3851 a Fn(Stm)902 3836 y Fs(ps)8 b Fu(\))33
+b(and)f(\()p Fs(h)40 b(ps)h Fu(=)32 b Fb(ok)p Fu(\))h(imply)e
+Fs(g)41 b(s)2232 3851 y Fn(1)2304 3836 y Fu(=)32 b Fs(g)41
+b(s)2546 3851 y Fn(2)0 3992 y Fu(The)34 b(safet)m(y)f(of)f(the)h
+(analysis)f Ft(P)8 b(A)33 b Fu(is)f(then)h(expressed)i(b)m(y)p
+0 4113 3473 5 v 0 4239 a Fw(F)-9 b(act)37 b(5.29)49 b
+Fu(F)-8 b(or)32 b(all)f(arithmetic)f(expressions)k Fs(a)40
+b Ft(2)33 b Fw(Aexp)g Fu(w)m(e)h(ha)m(v)m(e)269 4407
+y Ft(A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])33 b(sat)p
+513 4420 126 4 v 15 x Fn(Aexp)836 4407 y Ft(P)8 b(A)p
+Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])p 0 4528 3473 5
+v 0 4684 a Fw(Pro)s(of:)37 b Fu(This)c(is)f(an)h(immediate)d
+(consequence)35 b(of)d(Lemma)f(1.11)h(and)h(Exercise)h(5.11.)134
+b Fh(2)146 4887 y Fu(The)34 b(analysis)e Ft(P)8 b(B)36
+b Fu(of)c(b)s(o)s(olean)f(expressions)k(is)d(safe)h(in)f(the)h(follo)m
+(wing)c(sense:)0 5043 y Fw(Exercise)36 b(5.30)49 b(\(Essen)m(tial\))21
+b Fu(Rep)s(eat)i(the)g(dev)m(elopmen)m(t)g(for)g(b)s(o)s(olean)e
+(expressions,)27 b(that)0 5163 y(is)32 b(de\014ne)i(a)e(relation)f(sat)
+p 819 5176 126 4 v 15 x Fn(Bexp)1139 5163 y Fu(and)h(sho)m(w)i(that)244
+5319 y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33
+b(sat)p 471 5332 V 15 x Fn(Bexp)791 5319 y Ft(P)8 b(B)t
+Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])0 5475 y(for)32
+b(all)f(b)s(o)s(olean)g(expressions)j Fs(b)k Ft(2)33
+b Fw(Bexp)p Fu(.)1781 b Fh(2)p eop
+%%Page: 154 164
+154 163 bop 251 130 a Fw(154)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fp(Statemen)l(ts)283
+704 y Fu(The)k(safet)m(y)g(of)f(the)g(analysis)g(of)f(statemen)m(ts)i
+(will)d(express)k(that)e(if)f(OK\()p Fs(ps)8 b Fu(\))38
+b(includes)h(all)283 824 y(the)45 b(input)e(v)-5 b(ariables)42
+b(and)i(if)e(OK\()p Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)12
+b Fu(])-17 b(])p Fs(ps)8 b Fu(\))44 b(includes)f(`on-trac)m(k')h(and)g
+(all)e(the)i(output)283 945 y(v)-5 b(ariables)32 b(then)i
+Ft(S)979 960 y Fn(ds)1050 945 y Fu([)-17 b([)q Fs(S)12
+b Fu(])-17 b(])33 b(determines)h(a)e(functional)g(relationship)f(b)s
+(et)m(w)m(een)k(the)f(input)f(and)283 1065 y(output)49
+b(v)-5 b(ariables.)90 b(This)49 b(v)-5 b(alidation)45
+b(is)j(imp)s(ortan)m(t)f(b)s(ecause)j(although)d(the)i(in)m(tuition)283
+1185 y(ab)s(out)35 b Fb(ok)g Fu(meaning)f(\\dep)s(ending)h(only)f(on)h
+(input)f(v)-5 b(ariables")34 b(go)s(es)g(a)h(long)f(w)m(a)m(y)i(to)m(w)
+m(ards)283 1306 y(motiv)-5 b(ating)30 b(the)j(analysis,)f(it)g(is)g
+(not)h(p)s(erfect.)44 b(As)33 b(w)m(e)h(already)e(men)m(tioned)h(in)f
+(Section)g(5.1)283 1426 y(one)c(cannot)f(insp)s(ect)g(a)f(v)-5
+b(alue,)28 b(lik)m(e)e Fw(27)p Fu(,)i(and)f(determine)g(whether)h(it)e
+(has)h(its)f(v)-5 b(alue)26 b(b)s(ecause)283 1547 y(it)36
+b(only)g(dep)s(ends)h(on)g(input)e(v)-5 b(ariables)35
+b(or)h(b)s(ecause)i(it)d(just)i(happ)s(ened)g(to)f(b)s(e)h
+Fw(27)p Fu(.)55 b(T)-8 b(o)36 b(aid)283 1667 y(the)42
+b(in)m(tuition)e(in)h(determining)f(that)h(no)h(errors)f(ha)m(v)m(e)i
+(b)s(een)g(made)e(in)g(the)h(de\014nition)e(of)283 1787
+y(the)33 b(analysis)e(it)f(is)h Fs(ne)-5 b(c)g(essary)40
+b Fu(to)31 b(giv)m(e)h(a)f(formal)f(statemen)m(t)i(of)f(the)h
+(relationship)e(b)s(et)m(w)m(een)283 1908 y(computations)i(in)g(the)h
+(standard)g(\(denotational\))d(seman)m(tics)j(and)g(in)f(the)h
+(analysis.)430 2030 y(Our)h(k)m(ey)h(to)s(ol)e(will)e(b)s(e)j(the)h
+(relation)d Fs(s)1905 2045 y Fn(1)1979 2030 y Ft(\021)i
+Fs(s)2138 2045 y Fn(2)2211 2030 y Fu(rel)p 2211 2043
+109 4 v 34 w Fs(ps)42 b Fu(and)34 b(w)m(e)h(shall)d(sho)m(w)k(that)d
+(if)g(this)283 2150 y(relationship)i(holds)i(b)s(efore)g(the)g
+(statemen)m(t)h(is)e(executed)j(and)e(analysed)g(then)h(either)e(the)
+283 2271 y(statemen)m(t)e(will)c(lo)s(op)h(on)i(b)s(oth)f(states)i(or)e
+(the)h(same)g(relationship)d(will)h(hold)h(b)s(et)m(w)m(een)i(the)283
+2391 y(\014nal)j(states)h(and)f(the)g(\014nal)f(prop)s(ert)m(y)i(state)
+g(\(pro)m(vided)f(that)g(the)g(analysis)g(do)s(es)g(not)g(get)283
+2511 y(\\lost"\).)43 b(W)-8 b(e)33 b(shall)e(formalize)f(this)i(b)m(y)i
+(de\014ning)e(a)g(relation)527 2724 y Fs(g)41 b Fu(sat)p
+613 2737 126 4 v 739 2739 a Fn(Stm)901 2724 y Fs(h)283
+2937 y Fu(b)s(et)m(w)m(een)35 b(a)d(function)g Fs(g)9
+b Fu(:)44 b Fw(State)32 b Fo(,)-17 b Ft(!)33 b Fw(State)p
+Fu(,)f(p)s(erhaps)i(of)e(the)h(form)e Ft(S)2936 2952
+y Fn(ds)3007 2937 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])33 b(for)f(some)g Fs(S)45 b Fu(in)283 3057 y Fw(Stm)p
+Fu(,)29 b(and)h(another)f(function)f Fs(h)7 b Fu(:)42
+b Fw(PState)29 b Ft(!)f Fw(PState)p Fu(,)i(p)s(erhaps)f(of)g(the)g
+(form)f Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])29 b(for)283 3178 y(some)k Fs(S)44 b Fu(in)32 b Fw(Stm)p
+Fu(.)43 b(The)33 b(formal)d(de\014nition)i(amoun)m(ts)g(to)764
+3390 y(\()p Fs(s)850 3405 y Fn(1)922 3390 y Ft(\021)h
+Fs(s)1080 3405 y Fn(2)1152 3390 y Fu(rel)p 1152 3403
+109 4 v 31 w Fs(ps)8 b Fu(\))33 b(and)g(\()p Fs(h)39
+b(ps)i Fu(is)32 b(prop)s(er\))527 3558 y(imply)764 3726
+y(\()p Fs(g)41 b(s)936 3741 y Fn(1)1008 3726 y Fu(=)32
+b(undef)p 1116 3739 236 4 v 33 w(and)h Fs(g)41 b(s)1708
+3741 y Fn(2)1780 3726 y Fu(=)32 b(undef)p 1888 3739 V
+1 w(\))h(or)764 3893 y(\()p Fs(g)41 b(s)936 3908 y Fn(1)1008
+3893 y Ft(6)p Fu(=)32 b(undef)p 1116 3906 V 33 w(and)h
+Fs(g)41 b(s)1708 3908 y Fn(2)1780 3893 y Ft(6)p Fu(=)32
+b(undef)p 1888 3906 V 34 w(and)g Fs(g)41 b(s)2480 3908
+y Fn(1)2553 3893 y Ft(\021)33 b Fs(g)41 b(s)2797 3908
+y Fn(2)2869 3893 y Fu(rel)p 2869 3906 109 4 v 32 w Fs(h)e(ps)8
+b Fu(\))283 4106 y(for)39 b(all)e(states)j Fs(s)913 4121
+y Fn(1)952 4106 y Fu(,)h Fs(s)1068 4121 y Fn(2)1146 4106
+y Ft(2)e Fw(State)g Fu(and)g(all)e(prop)s(ert)m(y)j(states)g
+Fs(ps)46 b Ft(2)40 b Fw(PState)p Fu(.)62 b(T)-8 b(o)39
+b(motiv)-5 b(ate)283 4226 y(this)34 b(de\014nition)e(consider)i(t)m(w)m
+(o)g(states)h Fs(s)1802 4241 y Fn(1)1875 4226 y Fu(and)f
+Fs(s)2114 4241 y Fn(2)2187 4226 y Fu(that)f(are)h(equal)f(relativ)m(e)g
+(to)g Fs(ps)8 b Fu(.)46 b(If)34 b Fs(ps)41 b Fu(is)283
+4347 y(prop)s(er)e(this)g(means)f(that)h Fs(s)1368 4362
+y Fn(1)1446 4347 y Fs(x)51 b Fu(=)38 b Fs(s)1704 4362
+y Fn(2)1782 4347 y Fs(x)51 b Fu(for)38 b(all)f(v)-5 b(ariables)37
+b Fs(x)50 b Fu(in)38 b(OK\()p Fs(ps)8 b Fu(\).)62 b(The)40
+b(analysis)283 4467 y(of)c(the)h(statemen)m(t)g(ma)m(y)f(get)h(\\lost")
+e(in)g(whic)m(h)i(case)g Fs(h)44 b(ps)g Fu(is)36 b(not)g(prop)s(er)h
+(and)f(w)m(e)i(cannot)283 4588 y(deduce)h(an)m(ything)d(ab)s(out)g(the)
+h(b)s(eha)m(viour)f(of)g(the)h(statemen)m(t.)56 b(Alternativ)m(ely)-8
+b(,)37 b(it)e(ma)m(y)i(b)s(e)283 4708 y(the)j(case)f(that)g
+Fs(h)46 b(ps)g Fu(is)38 b(prop)s(er)h(and)g(in)f(that)g(case)i(the)f
+(statemen)m(t)g(m)m(ust)g(b)s(eha)m(v)m(e)h(in)e(the)283
+4828 y(same)33 b(w)m(a)m(y)h(whether)g(executed)g(from)e
+Fs(s)1782 4843 y Fn(1)1854 4828 y Fu(or)g(from)f Fs(s)2251
+4843 y Fn(2)2291 4828 y Fu(.)43 b(In)33 b(particular)429
+5041 y Ft(\017)48 b Fu(the)j(statemen)m(t)f(ma)m(y)g(en)m(ter)h(a)f(lo)
+s(op)f(when)i(executed)h(from)d Fs(s)2996 5056 y Fn(1)3085
+5041 y Fu(and)i Fs(s)3341 5056 y Fn(2)3380 5041 y Fu(,)j(that)c(is)527
+5161 y Fs(g)41 b(s)661 5176 y Fn(1)733 5161 y Fu(=)33
+b(undef)p 842 5174 236 4 v 33 w(and)g Fs(g)41 b(s)1434
+5176 y Fn(2)1506 5161 y Fu(=)32 b(undef)p 1614 5174 V
+1 w(,)h(or)429 5374 y Ft(\017)48 b Fu(the)37 b(statemen)m(t)f(do)s(es)h
+(not)f(en)m(ter)h(a)f(lo)s(op)e(when)j(executed)i(from)34
+b Fs(s)3055 5389 y Fn(1)3131 5374 y Fu(and)i Fs(s)3372
+5389 y Fn(2)3412 5374 y Fu(,)g(that)g(is)527 5494 y Fs(g)41
+b(s)661 5509 y Fn(1)733 5494 y Ft(6)p Fu(=)33 b(undef)p
+842 5507 V 33 w(and)g Fs(g)41 b(s)1434 5509 y Fn(2)1506
+5494 y Ft(6)p Fu(=)32 b(undef)p 1614 5507 V 1 w(.)p eop
+%%Page: 155 165
+155 164 bop 0 130 a Fw(5.3)112 b(Safet)m(y)38 b(of)g(the)f(analysis)
+2007 b(155)p 0 193 3473 4 v 0 515 a Fu(In)34 b(the)h(latter)e(case)i
+(the)g(t)m(w)m(o)g(\014nal)e(states)i Fs(g)43 b(s)1757
+530 y Fn(1)1830 515 y Fu(and)35 b Fs(g)42 b(s)2157 530
+y Fn(2)2231 515 y Fu(m)m(ust)34 b(b)s(e)h(equal)f(relativ)m(e)f(to)h
+(the)0 636 y(resulting)41 b(prop)s(ert)m(y)h(state)g
+Fs(h)49 b(ps)8 b Fu(,)44 b(that)e(is)f(\()p Fs(g)50 b(s)1843
+651 y Fn(1)1882 636 y Fu(\))42 b Fs(x)53 b Fu(=)42 b(\()p
+Fs(g)50 b(s)2359 651 y Fn(2)2399 636 y Fu(\))41 b Fs(x)54
+b Fu(for)41 b(all)e(v)-5 b(ariables)41 b Fs(x)53 b Fu(in)0
+756 y(OK\()p Fs(h)39 b(ps)8 b Fu(\).)146 877 y(W)-8 b(e)28
+b(ma)m(y)f(then)h(form)m(ulate)e(the)i(desired)f(relationship)f(b)s(et)
+m(w)m(een)j(the)f(seman)m(tics)g(and)f(the)0 997 y(analysis)32
+b(as)h(follo)m(ws:)p 0 1117 3473 5 v 0 1292 a Fw(Theorem)k(5.31)49
+b Fu(F)-8 b(or)32 b(all)e(statemen)m(ts)k Fs(S)44 b Fu(of)32
+b Fw(While)f Fu(w)m(e)j(ha)m(v)m(e)g Ft(S)2496 1307 y
+Fn(ds)2567 1292 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])33
+b(sat)p 2741 1305 126 4 v 2867 1307 a Fn(Stm)3029 1292
+y Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(].)p
+0 1412 3473 5 v 146 1615 a(Before)32 b(conducting)f(the)h(pro)s(of)e(w)
+m(e)j(need)f(to)f(establish)g(some)g(prop)s(erties)g(of)g(the)g(auxil-)
+0 1736 y(iary)h(op)s(erations)g(comp)s(osition)e(and)i(conditional.)p
+0 1856 V 0 2031 a Fw(Lemma)37 b(5.32)49 b Fu(Let)39 b
+Fs(g)880 2046 y Fn(1)919 2031 y Fu(,)h Fs(g)1040 2046
+y Fn(2)1079 2031 y Fu(:)56 b Fw(State)38 b Fo(,)-17 b
+Ft(!)39 b Fw(State)g Fu(and)f Fs(h)2150 2046 y Fn(1)2190
+2031 y Fu(,)i Fs(h)2314 2046 y Fn(2)2354 2031 y Fu(:)56
+b Fw(PState)38 b Ft(!)g Fw(PState)g Fu(and)0 2151 y(assume)33
+b(that)269 2319 y Fs(ps)40 b Fu(on-trac)m(k)33 b Ft(v)861
+2334 y Fn(P)946 2319 y Fu(\()p Fs(h)1041 2334 y Fn(2)1113
+2319 y Fs(ps)8 b Fu(\))33 b(on-trac)m(k)1714 b(\(*\))0
+2486 y(holds)32 b(for)g(all)f Fs(ps)40 b Ft(2)33 b Fw(PState)p
+Fu(.)43 b(Then)269 2654 y Fs(g)323 2669 y Fn(1)394 2654
+y Fu(sat)p 394 2667 126 4 v 15 x Fn(Stm)682 2654 y Fs(h)739
+2669 y Fn(1)811 2654 y Fu(and)32 b Fs(g)1054 2669 y Fn(2)1126
+2654 y Fu(sat)p 1126 2667 V 15 x Fn(Stm)1413 2654 y Fs(h)1470
+2669 y Fn(2)1543 2654 y Fu(imply)e Fs(g)1870 2669 y Fn(2)1942
+2654 y Ft(\016)i Fs(g)2078 2669 y Fn(1)2150 2654 y Fu(sat)p
+2150 2667 V 15 x Fn(Stm)2437 2654 y Fs(h)2494 2669 y
+Fn(2)2566 2654 y Ft(\016)g Fs(h)2705 2669 y Fn(1)p 0
+2774 3473 5 v 0 2978 a Fw(Pro)s(of:)37 b Fu(Let)c Fs(s)563
+2993 y Fn(1)603 2978 y Fu(,)f Fs(s)710 2993 y Fn(2)782
+2978 y Fu(and)h Fs(ps)40 b Fu(b)s(e)33 b(suc)m(h)h(that)244
+3181 y Fs(s)292 3196 y Fn(1)364 3181 y Ft(\021)f Fs(s)522
+3196 y Fn(2)594 3181 y Fu(rel)p 594 3194 109 4 v 32 w
+Fs(ps)8 b Fu(,)32 b(and)h(\()p Fs(h)1177 3196 y Fn(2)1249
+3181 y Ft(\016)g Fs(h)1389 3196 y Fn(1)1428 3181 y Fu(\))g
+Fs(ps)40 b Fu(is)32 b(prop)s(er)0 3384 y(Using)f(that)g
+Fs(h)540 3399 y Fn(2)611 3384 y Fu(\()p Fs(h)706 3399
+y Fn(1)777 3384 y Fs(ps)8 b Fu(\))31 b(is)g(prop)s(er)g(w)m(e)h(get)f
+(from)g(\(*\))f(that)h Fs(h)2306 3399 y Fn(1)2377 3384
+y Fs(ps)39 b Fu(m)m(ust)32 b(b)s(e)f(prop)s(er)h(as)f(w)m(ell)0
+3505 y(\(b)m(y)i(taking)f Fs(ps)41 b Fu(to)32 b(b)s(e)h
+Fs(h)914 3520 y Fn(1)986 3505 y Fs(ps)8 b Fu(\).)43 b(So)33
+b(from)e(the)i(assumption)f Fs(g)2296 3520 y Fn(1)2367
+3505 y Fu(sat)p 2367 3518 126 4 v 2493 3520 a Fn(Stm)2655
+3505 y Fs(h)2712 3520 y Fn(1)2784 3505 y Fu(w)m(e)i(get)244
+3708 y Fs(g)298 3723 y Fn(1)369 3708 y Fs(s)417 3723
+y Fn(1)489 3708 y Fu(=)f(undef)p 598 3721 236 4 v 33
+w(and)g Fs(g)1110 3723 y Fn(1)1181 3708 y Fs(s)1229 3723
+y Fn(2)1301 3708 y Fu(=)g(undef)p 1410 3721 V(,)g(or)244
+3876 y Fs(g)298 3891 y Fn(1)369 3876 y Fs(s)417 3891
+y Fn(1)489 3876 y Ft(6)p Fu(=)g(undef)p 598 3889 V 33
+w(and)g Fs(g)1110 3891 y Fn(1)1181 3876 y Fs(s)1229 3891
+y Fn(2)1301 3876 y Ft(6)p Fu(=)g(undef)p 1410 3889 V
+33 w(and)g Fs(g)1922 3891 y Fn(1)1993 3876 y Fs(s)2041
+3891 y Fn(1)2113 3876 y Ft(\021)g Fs(g)2277 3891 y Fn(1)2349
+3876 y Fs(s)2397 3891 y Fn(2)2469 3876 y Fu(rel)p 2469
+3889 109 4 v 32 w Fs(h)2667 3891 y Fn(1)2739 3876 y Fs(ps)0
+4079 y Fu(In)e(the)g(\014rst)h(case)f(w)m(e)h(are)f(\014nished)g(since)
+h(it)d(follo)m(ws)h(that)g(\()p Fs(g)2302 4094 y Fn(2)2372
+4079 y Ft(\016)h Fs(g)2507 4094 y Fn(1)2546 4079 y Fu(\))f
+Fs(s)2662 4094 y Fn(1)2733 4079 y Fu(=)g(undef)p 2839
+4092 236 4 v 32 w(and)h(that)0 4200 y(\()p Fs(g)92 4215
+y Fn(2)163 4200 y Ft(\016)i Fs(g)300 4215 y Fn(1)339
+4200 y Fu(\))f Fs(s)457 4215 y Fn(2)529 4200 y Fu(=)h(undef)p
+638 4213 V(.)44 b(In)33 b(the)g(second)h(case)f(w)m(e)h(use)f(that)244
+4403 y Fs(g)298 4418 y Fn(1)369 4403 y Fs(s)417 4418
+y Fn(1)489 4403 y Ft(\021)g Fs(g)653 4418 y Fn(1)725
+4403 y Fs(s)773 4418 y Fn(2)845 4403 y Fu(rel)p 845 4416
+109 4 v 32 w Fs(h)1043 4418 y Fn(1)1115 4403 y Fs(ps)8
+b Fu(,)33 b(and)f Fs(h)1519 4418 y Fn(2)1559 4403 y Fu(\()p
+Fs(h)1654 4418 y Fn(1)1726 4403 y Fs(ps)8 b Fu(\))33
+b(is)f(prop)s(er)0 4606 y(The)i(assumption)d Fs(g)770
+4621 y Fn(2)842 4606 y Fu(sat)p 842 4619 126 4 v 15 x
+Fn(Stm)1129 4606 y Fs(h)1186 4621 y Fn(2)1259 4606 y
+Fu(then)i(giv)m(es)244 4810 y Fs(g)298 4825 y Fn(2)369
+4810 y Fu(\()p Fs(g)461 4825 y Fn(1)533 4810 y Fs(s)581
+4825 y Fn(1)620 4810 y Fu(\))g(=)f(undef)p 799 4823 236
+4 v 33 w(and)h Fs(g)1311 4825 y Fn(2)1383 4810 y Fu(\()p
+Fs(g)1475 4825 y Fn(1)1546 4810 y Fs(s)1594 4825 y Fn(2)1634
+4810 y Fu(\))f(=)h(undef)p 1813 4823 V(,)g(or)244 4977
+y Fs(g)298 4992 y Fn(2)369 4977 y Fu(\()p Fs(g)461 4992
+y Fn(1)533 4977 y Fs(s)581 4992 y Fn(1)620 4977 y Fu(\))g
+Ft(6)p Fu(=)f(undef)p 799 4990 V 33 w(and)h Fs(g)1311
+4992 y Fn(2)1383 4977 y Fu(\()p Fs(g)1475 4992 y Fn(1)1546
+4977 y Fs(s)1594 4992 y Fn(2)1634 4977 y Fu(\))f Ft(6)p
+Fu(=)h(undef)p 1813 4990 V 33 w(and)513 5145 y Fs(g)567
+5160 y Fn(2)606 5145 y Fu(\()p Fs(g)698 5160 y Fn(1)769
+5145 y Fs(s)817 5160 y Fn(1)857 5145 y Fu(\))f Ft(\021)h
+Fs(g)1091 5160 y Fn(2)1130 5145 y Fu(\()p Fs(g)1222 5160
+y Fn(1)1294 5145 y Fs(s)1342 5160 y Fn(2)1381 5145 y
+Fu(\))g(rel)p 1452 5158 109 4 v 31 w Fs(h)1649 5160 y
+Fn(2)1689 5145 y Fu(\()p Fs(h)1784 5160 y Fn(1)1856 5145
+y Fs(ps)8 b Fu(\))0 5348 y(In)33 b(b)s(oth)f(cases)i(w)m(e)g(ha)m(v)m
+(e)g(completed)e(the)h(pro)s(of.)1548 b Fh(2)p eop
+%%Page: 156 166
+156 165 bop 251 130 a Fw(156)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 283 515 3473
+5 v 283 667 a(Lemma)i(5.33)49 b Fu(Assume)31 b(that)g
+Fs(g)1552 682 y Fn(1)1591 667 y Fu(,)g Fs(g)1703 682
+y Fn(2)1742 667 y Fu(:)43 b Fw(State)31 b Fo(,)-17 b
+Ft(!)31 b Fw(State)p Fu(,)g(and)h Fs(g)9 b Fu(:)42 b
+Fw(State)31 b Ft(!)f Fw(T)h Fu(and)g(that)283 787 y Fs(h)340
+802 y Fn(1)380 787 y Fu(,)i Fs(h)497 802 y Fn(2)536 787
+y Fu(:)44 b Fw(PState)32 b Ft(!)g Fw(PState)g Fu(and)h
+Fs(f)21 b Fu(:)43 b Fw(PState)33 b Ft(!)f Fw(P)p Fu(.)g(Then)552
+955 y Fs(g)41 b Fu(sat)p 638 968 126 4 v 15 x Fn(Bexp)958
+955 y Fs(f)21 b Fu(,)32 b Fs(g)1122 970 y Fn(1)1194 955
+y Fu(sat)p 1194 968 V 15 x Fn(Stm)1481 955 y Fs(h)1538
+970 y Fn(1)1611 955 y Fu(and)g Fs(g)1854 970 y Fn(2)1926
+955 y Fu(sat)p 1926 968 V 15 x Fn(Stm)2213 955 y Fs(h)2270
+970 y Fn(2)2342 955 y Fu(imply)788 1122 y(cond\()p Fs(g)9
+b Fu(,)33 b Fs(g)1194 1137 y Fn(1)1233 1122 y Fu(,)g
+Fs(g)1347 1137 y Fn(2)1386 1122 y Fu(\))f(sat)p 1456
+1135 V 15 x Fn(Stm)1743 1122 y Fu(cond)1943 1137 y Fn(P)1996
+1122 y Fu(\()p Fs(f)21 b Fu(,)33 b Fs(h)2202 1137 y Fn(1)2241
+1122 y Fu(,)g Fs(h)2358 1137 y Fn(2)2398 1122 y Fu(\))p
+283 1243 3473 5 v 283 1423 a Fw(Pro)s(of:)38 b Fu(Let)32
+b Fs(s)846 1438 y Fn(1)886 1423 y Fu(,)h Fs(s)994 1438
+y Fn(2)1066 1423 y Fu(and)f Fs(ps)41 b Fu(b)s(e)33 b(suc)m(h)h(that)527
+1603 y Fs(s)575 1618 y Fn(1)647 1603 y Ft(\021)f Fs(s)805
+1618 y Fn(2)877 1603 y Fu(rel)p 877 1616 109 4 v 32 w
+Fs(ps)41 b Fu(and)32 b(cond)1538 1618 y Fn(P)1591 1603
+y Fu(\()p Fs(f)21 b Fu(,)33 b Fs(h)1797 1618 y Fn(1)1836
+1603 y Fu(,)g Fs(h)1953 1618 y Fn(2)1993 1603 y Fu(\))f
+Fs(ps)40 b Fu(is)33 b(prop)s(er)283 1783 y(First)42 b(assume)h(that)g
+Fs(f)63 b(ps)51 b Fu(=)42 b Fb(d)p Fu(?.)74 b(This)43
+b(case)h(turns)f(out)g(to)f(b)s(e)h(imp)s(ossible)d(since)j(then)283
+1904 y(cond)483 1919 y Fn(P)536 1904 y Fu(\()p Fs(f)21
+b Fu(,)33 b Fs(h)742 1919 y Fn(1)781 1904 y Fu(,)g Fs(h)898
+1919 y Fn(2)938 1904 y Fu(\))f Fs(ps)40 b Fu(=)33 b Fb(lost)f
+Fu(so)h(cond)1818 1919 y Fn(P)1871 1904 y Fu(\()p Fs(f)21
+b Fu(,)32 b Fs(h)2076 1919 y Fn(1)2116 1904 y Fu(,)h
+Fs(h)2233 1919 y Fn(2)2272 1904 y Fu(\))g Fs(ps)40 b
+Fu(cannot)33 b(b)s(e)g(prop)s(er.)430 2024 y(So)k(w)m(e)i(kno)m(w)g
+(that)f Fs(f)59 b(ps)45 b Fu(=)38 b Fb(ok)p Fu(.)60 b(F)-8
+b(rom)36 b Fs(g)41 b Fu(sat)p 2094 2037 126 4 v 15 x
+Fn(Bexp)2413 2024 y Fs(f)59 b Fu(w)m(e)39 b(then)f(get)g
+Fs(g)j(s)3180 2039 y Fn(1)3252 2024 y Fu(=)33 b Fs(g)41
+b(s)3495 2039 y Fn(2)3534 2024 y Fu(.)59 b(W)-8 b(e)283
+2144 y(also)32 b(get)h(that)f(cond)1053 2159 y Fn(P)1106
+2144 y Fu(\()p Fs(f)20 b Fu(,)33 b Fs(h)1311 2159 y Fn(1)1351
+2144 y Fu(,)f Fs(h)1467 2159 y Fn(2)1507 2144 y Fu(\))g
+Fs(ps)41 b Fu(=)32 b(\()p Fs(h)1911 2159 y Fn(1)1983
+2144 y Fs(ps)8 b Fu(\))33 b Ft(t)2218 2159 y Fn(PS)2342
+2144 y Fu(\()p Fs(h)2437 2159 y Fn(2)2509 2144 y Fs(ps)8
+b Fu(\).)43 b(Th)m(us)34 b Fs(h)3019 2159 y Fn(1)3092
+2144 y Fs(ps)40 b Fu(as)33 b(w)m(ell)e(as)i Fs(h)3716
+2159 y Fn(2)283 2265 y Fs(ps)41 b Fu(m)m(ust)32 b(b)s(e)g(prop)s(er)g
+(since)h(otherwise)g(cond)1971 2280 y Fn(P)2024 2265
+y Fu(\()p Fs(f)20 b Fu(,)33 b Fs(h)2229 2280 y Fn(1)2268
+2265 y Fu(,)g Fs(h)2385 2280 y Fn(2)2424 2265 y Fu(\))f
+Fs(ps)41 b Fu(cannot)32 b(b)s(e)g(prop)s(er.)44 b(No)m(w)33
+b(let)283 2385 y(i)f(denote)h(the)g(branc)m(h)h(c)m(hosen)g(b)m(y)g
+(the)f(test)g Fs(g)9 b Fu(.)43 b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)527
+2565 y Fs(s)575 2580 y Fn(1)647 2565 y Ft(\021)g Fs(s)805
+2580 y Fn(2)877 2565 y Fu(rel)p 877 2578 109 4 v 32 w
+Fs(ps)41 b Fu(and)32 b Fs(h)1395 2580 y Fn(i)1452 2565
+y Fs(ps)40 b Fu(is)32 b(prop)s(er)283 2745 y(F)-8 b(rom)32
+b(the)h(assumption)e Fs(g)1277 2760 y Fn(i)1333 2745
+y Fu(sat)p 1333 2758 126 4 v 15 x Fn(Stm)1621 2745 y
+Fs(h)1678 2760 y Fn(i)1734 2745 y Fu(w)m(e)j(therefore)f(get)527
+2926 y Fs(g)581 2941 y Fn(i)637 2926 y Fs(s)685 2941
+y Fn(1)757 2926 y Fu(=)g(undef)p 866 2939 236 4 v 33
+w(and)g Fs(g)1378 2941 y Fn(i)1433 2926 y Fs(s)1481 2941
+y Fn(2)1553 2926 y Fu(=)g(undef)p 1662 2939 V 1 w(,)f(or)527
+3093 y Fs(g)581 3108 y Fn(i)637 3093 y Fs(s)685 3108
+y Fn(1)757 3093 y Ft(6)p Fu(=)h(undef)p 866 3106 V 33
+w(and)g Fs(g)1378 3108 y Fn(i)1433 3093 y Fs(s)1481 3108
+y Fn(2)1553 3093 y Ft(6)p Fu(=)g(undef)p 1662 3106 V
+33 w(and)g Fs(g)2174 3108 y Fn(i)2230 3093 y Fs(s)2278
+3108 y Fn(1)2350 3093 y Ft(\021)g Fs(g)2514 3108 y Fn(i)2569
+3093 y Fs(s)2617 3108 y Fn(2)2690 3093 y Fu(rel)p 2690
+3106 109 4 v 31 w Fs(h)2887 3108 y Fn(i)2944 3093 y Fs(ps)283
+3273 y Fu(In)g(the)g(\014rst)g(case)h(w)m(e)g(get)527
+3454 y(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)933 3469 y Fn(1)972
+3454 y Fu(,)g Fs(g)1086 3469 y Fn(2)1125 3454 y Fu(\))f
+Fs(s)1243 3469 y Fn(1)1315 3454 y Fu(=)g(undef)p 1423
+3467 236 4 v 34 w(and)g(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)2287
+3469 y Fn(1)2326 3454 y Fu(,)g Fs(g)2440 3469 y Fn(2)2479
+3454 y Fu(\))f Fs(s)2597 3469 y Fn(2)2669 3454 y Fu(=)h(undef)p
+2778 3467 V 283 3634 a(and)g(w)m(e)h(are)e(\014nished.)45
+b(In)32 b(the)h(second)h(case)g(w)m(e)f(get)527 3814
+y(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)933 3829 y Fn(1)972
+3814 y Fu(,)g Fs(g)1086 3829 y Fn(2)1125 3814 y Fu(\))f
+Fs(s)1243 3829 y Fn(1)1315 3814 y Ft(6)p Fu(=)g(undef)p
+1423 3827 V 34 w(and)g(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)2287
+3829 y Fn(1)2326 3814 y Fu(,)g Fs(g)2440 3829 y Fn(2)2479
+3814 y Fu(\))f Fs(s)2597 3829 y Fn(2)2669 3814 y Ft(6)p
+Fu(=)h(undef)p 2778 3827 V 283 3994 a(F)-8 b(urthermore,)33
+b(w)m(e)g(ha)m(v)m(e)527 4174 y(cond\()p Fs(g)9 b Fu(,)33
+b Fs(g)933 4189 y Fn(1)972 4174 y Fu(,)g Fs(g)1086 4189
+y Fn(2)1125 4174 y Fu(\))f Fs(s)1243 4189 y Fn(1)1315
+4174 y Ft(\021)h Fu(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)1831
+4189 y Fn(1)1870 4174 y Fu(,)f Fs(g)1983 4189 y Fn(2)2022
+4174 y Fu(\))h Fs(s)2141 4189 y Fn(2)2213 4174 y Fu(rel)p
+2213 4187 109 4 v 32 w Fs(h)2411 4189 y Fn(i)2467 4174
+y Fs(ps)283 4355 y Fu(Clearly)d Fs(h)677 4370 y Fn(i)732
+4355 y Fs(ps)38 b Ft(v)31 b Fs(h)1025 4370 y Fn(1)1095
+4355 y Fs(ps)38 b Ft(t)1290 4370 y Fn(PS)1412 4355 y
+Fs(h)1469 4370 y Fn(2)1539 4355 y Fs(ps)g Fu(and)31 b(using)f(the)h
+(de\014nition)e(of)h(cond)3014 4370 y Fn(P)3098 4355
+y Fu(and)g(Lemma)f(5.8)283 4475 y(w)m(e)34 b(get)527
+4655 y(cond\()p Fs(g)9 b Fu(,)33 b Fs(g)933 4670 y Fn(1)972
+4655 y Fu(,)g Fs(g)1086 4670 y Fn(2)1125 4655 y Fu(\))f
+Fs(s)1243 4670 y Fn(1)1315 4655 y Ft(\021)h Fu(cond\()p
+Fs(g)9 b Fu(,)33 b Fs(g)1831 4670 y Fn(1)1870 4655 y
+Fu(,)f Fs(g)1983 4670 y Fn(2)2022 4655 y Fu(\))h Fs(s)2141
+4670 y Fn(2)2213 4655 y Fu(rel)p 2213 4668 V 32 w(cond)2554
+4670 y Fn(P)2606 4655 y Fu(\()p Fs(f)21 b Fu(,)33 b Fs(h)2812
+4670 y Fn(1)2852 4655 y Fu(,)f Fs(h)2968 4670 y Fn(2)3008
+4655 y Fu(\))g Fs(ps)283 4835 y Fu(as)h(required.)2902
+b Fh(2)430 5039 y Fu(W)-8 b(e)33 b(no)m(w)g(ha)m(v)m(e)h(the)f
+(apparatus)g(needed)h(to)e(sho)m(w)i(the)f(safet)m(y)g(of)g
+Ft(P)8 b(S)g Fu(:)283 5206 y Fw(Pro)s(of)56 b(of)g(Theorem)g(5.31:)76
+b Fu(W)-8 b(e)49 b(shall)e(sho)m(w)j(that)e Ft(S)2538
+5221 y Fn(ds)2609 5206 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])49 b(sat)p 2800 5219 126 4 v 15 x Fn(Stm)3103 5206
+y Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])49
+b(and)g(w)m(e)283 5327 y(pro)s(ceed)34 b(b)m(y)f(structural)g
+(induction)e(on)i(the)g(statemen)m(t)g Fs(S)12 b Fu(.)283
+5494 y Fw(The)33 b(case)g Fs(x)45 b Fu(:=)32 b Fs(a)7
+b Fu(:)44 b(Let)33 b Fs(s)1315 5509 y Fn(1)1354 5494
+y Fu(,)g Fs(s)1462 5509 y Fn(2)1534 5494 y Fu(and)g Fs(ps)40
+b Fu(b)s(e)33 b(giv)m(en)g(suc)m(h)h(that)p eop
+%%Page: 157 167
+157 166 bop 0 130 a Fw(5.3)112 b(Safet)m(y)38 b(of)g(the)f(analysis)
+2007 b(157)p 0 193 3473 4 v 244 515 a Fs(s)292 530 y
+Fn(1)364 515 y Ft(\021)33 b Fs(s)522 530 y Fn(2)594 515
+y Fu(rel)p 594 528 109 4 v 32 w Fs(ps)40 b Fu(and)33
+b Ft(P)8 b(S)g Fu([)-17 b([)q Fs(x)44 b Fu(:=)33 b Fs(a)7
+b Fu(])-17 b(])p Fs(ps)41 b Fu(is)32 b(prop)s(er)0 726
+y(It)c(then)h(follo)m(ws)e(from)f(Exercise)k(5.27)d(that)h
+Fs(ps)36 b Fu(is)28 b(prop)s(er)g(b)s(ecause)h Ft(P)8
+b(S)g Fu([)-17 b([)q Fs(x)40 b Fu(:=)28 b Fs(a)7 b Fu(])-17
+b(])q Fs(ps)35 b Fu(is.)42 b(Also)0 847 y(b)s(oth)27
+b Ft(S)293 862 y Fn(ds)364 847 y Fu([)-17 b([)q Fs(x)44
+b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])q Fs(s)770 862 y Fn(1)837
+847 y Fu(and)27 b Ft(S)1089 862 y Fn(ds)1160 847 y Fu([)-17
+b([)q Fs(x)39 b Fu(:=)28 b Fs(a)7 b Fu(])-17 b(])p Fs(s)1555
+862 y Fn(2)1622 847 y Fu(will)26 b(b)s(e)h(de\014ned)i(so)f(w)m(e)h
+(only)e(ha)m(v)m(e)i(to)e(sho)m(w)i(that)244 1058 y(\()p
+Ft(S)350 1073 y Fn(ds)421 1058 y Fu([)-17 b([)p Fs(x)45
+b Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])q Fs(s)826 1073 y
+Fn(1)866 1058 y Fu(\))32 b Fs(y)42 b Fu(=)32 b(\()p Ft(S)1239
+1073 y Fn(ds)1310 1058 y Fu([)-17 b([)q Fs(x)44 b Fu(:=)32
+b Fs(a)7 b Fu(])-17 b(])q Fs(s)1715 1073 y Fn(2)1755
+1058 y Fu(\))32 b Fs(y)0 1269 y Fu(for)26 b(all)e Fs(y)35
+b Ft(2)26 b Fw(V)-9 b(ar)26 b Ft(\\)g Fu(OK\()p Ft(P)8
+b(S)g Fu([)-17 b([)q Fs(x)38 b Fu(:=)26 b Fs(a)7 b Fu(])-17
+b(])q Fs(ps)8 b Fu(\).)41 b(If)26 b Fs(y)35 b Ft(6)p
+Fu(=)26 b Fs(x)38 b Fu(and)26 b Fo(y)j Fu(is)d(in)g(OK\()p
+Ft(P)8 b(S)f Fu([)-17 b([)q Fs(x)38 b Fu(:=)26 b Fs(a)7
+b Fu(])-17 b(])q Fs(ps)8 b Fu(\))26 b(then)0 1389 y Fs(y)41
+b Ft(2)32 b Fu(OK\()p Fs(ps)8 b Fu(\))31 b(and)h(it)f(is)h(immediate)d
+(from)h(the)j(de\014nition)d(of)i Ft(S)2411 1404 y Fn(ds)2514
+1389 y Fu(that)f(\()p Ft(S)2830 1404 y Fn(ds)2901 1389
+y Fu([)-17 b([)q Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17
+b(])p Fs(s)3306 1404 y Fn(1)3346 1389 y Fu(\))32 b Fs(y)0
+1509 y Fu(=)40 b(\()p Ft(S)222 1524 y Fn(ds)293 1509
+y Fu([)-17 b([)q Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17
+b(])p Fs(s)698 1524 y Fn(2)738 1509 y Fu(\))32 b Fs(y)9
+b Fu(.)67 b(If)41 b Fs(y)49 b Fu(=)40 b Fs(x)52 b Fu(and)41
+b Fs(x)52 b Fu(is)40 b(in)f(OK\()p Ft(P)8 b(S)g Fu([)-17
+b([)q Fs(x)52 b Fu(:=)40 b Fs(a)7 b Fu(])-17 b(])q Fs(ps)8
+b Fu(\))40 b(then)h(w)m(e)h(use)f(the)0 1630 y(assumption)32
+b Fs(s)564 1645 y Fn(1)636 1630 y Ft(\021)h Fs(s)794
+1645 y Fn(2)866 1630 y Fu(rel)p 866 1643 V 32 w Fs(ps)40
+b Fu(together)33 b(with)f(\()p Ft(P)8 b(S)h Fu([)-17
+b([)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])q Fs(ps)8
+b Fu(\))32 b Fs(x)44 b Fu(=)33 b Fb(ok)g Fu(to)f(get)244
+1841 y Ft(A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q
+Fs(s)504 1856 y Fn(1)576 1841 y Fu(=)32 b Ft(A)p Fu([)-17
+b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)944 1856 y Fn(2)0
+2052 y Fu(b)m(y)41 b(F)-8 b(act)39 b(5.29.)64 b(Hence)41
+b(\()p Ft(S)1036 2067 y Fn(ds)1107 2052 y Fu([)-17 b([)p
+Fs(x)52 b Fu(:=)39 b Fs(a)7 b Fu(])-17 b(])q Fs(s)1526
+2067 y Fn(1)1566 2052 y Fu(\))39 b Fs(y)49 b Fu(=)40
+b(\()p Ft(S)1960 2067 y Fn(ds)2032 2052 y Fu([)-17 b([)p
+Fs(x)52 b Fu(:=)39 b Fs(a)7 b Fu(])-17 b(])q Fs(s)2451
+2067 y Fn(2)2490 2052 y Fu(\))40 b Fs(y)49 b Fu(follo)m(ws)38
+b(also)h(in)g(this)0 2172 y(case.)44 b(This)33 b(pro)m(v)m(es)h(the)f
+(required)h(relationship.)0 2340 y Fw(The)f(case)g Fr(skip)p
+Fu(:)45 b(Straigh)m(tforw)m(ard.)0 2507 y Fw(The)33 b(case)g
+Fs(S)523 2522 y Fn(1)562 2507 y Fu(;)p Fs(S)656 2522
+y Fn(2)696 2507 y Fu(:)43 b(The)34 b(induction)d(h)m(yp)s(othesis)j
+(applied)d(to)i Fs(S)2409 2522 y Fn(1)2480 2507 y Fu(and)g
+Fs(S)2737 2522 y Fn(2)2809 2507 y Fu(giv)m(es)244 2718
+y Ft(S)312 2733 y Fn(ds)383 2718 y Fu([)-17 b([)p Fs(S)487
+2733 y Fn(1)527 2718 y Fu(])g(])33 b(sat)p 597 2731 126
+4 v 15 x Fn(Stm)884 2718 y Ft(P)8 b(S)g Fu([)-17 b([)q
+Fs(S)1134 2733 y Fn(1)1173 2718 y Fu(])g(])33 b(and)g
+Ft(S)1501 2733 y Fn(ds)1572 2718 y Fu([)-17 b([)q Fs(S)1677
+2733 y Fn(2)1716 2718 y Fu(])g(])33 b(sat)p 1786 2731
+V 15 x Fn(Stm)2073 2718 y Ft(P)8 b(S)h Fu([)-17 b([)p
+Fs(S)2323 2733 y Fn(2)2363 2718 y Fu(])g(])0 2929 y(It)37
+b(follo)m(ws)e(from)g(Exercise)j(5.27)e(that)h Fs(ps)44
+b Fu(on-trac)m(k)37 b Ft(v)2082 2944 y Fn(P)2171 2929
+y Fu(\()p Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)2459 2944
+y Fn(2)2498 2929 y Fu(])g(])q Fs(ps)8 b Fu(\))36 b(on-trac)m(k)h(holds)
+f(for)0 3050 y(all)30 b(prop)s(ert)m(y)k(states)f Fs(ps)8
+b Fu(.)44 b(The)33 b(desired)g(result)244 3261 y Ft(S)312
+3276 y Fn(ds)383 3261 y Fu([)-17 b([)p Fs(S)487 3276
+y Fn(2)527 3261 y Fu(])g(])33 b Ft(\016)f(S)747 3276
+y Fn(ds)818 3261 y Fu([)-17 b([)q Fs(S)923 3276 y Fn(1)962
+3261 y Fu(])g(])33 b(sat)p 1032 3274 V 15 x Fn(Stm)1319
+3261 y Ft(P)8 b(S)h Fu([)-17 b([)p Fs(S)1569 3276 y Fn(2)1609
+3261 y Fu(])g(])33 b Ft(\016)f(P)8 b(S)g Fu([)-17 b([)q
+Fs(S)2011 3276 y Fn(1)2050 3261 y Fu(])g(])0 3472 y(then)33
+b(follo)m(ws)e(from)h(Lemma)f(5.32.)0 3639 y Fw(The)i(case)g
+Fr(if)g Fs(b)39 b Fr(then)33 b Fs(S)979 3654 y Fn(1)1051
+3639 y Fr(else)g Fs(S)1355 3654 y Fn(2)1395 3639 y Fu(:)43
+b(F)-8 b(rom)31 b(Exercise)j(5.30)e(w)m(e)i(ha)m(v)m(e)244
+3850 y Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33
+b(sat)p 471 3863 V 15 x Fn(Bexp)791 3850 y Ft(P)8 b(B)t
+Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])0 4061 y(and)33
+b(the)g(induction)e(h)m(yp)s(othesis)j(applied)d(to)i
+Fs(S)1800 4076 y Fn(1)1871 4061 y Fu(and)g Fs(S)2128
+4076 y Fn(2)2200 4061 y Fu(giv)m(es)244 4272 y Ft(S)312
+4287 y Fn(ds)383 4272 y Fu([)-17 b([)p Fs(S)487 4287
+y Fn(1)527 4272 y Fu(])g(])33 b(sat)p 597 4285 V 15 x
+Fn(Stm)884 4272 y Ft(P)8 b(S)g Fu([)-17 b([)q Fs(S)1134
+4287 y Fn(1)1173 4272 y Fu(])g(])33 b(and)g Ft(S)1501
+4287 y Fn(ds)1572 4272 y Fu([)-17 b([)q Fs(S)1677 4287
+y Fn(2)1716 4272 y Fu(])g(])33 b(sat)p 1786 4285 V 15
+x Fn(Stm)2073 4272 y Ft(P)8 b(S)h Fu([)-17 b([)p Fs(S)2323
+4287 y Fn(2)2363 4272 y Fu(])g(])0 4483 y(The)34 b(desired)f(result)244
+4694 y(cond\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
+b(])q(,)33 b Ft(S)804 4709 y Fn(ds)876 4694 y Fu([)-17
+b([)p Fs(S)980 4709 y Fn(1)1019 4694 y Fu(])g(])q(,)33
+b Ft(S)1184 4709 y Fn(ds)1256 4694 y Fu([)-17 b([)p Fs(S)1360
+4709 y Fn(2)1399 4694 y Fu(])g(])q(\))32 b(sat)p 1507
+4707 V 1633 4709 a Fn(Stm)1795 4694 y Fu(cond)1995 4709
+y Fn(P)2047 4694 y Fu(\()p Ft(P)8 b(B)t Fu([)-17 b([)q
+Fs(b)6 b Fu(])-17 b(],)33 b Ft(P)8 b(S)g Fu([)-17 b([)q
+Fs(S)2667 4709 y Fn(1)2706 4694 y Fu(])g(])q(,)32 b Ft(P)8
+b(S)h Fu([)-17 b([)p Fs(S)3053 4709 y Fn(2)3093 4694
+y Fu(])g(]\))0 4905 y(then)33 b(follo)m(ws)e(from)h(Lemma)f(5.33.)0
+5073 y Fw(The)i(case)g Fr(while)h Fs(b)k Fr(do)33 b Fs(S)12
+b Fu(:)33 b(W)-8 b(e)33 b(m)m(ust)f(pro)m(v)m(e)i(that)244
+5284 y(FIX\()p Fs(G)9 b Fu(\))33 b(sat)p 609 5297 V 15
+x Fn(Stm)896 5284 y Fu(FIX\()p Fs(H)16 b Fu(\))0 5494
+y(where)p eop
+%%Page: 158 168
+158 167 bop 251 130 a Fw(158)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 527 515 a Fs(G)42
+b(g)f Fu(=)33 b(cond)g(\()p Ft(B)s Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(],)33 b Fs(g)41 b Ft(\016)32 b(S)1600 530
+y Fn(ds)1671 515 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(],)33 b(id\))527 683 y Fs(H)49 b(h)40 b Fu(=)32 b(cond)1046
+698 y Fn(P)1131 683 y Fu(\()p Ft(P)8 b(B)t Fu([)-17 b([)q
+Fs(b)6 b Fu(])-17 b(],)33 b Fs(h)40 b Ft(\016)32 b(P)8
+b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33 b(id\))283
+879 y(T)-8 b(o)33 b(do)g(this)f(w)m(e)h(recall)f(the)h(de\014nition)e
+(of)h(the)h(least)f(\014xed)i(p)s(oin)m(ts:)527 1075
+y(FIX)f Fs(G)42 b Fu(=)957 1008 y Fg(F)1026 1075 y Ft(f)p
+Fs(G)1160 1038 y Fn(n)1236 1075 y Fs(g)1290 1090 y Fn(0)1362
+1075 y Ft(j)32 b Fu(n)h Ft(\025)g Fu(0)f Ft(g)g Fu(where)i
+Fs(g)2118 1090 y Fn(0)2190 1075 y Fs(s)40 b Fu(=)33 b(undef)p
+2379 1088 236 4 v 33 w(for)f(all)e Fs(s)527 1242 y Fu(FIX)j
+Fs(H)48 b Fu(=)961 1176 y Fg(F)1030 1242 y Ft(f)p Fs(H)1168
+1206 y Fn(n)1244 1242 y Fs(h)1301 1257 y Fn(0)1373 1242
+y Ft(j)32 b Fu(n)h Ft(\025)g Fu(0)f Ft(g)h Fu(where)g
+Fs(h)2132 1257 y Fn(0)2205 1242 y Fs(ps)40 b Fu(=)32
+b Fb(init)h Fu(for)f(all)f Fs(ps)283 1438 y Fu(The)j(pro)s(of)e(pro)s
+(ceeds)i(in)d(t)m(w)m(o)j(stages.)44 b(W)-8 b(e)33 b(b)s(egin)f(b)m(y)h
+(pro)m(ving)f(that)552 1606 y Fs(G)636 1570 y Fn(n)712
+1606 y Fs(g)766 1621 y Fn(0)838 1606 y Fu(sat)p 838 1619
+126 4 v 15 x Fn(Stm)1125 1606 y Fu(FIX)h Fs(H)48 b Fu(for)32
+b(all)f(n)1842 b(\(*\))283 1773 y(and)33 b(then)552 1941
+y(FIX)g Fs(G)41 b Fu(sat)p 873 1954 V 999 1956 a Fn(Stm)1161
+1941 y Fu(FIX)32 b Fs(H)2145 b Fu(\(**\))283 2132 y(W)-8
+b(e)33 b(pro)m(v)m(e)h(\(*\))e(b)m(y)i(induction)d(on)i(n.)44
+b(F)-8 b(or)31 b(the)i(base)h(case)f(w)m(e)h(observ)m(e)g(that)527
+2328 y Fs(g)581 2343 y Fn(0)653 2328 y Fu(sat)p 653 2341
+V 15 x Fn(Stm)940 2328 y Fu(FIX)f Fs(H)283 2524 y Fu(holds)27
+b(trivially)d(since)k Fs(g)1184 2539 y Fn(0)1250 2524
+y Fs(s)35 b Fu(=)27 b(undef)p 1428 2537 236 4 v 27 w(for)g(all)e
+(states)j Fs(s)8 b Fu(.)42 b(F)-8 b(or)26 b(the)h(induction)f(step)i(w)
+m(e)g(assume)283 2644 y(that)527 2840 y Fs(G)611 2804
+y Fn(n)687 2840 y Fs(g)741 2855 y Fn(0)813 2840 y Fu(sat)p
+813 2853 126 4 v 15 x Fn(Stm)1100 2840 y Fu(FIX)33 b
+Fs(H)283 3036 y Fu(and)g(w)m(e)h(shall)d(pro)m(v)m(e)j(the)f(result)f
+(for)g(n+1.)44 b(W)-8 b(e)33 b(ha)m(v)m(e)527 3232 y
+Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b(sat)p
+754 3245 V 880 3247 a Fn(Bexp)1074 3232 y Ft(P)8 b(B)t
+Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])283 3427 y(from)32
+b(Exercise)i(5.30,)527 3623 y Ft(S)595 3638 y Fn(ds)666
+3623 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])33 b(sat)p
+841 3636 V 15 x Fn(Stm)1128 3623 y Ft(P)8 b(S)g Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(])283 3819 y(from)41 b(the)h(induction)f(h)m
+(yp)s(othesis)i(applied)e(to)g(the)i(b)s(o)s(dy)e(of)h(the)g
+Fr(while)p Fu(-lo)s(op,)i(and)e(it)e(is)283 3939 y(clear)33
+b(that)527 4135 y(id)f(sat)p 641 4148 V 15 x Fn(Stm)928
+4135 y Fu(id)283 4331 y(By)i(Exercise)f(5.27)f(w)m(e)i(also)e(ha)m(v)m
+(e)527 4527 y Fs(ps)41 b Fu(on-trac)m(k)33 b Ft(v)1120
+4542 y Fn(P)1205 4527 y Fu(\(\(FIX)f Fs(H)16 b Fu(\))33
+b Fs(ps)8 b Fu(\))32 b(on-trac)m(k)283 4723 y(for)g(all)f(prop)s(ert)m
+(y)i(states)h Fs(ps)8 b Fu(.)43 b(W)-8 b(e)33 b(then)g(obtain)552
+4890 y(cond\()p Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(],)33 b(\()p Fs(G)1167 4854 y Fn(n)1259 4890 y Fs(g)1313
+4905 y Fn(0)1352 4890 y Fu(\))p Ft(\016S)1508 4905 y
+Fn(ds)1579 4890 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33
+b(id\))e(sat)p 1932 4903 V 15 x Fn(Stm)2220 4890 y Fu(cond)2420
+4905 y Fn(P)2472 4890 y Fu(\()p Ft(P)8 b(B)t Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(],)33 b(\(FIX)f Fs(H)16 b Fu(\))p
+Ft(\016P)8 b(S)g Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(],)33
+b(id\))283 5058 y(from)j(Lemmas)f(5.32)h(and)g(5.33)g(and)h(this)f(is)g
+(indeed)g(the)h(desired)g(result)g(since)f(the)h(righ)m(t-)283
+5178 y(hand)c(side)g(amoun)m(ts)f(to)h Fs(H)48 b Fu(\(FIX)33
+b Fs(H)16 b Fu(\))32 b(whic)m(h)h(equals)g(FIX)g Fs(H)16
+b Fu(.)430 5299 y(Finally)30 b(w)m(e)j(m)m(ust)g(sho)m(w)h(\(**\).)43
+b(This)32 b(amoun)m(ts)h(to)f(sho)m(wing)527 5428 y Fg(F)597
+5494 y Fs(Y)52 b Fu(sat)p 721 5507 V 15 x Fn(Stm)1008
+5494 y Fu(FIX)33 b Fs(H)p eop
+%%Page: 159 169
+159 168 bop 0 130 a Fw(5.3)112 b(Safet)m(y)38 b(of)g(the)f(analysis)
+2007 b(159)p 0 193 3473 4 v 0 515 a Fu(where)34 b Fs(Y)52
+b Fu(=)32 b Ft(f)h Fs(G)681 479 y Fn(n)757 515 y Fs(g)811
+530 y Fn(0)882 515 y Ft(j)g Fu(n)f Ft(\025)h Fu(0)g Ft(g)p
+Fu(.)43 b(So)32 b(assume)h(that)244 715 y Fs(s)292 730
+y Fn(1)364 715 y Ft(\021)g Fs(s)522 730 y Fn(2)594 715
+y Fu(rel)p 594 728 109 4 v 32 w Fs(ps)40 b Fu(and)33
+b(\(FIX)f Fs(H)16 b Fu(\))33 b Fs(ps)40 b Fu(is)32 b(prop)s(er)0
+914 y(Since)h Fs(g)41 b Fu(sat)p 341 927 126 4 v 15 x
+Fn(Stm)628 914 y Fu(FIX)33 b Fs(H)48 b Fu(holds)32 b(for)h(all)d
+Fs(g)41 b Ft(2)33 b Fs(Y)52 b Fu(b)m(y)34 b(\(*\))e(w)m(e)h(get)g(that)
+f(either)244 1113 y Fs(g)41 b(s)378 1128 y Fn(1)450 1113
+y Fu(=)32 b(undef)p 558 1126 236 4 v 34 w(and)g Fs(g)41
+b(s)1150 1128 y Fn(2)1222 1113 y Fu(=)33 b(undef)p 1331
+1126 V 1 w(,)f(or)244 1281 y Fs(g)41 b(s)378 1296 y Fn(1)450
+1281 y Ft(6)p Fu(=)32 b(undef)p 558 1294 V 34 w(and)g
+Fs(g)41 b(s)1150 1296 y Fn(2)1222 1281 y Ft(6)p Fu(=)33
+b(undef)p 1331 1294 V 33 w(and)g Fs(g)41 b(s)1923 1296
+y Fn(1)1995 1281 y Ft(\021)33 b Fs(g)41 b(s)2239 1296
+y Fn(2)2311 1281 y Fu(rel)p 2311 1294 109 4 v 32 w(\(FIX)32
+b Fs(H)16 b Fu(\))33 b Fs(ps)0 1480 y Fu(If)e(\()134
+1414 y Fg(F)203 1480 y Fs(Y)20 b Fu(\))31 b Fs(s)412
+1495 y Fn(1)482 1480 y Fu(=)g(undef)p 589 1493 236 4
+v 32 w(then)h Fs(g)39 b(s)1209 1495 y Fn(1)1280 1480
+y Fu(=)31 b(undef)p 1387 1493 V 32 w(for)f(all)f Fs(g)40
+b Ft(2)31 b Fs(Y)51 b Fu(and)31 b(thereb)m(y)i Fs(g)40
+b(s)2912 1495 y Fn(2)2982 1480 y Fu(=)31 b(undef)p 3089
+1493 V 32 w(for)0 1600 y(all)j Fs(g)46 b Ft(2)36 b Fs(Y)57
+b Fu(so)36 b(that)h(\()838 1534 y Fg(F)907 1600 y Fs(Y)19
+b Fu(\))37 b Fs(s)1121 1615 y Fn(2)1197 1600 y Fu(=)f(undef)p
+1309 1613 V 1 w(.)55 b(Similarly)33 b(\()2084 1534 y
+Fg(F)2153 1600 y Fs(Y)20 b Fu(\))36 b Fs(s)2367 1615
+y Fn(2)2443 1600 y Fu(=)g(undef)p 2555 1613 V 38 w(will)e(imply)h(that)
+0 1721 y(\()38 1654 y Fg(F)107 1721 y Fs(Y)20 b Fu(\))39
+b Fs(s)324 1736 y Fn(1)404 1721 y Fu(=)g(undef)p 519
+1734 V 1 w(.)65 b(So)40 b(consider)g(no)m(w)h(the)f(case)g(where)i(\()
+2304 1654 y Fg(F)2373 1721 y Fs(Y)19 b Fu(\))33 b Fs(s)2583
+1736 y Fn(1)2662 1721 y Ft(6)p Fu(=)40 b(undef)p 2778
+1734 V 40 w(as)g(w)m(ell)f(as)0 1841 y(\()38 1775 y Fg(F)107
+1841 y Fs(Y)20 b Fu(\))32 b Fs(s)317 1856 y Fn(2)389
+1841 y Ft(6)p Fu(=)h(undef)p 498 1854 V 33 w(and)g(let)f
+Fs(x)44 b Ft(2)33 b Fw(V)-9 b(ar)32 b Ft(\\)h Fu(OK\(\(FIX)f
+Fs(H)16 b Fu(\))32 b Fs(ps)8 b Fu(\).)44 b(By)33 b(Lemma)e(4.25)h(w)m
+(e)i(ha)m(v)m(e)244 2040 y(graph\()526 1974 y Fg(F)595
+2040 y Fs(Y)20 b Fu(\))32 b(=)865 1974 y Fg(S)935 2040
+y Ft(f)g Fu(graph)g Fs(g)41 b Ft(j)33 b Fs(g)41 b Ft(2)33
+b Fs(Y)52 b Ft(g)0 2240 y Fu(and)41 b(\()236 2173 y Fg(F)305
+2240 y Fs(Y)19 b Fu(\))41 b Fs(s)523 2255 y Fn(i)587
+2240 y Ft(6)p Fu(=)f(undef)p 703 2253 V 41 w(therefore)h(sho)m(ws)h
+(the)f(existence)h(of)e(an)g(elemen)m(t)h Fs(g)2968 2255
+y Fn(i)3031 2240 y Fu(in)f Fs(Y)60 b Fu(suc)m(h)0 2360
+y(that)38 b Fs(g)271 2375 y Fn(i)326 2360 y Fs(s)374
+2375 y Fn(i)431 2360 y Ft(6)p Fu(=)32 b(undef)p 539 2373
+V 39 w(and)37 b(\()1045 2294 y Fg(F)1114 2360 y Fs(Y)20
+b Fu(\))38 b Fs(s)1330 2375 y Fn(i)1391 2360 y Fu(=)g
+Fs(g)1559 2375 y Fn(i)1620 2360 y Fs(s)1668 2375 y Fn(i)1729
+2360 y Fu(\(for)f(i)g(=)h(1,)h(2\).)58 b(Since)38 b Fs(Y)57
+b Fu(is)38 b(a)f(c)m(hain)h(either)0 2480 y Fs(g)54 2495
+y Fn(1)126 2480 y Ft(v)33 b Fs(g)290 2495 y Fn(2)361
+2480 y Fu(or)f Fs(g)534 2495 y Fn(2)606 2480 y Ft(v)h
+Fs(g)770 2495 y Fn(1)841 2480 y Fu(so)g(let)f Fs(g)41
+b Fu(b)s(e)33 b(the)g(larger)e(of)h(the)h(t)m(w)m(o.)45
+b(W)-8 b(e)33 b(then)g(ha)m(v)m(e)294 2671 y(\(\()370
+2605 y Fg(F)439 2671 y Fs(Y)19 b Fu(\))33 b Fs(s)649
+2686 y Fn(1)688 2671 y Fu(\))g Fs(x)111 b Fu(=)33 b(\()p
+Fs(g)1116 2686 y Fn(1)1187 2671 y Fs(s)1235 2686 y Fn(1)1275
+2671 y Fu(\))f Fs(x)255 b Fu(as)33 b(\()1803 2605 y Fg(F)1872
+2671 y Fs(Y)20 b Fu(\))32 b Fs(s)2082 2686 y Fn(1)2154
+2671 y Fu(=)h Fs(g)2317 2686 y Fn(1)2388 2671 y Fs(s)2436
+2686 y Fn(1)915 2839 y Fu(=)g(\()p Fs(g)41 b(s)1196 2854
+y Fn(1)1235 2839 y Fu(\))33 b Fs(x)294 b Fu(as)33 b Fs(g)1819
+2854 y Fn(1)1891 2839 y Ft(v)g Fs(g)41 b Fu(and)32 b
+Fs(g)2330 2854 y Fn(1)2402 2839 y Fs(s)2450 2854 y Fn(1)2522
+2839 y Ft(6)p Fu(=)g(undef)p 2630 2852 V 915 3006 a(=)h(\()p
+Fs(g)41 b(s)1196 3021 y Fn(2)1235 3006 y Fu(\))33 b Fs(x)294
+b Fu(as)33 b Fs(g)41 b(s)1899 3021 y Fn(1)1971 3006 y
+Ft(\021)33 b Fs(g)41 b(s)2215 3021 y Fn(2)2287 3006 y
+Fu(rel)p 2287 3019 109 4 v 32 w(\(FIX)33 b Fs(H)16 b
+Fu(\))32 b Fs(ps)915 3174 y Fu(=)h(\()p Fs(g)1116 3189
+y Fn(2)1187 3174 y Fs(s)1235 3189 y Fn(2)1275 3174 y
+Fu(\))f Fs(x)255 b Fu(as)33 b Fs(g)1819 3189 y Fn(2)1891
+3174 y Ft(v)g Fs(g)41 b Fu(and)32 b Fs(g)2330 3189 y
+Fn(2)2402 3174 y Fs(s)2450 3189 y Fn(2)2522 3174 y Ft(6)p
+Fu(=)g(undef)p 2630 3187 236 4 v 915 3342 a(=)h(\(\()1100
+3275 y Fg(F)1169 3342 y Fs(Y)19 b Fu(\))33 b Fs(s)1379
+3357 y Fn(2)1418 3342 y Fu(\))g Fs(x)111 b Fu(as)33 b(\()1803
+3275 y Fg(F)1872 3342 y Fs(Y)20 b Fu(\))32 b Fs(s)2082
+3357 y Fn(2)2154 3342 y Fu(=)h Fs(g)2317 3357 y Fn(2)2388
+3342 y Fs(s)2436 3357 y Fn(2)0 3534 y Fu(as)g(required.)44
+b(This)33 b(\014nishes)g(the)g(pro)s(of)f(of)g(the)h(theorem.)1217
+b Fh(2)146 3737 y Fu(It)31 b(follo)m(ws)e(from)g(this)g(theorem)h(that)
+g(the)h(algorithm)c(listed)i(at)h(the)h(end)g(of)f(Section)g(5.2)0
+3858 y(is)c(indeed)h(correct.)42 b(The)28 b(pro)s(of)e(of)g(safet)m(y)i
+(of)e(the)h(analysis)f(can)h(b)s(e)g(summarized)f(as)h(follo)m(ws:)p
+0 4007 3470 4 v 0 4024 V -2 4231 4 208 v 15 4231 V 1088
+4152 a Fw(Pro)s(of)32 b(Summary)g(for)h(While)p Fu(:)p
+3452 4231 V 3469 4231 V -2 4439 V 15 4439 V 1142 4360
+a Fw(Safet)m(y)g(of)g(Static)f(Analysis)p 3452 4439 V
+3469 4439 V 0 4442 3470 4 v -2 4811 4 370 v 15 4811 V
+66 4608 a Fu(1:)143 b(De\014ne)32 b(a)f(relation)e(sat)p
+1022 4621 126 4 v 15 x Fn(Stm)1308 4608 y Fu(expressing)k(the)e
+(relationship)e(b)s(et)m(w)m(een)34 b(the)d(functions)285
+4728 y(of)h Fw(State)h Fo(,)-17 b Ft(!)33 b Fw(State)f
+Fu(and)h Fw(PState)f Ft(!)g Fw(PState)p Fu(.)p 3452 4811
+4 370 v 3469 4811 V -2 5220 4 409 v 15 5220 V 66 4896
+a(2:)143 b(Sho)m(w)32 b(that)g(the)f(relation)f(is)h(preserv)m(ed)i(b)m
+(y)g(certain)e(pairs)f(of)h(auxiliary)e(functions)285
+5016 y(used)36 b(in)e(the)g(denotational)f(seman)m(tics)h(and)h(the)g
+(static)f(analysis)g(\(Lemmas)f(5.32)285 5136 y(and)g(5.33\).)p
+3452 5220 V 3469 5220 V -2 5508 4 289 v 15 5508 V 66
+5304 a(3:)143 b(Use)42 b Fs(structur)-5 b(al)44 b(induction)k
+Fu(on)40 b(the)i(statemen)m(ts)g Fs(S)52 b Fu(to)41 b(sho)m(w)h(that)f
+(the)g(relation)285 5424 y(holds)33 b(b)s(et)m(w)m(een)h(the)f(seman)m
+(tics)g(and)g(the)g(analysis)f(of)g Fs(S)12 b Fu(.)p
+3452 5508 V 3469 5508 V 0 5511 3470 4 v 0 5528 V eop
+%%Page: 160 170
+160 169 bop 251 130 a Fw(160)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a(Exercise)h(5.34)49
+b Fu(Extend)40 b(the)e(pro)s(of)g(of)g(the)h(theorem)f(to)g(incorp)s
+(orate)f(the)i(analysis)f(de-)283 636 y(v)m(elop)s(ed)33
+b(for)f Fr(repeat)j Fs(S)44 b Fr(until)34 b Fs(b)k Fu(in)32
+b(Exercise)i(5.25.)1383 b Fh(2)283 906 y Fw(Exercise)37
+b(5.35)49 b Fu(When)35 b(sp)s(ecifying)f Ft(P)8 b(S)42
+b Fu(in)33 b(the)i(previous)g(section)f(w)m(e)h(rejected)h(the)e(p)s
+(os-)283 1026 y(sibilit)m(y)d(of)h(using)527 1259 y(cond)727
+1223 y Fi(0)727 1284 y Fn(P)780 1259 y Fu(\()p Fs(f)21
+b Fu(,)32 b Fs(h)985 1274 y Fn(1)1025 1259 y Fu(,)h Fs(h)1142
+1274 y Fn(2)1181 1259 y Fu(\))g Fs(ps)40 b Fu(=)33 b(\()p
+Fs(h)1586 1274 y Fn(1)1658 1259 y Fs(ps)8 b Fu(\))32
+b Ft(t)1893 1274 y Fn(PS)2017 1259 y Fu(\()p Fs(h)2112
+1274 y Fn(2)2184 1259 y Fs(ps)8 b Fu(\))283 1492 y(rather)24
+b(than)f(cond)985 1507 y Fn(P)1038 1492 y Fu(.)40 b(F)-8
+b(ormally)20 b(sho)m(w)k(that)f(the)h(analysis)e(obtained)h(b)m(y)h
+(using)f(cond)3420 1456 y Fi(0)3420 1517 y Fn(P)3496
+1492 y Fu(rather)283 1613 y(than)38 b(cond)716 1628 y
+Fn(P)806 1613 y Fu(cannot)g(b)s(e)g(correct)g(in)f(the)h(sense)h(of)e
+(Theorem)h(5.31.)58 b(Hin)m(t:)53 b(Consider)38 b(the)283
+1733 y(statemen)m(t)c Fs(S)804 1748 y Fn(12)911 1733
+y Fu(of)e(Example)g(5.3.)2102 b Fh(2)283 2003 y Fw(Exercise)37
+b(5.36)49 b Fu(In)37 b(the)h(ab)s(o)m(v)m(e)h(exercise)f(w)m(e)h(sa)m
+(w)f(that)f(cond)2678 2018 y Fn(P)2768 2003 y Fu(could)g(not)g(b)s(e)h
+(simpli\014ed)283 2124 y(so)32 b(as)f(to)g(ignore)g(the)h(test)f(for)g
+(whether)i(the)f(condition)e(is)g(dubious)i(or)f(not.)43
+b(No)m(w)32 b(consider)283 2244 y(the)h(follo)m(wing)d(remedy)552
+2412 y(cond)752 2375 y Fi(0)752 2436 y Fn(P)805 2412
+y Fu(\()p Fs(f)21 b Fu(,)32 b Fs(h)1010 2427 y Fn(1)1050
+2412 y Fu(,)h Fs(h)1167 2427 y Fn(2)1206 2412 y Fu(\))g
+Fs(ps)552 2745 y Fu(=)660 2496 y Fg(8)660 2570 y(>)660
+2595 y(>)660 2620 y(>)660 2645 y(<)660 2795 y(>)660 2819
+y(>)660 2844 y(>)660 2869 y(:)776 2576 y Fu(\()p Fs(h)871
+2591 y Fn(1)943 2576 y Fs(ps)8 b Fu(\))32 b Ft(t)1178
+2591 y Fn(PS)1302 2576 y Fu(\()p Fs(h)1397 2591 y Fn(2)1469
+2576 y Fs(ps)8 b Fu(\))83 b(if)31 b Fs(f)53 b(ps)41 b
+Fu(=)32 b Fb(ok)776 2744 y Fu(\(\()p Fs(h)909 2759 y
+Fn(1)981 2744 y Fu(\()p Fs(ps)8 b Fu([on-trac)m(k)p Ft(7!)p
+Fb(d)p Fu(?]\)\))43 b Ft(t)1917 2759 y Fn(PS)2041 2744
+y Fu(\()p Fs(h)2136 2759 y Fn(2)2208 2744 y Fu(\()p Fs(ps)8
+b Fu([on-trac)m(k)p Ft(7!)p Fb(d)p Fu(?]\)\)\)[on-trac)m(k)p
+Ft(7!)p Fb(ok)p Fu(])1688 2912 y(if)31 b Fs(f)53 b(ps)41
+b Fu(=)32 b Fb(d)p Fu(?)283 3076 y(Giv)m(e)37 b(an)g(example)f
+(statemen)m(t)h(where)h(cond)1985 3040 y Fi(0)1985 3101
+y Fn(P)2074 3076 y Fu(is)f(preferable)f(to)h(cond)2957
+3091 y Fn(P)3009 3076 y Fu(.)56 b(Do)s(es)37 b(the)g(safet)m(y)283
+3197 y(pro)s(of)43 b(carry)h(through)f(when)i(cond)1657
+3212 y Fn(P)1753 3197 y Fu(is)e(replaced)h(b)m(y)g(cond)2604
+3160 y Fi(0)2604 3221 y Fn(P)2657 3197 y Fu(?)76 b(If)43
+b(not,)k(suggest)d(ho)m(w)g(to)283 3317 y(w)m(eak)m(en)35
+b(the)e(safet)m(y)h(predicate)f(suc)m(h)h(that)e(another)h(safet)m(y)g
+(result)g(ma)m(y)f(b)s(e)h(pro)m(v)m(ed.)194 b Fh(2)283
+3686 y Fj(5.4)161 b(Bounded)52 b(iteration)283 3918 y
+Fu(In)32 b(Example)e(5.16)h(w)m(e)h(analysed)f(the)g(factorial)e
+(statemen)m(t)i(and)g(sa)m(w)h(that)f(the)h(\014xed)g(p)s(oin)m(t)283
+4038 y(computation)26 b(stabilizes)f(after)i(a)f(\014nite)h(n)m(um)m(b)
+s(er)g(of)f(unfoldings,)h(irresp)s(ectiv)m(e)g(of)f(the)h(prop-)283
+4158 y(ert)m(y)32 b(state)e(that)g(is)g(supplied)g(as)h(argumen)m(t.)42
+b(This)31 b(is)e(quite)i(unlik)m(e)f(what)g(w)m(as)h(the)g(case)g(for)
+283 4279 y(the)25 b(denotational)d(seman)m(tics)j(of)f(Chapter)h(4,)h
+(where)f(the)g(n)m(um)m(b)s(er)f(of)g(unfoldings)f(dep)s(ended)283
+4399 y(on)33 b(the)g(state)g(and)g(w)m(as)h(un)m(b)s(ounded.)45
+b(A)33 b(similar)c(example)k(w)m(as)g(studied)g(in)f(Exercise)i(5.24)
+283 4520 y(where)48 b(w)m(e)f(sa)m(w)h(that)e(the)g(analysis)g(w)m
+(ould)g(terminate)f(up)s(on)h(a)g(statemen)m(t)h(that)f(nev)m(er)283
+4640 y(terminated)32 b(in)g(the)h(denotational)d(seman)m(tics)j(of)f
+(Chapter)i(4.)430 4766 y(This)24 b(is)f(an)h(instance)g(of)f(a)h
+(general)f(phenomenon)i(and)e(w)m(e)i(shall)e(sho)m(w)i(t)m(w)m(o)f
+(prop)s(ositions)283 4887 y(ab)s(out)32 b(this.)42 b(The)33
+b(\014rst)f(prop)s(osition)e(sa)m(ys)j(that)e(for)h(eac)m(h)g(statemen)
+m(t)g Fr(while)h Fs(b)38 b Fr(do)32 b Fs(S)43 b Fu(there)283
+5007 y(is)d(a)f(constan)m(t)h(k)g(suc)m(h)h(that)f(the)g(kth)g
+(unfolding)e(will)f(indeed)j(b)s(e)g(the)g(\014xed)g(p)s(oin)m(t.)64
+b(The)283 5127 y(second)35 b(prop)s(osition)c(is)h(considerably)h
+(harder)g(and)g(sa)m(ys)h(that)f(it)f(is)g(p)s(ossible)h(to)f(tak)m(e)i
+(k)f(to)283 5248 y(b)s(e)g(\(m+1\))699 5212 y Fn(2)770
+5248 y Fu(where)h(m)e(is)g(the)h(n)m(um)m(b)s(er)g(of)f(distinct)g(v)-5
+b(ariables)31 b(in)h Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12
+b Fu(.)430 5374 y(T)-8 b(o)35 b(prepare)h(for)f(the)h(\014rst)g(prop)s
+(osition)e(w)m(e)i(need)h(an)e(inductiv)m(e)h(de\014nition)e(of)h(the)h
+(set)283 5494 y(FV\()p Fs(S)12 b Fu(\))32 b(of)h(free)g(v)-5
+b(ariables)31 b(in)h(the)h(statemen)m(t)g Fs(S)12 b Fu(:)p
+eop
+%%Page: 161 171
+161 170 bop 0 130 a Fw(5.4)112 b(Bounded)39 b(iteration)2154
+b(161)p 0 193 3473 4 v 294 500 a Fu(FV\()p Fs(x)44 b
+Fu(:=)32 b Fs(a)7 b Fu(\))757 b(=)99 b(FV\()p Fs(a)7
+b Fu(\))33 b Ft([)g(f)p Fs(x)12 b Ft(g)294 668 y Fu(FV\()p
+Fr(skip)p Fu(\))834 b(=)99 b Ft(;)294 835 y Fu(FV\()p
+Fs(S)536 850 y Fn(1)575 835 y Fu(;)p Fs(S)669 850 y Fn(2)708
+835 y Fu(\))799 b(=)99 b(FV\()p Fs(S)1962 850 y Fn(1)2001
+835 y Fu(\))33 b Ft([)g Fu(FV\()p Fs(S)2413 850 y Fn(2)2452
+835 y Fu(\))294 1003 y(FV\()p Fr(if)f Fs(b)39 b Fr(then)33
+b Fs(S)991 1018 y Fn(1)1063 1003 y Fr(else)h Fs(S)1368
+1018 y Fn(2)1407 1003 y Fu(\))100 b(=)f(FV\()p Fs(b)6
+b Fu(\))32 b Ft([)h Fu(FV\()p Fs(S)2357 1018 y Fn(1)2396
+1003 y Fu(\))g Ft([)g Fu(FV\()p Fs(S)2808 1018 y Fn(2)2847
+1003 y Fu(\))294 1171 y(FV\()p Fr(while)g Fs(b)39 b Fr(do)33
+b Fs(S)12 b Fu(\))464 b(=)99 b(FV\()p Fs(b)6 b Fu(\))32
+b Ft([)h Fu(FV\()p Fs(S)12 b Fu(\))0 1355 y(Our)24 b(\014rst)g(observ)
+-5 b(ation)24 b(is)f(that)h(w)m(e)h(can)f(rep)s(eat)g(the)g(dev)m
+(elopmen)m(t)h(of)e(the)h(previous)h(sections)0 1475
+y(if)41 b(w)m(e)i(restrict)f(the)g(prop)s(ert)m(y)h(states)g(to)e
+(consider)i(only)e(v)-5 b(ariables)41 b(that)g(are)h(free)h(in)e(the)0
+1596 y(o)m(v)m(erall)33 b(program.)45 b(So)33 b(let)g
+Fs(X)49 b Ft(\022)34 b Fw(V)-9 b(ar)33 b Fu(b)s(e)h(a)f(\014nite)h(set)
+g(of)f(v)-5 b(ariables)32 b(and)i(de\014ne)g Fw(PState)3405
+1611 y Fc(X)0 1716 y Fu(to)e(b)s(e)244 1907 y Fw(PState)576
+1922 y Fc(X)675 1907 y Fu(=)h(\()p Fs(X)48 b Ft([)33
+b(f)p Fu(on-trac)m(k)p Ft(g)p Fu(\))g Ft(!)f Fw(P)0 2119
+y(Exercise)k(5.37)49 b(\(Essen)m(tial\))24 b Fu(De\014ne)i
+Fw(Aexp)1789 2134 y Fc(X)1882 2119 y Fu(to)g(b)s(e)g(the)g(set)h(of)e
+(arithmetic)f(expressions)0 2239 y Fs(a)30 b Fu(of)22
+b Fw(Aexp)g Fu(with)g(FV\()p Fs(a)7 b Fu(\))22 b Ft(\022)h
+Fs(X)39 b Fu(and)22 b(let)g Fw(Bexp)1737 2254 y Fc(X)1827
+2239 y Fu(and)g Fw(Stm)2206 2254 y Fc(X)2295 2239 y Fu(b)s(e)h
+(de\014ned)h(similarly)-8 b(.)36 b(Mo)s(dify)0 2360 y(T)-8
+b(ables)33 b(5.1)f(and)h(5.2)f(to)g(de\014ne)i(analysis)e(functions)269
+2527 y Ft(P)8 b(A)426 2542 y Fc(X)493 2527 y Fu(:)44
+b Fw(Aexp)821 2542 y Fc(X)921 2527 y Ft(!)32 b Fw(PState)1385
+2542 y Fc(X)1484 2527 y Ft(!)g Fw(P)269 2695 y Ft(P)8
+b(B)415 2710 y Fc(X)482 2695 y Fu(:)44 b Fw(Bexp)805
+2710 y Fc(X)905 2695 y Ft(!)32 b Fw(PState)1369 2710
+y Fc(X)1468 2695 y Ft(!)g Fw(P)269 2863 y Ft(P)8 b(S)414
+2878 y Fc(X)481 2863 y Fu(:)44 b Fw(Stm)752 2878 y Fc(X)851
+2863 y Ft(!)32 b Fw(PState)1315 2878 y Fc(X)1415 2863
+y Ft(!)g Fw(PState)1879 2878 y Fc(X)3398 2863 y Fh(2)146
+3074 y Fu(The)g(connection)e(b)s(et)m(w)m(een)j(the)e(analysis)f
+(functions)g(of)g(the)h(ab)s(o)m(v)m(e)g(exercise)h(and)f(those)0
+3195 y(of)h(T)-8 b(ables)32 b(5.1)f(and)i(5.2)e(should)h(b)s(e)g(in)m
+(tuitiv)m(ely)f(clear.)43 b(F)-8 b(ormally)29 b(the)j(connection)g(ma)m
+(y)g(b)s(e)0 3315 y(w)m(ork)m(ed)i(out)f(as)f(follo)m(ws:)0
+3527 y Fw(Exercise)k(5.38)49 b Fu(*)33 b(De\014ne)244
+3718 y(extend)527 3733 y Fc(X)596 3718 y Fu(:)43 b Fw(PState)998
+3733 y Fc(X)1098 3718 y Ft(!)32 b Fw(PState)0 3909 y
+Fu(b)m(y)244 4182 y(\(extend)565 4197 y Fc(X)666 4182
+y Fs(ps)8 b Fu(\))33 b Fs(x)44 b Fu(=)1032 4007 y Fg(8)1032
+4082 y(<)1032 4232 y(:)1148 4097 y Fs(ps)c(x)390 b Fu(if)32
+b Fs(x)44 b Ft(2)33 b Fs(X)49 b Ft([)33 b(f)p Fu(on-trac)m(k)p
+Ft(g)1148 4265 y Fs(ps)40 b Fu(on-trac)m(k)83 b(otherwise)0
+4455 y(Sho)m(w)33 b(that)294 4618 y Ft(P)8 b(A)p Fu([)-17
+b([)p Fs(a)7 b Fu(])-17 b(])34 b Ft(\016)e Fu(extend)981
+4633 y Fc(X)1150 4618 y Fu(=)99 b Ft(P)8 b(A)1482 4633
+y Fc(X)1549 4618 y Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])294
+4785 y Ft(P)8 b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
+b(])33 b Ft(\016)g Fu(extend)964 4800 y Fc(X)1150 4785
+y Fu(=)99 b Ft(P)8 b(B)1471 4800 y Fc(X)1538 4785 y Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(])294 4953 y Ft(P)8 b(S)g Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(])33 b Ft(\016)f Fu(extend)979
+4968 y Fc(X)1150 4953 y Fu(=)99 b(extend)1608 4968 y
+Fc(X)1709 4953 y Ft(\016)33 b(P)8 b(S)1937 4968 y Fc(X)2004
+4953 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17 b(])0 5143 y(whenev)m(er)35
+b(FV\()p Fs(a)7 b Fu(\))33 b Ft(\022)g Fs(X)16 b Fu(,)32
+b(FV\()p Fs(b)6 b Fu(\))32 b Ft(\022)h Fs(X)49 b Fu(and)33
+b(FV\()p Fs(S)12 b Fu(\))32 b Ft(\022)h Fs(X)16 b Fu(.)1156
+b Fh(2)146 5355 y Fu(The)37 b(prop)s(ert)m(y)f(states)h(of)e
+Fw(PState)1478 5370 y Fc(X)1581 5355 y Fu(are)g(only)h(de\014ned)h(on)e
+(a)h(\014nite)f(n)m(um)m(b)s(er)h(of)f(argu-)0 5475 y(men)m(ts)e(b)s
+(ecause)h Fs(X)49 b Fu(is)32 b(a)g(\014nite)g(set.)45
+b(This)32 b(is)g(the)h(k)m(ey)i(to)d(sho)m(wing:)p eop
+%%Page: 162 172
+162 171 bop 251 130 a Fw(162)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 283 515 3473
+5 v 283 665 a(Prop)s(osition)g(5.39)49 b Fu(F)-8 b(or)47
+b(eac)m(h)h(statemen)m(t)g Fr(while)g Fs(b)53 b Fr(do)48
+b Fs(S)59 b Fu(of)47 b Fw(While)f Fu(there)i(exists)g(a)283
+786 y(constan)m(t)34 b(k)f(suc)m(h)h(that)527 965 y Ft(P)8
+b(S)673 980 y Fc(X)740 965 y Fu([)-17 b([)q Fr(while)33
+b Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)f
+Fs(H)1618 928 y Fn(k)1692 965 y Ft(?)283 1143 y Fu(where)i
+Fs(H)49 b(h)40 b Fu(=)32 b(cond)1084 1158 y Fn(P)1137
+1143 y Fu(\()p Ft(P)8 b(B)1321 1158 y Fc(X)1388 1143
+y Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(h)39
+b Ft(\016)33 b(P)8 b(S)1891 1158 y Fc(X)1958 1143 y Fu([)-17
+b([)q Fs(S)12 b Fu(])-17 b(],)33 b(id\))f(and)h(FV\()p
+Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(\))32 b
+Ft(\022)h Fs(X)16 b Fu(.)p 283 1264 V 283 1443 a(Note)33
+b(that)g(using)f(the)h(result)f(of)g(Exercise)i(5.38)e(w)m(e)i(could)e
+(disp)s(ense)i(with)e Fs(X)49 b Fu(altogether.)283 1610
+y Fw(Pro)s(of:)36 b Fu(Let)c(m)e(b)s(e)h(the)h(cardinalit)m(y)d(of)i
+Fs(X)16 b Fu(.)31 b(Then)i(there)f(will)d(b)s(e)i(2)2813
+1574 y Fn(m+1)2997 1610 y Fs(di\013er)-5 b(ent)40 b Fu(prop)s(ert)m(y)
+283 1731 y(states)34 b(in)e Fw(PState)1007 1746 y Fc(X)1074
+1731 y Fu(.)43 b(This)33 b(means)g(that)f Fw(PState)2209
+1746 y Fc(X)2308 1731 y Ft(!)h Fw(PState)2773 1746 y
+Fc(X)2872 1731 y Fu(will)d(con)m(tain)527 1910 y(k)j(=)g(\(2)807
+1874 y Fn(m+1)960 1910 y Fu(\))998 1874 y Fn(2)1033 1850
+y Fd(m+1)283 2089 y Fu(di\013eren)m(t)f(functions.)44
+b(It)31 b(follo)m(ws)g(that)g(there)i(can)e(b)s(e)h(at)g(most)f(k)h
+(di\013eren)m(t)g(iterands)f Fs(H)3603 2052 y Fn(n)3678
+2089 y Ft(?)283 2209 y Fu(of)38 b Fs(H)16 b Fu(.)39 b(Since)f
+Fs(H)54 b Fu(is)38 b(monotone)g(Exercise)h(5.18)f(giv)m(es)h(that)f
+Fs(H)2651 2173 y Fn(k)2731 2209 y Ft(?)g Fu(m)m(ust)h(b)s(e)f(equal)g
+(to)g(the)283 2329 y(\014xed)c(p)s(oin)m(t)e(FIX)g Fs(H)16
+b Fu(.)33 b(This)g(concludes)g(the)g(pro)s(of)f(of)g(the)h(prop)s
+(osition.)682 b Fh(2)283 2697 y Fp(Making)46 b(it)f(practical)283
+2882 y Fu(The)38 b(constan)m(t)g(k)f(determined)g(ab)s(o)m(v)m(e)g(is)g
+(a)f(safe)h(upp)s(er)g(b)s(ound)g(but)g(is)g(rather)g(large)e(ev)m(en)
+283 3002 y(for)43 b(small)e(statemen)m(ts.)77 b(As)44
+b(an)f(example)g(it)f(sa)m(ys)i(that)g(the)f(16,777,216th)f(iteration)f
+(of)283 3123 y(the)d(functional)e(will)e(su\016ce)39
+b(for)e(the)h(factorial)c(statemen)m(t)k(and)f(this)g(is)g(quite)g
+(useless)h(for)283 3243 y(practical)h(purp)s(oses.)69
+b(In)40 b(the)h(remainder)f(of)f(this)i(section)f(w)m(e)h(shall)e(sho)m
+(w)j(that)e(a)g(m)m(uc)m(h)283 3363 y(smaller)31 b(constan)m(t)i(can)g
+(b)s(e)g(used:)p 283 3484 V 283 3634 a Fw(Prop)s(osition)j(5.40)49
+b Fu(F)-8 b(or)32 b(eac)m(h)h(statemen)m(t)g Fr(while)h
+Fs(b)39 b Fr(do)33 b Fs(S)44 b Fu(of)32 b Fw(While)f
+Fu(w)m(e)j(ha)m(v)m(e)527 3812 y Ft(P)8 b(S)673 3827
+y Fc(X)740 3812 y Fu([)-17 b([)q Fr(while)33 b Fs(b)39
+b Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)f Fs(H)1618
+3776 y Fn(k)1692 3812 y Ft(?)283 3991 y Fu(where)k Fs(H)50
+b(h)42 b Fu(=)34 b(cond)1091 4006 y Fn(P)1144 3991 y
+Fu(\()p Ft(P)8 b(B)1328 4006 y Fc(X)1395 3991 y Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(],)35 b Fs(h)42 b Ft(\016)34
+b(P)8 b(S)1904 4006 y Fc(X)1971 3991 y Fu([)-17 b([)q
+Fs(S)12 b Fu(])-17 b(],)35 b(id\),)f(k)h(=)f(\(m+1\))2835
+3955 y Fn(2)2873 3991 y Fu(,)h(and)g(m)e(is)h(the)h(cardi-)283
+4112 y(nalit)m(y)d(of)g(the)h(set)g Fs(X)49 b Fu(=)32
+b(FV\()p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\).)p
+283 4232 V 283 4411 a(Note)33 b(that)g(using)f(the)h(result)f(of)g
+(Exercise)i(5.38)e(w)m(e)i(could)e(disp)s(ense)i(with)e
+Fs(X)49 b Fu(altogether.)430 4531 y(F)-8 b(or)36 b(the)i(factorial)d
+(statemen)m(t)j(this)f(will)e(imply)h(that)h(FIX)g Fs(H)54
+b Fu(=)37 b Fs(H)3042 4495 y Fn(9)3119 4531 y Ft(?)h
+Fu(so)f(only)g(nine)283 4652 y(iterands)25 b(need)g(to)f(b)s(e)h
+(constructed.)42 b(This)25 b(ma)m(y)f(b)s(e)g(compared)h(with)f(the)g
+(observ)-5 b(ation)24 b(made)283 4772 y(in)32 b(Example)g(5.16)g(that)h
+(already)f Fs(H)1652 4736 y Fn(1)1724 4772 y Ft(?)h Fu(is)f(the)h
+(least)f(\014xed)i(p)s(oin)m(t.)430 4893 y(The)i(pro)s(of)e(of)h(Prop)s
+(osition)f(5.40)g(requires)j(some)e(preliminary)d(results.)52
+b(T)-8 b(o)36 b(motiv)-5 b(ate)283 5013 y(these)25 b(consider)f(wh)m(y)
+i(the)e(upp)s(er)g(b)s(ound)g(determined)f(in)g(Prop)s(osition)f(5.39)h
+(is)h(so)g(imprecise.)283 5133 y(The)33 b(reason)g(is)e(that)h(w)m(e)h
+(consider)f Fs(al)5 b(l)42 b Fu(functions)32 b(in)g Fw(PState)2630
+5148 y Fc(X)2728 5133 y Ft(!)g Fw(PState)3192 5148 y
+Fc(X)3291 5133 y Fu(and)g(do)g(not)283 5254 y(exploit)46
+b(an)m(y)h(sp)s(ecial)f(prop)s(erties)g(of)g(the)h(functions)g
+Fs(H)2452 5218 y Fn(n)2542 5254 y Ft(?)p Fu(,)k(suc)m(h)d(as)e
+(monotonicit)m(y)f(or)283 5374 y(con)m(tin)m(uit)m(y)-8
+b(.)60 b(T)-8 b(o)38 b(obtain)f(a)h(b)s(etter)g(b)s(ound)h(w)m(e)g
+(shall)d(exploit)h(prop)s(erties)h(of)g(the)g Ft(P)8
+b(S)3547 5389 y Fc(X)3614 5374 y Fu([)-17 b([)p Fs(S)12
+b Fu(])-17 b(])283 5494 y(analysis)32 b(functions.)44
+b(Recall)31 b(that)h(a)g(function)p eop
+%%Page: 163 173
+163 172 bop 0 130 a Fw(5.4)112 b(Bounded)39 b(iteration)2154
+b(163)p 0 193 3473 4 v 244 515 a Fs(h)7 b Fu(:)44 b Fw(PState)704
+530 y Fc(X)803 515 y Ft(!)32 b Fw(PState)1267 530 y Fc(X)0
+720 y Fu(is)g Fs(strict)43 b Fu(if)31 b(and)i(only)f(if)244
+924 y Fs(h)40 b Fb(init)514 939 y Fc(X)614 924 y Fu(=)32
+b Fb(init)902 939 y Fc(X)0 1128 y Fu(where)c Fb(init)456
+1143 y Fc(X)551 1128 y Fu(is)f(the)g(least)g(elemen)m(t)g(of)g
+Fw(PState)1822 1143 y Fc(X)1889 1128 y Fu(.)41 b(It)28
+b(is)e(an)h Fs(additive)34 b Fu(function)27 b(if)f(and)h(only)0
+1249 y(if)244 1453 y Fs(h)40 b Fu(\()p Fs(ps)470 1468
+y Fn(1)541 1453 y Ft(t)608 1468 y Fn(PS)732 1453 y Fs(ps)830
+1468 y Fn(2)869 1453 y Fu(\))33 b(=)f(\()p Fs(h)40 b(ps)1274
+1468 y Fn(1)1313 1453 y Fu(\))32 b Ft(t)1450 1468 y Fn(PS)1574
+1453 y Fu(\()p Fs(h)39 b(ps)1799 1468 y Fn(2)1839 1453
+y Fu(\))0 1657 y(holds)32 b(for)g(all)f(prop)s(ert)m(y)i(states)h
+Fs(ps)1314 1672 y Fn(1)1385 1657 y Fu(and)f Fs(ps)1673
+1672 y Fn(2)1745 1657 y Fu(of)f Fw(PState)2188 1672 y
+Fc(X)2255 1657 y Fu(.)0 1887 y Fw(Exercise)k(5.41)49
+b(\(Essen)m(tial\))29 b Fu(Giv)m(e)i(a)g(formal)e(de\014nition)h(of)g
+(what)i(it)e(means)h(for)g(a)f(func-)0 2007 y(tion)244
+2212 y Fs(h)7 b Fu(:)44 b Fw(PState)704 2227 y Fc(X)803
+2212 y Ft(!)32 b Fw(P)0 2416 y Fu(to)39 b(b)s(e)g(strict)f(and)h
+(additiv)m(e.)62 b(Use)40 b(Exercise)h(5.11)d(to)g(sho)m(w)i(that)f
+Ft(P)8 b(A)2698 2431 y Fc(X)2766 2416 y Fu([)-17 b([)p
+Fs(a)7 b Fu(])-17 b(])40 b(and)f Ft(P)8 b(B)3279 2431
+y Fc(X)3346 2416 y Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])0
+2537 y(are)31 b(strict)f(and)g(additiv)m(e.)43 b(\(W)-8
+b(e)30 b(tacitly)g(assume)h(that)f(FV\()p Fs(a)7 b Fu(\))30
+b Ft(\022)h Fs(X)47 b Fu(and)31 b(FV\()p Fs(b)6 b Fu(\))30
+b Ft(\022)h Fs(X)16 b Fu(.\))63 b Fh(2)146 2766 y Fu(W)-8
+b(e)27 b(shall)d(\014rst)i(sho)m(w)h(that)f(the)g(auxiliary)e
+(functions)h(for)h(comp)s(osition)d(and)j(conditional)0
+2886 y(preserv)m(e)f(strictness)g(and)e(additivit)m(y)f(and)h(next)h(w)
+m(e)g(shall)e(pro)m(v)m(e)i(that)f(the)g(analysis)g(function)0
+3007 y Ft(P)8 b(S)145 3022 y Fc(X)213 3007 y Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])33 b(is)f(strict)h(and)f(additiv)m(e)g
+(for)g(all)f(statemen)m(ts)i Fs(S)12 b Fu(.)0 3237 y
+Fw(Exercise)36 b(5.42)49 b(\(Essen)m(tial\))33 b Fu(Sho)m(w)j(that)f
+(if)f Fs(h)1869 3252 y Fn(1)1943 3237 y Fu(and)h Fs(h)2192
+3252 y Fn(2)2267 3237 y Fu(are)g(strict)g(and)g(additiv)m(e)f(func-)0
+3357 y(tions)e(in)g Fw(PState)685 3372 y Fc(X)784 3357
+y Ft(!)g Fw(PState)1248 3372 y Fc(X)1348 3357 y Fu(then)h(so)g(is)f
+Fs(h)1845 3372 y Fn(1)1917 3357 y Ft(\016)h Fs(h)2057
+3372 y Fn(2)2096 3357 y Fu(.)1275 b Fh(2)0 3587 y Fw(Exercise)36
+b(5.43)49 b(\(Essen)m(tial\))22 b Fu(Assume)i(that)g
+Fs(f)44 b Fu(in)23 b Fw(PState)2301 3602 y Fc(X)2392
+3587 y Ft(!)g Fw(P)g Fu(is)g(strict)g(and)h(additiv)m(e)0
+3707 y(and)36 b(that)g Fs(h)465 3722 y Fn(1)541 3707
+y Fu(and)h Fs(h)792 3722 y Fn(2)867 3707 y Fu(in)f Fw(PState)1317
+3722 y Fc(X)1420 3707 y Ft(!)g Fw(PState)1888 3722 y
+Fc(X)1991 3707 y Fu(are)g(strict)g(and)h(additiv)m(e.)54
+b(Sho)m(w)37 b(that)0 3827 y(cond)200 3842 y Fn(P)253
+3827 y Fu(\()p Fs(f)21 b Fu(,)37 b Fs(h)463 3842 y Fn(1)503
+3827 y Fu(,)g Fs(h)624 3842 y Fn(2)664 3827 y Fu(\))f(is)g(a)g(strict)g
+(and)g(additiv)m(e)g(function.)55 b(Hin)m(t:)50 b(if)35
+b Fs(f)58 b Fu(\()p Fs(ps)2771 3842 y Fn(1)2846 3827
+y Ft(t)2913 3842 y Fn(PS)3040 3827 y Fs(ps)3138 3842
+y Fn(2)3178 3827 y Fu(\))36 b(=)g Fb(d)p Fu(?)0 3948
+y(then)d Fs(f)54 b(ps)404 3963 y Fn(i)460 3948 y Fu(=)32
+b Fb(d)p Fu(?)h(for)f(i)g(=)g(1)g(or)h(i)e(=)i(2.)1927
+b Fh(2)p 0 4177 3473 5 v 0 4353 a Fw(Lemma)37 b(5.44)49
+b Fu(F)-8 b(or)42 b(all)e(statemen)m(ts)k Fs(S)54 b Fu(of)42
+b Fw(While)p Fu(,)h Ft(P)8 b(S)2215 4368 y Fc(X)2283
+4353 y Fu([)-17 b([)p Fs(S)12 b Fu(])-17 b(])43 b(is)f(a)g(strict)g
+(and)h(additiv)m(e)0 4473 y(function)32 b(whenev)m(er)j(FV\()p
+Fs(S)12 b Fu(\))32 b Ft(\022)h Fs(X)16 b Fu(.)p 0 4594
+V 0 4798 a Fw(Pro)s(of:)37 b Fu(W)-8 b(e)33 b(pro)s(ceed)h(b)m(y)f
+(structural)f(induction)g(on)h Fs(S)44 b Fu(and)33 b(assume)g(that)f
+(FV\()p Fs(S)12 b Fu(\))32 b Ft(\022)h Fs(X)16 b Fu(.)0
+4965 y Fw(The)33 b(case)g Fs(x)44 b Fu(:=)33 b Fs(a)7
+b Fu(:)44 b(W)-8 b(e)33 b(ha)m(v)m(e)244 5170 y Ft(P)8
+b(S)389 5185 y Fc(X)457 5170 y Fu([)-17 b([)p Fs(x)44
+b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])33 b Fb(init)1026
+5185 y Fc(X)1126 5170 y Fu(=)g Fb(init)1415 5185 y Fc(X)0
+5374 y Fu(b)s(ecause)j(Exercise)g(5.41)d(giv)m(es)i(that)f
+Ft(P)8 b(A)1568 5389 y Fc(X)1635 5374 y Fu([)-17 b([)p
+Fs(a)7 b Fu(])-17 b(])36 b(is)e(strict)g(so)g Ft(P)8
+b(A)2437 5389 y Fc(X)2505 5374 y Fu([)-17 b([)p Fs(a)7
+b Fu(])-17 b(])36 b Fb(init)2852 5389 y Fc(X)2954 5374
+y Fu(=)e Fb(ok)p Fu(.)50 b(Next)0 5494 y(w)m(e)34 b(sho)m(w)f(that)g
+Ft(P)8 b(S)742 5509 y Fc(X)809 5494 y Fu([)-17 b([)q
+Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(])-17 b(])33 b(is)f(additiv)m(e:)p
+eop
+%%Page: 164 174
+164 173 bop 251 130 a Fw(164)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 527 515 a Ft(P)8
+b(S)673 530 y Fc(X)740 515 y Fu([)-17 b([)q Fs(x)44 b
+Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])q(\()p Fs(ps)1233 530
+y Fn(1)1305 515 y Ft(t)1371 530 y Fn(PS)1495 515 y Fs(ps)1593
+530 y Fn(2)1633 515 y Fu(\))778 683 y(=)32 b(\()p Fs(ps)1022
+698 y Fn(1)1094 683 y Ft(t)1160 698 y Fn(PS)1284 683
+y Fs(ps)1382 698 y Fn(2)1421 683 y Fu(\)[)p Fs(x)12 b
+Ft(7!)32 b(P)8 b(A)1832 698 y Fc(X)1900 683 y Fu([)-17
+b([)p Fs(a)7 b Fu(])-17 b(])q(\()p Fs(ps)2168 698 y Fn(1)2240
+683 y Ft(t)2306 698 y Fn(PS)2430 683 y Fs(ps)2528 698
+y Fn(2)2568 683 y Fu(\)])778 851 y(=)32 b(\()p Fs(ps)1022
+866 y Fn(1)1094 851 y Ft(t)1160 866 y Fn(PS)1284 851
+y Fs(ps)1382 866 y Fn(2)1421 851 y Fu(\)[)p Fs(x)12 b
+Ft(7!)32 b(P)8 b(A)1832 866 y Fc(X)1900 851 y Fu([)-17
+b([)p Fs(a)7 b Fu(])-17 b(])q Fs(ps)2130 866 y Fn(1)2202
+851 y Ft(t)2268 866 y Fn(P)2353 851 y Ft(P)8 b(A)2510
+866 y Fc(X)2578 851 y Fu([)-17 b([)p Fs(a)7 b Fu(])-17
+b(])q Fs(ps)2808 866 y Fn(2)2847 851 y Fu(])778 1018
+y(=)32 b Fs(ps)984 1033 y Fn(1)1023 1018 y Fu([)p Fs(x)12
+b Ft(7!P)c(A)1364 1033 y Fc(X)1431 1018 y Fu([)-17 b([)q
+Fs(a)7 b Fu(])-17 b(])q Fs(ps)1662 1033 y Fn(1)1701 1018
+y Fu(])33 b Ft(t)1827 1033 y Fn(PS)1951 1018 y Fs(ps)2049
+1033 y Fn(2)2088 1018 y Fu([)p Fs(x)12 b Ft(7!P)c(A)2429
+1033 y Fc(X)2496 1018 y Fu([)-17 b([)q Fs(a)7 b Fu(])-17
+b(])q Fs(ps)2727 1033 y Fn(2)2766 1018 y Fu(])778 1186
+y(=)32 b Ft(P)8 b(S)1031 1201 y Fc(X)1099 1186 y Fu([)-17
+b([)p Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])q Fs(ps)1554
+1201 y Fn(1)1626 1186 y Ft(t)1692 1201 y Fn(PS)1816 1186
+y Ft(P)8 b(S)1961 1201 y Fc(X)2029 1186 y Fu([)-17 b([)p
+Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(])-17 b(])q Fs(ps)2484
+1201 y Fn(2)283 1385 y Fu(where)34 b(the)f(second)h(equalit)m(y)e
+(follo)m(ws)g(from)f Ft(P)8 b(A)2127 1400 y Fc(X)2194
+1385 y Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])33 b(b)s(eing)f(additiv)m
+(e)g(\(Exercise)i(5.41\).)283 1552 y Fw(The)f(case)g
+Fr(skip)h Fu(is)e(immediate.)283 1720 y Fw(The)h(case)f
+Fs(S)805 1735 y Fn(1)844 1720 y Fu(;)g Fs(S)970 1735
+y Fn(2)1041 1720 y Fu(follo)m(ws)f(from)f(Exercise)j(5.42)e(and)h(the)g
+(induction)f(h)m(yp)s(othesis)i(applied)283 1840 y(to)g
+Fs(S)470 1855 y Fn(1)541 1840 y Fu(and)g Fs(S)798 1855
+y Fn(2)837 1840 y Fu(.)283 2008 y Fw(The)c(case)g Fr(if)g
+Fs(b)34 b Fr(then)c Fs(S)1242 2023 y Fn(1)1309 2008 y
+Fr(else)g Fs(S)1610 2023 y Fn(2)1678 2008 y Fu(follo)m(ws)d(from)g
+(Exercise)j(5.43,)e(the)h(induction)f(h)m(yp)s(oth-)283
+2128 y(esis)33 b(applied)f(to)g Fs(S)991 2143 y Fn(1)1063
+2128 y Fu(and)h Fs(S)1320 2143 y Fn(2)1391 2128 y Fu(and)g(Exercise)h
+(5.41.)283 2296 y Fw(The)f(case)g Fr(while)h Fs(b)39
+b Fr(do)33 b Fs(S)12 b Fu(:)32 b(De\014ne)527 2495 y
+Fs(H)49 b(h)40 b Fu(=)32 b(cond)1046 2510 y Fn(P)1099
+2495 y Fu(\()p Ft(P)8 b(B)1283 2510 y Fc(X)1350 2495
+y Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(h)40
+b Ft(\016)32 b(P)8 b(S)1853 2510 y Fc(X)1921 2495 y Fu([)-17
+b([)p Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\))283 2694 y(Our)h(\014rst)g
+(claim)d(is)i(that)527 2893 y Fs(H)615 2857 y Fn(n)691
+2893 y Ft(?)283 3092 y Fu(is)42 b(strict)h(and)f(additiv)m(e)g(for)g
+(all)f Fs(n)7 b Fu(.)73 b(This)43 b(is)f(pro)m(v)m(ed)i(b)m(y)f(n)m
+(umerical)e(induction)h(and)g(the)283 3212 y(base)h(case,)i(n)d(=)g(0,)
+i(is)e(immediate.)69 b(The)42 b(induction)f(step)i(follo)m(ws)e(from)g
+(the)h(induction)283 3332 y(h)m(yp)s(othesis)37 b(of)d(the)i
+(structural)f(induction,)f(the)i(induction)e(h)m(yp)s(othesis)i(of)f
+(the)g(n)m(umerical)283 3453 y(induction,)42 b(Exercises)g(5.42,)f
+(5.41)e(and)i(5.43)e(and)h(that)g(id)g(is)f(strict)h(and)g(additiv)m
+(e.)66 b(Our)283 3573 y(second)34 b(claim)c(is)j(that)527
+3772 y(FIX)g Fs(H)48 b Fu(=)961 3706 y Fg(F)1030 3787
+y Fn(PS)1154 3772 y Ft(f)32 b Fs(H)1324 3736 y Fn(n)1400
+3772 y Ft(?)h(j)f Fu(n)h Ft(\025)g Fu(0)f Ft(g)283 3971
+y Fu(is)h(strict)f(and)g(additiv)m(e.)43 b(F)-8 b(or)32
+b(strictness)i(w)m(e)g(calculate)577 4142 y(\(FIX)f Fs(H)16
+b Fu(\))32 b Fb(init)1158 4157 y Fc(X)1325 4142 y Fu(=)1434
+4076 y Fg(F)1503 4157 y Fn(PS)1627 4142 y Ft(f)g Fu(\()p
+Fs(H)1835 4106 y Fn(n)1911 4142 y Ft(?)q Fu(\))g Fb(init)2239
+4157 y Fc(X)2339 4142 y Ft(j)g Fu(n)h Ft(\025)g Fu(0)f
+Ft(g)1325 4310 y Fu(=)h Fb(init)1614 4325 y Fc(X)283
+4502 y Fu(where)g(the)f(last)e(equalit)m(y)h(follo)m(ws)f(from)g
+Fs(H)1920 4466 y Fn(n)1995 4502 y Ft(?)i Fu(b)s(eing)e(strict)h(for)g
+(all)e(n.)43 b(F)-8 b(or)31 b(additivit)m(y)f(w)m(e)283
+4622 y(calculate)527 4821 y(\(FIX)j Fs(H)16 b Fu(\)\()p
+Fs(ps)1032 4836 y Fn(1)1104 4821 y Ft(t)1170 4836 y Fn(PS)1294
+4821 y Fs(ps)1392 4836 y Fn(2)1431 4821 y Fu(\))896 4989
+y(=)1004 4922 y Fg(F)1073 5004 y Fn(PS)1197 4989 y Ft(f)33
+b Fu(\()p Fs(H)1406 4953 y Fn(n)1481 4989 y Ft(?)q Fu(\)\()p
+Fs(ps)1733 5004 y Fn(1)1805 4989 y Ft(t)1871 5004 y Fn(PS)1995
+4989 y Fs(ps)2093 5004 y Fn(2)2132 4989 y Fu(\))g Ft(j)f
+Fu(n)h Ft(\025)g Fu(0)f Ft(g)896 5156 y Fu(=)1004 5090
+y Fg(F)1073 5171 y Fn(PS)1197 5156 y Ft(f)h Fu(\()p Fs(H)1406
+5120 y Fn(n)1481 5156 y Ft(?)q Fu(\))p Fs(ps)1695 5171
+y Fn(1)1767 5156 y Ft(t)1833 5171 y Fn(PS)1957 5156 y
+Fu(\()p Fs(H)2083 5120 y Fn(n)2159 5156 y Ft(?)p Fu(\))p
+Fs(ps)2372 5171 y Fn(2)2444 5156 y Ft(j)f Fu(n)h Ft(\025)g
+Fu(0)f Ft(g)896 5324 y Fu(=)1004 5258 y Fg(F)1073 5339
+y Fn(PS)1197 5324 y Ft(f)h Fu(\()p Fs(H)1406 5288 y Fn(n)1481
+5324 y Ft(?)q Fu(\))p Fs(ps)1695 5339 y Fn(1)1767 5324
+y Ft(j)f Fu(n)h Ft(\025)g Fu(0)f Ft(g)g(t)2254 5339 y
+Fn(PS)2378 5258 y Fg(F)2447 5339 y Fn(PS)2571 5324 y
+Ft(f)g Fu(\()p Fs(H)2779 5288 y Fn(n)2855 5324 y Ft(?)p
+Fu(\))p Fs(ps)3068 5339 y Fn(2)3140 5324 y Ft(j)g Fu(n)h
+Ft(\025)g Fu(0)f Ft(g)896 5492 y Fu(=)g(\(FIX)h Fs(H)16
+b Fu(\))p Fs(ps)1471 5507 y Fn(1)1543 5492 y Ft(t)1609
+5507 y Fn(PS)1733 5492 y Fu(\(FIX)32 b Fs(H)16 b Fu(\))p
+Fs(ps)2199 5507 y Fn(2)p eop
+%%Page: 165 175
+165 174 bop 0 130 a Fw(5.4)112 b(Bounded)39 b(iteration)2154
+b(165)p 0 193 3473 4 v 0 515 a Fu(The)28 b(second)g(equalit)m(y)e(uses)
+i(the)g(additivit)m(y)d(of)h Fs(H)1867 479 y Fn(n)1937
+515 y Ft(?)i Fu(for)e(all)f(n.)41 b(This)27 b(concludes)h(the)f(pro)s
+(of)0 636 y(of)32 b(the)h(lemma.)2808 b Fh(2)146 839
+y Fu(Strict)32 b(and)h(additiv)m(e)f(functions)g(ha)m(v)m(e)i(a)f(n)m
+(um)m(b)s(er)g(of)f(in)m(teresting)g(prop)s(erties:)0
+1067 y Fw(Exercise)k(5.45)49 b(\(Essen)m(tial\))41 b
+Fu(Sho)m(w)k(that)e(if)f Fs(h)7 b Fu(:)65 b Fw(PState)2326
+1082 y Fc(X)2437 1067 y Ft(!)43 b Fw(PState)2912 1082
+y Fc(X)3022 1067 y Fu(is)g(additiv)m(e)0 1187 y(then)33
+b Fs(h)40 b Fu(is)32 b(monotone.)2543 b Fh(2)146 1415
+y Fu(The)34 b(next)g(result)g(expresses)i(that)d(when)h(t)m(w)m(o)g
+(distinct)e(analysis)h(functions)g Fs(h)3113 1430 y Fn(1)3185
+1415 y Fu(and)h Fs(h)3433 1430 y Fn(2)0 1536 y Fu(are)g(strict)f(and)h
+(additiv)m(e)f(and)h(satis\014es)g Fs(h)1594 1551 y Fn(1)1668
+1536 y Ft(v)g Fs(h)1836 1551 y Fn(2)1909 1536 y Fu(then)g(it)f(will)f
+(b)s(e)h(the)i(prop)s(ert)m(y)f(assigned)0 1656 y(to)e(just)h(one)g(of)
+f(the)h(\\v)-5 b(ariables")31 b(that)h(accoun)m(ts)i(for)e(the)h
+(di\013erence)g(b)s(et)m(w)m(een)i Fs(h)3069 1671 y Fn(1)3141
+1656 y Fu(and)e Fs(h)3388 1671 y Fn(2)3428 1656 y Fu(.)p
+0 1776 3473 5 v 0 1950 a Fw(Lemma)k(5.46)49 b Fu(Consider)33
+b(strict)f(and)h(additiv)m(e)f(functions)244 2154 y Fs(h)301
+2169 y Fn(1)341 2154 y Fu(,)g Fs(h)457 2169 y Fn(2)497
+2154 y Fu(:)43 b Fw(PState)899 2169 y Fc(X)999 2154 y
+Ft(!)32 b Fw(PState)1463 2169 y Fc(X)0 2357 y Fu(suc)m(h)26
+b(that)f Fs(h)473 2372 y Fn(1)537 2357 y Ft(v)g Fs(h)696
+2372 y Fn(2)761 2357 y Fu(and)g Fs(h)1000 2372 y Fn(1)1064
+2357 y Ft(6)p Fu(=)g Fs(h)1222 2372 y Fn(2)1261 2357
+y Fu(.)41 b(Then)26 b(there)f(exist)h(\\v)-5 b(ariables")23
+b Fs(x)12 b Fu(,)26 b Fs(y)33 b Ft(2)26 b Fs(X)40 b Ft([)26
+b(f)p Fu(on-trac)m(k)p Ft(g)0 2477 y Fu(suc)m(h)34 b(that)269
+2645 y(\()p Fs(h)364 2660 y Fn(1)436 2645 y Fu(\()p Fb(init)654
+2660 y Fc(X)721 2645 y Fu([)p Fs(y)9 b Ft(7!)p Fb(d)p
+Fu(?]\)\))44 b Fs(x)g Fu(=)33 b Fb(ok)g Fu(but)269 2812
+y(\()p Fs(h)364 2827 y Fn(2)436 2812 y Fu(\()p Fb(init)654
+2827 y Fc(X)721 2812 y Fu([)p Fs(y)9 b Ft(7!)p Fb(d)p
+Fu(?]\)\))44 b Fs(x)g Fu(=)33 b Fb(d)p Fu(?)p 0 2933
+V 0 3136 a Fw(Pro)s(of:)k Fu(Since)c Fs(h)652 3151 y
+Fn(1)724 3136 y Ft(v)g Fs(h)891 3151 y Fn(2)963 3136
+y Fu(and)g Fs(h)1210 3151 y Fn(1)1282 3136 y Ft(6)p Fu(=)g
+Fs(h)1448 3151 y Fn(2)1520 3136 y Fu(there)g(exists)h(a)e(prop)s(ert)m
+(y)h(state)g Fs(ps)41 b Fu(suc)m(h)34 b(that)244 3339
+y Fs(h)301 3354 y Fn(1)373 3339 y Fs(ps)41 b Ft(v)581
+3354 y Fn(PS)705 3339 y Fs(h)762 3354 y Fn(2)834 3339
+y Fs(ps)244 3506 y(h)301 3521 y Fn(1)373 3506 y Fs(ps)g
+Ft(6)p Fu(=)32 b Fs(h)669 3521 y Fn(2)741 3506 y Fs(ps)0
+3710 y Fu(It)h(follo)m(ws)e(that)h(there)i(exists)f(a)f(\\v)-5
+b(ariable")31 b Fs(x)44 b Ft(2)33 b Fs(X)49 b Ft([)32
+b(f)p Fu(on-trac)m(k)p Ft(g)h Fu(suc)m(h)h(that)244 3913
+y(\()p Fs(h)339 3928 y Fn(1)411 3913 y Fs(ps)8 b Fu(\))32
+b Fs(x)45 b Fu(=)32 b Fb(ok)244 4080 y Fu(\()p Fs(h)339
+4095 y Fn(2)411 4080 y Fs(ps)8 b Fu(\))32 b Fs(x)45 b
+Fu(=)32 b Fb(d)p Fu(?)0 4283 y(Consider)26 b(no)m(w)h(the)g(set)f(OK\()
+p Fs(ps)8 b Fu(\).)41 b(It)26 b(is)g(\014nite)f(b)s(ecause)j(OK\()p
+Fs(ps)8 b Fu(\))25 b Ft(\022)i Fs(X)42 b Ft([)26 b(f)p
+Fu(on-trac)m(k)p Ft(g)p Fu(.)41 b(First)0 4404 y(assume)29
+b(that)f(OK\()p Fs(ps)8 b Fu(\))27 b(=)h Fs(X)44 b Ft([)29
+b(f)p Fu(on-trac)m(k)p Ft(g)p Fu(.)42 b(Then)29 b Fs(ps)36
+b Fu(=)28 b Fb(init)2389 4419 y Fc(X)2484 4404 y Fu(and)h(since)f(w)m
+(e)h(kno)m(w)h(that)0 4524 y Fs(h)57 4539 y Fn(1)130
+4524 y Fu(and)j Fs(h)377 4539 y Fn(2)449 4524 y Fu(are)g(strict)f(w)m
+(e)i(ha)m(v)m(e)h Fs(h)1294 4539 y Fn(1)1366 4524 y Fb(init)1546
+4539 y Fc(X)1647 4524 y Fu(=)d Fb(init)1935 4539 y Fc(X)2036
+4524 y Fu(and)h Fs(h)2283 4539 y Fn(2)2355 4524 y Fb(init)2535
+4539 y Fc(X)2636 4524 y Fu(=)f Fb(init)2924 4539 y Fc(X)2992
+4524 y Fu(.)44 b(Therefore)0 4644 y Fs(h)57 4659 y Fn(1)129
+4644 y Fs(ps)d Fu(=)32 b Fs(h)425 4659 y Fn(2)497 4644
+y Fs(ps)41 b Fu(whic)m(h)33 b(con)m(tradicts)g(the)g(w)m(a)m(y)g
+Fs(ps)41 b Fu(w)m(as)33 b(c)m(hosen.)146 4765 y(Therefore)e(OK\()p
+Fs(ps)8 b Fu(\))30 b(is)f(a)h(true)g(subset)i(of)d Fs(X)46
+b Ft([)30 b(f)p Fu(on-trac)m(k)p Ft(g)p Fu(.)43 b(No)m(w)30
+b(let)g Ft(f)p Fs(y)2923 4780 y Fn(1)2962 4765 y Fu(,)g
+Ft(\001)17 b(\001)g(\001)o Fu(,)30 b Fs(y)3249 4780 y
+Fn(n)3293 4765 y Ft(g)f Fu(b)s(e)0 4885 y(the)k(\\v)-5
+b(ariables")30 b(of)i Fs(X)48 b Ft([)32 b(f)p Fu(on-trac)m(k)p
+Ft(g)g Fu(that)g(do)g(not)g(o)s(ccur)h(in)e(OK\()p Fs(ps)8
+b Fu(\).)43 b(This)32 b(means)h(that)244 5088 y Fs(ps)40
+b Fu(=)33 b Fb(init)663 5103 y Fc(X)730 5088 y Fu([)p
+Fs(y)813 5103 y Fn(1)853 5088 y Ft(7!)o Fb(d)p Fu(?])p
+Ft(\001)17 b(\001)g(\001)o Fu([)p Fs(y)1287 5103 y Fn(n)1331
+5088 y Ft(7!)o Fb(d)p Fu(?])0 5291 y(whic)m(h)33 b(is)f(equiv)-5
+b(alen)m(t)33 b(to)244 5494 y Fs(ps)40 b Fu(=)33 b Fb(init)663
+5509 y Fc(X)730 5494 y Fu([)p Fs(y)813 5509 y Fn(1)853
+5494 y Ft(7!)o Fb(d)p Fu(?])44 b Ft(t)1198 5509 y Fn(PS)1321
+5494 y Ft(\001)17 b(\001)g(\001)31 b(t)1537 5509 y Fn(PS)1661
+5494 y Fb(init)1841 5509 y Fc(X)1908 5494 y Fu([)p Fs(y)1991
+5509 y Fn(n)2035 5494 y Ft(7!)o Fb(d)p Fu(?])p eop
+%%Page: 166 176
+166 175 bop 251 130 a Fw(166)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fu(Since)d
+Fs(h)595 530 y Fn(2)667 515 y Fu(is)f(additiv)m(e)g(w)m(e)i(ha)m(v)m(e)
+527 715 y Fs(h)584 730 y Fn(2)657 715 y Fs(ps)40 b Fu(=)32
+b Fs(h)952 730 y Fn(2)992 715 y Fu(\()p Fb(init)1210
+730 y Fc(X)1278 715 y Fu([)p Fs(y)1361 730 y Fn(1)1400
+715 y Ft(7!)p Fb(d)p Fu(?]\))43 b Ft(t)1783 730 y Fn(PS)1907
+715 y Ft(\001)17 b(\001)g(\001)30 b(t)2122 730 y Fn(PS)2246
+715 y Fs(h)2303 730 y Fn(2)2342 715 y Fu(\()p Fb(init)2560
+730 y Fc(X)2628 715 y Fu([)p Fs(y)2711 730 y Fn(n)2755
+715 y Ft(7!)o Fb(d)p Fu(?]\))283 915 y(W)-8 b(e)31 b(ha)m(v)m(e)h
+(assumed)g(that)e(\()p Fs(h)1366 930 y Fn(2)1436 915
+y Fs(ps)8 b Fu(\))31 b Fs(x)42 b Fu(=)31 b Fb(d)p Fu(?)f(and)h(no)m(w)g
+(it)f(follo)m(ws)f(that)i(for)f(some)g(i)g(\(1)p Ft(\024)p
+Fu(i)p Ft(\024)p Fu(n\))527 1115 y Fs(h)584 1130 y Fn(2)624
+1115 y Fu(\()p Fb(init)842 1130 y Fc(X)910 1115 y Fu([)p
+Fs(y)993 1130 y Fn(i)1016 1115 y Ft(7!)p Fb(d)p Fu(?]\))44
+b Fs(x)g Fu(=)32 b Fb(d)p Fu(?)283 1314 y(Since)h Fb(init)718
+1329 y Fc(X)786 1314 y Fu([)p Fs(y)869 1329 y Fn(i)893
+1314 y Ft(7!)o Fb(d)p Fu(?])44 b Ft(v)1249 1329 y Fn(PS)1372
+1314 y Fs(ps)d Fu(and)32 b Fs(h)1749 1329 y Fn(1)1822
+1314 y Fu(is)g(monotone)g(\(Exercise)h(5.45\))f(w)m(e)i(get)f(that)527
+1514 y Fs(h)584 1529 y Fn(1)657 1514 y Fu(\()p Fb(init)875
+1529 y Fc(X)942 1514 y Fu([)p Fs(y)1025 1529 y Fn(i)1049
+1514 y Ft(7!)p Fb(d)p Fu(?]\))43 b Ft(v)1443 1529 y Fn(PS)1567
+1514 y Fs(h)1624 1529 y Fn(1)1696 1514 y Fs(ps)283 1714
+y Fu(and)33 b(thereb)m(y)527 1913 y Fs(h)584 1928 y Fn(1)657
+1913 y Fu(\()p Fb(init)875 1928 y Fc(X)942 1913 y Fu([)p
+Fs(y)1025 1928 y Fn(i)1049 1913 y Ft(7!)p Fb(d)p Fu(?]\))43
+b Fs(x)i Fu(=)32 b Fb(ok)283 2113 y Fu(So)h(the)g(lemma)d(follo)m(ws)i
+(b)m(y)h(taking)f Fs(y)41 b Fu(to)33 b(b)s(e)f Fs(y)2054
+2128 y Fn(i)2078 2113 y Fu(.)1576 b Fh(2)430 2316 y Fu(The)26
+b(next)f(step)h(will)d(b)s(e)i(to)f(generalize)h(this)f(result)h(to)f
+(sequences)29 b(of)24 b(strict)g(and)h(additiv)m(e)283
+2437 y(functions.)p 283 2557 3473 5 v 283 2728 a Fw(Corollary)36
+b(5.47)49 b Fu(Consider)33 b(a)g(sequence)527 2928 y
+Fs(h)584 2943 y Fn(0)657 2928 y Ft(v)g Fs(h)824 2943
+y Fn(1)896 2928 y Ft(v)g(\001)17 b(\001)g(\001)31 b(v)i
+Fs(h)1322 2943 y Fn(n)283 3127 y Fu(of)g(strict)f(and)g(additiv)m(e)g
+(functions)527 3327 y Fs(h)584 3342 y Fn(i)608 3327 y
+Fu(:)44 b Fw(PState)1011 3342 y Fc(X)1110 3327 y Ft(!)32
+b Fw(PState)1574 3342 y Fc(X)283 3527 y Fu(that)39 b(are)g(all)e
+(distinct,)j(that)f(is)g Fs(h)1580 3542 y Fn(i)1643 3527
+y Ft(6)p Fu(=)g Fs(h)1815 3542 y Fn(j)1880 3527 y Fu(if)e(i)i
+Ft(6)p Fu(=)f(j.)63 b(Then)40 b(n)g Ft(\024)f Fu(\(m+1\))3030
+3491 y Fn(2)3107 3527 y Fu(where)i(m)d(is)g(the)283 3647
+y(cardinalit)m(y)31 b(of)h Fs(X)16 b Fu(.)p 283 3767
+V 283 3967 a Fw(Pro)s(of:)32 b Fu(F)-8 b(or)26 b(eac)m(h)j(i)d
+Ft(2)i(f)p Fu(0,1,)p Ft(\001)17 b(\001)g(\001)n Fu(,n)p
+Ft(\000)p Fu(1)p Ft(g)28 b Fu(the)f(previous)h(lemma)e(applied)g(to)h
+Fs(h)3115 3982 y Fn(i)3166 3967 y Fu(and)h Fs(h)3408
+3982 y Fn(i+1)3549 3967 y Fu(giv)m(es)283 4088 y(that)33
+b(there)g(are)g(\\v)-5 b(ariables")527 4287 y Fs(x)584
+4302 y Fn(i)608 4287 y Fu(,)33 b Fs(y)724 4302 y Fn(i)780
+4287 y Ft(2)g Fs(X)48 b Ft([)33 b(f)p Fu(on-trac)m(k)p
+Ft(g)283 4487 y Fu(suc)m(h)h(that)527 4687 y Fs(h)584
+4702 y Fn(i)608 4687 y Fu(\()p Fb(init)826 4702 y Fc(X)894
+4687 y Fu([)p Fs(y)977 4702 y Fn(i)1001 4687 y Ft(7!)o
+Fb(d)p Fu(?]\))44 b Fs(x)1374 4702 y Fn(i)1430 4687 y
+Fu(=)33 b Fb(ok)527 4854 y Fs(h)584 4869 y Fn(i+1)699
+4854 y Fu(\()p Fb(init)917 4869 y Fc(X)984 4854 y Fu([)p
+Fs(y)1067 4869 y Fn(i)1091 4854 y Ft(7!)p Fb(d)p Fu(?]\))43
+b Fs(x)1464 4869 y Fn(i)1520 4854 y Fu(=)33 b Fb(d)p
+Fu(?)283 5054 y(First)38 b(assume)h(that)f(all)e(\()p
+Fs(x)1323 5069 y Fn(i)1346 5054 y Fu(,)k Fs(y)1469 5069
+y Fn(i)1493 5054 y Fu(\))e(are)g(distinct.)60 b(Since)39
+b(the)f(cardinalit)m(y)f(of)g Fs(X)55 b Fu(is)38 b(m)f(there)283
+5174 y(can)c(b)s(e)g(at)f(most)g(\(m+1\))1236 5138 y
+Fn(2)1307 5174 y Fu(suc)m(h)i(pairs)e(and)h(w)m(e)g(ha)m(v)m(e)h(sho)m
+(wn)g(n)f Ft(\024)g Fu(\(m+1\))3100 5138 y Fn(2)3138
+5174 y Fu(.)430 5295 y(Next)e(assume)g(that)g(there)g(exists)h(i)d
+Fo(<)i Fu(j)f(suc)m(h)i(that)f(\()p Fs(x)2473 5310 y
+Fn(i)2496 5295 y Fu(,)g Fs(y)2610 5310 y Fn(i)2634 5295
+y Fu(\))g(=)f(\()p Fs(x)2904 5310 y Fn(j)2930 5295 y
+Fu(,)h Fs(y)3044 5310 y Fn(j)3069 5295 y Fu(\).)43 b(W)-8
+b(e)31 b(then)h(ha)m(v)m(e)527 5494 y Fs(h)584 5509 y
+Fn(i+1)699 5494 y Fu(\()p Fb(init)917 5509 y Fc(X)984
+5494 y Fu([)p Fs(y)1067 5509 y Fn(i)1091 5494 y Ft(7!)p
+Fb(d)p Fu(?]\))43 b Fs(x)1464 5509 y Fn(i)1520 5494 y
+Fu(=)33 b Fb(d)p Fu(?)p eop
+%%Page: 167 177
+167 176 bop 0 130 a Fw(5.4)112 b(Bounded)39 b(iteration)2154
+b(167)p 0 193 3473 4 v 0 515 a Fu(and)244 719 y Fs(h)301
+734 y Fn(j)327 719 y Fu(\()p Fb(init)545 734 y Fc(X)612
+719 y Fu([)p Fs(y)695 734 y Fn(i)719 719 y Ft(7!)p Fb(d)p
+Fu(?]\))44 b Fs(x)1093 734 y Fn(i)1149 719 y Fu(=)32
+b Fb(ok)0 922 y Fu(Since)h(i+1)e Ft(\024)i Fu(j)f(w)m(e)i(ha)m(v)m(e)g
+Fs(h)1037 937 y Fn(i+1)1184 922 y Ft(v)f Fs(h)1351 937
+y Fn(j)1409 922 y Fu(and)g(therefore)244 1125 y Fs(h)301
+1140 y Fn(i+1)448 1125 y Fu(\()p Fb(init)666 1140 y Fc(X)733
+1125 y Fu([)p Fs(y)816 1140 y Fn(i)840 1125 y Ft(7!)p
+Fb(d)p Fu(?]\))43 b Fs(x)1213 1140 y Fn(i)1269 1125 y
+Ft(v)1347 1140 y Fn(P)1432 1125 y Fs(h)1489 1140 y Fn(j)1547
+1125 y Fu(\()p Fb(init)1765 1140 y Fc(X)1833 1125 y Fu([)p
+Fs(y)1916 1140 y Fn(i)1939 1125 y Ft(7!)p Fb(d)p Fu(?]\))h
+Fs(x)2313 1140 y Fn(i)0 1328 y Fu(This)31 b(is)f(a)g(con)m(tradiction)f
+(as)i(it)e(is)h Fs(not)40 b Fu(the)31 b(case)h(that)e
+Fb(d)p Fu(?)h Ft(v)2269 1343 y Fn(P)2352 1328 y Fb(ok)p
+Fu(.)43 b(Th)m(us)32 b(it)e(cannot)g(b)s(e)h(the)0 1449
+y(case)41 b(that)e(some)h(of)f(the)i(pairs)e(\()p Fs(x)1319
+1464 y Fn(i)1342 1449 y Fu(,)j Fs(y)1467 1464 y Fn(i)1491
+1449 y Fu(\))e(obtained)f(from)g(Lemma)f(5.46)h(coincide)g(and)h(w)m(e)
+0 1569 y(ha)m(v)m(e)34 b(pro)m(v)m(ed)g(the)f(corollary)-8
+b(.)2296 b Fh(2)146 1772 y Fu(W)-8 b(e)33 b(shall)e(no)m(w)j(turn)e(to)
+m(w)m(ards)i(the)f(pro)s(of)f(of)g(the)h(main)e(result:)0
+1940 y Fw(Pro)s(of)i(of)h(Prop)s(osition)d(5.40)p Fu(.)46
+b(Consider)34 b(the)g(construct)h Fr(while)f Fs(b)39
+b Fr(do)34 b Fs(S)46 b Fu(and)33 b(let)g Fs(H)49 b Fu(b)s(e)0
+2060 y(giv)m(en)33 b(b)m(y)244 2264 y Fs(H)48 b(h)40
+b Fu(=)33 b(cond)763 2279 y Fn(P)815 2264 y Fu(\()p Ft(P)8
+b(B)999 2279 y Fc(X)1067 2264 y Fu([)-17 b([)p Fs(b)6
+b Fu(])-17 b(])q(,)32 b Fs(h)40 b Ft(\016)32 b(P)8 b(S)1570
+2279 y Fc(X)1637 2264 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(],)33 b(id\))0 2467 y(W)-8 b(e)33 b(shall)e(then)i(pro)m(v)m(e)h
+(that)244 2670 y Ft(P)8 b(S)389 2685 y Fc(X)457 2670
+y Fu([)-17 b([)p Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)12
+b Fu(])-17 b(])33 b(=)g Fs(H)1335 2634 y Fn(k)1409 2670
+y Ft(?)0 2873 y Fu(where)e(k)e(=)h(\(m+1\))748 2837 y
+Fn(2)815 2873 y Fu(and)g(m)e(is)h(the)h(cardinalit)m(y)e(of)g
+Fs(X)46 b Fu(=)29 b(FV\()p Fr(while)i Fs(b)k Fr(do)30
+b Fs(S)12 b Fu(\).)29 b(T)-8 b(o)29 b(do)h(that)0 2994
+y(consider)j(the)g(sequence)244 3197 y Fs(H)332 3161
+y Fn(0)404 3197 y Ft(?)g(v)g Fs(H)712 3161 y Fn(1)784
+3197 y Ft(?)g(v)g(\001)17 b(\001)g(\001)31 b(v)i Fs(H)1351
+3161 y Fn(k)1425 3197 y Ft(?)g(v)g Fs(H)1733 3161 y Fn(k+1)1897
+3197 y Ft(?)0 3400 y Fu(It)38 b(follo)m(ws)e(from)g(Lemma)h(5.44)g
+(that)g(eac)m(h)h Fs(H)1764 3364 y Fn(i)1826 3400 y Ft(?)g
+Fu(is)f(a)g(strict)h(and)f(additiv)m(e)g(function.)58
+b(It)0 3520 y(no)m(w)30 b(follo)m(ws)d(from)h(Corollary)f(5.47)h(that)h
+(not)g(all)e Fs(H)1970 3484 y Fn(i)2023 3520 y Ft(?)p
+Fu(,)j(for)e(i)g Ft(\024)h Fu(k+1,)h(are)f(distinct.)42
+b(If)29 b(i)p Fo(<)p Fu(j)0 3641 y(satis\014es)244 3844
+y Fs(H)332 3808 y Fn(i)388 3844 y Ft(?)k Fu(=)g Fs(H)695
+3808 y Fn(j)753 3844 y Ft(?)0 4047 y Fu(then)g(w)m(e)h(also)d(ha)m(v)m
+(e)244 4250 y Fs(H)332 4214 y Fn(i)388 4250 y Ft(?)i
+Fu(=)g Fs(H)695 4214 y Fn(n)771 4250 y Ft(?)g Fu(for)f(n)p
+Ft(\025)p Fu(i)0 4453 y(and)h(in)e(particular)244 4657
+y Fs(H)332 4621 y Fn(k)406 4657 y Ft(?)i Fu(=)f Fs(H)712
+4621 y Fn(k+1)876 4657 y Ft(?)0 4860 y Fu(Hence)i(FIX)e
+Fs(H)49 b Fu(=)32 b Fs(H)811 4824 y Fn(k)885 4860 y Ft(?)h
+Fu(as)g(desired)g(b)s(ecause)h(of)e(Exercise)i(5.18.)895
+b Fh(2)0 5171 y Fw(Exercise)36 b(5.48)49 b Fu(*)33 b(Sho)m(w)h(that)e
+(the)h(b)s(ound)g(exhibited)g(in)f(Corollary)f(5.47)h(is)h(tigh)m(t.)43
+b(That)0 5291 y(is)32 b(describ)s(e)h(ho)m(w)h(to)e(construct)h(a)g
+(sequence)244 5494 y Fs(h)301 5509 y Fn(0)373 5494 y
+Ft(v)g Fs(h)540 5509 y Fn(1)612 5494 y Ft(v)g(\001)17
+b(\001)g(\001)31 b(v)i Fs(h)1038 5509 y Fn(n)p eop
+%%Page: 168 178
+168 177 bop 251 130 a Fw(168)1937 b(5)112 b(Static)37
+b(Program)f(Analysis)p 251 193 3473 4 v 283 515 a Fu(of)31
+b(strict)g(and)g(additiv)m(e)g(functions)g Fs(h)1684
+530 y Fn(i)1708 515 y Fu(:)42 b Fw(PState)2109 530 y
+Fc(X)2207 515 y Ft(!)31 b Fw(PState)2670 530 y Fc(X)2768
+515 y Fu(suc)m(h)i(that)d(all)f Fs(h)3387 530 y Fn(i)3443
+515 y Fu(are)i(dis-)283 636 y(tinct)e(and)g(n)f(=)h(\(m+1\))1169
+600 y Fn(2)1236 636 y Fu(where)h(m)e(is)g(the)h(cardinalit)m(y)e(of)h
+Fs(X)16 b Fu(.)29 b(Hin)m(t:)42 b(Begin)28 b(b)m(y)h(considering)283
+756 y(m)j(=)h(0,)f(m)g(=)g(1,)h(m)e(=)i(2)f(and)h(then)g(try)g(to)f
+(generalize.)1297 b Fh(2)430 948 y Fu(T)-8 b(o)31 b(summarize,)g(the)h
+(quadratic)f(upp)s(er)h(b)s(ound)g(on)g(the)g(required)g(n)m(um)m(b)s
+(er)g(of)f(iterands)283 1068 y(is)i(obtained)f(as)g(follo)m(ws:)p
+283 1198 3470 4 v 283 1215 V 281 1422 4 208 v 298 1422
+V 1371 1343 a Fw(Pro)s(of)g(Summary)h(for)f(While)p Fu(:)p
+3735 1422 V 3752 1422 V 281 1630 V 298 1630 V 617 1551
+a Fw(Bounding)h(the)f(Num)m(b)s(er)g(of)h(Iterations)e(in)h(the)h
+(Static)e(Analysis)p 3735 1630 V 3752 1630 V 283 1633
+3470 4 v 281 2003 4 370 v 298 2003 V 350 1799 a Fu(1:)143
+b(The)48 b(analysis)f(is)g(mo)s(di\014ed)f(to)h(use)h(the)g(set)g
+Fw(PState)2691 1814 y Fc(X)2805 1799 y Fu(rather)g(than)f
+Fw(PState)569 1919 y Fu(\(Exercise)34 b(5.37\).)p 3735
+2003 V 3752 2003 V 281 2291 4 289 v 298 2291 V 350 2087
+a(2:)143 b(A)28 b(pro)s(of)g(b)m(y)h Fs(structur)-5 b(al)32
+b(induction)j Fu(on)28 b(the)h(statemen)m(ts)h(sho)m(ws)g(that)e(the)g
+(analysis)569 2207 y(functions)k Ft(P)8 b(S)1135 2222
+y Fc(X)1202 2207 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(])32 b(are)h(strict)f(and)h(additiv)m(e)f(\(Lemma)f(5.44\).)p
+3735 2291 V 3752 2291 V 281 2699 4 409 v 298 2699 V 350
+2375 a(3:)143 b(Sequences)41 b(of)c(strict)h(and)g(additiv)m(e)f
+(functions)h(in)f Fw(PState)2861 2390 y Fc(X)2966 2375
+y Ft(!)h Fw(PState)3436 2390 y Fc(X)3541 2375 y Fu(can)569
+2495 y(ha)m(v)m(e)h(length)f(at)f(most)h(\(m+1\))1755
+2459 y Fn(2)1831 2495 y Fu(where)h(m)f(is)f(the)i(cardinalit)m(y)d(of)h
+Fs(X)55 b Fu(\(Corollary)569 2616 y(5.47\).)p 3735 2699
+V 3752 2699 V 283 2702 3470 4 v 283 2719 V 283 2914 a(Using)29
+b(the)h(result)f(of)g(Prop)s(osition)f(5.40)h(w)m(e)h(get)f(that)g(at)g
+(most)g(9)g(iterations)f(are)h(needed)i(to)283 3035 y(compute)26
+b(the)g(\014xed)h(p)s(oin)m(t)d(presen)m(t)j(in)e(the)h(analysis)f(of)g
+(the)h(factorial)d(statemen)m(t.)41 b(Since)26 b(w)m(e)283
+3155 y(kno)m(w)31 b(that)e(already)g(the)h(\014rst)f(iterand)g(will)e
+(equal)i(the)h(\014xed)g(p)s(oin)m(t)f(one)g(ma)m(y)h(ask)f(whether)283
+3276 y(one)36 b(can)g(obtain)e(an)h(ev)m(en)i(b)s(etter)f(b)s(ound)f
+(on)h(the)f(n)m(um)m(b)s(er)h(of)f(iterations.)50 b(The)37
+b(follo)m(wing)283 3396 y(exercise)e(sho)m(ws)f(that)f(the)h(quadratic)
+e(upp)s(er)i(b)s(ound)f(can)g(b)s(e)g(replaced)g(b)m(y)h(a)f(linear)e
+(upp)s(er)283 3516 y(b)s(ound:)283 3708 y Fw(Exercise)37
+b(5.49)49 b Fu(**)31 b(Sho)m(w)h(that)f(for)f(eac)m(h)j(statemen)m(t)e
+Fr(while)i Fs(b)k Fr(do)32 b Fs(S)43 b Fu(of)31 b Fw(While)e
+Fu(w)m(e)k(ha)m(v)m(e)527 3884 y Ft(P)8 b(S)673 3899
+y Fc(X)740 3884 y Fu([)-17 b([)q Fr(while)33 b Fs(b)39
+b Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b(=)f Fs(H)1618
+3848 y Fn(k)1692 3884 y Ft(?)283 4060 y Fu(where)i Fs(H)49
+b(h)39 b Fu(=)33 b(cond)1084 4075 y Fn(P)1136 4060 y
+Fu(\()p Ft(P)8 b(B)1320 4075 y Fc(X)1388 4060 y Fu([)-17
+b([)p Fs(b)6 b Fu(])-17 b(])q(,)32 b Fs(h)7 b Ft(\016)q(P)h(S)1826
+4075 y Fc(X)1893 4060 y Fu([)-17 b([)q Fs(S)12 b Fu(])-17
+b(],)33 b(id\),)f(k)g(=)h(m+1,)e(and)i(m)f(is)g(the)h(cardinalit)m(y)
+283 4181 y(of)g(the)g(set)g Fs(X)49 b Fu(=)32 b(FV\()p
+Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\).)1923 b
+Fh(2)430 4373 y Fu(F)-8 b(or)38 b(the)i(factorial)d(statemen)m(t)i
+(this)g(result)g(will)e(giv)m(e)j(that)f(at)f(most)h(3)g(iterations)f
+(are)283 4493 y(needed)f(to)d(determine)h(the)g(\014xed)h(p)s(oin)m(t.)
+49 b(The)36 b(next)g(exercise)g(sho)m(ws)g(that)f(this)f(is)h(almost)
+283 4613 y(the)e(b)s(est)h(upp)s(er)f(b)s(ound)g(w)m(e)g(can)g(hop)s(e)
+g(for:)283 4805 y Fw(Exercise)k(5.50)49 b Fu(*)31 b(Sho)m(w)i(that)f
+(for)f(eac)m(h)i(m)f Ft(\025)g Fu(1)g(there)g(is)g(a)g(statemen)m(t)g
+Fr(while)h Fs(b)38 b Fr(do)33 b Fs(S)43 b Fu(of)283 4926
+y Fw(While)31 b Fu(suc)m(h)j(that)527 5102 y Ft(P)8 b(S)673
+5117 y Fc(X)740 5102 y Fu([)-17 b([)q Fr(while)33 b Fs(b)39
+b Fr(do)33 b Fs(S)12 b Fu(])-17 b(])33 b Ft(6)p Fu(=)f
+Fs(H)1618 5066 y Fn(k)1692 5102 y Ft(?)283 5278 y Fu(where)i
+Fs(H)49 b(h)39 b Fu(=)32 b(cond)1083 5293 y Fn(P)1136
+5278 y Fu(\()p Ft(P)8 b(B)1320 5293 y Fc(X)1387 5278
+y Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(],)33 b Fs(h)7 b
+Ft(\016P)h(S)1825 5293 y Fc(X)1893 5278 y Fu([)-17 b([)p
+Fs(S)12 b Fu(])-17 b(])q(,)32 b(id\),)g(k)h(=)f(m)p Ft(\000)p
+Fu(1,)g(and)g(m)g(is)g(the)h(cardinalit)m(y)283 5398
+y(of)g(the)g(set)g Fs(X)49 b Fu(=)32 b(FV\()p Fr(while)i
+Fs(b)k Fr(do)33 b Fs(S)12 b Fu(\).)1923 b Fh(2)p eop
+%%Page: 169 179
+169 178 bop 0 1180 a Fv(Chapter)78 b(6)0 1595 y(Axiomatic)e(Program)h
+(V)-19 b(eri\014cation)0 2047 y Fu(The)39 b(kinds)g(of)f(seman)m(tics)h
+(w)m(e)g(ha)m(v)m(e)h(seen)g(so)e(far)g(sp)s(ecify)h(the)g(meaning)e
+(of)h(programs)f(al-)0 2168 y(though)26 b(they)g(ma)m(y)g(also)f(b)s(e)
+h(used)g(to)g(pro)m(v)m(e)h(that)e(giv)m(en)h(programs)f(p)s(ossess)j
+(certain)d(prop)s(er-)0 2288 y(ties.)43 b(W)-8 b(e)33
+b(ma)m(y)e(distinguish)g(b)s(et)m(w)m(een)j(sev)m(eral)f(classes)g(of)f
+(prop)s(erties:)43 b Fs(p)-5 b(artial)34 b(c)-5 b(orr)g(e)g(ctness)0
+2408 y(pr)g(op)g(erties)36 b Fu(are)29 b(prop)s(erties)f(expressing)i
+(that)e Fs(if)49 b Fu(a)28 b(giv)m(en)h(program)e(terminates)h
+Fs(then)36 b Fu(there)0 2529 y(will)e(b)s(e)j(a)f(certain)g
+(relationship)f(b)s(et)m(w)m(een)j(the)f(initial)c(and)j(the)h(\014nal)
+f(v)-5 b(alues)36 b(of)g(the)h(v)-5 b(ari-)0 2649 y(ables.)59
+b(Th)m(us)40 b(a)d(partial)f(correctness)k(prop)s(ert)m(y)f(of)e(a)h
+(program)e(need)j Fs(not)47 b Fu(ensure)40 b(that)d(it)0
+2769 y(terminates.)42 b(This)31 b(is)f(con)m(trary)h(to)f
+Fs(total)j(c)-5 b(orr)g(e)g(ctness)33 b(pr)-5 b(op)g(erties)38
+b Fu(whic)m(h)31 b(express)i(that)d(the)0 2890 y(program)j
+Fs(wil)5 b(l)44 b Fu(terminate)33 b Fs(and)44 b Fu(that)34
+b(there)h(will)d(b)s(e)i(a)g(certain)g(relationship)f(b)s(et)m(w)m(een)
+j(the)0 3010 y(initial)29 b(and)j(the)h(\014nal)f(v)-5
+b(alues)33 b(of)f(the)h(v)-5 b(ariables.)42 b(Th)m(us)34
+b(w)m(e)g(ha)m(v)m(e)244 3196 y(partial)c(correctness)35
+b(+)d(termination)e(=)j(total)e(correctness)0 3382 y(Y)-8
+b(et)24 b(another)f(class)g(of)g(prop)s(erties)g(is)g(concerned)i(with)
+e(the)h Fs(r)-5 b(esour)g(c)g(es)31 b Fu(used)24 b(when)h(executing)0
+3502 y(the)30 b(program.)41 b(An)30 b(example)e(is)h(the)h
+Fs(time)37 b Fu(used)30 b(to)f(execute)j(the)e(program)e(on)h(a)g
+(particular)0 3622 y(mac)m(hine.)0 3952 y Fj(6.1)161
+b(Direct)53 b(pro)t(ofs)g(of)h(program)f(correctness)0
+4171 y Fu(In)30 b(this)f(section)g(w)m(e)i(shall)d(giv)m(e)h(some)g
+(examples)h(that)f(pro)m(v)m(e)i(partial)c(correctness)k(of)e(state-)0
+4291 y(men)m(ts)45 b(based)h(directly)e(on)h(the)h(op)s(erational)c
+(and)j(denotational)e(seman)m(tics.)81 b(W)-8 b(e)45
+b(shall)0 4412 y(pro)m(v)m(e)34 b(that)e(the)h(factorial)d(statemen)m
+(t)244 4598 y Fr(y)j Fu(:=)f Fr(1)p Fu(;)h Fr(while)h
+Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
+Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g
+Fr(x)p Ft(\000)p Fr(1)p Fu(\))0 4783 y(is)38 b(partially)d(correct,)41
+b(that)d(is)g Fs(if)59 b Fu(the)39 b(statemen)m(t)f(terminates)g
+Fs(then)45 b Fu(the)39 b(\014nal)f(v)-5 b(alue)37 b(of)h
+Fr(y)0 4904 y Fu(will)30 b(b)s(e)j(the)g(factorial)d(of)i(the)h
+(initial)c(v)-5 b(alue)32 b(of)g Fr(x)p Fu(.)0 5189 y
+Fp(Natural)46 b(seman)l(tics)0 5374 y Fu(Using)35 b Fs(natur)-5
+b(al)38 b(semantics)k Fu(the)36 b(partial)d(correctness)38
+b(of)d(the)h(factorial)d(statemen)m(t)i(can)h(b)s(e)0
+5494 y(formalized)30 b(as)j(follo)m(ws:)1663 5849 y(169)p
+eop
+%%Page: 170 180
+170 179 bop 251 130 a Fw(170)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
+515 a Fu(F)h(or)32 b(all)f(states)i Fs(s)41 b Fu(and)32
+b Fs(s)1433 479 y Fi(0)1457 515 y Fu(,)g(if)742 717 y
+Ft(h)p Fr(y)g Fu(:=)h Fr(1)p Fu(;)g Fr(while)h Ft(:)p
+Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
+Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
+Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)32 b(!)g
+Fs(s)3152 681 y Fi(0)527 918 y Fu(then)i Fs(s)798 882
+y Fi(0)853 918 y Fr(y)f Fu(=)g(\()p Fs(s)40 b Fr(x)p
+Fu(\)!)k(and)32 b Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)283
+1116 y Fu(This)j(is)f(indeed)h(a)f(partial)e(correctness)k(prop)s(ert)m
+(y)g(b)s(ecause)f(the)g(statemen)m(t)g(do)s(es)g(not)f(ter-)283
+1236 y(minate)e(if)f(the)i(initial)c(v)-5 b(alue)32 b
+Fs(s)40 b Fr(x)33 b Fu(of)f Fr(x)h Fu(is)f(non-p)s(ositiv)m(e.)430
+1357 y(The)h(pro)s(of)f(pro)s(ceeds)i(in)e(three)h(stages:)283
+1554 y Fw(Stage)38 b(1:)49 b Fu(W)-8 b(e)33 b(pro)m(v)m(e)h(that)e(the)
+h(b)s(o)s(dy)g(of)f(the)h Fr(while)h Fu(lo)s(op)d(satis\014es:)569
+1713 y(if)g Ft(h)p Fr(y)i Fu(:=)f Fr(y)p Fo(?)p Fr(x)p
+Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(,)i
+Fs(s)8 b Ft(i)32 b(!)h Fs(s)1886 1677 y Fi(00)1961 1713
+y Fu(and)f Fs(s)2198 1677 y Fi(00)2273 1713 y Fr(x)h
+Fo(>)g Fw(0)569 1881 y Fu(then)g(\()p Fs(s)41 b Fr(y)p
+Fu(\))32 b Fo(?)h Fu(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(=)32
+b(\()p Fs(s)1585 1845 y Fi(00)1660 1881 y Fr(y)p Fu(\))h
+Fo(?)f Fu(\()p Fs(s)1949 1845 y Fi(00)2024 1881 y Fr(x)p
+Fu(\)!)44 b(and)32 b Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)3631
+1798 y Fu(\(*\))283 2076 y Fw(Stage)38 b(2:)49 b Fu(W)-8
+b(e)33 b(pro)m(v)m(e)h(that)e(the)h Fr(while)h Fu(lo)s(op)d
+(satis\014es:)569 2235 y(if)g Ft(h)p Fr(while)j Ft(:)p
+Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
+Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g
+Fr(x)p Ft(\000)p Fr(1)p Fu(\),)g Fs(s)8 b Ft(i)32 b(!)h
+Fs(s)2739 2199 y Fi(00)569 2402 y Fu(then)g(\()p Fs(s)41
+b Fr(y)p Fu(\))32 b Fo(?)h Fu(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(=)32
+b Fs(s)1547 2366 y Fi(00)1622 2402 y Fr(y)h Fu(and)g
+Fs(s)1944 2366 y Fi(00)2019 2402 y Fr(x)f Fu(=)h Fw(1)f
+Fu(and)h Fs(s)41 b Fr(x)32 b Fo(>)h Fw(0)3582 2319 y
+Fu(\(**\))283 2597 y Fw(Stage)38 b(3:)49 b Fu(W)-8 b(e)33
+b(pro)m(v)m(e)h(the)f(partial)d(correctness)35 b(prop)s(ert)m(y)e(for)f
+(the)h(complete)f(program:)569 2756 y(if)f Ft(h)p Fr(y)i
+Fu(:=)f Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p Fr(x)p
+Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f
+Fr(y)p Fo(?)q Fr(x)p Fu(;)g Fr(x)h Fu(:=)g Fr(x)p Ft(\000)p
+Fr(1)p Fu(\),)g Fs(s)8 b Ft(i)33 b(!)f Fs(s)3069 2720
+y Fi(0)569 2924 y Fu(then)h Fs(s)839 2888 y Fi(0)895
+2924 y Fr(y)g Fu(=)f(\()p Fs(s)41 b Fr(x)p Fu(\)!)i(and)33
+b Fs(s)41 b Fr(x)32 b Fo(>)h Fw(0)3534 2841 y Fu(\(***\))283
+3115 y(In)i(eac)m(h)f(of)g(the)g(three)h(stages)f(the)g(deriv)-5
+b(ation)33 b(tree)h(of)f(the)i(giv)m(en)e(transition)g(is)g(insp)s
+(ected)283 3235 y(in)f(order)h(to)f(pro)m(v)m(e)i(the)f(prop)s(ert)m(y)
+-8 b(.)430 3355 y(In)33 b(the)g Fs(\014rst)i(stage)k
+Fu(w)m(e)34 b(consider)f(the)g(transition)527 3553 y
+Ft(h)p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g
+Fu(:=)g Fr(x)p Ft(\000)p Fr(1)p Fu(,)g Fs(s)8 b Ft(i)33
+b(!)f Fs(s)1755 3517 y Fi(00)283 3751 y Fu(According)h(to)f([comp)1121
+3766 y Fn(ns)1192 3751 y Fu(])h(there)g(will)d(b)s(e)j(transitions)527
+3948 y Ft(h)p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(,)h
+Fs(s)8 b Ft(i)33 b(!)f Fs(s)1296 3912 y Fi(0)1352 3948
+y Fu(and)g Ft(h)p Fr(x)h Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p
+Fu(,)i Fs(s)2087 3912 y Fi(0)2110 3948 y Ft(i)f(!)f Fs(s)2362
+3912 y Fi(00)283 4146 y Fu(for)f(some)g Fs(s)722 4109
+y Fi(0)745 4146 y Fu(.)43 b(F)-8 b(rom)30 b(the)i(axiom)d([ass)1677
+4161 y Fn(ns)1749 4146 y Fu(])i(w)m(e)h(then)g(get)f(that)g
+Fs(s)2589 4109 y Fi(0)2644 4146 y Fu(=)f Fs(s)8 b Fu([)p
+Fr(y)p Ft(7!)q(A)o Fu([)-17 b([)q Fr(y)p Fo(?)p Fr(x)p
+Fu(])g(])q Fs(s)8 b Fu(])31 b(and)g(that)283 4266 y Fs(s)331
+4230 y Fi(00)406 4266 y Fu(=)i Fs(s)563 4230 y Fi(0)586
+4266 y Fu([)p Fr(x)p Ft(7!A)p Fu([)-17 b([)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(])g(])r Fs(s)1147 4230 y Fi(0)1170 4266 y Fu(].)44
+b(Com)m(bining)31 b(these)j(results)f(w)m(e)g(ha)m(v)m(e)527
+4464 y Fs(s)575 4427 y Fi(00)650 4464 y Fu(=)g Fs(s)8
+b Fu([)p Fr(y)p Ft(7!)p Fu(\()p Fs(s)40 b Fr(y)p Fu(\))p
+Fo(?)p Fu(\()p Fs(s)h Fr(x)p Fu(\)][)p Fr(x)p Ft(7!)p
+Fu(\()p Fs(s)g Fr(x)p Fu(\))p Ft(\000)p Fr(1)p Fu(])283
+4661 y(Assuming)33 b(that)f Fs(s)991 4625 y Fi(00)1066
+4661 y Fr(x)h Fo(>)f Fw(0)h Fu(w)m(e)g(can)g(then)g(calculate)527
+4859 y(\()p Fs(s)613 4822 y Fi(00)688 4859 y Fr(y)p Fu(\))g
+Fo(?)f Fu(\()p Fs(s)977 4822 y Fi(00)1052 4859 y Fr(x)p
+Fu(\)!)44 b(=)32 b(\(\()p Fs(s)41 b Fr(y)p Fu(\))33 b
+Fo(?)f Fu(\()p Fs(s)40 b Fr(x)p Fu(\)\))33 b Fo(?)f Fu(\(\()p
+Fs(s)41 b Fr(x)p Fu(\))p Ft(\000)p Fr(1)p Fu(\)!)j(=)33
+b(\()p Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41
+b Fr(x)p Fu(\)!)283 5056 y(and)33 b(since)g Fs(s)41 b
+Fr(x)33 b Fu(=)f(\()p Fs(s)1071 5020 y Fi(00)1146 5056
+y Fr(x)p Fu(\))h(+)f Fw(1)h Fu(this)f(sho)m(ws)i(that)e(\(*\))g(do)s
+(es)i(indeed)e(hold.)430 5177 y(In)27 b(the)h Fs(se)-5
+b(c)g(ond)29 b(stage)34 b Fu(w)m(e)28 b(pro)s(ceed)g(b)m(y)h(induction)
+d(on)h(the)h(shap)s(e)f(of)g(the)h(deriv)-5 b(ation)25
+b(tree)283 5297 y(for)527 5494 y Ft(h)p Fr(while)34 b
+Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
+Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g
+Fr(x)p Ft(\000)p Fr(1)p Fu(\),)g Fs(s)8 b Ft(i)32 b(!)h
+Fs(s)2608 5458 y Fi(0)p eop
+%%Page: 171 181
+171 180 bop 0 130 a Fw(6.1)112 b(Direct)36 b(pro)s(ofs)i(of)g(program)f
+(correctness)1242 b(171)p 0 193 3473 4 v 0 515 a Fu(One)40
+b(of)f(t)m(w)m(o)h(axioms)f(and)g(rules)h(could)f(ha)m(v)m(e)i(b)s(een)
+f(used)h(to)e(construct)i(this)e(deriv)-5 b(ation.)0
+636 y(If)43 b([while)358 600 y Fn(\013)358 660 y(ns)428
+636 y Fu(])g(has)g(b)s(een)h(used)g(then)f Fs(s)1436
+600 y Fi(0)1502 636 y Fu(=)g Fs(s)51 b Fu(and)43 b Ft(B)s
+Fu([)-17 b([)q Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q
+Fs(s)51 b Fu(=)42 b Fw(\013)p Fu(.)75 b(This)43 b(means)g(that)0
+756 y Fs(s)48 720 y Fi(0)104 756 y Fr(x)33 b Fu(=)f Fw(1)j
+Fu(and)g(since)g Fw(1)p Fu(!)51 b(=)35 b Fw(1)g Fu(w)m(e)h(get)f(the)g
+(required)g(\()p Fs(s)43 b Fr(y)p Fu(\))35 b Fo(?)g Fu(\()p
+Fs(s)43 b Fr(x)p Fu(\)!)51 b(=)34 b Fs(s)43 b Fr(y)35
+b Fu(and)g Fs(s)43 b Fr(x)36 b Fo(>)e Fw(0)p Fu(.)0 877
+y(This)f(pro)m(v)m(es)h(\(**\).)146 997 y(Next)k(assume)g(that)f
+([while)1197 961 y Fn(tt)1197 1022 y(ns)1268 997 y Fu(])g(is)g(used)h
+(to)f(construct)h(the)g(deriv)-5 b(ation.)56 b(Then)38
+b(it)e(m)m(ust)0 1117 y(b)s(e)d(the)g(case)g(that)g Ft(B)s
+Fu([)-17 b([)q Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q
+Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)244 1321 y Ft(h)p
+Fr(y)g Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f
+Fr(x)p Ft(\000)p Fr(1)p Fu(,)i Fs(s)8 b Ft(i)32 b(!)g
+Fs(s)1471 1285 y Fi(00)0 1525 y Fu(and)244 1728 y Ft(h)p
+Fr(while)h Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g
+Fr(do)g Fu(\()p Fr(y)f Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g
+Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)2073
+1692 y Fi(00)2115 1728 y Ft(i)e(!)h Fs(s)2367 1692 y
+Fi(0)0 1932 y Fu(for)f(some)h(state)h Fs(s)682 1896 y
+Fi(00)724 1932 y Fu(.)45 b(The)34 b(induction)e(h)m(yp)s(othesis)i
+(applied)e(to)g(the)i(latter)e(deriv)-5 b(ation)31 b(giv)m(es)0
+2053 y(that)244 2256 y(\()p Fs(s)330 2220 y Fi(00)405
+2256 y Fr(y)p Fu(\))i Fo(?)f Fu(\()p Fs(s)694 2220 y
+Fi(00)769 2256 y Fr(x)p Fu(\)!)43 b(=)33 b Fs(s)1085
+2220 y Fi(0)1141 2256 y Fr(y)g Fu(and)f Fs(s)1462 2220
+y Fi(0)1518 2256 y Fr(x)h Fu(=)f Fw(1)h Fu(and)g Fs(s)2037
+2220 y Fi(00)2112 2256 y Fr(x)f Fo(>)h Fw(0)0 2460 y
+Fu(F)-8 b(rom)31 b(\(*\))h(w)m(e)i(get)e(that)244 2664
+y(\()p Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41
+b Fr(x)p Fu(\)!)j(=)32 b(\()p Fs(s)1038 2628 y Fi(00)1113
+2664 y Fr(y)p Fu(\))h Fo(?)f Fu(\()p Fs(s)1402 2628 y
+Fi(00)1477 2664 y Fr(x)p Fu(\)!)44 b(and)32 b Fs(s)41
+b Fr(x)33 b Fo(>)f Fw(0)0 2867 y Fu(Putting)g(these)i(results)f
+(together)g(w)m(e)g(get)244 3071 y(\()p Fs(s)40 b Fr(y)p
+Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)j(=)32
+b Fs(s)1000 3035 y Fi(0)1056 3071 y Fr(y)h Fu(and)f Fs(s)1377
+3035 y Fi(0)1433 3071 y Fr(x)h Fu(=)f Fw(1)h Fu(and)g
+Fs(s)40 b Fr(x)33 b Fo(>)f Fw(0)0 3275 y Fu(This)h(pro)m(v)m(es)h
+(\(**\))e(and)h(thereb)m(y)h(the)f(second)h(stage)f(of)f(the)h(pro)s
+(of)e(is)i(completed.)146 3395 y(Finally)-8 b(,)30 b(consider)j(the)g
+Fs(thir)-5 b(d)35 b(stage)40 b Fu(of)32 b(the)h(pro)s(of)e(and)i(the)g
+(deriv)-5 b(ation)244 3599 y Ft(h)p Fr(y)32 b Fu(:=)h
+Fr(1)p Fu(;)g Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p
+Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p
+Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
+Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)32 b(!)g Fs(s)2654 3563
+y Fi(0)0 3803 y Fu(According)g(to)h([comp)838 3818 y
+Fn(ns)908 3803 y Fu(])g(there)g(will)e(b)s(e)h(a)h(state)g
+Fs(s)1903 3767 y Fi(00)1978 3803 y Fu(suc)m(h)h(that)244
+4006 y Ft(h)p Fr(y)e Fu(:=)h Fw(1)p Fu(,)g Fs(s)8 b Ft(i)32
+b(!)g Fs(s)917 3970 y Fi(00)0 4210 y Fu(and)244 4414
+y Ft(h)p Fr(while)h Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p
+Fu(\))g Fr(do)g Fu(\()p Fr(y)f Fu(:=)h Fr(y)p Fo(?)p
+Fr(x)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p
+Fu(\),)i Fs(s)2073 4378 y Fi(00)2115 4414 y Ft(i)e(!)h
+Fs(s)2367 4378 y Fi(0)0 4618 y Fu(F)-8 b(rom)33 b(axiom)h([ass)703
+4633 y Fn(ns)775 4618 y Fu(])h(w)m(e)h(see)g(that)e Fs(s)1404
+4581 y Fi(00)1482 4618 y Fu(=)g Fs(s)8 b Fu([)p Fr(y)p
+Ft(7!)q Fw(1)p Fu(])35 b(and)g(from)e(\(**\))i(w)m(e)h(get)e(that)h
+Fs(s)3142 4581 y Fi(00)3220 4618 y Fr(x)g Fo(>)f Fw(0)0
+4738 y Fu(and)29 b(therefore)g Fs(s)37 b Fr(x)29 b Fo(>)g
+Fw(0)p Fu(.)42 b(Hence)31 b(\()p Fs(s)36 b Fr(x)p Fu(\)!)43
+b(=)29 b(\()p Fs(s)1729 4702 y Fi(00)1800 4738 y Fr(y)p
+Fu(\))g Fo(?)f Fu(\()p Fs(s)2081 4702 y Fi(00)2153 4738
+y Fr(x)p Fu(\)!)42 b(holds)29 b(and)g(using)f(\(**\))g(w)m(e)i(get)244
+4942 y(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(=)32 b(\()p Fs(s)716
+4905 y Fi(00)791 4942 y Fr(y)p Fu(\))h Fo(?)f Fu(\()p
+Fs(s)1080 4905 y Fi(00)1155 4942 y Fr(x)p Fu(\)!)44 b(=)32
+b Fs(s)1471 4905 y Fi(0)1527 4942 y Fr(y)0 5145 y Fu(as)h(required.)44
+b(This)33 b(pro)m(v)m(es)h(the)f(partial)d(correctness)35
+b(of)d(the)h(factorial)d(statemen)m(t.)0 5374 y Fw(Exercise)36
+b(6.1)49 b Fu(Use)42 b(the)g(natural)e(seman)m(tics)i(to)f(pro)m(v)m(e)
+h(the)g(partial)d(correctness)k(of)e(the)0 5494 y(statemen)m(t)p
+eop
+%%Page: 172 182
+172 181 bop 251 130 a Fw(172)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
+515 a Fr(z)33 b Fu(:=)g Fr(0)p Fu(;)f Fr(while)i(y)p
+Ft(\024)q Fr(x)f(do)g Fu(\()p Fr(z)g Fu(:=)f Fr(z)p Fu(+)p
+Fr(1)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(y)p
+Fu(\))283 714 y(that)h(is)g(pro)m(v)m(e)h(that)e Fs(if)54
+b Fu(the)33 b(statemen)m(t)h(terminates)e(in)g Fs(s)2449
+677 y Fi(0)2505 714 y Fu(when)i(executed)h(from)d(a)h(state)g
+Fs(s)283 834 y Fu(with)27 b Fs(s)41 b Fr(x)33 b Fo(>)f
+Fw(0)27 b Fu(and)g Fs(s)35 b Fr(y)28 b Fo(>)f Fw(0)p
+Fu(,)h Fs(then)34 b(s)1672 798 y Fi(0)1728 834 y Fr(z)f
+Fu(=)f(\()p Fs(s)41 b Fr(x)p Fu(\))32 b Fw(div)h Fu(\()p
+Fs(s)40 b Fr(y)p Fu(\))27 b(and)h Fs(s)2813 798 y Fi(0)2868
+834 y Fr(x)33 b Fu(=)g(\()p Fs(s)40 b Fr(x)p Fu(\))33
+b Fw(mo)s(d)f Fu(\()p Fs(s)41 b Fr(y)p Fu(\))283 954
+y(where)34 b Fw(div)e Fu(is)g(in)m(teger)h(division)e(and)i
+Fw(mo)s(d)f Fu(is)g(the)h(mo)s(dulo)d(op)s(eration.)665
+b Fh(2)283 1176 y Fw(Exercise)37 b(6.2)49 b Fu(Use)39
+b(the)f(natural)f(seman)m(tics)h(to)g(pro)m(v)m(e)h(the)f(follo)m(wing)
+e Fs(total)k(c)-5 b(orr)g(e)g(ctness)283 1296 y Fu(prop)s(ert)m(y)34
+b(for)e(the)h(factorial)d(program:)42 b(for)32 b(all)f(states)i
+Fs(s)527 1495 y Fu(if)f Fs(s)40 b Fr(x)33 b Fo(>)g Fw(0)f
+Fu(then)h(there)h(exists)f(a)f(state)h Fs(s)2087 1458
+y Fi(0)2143 1495 y Fu(suc)m(h)h(that)742 1696 y Ft(h)p
+Fr(y)e Fu(:=)h Fr(1)p Fu(;)g Fr(while)h Ft(:)p Fu(\()p
+Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f
+Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
+Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)32 b(!)g Fs(s)3152 1660
+y Fi(0)552 1898 y Fu(and)h Fs(s)790 1862 y Fi(0)846 1898
+y Fr(y)g Fu(=)f(\()p Fs(s)40 b Fr(x)p Fu(\)!)2409 b Fh(2)283
+2186 y Fp(Structural)45 b(op)t(erational)i(seman)l(tics)283
+2371 y Fu(The)29 b(partial)d(correctness)k(of)e(the)h(factorial)c
+(statemen)m(t)k(can)f(also)f(b)s(e)h(established)h(using)e(the)283
+2491 y Fs(structur)-5 b(al)36 b(op)-5 b(er)g(ational)34
+b(semantics)p Fu(.)43 b(The)33 b(prop)s(ert)m(y)g(is)g(then)g(reform)m
+(ulated)e(as:)527 2689 y(F)-8 b(or)32 b(all)f(states)i
+Fs(s)41 b Fu(and)32 b Fs(s)1433 2653 y Fi(0)1457 2689
+y Fu(,)g(if)742 2891 y Ft(h)p Fr(y)g Fu(:=)h Fr(1)p Fu(;)g
+Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f
+Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h
+Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)8
+b Ft(i)32 b(\))3072 2855 y Fi(\003)3144 2891 y Fs(s)3192
+2855 y Fi(0)527 3093 y Fu(then)i Fs(s)798 3056 y Fi(0)853
+3093 y Fr(y)f Fu(=)g(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(and)32
+b Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)283 3291 y Fu(Again)g(it)g(is)g(w)m
+(orth)m(while)g(to)g(approac)m(h)h(the)g(pro)s(of)f(in)g(stages:)283
+3489 y Fw(Stage)38 b(1:)49 b Fu(W)-8 b(e)33 b(pro)m(v)m(e)h(b)m(y)g
+(induction)d(on)i(the)g(length)f(of)g(deriv)-5 b(ation)31
+b(sequences)36 b(that)527 3657 y(if)c Ft(h)p Fr(while)h
+Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p
+Fr(y)f Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f
+Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)32 b(\))2617
+3621 y Fn(k)2690 3657 y Fs(s)2738 3621 y Fi(0)527 3824
+y Fu(then)i Fs(s)798 3788 y Fi(0)853 3824 y Fr(y)f Fu(=)g(\()p
+Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b
+Fr(x)p Fu(\)!)i(and)33 b Fs(s)1883 3788 y Fi(0)1939 3824
+y Fr(x)g Fu(=)f Fw(1)h Fu(and)f Fs(s)41 b Fr(x)33 b Fo(>)f
+Fw(0)283 4026 y(Stage)38 b(2:)49 b Fu(W)-8 b(e)33 b(pro)m(v)m(e)h(that)
+527 4194 y(if)e Ft(h)p Fr(y)g Fu(:=)h Fr(1)p Fu(;)g Fr(while)g
+Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p
+Fr(y)f Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f
+Fr(x)p Ft(\000)p Fr(1)p Fu(\),)i Fs(s)8 b Ft(i)32 b(\))2947
+4158 y Fi(\003)3019 4194 y Fs(s)3067 4158 y Fi(0)527
+4361 y Fu(then)i Fs(s)798 4325 y Fi(0)853 4361 y Fr(y)f
+Fu(=)g(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(and)32 b Fs(s)41
+b Fr(x)33 b Fo(>)f Fw(0)283 4583 y(Exercise)37 b(6.3)49
+b Fu(Complete)32 b(the)h(pro)s(of)e(of)i(stages)g(1)f(and)h(2.)1154
+b Fh(2)283 4871 y Fp(Denotational)48 b(seman)l(tics)283
+5055 y Fu(W)-8 b(e)25 b(shall)e(no)m(w)i(use)g(the)g(denotational)d
+(seman)m(tics)i(to)g(pro)m(v)m(e)i(partial)c(correctness)k(prop)s
+(erties)283 5176 y(of)32 b(statemen)m(ts.)44 b(The)34
+b(idea)d(is)h(to)g(form)m(ulate)e(the)j(prop)s(ert)m(y)g(as)f(a)g
+Fs(pr)-5 b(e)g(dic)g(ate)39 b Fo( )d Fu(on)c(the)h(ccp)s(o)283
+5296 y(\()p Fw(State)g Fo(,)-17 b Ft(!)33 b Fw(State)p
+Fu(,)f Ft(v)q Fu(\),)g(that)h(is)527 5494 y Fo( )t Fu(:)44
+b(\()p Fw(State)32 b Fo(,)-17 b Ft(!)33 b Fw(State)p
+Fu(\))f Ft(!)h Fw(T)p eop
+%%Page: 173 183
+173 182 bop 0 130 a Fw(6.1)112 b(Direct)36 b(pro)s(ofs)i(of)g(program)f
+(correctness)1242 b(173)p 0 193 3473 4 v 0 515 a Fu(As)38
+b(an)g(example,)g(the)g(partial)d(correctness)40 b(of)d(the)h
+(factorial)d(statemen)m(t)j(will)e(b)s(e)i(written)0
+636 y(as)244 830 y Fo( )311 845 y Fc(f)7 b(ac)424 830
+y Fu(\()p Ft(S)530 845 y Fn(ds)601 830 y Fu([)-17 b([)q
+Fr(y)33 b Fu(:=)f Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p
+Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f
+Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
+Fr(1)p Fu(\)])-17 b(])r(\))32 b(=)h Fw(tt)0 1025 y Fu(where)h(the)f
+(predicate)g Fo( )940 1040 y Fc(f)7 b(ac)1085 1025 y
+Fu(is)33 b(de\014ned)h(b)m(y)458 1219 y Fo( )525 1234
+y Fc(f)7 b(ac)639 1219 y Fu(\()p Fs(g)i Fu(\))32 b(=)g
+Fw(tt)244 1380 y Fu(if)f(and)i(only)f(if)510 1547 y(for)d(all)f(states)
+j Fs(s)38 b Fu(and)30 b Fs(s)1377 1511 y Fi(0)1401 1547
+y Fu(,)g(if)f Fs(g)39 b(s)f Fu(=)29 b Fs(s)1860 1511
+y Fi(0)1914 1547 y Fu(then)k Fs(s)2184 1511 y Fi(0)2240
+1547 y Fr(y)f Fu(=)h(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(and)33
+b Fs(s)40 b Fr(x)33 b Fo(>)g Fw(0)146 1742 y Fu(A)24
+b(predicate)h Fo( )t Fu(:)39 b Fs(D)33 b Ft(!)24 b Fw(T)g
+Fu(de\014ned)h(on)f(a)g(ccp)s(o)h(\()p Fs(D)9 b Fu(,)p
+Ft(v)p Fu(\))24 b(is)g(called)f(an)h Fs(admissible)h(pr)-5
+b(e)g(dic)g(ate)0 1862 y Fu(if)31 b(and)i(only)f(if)g(w)m(e)h(ha)m(v)m
+(e)244 2057 y(if)e Fo( )37 b Fs(d)42 b Fu(=)33 b Fw(tt)f
+Fu(for)g(all)e Fs(d)43 b Ft(2)33 b Fs(Y)52 b Fu(then)33
+b Fo( )t Fu(\()1681 1990 y Fg(F)1750 2057 y Fs(Y)20 b
+Fu(\))32 b(=)h Fw(tt)0 2251 y Fu(for)j(ev)m(ery)j(c)m(hain)d
+Fs(Y)57 b Fu(in)36 b Fs(D)9 b Fu(.)36 b(Th)m(us)j(if)c
+Fo( )41 b Fu(holds)36 b(on)h(all)e(the)i(elemen)m(ts)g(of)f(the)h(c)m
+(hain)g(then)g(it)0 2372 y(also)32 b(holds)g(on)g(the)h(least)g(upp)s
+(er)g(b)s(ound)f(of)h(the)g(c)m(hain.)0 2588 y Fw(Example)k(6.4)48
+b Fu(Consider)33 b(the)g(predicate)g Fo( )1719 2552 y
+Fi(0)1719 2613 y Fc(f)7 b(ac)1865 2588 y Fu(de\014ned)34
+b(on)f Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)f Fu(b)m(y)458
+2783 y Fo( )525 2747 y Fi(0)525 2807 y Fc(f)7 b(ac)639
+2783 y Fu(\()p Fs(g)i Fu(\))32 b(=)g Fw(tt)244 2943 y
+Fu(if)f(and)i(only)f(if)458 3144 y(for)h(all)d(states)j
+Fs(s)41 b Fu(and)33 b Fs(s)1339 3108 y Fi(0)1362 3144
+y Fu(,)g(if)e Fs(g)41 b(s)g Fu(=)32 b Fs(s)1834 3108
+y Fi(0)458 3311 y Fu(then)i Fs(s)729 3275 y Fi(0)785
+3311 y Fr(y)e Fu(=)h(\()p Fs(s)40 b Fr(y)p Fu(\))33 b
+Fo(?)f Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)i(and)33 b Fs(s)41
+b Fr(x)33 b Fo(>)f Fw(0)0 3512 y Fu(Then)43 b Fo( )331
+3476 y Fi(0)331 3536 y Fc(f)7 b(ac)486 3512 y Fu(is)41
+b(an)h(admissible)e(predicate.)71 b(T)-8 b(o)42 b(see)g(this)g(assume)g
+(that)g Fs(Y)61 b Fu(is)41 b(a)h(c)m(hain)f(in)0 3632
+y Fw(State)34 b Fo(,)-17 b Ft(!)33 b Fw(State)h Fu(and)g(assume)g(that)
+g Fo( )1530 3596 y Fi(0)1530 3657 y Fc(f)7 b(ac)1677
+3632 y Fs(g)42 b Fu(=)33 b Fw(tt)g Fu(for)g(all)f Fs(g)42
+b Ft(2)34 b Fs(Y)20 b Fu(.)33 b(W)-8 b(e)35 b(shall)d(then)i(pro)m(v)m
+(e)0 3753 y(that)e Fo( )278 3716 y Fi(0)278 3777 y Fc(f)7
+b(ac)392 3753 y Fu(\()430 3686 y Fg(F)499 3753 y Fs(Y)20
+b Fu(\))32 b(=)g Fw(tt)p Fu(,)g(that)h(is)458 3947 y(\()496
+3881 y Fg(F)566 3947 y Fs(Y)19 b Fu(\))33 b Fs(s)40 b
+Fu(=)33 b Fs(s)965 3911 y Fi(0)244 4107 y Fu(implies)458
+4308 y Fs(s)506 4272 y Fi(0)562 4308 y Fr(y)g Fu(=)g(\()p
+Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b
+Fr(x)p Fu(\)!)i(and)33 b Fs(s)41 b Fr(x)32 b Fo(>)h Fw(0)0
+4508 y Fu(F)-8 b(rom)23 b(Lemma)g(4.25)g(w)m(e)j(ha)m(v)m(e)f(graph\()
+1419 4442 y Fg(F)1488 4508 y Fs(Y)20 b Fu(\))k(=)1742
+4442 y Fg(S)1812 4508 y Ft(f)g Fu(graph\()p Fs(g)9 b
+Fu(\))23 b Ft(j)h Fs(g)33 b Ft(2)25 b Fs(Y)44 b Ft(g)p
+Fu(.)c(W)-8 b(e)25 b(ha)m(v)m(e)h(assumed)0 4629 y(that)34
+b(\()251 4562 y Fg(F)320 4629 y Fs(Y)20 b Fu(\))32 b
+Fs(s)41 b Fu(=)32 b Fs(s)719 4593 y Fi(0)776 4629 y Fu(so)j
+Fs(Y)53 b Fu(cannot)34 b(b)s(e)h(empt)m(y)f(and)g Ft(h)p
+Fs(s)8 b Fu(,)35 b Fs(s)2166 4593 y Fi(0)2189 4629 y
+Ft(i)f(2)g Fu(graph\()p Fs(g)9 b Fu(\))33 b(for)h(some)g
+Fs(g)42 b Ft(2)35 b Fs(Y)19 b Fu(.)0 4749 y(But)33 b(then)244
+4944 y Fs(s)292 4908 y Fi(0)348 4944 y Fr(y)g Fu(=)f(\()p
+Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b
+Fr(x)p Fu(\)!)j(and)32 b Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)0
+5138 y Fu(as)g Fo( )186 5102 y Fi(0)186 5163 y Fc(f)7
+b(ac)331 5138 y Fs(g)40 b Fu(=)31 b Fw(tt)g Fu(for)g(all)e
+Fs(g)40 b Ft(2)32 b Fs(Y)20 b Fu(.)32 b(This)f(pro)m(v)m(es)j(that)d
+Fo( )2057 5102 y Fi(0)2057 5163 y Fc(f)7 b(ac)2202 5138
+y Fu(is)31 b(an)h(admissible)d(predicate.)76 b Fh(2)146
+5355 y Fu(F)-8 b(or)29 b(admissible)e(predicates)k(w)m(e)f(ha)m(v)m(e)h
+(the)f(follo)m(wing)c(induction)j(principle)f(called)g
+Fs(\014xe)-5 b(d)0 5475 y(p)g(oint)35 b(induction)p Fu(:)p
+eop
+%%Page: 174 184
+174 183 bop 251 130 a Fw(174)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
+515 3473 5 v 283 684 a(Theorem)38 b(6.5)49 b Fu(Let)34
+b(\()p Fs(D)9 b Fu(,)p Ft(v)q Fu(\))34 b(b)s(e)h(a)f(ccp)s(o)h(and)f
+(let)g Fs(f)21 b Fu(:)47 b Fs(D)d Ft(!)34 b Fs(D)43 b
+Fu(b)s(e)35 b(a)f(con)m(tin)m(uous)h(function)283 804
+y(and)e(let)f Fo( )37 b Fu(b)s(e)32 b(an)h(admissible)d(predicate)j(on)
+g Fs(D)9 b Fu(.)32 b(If)h(for)f(all)e Fs(d)43 b Ft(2)33
+b Fs(D)527 1001 y Fo( )k Fs(d)43 b Fu(=)32 b Fw(tt)g
+Fu(implies)e Fo( )t Fu(\()p Fs(f)53 b(d)10 b Fu(\))33
+b(=)f Fw(tt)283 1198 y Fu(then)i Fo( )t Fu(\(FIX)e Fs(f)21
+b Fu(\))32 b(=)h Fw(tt)p Fu(.)p 283 1319 V 283 1516 a
+Fw(Pro)s(of:)38 b Fu(W)-8 b(e)33 b(shall)e(\014rst)i(note)g(that)527
+1713 y Fo( )k Ft(?)c Fu(=)f Fw(tt)283 1910 y Fu(holds)k(b)m(y)i
+(admissibilit)m(y)32 b(of)k Fo( )k Fu(\(applied)35 b(to)h(the)h(c)m
+(hain)f Fs(Y)56 b Fu(=)36 b Ft(;)p Fu(\).)54 b(By)37
+b(induction)e(on)h(n)h(w)m(e)283 2031 y(can)c(then)h(sho)m(w)f(that)527
+2228 y Fo( )t Fu(\()p Fs(f)683 2192 y Fn(n)759 2228 y
+Ft(?)q Fu(\))f(=)g Fw(tt)283 2425 y Fu(using)f(the)f(assumptions)h(of)e
+(the)i(theorem.)43 b(By)31 b(admissibilit)m(y)c(of)j
+Fo( )k Fu(\(applied)29 b(to)h(the)h(c)m(hain)283 2546
+y Fs(Y)53 b Fu(=)32 b Ft(f)g Fs(f)649 2509 y Fn(n)725
+2546 y Ft(?)h(j)f Fu(n)h Ft(\025)g Fu(0)f Ft(g)p Fu(\))h(w)m(e)g(then)g
+(ha)m(v)m(e)527 2743 y Fo( )t Fu(\(FIX)g Fs(f)21 b Fu(\))32
+b(=)h Fw(tt)283 2940 y Fu(This)g(completes)g(the)g(pro)s(of.)2306
+b Fh(2)430 3143 y Fu(W)-8 b(e)42 b(are)g(no)m(w)g(in)f(a)h(p)s(osition)
+e(where)j(w)m(e)g(can)f(pro)m(v)m(e)h(the)g(partial)c(correctness)44
+b(of)d(the)283 3264 y(factorial)31 b(statemen)m(t.)44
+b(The)33 b(\014rst)g(observ)-5 b(ation)32 b(is)g(that)527
+3461 y Ft(S)595 3476 y Fn(ds)666 3461 y Fu([)-17 b([)q
+Fr(y)33 b Fu(:=)f(1;)h Fr(while)g Ft(:)q Fu(\()p Fr(x)p
+Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p Fr(y)f Fu(:=)h
+Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
+Fr(1)p Fu(\)])-17 b(])r Fs(s)40 b Fu(=)33 b Fs(s)2989
+3425 y Fi(0)283 3658 y Fu(if)f(and)h(only)f(if)527 3856
+y Ft(S)595 3871 y Fn(ds)666 3856 y Fu([)-17 b([)q Fr(while)34
+b Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g
+Fu(\()p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g
+Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(\)])-17 b(])r(\()p
+Fs(s)8 b Fu([)p Fr(y)p Ft(7!)p Fw(1)p Fu(]\))33 b(=)f
+Fs(s)2998 3819 y Fi(0)283 4053 y Fu(Th)m(us)j(it)c(is)h(su\016cien)m(t)
+i(to)e(pro)m(v)m(e)i(that)552 4220 y Fo( )619 4184 y
+Fi(0)619 4245 y Fc(f)7 b(ac)733 4220 y Fu(\()p Ft(S)838
+4235 y Fn(ds)910 4220 y Fu([)-17 b([)p Fr(while)34 b
+Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
+Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g
+Fr(x)p Ft(\000)p Fr(1)p Fu(\)])-17 b(])q(\))33 b(=)f
+Fw(tt)697 b Fu(\(*\))283 4388 y(\(where)34 b Fo( )670
+4352 y Fi(0)670 4413 y Fc(f)7 b(ac)816 4388 y Fu(is)32
+b(de\014ned)i(in)e(Example)g(6.4\))g(as)h(this)f(will)e(imply)h(that)
+527 4585 y Fo( )594 4600 y Fc(f)7 b(ac)708 4585 y Fu(\()p
+Ft(S)813 4600 y Fn(ds)885 4585 y Fu([)-17 b([)p Fr(y)33
+b Fu(:=)g Fr(1)p Fu(;)f Fr(while)i Ft(:)q Fu(\()p Fr(x)p
+Fu(=)p Fr(1)p Fu(\))e Fr(do)i Fu(\()p Fr(y)e Fu(:=)h
+Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)f Fu(:=)h Fr(x)p Ft(\000)p
+Fr(1)p Fu(\)])-17 b(])q(\))33 b(=)f Fw(tt)430 4782 y
+Fu(W)-8 b(e)30 b(shall)e(no)m(w)i(reform)m(ulate)e(\(*\))h(sligh)m(tly)
+f(to)i(bring)e(ourselv)m(es)j(in)e(a)g(p)s(osition)f(where)j(w)m(e)283
+4903 y(can)i(use)h(\014xed)g(p)s(oin)m(t)d(induction.)43
+b(Using)32 b(the)h(de\014nition)f(of)g Ft(S)2647 4918
+y Fn(ds)2751 4903 y Fu(in)g(T)-8 b(able)32 b(4.1)g(w)m(e)i(ha)m(v)m(e)
+527 5100 y Ft(S)595 5115 y Fn(ds)666 5100 y Fu([)-17
+b([)q Fr(while)34 b Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p
+Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p
+Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p
+Fu(\)])-17 b(])34 b(=)f(FIX)f Fs(F)283 5297 y Fu(where)i(the)f
+(functional)e Fs(F)46 b Fu(is)32 b(de\014ned)i(b)m(y)527
+5494 y Fs(F)46 b(g)41 b Fu(=)32 b(cond\()p Ft(B)t Fu([)-17
+b([)q Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\)])g(])q(,)33
+b Fs(g)41 b Ft(\016)32 b(S)1830 5509 y Fn(ds)1901 5494
+y Fu([)-17 b([)q Fr(y)33 b Fu(:=)f Fr(y)p Fo(?)p Fr(x)p
+Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(])-17
+b(])r(,)32 b(id\))p eop
+%%Page: 175 185
+175 184 bop 0 130 a Fw(6.2)112 b(P)m(artial)36 b(correctness)h
+(assertions)1619 b(175)p 0 193 3473 4 v 0 515 a Fu(Using)32
+b(the)h(seman)m(tic)f(equations)h(de\014ning)g Ft(S)1720
+530 y Fn(ds)1823 515 y Fu(w)m(e)h(can)f(rewrite)f(this)h(de\014nition)e
+(as)244 776 y(\()p Fs(F)45 b(g)9 b Fu(\))32 b Fs(s)41
+b Fu(=)704 601 y Fg(8)704 676 y(<)704 826 y(:)820 691
+y Fs(s)1431 b Fu(if)32 b Fs(s)40 b(x)k Fu(=)33 b Fw(1)820
+859 y Fs(g)9 b Fu(\()p Fs(s)f Fu([)p Fr(y)p Ft(7!)o Fu(\()p
+Fs(s)41 b Fr(y)p Fu(\))p Fo(?)p Fu(\()p Fs(s)f Fr(x)p
+Fu(\)][)p Fr(x)p Ft(7!)q Fu(\()p Fs(s)g Fr(x)p Fu(\))p
+Ft(\000)p Fr(1)p Fu(]\))84 b(otherwise)146 1042 y(W)-8
+b(e)29 b(ha)m(v)m(e)g(already)e(seen)i(that)f Fs(F)41
+b Fu(is)27 b(a)h(con)m(tin)m(uous)g(function)f(\(for)h(example)f(in)g
+(the)h(pro)s(of)0 1162 y(of)43 b(Prop)s(osition)f(4.47\))h(and)h(from)e
+(Example)h(6.4)h(w)m(e)g(ha)m(v)m(e)h(that)f Fo( )2620
+1126 y Fi(0)2620 1187 y Fc(f)7 b(ac)2777 1162 y Fu(is)43
+b(an)g(admissible)0 1282 y(predicate.)h(Th)m(us)34 b(w)m(e)f(see)h
+(from)d(Theorem)i(6.5)f(that)h(\(*\))f(follo)m(ws)f(if)h(w)m(e)h(sho)m
+(w)h(that)244 1461 y Fo( )311 1425 y Fi(0)311 1486 y
+Fc(f)7 b(ac)457 1461 y Fs(g)41 b Fu(=)32 b Fw(tt)g Fu(implies)e
+Fo( )1169 1425 y Fi(0)1169 1486 y Fc(f)7 b(ac)1283 1461
+y Fu(\()p Fs(F)45 b(g)9 b Fu(\))32 b(=)g Fw(tt)0 1640
+y Fu(T)-8 b(o)33 b(pro)m(v)m(e)g(this)g(implication)28
+b(assume)33 b(that)g Fo( )1722 1604 y Fi(0)1722 1665
+y Fc(f)7 b(ac)1867 1640 y Fs(g)42 b Fu(=)32 b Fw(tt)p
+Fu(,)g(that)g(is)g(for)g(all)f(states)i Fs(s)41 b Fu(and)32
+b Fs(s)3398 1604 y Fi(0)244 1819 y Fu(if)f Fs(g)41 b(s)g
+Fu(=)32 b Fs(s)656 1782 y Fi(0)712 1819 y Fu(then)h Fs(s)982
+1782 y Fi(0)1038 1819 y Fr(y)g Fu(=)g(\()p Fs(s)40 b
+Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)i(and)33
+b Fs(s)41 b Fr(x)32 b Fo(>)h Fw(0)0 1997 y Fu(W)-8 b(e)33
+b(shall)e(pro)m(v)m(e)j(that)e Fo( )937 1961 y Fi(0)937
+2022 y Fc(f)7 b(ac)1051 1997 y Fu(\()p Fs(F)45 b(g)9
+b Fu(\))32 b(=)h Fw(tt)p Fu(,)e(that)i(is)f(for)g(all)e(states)k
+Fs(s)40 b Fu(and)33 b Fs(s)2767 1961 y Fi(0)244 2176
+y Fu(if)e(\()p Fs(F)46 b(g)9 b Fu(\))32 b Fs(s)40 b Fu(=)33
+b Fs(s)842 2140 y Fi(0)898 2176 y Fu(then)g Fs(s)1168
+2140 y Fi(0)1224 2176 y Fr(y)g Fu(=)f(\()p Fs(s)40 b
+Fr(y)p Fu(\))33 b Fo(?)f Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)j(and)32
+b Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)0 2355 y Fu(Insp)s(ecting)j(the)g
+(de\014nition)f(of)g Fs(F)47 b Fu(w)m(e)36 b(see)g(that)e(there)i(are)e
+(t)m(w)m(o)i(cases.)51 b(First)33 b(assume)j(that)0 2475
+y Fs(s)45 b Fr(x)36 b Fu(=)h Fw(1)p Fu(.)55 b(Then)38
+b(\()p Fs(F)46 b(g)9 b Fu(\))32 b Fs(s)40 b Fu(=)33 b
+Fs(s)44 b Fu(and)37 b(clearly)f Fs(s)44 b Fr(y)37 b Fu(=)f(\()p
+Fs(s)45 b Fr(y)p Fu(\))37 b Fo(?)f Fu(\()p Fs(s)45 b
+Fr(x)p Fu(\)!)55 b(and)37 b Fs(s)45 b Fr(x)37 b Fo(>)f
+Fw(0)p Fu(.)56 b(Next)0 2596 y(assume)33 b(that)f Fs(s)41
+b Fr(x)33 b Ft(6)p Fu(=)f Fw(1)p Fu(.)44 b(Then)244 2774
+y(\()p Fs(F)h(g)9 b Fu(\))32 b Fs(s)41 b Fu(=)32 b Fs(g)9
+b Fu(\()p Fs(s)f Fu([)p Fr(y)p Ft(7!)p Fu(\()p Fs(s)40
+b Fr(y)p Fu(\))p Fo(?)p Fu(\()p Fs(s)h Fr(x)p Fu(\)][)p
+Fr(x)p Ft(7!)p Fu(\()p Fs(s)g Fr(x)p Fu(\))p Ft(\000)p
+Fw(1)p Fu(]\))0 2953 y(F)-8 b(rom)31 b(the)i(assumptions)f(ab)s(out)h
+Fs(g)41 b Fu(w)m(e)33 b(then)g(get)g(that)244 3132 y
+Fs(s)292 3096 y Fi(0)348 3132 y Fr(y)g Fu(=)f(\(\()p
+Fs(s)40 b Fr(y)p Fu(\))p Fo(?)p Fu(\()p Fs(s)h Fr(x)p
+Fu(\)\))33 b Fo(?)f Fu(\(\()p Fs(s)40 b Fr(x)p Fu(\))p
+Ft(\000)p Fw(1)p Fu(\)!)k(and)33 b(\()p Fs(s)41 b Fr(x)p
+Fu(\))p Ft(\000)p Fw(1)33 b Fo(>)f Fw(0)0 3311 y Fu(so)h(that)f(the)h
+(desired)g(result)244 3489 y Fs(s)292 3453 y Fi(0)348
+3489 y Fr(y)g Fu(=)f(\()p Fs(s)40 b Fr(y)p Fu(\))33 b
+Fo(?)f Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)j(and)32 b Fs(s)41
+b Fr(x)33 b Fo(>)f Fw(0)0 3668 y Fu(follo)m(ws.)0 3863
+y Fw(Exercise)k(6.6)49 b Fu(Rep)s(eat)33 b(Exercise)h(6.1)e(using)g
+(the)h(denotational)e(seman)m(tics.)463 b Fh(2)0 4192
+y Fj(6.2)161 b(P)l(artial)55 b(correctness)c(assertions)0
+4411 y Fu(One)30 b(ma)m(y)g(argue)g(that)g(the)g(ab)s(o)m(v)m(e)h(pro)s
+(ofs)f(are)g(to)s(o)f(detailed)g(to)h(b)s(e)g(practically)e(useful;)j
+(the)0 4531 y(reason)36 b(is)f(that)g(they)h(are)g(to)s(o)e(closely)h
+(connected)i(with)e(the)h(seman)m(tics)g(of)e(the)i(program-)0
+4652 y(ming)29 b(language.)42 b(One)32 b(ma)m(y)f(therefore)g(w)m(an)m
+(t)h(to)f(capture)h(the)f Fs(essential)i(pr)-5 b(op)g(erties)38
+b Fu(of)31 b(the)0 4772 y(v)-5 b(arious)42 b(constructs)i(so)f(that)f
+(it)f(w)m(ould)i(b)s(e)g(less)g(demanding)e(to)h(conduct)i(pro)s(ofs)e
+(ab)s(out)0 4893 y(giv)m(en)35 b(programs.)48 b(Of)34
+b(course)i(the)f(c)m(hoice)g(of)f(\\essen)m(tial)g(prop)s(erties")h
+(will)d(determine)i(the)0 5013 y(sort)42 b(of)g(prop)s(erties)g(that)f
+(w)m(e)i(ma)m(y)f(accomplish)f(pro)m(ving.)71 b(In)43
+b(this)e(section)i(w)m(e)g(shall)d(b)s(e)0 5133 y(in)m(terested)29
+b(in)e(partial)f(correctness)k(prop)s(erties)e(and)h(therefore)f(the)h
+(\\essen)m(tial)f(prop)s(erties")0 5254 y(of)k(the)h(v)-5
+b(arious)32 b(constructs)i(will)c(not)j(include)f(termination.)146
+5374 y(The)41 b(idea)e(is)g(to)g(sp)s(ecify)h(prop)s(erties)g(of)f
+(programs)g(as)g Fs(assertions)p Fu(,)i(or)e(claims,)h(ab)s(out)0
+5494 y(them.)j(An)33 b(assertion)g(is)f(a)g(triple)f(of)h(the)h(form)p
+eop
+%%Page: 176 186
+176 185 bop 251 130 a Fw(176)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
+515 a Ft(f)33 b Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33
+b Fs(Q)41 b Ft(g)283 761 y Fu(where)29 b Fs(S)40 b Fu(is)27
+b(a)h(statemen)m(t)g(and)g Fs(P)38 b Fu(and)28 b Fs(Q)36
+b Fu(are)28 b(predicates.)43 b(Here)28 b Fs(P)38 b Fu(is)27
+b(called)g(the)h Fs(pr)-5 b(e)g(c)g(ondi-)283 881 y(tion)37
+b Fu(and)29 b Fs(Q)37 b Fu(is)29 b(called)e(the)j Fs(p)-5
+b(ostc)g(ondition)p Fu(.)83 b(In)m(tuitiv)m(ely)-8 b(,)29
+b(the)g(meaning)f(of)g Ft(f)33 b Fs(P)42 b Ft(g)33 b
+Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)283 1001 y Fu(is)33
+b(that)527 1246 y Fs(if)54 b(P)43 b Fu(holds)32 b(in)g(the)h(initial)28
+b(state,)34 b(and)527 1414 y Fs(if)54 b Fu(the)33 b(execution)g(of)f
+Fs(S)44 b Fu(terminates)32 b(when)i(started)f(in)f(that)g(state,)527
+1582 y Fs(then)40 b(Q)i Fu(will)30 b(hold)i(in)g(the)h(state)g(in)e
+(whic)m(h)j Fs(S)44 b Fu(halts)283 1827 y(Note)33 b(that)f(for)g
+Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b Fs(Q)41
+b Ft(g)32 b Fu(to)g(hold)g(w)m(e)i(do)e Fs(not)42 b Fu(require)32
+b(that)h Fs(S)44 b Fu(halts)32 b(when)h(started)283 1947
+y(in)28 b(states)h(satisfying)e Fs(P)38 b Fu(|)27 b(merely)h(that)g
+Fs(if)48 b Fu(it)27 b(do)s(es)i(halt)e Fs(then)35 b(Q)i
+Fu(holds)28 b(in)f(the)h(\014nal)f(state.)283 2288 y
+Fp(Logical)46 b(v)-7 b(ariables)283 2489 y Fu(As)34 b(an)e(example)g(w)
+m(e)i(ma)m(y)e(write)552 2657 y Ft(f)h Fr(x)p Fu(=)p
+Fr(n)f Ft(g)h Fr(y)g Fu(:=)f Fr(1)p Fu(;)h Fr(while)h
+Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
+Fr(y)g Fu(:=)f Fr(x)p Fo(?)p Fr(y)p Fu(;)h Fr(x)g Fu(:=)f
+Fr(x)p Ft(\000)p Fr(1)p Fu(\))i Ft(f)e Fr(y)p Fu(=)p
+Fr(n)p Fu(!)44 b Ft(^)33 b Fr(n)p Fo(>)p Fu(0)f Ft(g)283
+2825 y Fu(to)45 b(express)i(that)d(if)g(the)h(v)-5 b(alue)44
+b(of)g Fr(x)h Fu(is)f(equal)g(to)h(the)g(v)-5 b(alue)44
+b(of)g Fr(n)h Fs(b)-5 b(efor)g(e)51 b Fu(the)45 b(factorial)283
+2945 y(program)32 b(is)g(executed)j(then)e(the)g(v)-5
+b(alue)32 b(of)g Fr(y)h Fu(will)d(b)s(e)j(equal)g(to)f(the)h(factorial)
+d(of)i(the)h(v)-5 b(alue)283 3065 y(of)36 b Fr(n)g Fs(after)46
+b Fu(the)36 b(execution)h(of)e(the)h(program)e(has)j(terminated)d(\(if)
+h(indeed)h(it)f(terminates\).)283 3186 y(Here)46 b Fr(n)e
+Fu(is)h(a)f(sp)s(ecial)f(v)-5 b(ariable)43 b(called)g(a)i
+Fs(lo)-5 b(gic)g(al)53 b Fu(v)-5 b(ariable)43 b(and)i(these)h(logical)
+41 b(v)-5 b(ariables)283 3306 y(m)m(ust)42 b(not)f(app)s(ear)g(in)f(an)
+m(y)i(statemen)m(t)f(considered.)70 b(The)42 b(role)f(of)f(these)j(v)-5
+b(ariables)40 b(is)g(to)283 3426 y(\\remem)m(b)s(er")f(the)g(initial)c
+(v)-5 b(alues)39 b(of)g(the)g(program)f(v)-5 b(ariables.)61
+b(Note)39 b(that)g(if)f(w)m(e)i(replace)283 3547 y(the)g(p)s
+(ostcondition)e Fr(y)p Fu(=)p Fr(n)p Fu(!)63 b Ft(^)39
+b Fr(n)p Fo(>)p Fu(0)g(b)m(y)h(the)g(new)g(p)s(ostcondition)d
+Fr(y)p Fu(=)p Fr(x)p Fu(!)63 b Ft(^)40 b Fr(x)p Fo(>)p
+Fu(0)f(then)g(the)283 3667 y(assertion)j(ab)s(o)m(v)m(e)h(will)c
+(express)44 b(a)d(relationship)f(b)s(et)m(w)m(een)k(the)e(\014nal)f(v)
+-5 b(alue)41 b(of)g Fr(y)h Fu(and)f(the)283 3788 y(\014nal)36
+b(v)-5 b(alue)35 b(of)g Fr(x)i Fu(and)f(this)f(is)h(not)f(what)i(w)m(e)
+g(w)m(an)m(t.)54 b(The)37 b(use)g(of)e(logical)e(v)-5
+b(ariables)35 b(solv)m(es)283 3908 y(the)e(problem)f(b)s(ecause)i(it)d
+(allo)m(ws)h(us)h(to)f(refer)h(to)f(initial)d(v)-5 b(alues)33
+b(of)f(v)-5 b(ariables.)430 4037 y(W)d(e)33 b(shall)e(th)m(us)j
+(distinguish)d(b)s(et)m(w)m(een)j(t)m(w)m(o)g(kinds)f(of)f(v)-5
+b(ariables:)429 4282 y Ft(\017)48 b Fu(program)32 b(v)-5
+b(ariables,)31 b(and)429 4527 y Ft(\017)48 b Fu(logical)30
+b(v)-5 b(ariables.)283 4772 y(The)40 b(states)g(will)d(determine)h(the)
+i(v)-5 b(alues)38 b(of)h(b)s(oth)f(kinds)i(of)e(v)-5
+b(ariables)38 b(and)h(since)g(logical)283 4893 y(v)-5
+b(ariables)35 b(do)h(not)g(o)s(ccur)g(in)f(programs)h(their)f(v)-5
+b(alues)36 b(will)e(alw)m(a)m(ys)i(b)s(e)h(the)f(same.)54
+b(In)36 b(case)283 5013 y(of)42 b(the)h(factorial)d(program)h(w)m(e)i
+(kno)m(w)g(that)f(the)h(v)-5 b(alue)42 b(of)f Fr(n)i
+Fu(is)f(the)g(same)g(in)g(the)h(initial)283 5133 y(state)30
+b(and)g(in)e(the)i(\014nal)f(state.)43 b(The)30 b(precondition)e
+Fr(x)33 b Fu(=)g Fr(n)c Fu(expresses)k(that)c Fr(n)g
+Fu(has)h(the)g(same)283 5254 y(v)-5 b(alue)28 b(as)h
+Fr(x)g Fu(in)e(the)i(initial)c(state.)43 b(Since)28 b(the)h(program)e
+(will)f(not)j(c)m(hange)g(the)g(v)-5 b(alue)28 b(of)g
+Fr(n)g Fu(the)283 5374 y(p)s(ostcondition)j Fr(y)h Fu(=)g
+Fr(n)p Fu(!)43 b(will)30 b(express)k(that)d(the)i(\014nal)e(v)-5
+b(alue)31 b(of)g Fr(y)h Fu(is)g(equal)g(to)f(the)h(factorial)283
+5494 y(of)h(the)g(initial)28 b(v)-5 b(alue)32 b(of)g
+Fr(x)p Fu(.)p eop
+%%Page: 177 187
+177 186 bop 0 130 a Fw(6.2)112 b(P)m(artial)36 b(correctness)h
+(assertions)1619 b(177)p 0 193 3473 4 v 0 515 a Fp(The)44
+b(assertion)j(language)0 704 y Fu(There)37 b(are)f(t)m(w)m(o)g(approac)
+m(hes)h(concerning)f(ho)m(w)g(to)g(sp)s(ecify)g(the)g(preconditions)f
+(and)h(p)s(ost-)0 824 y(conditions)c(of)g(the)h(assertions:)145
+1037 y Ft(\017)49 b Fu(the)33 b(in)m(tensional)e(approac)m(h,)i(v)m
+(ersus)145 1249 y Ft(\017)49 b Fu(the)33 b(extensional)f(approac)m(h.)0
+1461 y(In)f(the)g Fs(intensional)h(appr)-5 b(o)g(ach)37
+b Fu(the)32 b(idea)e(is)g(to)g(in)m(tro)s(duce)h(an)g(explicit)e
+(language)h(called)f(an)0 1582 y Fs(assertion)f(language)33
+b Fu(and)26 b(then)h(the)f(conditions)g(will)d(b)s(e)k(form)m(ulae)d
+(of)i(that)g(language.)40 b(This)0 1702 y(assertion)28
+b(language)f(is)g(in)g(general)h(m)m(uc)m(h)g(more)g(p)s(o)m(w)m(erful)
+g(than)g(the)g(b)s(o)s(olean)f(expressions,)0 1822 y
+Fw(Bexp)p Fu(,)46 b(in)m(tro)s(duced)d(in)f(Chapter)h(1.)74
+b(In)44 b(fact)e(the)i(assertion)e(language)g(has)h(to)g(b)s(e)g(v)m
+(ery)0 1943 y(p)s(o)m(w)m(erful)35 b(indeed)g(in)e(order)i(to)f(b)s(e)h
+(able)f(to)g(express)j(all)c(the)i(preconditions)f(and)h(p)s(ostcon-)0
+2063 y(ditions)g(w)m(e)i(ma)m(y)f(b)s(e)h(in)m(terested)g(in;)g(w)m(e)g
+(shall)e(return)i(to)f(this)g(in)f(the)i(next)g(section.)54
+b(The)0 2184 y(approac)m(h)36 b(w)m(e)g(shall)d(follo)m(w)h(is)g(the)i
+Fs(extensional)g(appr)-5 b(o)g(ach)41 b Fu(and)35 b(it)f(is)h(a)g(kind)
+g(of)g(shortcut.)0 2304 y(The)41 b(idea)e(is)g(that)h(the)g(conditions)
+f(are)g(predicates,)k(that)c(is)h(functions)f(in)g Fw(State)h
+Ft(!)f Fw(T)p Fu(.)0 2424 y(Th)m(us)31 b(the)e(meaning)f(of)g
+Ft(f)h Fs(P)39 b Ft(g)29 b Fs(S)41 b Ft(f)29 b Fs(Q)38
+b Ft(g)29 b Fu(ma)m(y)f(b)s(e)i(reform)m(ulated)d(as)j(sa)m(ying)f
+(that)g(if)e Fs(P)40 b Fu(holds)0 2545 y(on)31 b(a)g(state)g
+Fs(s)40 b Fu(and)31 b(if)f Fs(S)43 b Fu(executed)33 b(from)d(state)h
+Fs(s)39 b Fu(results)32 b(in)e(the)i(state)f Fs(s)2725
+2509 y Fi(0)2780 2545 y Fu(then)g Fs(Q)41 b Fu(holds)30
+b(on)0 2665 y Fs(s)48 2629 y Fi(0)71 2665 y Fu(.)48 b(W)-8
+b(e)34 b(can)h(write)e(an)m(y)i(predicates)f(w)m(e)h(lik)m(e)f(and)g
+(therefore)g(the)h(expressiv)m(eness)j(problem)0 2786
+y(men)m(tioned)32 b(ab)s(o)m(v)m(e)i(do)s(es)f(not)f(arise.)146
+2908 y(Eac)m(h)40 b(b)s(o)s(olean)d(expression)j Fs(b)45
+b Fu(de\014nes)40 b(a)e(predicate)h Ft(B)s Fu([)-17 b([)q
+Fs(b)6 b Fu(])-17 b(])q(.)61 b(W)-8 b(e)39 b(shall)f(feel)g(free)h(to)f
+(let)0 3028 y Fs(b)i Fu(include)34 b(logical)d(v)-5 b(ariables)32
+b(as)j(w)m(ell)e(as)h(program)f(v)-5 b(ariables)33 b(so)h(the)h
+(precondition)e Fr(x)g Fu(=)f Fr(n)0 3148 y Fu(used)44
+b(ab)s(o)m(v)m(e)g(is)e(an)h(example)g(of)f(a)h(b)s(o)s(olean)e
+(expression.)76 b(T)-8 b(o)43 b(ease)h(the)g(readabilit)m(y)-8
+b(,)43 b(w)m(e)0 3269 y(in)m(tro)s(duce)33 b(the)g(follo)m(wing)c
+(notation)294 3473 y Fs(P)370 3488 y Fn(1)442 3473 y
+Ft(^)k Fs(P)617 3488 y Fn(2)892 3473 y Fu(for)99 b Fs(P)43
+b Fu(where)34 b Fs(P)43 b(s)e Fu(=)32 b(\()p Fs(P)1911
+3488 y Fn(1)1983 3473 y Fs(s)8 b Fu(\))33 b(and)f(\()p
+Fs(P)2405 3488 y Fn(2)2478 3473 y Fs(s)8 b Fu(\))294
+3640 y Fs(P)370 3655 y Fn(1)442 3640 y Ft(_)33 b Fs(P)617
+3655 y Fn(2)892 3640 y Fu(for)99 b Fs(P)43 b Fu(where)34
+b Fs(P)43 b(s)e Fu(=)32 b(\()p Fs(P)1911 3655 y Fn(1)1983
+3640 y Fs(s)8 b Fu(\))33 b(or)f(\()p Fs(P)2335 3655 y
+Fn(2)2407 3640 y Fs(s)8 b Fu(\))294 3808 y Ft(:)p Fs(P)466
+b Fu(for)99 b Fs(P)1184 3772 y Fi(0)1241 3808 y Fu(where)33
+b Fs(P)1598 3772 y Fi(0)1655 3808 y Fs(s)40 b Fu(=)33
+b Ft(:)p Fu(\()p Fs(P)43 b(s)8 b Fu(\))294 3976 y Fs(P)i
+Fu([)p Fs(x)i Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17
+b(])q(])99 b(for)g Fs(P)1184 3940 y Fi(0)1241 3976 y
+Fu(where)33 b Fs(P)1598 3940 y Fi(0)1655 3976 y Fs(s)40
+b Fu(=)33 b Fs(P)42 b Fu(\()p Fs(s)8 b Fu([)p Fs(x)k
+Ft(7!A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8
+b Fu(]\))294 4143 y Fs(P)370 4158 y Fn(1)442 4143 y Ft(\))32
+b Fs(P)650 4158 y Fn(2)892 4143 y Fu(for)99 b Ft(8)q
+Fs(s)40 b Ft(2)33 b Fw(State)p Fu(:)44 b Fs(P)1745 4158
+y Fn(1)1817 4143 y Fs(s)d Fu(implies)30 b Fs(P)2305 4158
+y Fn(2)2377 4143 y Fs(s)0 4349 y Fu(When)49 b(it)e(is)g(con)m(v)m
+(enien)m(t,)54 b(but)48 b(not)g(when)h(de\014ning)f(formal)d(inference)
+k(rules,)j(w)m(e)d(shall)0 4469 y(allo)m(w)33 b(to)i(disp)s(ense)h
+(with)e Ft(B)t Fu([)-17 b([)p Ft(\001)17 b(\001)g(\001)o
+Fu(])-17 b(])35 b(and)g Ft(A)p Fu([)-17 b([)p Ft(\001)17
+b(\001)g(\001)n Fu(])-17 b(])36 b(inside)e(square)i(brac)m(k)m(ets)h
+(as)e(w)m(ell)f(as)h(within)0 4590 y(preconditions)d(and)h(p)s
+(ostconditions.)0 4832 y Fw(Exercise)j(6.7)49 b Fu(Sho)m(w)34
+b(that)145 5045 y Ft(\017)49 b(B)s Fu([)-17 b([)q Fs(b)6
+b Fu([)p Fs(x)12 b Ft(7!)o Fs(a)7 b Fu(]])-17 b(])34
+b(=)e Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q([)p
+Fs(x)12 b Ft(7!)o(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
+b(])q(])33 b(for)f(all)e Fs(b)39 b Fu(and)33 b Fs(a)7
+b Fu(,)145 5257 y Ft(\017)49 b(B)s Fu([)-17 b([)q Fs(b)401
+5272 y Fn(1)473 5257 y Ft(^)33 b Fs(b)623 5272 y Fn(2)662
+5257 y Fu(])-17 b(])33 b(=)g Ft(B)s Fu([)-17 b([)q Fs(b)998
+5272 y Fn(1)1037 5257 y Fu(])g(])33 b Ft(^)g(B)t Fu([)-17
+b([)p Fs(b)1363 5272 y Fn(2)1403 5257 y Fu(])g(])33 b(for)f(all)e
+Fs(b)1808 5272 y Fn(1)1880 5257 y Fu(and)j Fs(b)2121
+5272 y Fn(2)2160 5257 y Fu(,)g(and)145 5470 y Ft(\017)49
+b(B)s Fu([)-17 b([)q Ft(:)p Fs(b)6 b Fu(])-17 b(])33
+b(=)g Ft(:B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33
+b(for)f(all)f Fs(b)6 b Fu(.)2096 b Fh(2)p eop
+%%Page: 178 188
+178 187 bop 251 130 a Fw(178)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
+419 V 283 2136 4 1717 v 715 528 a Fu([ass)867 543 y Fn(p)912
+528 y Fu(])201 b Ft(f)32 b Fs(P)10 b Fu([)p Fs(x)i Ft(7!A)p
+Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(]])33 b Ft(g)f Fs(x)45
+b Fu(:=)32 b Fs(a)40 b Ft(f)32 b Fs(P)43 b Ft(g)715 696
+y Fu([skip)913 711 y Fn(p)957 696 y Fu(])156 b Ft(f)32
+b Fs(P)43 b Ft(g)33 b Fr(skip)g Ft(f)g Fs(P)42 b Ft(g)715
+988 y Fu([comp)970 1003 y Fn(p)1013 988 y Fu(])1150 901
+y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)1491 916 y Fn(1)1562
+901 y Ft(f)g Fs(Q)41 b Ft(g)p Fu(,)98 b Ft(f)32 b Fs(Q)42
+b Ft(g)32 b Fs(S)2284 916 y Fn(2)2356 901 y Ft(f)g Fs(R)37
+b Ft(g)p 1150 964 1479 4 v 1480 1069 a(f)c Fs(P)42 b
+Ft(g)33 b Fs(S)1821 1084 y Fn(1)1860 1069 y Fu(;)g Fs(S)1987
+1084 y Fn(2)2058 1069 y Ft(f)g Fs(R)j Ft(g)715 1327 y
+Fu([if)800 1342 y Fn(p)843 1327 y Fu(])1150 1240 y Ft(f)c(B)t
+Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])34 b Ft(^)e Fs(P)43
+b Ft(g)33 b Fs(S)1817 1255 y Fn(1)1888 1240 y Ft(f)g
+Fs(Q)41 b Ft(g)p Fu(,)98 b Ft(f)32 b(:)q(B)s Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)32
+b Fs(S)2995 1255 y Fn(2)3067 1240 y Ft(f)g Fs(Q)42 b
+Ft(g)p 1150 1303 2166 4 v 1486 1408 a(f)32 b Fs(P)43
+b Ft(g)33 b Fr(if)g Fs(b)38 b Fr(then)c Fs(S)2283 1423
+y Fn(1)2354 1408 y Fr(else)g Fs(S)2659 1423 y Fn(2)2731
+1408 y Ft(f)e Fs(Q)42 b Ft(g)715 1666 y Fu([while)965
+1681 y Fn(p)1008 1666 y Fu(])1437 1579 y Ft(f)32 b(B)t
+Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)43
+b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(P)43 b Ft(g)p 1150
+1642 1514 4 v 1150 1747 a(f)32 b Fs(P)43 b Ft(g)33 b
+Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)44 b Ft(f)33 b(:B)t
+Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)43
+b Ft(g)715 2005 y Fu([cons)926 2020 y Fn(p)971 2005 y
+Fu(])1183 1918 y Ft(f)32 b Fs(P)1341 1882 y Fi(0)1397
+1918 y Ft(g)g Fs(S)45 b Ft(f)32 b Fs(Q)1745 1882 y Fi(0)1801
+1918 y Ft(g)p 1150 1981 701 4 v 1190 2086 a(f)g Fs(P)43
+b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)1958 2005
+y Fu(if)32 b Fs(P)43 b Ft(\))32 b Fs(P)2365 1968 y Fi(0)2421
+2005 y Fu(and)h Fs(Q)2695 1968 y Fi(0)2751 2005 y Ft(\))f
+Fs(Q)p 3753 2136 4 1717 v 283 2139 3473 4 v 925 2300
+a Fu(T)-8 b(able)33 b(6.1:)43 b(Axiomatic)30 b(system)k(for)e(partial)e
+(correctness)283 2588 y Fp(The)45 b(inference)g(system)283
+2776 y Fu(The)32 b(partial)c(correctness)33 b(assertions)e(will)d(b)s
+(e)i(sp)s(eci\014ed)i(b)m(y)f(an)g(inference)g(system)g(consist-)283
+2897 y(ing)37 b(of)h(a)f(set)i(of)f(axioms)e(and)i(rules.)60
+b(The)39 b(form)m(ulae)d(of)h(the)i(inference)f(system)h(ha)m(v)m(e)g
+(the)283 3017 y(form)527 3229 y Ft(f)33 b Fs(P)43 b Ft(g)32
+b Fs(S)44 b Ft(f)33 b Fs(Q)41 b Ft(g)283 3440 y Fu(where)35
+b Fs(S)45 b Fu(is)33 b(a)g(statemen)m(t)h(in)e(the)i(language)e
+Fw(While)g Fu(and)h Fs(P)44 b Fu(and)33 b Fs(Q)42 b Fu(are)34
+b(predicates.)46 b(The)283 3561 y(axioms)35 b(and)h(rules)g(are)g
+(summarized)f(in)g(T)-8 b(able)36 b(6.1)g(and)g(will)d(b)s(e)k
+(explained)e(b)s(elo)m(w.)54 b(The)283 3681 y(inference)34
+b(system)f(sp)s(eci\014es)h(an)e Fs(axiomatic)i(semantics)40
+b Fu(for)32 b Fw(While)p Fu(.)430 3803 y(The)h(axiom)e(for)h(assignmen)
+m(t)h(statemen)m(ts)g(is)527 4015 y Ft(f)g Fs(P)10 b
+Fu([)p Fs(x)i Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17
+b(])q(])32 b Ft(g)g Fs(x)45 b Fu(:=)32 b Fs(a)40 b Ft(f)32
+b Fs(P)43 b Ft(g)283 4227 y Fu(This)34 b(axiom)e(assumes)j(that)f(the)g
+(execution)g(of)f Fs(x)46 b Fu(:=)33 b Fs(a)41 b Fu(starts)34
+b(in)f(a)h(state)g Fs(s)42 b Fu(that)33 b(satis\014es)283
+4347 y Fs(P)10 b Fu([)p Fs(x)i Ft(7!A)p Fu([)-17 b([)p
+Fs(a)7 b Fu(])-17 b(])q(],)26 b(that)d(is)g(in)f(a)h(state)h
+Fs(s)31 b Fu(where)25 b Fs(s)8 b Fu([)p Fs(x)k Ft(7!A)o
+Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])23
+b(satis\014es)h Fs(P)10 b Fu(.)24 b(The)g(axiom)e(expresses)283
+4467 y(that)29 b(if)f(the)h(execution)h(of)f Fs(x)40
+b Fu(:=)29 b Fs(a)36 b Fu(terminates)29 b(\(whic)m(h)g(will)e(alw)m(a)m
+(ys)i(b)s(e)h(the)f(case\))h(then)f(the)283 4588 y(\014nal)38
+b(state)h(will)c(satisfy)k Fs(P)10 b Fu(.)38 b(F)-8 b(rom)37
+b(the)i(earlier)d(de\014nitions)i(of)g(the)g(seman)m(tics)h(of)e
+Fw(While)283 4708 y Fu(w)m(e)30 b(kno)m(w)f(that)f(the)h(\014nal)e
+(state)i(will)d(b)s(e)j Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p
+Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])29
+b(so)f(it)f(is)h(easy)h(to)f(see)i(that)e(the)g(axiom)283
+4829 y(is)33 b(plausible.)430 4951 y(F)-8 b(or)32 b Fr(skip)h
+Fu(the)g(axiom)e(is)527 5162 y Ft(f)i Fs(P)43 b Ft(g)32
+b Fr(skip)h Ft(f)g Fs(P)43 b Ft(g)283 5374 y Fu(Th)m(us)i(if)d
+Fs(P)53 b Fu(holds)42 b(b)s(efore)h Fr(skip)h Fu(is)f(executed)i(then)e
+(it)f(also)g(holds)h(afterw)m(ards.)75 b(This)43 b(is)283
+5494 y(clearly)32 b(plausible)f(as)i Fr(skip)g Fu(do)s(es)g(nothing.)p
+eop
+%%Page: 179 189
+179 188 bop 0 130 a Fw(6.2)112 b(P)m(artial)36 b(correctness)h
+(assertions)1619 b(179)p 0 193 3473 4 v 146 515 a Fu(Axioms)28
+b([ass)647 530 y Fn(p)692 515 y Fu(])h(and)g([skip)1132
+530 y Fn(p)1175 515 y Fu(])g(are)g(really)f Fs(axiom)j(schemes)36
+b Fu(generating)28 b(separate)i(axioms)0 636 y(for)g(eac)m(h)g(c)m
+(hoice)h(of)e(predicate)i Fs(P)10 b Fu(.)30 b(The)h(meaning)e(of)g(the)
+i(remaining)d(constructs)j(are)f(giv)m(en)0 756 y(b)m(y)39
+b(rules)f(of)f(inference)i(rather)f(than)g(axiom)e(sc)m(hemes.)62
+b(Eac)m(h)38 b(suc)m(h)i(rule)d(sp)s(eci\014es)i(a)f(w)m(a)m(y)0
+877 y(of)i(deducing)g(an)g(assertion)h(ab)s(out)e(a)h(comp)s(ound)g
+(construct)i(from)c(assertions)j(ab)s(out)f(its)0 997
+y(constituen)m(ts.)45 b(F)-8 b(or)31 b(comp)s(osition)g(the)i(rule)f
+(is:)254 1175 y Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)594 1190
+y Fn(1)666 1175 y Ft(f)g Fs(Q)42 b Ft(g)p Fu(,)98 b Ft(f)32
+b Fs(Q)42 b Ft(g)32 b Fs(S)1388 1190 y Fn(2)1460 1175
+y Ft(f)g Fs(R)37 b Ft(g)p 254 1238 1479 4 v 584 1343
+a(f)32 b Fs(P)43 b Ft(g)32 b Fs(S)924 1358 y Fn(1)964
+1343 y Fu(;)g Fs(S)1090 1358 y Fn(2)1162 1343 y Ft(f)g
+Fs(R)37 b Ft(g)0 1520 y Fu(This)42 b(sa)m(ys)h(that)e(if)g
+Fs(P)52 b Fu(holds)41 b(prior)f(to)i(the)g(execution)g(of)f
+Fs(S)2334 1535 y Fn(1)2373 1520 y Fu(;)47 b Fs(S)2514
+1535 y Fn(2)2594 1520 y Fu(and)42 b(if)f(the)h(execution)0
+1641 y(terminates)i(then)g(w)m(e)i(can)e(conclude)h(that)f
+Fs(R)k Fu(holds)c(in)g(the)h(\014nal)e(state)i(pro)m(vided)g(that)0
+1761 y(there)33 b(is)f(a)h(predicate)f Fs(Q)42 b Fu(for)32
+b(whic)m(h)h(w)m(e)h(can)f(deduce)h(that)145 1957 y Ft(\017)49
+b Fu(if)28 b Fs(S)397 1972 y Fn(1)466 1957 y Fu(is)h(executed)j(from)c
+(a)h(state)h(where)h Fs(P)40 b Fu(holds)29 b(and)h(if)e(it)h
+(terminates)g(then)h Fs(Q)39 b Fu(will)244 2077 y(hold)32
+b(for)g(the)h(\014nal)e(state,)j(and)e(that)145 2278
+y Ft(\017)49 b Fu(if)28 b Fs(S)397 2293 y Fn(2)466 2278
+y Fu(is)h(executed)j(from)d(a)g(state)h(where)h Fs(Q)39
+b Fu(holds)29 b(and)h(if)e(it)h(terminates)g(then)h Fs(R)k
+Fu(will)244 2398 y(hold)e(for)g(the)h(\014nal)e(state.)0
+2594 y(The)j(rule)e(for)g(the)h(conditional)d(is)254
+2752 y Ft(f)i(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33
+b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)920 2767 y Fn(1)992
+2752 y Ft(f)h Fs(Q)41 b Ft(g)p Fu(,)98 b Ft(f)32 b(:B)t
+Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)43
+b Ft(g)33 b Fs(S)2099 2767 y Fn(2)2170 2752 y Ft(f)g
+Fs(Q)41 b Ft(g)p 254 2815 2166 4 v 590 2920 a(f)32 b
+Fs(P)43 b Ft(g)32 b Fr(if)h Fs(b)39 b Fr(then)33 b Fs(S)1386
+2935 y Fn(1)1458 2920 y Fr(else)h Fs(S)1763 2935 y Fn(2)1835
+2920 y Ft(f)e Fs(Q)42 b Ft(g)0 3098 y Fu(The)30 b(rule)e(sa)m(ys)i
+(that)f(if)f Fr(if)h Fs(b)34 b Fr(then)c Fs(S)1396 3113
+y Fn(1)1464 3098 y Fr(else)g Fs(S)1765 3113 y Fn(2)1833
+3098 y Fu(is)e(executed)j(from)d(a)g(state)i(where)g
+Fs(P)39 b Fu(holds)0 3218 y(and)44 b(if)e(it)h(terminates,)j(then)f
+Fs(Q)52 b Fu(will)42 b(hold)h(for)g(the)h(\014nal)f(state)i(pro)m
+(vided)f(that)f(w)m(e)i(can)0 3339 y(deduce)34 b(that)145
+3534 y Ft(\017)49 b Fu(if)32 b Fs(S)401 3549 y Fn(1)474
+3534 y Fu(is)i(executed)h(from)e(a)g(state)h(where)h
+Fs(P)44 b Fu(and)34 b Fs(b)40 b Fu(hold)33 b(and)h(if)e(it)h
+(terminates)g(then)244 3655 y Fs(Q)42 b Fu(holds)32 b(on)g(the)h
+(\014nal)f(state,)h(and)g(that)145 3856 y Ft(\017)49
+b Fu(if)28 b Fs(S)397 3871 y Fn(2)466 3856 y Fu(is)h(executed)j(from)c
+(a)h(state)h(where)h Fs(P)40 b Fu(and)30 b Ft(:)p Fs(b)36
+b Fu(hold)28 b(and)i(if)e(it)h(terminates)g(then)244
+3976 y Fs(Q)42 b Fu(holds)32 b(on)g(the)h(\014nal)f(state.)0
+4172 y(The)i(rule)e(for)g(the)h(iterativ)m(e)e(statemen)m(t)j(is)557
+4330 y Ft(f)e(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33
+b Ft(^)g Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(P)43
+b Ft(g)p 254 4393 1514 4 v 254 4498 a(f)32 b Fs(P)43
+b Ft(g)32 b Fr(while)i Fs(b)39 b Fr(do)33 b Fs(S)44 b
+Ft(f)32 b(:)q(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33
+b Ft(^)g Fs(P)43 b Ft(g)0 4676 y Fu(The)36 b(predicate)g
+Fs(P)46 b Fu(is)35 b(called)f(an)h Fs(invariant)44 b
+Fu(for)35 b(the)h Fr(while)p Fu(-lo)s(op)f(and)h(the)f(idea)g(is)g
+(that)g(it)0 4796 y(will)29 b(hold)h Fs(b)-5 b(efor)g(e)37
+b Fu(and)31 b Fs(after)42 b Fu(eac)m(h)31 b(execution)h(of)e(the)h(b)s
+(o)s(dy)g Fs(S)43 b Fu(of)30 b(the)h(lo)s(op.)42 b(The)32
+b(rule)e(sa)m(ys)0 4916 y(that)f(if)f(additionally)e
+Fs(b)35 b Fu(is)28 b(true)i(b)s(efore)f(eac)m(h)h(execution)g(of)e(the)
+i(b)s(o)s(dy)f(of)f(the)i(lo)s(op)d(then)j Ft(:)q Fs(b)0
+5037 y Fu(will)g(b)s(e)j(true)g(when)h(the)f(execution)g(of)f(the)h
+Fr(while)p Fu(-lo)s(op)f(has)h(terminated.)146 5157 y(T)-8
+b(o)33 b(complete)f(the)h(inference)g(system)h(w)m(e)f(need)h(one)f
+(more)e(rule)i(of)f(inference)286 5335 y Ft(f)h Fs(P)445
+5299 y Fi(0)501 5335 y Ft(g)f Fs(S)45 b Ft(f)32 b Fs(Q)849
+5299 y Fi(0)905 5335 y Ft(g)p 254 5398 701 4 v 293 5503
+a(f)h Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b Fs(Q)41
+b Ft(g)1062 5421 y Fu(if)32 b Fs(P)42 b Ft(\))33 b Fs(P)1469
+5385 y Fi(0)1525 5421 y Fu(and)f Fs(Q)1798 5385 y Fi(0)1854
+5421 y Ft(\))h Fs(Q)p eop
+%%Page: 180 190
+180 189 bop 251 130 a Fw(180)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
+515 a Fu(This)38 b(rule)e(sa)m(ys)i(that)f(w)m(e)h(can)f(strengthen)h
+(the)g(precondition)d Fs(P)2771 479 y Fi(0)2832 515 y
+Fu(and)i(w)m(eak)m(en)i(the)e(p)s(ost-)283 636 y(condition)32
+b Fs(Q)796 600 y Fi(0)819 636 y Fu(.)43 b(This)33 b(rule)f(is)g(often)h
+(called)e(the)i Fs(rule)i(of)g(c)-5 b(onse)g(quenc)g(e)p
+Fu(.)430 756 y(Note)25 b(that)f(T)-8 b(able)24 b(6.1)g(sp)s(eci\014es)i
+(a)e(set)i(of)e(axioms)f(and)i(rules)g(just)g(as)f(the)i(tables)e
+(de\014ning)283 877 y(the)k(op)s(erational)c(seman)m(tics)j(in)f
+(Chapter)i(2.)41 b(The)28 b(analogue)e(of)g(a)h(deriv)-5
+b(ation)25 b(tree)j(will)c(no)m(w)283 997 y(b)s(e)i(called)e(an)h
+Fs(infer)-5 b(enc)g(e)27 b(tr)-5 b(e)g(e)33 b Fu(since)25
+b(it)f(sho)m(ws)j(ho)m(w)f(to)f(infer)f(that)h(a)g(certain)g(prop)s
+(ert)m(y)h(holds.)283 1117 y(Th)m(us)39 b(the)f(lea)m(v)m(es)g(of)f(an)
+h(inference)f(tree)h(will)d(b)s(e)j(instances)g(of)f(axioms)f(and)h
+(the)h(in)m(ternal)283 1238 y(no)s(des)h(will)d(corresp)s(ond)j(to)e
+(instances)i(of)f(rules.)60 b(W)-8 b(e)38 b(shall)f(sa)m(y)h(that)g
+(the)h(inference)f(tree)283 1358 y(giv)m(es)33 b(a)g
+Fs(pr)-5 b(o)g(of)53 b Fu(of)32 b(the)h(prop)s(ert)m(y)g(expressed)j(b)
+m(y)d(its)f(ro)s(ot.)43 b(W)-8 b(e)33 b(shall)e(write)527
+1560 y Ft(`)588 1575 y Fn(p)664 1560 y Ft(f)h Fs(P)43
+b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)283 1762
+y Fu(for)g(the)h(pro)m(v)-5 b(abilit)m(y)40 b(of)i(the)g(assertion)h
+Ft(f)f Fs(P)52 b Ft(g)42 b Fs(S)54 b Ft(f)42 b Fs(Q)51
+b Ft(g)p Fu(.)72 b(An)43 b(inference)g(tree)f(is)g(called)283
+1882 y Fs(simple)35 b Fu(if)27 b(it)h(is)f(an)i(instance)f(of)g(one)h
+(of)e(the)i(axioms)e(and)i(otherwise)g(it)e(is)h(called)f
+Fs(c)-5 b(omp)g(osite)p Fu(.)283 2109 y Fw(Example)37
+b(6.8)49 b Fu(Consider)29 b(the)f(statemen)m(t)h Fr(while)h(true)f(do)f
+(skip)p Fu(.)44 b(F)-8 b(rom)26 b([skip)3325 2124 y Fn(p)3369
+2109 y Fu(])i(w)m(e)i(ha)m(v)m(e)283 2229 y(\(omitting)g(the)j
+Ft(B)s Fu([)-17 b([)q Ft(\001)17 b(\001)g(\001)n Fu(])-17
+b(])q(\))527 2431 y Ft(`)588 2446 y Fn(p)664 2431 y Ft(f)32
+b Fr(true)i Ft(g)e Fr(skip)i Ft(f)e Fr(true)i Ft(g)283
+2633 y Fu(Since)c(\()p Fr(true)g Ft(^)f Fr(true)p Fu(\))h
+Ft(\))f Fr(true)h Fu(w)m(e)g(can)g(apply)e(the)i(rule)e(of)h
+(consequence)j([cons)3339 2648 y Fn(p)3383 2633 y Fu(])e(and)f(get)527
+2835 y Ft(`)588 2850 y Fn(p)664 2835 y Ft(f)j Fr(true)i
+Ft(^)f Fr(true)h Ft(g)e Fr(skip)h Ft(f)g Fr(true)g Ft(g)283
+3037 y Fu(Hence)h(b)m(y)g(the)f(rule)f([while)1322 3052
+y Fn(p)1365 3037 y Fu(])g(w)m(e)i(get)527 3240 y Ft(`)588
+3255 y Fn(p)664 3240 y Ft(f)e Fr(true)i Ft(g)e Fr(while)i(true)g(do)f
+(skip)g Ft(f)g(:)p Fr(true)h Ft(^)f Fr(true)g Ft(g)283
+3442 y Fu(W)-8 b(e)33 b(ha)m(v)m(e)h(that)f Ft(:)p Fr(true)h
+Ft(^)f Fr(true)g Ft(\))f Fr(true)i Fu(so)f(b)m(y)g(applying)f([cons)
+2763 3457 y Fn(p)2807 3442 y Fu(])g(once)i(more)d(w)m(e)j(get)527
+3644 y Ft(`)588 3659 y Fn(p)664 3644 y Ft(f)e Fr(true)i
+Ft(g)e Fr(while)i(true)g(do)f(skip)g Ft(f)g Fr(true)g
+Ft(g)283 3846 y Fu(The)h(inference)f(ab)s(o)m(v)m(e)h(can)e(b)s(e)h
+(summarized)f(b)m(y)h(the)g(follo)m(wing)d(inference)j(tree:)1109
+4039 y Ft(f)g Fr(true)g Ft(g)g Fr(skip)g Ft(f)g Fr(true)g
+Ft(g)p 527 4126 2174 4 v 941 4331 a(f)f Fr(true)i Ft(^)f
+Fr(true)h Ft(g)e Fr(skip)h Ft(f)g Fr(true)g Ft(g)p 527
+4417 V 577 4622 a(f)f Fr(true)i Ft(g)e Fr(while)i(true)g(do)f(skip)g
+Ft(f)g(:)p Fr(true)h Ft(^)f Fr(true)g Ft(g)p 527 4709
+V 779 4913 a(f)f Fr(true)i Ft(g)e Fr(while)i(true)f(do)g(skip)h
+Ft(f)e Fr(true)i Ft(g)283 5114 y Fu(It)44 b(is)e(no)m(w)i(easy)g(to)e
+(see)j(that)d(w)m(e)i(cannot)g(claim)c(that)j Ft(f)g
+Fs(P)53 b Ft(g)43 b Fs(S)55 b Ft(f)42 b Fs(Q)52 b Ft(g)43
+b Fu(means)g(that)g Fs(S)283 5234 y Fu(will)38 b(terminate)g(in)h(a)g
+(state)h(satisfying)f Fs(Q)48 b Fu(when)41 b(it)e(is)g(started)h(in)f
+(a)g(state)h(satisfying)e Fs(P)10 b Fu(.)283 5355 y(F)-8
+b(or)28 b(the)g(assertion)h Ft(f)j Fr(true)i Ft(g)e Fr(while)i(true)f
+(do)g(skip)h Ft(f)e Fr(true)i Ft(g)28 b Fu(this)g(reading)f(w)m(ould)h
+(mean)283 5475 y(that)33 b(the)g(program)e(w)m(ould)i(alw)m(a)m(ys)g
+(terminate)e(and)i(clearly)e(this)i(is)f(not)g(the)h(case.)256
+b Fh(2)p eop
+%%Page: 181 191
+181 190 bop 0 130 a Fw(6.2)112 b(P)m(artial)36 b(correctness)h
+(assertions)1619 b(181)p 0 193 3473 4 v 0 515 a(Example)37
+b(6.9)48 b Fu(T)-8 b(o)32 b(illustrate)e(the)i(use)h(of)e(the)i
+(axiomatic)c(seman)m(tics)j(for)f(v)m(eri\014cation)g(w)m(e)0
+636 y(shall)g(pro)m(v)m(e)j(the)f(assertion)244 850 y
+Ft(f)f Fr(x)h Fu(=)f Fr(n)h Ft(g)244 1017 y Fr(y)g Fu(:=)f
+Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p
+Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p
+Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g Fr(x)p Ft(\000)p
+Fr(1)p Fu(\))244 1185 y Ft(f)f Fr(y)h Fu(=)f Fr(n)p Fu(!)44
+b Ft(^)33 b Fr(n)g Fo(>)f Fr(0)h Ft(g)0 1399 y Fu(where,)h(for)e(the)h
+(sak)m(e)h(of)e(readabilit)m(y)-8 b(,)31 b(w)m(e)i(write)g
+Fr(y)f Fu(=)h Fr(n)p Fu(!)43 b Ft(^)33 b Fr(n)g Fo(>)g
+Fr(0)f Fu(for)g(the)h(predicate)244 1613 y Fs(P)43 b
+Fu(where)34 b Fs(P)42 b(s)f Fu(=)32 b(\()p Fs(s)41 b
+Fr(y)33 b Fu(=)f(\()p Fs(s)41 b Fr(n)p Fu(\)!)i Ft(^)33
+b Fs(s)41 b Fr(n)33 b Fo(>)f Fw(0)p Fu(\))0 1827 y(The)f(inference)g
+(of)f(this)g(assertion)g(pro)s(ceeds)h(in)f(a)g(n)m(um)m(b)s(er)h(of)e
+(stages.)44 b(First)29 b(w)m(e)i(de\014ne)h(the)0 1948
+y(predicate)h Fs(INV)51 b Fu(that)32 b(is)g(going)f(to)i(b)s(e)f(the)h
+(in)m(v)-5 b(arian)m(t)32 b(of)g(the)h Fr(while)p Fu(-lo)s(op:)244
+2162 y Fs(INV)51 b(s)41 b Fu(=)32 b(\()p Fs(s)41 b Fr(x)32
+b Fo(>)h Fw(0)f Fu(implies)e(\(\()p Fs(s)41 b Fr(y)p
+Fu(\))33 b Fo(?)f Fu(\()p Fs(s)40 b Fr(x)p Fu(\)!)k(=)32
+b(\()p Fs(s)41 b Fr(n)p Fu(\)!)j(and)32 b Fs(s)41 b Fr(n)33
+b Ft(\025)g Fs(s)40 b Fr(x)p Fu(\)\))0 2376 y(W)-8 b(e)33
+b(shall)e(then)i(consider)g(the)g(b)s(o)s(dy)g(of)f(the)h(lo)s(op.)42
+b(Using)32 b([ass)2370 2391 y Fn(p)2414 2376 y Fu(])h(w)m(e)h(get)244
+2590 y Ft(`)305 2605 y Fn(p)381 2590 y Ft(f)e Fs(INV)19
+b Fu([)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(])33
+b Ft(g)g Fr(x)f Fu(:=)h Fr(x)p Ft(\000)p Fr(1)g Ft(f)g
+Fs(INV)51 b Ft(g)0 2804 y Fu(Similarly)-8 b(,)29 b(w)m(e)k(get)244
+3018 y Ft(`)305 3033 y Fn(p)381 3018 y Ft(f)f Fu(\()p
+Fs(INV)19 b Fu([)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p
+Fu(]\)[)p Fr(y)p Ft(7!)q Fr(y)p Fo(?)p Fr(x)p Fu(])32
+b Ft(g)h Fr(y)g Fu(:=)f Fr(y)h Fo(?)f Fr(x)h Ft(f)f Fs(INV)19
+b Fu([)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(])34
+b Ft(g)0 3232 y Fu(W)-8 b(e)33 b(can)g(no)m(w)g(apply)f(the)h(rule)f
+([comp)1436 3247 y Fn(p)1479 3232 y Fu(])h(to)f(the)h(t)m(w)m(o)h
+(assertions)f(ab)s(o)m(v)m(e)g(and)g(get)244 3446 y Ft(`)305
+3461 y Fn(p)381 3446 y Ft(f)f Fu(\()p Fs(INV)19 b Fu([)p
+Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p
+Ft(7!)q Fr(y)p Fo(?)p Fr(x)p Fu(])32 b Ft(g)h Fr(y)g
+Fu(:=)f Fr(y)h Fo(?)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p
+Ft(\000)p Fr(1)i Ft(f)e Fs(INV)51 b Ft(g)0 3661 y Fu(It)33
+b(is)f(easy)h(to)g(v)m(erify)g(that)244 3875 y(\()p Ft(:)p
+Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Ft(^)g Fs(INV)19
+b Fu(\))32 b Ft(\))g Fu(\()p Fs(INV)19 b Fu([)p Fr(x)p
+Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p Ft(7!)q
+Fr(y)p Fo(?)p Fr(x)p Fu(])0 4089 y(so)33 b(using)f(the)h(rule)f([cons)
+949 4104 y Fn(p)993 4089 y Fu(])h(w)m(e)h(get)244 4303
+y Ft(`)305 4318 y Fn(p)381 4303 y Ft(f)e(:)p Fu(\()p
+Fr(x)h Fu(=)f Fr(1)p Fu(\))h Ft(^)g Fs(INV)51 b Ft(g)33
+b Fr(y)f Fu(:=)h Fr(y)g Fo(?)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
+Fr(x)p Ft(\000)p Fr(1)i Ft(f)e Fs(INV)51 b Ft(g)0 4517
+y Fu(W)-8 b(e)33 b(are)g(no)m(w)g(in)f(a)g(p)s(osition)f(to)h(use)h
+(the)g(rule)g([while)2002 4532 y Fn(p)2044 4517 y Fu(])g(and)f(get)244
+4731 y Ft(`)305 4746 y Fn(p)381 4731 y Ft(f)g Fs(INV)51
+b Ft(g)381 4899 y Fr(while)33 b Ft(:)q Fu(\()p Fr(x)p
+Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p Fr(y)f Fu(:=)h
+Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
+Fr(1)p Fu(\))381 5066 y Ft(f:)p Fu(\()p Ft(:)p Fu(\()p
+Fr(x)h Fu(=)f Fr(1)p Fu(\)\))h Ft(^)g Fs(INV)51 b Ft(g)0
+5280 y Fu(Clearly)32 b(w)m(e)h(ha)m(v)m(e)244 5494 y
+Ft(:)p Fu(\()p Ft(:)q Fu(\()p Fr(x)f Fu(=)h Fr(1)p Fu(\)\))f
+Ft(^)h Fs(INV)51 b Ft(\))33 b Fr(y)f Fu(=)h Fr(n)p Fu(!)44
+b Ft(^)32 b Fr(n)h Fo(>)g Fr(0)p eop
+%%Page: 182 192
+182 191 bop 251 130 a Fw(182)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
+515 a Fu(so)33 b(applying)f(rule)g([cons)1208 530 y Fn(p)1252
+515 y Fu(])h(w)m(e)g(get)552 683 y Ft(`)613 698 y Fn(p)689
+683 y Ft(f)f Fs(INV)51 b Ft(g)33 b Fr(while)h Ft(:)p
+Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
+Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
+Fr(x)p Ft(\000)p Fr(1)p Fu(\))i Ft(f)e Fr(y)h Fu(=)f
+Fr(n)p Fu(!)44 b Ft(^)33 b Fr(n)g Fo(>)f Fr(0)h Ft(g)283
+851 y Fu(W)-8 b(e)33 b(shall)f(no)m(w)h(apply)f(the)h(axiom)e([ass)1761
+866 y Fn(p)1805 851 y Fu(])i(to)f(the)h(statemen)m(t)g
+Fr(y)g Fu(:=)f Fr(1)h Fu(and)g(get)527 1054 y Ft(`)588
+1069 y Fn(p)664 1054 y Ft(f)f Fs(INV)19 b Fu([)p Fr(y)p
+Ft(7!)p Fr(1)p Fu(])33 b Ft(g)f Fr(y)h Fu(:=)g Fr(1)f
+Ft(f)h Fs(INV)51 b Ft(g)283 1258 y Fu(Using)33 b(that)527
+1462 y Fr(x)g Fu(=)g Fr(n)f Ft(\))g Fs(INV)19 b Fu([)p
+Fr(y)p Ft(7!)p Fr(1)p Fu(])283 1666 y(together)33 b(with)f([cons)1101
+1681 y Fn(p)1146 1666 y Fu(])g(w)m(e)i(get)527 1870 y
+Ft(`)588 1885 y Fn(p)664 1870 y Ft(f)e Fr(x)h Fu(=)g
+Fr(n)f Ft(g)h Fr(y)f Fu(:=)h Fr(1)g Ft(f)f Fs(INV)51
+b Ft(g)283 2074 y Fu(Finally)-8 b(,)30 b(w)m(e)k(can)f(use)g(the)g
+(rule)f([comp)1743 2089 y Fn(p)1787 2074 y Fu(])g(and)h(get)527
+2278 y Ft(`)588 2293 y Fn(p)664 2278 y Ft(f)f Fr(x)h
+Fu(=)g Fr(n)f Ft(g)664 2445 y Fr(y)h Fu(:=)f Fr(1)p Fu(;)h
+Fr(while)h Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))e
+Fr(do)h Fu(\()p Fr(y)g Fu(:=)g Fr(y)p Fo(?)p Fr(x)p Fu(;)f
+Fr(x)h Fu(:=)g Fr(x)p Ft(\000)p Fr(1)p Fu(\))664 2613
+y Ft(f)f Fr(y)h Fu(=)g Fr(n)p Fu(!)43 b Ft(^)33 b Fr(n)g
+Fo(>)f Fr(0)h Ft(g)283 2817 y Fu(as)g(required.)2902
+b Fh(2)283 3046 y Fw(Exercise)37 b(6.10)49 b Fu(Sp)s(ecify)42
+b(a)f(form)m(ula)f(expressing)k(the)e(partial)e(correctness)k(prop)s
+(ert)m(y)e(of)283 3166 y(the)g(program)f(of)g(Exercise)h(6.1.)70
+b(Construct)43 b(an)e(inference)h(tree)g(giving)e(a)i(pro)s(of)e(of)h
+(this)283 3287 y(prop)s(ert)m(y)34 b(using)e(the)h(inference)g(system)h
+(of)e(T)-8 b(able)32 b(6.1.)1312 b Fh(2)283 3516 y Fw(Exercise)37
+b(6.11)49 b Fu(Suggest)e(an)f(inference)h(rule)f(for)g
+Fr(repeat)i Fs(S)58 b Fr(until)48 b Fs(b)6 b Fu(.)85
+b(Y)-8 b(ou)47 b(are)f(not)283 3636 y(allo)m(w)m(ed)32
+b(to)h(rely)f(on)g(the)h(existence)i(of)d(a)g Fr(while)p
+Fu(-construct)i(in)e(the)h(language.)427 b Fh(2)283 3865
+y Fw(Exercise)37 b(6.12)49 b Fu(Suggest)31 b(an)f(inference)g(rule)g
+(for)g Fr(for)h Fs(x)42 b Fu(:=)30 b Fs(a)2671 3880 y
+Fn(1)2741 3865 y Fr(to)g Fs(a)2930 3880 y Fn(2)3000 3865
+y Fr(do)h Fs(S)12 b Fu(.)30 b(Y)-8 b(ou)30 b(are)g(not)283
+3985 y(allo)m(w)m(ed)i(to)h(rely)f(on)g(the)h(existence)i(of)d(a)g
+Fr(while)p Fu(-construct)i(in)e(the)h(language.)427 b
+Fh(2)283 4275 y Fp(Prop)t(erties)46 b(of)f(the)h(seman)l(tics)283
+4460 y Fu(In)27 b(the)f(op)s(erational)d(and)j(denotational)e(seman)m
+(tics)i(w)m(e)h(de\014ned)g(a)e(notion)g(of)g(t)m(w)m(o)i(programs)283
+4580 y(b)s(eing)39 b(seman)m(tically)e(equiv)-5 b(alen)m(t.)63
+b(W)-8 b(e)39 b(can)h(de\014ne)g(a)f(similar)c(notion)j(for)h(the)g
+(axiomatic)283 4700 y(seman)m(tics:)74 b(Tw)m(o)48 b(programs)f
+Fs(S)1539 4715 y Fn(1)1625 4700 y Fu(and)h Fs(S)1897
+4715 y Fn(2)1984 4700 y Fu(are)f Fs(pr)-5 b(ovably)48
+b(e)-5 b(quivalent)56 b Fu(according)47 b(to)g(the)283
+4821 y(axiomatic)35 b(seman)m(tics)h(of)g(T)-8 b(able)37
+b(6.1)f(if)f(for)h(all)f(preconditions)h Fs(P)47 b Fu(and)36
+b(p)s(ostconditions)g Fs(Q)283 4941 y Fu(w)m(e)e(ha)m(v)m(e)527
+5145 y Ft(`)588 5160 y Fn(p)664 5145 y Ft(f)e Fs(P)43
+b Ft(g)33 b Fs(S)1005 5160 y Fn(1)1076 5145 y Ft(f)g
+Fs(Q)41 b Ft(g)98 b Fu(if)31 b(and)i(only)f(if)96 b Ft(`)2131
+5160 y Fn(p)2207 5145 y Ft(f)32 b Fs(P)43 b Ft(g)33 b
+Fs(S)2548 5160 y Fn(2)2619 5145 y Ft(f)g Fs(Q)41 b Ft(g)283
+5374 y Fw(Exercise)c(6.13)49 b Fu(Sho)m(w)32 b(that)e(the)i(follo)m
+(wing)c(statemen)m(ts)k(of)e Fw(While)f Fu(are)i(pro)m(v)-5
+b(ably)31 b(equiv-)283 5494 y(alen)m(t)i(in)e(the)i(ab)s(o)m(v)m(e)h
+(sense:)p eop
+%%Page: 183 193
+183 192 bop 0 130 a Fw(6.3)112 b(Soundness)40 b(and)e(completeness)1647
+b(183)p 0 193 3473 4 v 145 515 a Ft(\017)49 b Fs(S)12
+b Fu(;)32 b Fr(skip)i Fu(and)f Fs(S)145 718 y Ft(\017)49
+b Fs(S)311 733 y Fn(1)350 718 y Fu(;)33 b(\()p Fs(S)515
+733 y Fn(2)554 718 y Fu(;)g Fs(S)681 733 y Fn(3)720 718
+y Fu(\))f(and)h(\()p Fs(S)1085 733 y Fn(1)1124 718 y
+Fu(;)g Fs(S)1251 733 y Fn(2)1290 718 y Fu(\);)g Fs(S)1455
+733 y Fn(3)3398 718 y Fh(2)146 944 y Fu(Pro)s(ofs)c(of)f(prop)s(erties)
+h(of)f(the)h(axiomatic)d(seman)m(tics)j(will)d(often)j(pro)s(ceed)g(b)m
+(y)h Fs(induction)0 1064 y(on)k(the)h(shap)-5 b(e)34
+b(of)h(the)g(infer)-5 b(enc)g(e)34 b(tr)-5 b(e)g(e)p
+Fu(:)p 0 1213 3470 4 v 0 1230 V -2 1438 4 208 v 15 1438
+V 716 1359 a Fw(Induction)32 b(on)h(the)f(Shap)s(e)i(of)f(Inference)g
+(T)-9 b(rees)p 3452 1438 V 3469 1438 V 0 1441 3470 4
+v -2 1810 4 370 v 15 1810 V 66 1606 a Fu(1:)143 b(Pro)m(v)m(e)29
+b(that)e(the)h(prop)s(ert)m(y)g(holds)f(for)f(all)f(the)j(simple)e
+(inference)i(trees)g(b)m(y)g(sho)m(wing)285 1727 y(that)33
+b(it)e(holds)h(for)g(the)h Fs(axioms)40 b Fu(of)32 b(the)h(inference)g
+(system.)p 3452 1810 V 3469 1810 V -2 2339 4 529 v 15
+2339 V 66 1894 a(2:)143 b(Pro)m(v)m(e)36 b(that)f(the)g(prop)s(ert)m(y)
+g(holds)g(for)f(all)e(comp)s(osite)i(inference)h(trees:)49
+b(F)-8 b(or)33 b(eac)m(h)285 2015 y Fs(rule)51 b Fu(assume)43
+b(that)g(the)h(prop)s(ert)m(y)f(holds)g(for)f(its)h(premises)g(\(this)g
+(is)f(called)g(the)285 2135 y Fs(induction)33 b(hyp)-5
+b(othesis)p Fu(\))30 b(and)h(that)g(the)g(conditions)f(of)g(the)i(rule)
+e(are)h(satis\014ed)g(and)285 2255 y(then)i(pro)m(v)m(e)h(that)f(it)e
+(also)h(holds)g(for)g(the)h(conclusion)f(of)g(the)h(rule.)p
+3452 2339 V 3469 2339 V 0 2342 3470 4 v 0 2359 V 0 2547
+a Fw(Exercise)j(6.14)49 b Fu(**)26 b(Using)g(the)h(inference)f(rule)g
+(for)g Fr(repeat)i Fs(S)38 b Fr(until)27 b Fs(b)32 b
+Fu(giv)m(en)27 b(in)e(Exercise)0 2667 y(6.11)f(sho)m(w)j(that)d
+Fr(repeat)j Fs(S)37 b Fr(until)26 b Fs(b)31 b Fu(is)24
+b(pro)m(v)-5 b(ably)25 b(equiv)-5 b(alen)m(t)25 b(to)g
+Fs(S)12 b Fu(;)25 b Fr(while)h Ft(:)p Fs(b)31 b Fr(do)26
+b Fs(S)12 b Fu(.)25 b(Hin)m(t:)0 2788 y(it)34 b(is)h(not)h(to)s(o)e
+(hard)i(to)f(sho)m(w)h(that)g(what)f(is)g(pro)m(v)-5
+b(able)35 b(ab)s(out)g Fr(repeat)i Fs(S)47 b Fr(until)37
+b Fs(b)k Fu(is)35 b(also)0 2908 y(pro)m(v)-5 b(able)32
+b(ab)s(out)g Fs(S)12 b Fu(;)33 b Fr(while)h Ft(:)p Fs(b)k
+Fr(do)c Fs(S)12 b Fu(.)1934 b Fh(2)0 3134 y Fw(Exercise)36
+b(6.15)49 b Fu(Sho)m(w)28 b(that)e Ft(`)1209 3149 y Fn(p)1279
+3134 y Ft(f)g Fs(P)37 b Ft(g)26 b Fs(S)38 b Ft(f)27 b
+Fr(true)g Ft(g)g Fu(for)f(all)e(statemen)m(ts)k Fs(S)38
+b Fu(and)26 b(prop)s(erties)0 3254 y Fs(P)10 b Fu(.)3295
+b Fh(2)0 3586 y Fj(6.3)161 b(Soundness)50 b(and)k(completeness)0
+3806 y Fu(W)-8 b(e)37 b(shall)d(no)m(w)j(address)h(the)f(relationship)d
+(b)s(et)m(w)m(een)k(the)f(inference)g(system)g(of)f(T)-8
+b(able)36 b(6.1)0 3926 y(and)28 b(the)g(op)s(erational)d(and)j
+(denotational)e(seman)m(tics)i(of)f(the)h(previous)g(c)m(hapters.)44
+b(W)-8 b(e)28 b(shall)0 4046 y(pro)m(v)m(e)34 b(that)145
+4248 y Ft(\017)49 b Fu(the)40 b(inference)h(system)f(is)g
+Fs(sound)p Fu(:)57 b(if)39 b(some)h(partial)d(correctness)42
+b(prop)s(ert)m(y)f(can)f(b)s(e)244 4368 y(pro)m(v)m(ed)34
+b(using)e(the)g(inference)h(system)g(then)g(it)f(do)s(es)g(indeed)h
+(hold)e(according)h(to)g(the)244 4488 y(seman)m(tics,)h(and)145
+4691 y Ft(\017)49 b Fu(the)38 b(inference)h(system)g(is)e
+Fs(c)-5 b(omplete)p Fu(:)54 b(if)37 b(some)g(partial)f(correctness)k
+(prop)s(ert)m(y)f(do)s(es)244 4812 y(hold)27 b(according)h(to)g(the)g
+(seman)m(tics)h(then)f(w)m(e)i(can)e(also)f(\014nd)i(a)f(pro)s(of)f
+(for)h(it)f(using)h(the)244 4932 y(inference)33 b(system.)0
+5133 y(The)41 b(completeness)f(result)g(can)g(only)g(b)s(e)g(pro)m(v)m
+(ed)h(b)s(ecause)g(w)m(e)g(use)g(the)f(extensional)g(ap-)0
+5254 y(proac)m(h)i(where)h(preconditions)e(and)h(p)s(ostconditions)f
+(are)g(arbitrary)g(predicates.)71 b(In)42 b(the)0 5374
+y(in)m(tensional)30 b(approac)m(h)i(w)m(e)h(only)e(ha)m(v)m(e)i(a)f(w)m
+(eak)m(er)h(result;)f(w)m(e)h(shall)d(return)j(to)e(this)g(later)g(in)0
+5494 y(this)h(section.)p eop
+%%Page: 184 194
+184 193 bop 251 130 a Fw(184)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 430
+515 a Fu(As)34 b(the)f(op)s(erational)e(and)j(denotational)d(seman)m
+(tics)i(are)h(equiv)-5 b(alen)m(t)33 b(w)m(e)h(only)f(need)h(to)283
+636 y(consider)f(one)g(of)f(them)g(here)h(and)g(w)m(e)g(shall)e(c)m(ho)
+s(ose)j(the)f(natural)e(seman)m(tics.)44 b(The)33 b(partial)283
+756 y(correctness)i(assertion)e Ft(f)f Fs(P)43 b Ft(g)32
+b Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(is)g(said)g(to)g(b)s(e)h
+Fs(valid)42 b Fu(if)32 b(and)g(only)g(if)527 981 y(for)g(all)e(states)k
+Fs(s)8 b Fu(,)32 b(if)f Fs(P)43 b(s)d Fu(=)32 b Fw(tt)g
+Fu(and)g Ft(h)p Fs(S)12 b Fu(,)p Fs(s)c Ft(i)32 b(!)g
+Fs(s)2323 945 y Fi(0)2378 981 y Fu(for)g(some)g Fs(s)2819
+945 y Fi(0)2875 981 y Fu(then)h Fs(Q)41 b(s)3261 945
+y Fi(0)3317 981 y Fu(=)32 b Fw(tt)283 1206 y Fu(and)h(w)m(e)h(shall)d
+(write)h(this)g(as)527 1431 y Ft(j)-17 b Fu(=)614 1446
+y Fn(p)690 1431 y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)44
+b Ft(f)32 b Fs(Q)42 b Ft(g)283 1656 y Fu(The)34 b(soundness)h(prop)s
+(ert)m(y)e(is)f(then)h(expressed)j(b)m(y)527 1881 y Ft(`)588
+1896 y Fn(p)664 1881 y Ft(f)c Fs(P)43 b Ft(g)33 b Fs(S)44
+b Ft(f)32 b Fs(Q)42 b Ft(g)65 b Fu(implies)d Ft(j)-17
+b Fu(=)1801 1896 y Fn(p)1877 1881 y Ft(f)33 b Fs(P)43
+b Ft(g)32 b Fs(S)44 b Ft(f)33 b Fs(Q)41 b Ft(g)283 2106
+y Fu(and)33 b(the)g(completeness)h(prop)s(ert)m(y)f(is)f(expressed)j(b)
+m(y)527 2331 y Ft(j)-17 b Fu(=)614 2346 y Fn(p)690 2331
+y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42
+b Ft(g)65 b Fu(implies)e Ft(`)1801 2346 y Fn(p)1877 2331
+y Ft(f)33 b Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b Fs(Q)41
+b Ft(g)283 2556 y Fu(W)-8 b(e)33 b(ha)m(v)m(e)p 283 2681
+3473 5 v 283 2881 a Fw(Theorem)38 b(6.16)49 b Fu(F)-8
+b(or)31 b(all)g(partial)f(correctness)35 b(assertions)e
+Ft(f)f Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(Q)42
+b Ft(g)32 b Fu(w)m(e)i(ha)m(v)m(e)552 3049 y Ft(j)-17
+b Fu(=)639 3064 y Fn(p)715 3049 y Ft(f)32 b Fs(P)43 b
+Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)65 b Fu(if)31
+b(and)i(only)f(if)64 b Ft(`)2078 3064 y Fn(p)2154 3049
+y Ft(f)32 b Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(Q)41
+b Ft(g)p 283 3169 V 283 3394 a Fu(It)33 b(is)f(customary)h(to)f(pro)m
+(v)m(e)i(the)f(soundness)i(and)e(completeness)g(results)g(separately)-8
+b(.)283 3709 y Fp(Soundness)283 3903 y Fu(W)g(e)33 b(shall)f(\014rst)h
+(pro)m(v)m(e:)p 283 4028 V 283 4228 a Fw(Lemma)38 b(6.17)49
+b Fu(The)29 b(inference)g(system)h(of)e(T)-8 b(able)28
+b(6.1)g(is)g(sound,)i(that)f(is)f(for)g(ev)m(ery)i(partial)283
+4348 y(correctness)35 b(form)m(ula)c Ft(f)h Fs(P)43 b
+Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(w)m(e)i(ha)m(v)m
+(e)552 4516 y Ft(`)613 4531 y Fn(p)689 4516 y Ft(f)e
+Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)32
+b Fu(implies)e Ft(j)-17 b Fu(=)1761 4531 y Fn(p)1837
+4516 y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32
+b Fs(Q)42 b Ft(g)p 283 4636 V 283 4861 a Fw(Pro)s(of:)d
+Fu(The)34 b(pro)s(of)f(is)g(b)m(y)h(induction)f(on)g(the)h(shap)s(e)g
+(of)g(the)f(inference)i(tree)f(used)g(to)g(infer)283
+4982 y Ft(`)344 4997 y Fn(p)420 4982 y Ft(f)f Fs(P)42
+b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)p Fu(.)47
+b(This)34 b(amoun)m(ts)f(to)h(nothing)e(but)i(a)g(formalization)29
+b(of)k(the)i(in)m(tuitions)283 5102 y(w)m(e)f(ga)m(v)m(e)g(when)f(in)m
+(tro)s(ducing)f(the)h(axioms)e(and)i(rules.)283 5270
+y Fw(The)g(case)g Fu([ass)891 5285 y Fn(p)936 5270 y
+Fu(]:)43 b(W)-8 b(e)33 b(shall)e(pro)m(v)m(e)j(that)f(the)g(axiom)d(is)
+j(v)-5 b(alid,)30 b(so)j(supp)s(ose)h(that)527 5494 y
+Ft(h)p Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33 b Fs(s)8
+b Ft(i)32 b(!)g Fs(s)1207 5458 y Fi(0)p eop
+%%Page: 185 195
+185 194 bop 0 130 a Fw(6.3)112 b(Soundness)40 b(and)e(completeness)1647
+b(185)p 0 193 3473 4 v 0 515 a Fu(and)29 b(\()p Fs(P)10
+b Fu([)p Fs(x)i Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17
+b(])q(]\))29 b Fs(s)37 b Fu(=)29 b Fw(tt)p Fu(.)41 b(W)-8
+b(e)30 b(shall)d(then)j(pro)m(v)m(e)g(that)f Fs(P)39
+b(s)2356 479 y Fi(0)2409 515 y Fu(=)28 b Fw(tt)p Fu(.)42
+b(F)-8 b(rom)27 b([ass)3074 530 y Fn(ns)3146 515 y Fu(])i(w)m(e)h(get)0
+636 y(that)d Fs(s)254 600 y Fi(0)304 636 y Fu(=)g Fs(s)8
+b Fu([)p Fs(x)k Ft(7!A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
+b(])q Fs(s)8 b Fu(])27 b(and)h(from)d(\()p Fs(P)10 b
+Fu([)p Fs(x)i Ft(7!A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
+b(])q(]\))33 b Fs(s)40 b Fu(=)33 b Fw(tt)26 b Fu(w)m(e)i(get)f(that)g
+Fs(P)38 b Fu(\()p Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p
+Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(]\))0
+756 y(=)32 b Fw(tt)p Fu(.)43 b(Th)m(us)34 b Fs(P)43 b(s)670
+720 y Fi(0)726 756 y Fu(=)32 b Fw(tt)g Fu(as)h(w)m(as)g(to)g(b)s(e)f
+(sho)m(wn.)0 924 y Fw(The)h(case)g Fu([skip)654 939 y
+Fn(p)698 924 y Fu(]:)43 b(This)33 b(case)h(is)e(immediate)e(using)i
+(the)h(clause)g([skip)2709 939 y Fn(ns)2780 924 y Fu(].)0
+1091 y Fw(The)g(case)g Fu([comp)711 1106 y Fn(p)754 1091
+y Fu(]:)44 b(W)-8 b(e)33 b(assume)g(that)244 1306 y Ft(j)-17
+b Fu(=)331 1321 y Fn(p)407 1306 y Ft(f)32 b Fs(P)43 b
+Ft(g)32 b Fs(S)747 1321 y Fn(1)819 1306 y Ft(f)g Fs(Q)42
+b Ft(g)32 b Fu(and)h Ft(j)-17 b Fu(=)1377 1321 y Fn(p)1453
+1306 y Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fs(S)1801 1321 y
+Fn(2)1873 1306 y Ft(f)g Fs(R)37 b Ft(g)0 1521 y Fu(and)d(w)m(e)g(ha)m
+(v)m(e)h(to)f(pro)m(v)m(e)g(that)g Ft(j)-17 b Fu(=)1245
+1536 y Fn(p)1322 1521 y Ft(f)33 b Fs(P)44 b Ft(g)33 b
+Fs(S)1665 1536 y Fn(1)1705 1521 y Fu(;)h Fs(S)1833 1536
+y Fn(2)1906 1521 y Ft(f)f Fs(R)38 b Ft(g)p Fu(.)46 b(So)34
+b(consider)f(arbitrary)g(states)i Fs(s)0 1642 y Fu(and)e
+Fs(s)238 1606 y Fi(00)313 1642 y Fu(suc)m(h)h(that)e
+Fs(P)43 b(s)e Fu(=)32 b Fw(tt)g Fu(and)244 1857 y Ft(h)p
+Fs(S)350 1872 y Fn(1)389 1857 y Fu(;)p Fs(S)483 1872
+y Fn(2)522 1857 y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)881
+1821 y Fi(00)0 2072 y Fu(F)-8 b(rom)31 b([comp)511 2087
+y Fn(ns)582 2072 y Fu(])i(w)m(e)g(get)g(that)f(there)h(is)g(a)f(state)h
+Fs(s)1875 2036 y Fi(0)1931 2072 y Fu(suc)m(h)h(that)244
+2287 y Ft(h)p Fs(S)350 2302 y Fn(1)389 2287 y Fu(,)f
+Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 2251 y Fi(0)869 2287
+y Fu(and)98 b Ft(h)o Fs(S)1229 2302 y Fn(2)1269 2287
+y Fu(,)32 b Fs(s)1376 2251 y Fi(0)1400 2287 y Ft(i)g(!)g
+Fs(s)1651 2251 y Fi(00)0 2502 y Fu(F)-8 b(rom)37 b Ft(h)o
+Fs(S)367 2517 y Fn(1)407 2502 y Fu(,)i Fs(s)8 b Ft(i)38
+b(!)g Fs(s)784 2466 y Fi(0)807 2502 y Fu(,)i Fs(P)49
+b(s)d Fu(=)38 b Fw(tt)f Fu(and)i Ft(j)-17 b Fu(=)1596
+2517 y Fn(p)1678 2502 y Ft(f)38 b Fs(P)48 b Ft(g)38 b
+Fs(S)2035 2517 y Fn(1)2113 2502 y Ft(f)g Fs(Q)47 b Ft(g)38
+b Fu(w)m(e)h(get)g Fs(Q)47 b(s)2899 2466 y Fi(0)2960
+2502 y Fu(=)38 b Fw(tt)p Fu(.)60 b(F)-8 b(rom)0 2622
+y Ft(h)p Fs(S)106 2637 y Fn(2)145 2622 y Fu(,)33 b Fs(s)253
+2586 y Fi(0)276 2622 y Ft(i)f(!)g Fs(s)527 2586 y Fi(00)570
+2622 y Fu(,)g Fs(Q)41 b(s)793 2586 y Fi(0)848 2622 y
+Fu(=)32 b Fw(tt)f Fu(and)h Ft(j)-17 b Fu(=)1351 2637
+y Fn(p)1427 2622 y Ft(f)31 b Fs(Q)41 b Ft(g)32 b Fs(S)1773
+2637 y Fn(2)1844 2622 y Ft(f)g Fs(R)k Ft(g)c Fu(it)f(follo)m(ws)f(that)
+i Fs(R)k(s)2897 2586 y Fi(00)2971 2622 y Fu(=)c Fw(tt)f
+Fu(as)h(w)m(as)0 2743 y(to)g(b)s(e)h(sho)m(wn.)0 2910
+y Fw(The)g(case)g Fu([if)541 2925 y Fn(p)583 2910 y Fu(]:)44
+b(Assume)33 b(that)244 3125 y Ft(j)-17 b Fu(=)331 3140
+y Fn(p)407 3125 y Ft(f)32 b(B)s Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)1073
+3140 y Fn(1)1145 3125 y Ft(f)g Fs(Q)42 b Ft(g)32 b Fu(and)h
+Ft(j)-17 b Fu(=)1703 3140 y Fn(p)1779 3125 y Ft(f)32
+b(:)q(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g
+Fs(P)43 b Ft(g)32 b Fs(S)2512 3140 y Fn(2)2584 3125 y
+Ft(f)g Fs(Q)42 b Ft(g)0 3340 y Fu(T)-8 b(o)31 b(pro)m(v)m(e)h
+Ft(j)-17 b Fu(=)490 3355 y Fn(p)564 3340 y Ft(f)30 b
+Fs(P)41 b Ft(g)31 b Fr(if)g Fs(b)37 b Fr(then)31 b Fs(S)1349
+3355 y Fn(1)1419 3340 y Fr(else)h Fs(S)1722 3355 y Fn(2)1792
+3340 y Ft(f)f Fs(Q)39 b Ft(g)31 b Fu(consider)g(arbitrary)f(states)h
+Fs(s)39 b Fu(and)31 b Fs(s)3449 3304 y Fi(0)0 3461 y
+Fu(suc)m(h)j(that)e Fs(P)43 b(s)e Fu(=)32 b Fw(tt)g Fu(and)244
+3676 y Ft(h)p Fr(if)h Fs(b)38 b Fr(then)c Fs(S)806 3691
+y Fn(1)877 3676 y Fr(else)g Fs(S)1182 3691 y Fn(2)1221
+3676 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)g Fs(s)1580 3639 y
+Fi(0)0 3891 y Fu(There)i(are)f(t)m(w)m(o)h(cases.)46
+b(If)33 b Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q
+Fs(s)41 b Fu(=)33 b Fw(tt)f Fu(then)i(w)m(e)g(get)f(\()p
+Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)h
+Fs(P)10 b Fu(\))33 b Fs(s)41 b Fu(=)33 b Fw(tt)f Fu(and)h(from)f([if)
+3375 3906 y Fn(ns)3445 3891 y Fu(])0 4011 y(w)m(e)i(ha)m(v)m(e)244
+4226 y Ft(h)p Fs(S)350 4241 y Fn(1)389 4226 y Fu(,)f
+Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 4190 y Fi(0)0 4441 y
+Fu(F)-8 b(rom)39 b(the)i(\014rst)g(assumption)f(w)m(e)i(therefore)f
+(get)f Fs(Q)50 b(s)2085 4405 y Fi(0)2149 4441 y Fu(=)40
+b Fw(tt)p Fu(.)67 b(If)40 b Ft(B)t Fu([)-17 b([)p Fs(b)6
+b Fu(])-17 b(])q Fs(s)48 b Fu(=)41 b Fw(\013)f Fu(the)h(result)0
+4561 y(follo)m(ws)31 b(in)h(a)g(similar)e(w)m(a)m(y)j(from)f(the)h
+(second)h(assumption.)0 4729 y Fw(The)f(case)g Fu([while)706
+4744 y Fn(p)749 4729 y Fu(]:)43 b(Assume)34 b(that)244
+4944 y Ft(j)-17 b Fu(=)331 4959 y Fn(p)407 4944 y Ft(f)32
+b(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g
+Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(P)43 b Ft(g)0
+5159 y Fu(T)-8 b(o)35 b(pro)m(v)m(e)h Ft(j)-17 b Fu(=)498
+5174 y Fn(p)577 5159 y Ft(f)35 b Fs(P)45 b Ft(g)35 b
+Fr(while)h Fs(b)41 b Fr(do)36 b Fs(S)46 b Ft(f)35 b(:)q(B)s
+Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])35 b Ft(^)h Fs(P)45
+b Ft(g)35 b Fu(consider)g(arbitrary)f(states)i Fs(s)43
+b Fu(and)0 5279 y Fs(s)48 5243 y Fi(00)123 5279 y Fu(suc)m(h)34
+b(that)e Fs(P)43 b(s)e Fu(=)32 b Fw(tt)g Fu(and)244 5494
+y Ft(h)p Fr(while)h Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32
+b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1216 5458 y Fi(00)p eop
+%%Page: 186 196
+186 195 bop 251 130 a Fw(186)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
+515 a Fu(and)28 b(w)m(e)g(shall)e(sho)m(w)j(that)e(\()p
+Ft(:B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Ft(^)p
+Fs(P)10 b Fu(\))28 b Fs(s)1827 479 y Fi(00)1897 515 y
+Fu(=)f Fw(tt)p Fu(.)41 b(W)-8 b(e)27 b(shall)f(no)m(w)i(pro)s(ceed)g(b)
+m(y)h(induction)d(on)283 636 y(the)33 b(shap)s(e)g(of)e(the)i(deriv)-5
+b(ation)30 b(tree)j(in)e(the)i(natural)d(seman)m(tics.)44
+b(One)32 b(of)g(t)m(w)m(o)h(cases)g(apply)-8 b(.)283
+756 y(If)34 b Ft(B)t Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(])p Fs(s)41 b Fu(=)32 b Fw(\013)i Fu(then)h Fs(s)1137
+720 y Fi(00)1214 756 y Fu(=)f Fs(s)42 b Fu(according)33
+b(to)h([while)2217 720 y Fn(\013)2217 781 y(ns)2287 756
+y Fu(])g(and)h(clearly)e(\()p Ft(:B)s Fu([)-17 b([)q
+Fs(b)6 b Fu(])-17 b(])35 b Ft(^)f Fs(P)10 b Fu(\))34
+b Fs(s)3482 720 y Fi(00)3559 756 y Fu(=)g Fw(tt)283 877
+y Fu(as)f(required.)44 b(Next)34 b(consider)f(the)g(case)g(where)h
+Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41
+b Fu(=)32 b Fw(tt)g Fu(and)527 1085 y Ft(h)p Fs(S)12
+b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)992 1049 y Fi(0)1113
+1085 y Fu(and)130 b Ft(h)p Fr(while)34 b Fs(b)k Fr(do)33
+b Fs(S)12 b Fu(,)33 b Fs(s)2121 1049 y Fi(0)2144 1085
+y Ft(i)f(!)g Fs(s)2395 1049 y Fi(00)283 1294 y Fu(for)38
+b(some)h(state)g Fs(s)982 1258 y Fi(0)1005 1294 y Fu(.)61
+b(Th)m(us)41 b(\()p Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(])38 b Ft(^)h Fs(P)10 b Fu(\))39 b Fs(s)47 b Fu(=)38
+b Fw(tt)g Fu(and)g(w)m(e)i(can)f(then)g(apply)f(the)h(assump-)283
+1414 y(tion)f Ft(j)-17 b Fu(=)577 1429 y Fn(p)653 1414
+y Ft(f)33 b(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33
+b Ft(^)g Fs(P)42 b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(P)43
+b Ft(g)c Fu(and)g(get)g(that)g Fs(P)49 b(s)2378 1378
+y Fi(0)2441 1414 y Fu(=)38 b Fw(tt)p Fu(.)62 b(The)40
+b(induction)e(h)m(yp)s(othe-)283 1535 y(sis)g(can)g(no)m(w)h(b)s(e)e
+(applied)g(to)g(the)i(deriv)-5 b(ation)36 b Ft(h)o Fr(while)e
+Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)2783 1499
+y Fi(0)2807 1535 y Ft(i)g(!)g Fs(s)3058 1499 y Fi(00)3138
+1535 y Fu(and)38 b(giv)m(es)g(that)283 1655 y(\()p Ft(:)q(B)s
+Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)10
+b Fu(\))33 b Fs(s)909 1619 y Fi(00)984 1655 y Fu(=)f
+Fw(tt)o Fu(.)44 b(This)32 b(completes)h(the)g(pro)s(of)f(of)g(this)g
+(case.)283 1823 y Fw(The)h(case)g Fu([cons)950 1838 y
+Fn(p)995 1823 y Fu(]:)43 b(Supp)s(ose)34 b(that)527 2032
+y Ft(j)-17 b Fu(=)614 2047 y Fn(p)690 2032 y Ft(f)32
+b Fs(P)848 1996 y Fi(0)905 2032 y Ft(g)g Fs(S)44 b Ft(f)33
+b Fs(Q)1253 1996 y Fi(0)1309 2032 y Ft(g)f Fu(and)h Fs(P)43
+b Ft(\))32 b Fs(P)1898 1996 y Fi(0)1986 2032 y Fu(and)h
+Fs(Q)2260 1996 y Fi(0)2316 2032 y Ft(\))f Fs(Q)283 2240
+y Fu(T)-8 b(o)33 b(pro)m(v)m(e)h Ft(j)-17 b Fu(=)777
+2255 y Fn(p)853 2240 y Ft(f)32 b Fs(P)43 b Ft(g)32 b
+Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(consider)h(states)g
+Fs(s)41 b Fu(and)33 b Fs(s)2483 2204 y Fi(0)2539 2240
+y Fu(suc)m(h)h(that)e Fs(P)43 b(s)d Fu(=)33 b Fw(tt)e
+Fu(and)527 2449 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b
+Ft(i)32 b(!)g Fs(s)992 2413 y Fi(0)283 2658 y Fu(Since)e
+Fs(P)39 b(s)e Fu(=)29 b Fw(tt)f Fu(and)h Fs(P)40 b Ft(\))28
+b Fs(P)1434 2622 y Fi(0)1487 2658 y Fu(w)m(e)i(also)e(ha)m(v)m(e)j
+Fs(P)2117 2622 y Fi(0)2169 2658 y Fs(s)38 b Fu(=)28 b
+Fw(tt)h Fu(and)g(the)g(assumption)g(then)g(giv)m(es)283
+2778 y(us)34 b(that)e Fs(Q)704 2742 y Fi(0)760 2778 y
+Fs(s)808 2742 y Fi(0)864 2778 y Fu(=)g Fw(tt)p Fu(.)43
+b(F)-8 b(rom)31 b Fs(Q)1470 2742 y Fi(0)1526 2778 y Ft(\))h
+Fs(Q)42 b Fu(w)m(e)33 b(therefore)g(get)g Fs(Q)42 b(s)2655
+2742 y Fi(0)2711 2778 y Fu(=)32 b Fw(tt)g Fu(as)g(required.)247
+b Fh(2)283 3098 y Fw(Exercise)37 b(6.18)49 b Fu(Sho)m(w)38
+b(that)g(the)g(inference)h(rule)e(for)g Fr(repeat)j Fs(S)49
+b Fr(until)40 b Fs(b)j Fu(suggested)d(in)283 3219 y(Exercise)25
+b(6.11)e(preserv)m(es)j(v)-5 b(alidit)m(y)d(.)38 b(Argue)24
+b(that)f(this)g(means)h(that)f(the)h(en)m(tire)f(pro)s(of)g(system)283
+3339 y(consisting)34 b(of)g(the)g(axioms)f(and)h(rules)g(of)g(T)-8
+b(able)34 b(6.1)g(together)g(with)g(the)g(rule)g(of)f(Exercise)283
+3460 y(6.11)f(is)g(sound.)2818 b Fh(2)283 3695 y Fw(Exercise)37
+b(6.19)49 b Fu(De\014ne)33 b Ft(j)-17 b Fu(=)1364 3659
+y Fi(0)1420 3695 y Ft(f)32 b Fs(P)43 b Ft(g)32 b Fs(S)45
+b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(to)g(mean)g(that)527
+3904 y(for)42 b(all)e(states)j Fs(s)50 b Fu(suc)m(h)43
+b(that)f Fs(P)52 b(s)f Fu(=)41 b Fw(tt)h Fu(there)g(exists)h(a)f(state)
+g Fs(s)3038 3868 y Fi(0)3104 3904 y Fu(suc)m(h)h(that)527
+4025 y Fs(Q)f(s)692 3988 y Fi(0)748 4025 y Fu(=)32 b
+Fw(tt)g Fu(and)h Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8 b
+Ft(i)32 b(!)g Fs(s)1630 3988 y Fi(0)283 4233 y Fu(Sho)m(w)h(that)e(it)f
+(is)h Fs(not)40 b Fu(the)32 b(case)g(that)f Ft(`)1763
+4248 y Fn(p)1838 4233 y Ft(f)g Fs(P)41 b Ft(g)31 b Fs(S)43
+b Ft(f)31 b Fs(Q)41 b Ft(g)31 b Fu(implies)d Ft(j)-17
+b Fu(=)2899 4197 y Fi(0)2954 4233 y Ft(f)31 b Fs(P)41
+b Ft(g)31 b Fs(S)43 b Ft(f)31 b Fs(Q)41 b Ft(g)31 b Fu(and)283
+4354 y(conclude)j(that)f(the)h(pro)s(of)e(system)i(of)f(T)-8
+b(able)33 b(6.1)g(cannot)g(b)s(e)h(sound)g(with)f(resp)s(ect)h(to)f
+(this)283 4474 y(de\014nition)f(of)g(v)-5 b(alidit)m(y)d(.)2515
+b Fh(2)283 4770 y Fp(Completeness)47 b(\(in)e(the)h(extensional)g
+(approac)l(h\))283 4957 y Fu(Before)35 b(turning)f(to)g(the)h(pro)s(of)
+e(of)h(the)h(completeness)g(result)g(w)m(e)g(shall)e(consider)i(a)f(sp)
+s(ecial)283 5077 y(predicate)f(wlp\()p Fs(S)12 b Fu(,)32
+b Fs(Q)9 b Fu(\))33 b(de\014ned)h(for)e(eac)m(h)h(statemen)m(t)g
+Fs(S)45 b Fu(and)33 b(predicate)f Fs(Q)9 b Fu(:)527 5286
+y(wlp\()p Fs(S)j Fu(,)32 b Fs(Q)9 b Fu(\))33 b Fs(s)41
+b Fu(=)32 b Fw(tt)283 5494 y Fu(if)g(and)h(only)f(if)f(for)h(all)f
+(states)i Fs(s)1476 5458 y Fi(0)1499 5494 y Fu(,)p eop
+%%Page: 187 197
+187 196 bop 0 130 a Fw(6.3)112 b(Soundness)40 b(and)e(completeness)1647
+b(187)p 0 193 3473 4 v 244 515 a Fu(if)31 b Ft(h)p Fs(S)12
+b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)798 479 y Fi(0)854
+515 y Fu(then)h Fs(Q)42 b(s)1241 479 y Fi(0)1297 515
+y Fu(=)32 b Fw(tt)0 719 y Fu(The)i(predicate)e(is)g(called)g(the)h
+Fs(we)-5 b(akest)34 b(lib)-5 b(er)g(al)34 b(pr)-5 b(e)g(c)g(ondition)39
+b Fu(for)32 b Fs(Q)42 b Fu(and)32 b(it)g(satis\014es:)p
+0 839 3473 5 v 0 1014 a Fw(F)-9 b(act)37 b(6.20)49 b
+Fu(F)-8 b(or)32 b(ev)m(ery)j(statemen)m(t)e Fs(S)44 b
+Fu(and)33 b(predicate)f Fs(Q)42 b Fu(w)m(e)34 b(ha)m(v)m(e)145
+1217 y Ft(\017)49 b(j)-17 b Fu(=)331 1232 y Fn(p)407
+1217 y Ft(f)32 b Fu(wlp\()p Fs(S)12 b Fu(,)32 b Fs(Q)9
+b Fu(\))33 b Ft(g)f Fs(S)44 b Ft(f)33 b Fs(Q)41 b Ft(g)1958
+b Fu(\(*\))145 1421 y Ft(\017)49 b Fu(if)31 b Ft(j)-17
+b Fu(=)420 1436 y Fn(p)496 1421 y Ft(f)32 b Fs(P)43 b
+Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(then)i
+Fs(P)42 b Ft(\))33 b Fu(wlp\()p Fs(S)12 b Fu(,)32 b Fs(Q)9
+b Fu(\))1247 b(\(**\))0 1625 y(meaning)31 b(that)i(wlp\()p
+Fs(S)12 b Fu(,)32 b Fs(Q)9 b Fu(\))32 b(is)g(the)h(w)m(eak)m(est)i(p)s
+(ossible)d(precondition)g(for)g Fs(S)44 b Fu(and)33 b
+Fs(Q)9 b Fu(.)p 0 1745 V 0 1948 a Fw(Pro)s(of:)54 b Fu(T)-8
+b(o)47 b(v)m(erify)h(that)e(\(*\))h(holds)g(let)f Fs(s)55
+b Fu(and)48 b Fs(s)1971 1912 y Fi(0)2041 1948 y Fu(b)s(e)f(states)h
+(suc)m(h)h(that)e Ft(h)p Fs(S)12 b Fu(,)47 b Fs(s)8 b
+Ft(i)46 b(!)h Fs(s)3449 1912 y Fi(0)0 2069 y Fu(and)38
+b(wlp\()p Fs(S)12 b Fu(,)33 b Fs(Q)9 b Fu(\))32 b Fs(s)41
+b Fu(=)32 b Fw(tt)o Fu(.)61 b(F)-8 b(rom)37 b(the)i(de\014nition)e(of)h
+(wlp\()p Fs(S)12 b Fu(,)38 b Fs(Q)9 b Fu(\))38 b(w)m(e)i(get)e(that)g
+Fs(Q)47 b(s)3209 2033 y Fi(0)3271 2069 y Fu(=)38 b Fw(tt)0
+2189 y Fu(as)k(required.)71 b(T)-8 b(o)42 b(v)m(erify)g(that)f(\(**\))g
+(holds)h(assume)g(that)f Ft(j)-17 b Fu(=)2362 2204 y
+Fn(p)2447 2189 y Ft(f)42 b Fs(P)52 b Ft(g)41 b Fs(S)54
+b Ft(f)41 b Fs(Q)51 b Ft(g)41 b Fu(and)h(let)0 2310 y
+Fs(P)h(s)d Fu(=)33 b Fw(tt)o Fu(.)55 b(If)36 b Ft(h)p
+Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)1033
+2273 y Fi(0)1092 2310 y Fu(then)37 b Fs(Q)46 b(s)1487
+2273 y Fi(0)1546 2310 y Fu(=)37 b Fw(tt)e Fu(\(b)s(ecause)j
+Ft(j)-17 b Fu(=)2272 2325 y Fn(p)2351 2310 y Ft(f)36
+b Fs(P)47 b Ft(g)36 b Fs(S)48 b Ft(f)36 b Fs(Q)46 b Ft(g)p
+Fu(\))36 b(so)g(clearly)0 2430 y(wlp\()p Fs(S)12 b Fu(,)p
+Fs(Q)d Fu(\))32 b Fs(s)41 b Fu(=)32 b Fw(tt)o Fu(.)2657
+b Fh(2)0 2742 y Fw(Exercise)36 b(6.21)49 b Fu(Pro)m(v)m(e)34
+b(that)f(the)g(predicate)f Fs(INV)52 b Fu(of)32 b(Example)g(6.9)g
+(satis\014es)269 2909 y Fs(INV)51 b Fu(=)32 b(wlp\()p
+Fr(while)i Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f
+Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h
+Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fu(1\),)i Fr(y)e Fu(=)h
+Fr(n)p Fu(!)43 b Ft(^)33 b Fr(n)g Fo(>)g Fr(0)p Fu(\))164
+b Fh(2)0 3138 y Fw(Exercise)36 b(6.22)49 b Fu(Another)f(in)m(teresting)
+e(predicate)h(called)f(the)h Fs(str)-5 b(ongest)48 b(p)-5
+b(ostc)g(ondition)0 3258 y Fu(for)32 b Fs(S)44 b Fu(and)33
+b Fs(P)43 b Fu(can)33 b(b)s(e)g(de\014ned)h(b)m(y)244
+3462 y(sp\()p Fs(P)10 b Fu(,)33 b Fs(S)12 b Fu(\))33
+b Fs(s)696 3426 y Fi(0)752 3462 y Fu(=)f Fw(tt)0 3665
+y Fu(if)f(and)i(only)f(if)244 3869 y(there)h(exists)h
+Fs(s)40 b Fu(suc)m(h)34 b(that)f Ft(h)o Fs(S)12 b Fu(,)33
+b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1739 3833 y Fi(0)1795 3869
+y Fu(and)h Fs(P)43 b(s)d Fu(=)33 b Fw(tt)0 4072 y Fu(Pro)m(v)m(e)h
+(that)145 4276 y Ft(\017)49 b(j)-17 b Fu(=)331 4291 y
+Fn(p)407 4276 y Ft(f)32 b Fs(P)43 b Ft(g)32 b Fs(S)45
+b Ft(f)32 b Fu(sp\()p Fs(P)10 b Fu(,)34 b Fs(S)12 b Fu(\))32
+b Ft(g)145 4479 y(\017)49 b Fu(if)31 b Ft(j)-17 b Fu(=)420
+4494 y Fn(p)496 4479 y Ft(f)32 b Fs(P)43 b Ft(g)33 b
+Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fu(then)i(sp\()p
+Fs(P)10 b Fu(,)33 b Fs(S)12 b Fu(\))32 b Ft(\))h Fs(Q)0
+4683 y Fu(Th)m(us)h(sp\()p Fs(P)10 b Fu(,)34 b Fs(S)12
+b Fu(\))32 b(is)g(the)h(strongest)g(p)s(ossible)f(p)s(ostcondition)g
+(for)g Fs(P)43 b Fu(and)32 b Fs(S)12 b Fu(.)544 b Fh(2)p
+0 4912 V 0 5086 a Fw(Lemma)37 b(6.23)49 b Fu(The)d(inference)f(system)h
+(of)e(T)-8 b(able)45 b(6.1)f(is)g(complete,)j(that)e(is)f(for)h(ev)m
+(ery)0 5206 y(partial)30 b(correctness)35 b(form)m(ula)c
+Ft(f)h Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(Q)42
+b Ft(g)32 b Fu(w)m(e)i(ha)m(v)m(e)269 5374 y Ft(j)-17
+b Fu(=)356 5389 y Fn(p)432 5374 y Ft(f)32 b Fs(P)43 b
+Ft(g)32 b Fs(S)44 b Ft(f)33 b Fs(Q)41 b Ft(g)33 b Fu(implies)d
+Ft(`)1478 5389 y Fn(p)1554 5374 y Ft(f)i Fs(P)43 b Ft(g)32
+b Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)p 0 5494 V eop
+%%Page: 188 198
+188 197 bop 251 130 a Fw(188)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
+515 a(Pro)s(of:)38 b Fu(The)33 b(completeness)h(result)e(follo)m(ws)f
+(if)h(w)m(e)h(can)g(infer)552 683 y Ft(`)613 698 y Fn(p)689
+683 y Ft(f)f Fu(wlp\()p Fs(S)12 b Fu(,)32 b Fs(Q)9 b
+Fu(\))33 b Ft(g)f Fs(S)45 b Ft(f)32 b Fs(Q)42 b Ft(g)1958
+b Fu(\(*\))283 851 y(for)32 b(all)f(statemen)m(ts)j Fs(S)44
+b Fu(and)33 b(predicates)g Fs(Q)9 b Fu(.)33 b(T)-8 b(o)32
+b(see)i(this)e(supp)s(ose)i(that)527 1046 y Ft(j)-17
+b Fu(=)614 1061 y Fn(p)690 1046 y Ft(f)32 b Fs(P)43 b
+Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)283 1242
+y Fu(Then)34 b(F)-8 b(act)32 b(6.20)g(giv)m(es)h(that)527
+1438 y Fs(P)43 b Ft(\))32 b Fu(wlp\()p Fs(S)12 b Fu(,)p
+Fs(Q)d Fu(\))283 1633 y(so)33 b(that)g(\(*\))f(and)g([cons)1172
+1648 y Fn(p)1217 1633 y Fu(])g(giv)m(e)527 1829 y Ft(`)588
+1844 y Fn(p)664 1829 y Ft(f)g Fs(P)43 b Ft(g)33 b Fs(S)44
+b Ft(f)32 b Fs(Q)42 b Ft(g)283 2025 y Fu(as)33 b(required.)430
+2145 y(T)-8 b(o)32 b(pro)m(v)m(e)i(\(*\))e(w)m(e)i(pro)s(ceed)f(b)m(y)h
+(structural)e(induction)g(on)g(the)h(statemen)m(t)g Fs(S)12
+b Fu(.)283 2313 y Fw(The)33 b(case)g Fs(x)45 b Fu(:=)32
+b Fs(a)7 b Fu(:)44 b(Based)33 b(on)g(the)g(natural)e(seman)m(tics)i(it)
+f(is)g(easy)h(to)g(v)m(erify)g(that)527 2508 y(wlp\()p
+Fs(x)44 b Fu(:=)33 b Fs(a)7 b Fu(,)33 b Fs(Q)9 b Fu(\))32
+b(=)h Fs(Q)9 b Fu([)p Fs(x)j Ft(7!)o(A)p Fu([)-17 b([)p
+Fs(a)7 b Fu(])-17 b(])q(])283 2704 y(so)33 b(the)g(result)g(follo)m(ws)
+e(directly)h(from)f([ass)1900 2719 y Fn(p)1945 2704 y
+Fu(].)283 2872 y Fw(The)i(case)g Fr(skip)p Fu(:)45 b(Since)33
+b(wlp\()p Fr(skip)p Fu(,)g Fs(Q)9 b Fu(\))33 b(=)f Fs(Q)42
+b Fu(the)33 b(result)f(follo)m(ws)g(from)f([skip)3292
+2887 y Fn(p)3336 2872 y Fu(].)283 3039 y Fw(The)i(case)g
+Fs(S)806 3054 y Fn(1)846 3039 y Fu(;)p Fs(S)940 3054
+y Fn(2)979 3039 y Fu(:)44 b(The)33 b(induction)f(h)m(yp)s(othesis)h
+(applied)f(to)g Fs(S)2692 3054 y Fn(1)2764 3039 y Fu(and)g
+Fs(S)3020 3054 y Fn(2)3092 3039 y Fu(giv)m(es)527 3235
+y Ft(`)588 3250 y Fn(p)664 3235 y Ft(f)g Fu(wlp\()p Fs(S)1003
+3250 y Fn(2)1042 3235 y Fu(,)h Fs(Q)9 b Fu(\))33 b Ft(g)f
+Fs(S)1406 3250 y Fn(2)1478 3235 y Ft(f)g Fs(Q)42 b Ft(g)283
+3431 y Fu(and)527 3626 y Ft(`)588 3641 y Fn(p)664 3626
+y Ft(f)32 b Fu(wlp\()p Fs(S)1003 3641 y Fn(1)1042 3626
+y Fu(,)h(wlp\()p Fs(S)1359 3641 y Fn(2)1398 3626 y Fu(,)g
+Fs(Q)9 b Fu(\)\))32 b Ft(g)g Fs(S)1799 3641 y Fn(1)1871
+3626 y Ft(f)h Fu(wlp\()p Fs(S)2211 3641 y Fn(2)2249 3626
+y Fu(,)g Fs(Q)9 b Fu(\))33 b Ft(g)283 3822 y Fu(so)g(that)g([comp)870
+3837 y Fn(p)913 3822 y Fu(])f(giv)m(es)527 4018 y Ft(`)588
+4033 y Fn(p)664 4018 y Ft(f)g Fu(wlp\()p Fs(S)1003 4033
+y Fn(1)1042 4018 y Fu(,)h(wlp\()p Fs(S)1359 4033 y Fn(2)1398
+4018 y Fu(,)g Fs(Q)9 b Fu(\)\))32 b Ft(g)g Fs(S)1799
+4033 y Fn(1)1839 4018 y Fu(;)p Fs(S)1933 4033 y Fn(2)2005
+4018 y Ft(f)g Fs(Q)42 b Ft(g)283 4213 y Fu(W)-8 b(e)33
+b(shall)f(no)m(w)h(pro)m(v)m(e)h(that)527 4409 y(wlp\()p
+Fs(S)784 4424 y Fn(1)823 4409 y Fu(;)p Fs(S)917 4424
+y Fn(2)957 4409 y Fu(,)e Fs(Q)9 b Fu(\))33 b Ft(\))f
+Fu(wlp\()p Fs(S)1560 4424 y Fn(1)1599 4409 y Fu(,)h(wlp\()p
+Fs(S)1916 4424 y Fn(2)1955 4409 y Fu(,)f Fs(Q)9 b Fu(\)\))283
+4605 y(as)27 b(then)h([cons)825 4620 y Fn(p)869 4605
+y Fu(])f(will)d(giv)m(e)j(the)g(required)g(pro)s(of)f(in)g(the)h
+(inference)h(system.)42 b(So)27 b(assume)g(that)283 4725
+y(wlp\()p Fs(S)540 4740 y Fn(1)579 4725 y Fu(;)p Fs(S)673
+4740 y Fn(2)713 4725 y Fu(,)j Fs(Q)9 b Fu(\))30 b Fs(s)37
+b Fu(=)30 b Fw(tt)e Fu(and)i(w)m(e)h(shall)d(sho)m(w)j(that)e(wlp\()p
+Fs(S)2478 4740 y Fn(1)2517 4725 y Fu(,)k(wlp\()p Fs(S)2834
+4740 y Fn(2)2873 4725 y Fu(,)f Fs(Q)9 b Fu(\)\))33 b
+Fs(s)41 b Fu(=)32 b Fw(tt)o Fu(.)43 b(This)29 b(is)283
+4845 y(ob)m(vious)36 b(unless)f(there)h(is)e(a)h(state)g
+Fs(s)1654 4809 y Fi(0)1713 4845 y Fu(suc)m(h)h(that)f
+Ft(h)p Fs(S)2255 4860 y Fn(1)2294 4845 y Fu(,)g Fs(s)8
+b Ft(i)35 b(!)g Fs(s)2661 4809 y Fi(0)2719 4845 y Fu(and)g(then)h(w)m
+(e)g(m)m(ust)f(pro)m(v)m(e)283 4966 y(that)j(wlp\()p
+Fs(S)757 4981 y Fn(2)796 4966 y Fu(,)i Fs(Q)9 b Fu(\))38
+b Fs(s)1071 4930 y Fi(0)1132 4966 y Fu(=)g Fw(tt)p Fu(.)60
+b(Ho)m(w)m(ev)m(er,)42 b(this)37 b(is)h(ob)m(vious)g(to)s(o)g(unless)h
+(there)f(is)g(a)g(state)g Fs(s)3713 4930 y Fi(00)283
+5086 y Fu(suc)m(h)33 b(that)e Ft(h)p Fs(S)818 5101 y
+Fn(2)857 5086 y Fu(,)i Fs(s)965 5050 y Fi(0)988 5086
+y Ft(i)f(!)g Fs(s)1239 5050 y Fi(00)1313 5086 y Fu(and)f(then)h(w)m(e)g
+(m)m(ust)f(pro)m(v)m(e)i(that)e Fs(Q)40 b(s)2739 5050
+y Fi(00)2812 5086 y Fu(=)31 b Fw(tt)p Fu(.)43 b(But)31
+b(b)m(y)h([comp)3658 5101 y Fn(ns)3729 5086 y Fu(])283
+5206 y(w)m(e)i(ha)m(v)m(e)g Ft(h)p Fs(S)758 5221 y Fn(1)797
+5206 y Fu(;)p Fs(S)891 5221 y Fn(2)930 5206 y Fu(,)f
+Fs(s)8 b Ft(i)32 b(!)g Fs(s)1289 5170 y Fi(00)1365 5206
+y Fu(so)g(that)h Fs(Q)41 b(s)1860 5170 y Fi(00)1935 5206
+y Fu(=)33 b Fw(tt)e Fu(follo)m(ws)h(from)f(wlp\()p Fs(S)2971
+5221 y Fn(1)3010 5206 y Fu(;)p Fs(S)3104 5221 y Fn(2)3143
+5206 y Fu(,)i Fs(Q)9 b Fu(\))33 b Fs(s)40 b Fu(=)33 b
+Fw(tt)o Fu(.)283 5374 y Fw(The)g(case)g Fr(if)g Fs(b)38
+b Fr(then)c Fs(S)1262 5389 y Fn(1)1333 5374 y Fr(else)g
+Fs(S)1638 5389 y Fn(2)1677 5374 y Fu(:)43 b(The)33 b(induction)f(h)m
+(yp)s(othesis)h(applied)f(to)g Fs(S)3389 5389 y Fn(1)3460
+5374 y Fu(and)h Fs(S)3717 5389 y Fn(2)283 5494 y Fu(giv)m(es)p
+eop
+%%Page: 189 199
+189 198 bop 0 130 a Fw(6.3)112 b(Soundness)40 b(and)e(completeness)1647
+b(189)p 0 193 3473 4 v 244 515 a Ft(`)305 530 y Fn(p)381
+515 y Ft(f)32 b Fu(wlp\()p Fs(S)720 530 y Fn(1)759 515
+y Fu(,)h Fs(Q)9 b Fu(\))32 b Ft(g)g Fs(S)1122 530 y Fn(1)1194
+515 y Ft(f)h Fs(Q)41 b Ft(g)33 b Fu(and)f Ft(`)1726 530
+y Fn(p)1802 515 y Ft(f)g Fu(wlp\()p Fs(S)2141 530 y Fn(2)2180
+515 y Fu(,)h Fs(Q)9 b Fu(\))32 b Ft(g)h Fs(S)2544 530
+y Fn(2)2616 515 y Ft(f)f Fs(Q)42 b Ft(g)0 722 y Fu(De\014ne)33
+b(the)g(predicate)g Fs(P)43 b Fu(b)m(y)244 929 y Fs(P)g
+Fu(=)32 b(\()p Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
+b(])33 b Ft(^)g Fu(wlp\()p Fs(S)1082 944 y Fn(1)1121
+929 y Fu(,)g Fs(Q)9 b Fu(\)\))32 b Ft(_)h Fu(\()p Ft(:B)t
+Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fu(wlp\()p
+Fs(S)2160 944 y Fn(2)2198 929 y Fu(,)g Fs(Q)9 b Fu(\)\))0
+1136 y(Then)34 b(w)m(e)f(ha)m(v)m(e)244 1343 y(\()p Ft(B)s
+Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)10
+b Fu(\))33 b Ft(\))f Fu(wlp\()p Fs(S)1144 1358 y Fn(1)1183
+1343 y Fu(,)g Fs(Q)9 b Fu(\))33 b(and)g(\()p Ft(:B)s
+Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)10
+b Fu(\))33 b Ft(\))f Fu(wlp\()p Fs(S)2553 1358 y Fn(2)2592
+1343 y Fu(,)h Fs(Q)9 b Fu(\))0 1550 y(so)33 b([cons)331
+1565 y Fn(p)375 1550 y Fu(])g(can)f(b)s(e)h(applied)f(t)m(wice)h(and)f
+(giv)m(es)244 1757 y Ft(`)305 1772 y Fn(p)381 1757 y
+Ft(f)g(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b
+Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)1047 1772 y Fn(1)1119
+1757 y Ft(f)g Fs(Q)42 b Ft(g)32 b Fu(and)h Ft(`)1651
+1772 y Fn(p)1727 1757 y Ft(f)f(:B)t Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(])33 b Ft(^)g Fs(P)42 b Ft(g)33 b Fs(S)2460
+1772 y Fn(2)2532 1757 y Ft(f)f Fs(Q)42 b Ft(g)0 1964
+y Fu(Using)32 b([if)359 1979 y Fn(p)402 1964 y Fu(])g(w)m(e)i
+(therefore)f(get)244 2171 y Ft(`)305 2186 y Fn(p)381
+2171 y Ft(f)f Fs(P)43 b Ft(g)32 b Fr(if)h Fs(b)39 b Fr(then)33
+b Fs(S)1177 2186 y Fn(1)1249 2171 y Fr(else)h Fs(S)1554
+2186 y Fn(2)1625 2171 y Ft(f)f Fs(Q)41 b Ft(g)0 2378
+y Fu(T)-8 b(o)33 b(see)g(that)g(this)f(is)g(the)h(desired)g(result)g
+(it)e(su\016ces)k(to)d(sho)m(w)i(that)244 2585 y(wlp\()p
+Fr(if)f Fs(b)38 b Fr(then)c Fs(S)957 2600 y Fn(1)1028
+2585 y Fr(else)g Fs(S)1333 2600 y Fn(2)1372 2585 y Fu(,)f
+Fs(Q)9 b Fu(\))32 b Ft(\))h Fs(P)0 2792 y Fu(and)g(this)f(is)g(straigh)
+m(tforw)m(ard)g(b)m(y)i(cases)g(on)e(the)h(v)-5 b(alue)32
+b(of)g Fs(b)6 b Fu(.)0 2959 y Fw(The)33 b(case)g Fr(while)h
+Fs(b)k Fr(do)33 b Fs(S)12 b Fu(:)33 b(De\014ne)g(the)g(predicate)g
+Fs(P)43 b Fu(b)m(y)244 3166 y Fs(P)g Fu(=)32 b(wlp\()p
+Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(Q)9
+b Fu(\))0 3373 y(W)-8 b(e)33 b(\014rst)g(sho)m(w)h(that)269
+3541 y(\()p Ft(:B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17
+b(])33 b Ft(^)g Fs(P)10 b Fu(\))33 b Ft(\))f Fs(Q)2246
+b Fu(\(**\))269 3708 y(\()p Ft(B)s Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(])33 b Ft(^)g Fs(P)10 b Fu(\))33 b Ft(\))f
+Fu(wlp\()p Fs(S)12 b Fu(,)p Fs(P)e Fu(\))1940 b(\(***\))0
+3876 y(T)-8 b(o)36 b(v)m(erify)h(\(**\))e(let)g Fs(s)45
+b Fu(b)s(e)36 b(suc)m(h)h(that)f(\()p Ft(:)q(B)s Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(])36 b Ft(^)h Fs(P)10 b Fu(\))36
+b Fs(s)44 b Fu(=)36 b Fw(tt)p Fu(.)53 b(Then)37 b(it)e(m)m(ust)i(b)s(e)
+f(the)g(case)0 3996 y(that)i Ft(h)p Fr(while)33 b Fs(b)39
+b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f
+Fs(s)46 b Fu(so)38 b(w)m(e)h(ha)m(v)m(e)h Fs(Q)47 b(s)f
+Fu(=)38 b Fw(tt)p Fu(.)59 b(T)-8 b(o)38 b(v)m(erify)h(\(***\))e(let)h
+Fs(s)46 b Fu(b)s(e)38 b(suc)m(h)0 4117 y(that)33 b(\()p
+Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g
+Fs(P)10 b Fu(\))33 b Fs(s)40 b Fu(=)33 b Fw(tt)f Fu(and)h(w)m(e)i
+(shall)c(sho)m(w)k(that)e(wlp\()p Fs(S)12 b Fu(,)p Fs(P)e
+Fu(\))33 b Fs(s)41 b Fu(=)33 b Fw(tt)p Fu(.)44 b(This)33
+b(is)g(ob)m(vious)0 4237 y(unless)j(there)h(is)e(a)h(state)g
+Fs(s)1020 4201 y Fi(0)1079 4237 y Fu(suc)m(h)h(that)f
+Ft(h)o Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1981
+4201 y Fi(0)2040 4237 y Fu(in)j(whic)m(h)i(case)f(w)m(e)h(shall)e(pro)m
+(v)m(e)i(that)0 4358 y Fs(P)44 b(s)158 4321 y Fi(0)215
+4358 y Fu(=)33 b Fw(tt)p Fu(.)46 b(W)-8 b(e)34 b(ha)m(v)m(e)h(t)m(w)m
+(o)f(cases.)48 b(First)32 b(w)m(e)j(assume)f(that)g Ft(h)o
+Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)3005
+4321 y Fi(0)3028 4358 y Ft(i)h(!)f Fs(s)3280 4321 y Fi(00)3356
+4358 y Fu(for)0 4478 y(some)38 b Fs(s)298 4442 y Fi(00)341
+4478 y Fu(.)61 b(Then)39 b([while)939 4442 y Fn(tt)939
+4503 y(ns)1009 4478 y Fu(])g(giv)m(es)g(us)g(that)f Ft(h)p
+Fr(while)h Fs(b)44 b Fr(do)39 b Fs(S)12 b Fu(,)38 b Fs(s)8
+b Ft(i)39 b(!)e Fs(s)2674 4442 y Fi(00)2755 4478 y Fu(and)i(since)g
+Fs(P)48 b(s)f Fu(=)0 4598 y Fw(tt)34 b Fu(w)m(e)h(get)f(that)h
+Fs(Q)43 b(s)811 4562 y Fi(00)888 4598 y Fu(=)34 b Fw(tt)g
+Fu(using)g(F)-8 b(act)34 b(6.20.)48 b(But)35 b(this)f(means)g(that)h
+Fs(P)44 b(s)2906 4562 y Fi(0)2964 4598 y Fu(=)34 b Fw(tt)g
+Fu(as)g(w)m(as)0 4719 y(required.)74 b(In)43 b(the)h(second)g(case)f(w)
+m(e)h(assume)f(that)g Ft(h)p Fr(while)33 b Fs(b)39 b
+Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)2745 4683 y Fi(0)2769
+4719 y Ft(i)g(!)g Fs(s)3020 4683 y Fi(00)3105 4719 y
+Fu(do)s(es)43 b Fs(not)0 4839 y Fu(hold)29 b(for)g(an)m(y)h(state)h
+Fs(s)826 4803 y Fi(00)868 4839 y Fu(.)43 b(But)29 b(this)h(means)g
+(that)f Fs(P)43 b(s)1977 4803 y Fi(0)2033 4839 y Fu(=)32
+b Fw(tt)d Fu(holds)g(v)-5 b(acuously)30 b(and)g(w)m(e)h(ha)m(v)m(e)0
+4960 y(\014nished)i(the)g(pro)s(of)f(of)g(\(***\).)146
+5081 y(The)i(induction)d(h)m(yp)s(othesis)j(applied)e(to)g(the)h(b)s(o)
+s(dy)f Fs(S)45 b Fu(of)32 b(the)h Fr(while)p Fu(-lo)s(op)f(giv)m(es)244
+5288 y Ft(`)305 5303 y Fn(p)381 5288 y Ft(f)g Fu(wlp\()p
+Fs(S)12 b Fu(,)p Fs(P)e Fu(\))32 b Ft(g)h Fs(S)44 b Ft(f)32
+b Fs(P)43 b Ft(g)0 5494 y Fu(and)33 b(using)f(\(***\))g(together)g
+(with)h([cons)1518 5509 y Fn(p)1562 5494 y Fu(])f(w)m(e)i(get)p
+eop
+%%Page: 190 200
+190 199 bop 251 130 a Fw(190)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
+515 a Ft(`)588 530 y Fn(p)664 515 y Ft(f)32 b(B)t Fu([)-17
+b([)p Fs(b)6 b Fu(])-17 b(])34 b Ft(^)e Fs(P)43 b Ft(g)33
+b Fs(S)44 b Ft(f)32 b Fs(P)43 b Ft(g)283 704 y Fu(W)-8
+b(e)33 b(can)g(no)m(w)h(apply)e(the)h(rule)f([while)1715
+719 y Fn(p)1758 704 y Fu(])g(and)h(get)527 892 y Ft(`)588
+907 y Fn(p)664 892 y Ft(f)f Fs(P)43 b Ft(g)33 b Fr(while)g
+Fs(b)39 b Fr(do)33 b Fs(S)44 b Ft(f)33 b(:B)t Fu([)-17
+b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)283
+1081 y Fu(Finally)-8 b(,)30 b(w)m(e)k(use)g(\(**\))d(together)i(with)f
+([cons)1970 1096 y Fn(p)2015 1081 y Fu(])g(and)h(get)527
+1270 y Ft(`)588 1285 y Fn(p)664 1270 y Ft(f)f Fs(P)43
+b Ft(g)33 b Fr(while)g Fs(b)39 b Fr(do)33 b Fs(S)44 b
+Ft(f)33 b Fs(Q)41 b Ft(g)283 1458 y Fu(as)33 b(required.)2902
+b Fh(2)283 1750 y Fw(Exercise)37 b(6.24)49 b Fu(Pro)m(v)m(e)34
+b(that)e(the)h(inference)g(system)h(for)e(the)h Fr(while)p
+Fu(-language)f(extended)283 1870 y(with)27 b Fr(repeat)i
+Fs(S)40 b Fr(until)28 b Fs(b)34 b Fu(as)27 b(in)g(Exercise)i(6.11)d(is)
+h(complete.)41 b(\(If)28 b(not)f(y)m(ou)h(should)f(impro)m(v)m(e)283
+1990 y(y)m(our)34 b(rule)e(for)g Fr(repeat)i Fs(S)44
+b Fr(until)34 b Fs(b)6 b Fu(.\))1987 b Fh(2)283 2199
+y Fw(Exercise)37 b(6.25)49 b Fu(*)f(Pro)m(v)m(e)h(the)f(completeness)h
+(of)f(the)g(inference)h(system)g(of)f(T)-8 b(able)47
+b(6.1)283 2319 y(using)31 b(the)h Fs(str)-5 b(ongest)33
+b(p)-5 b(ostc)g(onditions)38 b Fu(of)30 b(Exercise)j(6.22)d(rather)h
+(than)g(the)g(w)m(eak)m(est)j(lib)s(eral)283 2440 y(preconditions)f(as)
+f(used)i(in)e(the)h(pro)s(of)f(of)g(Lemma)f(6.23.)1256
+b Fh(2)283 2648 y Fw(Exercise)37 b(6.26)49 b Fu(De\014ne)42
+b(a)g(notion)f(of)g(v)-5 b(alidit)m(y)40 b(based)j(on)f(the)h
+(denotational)d(seman)m(tics)283 2768 y(of)c(Chapter)h(4)f(and)h(pro)m
+(v)m(e)g(the)g(soundness)i(of)d(the)g(inference)h(system)g(of)f(T)-8
+b(able)36 b(6.1)g(using)283 2889 y(this)46 b(de\014nition,)i(that)e(is)
+f(without)g(using)h(the)g(equiv)-5 b(alence)46 b(b)s(et)m(w)m(een)i
+(the)e(denotational)283 3009 y(seman)m(tics)33 b(and)g(the)g(op)s
+(erational)d(seman)m(tics.)1648 b Fh(2)283 3218 y Fw(Exercise)37
+b(6.27)49 b Fu(Use)34 b(the)f(de\014nition)f(of)g(v)-5
+b(alidit)m(y)31 b(of)i(Exercise)h(6.26)e(and)h(pro)m(v)m(e)i(the)e
+(com-)283 3338 y(pleteness)h(of)f(the)g(inference)g(system)g(of)f(T)-8
+b(able)33 b(6.1.)1441 b Fh(2)283 3624 y Fp(Expressiv)l(eness)47
+b(problems)e(\(in)g(the)h(in)l(tensional)g(approac)l(h\))283
+3809 y Fu(So)34 b(far)f(w)m(e)i(ha)m(v)m(e)g(only)f(considered)g(the)g
+(extensional)g(approac)m(h)g(where)h(the)f(preconditions)283
+3930 y(and)23 b(p)s(ostconditions)f(of)h(the)g(form)m(ulae)e(are)i
+(predicates.)41 b(In)23 b(the)g Fs(intensional)i(appr)-5
+b(o)g(ach)29 b Fu(they)283 4050 y(are)j(form)m(ulae)f(of)g(some)h
+(assertion)g(language)f Ft(L)p Fu(.)43 b(The)33 b(axioms)d(and)i(rules)
+g(of)g(the)g(inference)283 4170 y(system)43 b(will)c(b)s(e)i(as)h(in)e
+(T)-8 b(able)41 b(6.1,)i(the)f(only)f(di\013erence)h(b)s(eing)f(that)g
+(the)g(preconditions)283 4291 y(and)j(p)s(ostconditions)e(are)h(form)m
+(ulae)f(of)g Ft(L)h Fu(and)h(that)f(op)s(erations)f(suc)m(h)i(as)g
+Fs(P)10 b Fu([)p Fs(x)i Ft(7!A)o Fu([)-17 b([)q Fs(a)7
+b Fu(])-17 b(])q(],)283 4411 y Fs(P)359 4426 y Fn(1)432
+4411 y Ft(^)33 b Fs(P)607 4426 y Fn(2)679 4411 y Fu(and)g
+Fs(P)945 4426 y Fn(1)1017 4411 y Ft(\))f Fs(P)1225 4426
+y Fn(2)1298 4411 y Fu(are)g(op)s(erations)g(on)g(form)m(ulae)f(of)h
+Ft(L)p Fu(.)430 4531 y(It)45 b(will)d(b)s(e)j(natural)f(to)h(let)f
+Ft(L)g Fu(include)h(the)g(b)s(o)s(olean)e(expressions)k(of)d
+Fw(While)p Fu(.)79 b(The)283 4652 y(soundness)43 b(pro)s(of)38
+b(of)i(Lemma)e(6.17)h(then)i(carries)e(directly)h(o)m(v)m(er)h(to)e
+(the)h(in)m(tensional)e(ap-)283 4772 y(proac)m(h.)54
+b(Unfortunately)-8 b(,)36 b(this)g(is)f(not)h(the)g(case)h(for)e(the)h
+(completeness)h(pro)s(of)e(of)g(Lemma)283 4893 y(6.23.)43
+b(The)31 b(reason)g(is)f(that)g(the)h(predicates)g(wlp\()p
+Fs(S)12 b Fu(,)30 b Fs(Q)9 b Fu(\))31 b(used)h(as)e(preconditions)g(no)
+m(w)i(ha)m(v)m(e)283 5013 y(to)h(b)s(e)f(represen)m(ted)k(as)c(form)m
+(ulae)f(of)h Ft(L)h Fu(and)f(that)h(this)f(ma)m(y)g(not)h(b)s(e)g(p)s
+(ossible.)430 5133 y(T)-8 b(o)22 b(illustrate)e(the)j(problems)e(let)h
+Fs(S)34 b Fu(b)s(e)22 b(a)g(statemen)m(t,)j(for)d(example)f(a)h(univ)m
+(ersal)g(program)283 5254 y(in)j(the)g(sense)h(of)f(recursion)g(theory)
+-8 b(,)27 b(that)d(has)i(an)e(undecidable)h(Halting)e(problem.)40
+b(F)-8 b(urther,)283 5374 y(supp)s(ose)37 b(that)d Ft(L)g
+Fu(only)h(con)m(tains)f(the)h(b)s(o)s(olean)f(expressions)i(of)e
+Fw(While)p Fu(.)49 b(Finally)-8 b(,)32 b(assume)283 5494
+y(that)h(there)g(is)f(a)g(form)m(ula)f Fs(b)1332 5509
+y Fc(S)1415 5494 y Fu(of)i Ft(L)f Fu(suc)m(h)i(that)e(for)g(all)f
+(states)i Fs(s)p eop
+%%Page: 191 201
+191 200 bop 0 130 a Fw(6.4)112 b(Extensions)37 b(of)h(the)f(axiomatic)f
+(system)1315 b(191)p 0 193 3473 4 v 244 515 a Ft(B)s
+Fu([)-17 b([)q Fs(b)401 530 y Fc(S)452 515 y Fu(])g(])33
+b Fs(s)40 b Fu(=)33 b Fw(tt)e Fu(if)h(and)h(only)f(if)f(wlp\()p
+Fs(S)12 b Fu(,)32 b Fr(false)p Fu(\))i Fs(s)41 b Fu(=)32
+b Fw(tt)0 720 y Fu(Then)i(also)d Ft(:)q Fs(b)568 735
+y Fc(S)651 720 y Fu(is)h(a)g(form)m(ula)f(of)h Ft(L)p
+Fu(.)43 b(W)-8 b(e)33 b(ha)m(v)m(e)244 925 y Ft(B)s Fu([)-17
+b([)q Fs(b)401 940 y Fc(S)452 925 y Fu(])g(])33 b Fs(s)40
+b Fu(=)33 b Fw(tt)e Fu(if)h(and)h(only)f(if)f(the)i(computation)e(of)h
+Fs(S)45 b Fu(on)32 b Fs(s)41 b Fu(lo)s(ops)0 1130 y(and)33
+b(hence)244 1335 y Ft(B)s Fu([)-17 b([)q Ft(:)p Fs(b)467
+1350 y Fc(S)518 1335 y Fu(])g(])33 b Fs(s)41 b Fu(=)32
+b Fw(tt)g Fu(if)f(and)i(only)f(if)f(the)i(computation)e(of)i
+Fs(S)44 b Fu(on)32 b Fs(s)41 b Fu(terminates)0 1540 y(W)-8
+b(e)32 b(no)m(w)h(ha)m(v)m(e)h(a)d(con)m(tradiction:)42
+b(the)33 b(assumptions)f(ab)s(out)f Fs(S)44 b Fu(ensure)34
+b(that)d Ft(B)t Fu([)-17 b([)q Ft(:)p Fs(b)3143 1555
+y Fc(S)3194 1540 y Fu(])g(])32 b(m)m(ust)0 1660 y(b)s(e)48
+b(an)g(undecidable)g(function;)56 b(on)48 b(the)g(other)h(hand)f(T)-8
+b(able)48 b(1.2)g(suggests)h(an)f(ob)m(vious)0 1780 y(algorithm)27
+b(for)i(ev)-5 b(aluating)29 b Ft(B)s Fu([)-17 b([)q Ft(:)p
+Fs(b)1278 1795 y Fc(S)1329 1780 y Fu(])g(].)43 b(Hence)31
+b(our)f(assumption)g(ab)s(out)f(the)i(existence)g(of)f
+Fs(b)3422 1795 y Fc(S)0 1901 y Fu(m)m(ust)j(b)s(e)f(mistak)m(en.)44
+b(Consequen)m(tly)35 b(w)m(e)e(cannot)g(mimic)d(the)j(pro)s(of)e(of)h
+(Lemma)g(6.23.)146 2021 y(The)g(ob)m(vious)f(remedy)g(is)g(to)f(extend)
+i Ft(L)f Fu(to)f(b)s(e)h(a)g(m)m(uc)m(h)g(more)f(p)s(o)m(w)m(erful)h
+(language)f(that)0 2142 y(allo)m(ws)h(quan)m(ti\014cation)f(as)i(w)m
+(ell.)43 b(A)31 b(cen)m(tral)h(concept)h(is)e(that)g
+Ft(L)g Fu(m)m(ust)h(b)s(e)g Fs(expr)-5 b(essive)38 b
+Fu(with)0 2262 y(resp)s(ect)28 b(to)e Fw(While)e Fu(and)j(its)f(seman)m
+(tics,)i(and)e(one)h(then)g(sho)m(ws)h(that)e(T)-8 b(able)26
+b(6.1)g(is)g Fs(r)-5 b(elatively)0 2383 y(c)g(omplete)40
+b Fu(\(in)32 b(the)h(sense)i(of)e(Co)s(ok\).)45 b(It)33
+b(is)g(b)s(ey)m(ond)h(the)g(scop)s(e)g(of)e(this)h(b)s(o)s(ok)g(to)g
+(go)f(deep)s(er)0 2503 y(in)m(to)g(these)i(matters)e(but)h(w)m(e)g(pro)
+m(vide)g(references)i(in)d(Chapter)h(7.)0 2838 y Fj(6.4)161
+b(Extensions)52 b(of)i(the)f(axiomatic)i(system)0 3057
+y Fu(In)40 b(this)g(section)g(w)m(e)h(shall)d(consider)i(t)m(w)m(o)h
+(extensions)g(of)e(the)h(inference)h(system)g(for)e(par-)0
+3178 y(tial)i(correctness)j(assertions.)75 b(The)43 b(\014rst)h
+(extension)f(sho)m(ws)i(ho)m(w)e(the)g(approac)m(h)g(can)g(b)s(e)0
+3298 y(mo)s(di\014ed)29 b(to)h(pro)m(v)m(e)i Fs(total)h(c)-5
+b(orr)g(e)g(ctness)33 b(assertions)k Fu(thereb)m(y)c(allo)m(wing)28
+b(us)j(to)f(reason)h(ab)s(out)0 3418 y(termination)39
+b(prop)s(erties.)68 b(In)42 b(the)f(second)i(extension)f(w)m(e)g
+(consider)f(ho)m(w)h(to)e(extend)j(the)0 3539 y(inference)31
+b(systems)h(to)e(more)g(language)f(constructs,)k(in)c(particular)g
+(recursiv)m(e)j(pro)s(cedures.)0 3950 y Fp(T)-11 b(otal)45
+b(correctness)h(assertions)0 4135 y Fu(W)-8 b(e)33 b(shall)e(no)m(w)i
+(consider)g(form)m(ulae)e(of)h(the)h(form)244 4340 y
+Ft(f)f Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b(+)g Fs(Q)42
+b Ft(g)0 4545 y Fu(The)34 b(idea)d(is)i(that)244 4750
+y Fs(if)53 b Fu(the)33 b(precondition)f Fs(P)43 b Fu(is)32
+b(ful\014lled)244 4917 y Fs(then)40 b(S)k Fu(is)32 b(guaran)m(teed)h
+(to)g(terminate)e(\(as)i(recorded)g(b)m(y)h(the)f(sym)m(b)s(ol)f
+Ft(+)p Fu(\))244 5085 y Fs(and)42 b Fu(the)33 b(\014nal)f(state)h(will)
+d(satisfy)j(the)g(p)s(ostcondition)e Fs(Q)9 b Fu(.)0
+5290 y(This)33 b(is)f(formalized)e(b)m(y)k(de\014ning)e(v)-5
+b(alidit)m(y)31 b(of)h Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)45
+b Ft(f)32 b(+)g Fs(Q)42 b Ft(g)32 b Fu(b)m(y)244 5494
+y Ft(j)-17 b Fu(=)331 5509 y Fn(t)395 5494 y Ft(f)32
+b Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b(+)h Fs(Q)41
+b Ft(g)p eop
+%%Page: 192 202
+192 201 bop 251 130 a Fw(192)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
+419 V 283 2471 4 2053 v 715 528 a Fu([ass)867 543 y Fn(t)900
+528 y Fu(])201 b Ft(f)33 b Fs(P)10 b Fu([)p Fs(x)i Ft(7!A)o
+Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q(])32 b Ft(g)h
+Fs(x)44 b Fu(:=)32 b Fs(a)40 b Ft(f)32 b(+)h Fs(P)43
+b Ft(g)715 696 y Fu([skip)913 711 y Fn(t)945 696 y Fu(])156
+b Ft(f)33 b Fs(P)43 b Ft(g)32 b Fr(skip)i Ft(f)e(+)g
+Fs(P)43 b Ft(g)715 988 y Fu([comp)970 1003 y Fn(t)1002
+988 y Fu(])1138 901 y Ft(f)33 b Fs(P)43 b Ft(g)32 b Fs(S)1479
+916 y Fn(1)1551 901 y Ft(f)g(+)g Fs(Q)42 b Ft(g)p Fu(,)98
+b Ft(f)32 b Fs(Q)42 b Ft(g)32 b Fs(S)2366 916 y Fn(2)2438
+901 y Ft(f)g(+)g Fs(R)37 b Ft(g)p 1138 964 1633 4 v 1499
+1069 a(f)32 b Fs(P)43 b Ft(g)32 b Fs(S)1839 1084 y Fn(1)1879
+1069 y Fu(;)g Fs(S)2005 1084 y Fn(2)2077 1069 y Ft(f)g(+)h
+Fs(R)j Ft(g)715 1327 y Fu([if)800 1342 y Fn(t)831 1327
+y Fu(])1138 1240 y Ft(f)d(B)s Fu([)-17 b([)q Fs(b)6 b
+Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)1805
+1255 y Fn(1)1877 1240 y Ft(f)g(+)g Fs(Q)42 b Ft(g)p Fu(,)130
+b Ft(f)32 b(:)q(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)3109 1255 y
+Fn(2)3181 1240 y Ft(f)g(+)h Fs(Q)41 b Ft(g)p 1138 1303
+2385 4 v 1537 1408 a(f)33 b Fs(P)42 b Ft(g)33 b Fr(if)g
+Fs(b)38 b Fr(then)c Fs(S)2334 1423 y Fn(1)2406 1408 y
+Fr(else)f Fs(S)2710 1423 y Fn(2)2782 1408 y Ft(f)f(+)h
+Fs(Q)41 b Ft(g)715 1666 y Fu([while)965 1681 y Fn(t)996
+1666 y Fu(])1412 1579 y Ft(f)32 b Fs(P)10 b Fu(\()p Fw(z)p
+Fu(+)p Fw(1)p Fu(\))32 b Ft(g)h Fs(S)44 b Ft(f)32 b(+)h
+Fs(P)10 b Fu(\()p Fw(z)p Fu(\))32 b Ft(g)p 1138 1642
+1605 4 v 1138 1747 a(f)h(9)p Fw(z)p Fu(.)p Fs(P)10 b
+Fu(\()p Fw(z)p Fu(\))33 b Ft(g)f Fr(while)i Fs(b)k Fr(do)33
+b Fs(S)45 b Ft(f)32 b(+)g Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33
+b Ft(g)1128 1880 y Fu(where)h Fs(P)10 b Fu(\()p Fw(z)p
+Fu(+)p Fw(1)p Fu(\))33 b Ft(\))f(B)s Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(],)33 b Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33
+b Ft(\))f(:B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])1128
+2048 y(and)33 b Fw(z)f Fu(ranges)h(o)m(v)m(er)h(natural)d(n)m(um)m(b)s
+(ers)j(\(that)e(is)g Fw(z)p Ft(\025)q Fw(0)p Fu(\))715
+2340 y([cons)926 2355 y Fn(t)959 2340 y Fu(])1171 2253
+y Ft(f)g Fs(P)1329 2217 y Fi(0)1385 2253 y Ft(g)h Fs(S)44
+b Ft(f)32 b(+)h Fs(Q)1827 2217 y Fi(0)1883 2253 y Ft(g)p
+1138 2317 795 4 v 1178 2421 a(f)f Fs(P)43 b Ft(g)32 b
+Fs(S)45 b Ft(f)32 b(+)h Fs(Q)41 b Ft(g)2040 2340 y Fu(where)34
+b Fs(P)43 b Ft(\))32 b Fs(P)2639 2304 y Fi(0)2695 2340
+y Fu(and)h Fs(Q)2969 2304 y Fi(0)3025 2340 y Ft(\))f
+Fs(Q)p 3753 2471 4 2053 v 283 2474 3473 4 v 966 2635
+a Fu(T)-8 b(able)32 b(6.2:)43 b(Axiomatic)31 b(system)i(for)f(total)f
+(correctness)283 2900 y(if)h(and)h(only)f(if)527 3074
+y(for)g(all)f(states)i Fs(s)8 b Fu(,)33 b(if)e Fs(P)43
+b(s)e Fu(=)32 b Fw(tt)g Fu(then)h(there)h(exists)f Fs(s)2493
+3038 y Fi(0)2549 3074 y Fu(suc)m(h)h(that)742 3268 y
+Fs(Q)42 b(s)907 3232 y Fi(0)963 3268 y Fu(=)32 b Fw(tt)g
+Fu(and)g Ft(h)p Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)33
+b(!)f Fs(s)1845 3232 y Fi(0)283 3461 y Fu(The)45 b(inference)f(system)h
+(for)e(total)f(correctness)j(assertions)f(is)f(v)m(ery)j(similar)40
+b(to)j(that)g(for)283 3582 y(partial)24 b(correctness)29
+b(assertions,)e(the)g(only)f(di\013erence)g(b)s(eing)g(that)g(the)g
+(rule)g(for)g(the)g Fr(while)p Fu(-)283 3702 y(construct)k(has)e(c)m
+(hanged.)43 b(The)29 b(complete)f(set)h(of)f(axioms)f(and)h(rules)g(is)
+g(giv)m(en)g(in)f(T)-8 b(able)28 b(6.2.)283 3823 y(W)-8
+b(e)33 b(shall)f(write)527 3996 y Ft(`)588 4011 y Fn(t)652
+3996 y Ft(f)h Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b(+)f
+Fs(Q)42 b Ft(g)283 4170 y Fu(if)32 b(there)h(exists)g(an)f(inference)h
+(tree)g(with)f(the)h(form)m(ula)e Ft(f)h Fs(P)43 b Ft(g)32
+b Fs(S)44 b Ft(f)32 b(+)g Fs(Q)42 b Ft(g)32 b Fu(as)h(ro)s(ot,)e(that)h
+(is)283 4291 y(if)g(the)h(form)m(ula)e(is)h(pro)m(v)-5
+b(ably)32 b(in)g(the)h(inference)g(system.)430 4411 y(In)39
+b(the)h(rule)e([while)1184 4426 y Fn(t)1215 4411 y Fu(])h(w)m(e)h(use)g
+(a)f(parameterized)f(family)f Fs(P)10 b Fu(\()p Fw(z)p
+Fu(\))39 b(of)f(predicates)i(for)e(the)283 4531 y(in)m(v)-5
+b(arian)m(t.)40 b(The)25 b(idea)f(is)f(that)h Fw(z)g
+Fu(is)g(the)h(n)m(um)m(b)s(er)f(of)g(unfoldings)f(of)h(the)h
+Fr(while)p Fu(-lo)s(op)e(that)h(will)283 4652 y(b)s(e)35
+b(necessary)-8 b(.)51 b(So)34 b(if)f(the)i Fr(while)p
+Fu(-lo)s(op)e(do)s(es)i(not)f(ha)m(v)m(e)h(to)f(b)s(e)h(unfolded)f(at)g
+(all)e(then)j Fs(P)10 b Fu(\()p Fw(0)p Fu(\))283 4772
+y(holds)32 b(and)g(it)f(m)m(ust)h(imply)e(that)h Fs(b)38
+b Fu(is)32 b(false.)42 b(If)32 b(the)g Fr(while)p Fu(-lo)s(op)g(has)g
+(to)f(b)s(e)i(unfolded)e Fw(z)p Fu(+)p Fw(1)283 4893
+y Fu(times)e(then)g Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p
+Fu(\))29 b(holds)g(and)g Fs(b)35 b Fu(m)m(ust)29 b(hold)f
+Fs(b)-5 b(efor)g(e)36 b Fu(the)29 b(b)s(o)s(dy)h(of)e(the)i(lo)s(op)d
+(is)i(executed;)283 5013 y(then)46 b Fs(P)10 b Fu(\()p
+Fw(z)p Fu(\))45 b(will)e(hold)h Fs(afterwar)-5 b(ds)53
+b Fu(so)45 b(that)g(w)m(e)h(ha)m(v)m(e)g(decreased)h(the)e(total)f(n)m
+(um)m(b)s(er)h(of)283 5133 y(times)33 b(the)h(lo)s(op)e(remains)h(to)g
+(b)s(e)h(unfolded.)47 b(The)34 b(precondition)f(of)g(the)h(conclusion)f
+(of)g(the)283 5254 y(rule)c(expresses)i(that)e(there)g(exists)h(a)e(b)s
+(ound)h(on)g(the)g(n)m(um)m(b)s(er)g(of)f(times)g(the)h(lo)s(op)e(has)i
+(to)g(b)s(e)283 5374 y(unfolded)24 b(and)f(the)h(p)s(ostcondition)e
+(expresses)k(that)d(when)i(the)e Fr(while)p Fu(-lo)s(op)g(has)h
+(terminated)283 5494 y(then)34 b(no)e(more)g(unfoldings)f(are)i
+(necessary)-8 b(.)p eop
+%%Page: 193 203
+193 202 bop 0 130 a Fw(6.4)112 b(Extensions)37 b(of)h(the)f(axiomatic)f
+(system)1315 b(193)p 0 193 3473 4 v 0 515 a(Example)37
+b(6.28)49 b Fu(The)33 b(total)e(correctness)j(of)e(the)h(factorial)d
+(statemen)m(t)i(can)h(b)s(e)g(expressed)0 636 y(b)m(y)g(the)g(follo)m
+(wing)d(assertion:)244 832 y Ft(f)i Fr(x)h Fo(>)f Fr(0)h
+Ft(^)g Fr(x)g Fu(=)f Fr(n)h Ft(g)244 1000 y Fr(y)g Fu(:=)f
+Fr(1)p Fu(;)h Fr(while)h Ft(:)p Fu(\()p Fr(x)p Fu(=)p
+Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p
+Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)g Fr(x)p Ft(\000)p
+Fr(1)p Fu(\))244 1168 y Ft(f)f(+)h Fr(y)f Fu(=)h Fr(n)p
+Fu(!)43 b Ft(g)0 1364 y Fu(where)34 b Fr(y)f Fu(=)f Fr(n)p
+Fu(!)44 b(is)32 b(an)g(abbreviation)g(for)g(the)h(predicate)244
+1561 y Fs(P)43 b Fu(where)34 b Fs(P)42 b(s)f Fu(=)32
+b(\()p Fs(s)41 b Fr(y)33 b Fu(=)f(\()p Fs(s)41 b Fr(n)p
+Fu(\)!\))0 1757 y(In)i(addition)f(to)g(expressing)j(that)d(the)i
+(\014nal)e(v)-5 b(alue)43 b(of)f Fr(y)i Fu(is)e(the)i(factorial)c(of)j
+(the)g(initial)0 1878 y(v)-5 b(alue)31 b(of)g Fr(x)h
+Fu(the)g(assertion)f(also)g(expresses)k(that)c(the)h(program)e(do)s(es)
+i(indeed)g(terminate)e(on)0 1998 y(all)35 b(states)j(satisfying)e(the)h
+(precondition.)56 b(The)37 b(inference)h(of)e(this)h(assertion)g(pro)s
+(ceeds)h(in)0 2119 y(a)c(n)m(um)m(b)s(er)h(of)f(stages.)49
+b(First)33 b(w)m(e)j(de\014ne)f(the)g(predicate)f Fs(INV)19
+b Fu(\()p Fw(z)p Fu(\))34 b(that)g(is)g(going)f(to)g(b)s(e)i(the)0
+2239 y(in)m(v)-5 b(arian)m(t)31 b(of)h(the)h Fr(while)p
+Fu(-lo)s(op)244 2436 y Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32
+b Fs(s)40 b Fu(=)33 b(\()p Fs(s)40 b Fr(x)33 b Fo(>)f
+Fw(0)h Fu(and)g(\()p Fs(s)40 b Fr(y)p Fu(\))33 b Fo(?)f
+Fu(\()p Fs(s)41 b Fr(x)p Fu(\)!)i(=)33 b(\()p Fs(s)40
+b Fr(n)p Fu(\)!)k(and)33 b Fs(s)40 b Fr(x)33 b Fu(=)f
+Fw(z)h Fu(+)f Fw(1)p Fu(\))0 2632 y(W)-8 b(e)33 b(shall)e(\014rst)i
+(consider)g(the)g(b)s(o)s(dy)g(of)f(the)h(lo)s(op.)42
+b(Using)32 b([ass)2349 2647 y Fn(t)2381 2632 y Fu(])h(w)m(e)h(get)244
+2829 y Ft(`)305 2844 y Fn(t)369 2829 y Ft(f)e Fs(INV)19
+b Fu(\()p Fw(z)p Fu(\)[)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(])33 b Ft(g)f Fr(x)h Fu(:=)g Fr(x)p Ft(\000)p
+Fr(1)g Ft(f)g(+)f Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32
+b Ft(g)0 3025 y Fu(Similarly)-8 b(,)29 b(w)m(e)k(get)244
+3222 y Ft(`)305 3237 y Fn(t)369 3222 y Ft(f)f Fu(\()p
+Fs(INV)19 b Fu(\()p Fw(z)p Fu(\)[)p Fr(x)p Ft(7!)o Fr(x)p
+Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p Ft(7!)q Fr(y)p Fo(?)q
+Fr(x)p Fu(])32 b Ft(g)h Fr(y)g Fu(:=)f Fr(y)h Fo(?)f
+Fr(x)h Ft(f)f(+)h Fs(INV)18 b Fu(\()p Fw(z)p Fu(\)[)p
+Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(])34 b Ft(g)0
+3419 y Fu(W)-8 b(e)33 b(can)g(no)m(w)g(apply)f(the)h(rule)f([comp)1436
+3434 y Fn(t)1468 3419 y Fu(])g(to)h(the)g(t)m(w)m(o)g(assertions)g(ab)s
+(o)m(v)m(e)g(and)g(get)244 3615 y Ft(`)305 3630 y Fn(t)369
+3615 y Ft(f)f Fu(\()p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\)[)p
+Fr(x)p Ft(7!)o Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p
+Ft(7!)q Fr(y)p Fo(?)q Fr(x)p Fu(])32 b Ft(g)h Fr(y)g
+Fu(:=)f Fr(y)h Fo(?)f Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p
+Ft(\000)p Fr(1)i Ft(f)e(+)g Fs(INV)19 b Fu(\()p Fw(z)p
+Fu(\))32 b Ft(g)0 3812 y Fu(It)h(is)f(easy)h(to)g(v)m(erify)g(that)244
+4009 y Fs(INV)19 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32
+b Ft(\))g Fu(\()p Fs(INV)18 b Fu(\()p Fw(z)p Fu(\)[)p
+Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p
+Ft(7!)q Fr(y)p Fo(?)p Fr(x)p Fu(])0 4205 y(so)33 b(using)f(the)h(rule)f
+([cons)949 4220 y Fn(t)982 4205 y Fu(])g(w)m(e)i(get)244
+4402 y Ft(`)305 4417 y Fn(t)369 4402 y Ft(f)e Fs(INV)19
+b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Ft(g)g Fr(y)h
+Fu(:=)g Fr(y)f Fo(?)h Fr(x)p Fu(;)g Fr(x)f Fu(:=)h Fr(x)p
+Ft(\000)p Fr(1)g Ft(f)g(+)f Fs(INV)19 b Fu(\()p Fw(z)p
+Fu(\))32 b Ft(g)0 4598 y Fu(It)h(is)f(straigh)m(tforw)m(ard)g(to)g(v)m
+(erify)h(that)244 4795 y Fs(INV)19 b Fu(\()p Fw(0)p Fu(\))32
+b Ft(\))g(:)q Fu(\()p Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p
+Fu(\)\),)h(and)244 4963 y Fs(INV)19 b Fu(\()p Fw(z)p
+Fu(+)p Fw(1)p Fu(\))32 b Ft(\))g(:)p Fu(\()p Fr(x)p Fu(=)p
+Fr(1)p Fu(\))0 5159 y(Therefore)i(w)m(e)f(can)g(use)h(the)f(rule)f
+([while)1546 5174 y Fn(t)1577 5159 y Fu(])g(and)h(get)269
+5327 y Ft(`)330 5342 y Fn(t)394 5327 y Ft(f)f(9)p Fw(z)p
+Fu(.)p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(g)g Fr(while)i
+Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
+Fr(y)f Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f
+Fr(x)p Ft(\000)p Fr(1)p Fu(\))h Ft(f)g(+)f Fs(INV)19
+b Fu(\()p Fw(0)p Fu(\))32 b Ft(g)0 5494 y Fu(W)-8 b(e)33
+b(shall)e(no)m(w)i(apply)g(the)g(axiom)e([ass)1478 5509
+y Fn(t)1510 5494 y Fu(])i(to)f(the)h(statemen)m(t)g Fr(y)g
+Fu(:=)f Fr(1)h Fu(and)g(get)p eop
+%%Page: 194 204
+194 203 bop 251 130 a Fw(194)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
+515 a Ft(`)588 530 y Fn(t)652 515 y Ft(f)33 b Fu(\()p
+Ft(9)p Fw(z)p Fu(.)p Fs(INV)18 b Fu(\()p Fw(z)p Fu(\)\)[)p
+Fr(y)p Ft(7!)p Fr(1)p Fu(])33 b Ft(g)f Fr(y)h Fu(:=)g
+Fr(1)f Ft(f)h(+)f(9)p Fw(z)p Fu(.)p Fs(INV)19 b Fu(\()p
+Fw(z)p Fu(\))32 b Ft(g)283 679 y Fu(so)h(using)f([comp)913
+694 y Fn(t)945 679 y Fu(])g(w)m(e)i(get)527 843 y Ft(`)588
+858 y Fn(t)652 843 y Ft(f)f Fu(\()p Ft(9)p Fw(z)p Fu(.)p
+Fs(INV)18 b Fu(\()p Fw(z)p Fu(\)\)[)p Fr(y)p Ft(7!)p
+Fr(1)p Fu(])33 b Ft(g)652 1011 y Fr(y)g Fu(:=)g Fr(1)p
+Fu(;)f Fr(while)i Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p
+Fu(\))f Fr(do)g Fu(\()p Fr(y)f Fu(:=)h Fr(y)p Fo(?)p
+Fr(x)p Fu(;)g Fr(x)f Fu(:=)h Fr(x)p Ft(\000)p Fr(1)p
+Fu(\))652 1178 y Ft(f)g(+)f Fs(INV)19 b Fu(\()p Fw(0)p
+Fu(\))32 b Ft(g)283 1342 y Fu(Clearly)g(w)m(e)i(ha)m(v)m(e)527
+1506 y Fr(x)f Fo(>)g Fr(0)f Ft(^)h Fr(x)g Fu(=)f Fr(n)h
+Ft(\))f Fu(\()p Ft(9)q Fw(z)p Fu(.)p Fs(INV)18 b Fu(\()p
+Fw(z)p Fu(\)\)[)p Fr(y)p Ft(7!)p Fw(1)p Fu(],)33 b(and)527
+1674 y Fs(INV)19 b Fu(\()p Fw(0)p Fu(\))32 b Ft(\))h
+Fr(y)f Fu(=)h Fr(n)p Fu(!)283 1838 y(so)g(applying)f(rule)g([cons)1208
+1853 y Fn(t)1240 1838 y Fu(])h(w)m(e)g(get)527 2002 y
+Ft(`)588 2017 y Fn(t)652 2002 y Ft(f)g Fr(x)f Fo(>)h
+Fr(0)g Ft(^)g Fr(x)f Fu(=)h Fr(n)g Ft(g)652 2169 y Fr(y)g
+Fu(:=)g(1;)f Fr(while)i Ft(:)p Fu(\()p Fr(x)p Fu(=)p
+Fr(1)p Fu(\))f Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p
+Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
+Fr(1)p Fu(\))652 2337 y Ft(f)h(+)f Fr(y)h Fu(=)f Fr(n)p
+Fu(!)44 b Ft(g)283 2501 y Fu(as)33 b(required.)2902 b
+Fh(2)283 2676 y Fw(Exercise)37 b(6.29)49 b Fu(Suggest)38
+b(a)f(total)f(correctness)k(inference)e(rule)f(for)g
+Fr(repeat)i Fs(S)49 b Fr(until)39 b Fs(b)6 b Fu(.)283
+2797 y(Y)-8 b(ou)31 b(are)g(not)g(allo)m(w)m(ed)f(to)h(rely)g(on)f(the)
+i(existence)g(of)f(a)f Fr(while)p Fu(-construct)j(in)d(the)i(program-)
+283 2917 y(ming)f(language.)2752 b Fh(2)p 283 3093 3473
+5 v 283 3227 a Fw(Lemma)38 b(6.30)49 b Fu(The)28 b(total)f(correctness)
+i(system)g(of)e(T)-8 b(able)28 b(6.2)f(is)g(sound,)j(that)e(is)f(for)g
+(ev)m(ery)283 3348 y(total)32 b(correctness)i(form)m(ula)d
+Ft(f)h Fs(P)43 b Ft(g)32 b Fs(S)45 b Ft(f)32 b(+)g Fs(Q)42
+b Ft(g)32 b Fu(w)m(e)i(ha)m(v)m(e)552 3516 y Ft(`)613
+3531 y Fn(t)677 3516 y Ft(f)f Fs(P)42 b Ft(g)33 b Fs(S)44
+b Ft(f)32 b(+)h Fs(Q)41 b Ft(g)33 b Fu(implies)d Ft(j)-17
+b Fu(=)1843 3531 y Fn(t)1907 3516 y Ft(f)32 b Fs(P)43
+b Ft(g)33 b Fs(S)44 b Ft(f)32 b(+)h Fs(Q)41 b Ft(g)p
+283 3636 V 283 3800 a Fw(Pro)s(of:)35 b Fu(The)c(pro)s(of)f(pro)s
+(ceeds)h(b)m(y)h(induction)d(on)h(the)h(shap)s(e)g(of)f(the)g
+(inference)h(tree)g(just)g(as)283 3920 y(in)h(the)h(pro)s(of)f(of)g
+(Lemma)f(6.17.)283 4088 y Fw(The)j(case)g Fu([ass)893
+4103 y Fn(t)925 4088 y Fu(]:)45 b(W)-8 b(e)34 b(shall)d(pro)m(v)m(e)k
+(that)e(the)g(axiom)f(is)h(v)-5 b(alid,)31 b(so)j(assume)f(that)g
+Fs(s)42 b Fu(is)32 b(suc)m(h)283 4208 y(that)h(\()p Fs(P)10
+b Fu([)p Fs(x)i Ft(7!A)o Fu([)-17 b([)q Fs(a)7 b Fu(])-17
+b(])q(]\))32 b Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(and)h(let)e
+Fs(s)1789 4172 y Fi(0)1845 4208 y Fu(=)i Fs(s)8 b Fu([)p
+Fs(x)k Ft(7!)o(A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q
+Fs(s)8 b Fu(].)44 b(Then)34 b([ass)2950 4223 y Fn(ns)3022
+4208 y Fu(])e(giv)m(es)527 4372 y Ft(h)p Fs(x)44 b Fu(:=)33
+b Fs(a)7 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)g Fs(s)1207
+4336 y Fi(0)283 4536 y Fu(and)h(from)e(\()p Fs(P)10 b
+Fu([)p Fs(x)i Ft(7!A)p Fu([)-17 b([)p Fs(a)7 b Fu(])-17
+b(])q(]\))33 b Fs(s)40 b Fu(=)33 b Fw(tt)f Fu(w)m(e)h(get)g
+Fs(P)43 b(s)2083 4500 y Fi(0)2138 4536 y Fu(=)33 b Fw(tt)f
+Fu(as)g(w)m(as)i(to)e(b)s(e)h(sho)m(wn.)283 4704 y Fw(The)g(case)g
+Fu([skip)937 4719 y Fn(t)969 4704 y Fu(]:)44 b(This)33
+b(case)g(is)f(immediate.)283 4871 y Fw(The)h(case)g Fu([comp)994
+4886 y Fn(t)1026 4871 y Fu(]:)43 b(W)-8 b(e)33 b(assume)g(that)552
+5039 y Ft(j)-17 b Fu(=)639 5054 y Fn(t)703 5039 y Ft(f)33
+b Fs(P)42 b Ft(g)33 b Fs(S)1044 5054 y Fn(1)1116 5039
+y Ft(f)f(+)g Fs(Q)42 b Ft(g)p Fu(,)32 b(and)1957 b(\(*\))552
+5206 y Ft(j)-17 b Fu(=)639 5221 y Fn(t)703 5206 y Ft(f)33
+b Fs(Q)41 b Ft(g)33 b Fs(S)1052 5221 y Fn(2)1123 5206
+y Ft(f)g(+)f Fs(R)37 b Ft(g)2125 b Fu(\(**\))283 5374
+y(and)26 b(w)m(e)h(ha)m(v)m(e)g(to)e(pro)m(v)m(e)i(that)f
+Ft(j)-17 b Fu(=)1480 5389 y Fn(t)1538 5374 y Ft(f)25
+b Fs(P)36 b Ft(g)25 b Fs(S)1857 5389 y Fn(1)1897 5374
+y Fu(;)j Fs(S)2019 5389 y Fn(2)2084 5374 y Ft(f)d(+)g
+Fs(R)30 b Ft(g)p Fu(.)41 b(So)26 b(let)f Fs(s)33 b Fu(b)s(e)26
+b(suc)m(h)h(that)f Fs(P)43 b(s)d Fu(=)33 b Fw(tt)o Fu(.)283
+5494 y(F)-8 b(rom)32 b(\(*\))g(w)m(e)h(get)g(that)f(there)i(exists)f(a)
+f(state)h Fs(s)2101 5458 y Fi(0)2157 5494 y Fu(suc)m(h)h(that)e
+Fs(Q)42 b(s)2753 5458 y Fi(0)2809 5494 y Fu(=)32 b Fw(tt)g
+Fu(and)p eop
+%%Page: 195 205
+195 204 bop 0 130 a Fw(6.4)112 b(Extensions)37 b(of)h(the)f(axiomatic)f
+(system)1315 b(195)p 0 193 3473 4 v 244 515 a Ft(h)p
+Fs(S)350 530 y Fn(1)389 515 y Fu(,)33 b Fs(s)8 b Ft(i)32
+b(!)g Fs(s)748 479 y Fi(0)0 719 y Fu(Since)g Fs(Q)42
+b(s)419 683 y Fi(0)475 719 y Fu(=)32 b Fw(tt)f Fu(w)m(e)j(get)e(from)f
+(\(**\))h(that)g(there)h(exists)g(a)f(state)h Fs(s)2541
+683 y Fi(00)2616 719 y Fu(suc)m(h)h(that)e Fs(R)k(s)3202
+683 y Fi(00)3277 719 y Fu(=)c Fw(tt)0 839 y Fu(and)244
+1042 y Ft(h)p Fs(S)350 1057 y Fn(2)389 1042 y Fu(,)h
+Fs(s)497 1006 y Fi(0)520 1042 y Ft(i)f(!)g Fs(s)771 1006
+y Fi(00)0 1246 y Fu(Using)g([comp)529 1261 y Fn(ns)600
+1246 y Fu(])h(w)m(e)g(therefore)g(get)244 1449 y Ft(h)p
+Fs(S)350 1464 y Fn(1)389 1449 y Fu(;)g Fs(S)516 1464
+y Fn(2)555 1449 y Fu(,)f Fs(s)8 b Ft(i)33 b(!)f Fs(s)914
+1413 y Fi(00)0 1653 y Fu(and)h(since)g Fs(R)j(s)584 1616
+y Fi(00)659 1653 y Fu(=)d Fw(tt)e Fu(w)m(e)j(ha)m(v)m(e)g(\014nished)f
+(this)f(case.)0 1820 y Fw(The)h(case)g Fu([if)541 1835
+y Fn(t)572 1820 y Fu(]:)43 b(Assume)34 b(that)269 1988
+y Ft(j)-17 b Fu(=)356 2003 y Fn(t)420 1988 y Ft(f)32
+b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g
+Fs(P)43 b Ft(g)32 b Fs(S)1086 2003 y Fn(1)1158 1988 y
+Ft(f)g(+)h Fs(Q)42 b Ft(g)p Fu(,)32 b(and)1631 b(\(*\))269
+2155 y Ft(j)-17 b Fu(=)356 2170 y Fn(t)420 2155 y Ft(f)32
+b(:)q(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g
+Fs(P)42 b Ft(g)33 b Fs(S)1153 2170 y Fn(2)1225 2155 y
+Ft(f)f(+)g Fs(Q)42 b Ft(g)0 2323 y Fu(T)-8 b(o)38 b(pro)m(v)m(e)h
+Ft(j)-17 b Fu(=)504 2338 y Fn(t)574 2323 y Ft(f)38 b
+Fs(P)48 b Ft(g)38 b Fr(if)h Fs(b)44 b Fr(then)39 b Fs(S)1404
+2338 y Fn(1)1481 2323 y Fr(else)g Fs(S)1791 2338 y Fn(2)1868
+2323 y Ft(f)f(+)g Fs(Q)47 b Ft(g)38 b Fu(consider)h(a)e(state)i
+Fs(s)46 b Fu(suc)m(h)40 b(that)0 2443 y Fs(P)j(s)d Fu(=)33
+b Fw(tt)o Fu(.)43 b(W)-8 b(e)31 b(ha)m(v)m(e)h(t)m(w)m(o)g(cases.)44
+b(If)31 b Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p
+Fs(s)39 b Fu(=)31 b Fw(tt)e Fu(then)j(\()p Ft(B)s Fu([)-17
+b([)q Fs(b)6 b Fu(])-17 b(])31 b Ft(^)g Fs(P)10 b Fu(\))31
+b Fs(s)39 b Fu(=)31 b Fw(tt)e Fu(and)i(from)f(\(*\))0
+2564 y(w)m(e)k(get)e(that)h(there)g(is)f(a)g(state)h
+Fs(s)1233 2528 y Fi(0)1289 2564 y Fu(suc)m(h)h(that)f
+Fs(Q)41 b(s)1885 2528 y Fi(0)1941 2564 y Fu(=)32 b Fw(tt)g
+Fu(and)244 2767 y Ft(h)p Fs(S)350 2782 y Fn(1)389 2767
+y Fu(,)h Fs(s)8 b Ft(i)32 b(!)g Fs(s)748 2731 y Fi(0)0
+2971 y Fu(F)-8 b(rom)31 b([if)341 2986 y Fn(ns)411 2971
+y Fu(])i(w)m(e)g(then)h(get)244 3174 y Ft(h)p Fr(if)f
+Fs(b)38 b Fr(then)c Fs(S)806 3189 y Fn(1)877 3174 y Fr(else)g
+Fs(S)1182 3189 y Fn(2)1221 3174 y Fu(,)f Fs(s)8 b Ft(i)32
+b(!)g Fs(s)1580 3138 y Fi(0)0 3377 y Fu(as)40 b(w)m(as)h(to)f(b)s(e)g
+(pro)m(v)m(ed.)67 b(If)40 b Ft(B)s Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(])p Fs(s)48 b Fu(=)40 b Fw(\013)h Fu(the)f(result)g(follo)
+m(ws)e(in)i(a)f(similar)e(w)m(a)m(y)k(from)e(the)0 3498
+y(second)34 b(assumption.)0 3665 y Fw(The)f(case)g Fu([while)706
+3680 y Fn(t)737 3665 y Fu(]:)43 b(Assume)34 b(that)269
+3833 y Ft(j)-17 b Fu(=)356 3848 y Fn(t)420 3833 y Ft(f)32
+b Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))33 b Ft(g)f
+Fs(S)44 b Ft(f)33 b(+)f Fs(P)10 b Fu(\()p Fw(z)p Fu(\))33
+b Ft(g)p Fu(,)1810 b(\(*\))269 4001 y Fs(P)10 b Fu(\()p
+Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Ft(\))g(B)t Fu([)-17
+b([)p Fs(b)6 b Fu(])-17 b(])q(,)33 b(and)269 4168 y Fs(P)10
+b Fu(\()p Fw(0)p Fu(\))33 b Ft(\))f(:B)t Fu([)-17 b([)p
+Fs(b)6 b Fu(])-17 b(])0 4336 y(T)-8 b(o)31 b(pro)m(v)m(e)h
+Ft(j)-17 b Fu(=)490 4351 y Fn(t)552 4336 y Ft(f)30 b(9)q
+Fw(z)p Fu(.)p Fs(P)10 b Fu(\()p Fw(z)p Fu(\))30 b Ft(g)h
+Fr(while)h Fs(b)k Fr(do)c Fs(S)42 b Ft(f)30 b(+)h Fs(P)10
+b Fu(\()p Fw(0)p Fu(\))31 b Ft(g)f Fu(it)g(is)g(su\016cien)m(t)i(to)e
+(pro)m(v)m(e)i(that)f(for)0 4456 y(all)f(natural)i(n)m(um)m(b)s(ers)h
+Fw(z)319 4596 y Fu(if)e Fs(P)10 b Fu(\()p Fw(z)p Fu(\))33
+b Fs(s)40 b Fu(=)33 b Fw(tt)e Fu(then)i(there)h(exists)f(a)f(state)h
+Fs(s)2060 4560 y Fi(0)2116 4596 y Fu(suc)m(h)h(that)319
+4764 y Fs(P)10 b Fu(\()p Fw(0)p Fu(\))32 b Fs(s)607 4727
+y Fi(0)663 4764 y Fu(=)h Fw(tt)e Fu(and)i Ft(h)p Fr(while)h
+Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32
+b(!)g Fs(s)2053 4727 y Fi(0)3299 4681 y Fu(\(**\))0 4930
+y(So)46 b(consider)g(a)f(state)h Fs(s)54 b Fu(suc)m(h)47
+b(that)f Fs(P)10 b Fu(\()p Fw(z)p Fu(\))46 b Fs(s)53
+b Fu(=)46 b Fw(tt)p Fu(.)82 b(The)47 b(pro)s(of)e(is)g(no)m(w)h(b)m(y)h
+(n)m(umerical)0 5050 y(induction)32 b(on)g Fw(z)p Fu(.)146
+5171 y(First)i(assume)i(that)f Fw(z)f Fu(=)h Fw(0)p Fu(.)51
+b(The)36 b(assumption)e Fs(P)10 b Fu(\()p Fw(0)p Fu(\))35
+b Ft(\))g(:B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])36
+b(giv)m(es)f(that)g Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(])q Fs(s)43 b Fu(=)0 5291 y Fw(\013)33 b Fu(and)g(from)e([while)768
+5255 y Fn(\013)768 5316 y(ns)838 5291 y Fu(])i(w)m(e)h(get)244
+5494 y Ft(h)p Fr(while)f Fs(b)39 b Fr(do)33 b Fs(S)12
+b Fu(,)32 b Fs(s)8 b Ft(i)33 b(!)f Fs(s)p eop
+%%Page: 196 206
+196 205 bop 251 130 a Fw(196)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
+515 a Fu(Since)33 b Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33
+b Fs(s)41 b Fu(=)32 b Fw(tt)g Fu(this)g(pro)m(v)m(es)i(the)f(base)h
+(case.)430 636 y(F)-8 b(or)27 b(the)i(induction)e(step)j(assume)f(that)
+f(\(**\))g(holds)g(for)f(all)g(states)i(satisfying)e
+Fs(P)10 b Fu(\()p Fw(z)p Fu(\))29 b(and)283 756 y(that)k
+Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Fs(s)41
+b Fu(=)32 b Fw(tt)o Fu(.)44 b(F)-8 b(rom)31 b(\(*\))h(w)m(e)i(get)e
+(that)h(there)g(is)f(a)g(state)h Fs(s)2854 720 y Fi(0)2910
+756 y Fu(suc)m(h)h(that)f Fs(P)10 b Fu(\()p Fw(z)p Fu(\))32
+b Fs(s)3624 720 y Fi(0)3680 756 y Fu(=)283 877 y Fw(tt)g
+Fu(and)527 1081 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b
+Ft(i)32 b(!)g Fs(s)992 1045 y Fi(0)283 1285 y Fu(The)g(n)m(umerical)d
+(induction)h(h)m(yp)s(othesis)h(applied)f(to)g Fs(s)2342
+1249 y Fi(0)2396 1285 y Fu(giv)m(es)h(that)f(there)i(is)e(some)g(state)
+h Fs(s)3713 1249 y Fi(00)283 1406 y Fu(suc)m(h)j(that)f
+Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33 b Fs(s)1004 1370 y
+Fi(00)1079 1406 y Fu(=)f Fw(tt)g Fu(and)527 1610 y Ft(h)p
+Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)1248
+1574 y Fi(0)1271 1610 y Ft(i)g(!)f Fs(s)1523 1574 y Fi(00)283
+1815 y Fu(F)-8 b(urthermore,)30 b(the)g(assumption)f
+Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))30 b Ft(\))f(B)s
+Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])30 b(giv)m(es)g
+Ft(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])q Fs(s)37
+b Fu(=)30 b Fw(tt)p Fu(.)41 b(W)-8 b(e)30 b(can)g(therefore)283
+1935 y(apply)j([while)802 1899 y Fn(tt)802 1960 y(ns)872
+1935 y Fu(])g(and)g(get)f(that)527 2139 y Ft(h)p Fr(while)i
+Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32
+b(!)g Fs(s)1499 2103 y Fi(00)283 2344 y Fu(Since)h Fs(P)10
+b Fu(\()p Fw(0)p Fu(\))33 b Fs(s)827 2308 y Fi(00)902
+2344 y Fu(=)f Fw(tt)g Fu(this)g(completes)h(the)g(pro)s(of)e(of)h
+(\(**\).)283 2511 y Fw(The)h(case)g Fu([cons)950 2526
+y Fn(t)983 2511 y Fu(]:)44 b(Supp)s(ose)33 b(that)527
+2716 y Ft(j)-17 b Fu(=)614 2731 y Fn(t)678 2716 y Ft(f)33
+b Fs(P)837 2680 y Fi(0)893 2716 y Ft(g)f Fs(S)45 b Ft(f)32
+b(+)g Fs(Q)1334 2680 y Fi(0)1390 2716 y Ft(g)p Fu(,)527
+2883 y Fs(P)43 b Ft(\))32 b Fs(P)844 2847 y Fi(0)868
+2883 y Fu(,)h(and)527 3051 y Fs(Q)611 3015 y Fi(0)667
+3051 y Ft(\))f Fs(Q)283 3255 y Fu(T)-8 b(o)31 b(pro)m(v)m(e)h
+Ft(j)-17 b Fu(=)773 3270 y Fn(t)835 3255 y Ft(f)31 b
+Fs(P)41 b Ft(g)30 b Fs(S)43 b Ft(f)30 b(+)h Fs(Q)40 b
+Ft(g)30 b Fu(consider)h(a)f(state)i Fs(s)38 b Fu(suc)m(h)32
+b(that)f Fs(P)41 b(s)e Fu(=)30 b Fw(tt)p Fu(.)42 b(Then)32
+b Fs(P)3547 3219 y Fi(0)3601 3255 y Fs(s)39 b Fu(=)283
+3376 y Fw(tt)32 b Fu(and)h(there)g(is)f(a)h(state)g Fs(s)1309
+3340 y Fi(0)1364 3376 y Fu(suc)m(h)h(that)f Fs(Q)1880
+3340 y Fi(0)1936 3376 y Fs(s)1984 3340 y Fi(0)2040 3376
+y Fu(=)f Fw(tt)g Fu(and)527 3580 y Ft(h)p Fs(S)12 b Fu(,)33
+b Fs(s)8 b Ft(i)32 b(!)g Fs(s)992 3544 y Fi(0)283 3785
+y Fu(Ho)m(w)m(ev)m(er,)j(w)m(e)f(also)e(ha)m(v)m(e)i(that)e
+Fs(Q)42 b(s)1644 3748 y Fi(0)1700 3785 y Fu(=)32 b Fw(tt)g
+Fu(and)g(this)g(pro)m(v)m(es)j(the)e(result.)638 b Fh(2)283
+4098 y Fw(Exercise)37 b(6.31)49 b Fu(Sho)m(w)38 b(that)g(the)g
+(inference)h(rule)e(for)g Fr(repeat)j Fs(S)49 b Fr(until)40
+b Fs(b)j Fu(suggested)d(in)283 4218 y(Exercise)25 b(6.29)e(preserv)m
+(es)j(v)-5 b(alidit)m(y)d(.)38 b(Argue)24 b(that)f(this)g(means)h(that)
+f(the)h(en)m(tire)f(pro)s(of)g(system)283 4338 y(consisting)34
+b(of)g(the)g(axioms)f(and)h(rules)g(of)g(T)-8 b(able)34
+b(6.2)g(together)g(with)g(the)g(rule)g(of)f(Exercise)283
+4459 y(6.29)f(is)g(sound.)2818 b Fh(2)283 4688 y Fw(Exercise)37
+b(6.32)49 b Fu(*)29 b(Pro)m(v)m(e)i(that)e(the)h(inference)g(system)g
+(of)f(T)-8 b(able)29 b(6.2)g(is)g(complete,)g(that)g(is)552
+4856 y Ft(j)-17 b Fu(=)639 4871 y Fn(t)703 4856 y Ft(f)33
+b Fs(P)42 b Ft(g)33 b Fs(S)44 b Ft(f)32 b(+)h Fs(Q)42
+b Ft(g)32 b Fu(implies)e Ft(`)1843 4871 y Fn(t)1907 4856
+y Ft(f)i Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b(+)h
+Fs(Q)41 b Ft(g)1059 b Fh(2)283 5086 y Fw(Exercise)37
+b(6.33)49 b Fu(*)32 b(Pro)m(v)m(e)i(that)527 5290 y(if)e
+Ft(`)678 5305 y Fn(t)742 5290 y Ft(f)g Fs(P)43 b Ft(g)32
+b Fs(S)45 b Ft(f)32 b(+)g Fs(Q)42 b Ft(g)32 b Fu(then)i
+Ft(`)1772 5305 y Fn(p)1848 5290 y Ft(f)f Fs(P)43 b Ft(g)32
+b Fs(S)44 b Ft(f)33 b Fs(Q)41 b Ft(g)283 5494 y Fu(Do)s(es)33
+b(the)g(con)m(v)m(erse)i(result)d(hold?)2099 b Fh(2)p
+eop
+%%Page: 197 207
+197 206 bop 0 130 a Fw(6.4)112 b(Extensions)37 b(of)h(the)f(axiomatic)f
+(system)1315 b(197)p 0 193 3473 4 v 0 515 a Fp(Extensions)46
+b(of)f(While)0 703 y Fu(W)-8 b(e)46 b(conclude)g(b)m(y)g(considering)f
+(an)g(extension)h(of)f Fw(While)f Fu(with)h(non-determinism)e(and)0
+823 y(\(parameterless\))32 b(pro)s(cedures.)45 b(The)34
+b(syn)m(tax)g(of)e(the)h(extended)i(language)c(is)h(giv)m(en)h(b)m(y)
+294 1031 y Fs(S)111 b Fu(::=)100 b Fs(x)44 b Fu(:=)33
+b Fs(a)39 b Ft(j)33 b Fr(skip)g Ft(j)f Fs(S)1429 1046
+y Fn(1)1501 1031 y Fu(;)h Fs(S)1628 1046 y Fn(2)1700
+1031 y Ft(j)f Fr(if)h Fs(b)38 b Fr(then)c Fs(S)2283 1046
+y Fn(1)2355 1031 y Fr(else)f Fs(S)2659 1046 y Fn(2)511
+1199 y Ft(j)151 b Fr(while)34 b Fs(b)k Fr(do)33 b Fs(S)45
+b Ft(j)32 b Fs(S)1424 1214 y Fn(1)1496 1199 y Fr(or)h
+Fs(S)1698 1214 y Fn(2)511 1366 y Ft(j)151 b Fr(begin)34
+b(proc)f Fs(p)39 b Fr(is)33 b Fs(S)1507 1381 y Fn(1)1546
+1366 y Fu(;)g Fs(S)1673 1381 y Fn(2)1744 1366 y Fr(end)h
+Ft(j)e Fr(call)i Fs(p)0 1570 y Fu(Note)h(that)f(in)f
+Fr(begin)j(proc)f Fs(p)41 b Fr(is)35 b Fs(S)1391 1585
+y Fn(1)1430 1570 y Fu(;)g Fs(S)1559 1585 y Fn(2)1633
+1570 y Fr(end)g Fu(the)g(b)s(o)s(dy)f(of)g Fs(p)40 b
+Fu(is)34 b Fs(S)2609 1585 y Fn(1)2683 1570 y Fu(and)g(the)h(remainder)0
+1690 y(of)d(the)h(program)e(is)h Fs(S)834 1705 y Fn(2)874
+1690 y Fu(.)0 1959 y Fw(Non-determinism)0 2146 y Fu(It)41
+b(is)g(straigh)m(tforw)m(ard)f(to)h(handle)g(non-determinism)e(\(in)h
+(the)h(sense)i(of)e(Section)g(2.4\))f(in)0 2267 y(the)f(axiomatic)d
+(approac)m(h.)61 b(The)39 b(idea)f(is)g(that)g(an)g(assertion)h(holds)f
+(for)g Fs(S)2879 2282 y Fn(1)2956 2267 y Fr(or)h Fs(S)3164
+2282 y Fn(2)3242 2267 y Fu(if)e(the)0 2387 y(similar)g(assertion)j
+(holds)g(for)g Fs(S)1230 2402 y Fn(1)1310 2387 y Fu(as)g(w)m(ell)g(as)g
+(for)g Fs(S)1994 2402 y Fn(2)2033 2387 y Fu(.)67 b(The)41
+b(motiv)-5 b(ation)37 b(for)j(this)g(is)g(that)0 2507
+y(when)32 b(reasoning)e(ab)s(out)h(the)g(statemen)m(t)g(w)m(e)h(ha)m(v)
+m(e)h(no)d(w)m(a)m(y)j(of)d(in\015uencing)g(whether)j
+Fs(S)3316 2522 y Fn(1)3386 2507 y Fu(or)0 2628 y Fs(S)67
+2643 y Fn(2)139 2628 y Fu(is)f(c)m(hosen.)45 b(F)-8 b(or)32
+b(partial)e(correctness)35 b(w)m(e)e(th)m(us)h(extend)g(T)-8
+b(able)32 b(6.1)g(with)h(the)g(rule)244 2907 y([or)358
+2922 y Fn(p)401 2907 y Fu(])536 2820 y Ft(f)f Fs(P)43
+b Ft(g)32 b Fs(S)876 2835 y Fn(1)948 2820 y Ft(f)g Fs(Q)42
+b Ft(g)p Fu(,)32 b Ft(f)h Fs(P)43 b Ft(g)32 b Fs(S)1597
+2835 y Fn(2)1669 2820 y Ft(f)g Fs(Q)42 b Ft(g)p 536 2883
+1382 4 v 759 2988 a(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)1100
+3003 y Fn(1)1171 2988 y Fr(or)g Fs(S)1373 3003 y Fn(2)1445
+2988 y Ft(f)g Fs(Q)41 b Ft(g)0 3181 y Fu(F)-8 b(or)32
+b(total)f(correctness)j(w)m(e)g(extend)g(T)-8 b(able)32
+b(6.2)h(with)f(the)h(rule)244 3440 y([or)358 3455 y Fn(t)389
+3440 y Fu(])524 3354 y Ft(f)f Fs(P)43 b Ft(g)32 b Fs(S)864
+3369 y Fn(1)936 3354 y Ft(f)h(+)f Fs(Q)42 b Ft(g)p Fu(,)32
+b Ft(f)g Fs(P)43 b Ft(g)33 b Fs(S)1679 3369 y Fn(2)1750
+3354 y Ft(f)g(+)f Fs(Q)42 b Ft(g)p 524 3417 1569 4 v
+794 3522 a(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)1135 3537
+y Fn(1)1206 3522 y Fr(or)g Fs(S)1408 3537 y Fn(2)1480
+3522 y Ft(f)g(+)f Fs(Q)42 b Ft(g)0 3714 y Fu(When)31
+b(dealing)d(with)h(soundness)j(and)d(completeness)i(of)e(these)i(rules)
+e(one)h(m)m(ust)g(b)s(e)g(careful)0 3835 y(in)c(using)g(a)h(seman)m
+(tics)g(that)g(mo)s(dels)e(\\non-deterministic)g(c)m(hoice")i(in)f(the)
+h(prop)s(er)g(manner.)0 3955 y(W)-8 b(e)28 b(sa)m(w)g(in)f(Section)h
+(2.4)f(that)g(this)g(is)g(the)h(case)h(for)e(structural)g(op)s
+(erational)e(seman)m(tics)j(but)0 4075 y(not)23 b(for)g(natural)f
+(seman)m(tics.)40 b(With)23 b(resp)s(ect)h(to)f(the)h(structural)f(op)s
+(erational)e(seman)m(tics)i(one)0 4196 y(can)33 b(sho)m(w)i(that)e(the)
+g(ab)s(o)m(v)m(e)i(rules)e(are)g(sound)h(and)f(that)g(the)h(resulting)e
+(inference)i(systems)0 4316 y(are)29 b(complete.)42 b(If)29
+b(one)h(insists)f(on)g(using)g(the)h(natural)e(seman)m(tics)h(the)h
+Fr(or)p Fu(-construct)g(w)m(ould)0 4437 y(mo)s(del)35
+b(a)i(kind)g(of)f(\\angelic)f(c)m(hoice")i(and)g(b)s(oth)g(rules)g(w)m
+(ould)f(b)s(e)h(sound.)58 b(Ho)m(w)m(ev)m(er,)40 b(only)0
+4557 y(the)33 b(partial)d(correctness)35 b(inference)e(system)h(will)c
+(b)s(e)j(complete.)0 4825 y Fw(Non-recursiv)m(e)k(pro)s(cedures)0
+5013 y Fu(F)-8 b(or)43 b(the)g(sak)m(e)i(of)e(simplicit)m(y)e(w)m(e)j
+(shall)e(restrict)h(our)h(atten)m(tion)e(to)h(statemen)m(ts)i(with)e
+(at)0 5133 y(most)33 b(one)h(pro)s(cedure)g(declaration.)45
+b(F)-8 b(or)32 b(non-recursiv)m(e)j(pro)s(cedures)g(the)e(idea)g(is)g
+(that)g(an)0 5254 y(assertion)k(that)g(holds)g(for)g(the)h(b)s(o)s(dy)f
+(of)g(the)h(pro)s(cedure)g(also)f(holds)g(for)f(the)i(calls)e(of)h(the)
+0 5374 y(pro)s(cedure.)65 b(This)40 b(motiv)-5 b(ates)38
+b(extending)i(the)g(partial)e(correctness)j(inference)f(system)h(of)0
+5494 y(T)-8 b(able)32 b(6.1)g(with)h(the)g(rule)p eop
+%%Page: 198 208
+198 207 bop 251 130 a Fw(198)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
+577 a Fu([call)702 592 y Fn(p)744 577 y Fu(])992 490
+y Ft(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(Q)42
+b Ft(g)p 879 554 849 4 v 879 658 a(f)32 b Fs(P)43 b Ft(g)32
+b Fr(call)i Fs(p)k Ft(f)33 b Fs(Q)41 b Ft(g)1802 577
+y Fu(where)34 b Fs(p)k Fu(is)32 b(de\014ned)i(b)m(y)g
+Fr(proc)f Fs(p)39 b Fr(is)33 b Fs(S)283 837 y Fu(Similarly)g(the)j
+(inference)h(system)g(for)e(total)g(correctness)j(in)e(T)-8
+b(able)35 b(6.2)h(can)h(b)s(e)f(extended)283 957 y(with)d(the)g(rule)
+527 1194 y([call)702 1209 y Fn(t)732 1194 y Fu(])980
+1108 y Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b(+)f
+Fs(Q)42 b Ft(g)p 867 1171 942 4 v 867 1276 a(f)32 b Fs(P)43
+b Ft(g)33 b Fr(call)g Fs(p)39 b Ft(f)32 b(+)g Fs(Q)42
+b Ft(g)1884 1194 y Fu(where)34 b Fs(p)k Fu(is)32 b(de\014ned)i(b)m(y)g
+Fr(proc)f Fs(p)39 b Fr(is)33 b Fs(S)283 1454 y Fu(In)g(b)s(oth)g(cases)
+h(the)f(resulting)e(inference)i(system)h(can)f(b)s(e)g(pro)m(v)m(ed)h
+(sound)f(and)g(complete.)283 1712 y Fw(Recursiv)m(e)k(pro)s(cedures)283
+1897 y Fu(The)46 b(ab)s(o)m(v)m(e)f(rules)g(turn)f(out)g(to)h(b)s(e)f
+(insu\016cien)m(t)h(when)h(pro)s(cedures)f(are)g(allo)m(w)m(ed)f(to)g
+(b)s(e)283 2018 y(recursiv)m(e:)h(in)30 b(order)i(to)f(pro)m(v)m(e)h
+(an)f(assertion)g(for)g Fr(call)h Fs(p)38 b Fu(one)31
+b(has)h(to)f(pro)m(v)m(e)h(the)g(assertion)283 2138 y(for)h(the)h(b)s
+(o)s(dy)f(of)g(the)g(pro)s(cedure)h(and)g(this)f(implies)d(that)j(one)h
+(has)f(to)g(pro)m(v)m(e)i(an)e(assertion)283 2258 y(ab)s(out)g(eac)m(h)
+g(o)s(ccurrence)h(of)e Fr(call)i Fs(p)k Fu(inside)32
+b(the)h(b)s(o)s(dy)g(and)f(so)h(on.)430 2379 y(Consider)d(\014rst)g
+(the)g(case)g(of)f Fs(p)-5 b(artial)32 b(c)-5 b(orr)g(e)g(ctness)37
+b Fu(assertions.)43 b(In)30 b(order)g(to)f(pro)m(v)m(e)i(some)283
+2499 y(prop)s(ert)m(y)k Ft(f)f Fs(P)45 b Ft(g)34 b Fr(call)h
+Fs(p)40 b Ft(f)34 b Fs(Q)44 b Ft(g)34 b Fu(w)m(e)h(shall)e(pro)m(v)m(e)
+i(the)g(similar)c(prop)s(ert)m(y)k(for)e(the)i(b)s(o)s(dy)f(of)283
+2619 y(the)39 b(pro)s(cedure)g(but)g Fs(under)g(the)h(assumption)g
+(that)48 b Ft(f)37 b Fs(P)49 b Ft(g)38 b Fr(call)h Fs(p)44
+b Ft(f)38 b Fs(Q)47 b Ft(g)38 b Fu(holds)g(for)f(the)283
+2740 y(recursiv)m(e)d(calls)e(of)g Fs(p)6 b Fu(.)43 b(Often)33
+b(this)f(is)g(expressed)k(b)m(y)d(a)f(rule)g(of)h(the)g(form)527
+2996 y([call)702 2960 y Fn(rec)702 3021 y(p)795 2996
+y Fu(])930 2910 y Ft(f)f Fs(P)43 b Ft(g)32 b Fr(call)i
+Fs(p)k Ft(f)33 b Fs(Q)41 b Ft(g)33 b(`)1872 2925 y Fn(p)1947
+2910 y Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)44 b Ft(f)33 b
+Fs(Q)41 b Ft(g)p 930 2973 1640 4 v 1325 3078 a(f)33 b
+Fs(P)42 b Ft(g)33 b Fr(call)g Fs(p)39 b Ft(f)32 b Fs(Q)42
+b Ft(g)920 3234 y Fu(where)34 b Fs(p)k Fu(is)32 b(de\014ned)i(b)m(y)g
+Fr(proc)f Fs(p)39 b Fr(is)33 b Fs(S)283 3430 y Fu(The)49
+b(premise)e(of)g(the)h(rule)f(expresses)j(that)d Ft(f)g
+Fs(P)58 b Ft(g)47 b Fs(S)59 b Ft(f)48 b Fs(Q)56 b Ft(g)47
+b Fu(is)g(pro)m(v)-5 b(able)47 b(under)h(the)283 3551
+y(assumption)32 b(that)f Ft(f)h Fs(P)42 b Ft(g)32 b Fr(call)g
+Fs(p)38 b Ft(f)32 b Fs(Q)41 b Ft(g)31 b Fu(can)h(b)s(e)g(pro)m(v)m(ed)i
+(for)d(the)h(recursiv)m(e)i(calls)c(presen)m(t)283 3671
+y(in)i Fs(S)12 b Fu(.)33 b(The)g(conclusion)f(expresses)k(that)c
+Ft(f)h Fs(P)42 b Ft(g)33 b Fr(call)g Fs(p)39 b Ft(f)32
+b Fs(Q)42 b Ft(g)32 b Fu(holds)g(for)g(all)f(calls)g(of)h
+Fs(p)6 b Fu(.)283 3890 y Fw(Example)37 b(6.34)49 b Fu(Consider)33
+b(the)g(follo)m(wing)d(statemen)m(t)527 4086 y Fr(begin)k(proc)g(fac)f
+(is)g Fu(\()p Fr(if)g(x)g Fu(=)f Fr(1)h(then)h(skip)1413
+4254 y(else)g Fu(\()p Fr(y)e Fu(:=)h Fr(x)p Fo(?)p Fr(y)p
+Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(;)i
+Fr(call)f(fac)p Fu(\)\);)816 4421 y Fr(y)g Fu(:=)f Fr(1)p
+Fu(;)h Fr(call)h(fac)527 4589 y(end)283 4785 y Fu(W)-8
+b(e)33 b(w)m(an)m(t)g(to)f(pro)m(v)m(e)h(that)f(the)g(\014nal)f(v)-5
+b(alue)32 b(of)f Fr(y)i Fu(is)e(the)i(factorial)c(of)j(the)g(initial)d
+(v)-5 b(alue)31 b(of)h Fr(x)p Fu(.)283 4906 y(W)-8 b(e)33
+b(shall)f(pro)m(v)m(e)h(that)527 5102 y Ft(f)g Fr(x)f
+Fo(>)h Fr(0)g Ft(^)g Fr(n)f Fu(=)h Fr(y)g Fo(?)f Fr(x)p
+Fu(!)44 b Ft(g)32 b Fr(call)h(fac)h Ft(f)e Fr(y)h Fu(=)f
+Fr(n)h Ft(g)283 5298 y Fu(where)h Fr(x)f Fo(>)f Fr(0)h
+Ft(^)g Fr(n)g Fu(=)f Fr(y)h Fo(?)f Fr(x)p Fu(!)44 b(is)32
+b(an)h(abbreviation)e(for)h(the)h(predicate)g Fs(P)43
+b Fu(de\014ned)34 b(b)m(y)527 5494 y Fs(P)43 b(s)e Fu(=)32
+b(\()p Fs(s)41 b Fr(x)33 b Fo(>)f Fw(0)g Fu(and)h Fs(s)41
+b Fr(n)33 b Fu(=)f Fs(s)41 b Fr(y)32 b Fo(?)h Fu(\()p
+Fs(s)40 b Fr(x)p Fu(\)!\))p eop
+%%Page: 199 209
+199 208 bop 0 130 a Fw(6.4)112 b(Extensions)37 b(of)h(the)f(axiomatic)f
+(system)1315 b(199)p 0 193 3473 4 v 0 515 a Fu(W)-8 b(e)33
+b(assume)g(that)269 683 y Ft(`)330 698 y Fn(p)405 683
+y Ft(f)g Fr(x)g Fo(>)f Fr(0)h Ft(^)g Fr(n)f Fu(=)h Fr(y)g
+Fo(?)f Fr(x)p Fu(!)44 b Ft(g)32 b Fr(call)i(fac)f Ft(f)f
+Fr(y)h Fu(=)f Fr(n)h Ft(g)1092 b Fu(\(*\))0 851 y(holds)32
+b(for)g(the)h(recursiv)m(e)h(calls)e(of)g Fr(fac)p Fu(.)44
+b(W)-8 b(e)33 b(shall)e(then)i(construct)h(a)e(pro)s(of)g(of)319
+1010 y Ft(f)g Fr(x)h Fo(>)f Fr(0)h Ft(^)g Fr(n)g Fu(=)f
+Fr(y)h Fo(?)f Fr(x)p Fu(!)44 b Ft(g)319 1177 y Fr(if)33
+b(x)f Fu(=)h Fr(1)g(then)g(skip)h(else)f Fu(\()p Fr(y)g
+Fu(:=)g Fr(x)p Fo(?)p Fr(y)p Fu(;)f Fr(x)h Fu(:=)g Fr(x)p
+Ft(\000)p Fr(1)p Fu(;)g Fr(call)h(fac)p Fu(\))319 1345
+y Ft(f)e Fr(y)h Fu(=)f Fr(n)h Ft(g)3299 1178 y Fu(\(**\))0
+1511 y(and,)42 b(using)e([call)664 1475 y Fn(rec)664
+1536 y(p)757 1511 y Fu(])g(w)m(e)h(obtain)e(a)h(pro)s(of)f(of)h(\(*\))f
+(for)h(all)e(o)s(ccurrences)k(of)d Fr(call)j(fac)p Fu(.)66
+b(T)-8 b(o)0 1632 y(pro)m(v)m(e)34 b(\(**\))e(w)m(e)h(\014rst)g(use)h
+(the)f(assumption)f(\(*\))g(to)g(get)244 1856 y Ft(`)305
+1871 y Fn(p)381 1856 y Ft(f)g Fr(x)h Fo(>)f Fr(0)h Ft(^)g
+Fr(n)g Fu(=)f Fr(y)h Fo(?)f Fr(x)p Fu(!)44 b Ft(g)32
+b Fr(call)i(fac)f Ft(f)f Fr(y)h Fu(=)g Fr(n)f Ft(g)0
+2080 y Fu(Then)i(w)m(e)f(apply)g([ass)819 2095 y Fn(p)863
+2080 y Fu(])f(and)h([comp)1367 2095 y Fn(p)1410 2080
+y Fu(])g(t)m(wice)g(and)f(get)244 2303 y Ft(`)305 2318
+y Fn(p)381 2303 y Ft(f)g Fu(\(\()p Fr(x)h Fo(>)f Fr(0)h
+Ft(^)g Fr(n)g Fu(=)f Fr(y)h Fo(?)f Fr(x)p Fu(!\)[)p Fr(x)p
+Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p Fr(y)p Ft(7!)q
+Fr(x)p Fo(?)p Fr(y)p Fu(])h Ft(g)381 2471 y Fr(y)f Fu(:=)h
+Fr(x)p Fo(?)p Fr(y)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
+Fr(1)p Fu(;)i Fr(call)f(fac)381 2639 y Ft(f)f Fr(y)h
+Fu(=)f Fr(n)h Ft(g)0 2863 y Fu(W)-8 b(e)33 b(ha)m(v)m(e)268
+3030 y Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Ft(^)f
+Fu(\()p Fr(x)g Fo(>)g Fr(0)g Ft(^)g Fr(n)g Fu(=)g Fr(y)g
+Fo(?)f Fr(x)p Fu(!\))44 b Ft(\))31 b Fu(\(\()p Fr(x)h
+Fo(>)g Fr(0)g Ft(^)g Fr(n)g Fu(=)g Fr(y)g Fo(?)g Fr(x)p
+Fu(!\)[)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(]\)[)p
+Fr(y)p Ft(7!)q Fr(x)p Fo(?)p Fr(y)p Fu(])0 3198 y(so)h(using)f([cons)
+586 3213 y Fn(p)630 3198 y Fu(])h(w)m(e)h(get)244 3422
+y Ft(`)305 3437 y Fn(p)381 3422 y Ft(f)e(:)p Fu(\()p
+Fr(x)p Fu(=)p Fr(1)p Fu(\))h Ft(^)g Fu(\()p Fr(x)g Fo(>)f
+Fr(0)h Ft(^)g Fr(n)g Fu(=)f Fr(y)h Fo(?)f Fr(x)p Fu(!\))44
+b Ft(g)381 3589 y Fr(y)32 b Fu(:=)h Fr(x)p Fo(?)p Fr(y)p
+Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(;)i
+Fr(call)f(fac)381 3757 y Ft(f)f Fr(y)h Fu(=)f Fr(n)h
+Ft(g)0 3981 y Fu(Using)f(that)244 4205 y Fr(x)p Fu(=)p
+Fr(1)h Ft(^)g Fr(x)g Fo(>)f Fr(0)h Ft(^)g Fr(n)f Fu(=)h
+Fr(y)g Fo(?)f Fr(x)p Fu(!)44 b Ft(\))32 b Fr(y)h Fu(=)f
+Fr(n)0 4429 y Fu(it)g(is)g(easy)h(to)f(pro)m(v)m(e)244
+4652 y Ft(`)305 4667 y Fn(p)381 4652 y Ft(f)g Fr(x)p
+Fu(=)p Fr(1)h Ft(^)g Fr(x)g Fo(>)f Fr(0)h Ft(^)g Fr(n)f
+Fu(=)h Fr(y)g Fo(?)f Fr(x)p Fu(!)44 b Ft(g)32 b Fr(skip)i
+Ft(f)e Fr(y)h Fu(=)f Fr(n)h Ft(g)0 4876 y Fu(so)g([if)205
+4891 y Fn(p)247 4876 y Fu(])g(can)g(b)s(e)f(applied)g(and)g(giv)m(es)h
+(a)g(pro)s(of)e(of)i(\(**\).)1361 b Fh(2)146 5133 y Fu(T)-8
+b(able)31 b(6.1)g(extended)j(with)d(the)g(rule)g([call)1739
+5097 y Fn(rec)1739 5158 y(p)1832 5133 y Fu(])h(can)f(b)s(e)h(pro)m(v)m
+(ed)h(to)e(b)s(e)g(sound.)44 b(Ho)m(w)m(ev)m(er,)0 5254
+y(in)28 b(order)i(to)e(get)i(a)e(completeness)i(result)g(the)f
+(inference)h(system)g(has)f(to)g(b)s(e)h(extended)h(with)0
+5374 y(additional)f(rules.)43 b(T)-8 b(o)33 b(illustrate)d(wh)m(y)k
+(this)e(is)g(necessary)j(consider)e(the)g(follo)m(wing)d(v)m(ersion)0
+5494 y(of)i(the)h(factorial)d(program:)p eop
+%%Page: 200 210
+200 209 bop 251 130 a Fw(200)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
+515 a Fr(begin)34 b(proc)g(fac)f(is)g(if)g(x)p Fu(=)p
+Fr(1)g(then)h(y)e Fu(:=)h Fr(1)1375 683 y(else)h Fu(\()p
+Fr(x)e Fu(:=)h Fr(x)p Ft(\000)p Fr(1)p Fu(;)h Fr(call)f(fac)p
+Fu(;)h Fr(x)e Fu(:=)h Fr(x)p Fu(+)p Fr(1)p Fu(;)g Fr(y)g
+Fu(:=)f Fr(x)p Fo(?)p Fr(y)p Fu(\);)816 851 y Fr(call)i(fac)527
+1018 y(end)283 1223 y Fu(Assume)h(that)f(w)m(e)h(w)m(an)m(t)f(to)g(pro)
+m(v)m(e)h(that)e(this)h(program)e(do)s(es)i(not)g(c)m(hange)h(the)f(v)
+-5 b(alue)33 b(of)h Fr(x)p Fu(,)283 1344 y(that)f(is)552
+1511 y Ft(f)g Fr(x)f Fu(=)h Fr(n)f Ft(g)h Fr(call)g(fac)h
+Ft(f)e Fr(x)h Fu(=)f Fr(n)h Ft(g)1806 b Fu(\(*\))283
+1679 y(In)32 b(order)g(to)g(do)f(that)h(w)m(e)g(assume)g(that)g(w)m(e)h
+(ha)m(v)m(e)g(a)e(pro)s(of)g(of)g(\(*\))g(for)g(the)h(recursiv)m(e)h
+(call)d(of)283 1799 y Fr(fac)c Fu(and)f(w)m(e)h(ha)m(v)m(e)g(to)f
+(construct)h(a)e(pro)s(of)g(of)h(the)g(prop)s(ert)m(y)h(for)e(the)h(b)s
+(o)s(dy)g(of)g(the)g(pro)s(cedure.)283 1920 y(It)33 b(seems)h(that)e
+(in)g(order)g(to)h(do)f(so)h(w)m(e)h(m)m(ust)e(construct)i(a)e(pro)s
+(of)g(of)527 2125 y Ft(f)h Fr(x)f Fu(=)h Fr(n)p Ft(\000)p
+Fr(1)g Ft(g)g Fr(call)g(fac)h Ft(f)e Fr(x)h Fu(=)f Fr(n)p
+Ft(\000)p Fr(1)i Ft(g)283 2330 y Fu(and)h(there)h(are)e(no)h(axioms)f
+(and)g(rules)h(that)g(allo)m(w)e(us)i(to)g(obtain)e(suc)m(h)j(a)f(pro)s
+(of)f(from)f(\(*\).)283 2451 y(Ho)m(w)m(ev)m(er,)h(w)m(e)d(shall)e(not)
+h(go)f(further)i(in)m(to)e(this,)i(but)f(Chapter)h(7)f(will)e(pro)m
+(vide)j(appropriate)283 2571 y(references.)430 2692 y(The)36
+b(case)h(of)e Fs(total)j(c)-5 b(orr)g(e)g(ctness)44 b
+Fu(is)35 b(sligh)m(tly)f(more)h(complicated)f(b)s(ecause)j(w)m(e)g(ha)m
+(v)m(e)g(to)283 2812 y(b)s(ound)c(the)g(n)m(um)m(b)s(er)g(of)f
+(recursiv)m(e)i(calls.)43 b(The)33 b(rule)f(adopted)h(is)527
+3077 y([call)702 3041 y Fn(rec)702 3102 y(t)795 3077
+y Fu(])930 2991 y Ft(f)f Fs(P)10 b Fu(\()p Fw(z)p Fu(\))33
+b Ft(g)f Fr(call)i Fs(p)k Ft(f)32 b(+)h Fs(Q)41 b Ft(g)33
+b(`)2091 3006 y Fn(t)2155 2991 y Ft(f)f Fs(P)10 b Fu(\()p
+Fw(z)p Fu(+)p Fw(1)p Fu(\))33 b Ft(g)f Fs(S)44 b Ft(f)33
+b(+)f Fs(Q)42 b Ft(g)p 930 3054 2198 4 v 1429 3159 a(f)32
+b(9)p Fw(z)p Fu(.)p Fs(P)10 b Fu(\()p Fw(z)p Fu(\))33
+b Ft(g)f Fr(call)i Fs(p)k Ft(f)33 b(+)f Fs(Q)42 b Ft(g)920
+3315 y Fu(where)34 b Ft(:)p Fs(P)10 b Fu(\()p Fw(0)p
+Fu(\))33 b(holds)920 3483 y(and)f Fw(z)h Fu(ranges)g(o)m(v)m(er)g(the)g
+(natural)f(n)m(um)m(b)s(ers)h(\(that)g(is)f Fw(z)p Ft(\025)p
+Fw(0)p Fu(\))920 3651 y(and)g(where)i Fs(p)39 b Fu(is)32
+b(de\014ned)i(b)m(y)f Fr(proc)h Fs(p)k Fr(is)33 b Fs(S)283
+3856 y Fu(The)49 b(premise)e(of)f(this)h(rule)g(expresses)j(that)d(if)f
+(w)m(e)i(assume)g(that)f(w)m(e)h(ha)m(v)m(e)h(a)e(pro)s(of)f(of)283
+3976 y Ft(f)33 b Fs(P)10 b Fu(\()p Fw(z)p Fu(\))32 b
+Ft(g)h Fr(call)g Fs(p)39 b Ft(f)32 b(+)g Fs(Q)42 b Ft(g)e
+Fu(for)g(all)f(recursiv)m(e)j(calls)d(of)h Fs(p)46 b
+Fu(of)40 b(depth)h(at)g(most)e Fw(z)i Fu(then)g(w)m(e)283
+4097 y(can)33 b(pro)m(v)m(e)g Ft(f)f Fs(P)10 b Fu(\()p
+Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Ft(g)g Fs(S)44 b Ft(f)32
+b(+)g Fs(Q)42 b Ft(g)p Fu(.)h(The)33 b(conclusion)f(expresses)j(that)d
+(for)f(an)m(y)i(depth)g(of)283 4217 y(recursiv)m(e)h(calls)e(w)m(e)h
+(ha)m(v)m(e)h(a)f(pro)s(of)e(of)h Ft(f)h(9)p Fw(z)p Fu(.)p
+Fs(P)10 b Fu(\()p Fw(z)p Fu(\))33 b Ft(g)f Fr(call)h
+Fs(p)39 b Ft(f)32 b(+)h Fs(Q)41 b Ft(g)p Fu(.)430 4338
+y(The)28 b(inference)g(system)h(of)d(T)-8 b(able)28 b(6.2)f(extended)i
+(with)e(the)h(rule)f([call)3023 4302 y Fn(rec)3023 4362
+y(t)3116 4338 y Fu(])g(can)h(b)s(e)f(pro)m(v)m(ed)283
+4458 y(to)i(b)s(e)f(sound.)43 b(If)28 b(it)g(is)g(extended)i(with)e
+(additional)e(rules)i(\(as)g(discussed)j(ab)s(o)m(v)m(e\))e(it)e(can)i
+(also)283 4579 y(b)s(e)k(pro)m(v)m(ed)h(to)f(b)s(e)f(complete.)283
+4914 y Fj(6.5)161 b(Assertions)52 b(for)i(execution)f(time)283
+5133 y Fu(A)42 b(pro)s(of)e(system)i(for)f(total)e(correctness)44
+b(can)d(b)s(e)g(used)i(to)d(pro)m(v)m(e)j(that)e(a)g(program)e(do)s(es)
+283 5254 y(indeed)46 b(terminate)e(but)h(it)f(do)s(es)i(not)e(sa)m(y)j
+(ho)m(w)e(man)m(y)g(resources)i(it)d(needs)j(in)d(order)h(to)283
+5374 y(terminate.)c(W)-8 b(e)30 b(shall)d(no)m(w)i(sho)m(w)h(ho)m(w)f
+(to)g(extend)h(the)f(total)e(correctness)k(pro)s(of)d(system)h(of)283
+5494 y(T)-8 b(able)33 b(6.2)f(to)g(pro)m(v)m(e)i Fs(the)h(or)-5
+b(der)34 b(of)h(magnitude)f(of)h(the)g(exe)-5 b(cution)34
+b(time)40 b Fu(of)32 b(a)g(statemen)m(t.)p eop
+%%Page: 201 211
+201 210 bop 0 130 a Fw(6.5)112 b(Assertions)37 b(for)g(execution)g
+(time)1606 b(201)p 0 193 3473 4 v 146 515 a Fu(It)39
+b(is)e(easy)i(to)f(giv)m(e)g(some)g(informal)d(guidelines)i(for)h(ho)m
+(w)g(to)g(determine)g(the)h(order)f(of)0 636 y(magnitude)31
+b(of)h(execution)i(time:)0 813 y Fw(assignmen)m(t:)49
+b Fu(the)33 b(execution)g(time)e(is)h Ft(O)s Fu(\()p
+Fw(1)p Fu(\),)h(that)f(is,)g(it)g(is)g(b)s(ounded)h(b)m(y)h(a)e
+(constan)m(t,)0 1007 y Fw(skip:)49 b Fu(the)33 b(execution)g(time)e(is)
+h Ft(O)s Fu(\()p Fw(1)p Fu(\),)0 1202 y Fw(comp)s(osition:)47
+b Fu(the)35 b(execution)h(time)d(is,)i(to)f(within)g(a)g(constan)m(t)i
+(factor,)f(the)g(sum)g(of)f(the)244 1322 y(execution)f(times)f(of)g
+(eac)m(h)h(of)f(the)i(statemen)m(ts,)0 1517 y Fw(conditional:)47
+b Fu(the)30 b(execution)h(time)d(is,)i(to)g(within)e(a)i(constan)m(t)g
+(factor,)g(the)h(largest)e(of)g(the)244 1637 y(execution)k(times)f(of)g
+(the)h(t)m(w)m(o)g(branc)m(hes,)i(and)0 1832 y Fw(iteration:)47
+b Fu(the)30 b(execution)f(time)f(of)h(the)g(lo)s(op)f(is,)h(to)g
+(within)f(a)h(constan)m(t)g(factor,)h(the)f(sum,)244
+1952 y(o)m(v)m(er)34 b(all)c(iterations)h(round)i(the)g(lo)s(op,)e(of)h
+(the)h(time)e(to)i(execute)h(the)f(b)s(o)s(dy)-8 b(.)0
+2129 y(The)26 b(idea)f(no)m(w)h(is)f(to)f(formalize)f(these)k(rules)e
+(b)m(y)h(giving)e(an)h(inference)h(system)g(for)f(reasoning)0
+2250 y(ab)s(out)32 b(execution)h(times.)43 b(T)-8 b(o)33
+b(do)f(so)h(w)m(e)g(shall)f(pro)s(ceed)h(in)f(three)h(stages:)145
+2427 y Ft(\017)49 b Fu(\014rst)42 b(w)m(e)g(sp)s(ecify)f(the)h(exact)g
+(time)e(needed)j(to)e(ev)-5 b(aluate)40 b(arithmetic)g(and)h(b)s(o)s
+(olean)244 2547 y(expressions,)145 2742 y Ft(\017)49
+b Fu(next)37 b(w)m(e)f(extend)h(the)g(natural)d(seman)m(tics)i(of)f
+(Chapter)i(2)e(to)h(coun)m(t)g(the)g(exact)h(exe-)244
+2862 y(cution)32 b(time,)f(and)145 3057 y Ft(\017)49
+b Fu(\014nally)40 b(w)m(e)j(extend)g(the)g(total)d(correctness)k(pro)s
+(of)d(system)h(to)g(pro)m(v)m(e)h(the)f(order)g(of)244
+3177 y(magnitude)31 b(of)h(the)h(execution)h(time)d(of)h(statemen)m
+(ts.)0 3354 y(Ho)m(w)m(ev)m(er,)f(b)s(efore)c(addressing)h(these)g
+(issues)h(w)m(e)f(ha)m(v)m(e)h(to)e(\014x)h(a)f Fs(c)-5
+b(omputational)29 b(mo)-5 b(del)p Fu(,)28 b(that)0 3475
+y(is)43 b(w)m(e)i(ha)m(v)m(e)g(to)e(determine)h(ho)m(w)g(to)f(coun)m(t)
+i(the)f(cost)g(of)f(the)h(v)-5 b(arious)43 b(op)s(erations.)76
+b(The)0 3595 y(actual)36 b(c)m(hoice)i(is)e(not)i(so)f(imp)s(ortan)m(t)
+e(but)j(for)e(the)i(sak)m(e)g(of)f(simplicit)m(y)e(w)m(e)j(ha)m(v)m(e)g
+(based)g(it)0 3715 y(up)s(on)44 b(the)h(abstract)g(mac)m(hine)f(of)g
+(Chapter)h(3.)79 b(The)46 b(idea)e(is)g(that)g(eac)m(h)h(instruction)f
+(of)0 3836 y(the)38 b(mac)m(hine)e(tak)m(es)j(one)e(time)f(unit)h(and)g
+(the)h(time)e(required)h(to)g(execute)i(an)e(arithmetic)0
+3956 y(expression,)27 b(a)c(b)s(o)s(olean)f(expression)i(or)f(a)g
+(statemen)m(t)h(will)d(b)s(e)j(the)g(time)e(required)h(to)g(execute)0
+4077 y(the)29 b(generated)g(co)s(de.)43 b(Ho)m(w)m(ev)m(er,)32
+b(no)c(kno)m(wledge)i(of)e(Chapter)h(3)f(is)g(required)i(in)d(the)i
+(sequel.)0 4361 y Fp(Exact)46 b(execution)f(times)h(for)f(expressions)0
+4546 y Fu(The)34 b(time)d(needed)j(to)e(ev)-5 b(aluate)32
+b(an)h(arithmetic)d(expression)k(is)e(giv)m(en)h(b)m(y)g(a)g(function)
+244 4723 y Ft(T)25 b(A)p Fu(:)43 b Fw(Aexp)33 b Ft(!)f
+Fw(Z)0 4900 y Fu(so)24 b Ft(T)i(A)p Fu([)-17 b([)p Fs(a)7
+b Fu(])-17 b(])25 b(is)f(the)h(n)m(um)m(b)s(er)f(of)g(time)f(units)h
+(required)h(to)f(ev)-5 b(aluate)23 b Fs(a)32 b Fu(in)23
+b(an)m(y)i(state.)41 b(Similarly)-8 b(,)0 5020 y(the)33
+b(function)244 5197 y Ft(T)25 b(B)t Fu(:)43 b Fw(Bexp)33
+b Ft(!)f Fw(Z)0 5374 y Fu(determines)41 b(the)f(n)m(um)m(b)s(er)h(of)f
+(time)f(units)h(required)h(to)f(ev)-5 b(aluate)40 b(a)g(b)s(o)s(olean)f
+(expression.)0 5494 y(These)34 b(functions)f(are)f(de\014ned)i(in)e(T)
+-8 b(able)33 b(6.3.)p eop
+%%Page: 202 212
+202 211 bop 251 130 a Fw(202)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
+419 V 283 2313 4 1894 v 715 528 a Ft(T)26 b(A)o Fu([)-17
+b([)q Fs(n)7 b Fu(])-17 b(])374 b(=)100 b Fw(1)715 696
+y Ft(T)26 b(A)o Fu([)-17 b([)q Fs(x)12 b Fu(])-17 b(])379
+b(=)100 b Fw(1)715 863 y Ft(T)26 b(A)o Fu([)-17 b([)q
+Fs(a)969 878 y Fn(1)1041 863 y Fu(+)33 b Fs(a)1207 878
+y Fn(2)1246 863 y Fu(])-17 b(])102 b(=)e Ft(T)25 b(A)p
+Fu([)-17 b([)p Fs(a)1814 878 y Fn(1)1854 863 y Fu(])g(])33
+b(+)g Ft(T)25 b(A)p Fu([)-17 b([)p Fs(a)2286 878 y Fn(2)2326
+863 y Fu(])g(])33 b(+)g Fw(1)715 1031 y Ft(T)26 b(A)o
+Fu([)-17 b([)q Fs(a)969 1046 y Fn(1)1041 1031 y Fo(?)33
+b Fs(a)1180 1046 y Fn(2)1219 1031 y Fu(])-17 b(])129
+b(=)100 b Ft(T)25 b(A)p Fu([)-17 b([)p Fs(a)1814 1046
+y Fn(1)1854 1031 y Fu(])g(])33 b(+)g Ft(T)25 b(A)p Fu([)-17
+b([)p Fs(a)2286 1046 y Fn(2)2326 1031 y Fu(])g(])33 b(+)g
+Fw(1)715 1199 y Ft(T)26 b(A)o Fu([)-17 b([)q Fs(a)969
+1214 y Fn(1)1041 1199 y Ft(\000)33 b Fs(a)1208 1214 y
+Fn(2)1248 1199 y Fu(])-17 b(])100 b(=)g Ft(T)25 b(A)p
+Fu([)-17 b([)p Fs(a)1814 1214 y Fn(1)1854 1199 y Fu(])g(])33
+b(+)g Ft(T)25 b(A)p Fu([)-17 b([)p Fs(a)2286 1214 y Fn(2)2326
+1199 y Fu(])g(])33 b(+)g Fw(1)715 1414 y Ft(T)26 b(B)s
+Fu([)-17 b([)q Fr(true)p Fu(])g(])243 b(=)100 b Fw(1)715
+1581 y Ft(T)26 b(B)s Fu([)-17 b([)q Fr(false)p Fu(])g(])192
+b(=)100 b Fw(1)715 1749 y Ft(T)26 b(B)s Fu([)-17 b([)q
+Fs(a)958 1764 y Fn(1)1030 1749 y Fu(=)33 b Fs(a)1196
+1764 y Fn(2)1235 1749 y Fu(])-17 b(])113 b(=)100 b Ft(T)25
+b(A)p Fu([)-17 b([)p Fs(a)1814 1764 y Fn(1)1854 1749
+y Fu(])g(])33 b(+)g Ft(T)25 b(A)p Fu([)-17 b([)p Fs(a)2286
+1764 y Fn(2)2326 1749 y Fu(])g(])33 b(+)g Fw(1)715 1916
+y Ft(T)26 b(B)s Fu([)-17 b([)q Fs(a)958 1931 y Fn(1)1030
+1916 y Ft(\024)33 b Fs(a)1197 1931 y Fn(2)1237 1916 y
+Fu(])-17 b(])111 b(=)100 b Ft(T)25 b(A)p Fu([)-17 b([)p
+Fs(a)1814 1931 y Fn(1)1854 1916 y Fu(])g(])33 b(+)g Ft(T)25
+b(A)p Fu([)-17 b([)p Fs(a)2286 1931 y Fn(2)2326 1916
+y Fu(])g(])33 b(+)g Fw(1)715 2084 y Ft(T)26 b(B)s Fu([)-17
+b([)q Ft(:)p Fs(b)6 b Fu(])-17 b(])330 b(=)100 b Ft(T)25
+b(B)t Fu([)-17 b([)p Fs(b)6 b Fu(])-17 b(])33 b(+)g Fw(1)715
+2252 y Ft(T)26 b(B)s Fu([)-17 b([)q Fs(b)952 2267 y Fn(1)1024
+2252 y Ft(^)33 b Fs(b)1174 2267 y Fn(2)1213 2252 y Fu(])-17
+b(])135 b(=)100 b Ft(T)25 b(B)t Fu([)-17 b([)p Fs(b)1797
+2267 y Fn(1)1837 2252 y Fu(])g(])33 b(+)f Ft(T)26 b(B)s
+Fu([)-17 b([)q Fs(b)2252 2267 y Fn(2)2291 2252 y Fu(])g(])33
+b(+)g Fw(1)p 3753 2313 V 283 2316 3473 4 v 987 2477 a
+Fu(T)-8 b(able)32 b(6.3:)43 b(Exact)34 b(execution)f(times)f(for)g
+(expressions)283 2743 y Fp(Exact)46 b(execution)g(times)g(for)f
+(statemen)l(ts)283 2928 y Fu(T)-8 b(urning)25 b(to)f(the)i(execution)f
+(time)e(for)i(statemen)m(ts)g(w)m(e)h(shall)e(extend)i(the)f(natural)f
+(seman)m(tics)283 3049 y(of)47 b(T)-8 b(able)46 b(2.1)h(to)f(sp)s
+(ecify)h(the)g(time)f(requiremen)m(ts.)87 b(This)47 b(is)f(done)h(b)m
+(y)h(extending)f(the)283 3169 y(transitions)32 b(to)g(ha)m(v)m(e)i(the)
+f(form)527 3345 y Ft(h)p Fs(S)12 b Fu(,)33 b Fs(s)8 b
+Ft(i)32 b(!)912 3309 y Fc(t)974 3345 y Fs(s)1022 3309
+y Fi(0)283 3521 y Fu(meaning)k(that)h(if)e Fs(S)49 b
+Fu(is)36 b(executed)j(from)d(state)h Fs(s)45 b Fu(then)37
+b(it)f(will)f(terminate)g(in)h(state)i Fs(s)3539 3485
+y Fi(0)3599 3521 y Fu(and)283 3642 y(exactly)d Fs(t)44
+b Fu(time)33 b(units)i(will)d(b)s(e)i(required)h(for)f(this.)48
+b(The)36 b(extension)f(of)f(T)-8 b(able)34 b(2.1)g(is)g(fairly)283
+3762 y(straigh)m(tforw)m(ard)f(and)f(is)g(giv)m(en)h(in)f(T)-8
+b(able)32 b(6.4.)283 4046 y Fp(The)45 b(inference)g(system)283
+4231 y Fu(The)34 b(inference)g(system)g(for)e(pro)m(ving)h(the)h(order)
+f(of)f(magnitude)g(of)h(the)g(execution)h(time)d(of)283
+4351 y(statemen)m(ts)j(will)c(ha)m(v)m(e)k(assertions)f(of)f(the)h
+(form)527 4527 y Ft(f)g Fs(P)43 b Ft(g)32 b Fs(S)44 b
+Ft(f)33 b Fs(e)39 b Ft(+)33 b Fs(Q)41 b Ft(g)283 4704
+y Fu(where)h Fs(P)51 b Fu(and)40 b Fs(Q)49 b Fu(are)41
+b(predicates)f(as)h(in)e(the)i(previous)g(inference)g(systems)g(and)g
+Fs(e)47 b Fu(is)40 b(an)283 4824 y(arithmetic)31 b(expression)j(\(that)
+e(is)g Fs(e)40 b Ft(2)33 b Fw(Aexp)p Fu(\).)44 b(The)33
+b(idea)f(is)g(that)552 4992 y Fs(if)54 b Fu(the)33 b(execution)g(of)f
+Fs(S)44 b Fu(is)32 b(started)h(in)f(a)h(state)g(satisfying)e
+Fs(P)552 5159 y(then)40 b Fu(it)32 b(terminates)f(in)h(a)h(state)g
+(satisfying)e Fs(Q)552 5327 y(and)42 b Fu(the)33 b(required)h
+(execution)f(time)e(is)h Ft(O)s Fu(\()p Fs(e)7 b Fu(\),)33
+b(that)f(is)g(has)h(order)g(of)f(magnitude)g Fs(e)7 b
+Fu(.)283 5494 y(So)33 b(for)f(example)p eop
+%%Page: 203 213
+203 212 bop 0 130 a Fw(6.5)112 b(Assertions)37 b(for)g(execution)g
+(time)1606 b(203)p 0 193 3473 4 v 0 419 V 0 2490 4 2071
+v 256 530 a Fu([ass)408 545 y Fn(tns)508 530 y Fu(])345
+b Ft(h)o Fs(x)45 b Fu(:=)32 b Fs(a)7 b Fu(,)33 b Fs(s)8
+b Ft(i)32 b(!)1479 494 y Fi(T)17 b(A)q Fn([)-12 b([)o
+Fc(a)p Fn(])g(]+1)1811 530 y Fs(s)8 b Fu([)p Fs(x)k Ft(7!)o(A)p
+Fu([)-17 b([)p Fs(a)7 b Fu(])-17 b(])q Fs(s)8 b Fu(])256
+745 y([skip)454 760 y Fn(tns)553 745 y Fu(])300 b Ft(h)o
+Fr(skip)p Fu(,)34 b Fs(s)8 b Ft(i)32 b(!)1402 709 y Fn(1)1474
+745 y Fs(s)256 1039 y Fu([comp)511 1054 y Fn(tns)610
+1039 y Fu(])890 952 y Ft(h)o Fs(S)995 967 y Fn(1)1035
+952 y Fu(,)p Fs(s)8 b Ft(i)32 b(!)1281 916 y Fc(t)1306
+925 y Fd(1)1377 952 y Fs(s)1425 916 y Fi(0)1449 952 y
+Fu(,)g Ft(h)p Fs(S)1614 967 y Fn(2)1653 952 y Fu(,)p
+Fs(s)1728 916 y Fi(0)1752 952 y Ft(i)g(!)1923 916 y Fc(t)1948
+925 y Fd(2)2019 952 y Fs(s)2067 916 y Fi(00)p 890 1016
+1221 4 v 1070 1120 a Ft(h)p Fs(S)1176 1135 y Fn(1)1215
+1120 y Fu(;)p Fs(S)1309 1135 y Fn(2)1349 1120 y Fu(,)g
+Fs(s)8 b Ft(i)32 b(!)1627 1084 y Fc(t)1652 1093 y Fd(1)1687
+1084 y Fn(+)p Fc(t)1767 1093 y Fd(2)1839 1120 y Fs(s)1887
+1084 y Fi(00)256 1403 y Fu([if)353 1367 y Fn(tt)341 1428
+y(tns)439 1403 y Fu(])1489 1317 y Ft(h)p Fs(S)1595 1332
+y Fn(1)1634 1317 y Fu(,)p Fs(s)8 b Ft(i)33 b(!)1880 1281
+y Fc(t)1942 1317 y Fs(s)1990 1281 y Fi(0)p 890 1380 1724
+4 v 890 1485 a Ft(h)o Fr(if)g Fs(b)39 b Fr(then)33 b
+Fs(S)1451 1500 y Fn(1)1523 1485 y Fr(else)h Fs(S)1828
+1500 y Fn(2)1867 1485 y Fu(,)f Fs(s)8 b Ft(i)32 b(!)2146
+1449 y Fi(T)17 b(B)r Fn([)-12 b([)o Fc(b)p Fn(])g(]+)p
+Fc(t)p Fn(+1)2542 1485 y Fs(s)2590 1449 y Fi(0)2688 1403
+y Fu(if)32 b Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(])p Fs(s)41 b Fu(=)32 b Fw(tt)256 1768 y Fu([if)353
+1731 y Fn(\013)341 1792 y(tns)439 1768 y Fu(])1489 1681
+y Ft(h)p Fs(S)1595 1696 y Fn(2)1634 1681 y Fu(,)p Fs(s)8
+b Ft(i)33 b(!)1880 1645 y Fc(t)1942 1681 y Fs(s)1990
+1645 y Fi(0)p 890 1744 V 890 1849 a Ft(h)o Fr(if)g Fs(b)39
+b Fr(then)33 b Fs(S)1451 1864 y Fn(1)1523 1849 y Fr(else)h
+Fs(S)1828 1864 y Fn(2)1867 1849 y Fu(,)f Fs(s)8 b Ft(i)32
+b(!)2146 1813 y Fi(T)17 b(B)r Fn([)-12 b([)o Fc(b)p Fn(])g(]+)p
+Fc(t)p Fn(+1)2542 1849 y Fs(s)2590 1813 y Fi(0)2688 1768
+y Fu(if)32 b Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17
+b(])p Fs(s)41 b Fu(=)32 b Fw(\013)256 2142 y Fu([while)518
+2106 y Fn(tt)506 2167 y(tns)604 2142 y Fu(])890 2056
+y Ft(h)o Fs(S)12 b Fu(,)p Fs(s)c Ft(i)33 b(!)1241 2020
+y Fc(t)1303 2056 y Fs(s)1351 2020 y Fi(0)1375 2056 y
+Fu(,)f Ft(h)p Fr(while)i Fs(b)k Fr(do)33 b Fs(S)12 b
+Fu(,)33 b Fs(s)2155 2020 y Fi(0)2178 2056 y Ft(i)f(!)2349
+2020 y Fc(t)2374 1996 y Fa(0)2434 2056 y Fs(s)2482 2020
+y Fi(00)p 890 2119 1635 4 v 966 2224 a Ft(h)p Fr(while)i
+Fs(b)k Fr(do)33 b Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32
+b(!)1858 2188 y Fi(T)17 b(B)r Fn([)-12 b([)o Fc(b)p Fn(])g(]+)p
+Fc(t)p Fn(+)p Fc(t)2207 2164 y Fa(0)2230 2188 y Fn(+2)2357
+2224 y Fs(s)2405 2188 y Fi(00)2599 2142 y Fu(if)32 b
+Ft(B)s Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])p Fs(s)41
+b Fu(=)32 b Fw(tt)256 2429 y Fu([while)518 2393 y Fn(\013)506
+2454 y(tns)604 2429 y Fu(])249 b Ft(h)o Fr(while)34 b
+Fs(b)39 b Fr(do)33 b Fs(S)12 b Fu(,)32 b Fs(s)8 b Ft(i)32
+b(!)1771 2393 y Fi(T)17 b(B)r Fn([)-12 b([)p Fc(b)p Fn(])g(])o(+3)2087
+2429 y Fs(s)41 b Fu(if)31 b Ft(B)t Fu([)-17 b([)p Fs(b)6
+b Fu(])-17 b(])q Fs(s)40 b Fu(=)33 b Fw(\013)p 3469 2490
+4 2071 v 0 2493 3473 4 v 294 2654 a Fu(T)-8 b(able)33
+b(6.4:)43 b(Natural)31 b(seman)m(tics)i(for)f Fw(While)f
+Fu(with)h(exact)i(execution)f(times)244 2911 y Ft(f)d
+Fr(x)g Fu(=)g Fr(3)h Ft(g)f Fr(y)g Fu(:=)g Fr(1)p Fu(;)i
+Fr(while)f Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g
+Fr(do)g Fu(\()p Fr(y)f Fu(:=)g Fr(y)p Fo(?)p Fr(x)p Fu(;)h
+Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)p Fu(\))h Ft(f)f
+Fr(1)g Ft(+)h Fr(true)g Ft(g)0 3102 y Fu(expresses)d(that)d(the)h
+(execution)f(of)g(the)g(factorial)e(statemen)m(t)j(from)e(a)g(state)i
+(where)g Fr(x)f Fu(has)h(the)0 3222 y(v)-5 b(alue)32
+b Fw(3)h Fu(has)g(order)f(of)g(magnitude)g Fr(1)p Fu(,)h(that)f(is)g
+(it)g(is)g(b)s(ounded)h(b)m(y)g(a)g(constan)m(t.)44 b(Similarly)-8
+b(,)244 3413 y Ft(f)30 b Fr(x)h Fo(>)f Fu(0)g Ft(g)g
+Fr(y)g Fu(:=)h Fr(1)p Fu(;)g Fr(while)h Ft(:)p Fu(\()p
+Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)f Fu(\()p Fr(y)h Fu(:=)f
+Fr(y)p Fo(?)p Fr(x)p Fu(;)i Fr(x)e Fu(:=)g Fr(x)p Ft(\000)p
+Fr(1)p Fu(\))i Ft(f)e Fr(x)g Ft(+)g Fr(true)i Ft(g)0
+3604 y Fu(expresses)27 b(that)c(the)h(execution)g(of)f(the)h(factorial)
+d(statemen)m(t)j(on)f(a)h(state)g(where)g Fr(x)g Fu(is)f(p)s(ositiv)m
+(e)0 3724 y(has)33 b(order)g(of)f(magnitude)f Fr(x)p
+Fu(.)146 3844 y(F)-8 b(ormally)g(,)30 b Fs(validity)41
+b Fu(of)32 b(the)h(form)m(ula)e Ft(f)h Fs(P)43 b Ft(g)32
+b Fs(S)45 b Ft(f)32 b Fs(e)40 b Ft(+)32 b Fs(Q)42 b Ft(g)32
+b Fu(is)g(de\014ned)i(b)m(y)244 4035 y Ft(j)-17 b Fu(=)331
+4050 y Fn(e)399 4035 y Ft(f)32 b Fs(P)43 b Ft(g)32 b
+Fs(S)45 b Ft(f)32 b Fs(e)40 b Ft(+)32 b Fs(Q)42 b Ft(g)0
+4226 y Fu(if)31 b(and)i(only)f(if)244 4417 y(there)h(exists)h(a)e
+(natural)f(n)m(um)m(b)s(er)i Fw(k)g Fu(suc)m(h)h(that)e(for)g(all)f
+(states)i Fs(s)8 b Fu(,)244 4584 y(if)31 b Fs(P)43 b(s)e
+Fu(=)32 b Fw(tt)g Fu(then)h(there)g(exists)h(a)e(state)h
+Fs(s)1860 4548 y Fi(0)1916 4584 y Fu(and)g(a)f(n)m(um)m(b)s(er)h
+Fs(t)42 b Fu(suc)m(h)34 b(that)244 4752 y Fs(Q)42 b(s)409
+4716 y Fi(0)464 4752 y Fu(=)33 b Fw(tt)p Fu(,)f Ft(h)o
+Fs(S)12 b Fu(,)33 b Fs(s)8 b Ft(i)32 b(!)1104 4716 y
+Fc(t)1166 4752 y Fs(s)1214 4716 y Fi(0)1237 4752 y Fu(,)h(and)g
+Fs(t)42 b Ft(\024)33 b Fw(k)g Fo(?)f Fu(\()p Ft(A)o Fu([)-17
+b([)q Fs(e)7 b Fu(])-17 b(])q Fs(s)8 b Fu(\))0 4943 y(Note)39
+b(that)g(the)h(expression)h Fs(e)46 b Fu(is)39 b(ev)-5
+b(aluated)39 b(in)f(the)i(initial)35 b(state)40 b(rather)f(than)h(the)f
+(\014nal)0 5063 y(state.)146 5183 y(The)26 b(axioms)d(and)i(rules)f(of)
+g(the)h(inference)g(system)h(are)e(giv)m(en)h(in)e(T)-8
+b(able)25 b(6.5.)40 b(Pro)m(v)-5 b(abilit)m(y)0 5304
+y(of)32 b(the)h(assertion)g Ft(f)f Fs(P)43 b Ft(g)32
+b Fs(S)45 b Ft(f)32 b Fs(e)40 b Ft(+)32 b Fs(Q)42 b Ft(g)32
+b Fu(in)g(the)h(inference)g(system)h(is)e(written)244
+5494 y Ft(`)305 5509 y Fn(e)373 5494 y Ft(f)g Fs(P)43
+b Ft(g)32 b Fs(S)45 b Ft(f)32 b Fs(e)40 b Ft(+)32 b Fs(Q)42
+b Ft(g)p eop
+%%Page: 204 214
+204 213 bop 251 130 a Fw(204)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
+419 V 283 3119 4 2700 v 350 528 a Fu([ass)502 543 y Fn(e)538
+528 y Fu(])201 b Ft(f)33 b Fs(P)10 b Fu([)p Fs(x)i Ft(7!A)o
+Fu([)-17 b([)q Fs(a)7 b Fu(])-17 b(])q(])32 b Ft(g)h
+Fs(x)44 b Fu(:=)32 b Fs(a)40 b Ft(f)33 b Fr(1)f Ft(+)h
+Fs(P)43 b Ft(g)350 696 y Fu([skip)548 711 y Fn(e)583
+696 y Fu(])156 b Ft(f)33 b Fs(P)43 b Ft(g)32 b Fr(skip)i
+Ft(f)e Fr(1)h Ft(+)f Fs(P)43 b Ft(g)350 988 y Fu([comp)605
+1003 y Fn(e)640 988 y Fu(])776 901 y Ft(f)33 b Fs(P)43
+b Ft(^)33 b(B)s Fu([)-17 b([)q Fs(e)1225 865 y Fi(0)1225
+926 y Fn(2)1264 901 y Fu(=)p Fr(u)p Fu(])g(])34 b Ft(g)e
+Fs(S)1611 916 y Fn(1)1683 901 y Ft(f)g Fs(e)1817 916
+y Fn(1)1889 901 y Ft(+)h Fs(Q)41 b Ft(^)33 b(B)t Fu([)-17
+b([)p Fs(e)2356 916 y Fn(2)2396 901 y Ft(\024)q Fr(u)p
+Fu(])g(])33 b Ft(g)p Fu(,)65 b Ft(f)32 b Fs(Q)42 b Ft(g)32
+b Fs(S)3085 916 y Fn(2)3157 901 y Ft(f)g Fs(e)3291 916
+y Fn(2)3364 901 y Ft(+)g Fs(R)37 b Ft(g)p 776 964 2871
+4 v 1610 1069 a(f)32 b Fs(P)43 b Ft(g)33 b Fs(S)1951
+1084 y Fn(1)1990 1069 y Fu(;)f Fs(S)2116 1084 y Fn(2)2188
+1069 y Ft(f)h Fs(e)2323 1084 y Fn(1)2362 1069 y Fu(+)p
+Fs(e)2490 1033 y Fi(0)2490 1094 y Fn(2)2562 1069 y Ft(+)g
+Fs(R)j Ft(g)766 1202 y Fu(where)e Fr(u)f Fu(is)f(an)h(un)m(used)h
+(logical)c(v)-5 b(ariable)350 1494 y([if)435 1509 y Fn(e)469
+1494 y Fu(])776 1408 y Ft(f)33 b(B)s Fu([)-17 b([)q Fs(b)6
+b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)1443
+1423 y Fn(1)1515 1408 y Ft(f)g Fs(e)40 b Ft(+)32 b Fs(Q)42
+b Ft(g)p Fu(,)97 b Ft(f)33 b(:B)t Fu([)-17 b([)p Fs(b)6
+b Fu(])-17 b(])33 b Ft(^)g Fs(P)43 b Ft(g)32 b Fs(S)2799
+1423 y Fn(2)2871 1408 y Ft(f)h Fs(e)39 b Ft(+)33 b Fs(Q)41
+b Ft(g)p 776 1471 2522 4 v 1201 1576 a(f)33 b Fs(P)43
+b Ft(g)32 b Fr(if)h Fs(b)38 b Fr(then)c Fs(S)1998 1591
+y Fn(1)2070 1576 y Fr(else)f Fs(S)2374 1591 y Fn(2)2446
+1576 y Ft(f)g Fs(e)39 b Ft(+)33 b Fs(Q)41 b Ft(g)350
+1833 y Fu([while)600 1848 y Fn(e)634 1833 y Fu(])776
+1747 y Ft(f)33 b Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p
+Fu(\))32 b Ft(^)h(B)t Fu([)-17 b([)p Fs(e)1482 1711 y
+Fi(0)1534 1747 y Fu(=)p Fr(u)p Fu(])g(])33 b Ft(g)f Fs(S)44
+b Ft(f)33 b Fs(e)2047 1762 y Fn(1)2119 1747 y Ft(+)f
+Fs(P)10 b Fu(\()p Fr(z)p Fu(\))33 b Ft(^)g(B)t Fu([)-17
+b([)p Fs(e)7 b Ft(\024)q Fr(u)p Fu(])-17 b(])34 b Ft(g)p
+776 1810 2178 4 v 1021 1915 a(f)e(9)p Fw(z)p Fu(.)p Fs(P)10
+b Fu(\()p Fw(z)p Fu(\))33 b Ft(g)f Fr(while)i Fs(b)39
+b Fr(do)33 b Fs(S)44 b Ft(f)32 b Fs(e)40 b Ft(+)32 b
+Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33 b Ft(g)766 2048 y Fu(where)h
+Fs(P)10 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))33 b Ft(\))f(B)s
+Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g(B)s
+Fu([)-17 b([)q Fs(e)7 b Ft(\025)q Fs(e)2161 2063 y Fn(1)2200
+2048 y Fu(+)p Fs(e)2328 2012 y Fi(0)2352 2048 y Fu(])-17
+b(])q(,)32 b Fs(P)10 b Fu(\()p Fw(0)p Fu(\))33 b Ft(\))f(:)q(B)s
+Fu([)-17 b([)q Fs(b)6 b Fu(])-17 b(])33 b Ft(^)g(B)s
+Fu([)-17 b([)q Fr(1)p Ft(\024)p Fs(e)7 b Fu(])-17 b(])766
+2216 y(and)33 b Fr(u)g Fu(is)f(an)h(un)m(used)h(logical)29
+b(v)-5 b(ariable)766 2383 y(and)33 b Fw(z)f Fu(ranges)i(o)m(v)m(er)f
+(natural)f(n)m(um)m(b)s(ers)h(\(that)f(is)g Fw(z)p Ft(\025)q
+Fw(0)p Fu(\))350 2675 y([cons)561 2690 y Fn(e)597 2675
+y Fu(])809 2589 y Ft(f)g Fs(P)967 2552 y Fi(0)1023 2589
+y Ft(g)h Fs(S)44 b Ft(f)32 b Fs(e)1339 2552 y Fi(0)1396
+2589 y Ft(+)g Fs(Q)1573 2552 y Fi(0)1629 2589 y Ft(g)p
+776 2652 903 4 v 811 2757 a(f)h Fs(P)43 b Ft(g)32 b Fs(S)44
+b Ft(f)33 b Fs(e)39 b Ft(+)33 b Fs(Q)41 b Ft(g)766 2890
+y Fu(where)34 b(\(for)e(some)h(natural)e(n)m(um)m(b)s(er)i
+Fr(k)p Fu(\))g Fs(P)43 b Ft(\))32 b Fs(P)2615 2854 y
+Fi(0)2671 2890 y Ft(^)h(B)s Fu([)-17 b([)q Fs(e)2928
+2854 y Fi(0)2952 2890 y Ft(\024)p Fr(k)p Fo(?)p Fs(e)7
+b Fu(])-17 b(])766 3058 y(and)33 b Fs(Q)1040 3021 y Fi(0)1096
+3058 y Ft(\))f Fs(Q)p 3753 3119 4 2700 v 283 3122 3473
+4 v 523 3282 a Fu(T)-8 b(able)33 b(6.5:)43 b(Axiomatic)30
+b(system)k(for)e(order)h(of)f(magnitude)f(of)h(execution)h(time)283
+3568 y(The)41 b(assignmen)m(t)f(statemen)m(t)g(and)f(the)i
+Fr(skip)f Fu(statemen)m(t)g(can)g(b)s(e)g(executed)i(in)d(constan)m(t)
+283 3688 y(time)32 b(and)g(therefore)i(w)m(e)f(use)h(the)f(arithmetic)d
+(expression)k Fr(1)p Fu(.)430 3809 y(The)g(rule)f([comp)1082
+3824 y Fn(e)1117 3809 y Fu(])h(assumes)g(that)g(w)m(e)g(ha)m(v)m(e)h
+(pro)s(ofs)e(sho)m(wing)h(that)f Fs(e)3068 3824 y Fn(1)3141
+3809 y Fu(and)h Fs(e)3384 3824 y Fn(2)3457 3809 y Fu(are)f(the)283
+3929 y(order)38 b(of)f(magnitudes)f(of)h(the)h(execution)g(times)e(for)
+h(the)h(t)m(w)m(o)g(statemen)m(ts.)58 b(Ho)m(w)m(ev)m(er,)41
+b Fs(e)3716 3944 y Fn(1)283 4050 y Fu(expresses)46 b(the)e(time)d
+(requiremen)m(ts)j(of)e Fs(S)1905 4065 y Fn(1)1987 4050
+y Fu(relativ)m(e)h(to)f(the)h(initial)c(state)44 b(of)e
+Fs(S)3382 4065 y Fn(1)3464 4050 y Fu(and)h Fs(e)3716
+4065 y Fn(2)283 4170 y Fu(expresses)31 b(the)d(time)e(requiremen)m(ts)i
+(relativ)m(e)f(to)g(the)h(initial)c(state)k(of)f Fs(S)2958
+4185 y Fn(2)2997 4170 y Fu(.)42 b(This)28 b(means)f(that)283
+4290 y(w)m(e)42 b(cannot)f(simply)e(use)j Fs(e)1312 4305
+y Fn(1)1392 4290 y Fu(+)e Fs(e)1560 4305 y Fn(2)1641
+4290 y Fu(as)g(the)h(time)f(requiremen)m(t)h(for)f Fs(S)2949
+4305 y Fn(1)2988 4290 y Fu(;)k Fs(S)3126 4305 y Fn(2)3166
+4290 y Fu(.)67 b(W)-8 b(e)41 b(ha)m(v)m(e)h(to)283 4411
+y(replace)37 b Fs(e)670 4426 y Fn(2)745 4411 y Fu(with)f(an)g
+(expression)i Fs(e)1636 4375 y Fi(0)1636 4435 y Fn(2)1712
+4411 y Fu(suc)m(h)f(that)f Fs(e)2202 4375 y Fi(0)2202
+4435 y Fn(2)2278 4411 y Fu(ev)-5 b(aluated)36 b(in)f(the)i(initial)32
+b(state)37 b(of)f Fs(S)3717 4426 y Fn(1)283 4531 y Fu(will)28
+b(b)s(ound)j(the)g(v)-5 b(alue)29 b(of)h Fs(e)1340 4546
+y Fn(2)1410 4531 y Fu(in)f(the)i(initial)c(state)j(of)g
+Fs(S)2379 4546 y Fn(2)2449 4531 y Fu(\(whic)m(h)g(is)g(the)h(\014nal)e
+(state)i(of)f Fs(S)3652 4546 y Fn(1)3691 4531 y Fu(\).)283
+4651 y(This)j(is)e(expressed)k(b)m(y)d(the)h(extended)h(precondition)d
+(and)h(p)s(ostcondition)e(of)i Fs(S)3295 4666 y Fn(1)3366
+4651 y Fu(using)f(the)283 4772 y(logical)f(v)-5 b(ariable)31
+b Fr(u)p Fu(.)430 4892 y(The)43 b(rule)f([if)930 4907
+y Fn(e)965 4892 y Fu(])g(is)g(fairly)f(straigh)m(tforw)m(ard)h(since)h
+(the)f(time)g(required)g(for)g(the)h(test)g(is)283 5013
+y(constan)m(t.)430 5133 y(In)29 b(the)g(rule)g(for)f(the)i
+Fr(while)p Fu(-construct)h(w)m(e)f(assume)f(that)g(the)g(execution)h
+(time)d(is)i Fs(e)3571 5148 y Fn(1)3639 5133 y Fu(for)283
+5254 y(the)40 b(b)s(o)s(dy)e(and)h(is)f Fs(e)46 b Fu(for)39
+b(the)g(lo)s(op)e(itself.)61 b(As)39 b(in)f(the)h(rule)f([comp)2844
+5269 y Fn(e)2879 5254 y Fu(])h(w)m(e)h(cannot)f(just)g(use)283
+5374 y Fs(e)335 5389 y Fn(1)413 5374 y Fu(+)e Fs(e)45
+b Fu(as)38 b(the)g(total)e(time)g(required)i(b)s(ecause)h
+Fs(e)2184 5389 y Fn(1)2261 5374 y Fu(refers)g(to)e(the)h(state)g(b)s
+(efore)g(the)g(b)s(o)s(dy)283 5494 y(of)i(the)g(lo)s(op)f(is)h
+(executed)i(and)e Fs(e)47 b Fu(to)40 b(the)g(state)h(after)f(the)g(b)s
+(o)s(dy)g(is)g(executed)i(once.)66 b(W)-8 b(e)p eop
+%%Page: 205 215
+205 214 bop 0 130 a Fw(6.5)112 b(Assertions)37 b(for)g(execution)g
+(time)1606 b(205)p 0 193 3473 4 v 0 515 a Fu(shall)31
+b(therefore)i(require)g(that)f(there)i(is)e(an)g(expression)i
+Fs(e)2181 479 y Fi(0)2237 515 y Fu(suc)m(h)g(that)e Fs(e)2720
+479 y Fi(0)2776 515 y Fu(ev)-5 b(aluated)32 b(b)s(efore)0
+636 y(the)i(b)s(o)s(dy)g(will)d(b)s(ound)j Fs(e)41 b
+Fu(ev)-5 b(aluated)33 b(after)h(the)g(b)s(o)s(dy)-8 b(.)46
+b(Then)35 b(it)e(m)m(ust)h(b)s(e)f(the)i(case)f(that)g
+Fs(e)0 756 y Fu(satis\014es)29 b Fs(e)35 b Ft(\025)28
+b Fs(e)592 771 y Fn(1)659 756 y Fu(+)g Fs(e)815 720 y
+Fi(0)866 756 y Fu(b)s(ecause)i Fs(e)35 b Fu(has)28 b(to)f(b)s(ound)h
+(the)h(time)d(for)h(executing)i(the)f Fr(while)p Fu(-lo)s(op)0
+877 y(indep)s(enden)m(tly)36 b(of)f(the)h(n)m(um)m(b)s(er)f(of)g(times)
+f(it)h(is)g(unfolded.)51 b(As)36 b(w)m(e)g(shall)e(see)i(in)f(Example)0
+997 y(6.36,)45 b(this)e(corresp)s(onds)h(to)f(the)h Fs(r)-5
+b(e)g(curr)g(enc)g(e)44 b(e)-5 b(quations)50 b Fu(that)43
+b(often)g(ha)m(v)m(e)i(to)d(b)s(e)i(solv)m(ed)0 1117
+y(when)29 b(analysing)e(the)i(execution)g(time)e(of)g(programs.)42
+b(Finally)-8 b(,)26 b(the)j(rule)e([cons)2975 1132 y
+Fn(e)3012 1117 y Fu(])h(should)g(b)s(e)0 1238 y(straigh)m(tforw)m(ard.)
+0 1483 y Fw(Example)37 b(6.35)49 b Fu(W)-8 b(e)29 b(shall)f(no)m(w)h
+(pro)m(v)m(e)i(that)e(the)g(execution)h(time)e(of)g(the)i(factorial)c
+(state-)0 1604 y(men)m(t)32 b(has)g(order)h(of)e(magnitude)g
+Fr(x)p Fu(.)43 b(This)32 b(can)h(b)s(e)f(expressed)j(b)m(y)e(the)f
+(follo)m(wing)d(assertion:)244 1818 y Ft(f)h Fr(x)g Fo(>)g
+Fr(0)h Ft(g)f Fr(y)g Fu(:=)g Fr(1)p Fu(;)i Fr(while)f
+Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))g Fr(do)g Fu(\()p
+Fr(y)f Fu(:=)g Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
+Fr(x)p Ft(\000)p Fr(1)p Fu(\))h Ft(f)f Fr(x)g Ft(+)h
+Fr(true)g Ft(g)0 2032 y Fu(The)g(inference)g(of)f(this)g(assertion)g
+(pro)s(ceeds)h(in)f(a)g(n)m(um)m(b)s(er)h(of)e(stages.)44
+b(First)29 b(w)m(e)i(de\014ne)h(the)0 2153 y(predicate)h
+Fs(INV)18 b Fu(\()p Fw(z)p Fu(\))33 b(that)f(is)g(to)g(b)s(e)h(the)g
+(in)m(v)-5 b(arian)m(t)31 b(of)h(the)h Fr(while)p Fu(-lo)s(op)244
+2367 y Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Fs(s)40
+b Fu(=)33 b(\()p Fs(s)40 b Fr(x)33 b Fo(>)f Fw(0)h Fu(and)g
+Fs(s)40 b Fr(x)33 b Fu(=)f Fw(z)h Fu(+)f Fw(1)p Fu(\))0
+2581 y(The)38 b(logical)d(v)-5 b(ariables)36 b Fr(u)974
+2596 y Fn(1)1051 2581 y Fu(and)h Fr(u)1296 2596 y Fn(2)1373
+2581 y Fu(are)h(used)g(for)f(the)h Fr(while)p Fu(-lo)s(op)e(and)i(the)g
+(b)s(o)s(dy)f(of)g(the)0 2702 y Fr(while)p Fu(-lo)s(op,)30
+b(resp)s(ectiv)m(ely)-8 b(.)43 b(W)-8 b(e)30 b(shall)e(\014rst)i
+(consider)g(the)g(b)s(o)s(dy)g(of)f(the)h(lo)s(op.)41
+b(Using)29 b([ass)3409 2717 y Fn(e)3445 2702 y Fu(])0
+2822 y(w)m(e)34 b(get)244 3036 y Ft(`)305 3051 y Fn(e)373
+3036 y Ft(f)e Fu(\()p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32
+b Ft(^)h Fr(x)p Ft(\024)q Fr(u)1131 3051 y Fn(1)1170
+3036 y Fu(\)[)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p
+Fu(])h Ft(g)e Fr(x)h Fu(:=)f Fr(x)h Ft(\000)g Fr(1)g
+Ft(f)f Fr(1)h Ft(+)g Fs(INV)18 b Fu(\()p Fw(z)p Fu(\))32
+b Ft(^)h Fr(x)p Ft(\024)q Fr(u)3102 3051 y Fn(1)3174
+3036 y Ft(g)0 3250 y Fu(Similarly)-8 b(,)29 b(w)m(e)k(get)244
+3465 y Ft(`)305 3480 y Fn(e)373 3465 y Ft(f)f Fu(\(\()p
+Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\024)q
+Fr(u)1169 3480 y Fn(1)1208 3465 y Fu(\)[)p Fr(x)p Ft(7!)p
+Fr(x)p Ft(\000)p Fr(1)p Fu(])h Ft(^)f Fr(1)p Ft(\024)p
+Fr(u)1942 3480 y Fn(2)1982 3465 y Fu(\)[)p Fr(y)p Ft(7!)p
+Fr(y)p Fo(?)p Fr(x)p Fu(])g Ft(g)373 3632 y Fr(y)g Fu(:=)f
+Fr(y)h Fo(?)f Fr(x)373 3800 y Ft(f)g Fr(1)h Ft(+)f Fu(\()p
+Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\024)q
+Fr(u)1308 3815 y Fn(1)1347 3800 y Fu(\)[)p Fr(x)p Ft(7!)p
+Fr(x)p Ft(\000)p Fr(1)p Fu(])h Ft(^)f Fr(1)p Ft(\024)q
+Fr(u)2082 3815 y Fn(2)2154 3800 y Ft(g)0 4014 y Fu(Before)f(applying)e
+(the)i(rule)f([comp)1317 4029 y Fn(e)1352 4014 y Fu(])h(w)m(e)g(ha)m(v)
+m(e)h(to)e(mo)s(dify)f(the)i(precondition)f(of)g(the)h(ab)s(o)m(v)m(e)0
+4135 y(assertion.)43 b(W)-8 b(e)33 b(ha)m(v)m(e)244 4349
+y Fs(INV)19 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b
+Ft(^)h Fr(x)p Ft(\000)p Fr(1)p Fu(=)p Fr(u)1140 4364
+y Fn(1)1213 4349 y Ft(^)g Fr(1)p Fu(=)p Fr(u)1490 4364
+y Fn(2)244 4516 y Ft(\))f Fu(\(\()p Fs(INV)19 b Fu(\()p
+Fw(z)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\024)p Fr(u)1089 4531
+y Fn(1)1129 4516 y Fu(\)[)p Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p
+Fr(1)p Fu(])h Ft(^)f Fr(1)p Ft(\024)p Fr(u)1863 4531
+y Fn(2)1903 4516 y Fu(\)[)p Fr(y)p Ft(7!)p Fr(y)p Fo(?)p
+Fr(x)p Fu(])0 4731 y(so)g(using)f([cons)586 4746 y Fn(e)622
+4731 y Fu(])h(w)m(e)h(get)244 4945 y Ft(`)305 4960 y
+Fn(e)373 4945 y Ft(f)e Fs(INV)19 b Fu(\()p Fw(z)p Fu(+)p
+Fw(1)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\000)p Fr(1)p Fu(=)p
+Fr(u)1351 4960 y Fn(1)1424 4945 y Ft(^)g Fr(1)p Fu(=)p
+Fr(u)1701 4960 y Fn(2)1773 4945 y Ft(g)373 5113 y Fr(y)g
+Fu(:=)f Fr(y)h Fo(?)f Fr(x)373 5280 y Ft(f)g Fr(1)h Ft(+)f
+Fu(\()p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h
+Fr(x)p Ft(\024)q Fr(u)1308 5295 y Fn(1)1347 5280 y Fu(\)[)p
+Fr(x)p Ft(7!)p Fr(x)p Ft(\000)p Fr(1)p Fu(])h Ft(^)f
+Fr(1)p Ft(\024)q Fr(u)2082 5295 y Fn(2)2154 5280 y Ft(g)0
+5494 y Fu(W)-8 b(e)33 b(can)g(no)m(w)g(apply)f([comp)1073
+5509 y Fn(e)1109 5494 y Fu(])g(and)h(get)p eop
+%%Page: 206 216
+206 215 bop 251 130 a Fw(206)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 527
+515 a Ft(`)588 530 y Fn(e)656 515 y Ft(f)33 b Fs(INV)18
+b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Ft(^)h Fr(x)p
+Ft(\000)p Fr(1)p Fu(=)p Fr(u)1634 530 y Fn(1)1707 515
+y Ft(g)656 683 y Fr(y)g Fu(:=)g Fr(y)f Fo(?)h Fr(x)p
+Fu(;)f Fr(x)h Fu(:=)g Fr(x)p Ft(\000)p Fr(1)656 851 y
+Ft(f)g Fr(1)p Fu(+)p Fr(1)g Ft(+)f Fs(INV)19 b Fu(\()p
+Fw(z)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\024)p Fr(u)1680 866
+y Fn(1)1753 851 y Ft(g)283 1036 y Fu(and)g(using)f([cons)939
+1051 y Fn(e)976 1036 y Fu(])g(w)m(e)i(get)527 1221 y
+Ft(`)588 1236 y Fn(e)656 1221 y Ft(f)f Fs(INV)18 b Fu(\()p
+Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b Ft(^)h Fr(x)p Ft(\000)p
+Fr(1)p Fu(=)p Fr(u)1634 1236 y Fn(1)1707 1221 y Ft(g)656
+1389 y Fr(y)g Fu(:=)g Fr(y)f Fo(?)h Fr(x)p Fu(;)f Fr(x)h
+Fu(:=)g Fr(x)p Ft(\000)p Fr(1)656 1556 y Ft(f)g Fr(1)f
+Ft(+)h Fs(INV)18 b Fu(\()p Fw(z)p Fu(\))33 b Ft(^)g Fr(x)p
+Ft(\024)p Fr(u)1553 1571 y Fn(1)1626 1556 y Ft(g)283
+1742 y Fu(It)g(is)f(easy)i(to)e(v)m(erify)h(that)527
+1927 y Fs(INV)19 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32
+b Ft(\))g(:)q Fu(\()p Fr(x)g Fu(=)h Fr(1)p Fu(\))f Ft(^)h
+Fr(x)p Ft(\025)q Fr(1)p Fu(+\()p Fr(x)p Ft(\000)p Fr(1)p
+Fu(\),)h(and)527 2095 y Fs(INV)19 b Fu(\()p Fw(0)p Fu(\))32
+b Ft(\))h(:)p Fu(\()p Ft(:)p Fu(\()p Fr(x)g Fu(=)f Fr(1)p
+Fu(\)\))h Ft(^)g Fr(1)p Ft(\024)q Fr(x)283 2280 y Fu(Therefore)h(w)m(e)
+g(can)f(use)g(the)g(rule)f([while)1829 2295 y Fn(e)1864
+2280 y Fu(])h(and)f(get)582 2448 y Ft(`)643 2463 y Fn(e)711
+2448 y Ft(f)g(9)p Fw(z)p Fu(.)p Fs(INV)19 b Fu(\()p Fw(z)p
+Fu(\))32 b Ft(g)h Fr(while)g Ft(:)q Fu(\()p Fr(x)p Fu(=)p
+Fr(1)p Fu(\))g Fr(do)g Fu(\()p Fr(y)f Fu(:=)h Fr(y)p
+Fo(?)p Fr(x)p Fu(;)g Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p
+Fr(1)p Fu(\))i Ft(f)e Fr(x)h Ft(+)f Fs(INV)19 b Fu(\()p
+Fw(0)p Fu(\))32 b Ft(g)283 2615 y Fu(W)-8 b(e)33 b(shall)f(no)m(w)h
+(apply)f(the)h(axiom)e([ass)1761 2630 y Fn(e)1797 2615
+y Fu(])i(to)f(the)h(statemen)m(t)g Fr(y)g Fu(:=)g Fr(1)f
+Fu(and)h(get)527 2801 y Ft(`)588 2816 y Fn(e)656 2801
+y Ft(f)g Fu(\()p Ft(9)p Fw(z)p Fu(.)p Fs(INV)18 b Fu(\()p
+Fw(z)p Fu(\))33 b Ft(^)g Fr(1)p Ft(\024)p Fr(u)1546 2816
+y Fn(3)1586 2801 y Fu(\)[)p Fr(y)p Ft(7!)p Fr(1)p Fu(])g
+Ft(g)f Fr(y)h Fu(:=)f Fr(1)h Ft(f)g Fr(1)f Ft(+)h(9)p
+Fw(z)p Fu(.)p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h
+Fr(1)p Ft(\024)p Fr(u)3327 2816 y Fn(3)3400 2801 y Ft(g)283
+2986 y Fu(W)-8 b(e)33 b(ha)m(v)m(e)527 3171 y Fr(x)p
+Fo(>)p Fr(0)g Ft(^)g Fr(1)p Fu(=)p Fr(u)1015 3186 y Fn(3)1088
+3171 y Ft(\))f Fu(\()p Ft(9)p Fw(z)p Fu(.)p Fs(INV)19
+b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h Fr(1)p Ft(\024)p Fr(u)2027
+3186 y Fn(3)2067 3171 y Fu(\)[)p Fr(y)p Ft(7!)p Fr(1)p
+Fu(])283 3356 y(so)g(using)f([cons)869 3371 y Fn(e)906
+3356 y Fu(])h(w)m(e)g(get)527 3542 y Ft(`)588 3557 y
+Fn(e)656 3542 y Ft(f)g Fr(x)p Fo(>)p Fr(0)g Ft(^)f Fr(1)p
+Fu(=)p Fr(u)1226 3557 y Fn(3)1299 3542 y Ft(g)g Fr(y)h
+Fu(:=)f Fr(1)h Ft(f)g Fr(1)f Ft(+)h(9)p Fw(z)p Fu(.)p
+Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(^)h Fr(1)p Ft(\024)p
+Fr(u)2713 3557 y Fn(3)2786 3542 y Ft(g)283 3727 y Fu(The)h(rule)e
+([comp)934 3742 y Fn(e)969 3727 y Fu(])h(no)m(w)g(giv)m(es)527
+3912 y Ft(`)588 3927 y Fn(e)656 3912 y Ft(f)g Fr(x)p
+Fo(>)p Fr(0)g Ft(g)656 4080 y Fr(y)g Fu(:=)g Fr(1)p Fu(;)f
+Fr(while)i Ft(:)q Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))e
+Fr(do)i Fu(\()p Fr(y)e Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g
+Fr(x)f Fu(:=)h Fr(x)p Ft(\000)p Fr(1)p Fu(\))656 4248
+y Ft(f)g Fr(1)p Fu(+)p Fr(x)g Ft(+)f Fs(INV)19 b Fu(\()p
+Fw(0)p Fu(\))32 b Ft(g)283 4433 y Fu(Clearly)g(w)m(e)i(ha)m(v)m(e)527
+4618 y Fr(x)p Fo(>)p Fu(0)f Ft(\))f Fr(1)p Fu(+)p Fr(x)h
+Ft(\024)g Fw(2)p Fo(?)p Fr(x)p Fu(,)g(and)527 4786 y
+Fs(INV)19 b Fu(\()p Fw(0)p Fu(\))32 b Ft(\))h Fr(true)283
+4971 y Fu(so)g(applying)f(rule)g([cons)1208 4986 y Fn(e)1244
+4971 y Fu(])h(w)m(e)g(get)527 5156 y Ft(`)588 5171 y
+Fn(e)656 5156 y Ft(f)g Fr(x)f Fo(>)h Fu(0)f Ft(g)656
+5324 y Fr(y)h Fu(:=)g Fr(1)p Fu(;)f Fr(while)i Ft(:)q
+Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))e Fr(do)i Fu(\()p
+Fr(y)e Fu(:=)h Fr(y)p Fo(?)p Fr(x)p Fu(;)g Fr(x)f Fu(:=)h
+Fr(x)p Ft(\000)p Fr(1)p Fu(\))656 5492 y Ft(f)g Fr(x)f
+Ft(+)h Fr(true)g Ft(g)p eop
+%%Page: 207 217
+207 216 bop 0 130 a Fw(6.5)112 b(Assertions)37 b(for)g(execution)g
+(time)1606 b(207)p 0 193 3473 4 v 0 515 a Fu(as)33 b(required.)2902
+b Fh(2)0 760 y Fw(Example)37 b(6.36)49 b Fu(Assume)31
+b(no)m(w)h(that)f(w)m(e)h(w)m(an)m(t)f(to)g(determine)f(an)h
+(arithmetic)e(expression)0 881 y Fs(e)52 896 y Fn(fac)177
+881 y Fu(suc)m(h)34 b(that)244 1096 y Ft(`)305 1111 y
+Fn(e)373 1096 y Ft(f)e Fr(x)h Fo(>)f Fu(0)h Ft(g)373
+1263 y Fr(y)g Fu(:=)f Fr(1)p Fu(;)h Fr(while)h Ft(:)p
+Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f Fr(do)g Fu(\()p
+Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h Fr(x)g Fu(:=)f
+Fr(x)p Ft(\000)p Fr(1)p Fu(\))373 1431 y Ft(f)g Fs(e)507
+1446 y Fn(fac)632 1431 y Ft(+)h Fr(true)g Ft(g)0 1646
+y Fu(In)f(other)h(w)m(ords)g(w)m(e)g(w)m(an)m(t)g(to)e(determine)h(the)
+h(order)f(of)f(magnitude)g(of)h(the)g(time)f(required)0
+1767 y(to)44 b(execute)j(the)e(factorial)d(statemen)m(t.)81
+b(W)-8 b(e)45 b(can)g(then)g(attempt)f(constructing)h(a)f(pro)s(of)0
+1887 y(of)36 b(the)g(ab)s(o)m(v)m(e)i(assertion)e(using)g(the)g
+(inference)h(system)h(of)d(T)-8 b(able)36 b(6.5)g(with)g
+Fs(e)2974 1902 y Fn(fac)3103 1887 y Fu(b)s(eing)f(an)0
+2007 y(unsp)s(eci\014ed)45 b(arithmetic)c(expression.)77
+b(The)45 b(v)-5 b(arious)42 b(side)i(conditions)e(of)h(the)h(rules)g
+(will)0 2128 y(then)32 b(sp)s(ecify)g(a)g(set)g(of)f(\(in\)equations)g
+(that)h(ha)m(v)m(e)h(to)e(b)s(e)h(ful\014lled)d(b)m(y)k
+Fs(e)2698 2143 y Fn(fac)2822 2128 y Fu(in)e(order)h(for)f(the)0
+2248 y(pro)s(of)h(to)g(exist.)146 2371 y(W)-8 b(e)43
+b(shall)e(\014rst)i(consider)f(the)h(b)s(o)s(dy)f(of)g(the)h(lo)s(op.)
+71 b(V)-8 b(ery)43 b(m)m(uc)m(h)g(as)g(in)e(the)i(previous)0
+2491 y(example)32 b(w)m(e)i(get)244 2707 y Ft(`)305 2722
+y Fn(e)373 2707 y Ft(f)e Fs(INV)19 b Fu(\()p Fw(z)p Fu(+)p
+Fw(1)p Fu(\))32 b Ft(^)h Fs(e)7 b Fu([)p Fr(x)p Ft(7!)p
+Fr(x)p Ft(\000)p Fr(1)p Fu(]=)p Fr(u)1608 2722 y Fn(1)1681
+2707 y Ft(g)373 2874 y Fr(y)33 b Fu(:=)f Fr(y)h Fo(?)f
+Fr(x)p Fu(;)h Fr(x)g Fu(:=)f Fr(x)p Ft(\000)p Fr(1)373
+3042 y Ft(f)g Fr(1)h Ft(+)f Fs(INV)19 b Fu(\()p Fw(z)p
+Fu(\))32 b Ft(^)h Fs(e)7 b Ft(\024)q Fr(u)1271 3057 y
+Fn(1)1343 3042 y Ft(g)0 3257 y Fu(where)34 b Fs(e)39
+b Fu(is)32 b(the)h(execution)g(time)e(of)h(the)h Fr(while)p
+Fu(-construct.)45 b(W)-8 b(e)33 b(can)g(no)m(w)g(apply)f(the)h(rule)0
+3377 y([while)250 3392 y Fn(e)285 3377 y Fu(])f(if)g
+Fs(e)40 b Fu(ful\014ls)31 b(the)i(conditions)319 3542
+y Fs(INV)18 b Fu(\()p Fw(z)p Fu(+)p Fw(1)p Fu(\))32 b
+Ft(\))g Fs(e)7 b Ft(\025)q Fr(1)p Fu(+)p Fs(e)g Fu([)p
+Fr(x)p Ft(7!)q Fr(x)p Ft(\000)p Fr(1)p Fu(])319 3710
+y Fs(INV)18 b Fu(\()p Fw(0)p Fu(\))33 b Ft(\))f Fr(1)p
+Ft(\024)q Fs(e)3348 3627 y Fu(\(*\))0 3871 y(and)h(w)m(e)g(will)e(get)
+297 4038 y Ft(`)358 4053 y Fn(e)426 4038 y Ft(f)i(9)p
+Fw(z)p Fu(.)p Fs(INV)19 b Fu(\()p Fw(z)p Fu(\))32 b Ft(g)g
+Fr(while)i Ft(:)p Fu(\()p Fr(x)p Fu(=)p Fr(1)p Fu(\))f
+Fr(do)g Fu(\()p Fr(y)g Fu(:=)f Fr(y)p Fo(?)p Fr(x)p Fu(;)h
+Fr(x)g Fu(:=)g Fr(x)p Ft(\000)p Fr(1)p Fu(\))g Ft(f)f
+Fs(e)40 b Ft(+)33 b Fs(INV)18 b Fu(\()p Fw(0)p Fu(\))33
+b Ft(g)0 4206 y Fu(The)h(requiremen)m(t)e(\(*\))h(corresp)s(onds)h(to)e
+(the)h(recurrence)h(equation)244 4421 y Fs(T)13 b Fu(\()p
+Fr(x)p Fu(\))33 b(=)f Fr(1)h Fu(+)f Fs(T)13 b Fu(\()p
+Fr(x)p Ft(\000)p Fr(1)p Fu(\))244 4589 y Fs(T)g Fu(\()p
+Fr(1)p Fu(\))33 b(=)f Fr(1)0 4804 y Fu(obtained)d(b)m(y)i(the)f
+(standard)g(tec)m(hniques)i(from)d(execution)h(time)f(analysis.)42
+b(If)29 b(w)m(e)i(tak)m(e)g Fs(e)37 b Fu(to)0 4924 y(b)s(e)e
+Fr(x)g Fu(then)g(\(*\))g(is)f(ful\014lled.)48 b(The)35
+b(remainder)f(of)g(the)i(pro)s(of)d(is)i(v)m(ery)h(m)m(uc)m(h)f(as)g
+(in)f(Exercise)0 5045 y(6.35)e(and)h(w)m(e)g(get)g(that)f
+Fs(e)965 5060 y Fn(fac)1090 5045 y Fu(m)m(ust)h(satisfy)244
+5260 y Fr(x)g Fo(>)f Fr(0)h Ft(\))f Fr(x)p Fu(+)p Fr(1)h
+Ft(\024)g Fw(k)p Fo(?)p Fs(e)1133 5275 y Fn(fac)1258
+5260 y Fu(for)f(some)g(constan)m(t)i Fw(k)0 5475 y Fu(so)f
+Fs(e)172 5490 y Fn(fac)297 5475 y Fu(ma)m(y)f(b)s(e)h(tak)m(en)h(to)e
+(b)s(e)h Fr(x)p Fu(.)2161 b Fh(2)p eop
+%%Page: 208 218
+208 217 bop 251 130 a Fw(208)1567 b(6)112 b(Axiomatic)35
+b(Program)h(V)-9 b(eri\014cation)p 251 193 3473 4 v 283
+515 a(Exercise)37 b(6.37)49 b Fu(Mo)s(dify)24 b(the)i(pro)s(of)e(of)g
+(Lemma)g(6.30)g(to)h(sho)m(w)h(that)f(the)g(inference)h(system)283
+636 y(of)33 b(T)-8 b(able)32 b(6.5)g(is)g(sound.)2487
+b Fh(2)283 864 y Fw(Exercise)37 b(6.38)49 b Fu(**)43
+b(Suggest)h(an)f(alternativ)m(e)f(rule)h(for)g Fr(while)i
+Fs(b)k Fr(do)44 b Fs(S)55 b Fu(that)43 b(expresses)283
+984 y(that)33 b(its)g(execution)h(time,)e(neglecting)g(constan)m(t)i
+(factors,)g(is)e(the)i(pro)s(duct)f(of)g(the)g(n)m(um)m(b)s(er)283
+1105 y(of)f(times)f(the)i(lo)s(op)d(is)i(executed)i(and)e(the)h
+(maximal)28 b(execution)33 b(time)e(for)g(the)i(b)s(o)s(dy)f(of)f(the)
+283 1225 y(lo)s(op.)3188 b Fh(2)283 1454 y Fw(Exercise)37
+b(6.39)49 b Fu(Suggest)e(an)f(inference)h(rule)f(for)g
+Fr(repeat)i Fs(S)58 b Fr(until)48 b Fs(b)6 b Fu(.)85
+b(Y)-8 b(ou)47 b(are)f(not)283 1574 y(allo)m(w)m(ed)32
+b(to)h(rely)f(on)g(the)h(existence)i(of)d(a)g Fr(while)p
+Fu(-construct)i(in)e(the)h(language.)427 b Fh(2)p eop
+%%Page: 209 219
+209 218 bop 0 1180 a Fv(Chapter)78 b(7)0 1595 y(F)-19
+b(urther)78 b(Reading)0 2047 y Fu(In)23 b(this)f(b)s(o)s(ok)g(w)m(e)i
+(ha)m(v)m(e)g(co)m(v)m(ered)h(the)e(basic)f(ingredien)m(ts)h(in)f
+(three)h(approac)m(hes)h(to)e(seman)m(tics:)145 2233
+y Ft(\017)49 b Fu(op)s(erational)30 b(seman)m(tics,)145
+2430 y Ft(\017)49 b Fu(denotational)30 b(seman)m(tics,)j(and)145
+2628 y Ft(\017)49 b Fu(axiomatic)30 b(seman)m(tics.)0
+2813 y(W)-8 b(e)39 b(ha)m(v)m(e)i(concen)m(trated)g(on)e(a)f(rather)i
+(simple)d(language)h(of)h Fr(while)p Fu(-programs)g(and)g(ha)m(v)m(e)0
+2934 y(studied)d(the)h(underlying)e(theories)h(and)g(the)h(formal)c
+(relationships)i(b)s(et)m(w)m(een)j(the)e(v)-5 b(arious)0
+3054 y(approac)m(hes.)83 b(The)47 b(p)s(o)m(w)m(er)f(of)f(the)h(three)g
+(approac)m(hes)h(ha)m(v)m(e)g(b)s(een)f(illustrated)e(b)m(y)i(v)-5
+b(ari-)0 3174 y(ous)33 b(extensions)i(of)d Fw(While)p
+Fu(:)43 b(non-determinism,)31 b(parallelism,)e(recursiv)m(e)35
+b(pro)s(cedures)f(and)0 3295 y(exceptions.)146 3415 y(W)-8
+b(e)24 b(b)s(eliev)m(e)f(that)g(formal)e(seman)m(tics)i(is)g(an)g(imp)s
+(ortan)m(t)f(to)s(ol)f(for)i(reasoning)g(ab)s(out)f(man)m(y)0
+3536 y(asp)s(ects)27 b(of)d(the)i(b)s(eha)m(viour)f(of)g(programs)g
+(and)g(programming)d(languages.)41 b(T)-8 b(o)25 b(supp)s(ort)h(this)0
+3656 y(b)s(elief)31 b(w)m(e)j(ha)m(v)m(e)g(giv)m(en)e(three)i
+(examples,)e(one)h(for)f(eac)m(h)i(approac)m(h)f(to)f(seman)m(tics:)145
+3842 y Ft(\017)49 b Fu(a)32 b(simple)f(compiler,)145
+4039 y Ft(\017)49 b Fu(a)32 b(static)g(program)f(analysis,)h(and)145
+4236 y Ft(\017)49 b Fu(an)32 b(inference)i(system)f(for)f(execution)h
+(time.)0 4422 y(In)g(conclusion)e(w)m(e)j(shall)d(pro)m(vide)h(a)g(few)
+h(p)s(oin)m(ters)f(to)g(the)h(literature)e(\(mainly)f(textb)s(o)s
+(oks\))0 4542 y(where)h(a)e(more)g(comprehensiv)m(e)i(treatmen)m(t)e
+(of)g(language)f(features)j(or)e(theoretical)f(asp)s(ects)0
+4663 y(ma)m(y)38 b(b)s(e)h(found.)61 b(W)-8 b(e)38 b(do)h(not)f
+(reference)i(the)e(v)-5 b(ast)39 b(n)m(um)m(b)s(er)g(of)f(researc)m(h)h
+(publications)e(in)0 4783 y(the)c(area)f(but)h(rely)g(on)f(the)h
+(references)i(in)d(the)h(b)s(o)s(oks)f(men)m(tioned.)0
+5069 y Fp(Op)t(erational)46 b(seman)l(tics)0 5254 y Fs(Structur)-5
+b(al)38 b(op)-5 b(er)g(ational)35 b(semantics)42 b Fu(w)m(as)35
+b(in)m(tro)s(duced)g(b)m(y)g(Gordon)f(Plotkin)g(in)f([14].)49
+b(This)0 5374 y(is)29 b(a)h(standard)g(reference)h(and)f(co)m(v)m(ers)i
+(a)e(n)m(um)m(b)s(er)g(of)f(features)i(from)d(imp)s(erativ)m(e)g(and)i
+(func-)0 5494 y(tional)36 b(languages)h(whereas)j(features)f(from)e
+(parallel)e(languages)j(are)g(co)m(v)m(ered)i(in)d([15].)60
+b(A)1663 5849 y(209)p eop
+%%Page: 210 220
+210 219 bop 251 130 a Fw(210)2326 b(7)112 b(F)-9 b(urther)37
+b(Reading)p 251 193 3473 4 v 283 515 a Fu(more)42 b(in)m(tro)s(ductory)
+g(treatmen)m(t)g(of)g(structural)g(op)s(erational)e(seman)m(tics)i(is)g
+(giv)m(en)g(in)g([9].)283 636 y Fs(Natur)-5 b(al)38 b(semantics)j
+Fu(is)34 b(deriv)m(ed)i(from)d(structural)h(op)s(erational)e(seman)m
+(tics)j(and)f(the)h(basic)283 756 y(ideas)e(are)f(presen)m(ted)j(in)d
+([6])h(for)f(a)g(functional)f(language.)430 879 y(Although)36
+b(w)m(e)i(ha)m(v)m(e)h(co)m(v)m(ered)g(man)m(y)e(of)g(the)h(essen)m
+(tial)f(ideas)g(b)s(ehind)g(op)s(erational)e(se-)283
+1000 y(man)m(tics)d(w)m(e)i(should)e(lik)m(e)g(to)h(men)m(tion)e(three)
+i(tec)m(hniques)i(that)d(ha)m(v)m(e)i(had)f(to)f(b)s(e)h(omitted.)430
+1123 y(A)45 b(tec)m(hnique)h(that)f(is)g(often)g(used)h(when)g(sp)s
+(ecifying)e(a)h(structural)g(op)s(erational)e(se-)283
+1243 y(man)m(tics)d(is)g(to)f(extend)j(the)e(syn)m(tactic)h(comp)s
+(onen)m(t)f(of)g(the)g(con\014gurations)g(with)g(sp)s(ecial)283
+1364 y(notation)j(for)f(recording)h Fs(p)-5 b(artial)5
+b(ly)45 b(pr)-5 b(o)g(c)g(esse)g(d)44 b(c)-5 b(onstructs)p
+Fu(.)76 b(The)45 b(inference)f(system)g(will)283 1484
+y(then)34 b(con)m(tain)f(axioms)g(and)g(rules)g(that)h(handle)f(these)h
+(\\extended")h(con\014gurations.)46 b(This)283 1604 y(tec)m(hnique)c
+(ma)m(y)f(b)s(e)g(used)g(to)g(sp)s(ecify)g(a)f(structural)g(op)s
+(erational)e(seman)m(tics)j(of)f(the)h(lan-)283 1725
+y(guages)k Fw(Blo)s(c)m(k)e Fu(and)h Fw(Pro)s(c)g Fu(in)f(Section)h
+(2.5)g(and)h(to)f(sp)s(ecify)g(a)g(structural)g(op)s(erational)283
+1845 y(seman)m(tics)33 b(of)f(expressions.)430 1968 y(Both)j(kinds)h
+(of)f(op)s(erational)e(seman)m(tics)i(can)h(easily)e(b)s(e)i(extended)h
+(to)e(cop)s(e)h(explicitly)283 2089 y(with)i Fs(dynamic)h(err)-5
+b(ors)46 b Fu(\(as)38 b(e.g.)59 b(division)37 b(b)m(y)h(zero\).)60
+b(The)39 b(idea)e(is)h(to)f(extend)i(the)g(set)f(of)283
+2209 y(con\014gurations)43 b(with)f(sp)s(ecial)g
+(error-con\014gurations)g(and)g(then)i(augmen)m(t)e(the)h(inference)283
+2329 y(system)34 b(with)e(extra)h(axioms)f(and)g(rules)h(for)f(ho)m(w)h
+(to)f(handle)h(these)h(con\014gurations.)430 2453 y(Often)h(programs)g
+(ha)m(v)m(e)h(to)f(ful\014l)f(certain)h(conditions)f(in)g(order)i(to)f
+(b)s(e)g Fs(static)-5 b(al)5 b(ly)38 b(wel)5 b(l-)283
+2573 y(forme)-5 b(d)61 b Fu(and)52 b(hence)h(preclude)f(certain)f
+(dynamic)g(errors.)101 b(These)53 b(conditions)e(can)h(b)s(e)283
+2693 y(form)m(ulated)39 b(using)g(inductiv)m(ely)g(de\014ned)i
+(predicates)g(and)e(ma)m(y)h(b)s(e)g(in)m(tegrated)f(with)g(the)283
+2814 y(op)s(erational)31 b(seman)m(tics.)283 3120 y Fp(Pro)l(v)-7
+b(ably)46 b(correct)f(implemen)l(tation)283 3310 y Fu(The)35
+b Fs(c)-5 b(orr)g(e)g(ctness)34 b(of)i(the)f(implementation)k
+Fu(of)33 b(Chapter)h(3)f(w)m(as)h(a)f(relativ)m(ely)f(simple)g(pro)s
+(of)283 3430 y(b)s(ecause)f(it)c(w)m(as)j(based)f(on)g(an)g(abstract)g
+(mac)m(hine)f(designed)h(for)f(the)h(purp)s(ose.)43 b(In)29
+b(general,)283 3551 y(when)49 b(more)e(realistic)e(mac)m(hines)j(or)f
+(larger)f(languages)h(are)g(considered,)53 b(pro)s(ofs)47
+b(easily)283 3671 y(b)s(ecome)42 b(un)m(wieldy)f(and)h(p)s(erhaps)g
+(for)e(this)h(reason)h(there)g(is)e(no)i(ideal)d(textb)s(o)s(ok)j(in)e
+(this)283 3792 y(area.)50 b(W)-8 b(e)35 b(therefore)h(only)e(reference)
+i(t)m(w)m(o)g(researc)m(h)g(pap)s(ers:)48 b([7])35 b(for)f(an)h
+(approac)m(h)g(based)283 3912 y(on)e(natural)e(seman)m(tics)i(and)g
+([13)o(])g(for)f(an)h(approac)m(h)g(based)g(on)g(denotational)d(seman)m
+(tics.)283 4218 y Fp(Denotational)48 b(seman)l(tics)283
+4408 y Fu(A)43 b(general)e(in)m(tro)s(duction)g(to)h
+Fs(denotational)g(semantics)50 b Fu(\(as)42 b(dev)m(elop)s(ed)h(b)m(y)g
+(C.)f(Strac)m(hey)283 4529 y(and)32 b(D.)f(Scott\))g(ma)m(y)g(b)s(e)h
+(found)f(in)g([16].)43 b(It)31 b(co)m(v)m(ers)i(denotational)d(seman)m
+(tics)h(for)g(\(mainly\))283 4649 y(imp)s(erativ)m(e)43
+b(languages)g(and)g(co)m(v)m(ers)j(the)e(fundamen)m(tals)f(of)h(domain)
+d(theory)k(\(including)283 4769 y(re\015exiv)m(e)38 b(domains\).)52
+b(Another)36 b(go)s(o)s(d)f(reference)j(for)d(imp)s(erativ)m(e)f
+(languages)i(is)f([8])h(but)g(it)283 4890 y(do)s(es)j(not)f(co)m(v)m
+(er)h(the)f(domain)e(theory)-8 b(.)60 b(W)-8 b(e)39 b(should)f(also)e
+(men)m(tion)h(a)h(classic)g(in)f(the)h(\014eld)283 5010
+y([17])29 b(ev)m(en)i(though)f(the)f(domain)f(theory)i(is)e(based)j(on)
+e(the)h(\(b)m(y)g(no)m(w)g(obsolete\))f(approac)m(h)g(of)283
+5131 y(complete)j(lattices.)430 5254 y(W)-8 b(e)28 b(ha)m(v)m(e)h
+(restricted)f(the)g(treatmen)m(t)g(of)f(domain)g(theory)h(to)f(what)h
+(is)g(needed)h(for)e(sp)s(eci-)283 5374 y(fying)g(the)h(denotational)d
+(seman)m(tics)j(of)f(the)g Fr(while)p Fu(-language.)42
+b(The)28 b(b)s(ene\014t)g(of)f(this)g(is)g(that)283 5494
+y(w)m(e)34 b(can)f(restrict)f(ourselv)m(es)i(to)e(partial)e(functions)i
+(b)s(et)m(w)m(een)j(states)e(and)g(thereb)m(y)h(obtain)d(a)p
+eop
+%%Page: 211 221
+211 220 bop 3304 130 a Fw(211)p 0 193 3473 4 v 0 515
+a Fu(relativ)m(ely)28 b(simple)f(theoretical)g(dev)m(elopmen)m(t.)43
+b(The)30 b(dra)m(wbac)m(k)h(is)d(that)g(it)g(b)s(ecomes)h(rather)0
+636 y(cum)m(b)s(ersome)34 b(to)g(v)m(erify)g(the)h(existence)g(of)f
+(seman)m(tic)f(sp)s(eci\014cations)h(for)g(other)g(languages)0
+756 y(\(as)f(evidenced)h(in)e(Section)g(4.5\).)146 877
+y(The)38 b(traditional)33 b(solution)h(is)i(to)g(dev)m(elop)h(a)f
+Fs(meta-language)42 b Fu(for)36 b(expressing)i(denota-)0
+997 y(tional)22 b(de\014nitions.)40 b(The)26 b(theoretical)d
+(foundation)g(of)h(this)g(language)g(will)e(then)j(ensure)h(that)0
+1117 y(the)36 b(seman)m(tic)g(functions)g(do)g(exist)h(as)f(long)f(as)h
+(one)g(only)g(uses)h(domains)e(and)h(op)s(erations)0
+1238 y(from)d(the)h(meta-language.)46 b(The)35 b(b)s(ene\014t)g(of)f
+(this)g(is)f(ob)m(vious;)i(the)g(dra)m(wbac)m(k)h(is)d(that)h(one)0
+1358 y(has)k(to)g(pro)m(v)m(e)h(a)f(fair)e(amoun)m(t)i(of)f(results)h
+(but)h(the)f(e\013orts)g(are)g(greatly)f(rew)m(arded)j(in)d(the)0
+1478 y(long)31 b(run.)44 b(Both)33 b([16)o(])g(and)g([17)o(])g(con)m
+(tain)f(suc)m(h)i(a)e(dev)m(elopmen)m(t.)146 1599 y(The)45
+b(denotational)c(approac)m(h)j(can)g(handle)g Fs(ab)-5
+b(ortion)50 b Fu(and)44 b Fs(non-determinism)49 b Fu(using)0
+1719 y(a)43 b(kind)g(of)g(p)s(o)m(w)m(ersets)i(called)d(p)s(o)m(w)m
+(er-domains.)75 b(Certain)43 b(kinds)h(of)e Fs(p)-5 b(ar)g(al)5
+b(lelism)50 b Fu(can)43 b(b)s(e)0 1840 y(handled)33 b(as)g(w)m(ell)f
+(but)h(for)f(man)m(y)h(purp)s(oses)h(it)e(is)g(b)s(etter)h(to)g(use)h
+(a)e(structural)h(op)s(erational)0 1960 y(seman)m(tics)g(instead.)0
+2249 y Fp(Static)46 b(program)f(analysis)0 2434 y Fu(A)29
+b(selection)g(of)g Fs(static)j(pr)-5 b(o)g(gr)g(am)30
+b(analysis)37 b Fu(tec)m(hniques)31 b(for)e(imp)s(erativ)m(e)e
+(languages)i(\(as)g(w)m(ell)0 2554 y(as)h(tec)m(hniques)i(for)d
+(implemen)m(tations)e(on)j(realistic)e(mac)m(hines\))i(is)f(giv)m(en)h
+(in)f([3];)i(but)f(unfor-)0 2674 y(tunately)-8 b(,)30
+b(no)g(considerations)f(of)g(correctness)j(are)d(giv)m(en.)43
+b(T)-8 b(reatmen)m(ts)30 b(of)g(correctness)h(are)0 2795
+y(often)i(based)g(on)g(abstract)f(in)m(terpretation)g(and)h([1])f(surv)
+m(eys)j(a)e(n)m(um)m(b)s(er)g(of)f(approac)m(hes.)0 3084
+y Fp(Axiomatic)46 b(program)f(v)l(eri\014cation)0 3268
+y Fu(A)g(general)g(in)m(tro)s(duction)f(to)g Fs(pr)-5
+b(o)g(gr)g(am)46 b(veri\014c)-5 b(ation)p Fu(,)47 b(and)f(in)e
+(particular)f Fs(axiomatic)j(se-)0 3389 y(mantics)i Fu(ma)m(y)41
+b(b)s(e)g(found)f(in)g([11].)68 b(The)42 b(presen)m(tation)f(co)m(v)m
+(ers)h(a)f(\015o)m(w)m(c)m(hart)h(language,)g(a)0 3509
+y Fr(while)p Fu(-language)35 b(and)h(a)f(\(\014rst)h(order\))g
+(functional)e(language)g(and)i(also)e(includes)i(a)f(study)0
+3629 y(of)30 b(expressiv)m(eness)k(\(as)c(needed)i(for)d(the)i(in)m
+(tensional)d(approac)m(h)j(to)f(axiomatic)d(seman)m(tics\).)0
+3750 y(Man)m(y)32 b(b)s(o)s(oks,)g(including)e([10)o(],)i(dev)m(elop)g
+(axiomatic)d(program)h(v)m(eri\014cation)h(together)h(with)0
+3870 y(practically)k(motiv)-5 b(ated)36 b(examples.)60
+b(A)38 b(go)s(o)s(d)f(in)m(tro)s(duction)g(to)g(the)i(analysis)e(of)h
+Fs(r)-5 b(esour)g(c)g(e)0 3991 y(r)g(e)g(quir)g(ements)47
+b Fu(of)39 b(programs)f(is)h([2])h(and)f(the)h(form)m(ulation)c(as)k
+(formal)d(inference)j(systems)0 4111 y(ma)m(y)32 b(b)s(e)g(found)g(in)f
+([12].)43 b(W)-8 b(e)32 b(should)g(also)f(men)m(tion)g(a)h(classic)f
+([5])h(that)g(studies)g(soundness)0 4231 y(and)37 b(completeness)h
+(prop)s(erties)f(with)f(resp)s(ect)j(to)d(a)h(denotational)e(seman)m
+(tics.)57 b(Rules)37 b(for)0 4352 y(pro)s(cedures)d(ma)m(y)e(b)s(e)h
+(found)g(in)f([4)o(].)146 4472 y(W)-8 b(e)32 b(should)f(p)s(oin)m(t)f
+(out)h(that)g(w)m(e)h(ha)m(v)m(e)h(used)f(the)g(extensional)f(approac)m
+(h)g(to)g(sp)s(ecifying)0 4592 y(the)49 b(assertions)f(of)g(the)h
+(inference)f(systems.)92 b(This)49 b(allo)m(ws)e(us)h(to)g(concen)m
+(trate)i(on)e(the)0 4713 y Fs(formulation)39 b Fu(of)31
+b(the)h(inference)h(systems)g(without)e(ha)m(ving)h(to)f(w)m(orry)i(ab)
+s(out)e(the)h Fs(existenc)-5 b(e)0 4833 y Fu(of)29 b(the)h(assertions)h
+(in)e(an)g(explicit)g(assertion)g(language.)42 b(Ho)m(w)m(ev)m(er,)32
+b(it)d(is)g(more)g(common)g(to)0 4954 y(use)34 b(the)f(in)m(tensional)e
+(approac)m(h)i(as)f(is)g(done)h(in)f([11].)p eop
+%%Page: 212 222
+212 221 bop 251 130 a Fw(212)2326 b(7)112 b(F)-9 b(urther)37
+b(Reading)p 251 193 3473 4 v eop
+%%Page: 213 223
+213 222 bop 0 1216 a Fv(App)6 b(endix)77 b(A)0 1668 y(Review)g(of)h
+(Notation)0 2157 y Fu(W)-8 b(e)33 b(use)h(the)f(follo)m(wing)c
+(notation:)319 2316 y Ft(9)644 b Fu(there)33 b(exists)319
+2484 y Ft(8)644 b Fu(for)32 b(all)319 2652 y Ft(f)g Fs(x)44
+b Ft(j)32 b Fo(:)17 b(:)g(:)p Fs(x)12 b Fo(:)17 b(:)g(:)32
+b Ft(g)99 b Fu(the)33 b(set)g(of)g(those)g Fs(x)44 b
+Fu(suc)m(h)34 b(that)e Fo(:)17 b(:)g(:)p Fs(x)12 b Fo(:)17
+b(:)g(:)32 b Fu(holds)319 2819 y Fs(x)44 b Ft(2)33 b
+Fs(X)439 b(x)44 b Fu(is)33 b(a)f(mem)m(b)s(er)g(of)g(the)h(set)g
+Fs(X)319 2987 y(X)48 b Ft(\022)33 b Fs(Y)397 b Fu(set)33
+b Fs(X)49 b Fu(is)32 b(con)m(tained)h(in)f(set)h Fs(Y)319
+3155 y(X)48 b Ft([)33 b Fs(Y)408 b Ft(f)32 b Fs(z)45
+b Ft(j)32 b Fs(z)12 b Ft(2)q Fs(X)48 b Fu(or)32 b Fs(z)12
+b Ft(2)q Fs(Y)52 b Ft(g)32 b Fu(\(union\))319 3322 y
+Fs(X)48 b Ft(\\)33 b Fs(Y)408 b Ft(f)32 b Fs(z)45 b Ft(j)32
+b Fs(z)12 b Ft(2)q Fs(X)48 b Fu(and)33 b Fs(z)12 b Ft(2)p
+Fs(Y)52 b Ft(g)33 b Fu(\(in)m(tersection\))319 3490 y
+Fs(X)48 b Ft(n)33 b Fs(Y)424 b Ft(f)32 b Fs(z)45 b Ft(j)32
+b Fs(z)12 b Ft(2)q Fs(X)48 b Fu(and)33 b Fs(z)12 b Ft(62)p
+Fs(Y)52 b Ft(g)33 b Fu(\(set)g(di\013erence\))319 3657
+y Fs(X)48 b Ft(\002)33 b Fs(Y)397 b Ft(f)32 b(h)p Fs(x)12
+b Fu(,)33 b Fs(y)9 b Ft(i)32 b(j)g Fs(x)12 b Ft(2)p Fs(X)49
+b Fu(and)33 b Fs(y)9 b Ft(2)p Fs(Y)52 b Ft(g)33 b Fu(\(Cartesian)f(pro)
+s(duct\))319 3825 y Ft(P)8 b Fu(\()p Fs(X)16 b Fu(\))458
+b Ft(f)32 b Fs(Z)47 b Ft(j)32 b Fs(Z)47 b Ft(\022)33
+b Fs(X)49 b Ft(g)32 b Fu(\(p)s(o)m(w)m(erset\))319 3926
+y Fg(S)388 3993 y Ft(Y)563 b(f)32 b Fs(y)42 b Ft(j)32
+b(9)q Fs(Y)19 b Ft(2)q(Y)7 b Fu(:)44 b Fs(y)9 b Ft(2)p
+Fs(Y)53 b Ft(g)32 b Fu(\(so)h(that)2306 3926 y Fg(S)2375
+3993 y Ft(f)f Fs(Y)2549 4008 y Fn(1)2589 3993 y Fu(,)g
+Fs(Y)2740 4008 y Fn(2)2812 3993 y Ft(g)g Fu(=)h Fs(Y)3094
+4008 y Fn(1)3134 3993 y Ft([)p Fs(Y)3292 4008 y Fn(2)3331
+3993 y Fu(\))319 4160 y Ft(;)649 b Fu(the)33 b(empt)m(y)g(set)319
+4328 y Fw(T)621 b Ft(f)32 b Fw(tt)p Fu(,)g Fw(\013)h
+Ft(g)f Fu(\(truth)h(v)-5 b(alues)33 b Fw(tt)e Fu(\(true\))i(and)g
+Fw(\013)g Fu(\(false\)\))319 4496 y Fw(N)611 b Ft(f)32
+b Fw(0)p Fu(,)h Fw(1)p Fu(,)g Fw(2)p Fu(,)f Fo(:)17 b(:)g(:)32
+b Ft(g)h Fu(\(natural)e(n)m(um)m(b)s(ers\))319 4663 y
+Fw(Z)631 b Ft(f)32 b Fo(:)17 b(:)g(:)p Fu(,)33 b({)p
+Fw(2)p Fu(,)f({)p Fw(1)p Fu(,)g Fw(0)p Fu(,)h Fw(1)p
+Fu(,)g Fw(2)p Fu(,)f Fo(:)17 b(:)g(:)32 b Ft(g)h Fu(\(in)m(tegers\))319
+4831 y Fs(f)20 b Fu(:)p Fs(X)c Ft(!)p Fs(Y)362 b(f)54
+b Fu(is)32 b(a)g(total)f(function)h(from)f Fs(X)49 b
+Fu(to)32 b Fs(Y)319 4998 y(X)16 b Ft(!)o Fs(Y)440 b Ft(f)32
+b Fs(f)54 b Ft(j)32 b Fs(f)21 b Fu(:)p Fs(X)16 b Ft(!)p
+Fs(Y)52 b Ft(g)319 5166 y Fs(f)20 b Fu(:)p Fs(X)c Fo(,)-17
+b Ft(!)q Fs(Y)351 b(f)54 b Fu(is)32 b(a)g(partial)e(function)i(from)g
+Fs(X)48 b Fu(to)33 b Fs(Y)319 5334 y(X)16 b Fo(,)-17
+b Ft(!)p Fs(Y)429 b Ft(f)32 b Fs(f)54 b Ft(j)32 b Fs(f)21
+b Fu(:)p Fs(X)16 b Fo(,)-17 b Ft(!)p Fs(Y)53 b Ft(g)0
+5494 y Fu(In)41 b(addition)e(to)h(this)g(w)m(e)i(ha)m(v)m(e)g(sp)s
+(ecial)e(notations)g(for)g(functions,)i(relations,)g(predicates)1663
+5849 y(213)p eop
+%%Page: 214 224
+214 223 bop 251 130 a Fw(214)2151 b(A)112 b(Review)36
+b(of)i(Notation)p 251 193 3473 4 v 283 515 a Fu(and)33
+b(transition)e(systems.)283 797 y Fp(F)-11 b(unctions)283
+981 y Fu(The)34 b(e\013ect)f(of)g(a)f(function)g Fs(f)21
+b Fu(:)p Fs(X)16 b Ft(!)p Fs(Y)52 b Fu(is)32 b(expressed)j(b)m(y)f(its)
+e Fs(gr)-5 b(aph)p Fu(:)527 1141 y(graph\()p Fs(f)21
+b Fu(\))33 b(=)f Ft(f)g(h)p Fs(x)12 b Fu(,)32 b Fs(y)9
+b Ft(i2)q Fs(X)16 b Ft(\002)p Fs(Y)52 b Ft(j)33 b Fs(f)53
+b(x)44 b Fu(=)33 b Fs(y)41 b Ft(g)283 1300 y Fu(whic)m(h)23
+b(is)e(merely)g(an)h(elemen)m(t)g(of)f Ft(P)9 b Fu(\()p
+Fs(X)16 b Ft(\002)p Fs(Y)k Fu(\).)i(The)h(graph)e(of)h
+Fs(f)42 b Fu(has)23 b(the)f(follo)m(wing)d(prop)s(erties)429
+1460 y Ft(\017)48 b(h)p Fs(x)12 b Fu(,)32 b Fs(y)9 b
+Ft(i2)q Fu(graph\()p Fs(f)20 b Fu(\))33 b(and)g Ft(h)o
+Fs(x)12 b Fu(,)33 b Fs(y)1648 1423 y Fi(0)1671 1460 y
+Ft(i2)p Fu(graph\()p Fs(f)21 b Fu(\))32 b(imply)f Fs(y)42
+b Fu(=)32 b Fs(y)2706 1423 y Fi(0)2729 1460 y Fu(,)h(and)429
+1648 y Ft(\017)48 b(8)q Fs(x)12 b Ft(2)p Fs(X)k Fu(:)33
+b Ft(9)p Fs(y)9 b Ft(2)q Fs(Y)19 b Fu(:)33 b Ft(h)p Fs(x)12
+b Fu(,)32 b Fs(y)9 b Ft(i2)33 b Fu(graph\()p Fs(f)20
+b Fu(\))283 1808 y(This)38 b(expresses)i(the)e(single-v)-5
+b(aluedness)37 b(of)g Fs(f)58 b Fu(and)37 b(the)h(totalit)m(y)d(of)i
+Fs(f)21 b Fu(.)57 b(W)-8 b(e)38 b(sa)m(y)g(that)f Fs(f)58
+b Fu(is)283 1928 y Fs(inje)-5 b(ctive)40 b Fu(if)31 b
+Fs(f)53 b(x)45 b Fu(=)32 b Fs(f)54 b(x)1186 1892 y Fi(0)1241
+1928 y Fu(implies)30 b(that)j Fs(x)44 b Fu(=)32 b Fs(x)2038
+1892 y Fi(0)2062 1928 y Fu(.)430 2049 y(A)h Fs(p)-5 b(artial)43
+b Fu(function)32 b Fs(g)9 b Fu(:)p Fs(X)16 b Fo(,)-17
+b Ft(!)p Fs(Y)53 b Fu(is)33 b(a)f(function)h(from)f(a)g(subset)j
+Fs(X)2901 2064 y Fc(g)2974 2049 y Fu(of)e Fs(X)49 b Fu(to)33
+b Fs(Y)19 b Fu(,)34 b(that)e(is)283 2169 y Fs(g)9 b Fu(:)p
+Fs(X)452 2184 y Fc(g)492 2169 y Ft(!)p Fs(Y)20 b Fu(.)32
+b(Again)g(one)h(ma)m(y)f(de\014ne)527 2328 y(graph\()p
+Fs(g)9 b Fu(\))32 b(=)h Ft(f)f(h)p Fs(x)12 b Fu(,)32
+b Fs(y)9 b Ft(i2)p Fs(X)16 b Ft(\002)q Fs(Y)52 b Ft(j)32
+b Fs(g)41 b(x)k Fu(=)32 b Fs(y)42 b Fu(and)32 b Fs(x)12
+b Ft(2)q Fu(X)2549 2343 y Fc(g)2621 2328 y Ft(g)283 2488
+y Fu(but)32 b(no)m(w)f(only)g(an)g(analogue)f(of)g(the)h(single-v)-5
+b(aluedness)31 b(prop)s(ert)m(y)h(ab)s(o)m(v)m(e)g(is)e(satis\014ed.)43
+b(W)-8 b(e)283 2608 y(shall)33 b(write)h Fs(g)43 b(x)j
+Fu(=)34 b Fs(y)43 b Fu(whenev)m(er)36 b Ft(h)p Fs(x)12
+b Fu(,)34 b Fs(y)9 b Ft(i2)q Fu(graph\()p Fs(g)g Fu(\))33
+b(and)h Fs(g)43 b(x)j Fu(=)34 b(undef)p 2778 2621 236
+4 v 35 w(whenev)m(er)i Fs(x)12 b Ft(62)q Fs(X)3689 2623
+y Fc(g)3729 2608 y Fu(,)283 2729 y(that)38 b(is)g(whenev)m(er)i
+Ft(:)q(9)p Fs(y)9 b Ft(2)p Fs(Y)20 b Fu(:)38 b Ft(h)p
+Fs(x)12 b Fu(,)39 b Fs(y)9 b Ft(i2)p Fu(graph\()p Fs(g)g
+Fu(\).)59 b(T)-8 b(o)38 b(distinguish)f(b)s(et)m(w)m(een)j(a)e
+(function)f Fs(f)283 2849 y Fu(and)26 b(a)f(partial)e(function)i
+Fs(g)34 b Fu(one)25 b(often)g(calls)g Fs(f)46 b Fu(a)25
+b Fs(total)36 b Fu(function.)k(W)-8 b(e)26 b(shall)e(view)h(the)h
+(partial)283 2969 y(functions)33 b(as)g(encompassing)f(the)h(total)e
+(functions.)430 3090 y(F)-8 b(or)32 b(total)f(functions)h
+Fs(f)1309 3105 y Fn(1)1381 3090 y Fu(and)h Fs(f)1622
+3105 y Fn(2)1694 3090 y Fu(w)m(e)g(de\014ne)h(their)e(comp)s(osition)e
+Fs(f)2948 3105 y Fn(2)2988 3090 y Ft(\016)o Fs(f)3088
+3105 y Fn(1)3160 3090 y Fu(b)m(y)527 3249 y(\()p Fs(f)616
+3264 y Fn(2)656 3249 y Ft(\016)o Fs(f)756 3264 y Fn(1)796
+3249 y Fu(\))i Fs(x)45 b Fu(=)32 b Fs(f)1115 3264 y Fn(2)1154
+3249 y Fu(\()p Fs(f)1243 3264 y Fn(1)1315 3249 y Fs(x)12
+b Fu(\))283 3408 y(\(Note)43 b(that)g(the)g(opp)s(osite)f(order)h(is)f
+(sometimes)f(used)j(in)e(the)h(literature.\))72 b(F)-8
+b(or)42 b(partial)283 3529 y(functions)33 b Fs(g)758
+3544 y Fn(1)830 3529 y Fu(and)f Fs(g)1073 3544 y Fn(2)1145
+3529 y Fu(w)m(e)h(de\014ne)h Fs(g)1624 3544 y Fn(2)1663
+3529 y Ft(\016)p Fs(g)1767 3544 y Fn(1)1839 3529 y Fu(similarly:)602
+3688 y(\()p Fs(g)694 3703 y Fn(2)733 3688 y Ft(\016)p
+Fs(g)837 3703 y Fn(1)876 3688 y Fu(\))e Fs(x)45 b Fu(=)32
+b Fs(z)295 b Fu(if)32 b(there)h(exists)g Fs(y)42 b Fu(suc)m(h)34
+b(that)e Fs(g)2661 3703 y Fn(1)2733 3688 y Fs(x)44 b
+Fu(=)33 b Fs(y)41 b Fu(and)33 b Fs(g)3263 3703 y Fn(2)3334
+3688 y Fs(y)42 b Fu(=)32 b Fs(z)602 3856 y Fu(\()p Fs(g)694
+3871 y Fn(2)733 3856 y Ft(\016)p Fs(g)837 3871 y Fn(1)876
+3856 y Fu(\))g Fs(x)45 b Fu(=)32 b(undef)p 1144 3869
+V 100 w(if)g Fs(g)1623 3871 y Fn(1)1694 3856 y Fs(x)45
+b Fu(=)32 b(undef)p 1892 3869 V 33 w(or)1479 4023 y(if)g(there)h
+(exists)g Fs(y)42 b Fu(suc)m(h)34 b(that)e Fs(g)2661
+4038 y Fn(1)2733 4023 y Fs(x)44 b Fu(=)33 b Fs(y)1479
+4191 y Fu(but)g Fs(g)1712 4206 y Fn(2)1784 4191 y Fs(y)41
+b Fu(=)33 b(undef)p 1981 4204 V 283 4352 a(The)h(iden)m(tit)m(y)e
+(function)g(id:)p Fs(X)16 b Ft(!)p Fs(X)48 b Fu(is)32
+b(de\014ned)i(b)m(y)527 4511 y(id)e Fs(x)44 b Fu(=)33
+b Fs(x)283 4671 y Fu(Finally)-8 b(,)28 b(if)h Fs(f)21
+b Fu(:)p Fs(X)16 b Ft(!)p Fs(Y)k Fu(,)29 b Fs(x)12 b
+Ft(2)q Fs(X)46 b Fu(and)30 b Fs(y)9 b Ft(2)p Fs(Y)50
+b Fu(then)30 b(the)h(function)e Fs(f)21 b Fu([)p Fs(x)12
+b Ft(7!)p Fs(y)d Fu(]:)p Fs(X)16 b Ft(!)p Fs(Y)49 b Fu(is)30
+b(de\014ned)h(b)m(y)527 5013 y Fs(f)21 b Fu([)p Fs(x)12
+b Ft(7!)p Fs(y)d Fu(])32 b Fs(x)934 4977 y Fi(0)990 5013
+y Fu(=)1098 4838 y Fg(8)1098 4913 y(<)1098 5062 y(:)1214
+4928 y Fs(y)199 b Fu(if)32 b Fs(x)44 b Fu(=)32 b Fs(x)1804
+4892 y Fi(0)1214 5096 y Fs(f)53 b(x)1354 5059 y Fi(0)1460
+5096 y Fu(otherwise)283 5254 y(A)33 b(similar)c(notation)j(ma)m(y)g(b)s
+(e)h(used)g(when)h Fs(f)54 b Fu(is)32 b(a)g(partial)e(function.)430
+5374 y(The)25 b(function)e Fs(f)45 b Fu(is)24 b(of)g
+Fs(or)-5 b(der)26 b(of)h(magnitude)k(g)9 b Fu(,)25 b(written)f
+Ft(O)s Fu(\()p Fs(g)9 b Fu(\),)26 b(if)d(there)h(exists)h(a)f(natural)
+283 5494 y(n)m(um)m(b)s(er)33 b Fw(k)g Fu(suc)m(h)h(that)e
+Ft(8)q Fs(x)12 b Fu(.)43 b Fs(f)54 b(x)44 b Ft(\024)33
+b Fw(k)g Fo(?)f Fu(\()p Fs(g)41 b(x)12 b Fu(\).)p eop
+%%Page: 215 225
+215 224 bop 3304 130 a Fw(215)p 0 193 3473 4 v 0 515
+a Fp(Relations)0 700 y Fu(A)32 b Fs(r)-5 b(elation)34
+b(fr)-5 b(om)39 b(X)49 b(to)38 b(Y)52 b Fu(is)31 b(a)h(subset)i(of)e
+Fs(X)16 b Ft(\002)p Fs(Y)52 b Fu(\(that)32 b(is)g(an)g(elemen)m(t)g(of)
+f Ft(P)9 b Fu(\()p Fs(X)16 b Ft(\002)q Fs(Y)j Fu(\)\).)32
+b(A)0 820 y(relation)27 b Fs(on)36 b(X)44 b Fu(is)29
+b(a)f(subset)j(of)d Fs(X)16 b Ft(\002)p Fs(X)g Fu(.)29
+b(If)g Fs(f)21 b Fu(:)p Fs(X)16 b Ft(!)p Fs(Y)48 b Fu(or)29
+b Fs(f)21 b Fu(:)p Fs(X)16 b Fo(,)-17 b Ft(!)p Fs(Y)48
+b Fu(then)30 b(the)f(graph)g(of)f Fs(f)49 b Fu(is)29
+b(a)0 941 y(relation.)46 b(\(Sometimes)32 b(a)i(function)g(is)f(iden)m
+(ti\014ed)h(with)f(its)h(graph)g(but)g(w)m(e)h(shall)d(k)m(eep)k(the)0
+1061 y(distinction.\))42 b(The)33 b Fs(identity)i(r)-5
+b(elation)40 b Fu(on)32 b Fs(X)49 b Fu(is)32 b(the)h(relation)244
+1253 y(I)279 1268 y Fc(X)379 1253 y Fu(=)f Ft(f)h(h)o
+Fs(x)12 b Fu(,)33 b Fs(x)12 b Ft(i)32 b(j)g Fs(x)12 b
+Ft(2)p Fs(X)49 b Ft(g)0 1445 y Fu(from)38 b Fs(X)56 b
+Fu(to)40 b Fs(X)16 b Fu(.)40 b(When)g Fs(X)56 b Fu(is)40
+b(clear)f(from)f(the)i(con)m(text)h(w)m(e)g(shall)e(omit)e(the)j
+(subscript)h Fs(X)0 1565 y Fu(and)33 b(simply)e(write)h(I.)146
+1686 y(If)37 b Fs(R)323 1701 y Fn(1)362 1686 y Ft(\022)q
+Fs(X)16 b Ft(\002)p Fs(Y)56 b Fu(and)37 b Fs(R)1002 1701
+y Fn(2)1041 1686 y Ft(\022)q Fs(Y)19 b Ft(\002)q Fs(Z)50
+b Fu(the)37 b Fs(c)-5 b(omp)g(osition)42 b Fu(of)36 b
+Fs(R)2304 1701 y Fn(1)2380 1686 y Fu(follo)m(w)m(ed)f(b)m(y)j
+Fs(R)2975 1701 y Fn(2)3014 1686 y Fu(,)g(whic)m(h)e(w)m(e)0
+1806 y(denote)d(b)m(y)h Fs(R)525 1821 y Fn(1)564 1806
+y Ft(\005)o Fs(R)689 1821 y Fn(2)729 1806 y Fu(,)e(is)g(de\014ned)i(b)m
+(y)244 1998 y Fs(R)319 2013 y Fn(1)358 1998 y Ft(\005)o
+Fs(R)483 2013 y Fn(2)555 1998 y Fu(=)f Ft(f)f(h)p Fs(x)12
+b Fu(,)32 b Fs(z)12 b Ft(i)32 b(j)h(9)p Fs(y)9 b Ft(2)p
+Fs(Y)20 b Fu(:)33 b Ft(h)o Fs(x)12 b Fu(,)33 b Fs(y)9
+b Ft(i2)p Fs(R)1805 2013 y Fn(1)1877 1998 y Fu(and)33
+b Ft(h)p Fs(y)9 b Fu(,)32 b Fs(z)12 b Ft(i2)p Fs(R)2453
+2013 y Fn(2)2525 1998 y Ft(g)0 2189 y Fu(Note)33 b(that)f(the)h(order)g
+(of)f(comp)s(osition)e(di\013ers)j(from)e(that)h(used)i(for)e
+(functions,)244 2381 y(graph\()p Fs(f)577 2396 y Fn(2)616
+2381 y Ft(\016)p Fs(f)717 2396 y Fn(1)756 2381 y Fu(\))h(=)f(graph\()p
+Fs(f)1268 2396 y Fn(1)1307 2381 y Fu(\))h Ft(\005)e Fu(graph\()p
+Fs(f)1793 2396 y Fn(2)1832 2381 y Fu(\))0 2573 y(and)i(that)f(w)m(e)i
+(ha)m(v)m(e)g(the)f(equation)244 2765 y(I)g Ft(\005)e
+Fs(R)37 b Fu(=)32 b Fs(R)37 b Ft(\005)31 b Fu(I)i(=)f
+Fs(R)146 2956 y Fu(If)37 b Fs(R)j Fu(is)c(a)g(relation)e(on)i
+Fs(X)52 b Fu(then)37 b(the)g Fs(r)-5 b(e\015exive)38
+b(tr)-5 b(ansitive)38 b(closur)-5 b(e)43 b Fu(is)36 b(the)h(relation)d
+Fs(R)3433 2920 y Fi(\003)0 3077 y Fu(on)e Fs(X)49 b Fu(de\014ned)34
+b(b)m(y)244 3269 y Fs(R)319 3232 y Fi(\003)391 3269 y
+Fu(=)e Ft(f)h(h)o Fs(x)12 b Fu(,)33 b Fs(x)794 3232 y
+Fi(0)817 3269 y Ft(i)f(j)g(9)q Fu(n)p Ft(\025)p Fu(1:)44
+b Ft(9)p Fs(x)1367 3284 y Fn(1)1406 3269 y Fu(,)33 b
+Fo(:)17 b(:)g(:)o Fu(,)33 b Fs(x)1697 3284 y Fn(n)1740
+3269 y Fu(:)44 b Fs(x)g Fu(=)32 b Fs(x)2065 3284 y Fn(1)2137
+3269 y Fu(and)h Fs(x)2384 3232 y Fi(0)2439 3269 y Fu(=)g
+Fs(x)2605 3284 y Fn(n)948 3436 y Fu(and)g Ft(8)p Fu(i)p
+Fo(<)p Fu(n:)43 b Ft(h)p Fs(x)1517 3451 y Fn(i)1540 3436
+y Fu(,)33 b Fs(x)1657 3451 y Fn(i+1)1771 3436 y Ft(i)o(2)q
+Fs(R)j Ft(g)0 3628 y Fu(Note)g(that)g(b)m(y)h(taking)e(n=1)h(and)g
+Fs(x)12 b Fu(=)p Fs(x)1495 3592 y Fi(0)1517 3628 y Fu(=)p
+Fs(x)1650 3643 y Fn(1)1725 3628 y Fu(it)35 b(follo)m(ws)g(that)h(I)p
+Ft(\022)p Fs(R)2552 3592 y Fi(\003)2592 3628 y Fu(.)54
+b(In)36 b(a)g(similar)c(w)m(a)m(y)37 b(it)0 3748 y(follo)m(ws)31
+b(that)i Fs(R)t Ft(\022)p Fs(R)759 3712 y Fi(\003)799
+3748 y Fu(.)43 b(Finally)-8 b(,)30 b(w)m(e)k(de\014ne)244
+3940 y Fs(R)319 3904 y Fn(+)411 3940 y Fu(=)e Fs(R)37
+b Ft(\005)31 b Fs(R)784 3904 y Fi(\003)0 4132 y Fu(and)i(observ)m(e)h
+(that)e Fs(R)37 b Ft(\022)c Fs(R)1041 4096 y Fn(+)1133
+4132 y Ft(\022)g Fs(R)1318 4096 y Fi(\003)1357 4132 y
+Fu(.)0 4419 y Fp(Predicates)0 4603 y Fu(A)h Fs(pr)-5
+b(e)g(dic)g(ate)41 b Fu(on)34 b Fs(X)51 b Fu(is)33 b(a)h(function)g
+(from)f Fs(X)50 b Fu(to)34 b Fw(T)p Fu(.)g(If)g Fs(p)6
+b Fu(:)p Fs(X)16 b Ft(!)p Fw(T)34 b Fu(is)g(a)g(predicate)g(on)h
+Fs(X)16 b Fu(,)34 b(the)0 4724 y(relation)d(I)393 4739
+y Fc(p)465 4724 y Fu(on)i Fs(X)48 b Fu(is)32 b(de\014ned)i(b)m(y)244
+4916 y(I)279 4931 y Fc(p)351 4916 y Fu(=)f Ft(f)f(h)p
+Fs(x)12 b Fu(,)32 b Fs(x)12 b Ft(i)32 b(j)g Fs(x)12 b
+Ft(2)q Fs(X)48 b Fu(and)33 b Fs(p)38 b(x)45 b Fu(=)32
+b Fw(tt)g Ft(g)0 5107 y Fu(Note)h(that)f(I)482 5122 y
+Fc(p)554 5107 y Ft(\022)h Fu(I)g(and)g(that)244 5299
+y(I)279 5314 y Fc(p)351 5299 y Ft(\005)f Fs(R)k Fu(=)d
+Ft(f)f(h)p Fs(x)12 b Fu(,)32 b Fs(y)9 b Ft(i)32 b(j)h
+Fs(p)38 b(x)44 b Fu(=)33 b Fw(tt)e Fu(and)i Ft(h)p Fs(x)12
+b Fu(,)32 b Fs(y)9 b Ft(i2)q Fs(R)36 b Ft(g)244 5467
+y Fs(R)h Ft(\005)31 b Fu(I)469 5482 y Fc(q)540 5467 y
+Fu(=)h Ft(f)g(h)p Fs(x)12 b Fu(,)32 b Fs(y)9 b Ft(i)33
+b(j)f(h)p Fs(x)12 b Fu(,)32 b Fs(y)9 b Ft(i2)p Fs(R)37
+b Fu(and)c Fs(q)41 b(y)g Fu(=)33 b Fw(tt)e Ft(g)p eop
+%%Page: 216 226
+216 225 bop 251 130 a Fw(216)2151 b(A)112 b(Review)36
+b(of)i(Notation)p 251 193 3473 4 v 283 515 a Fp(T)-11
+b(ransition)46 b(systems)283 700 y Fu(A)33 b Fs(tr)-5
+b(ansition)35 b(system)40 b Fu(is)32 b(a)g(triple)f(of)h(the)h(form)527
+904 y(\(\000,T,)g Fh(\003)q Fu(\))283 1107 y(where)h(\000)e(is)g(a)g
+(set)h(of)f Fs(c)-5 b(on\014gur)g(ations)p Fu(,)31 b(T)i(is)f(a)g
+(subset)i(of)e(\000)g(called)f(the)i Fs(terminal)42 b
+Fu(\(or)32 b Fs(\014nal)p Fu(\))283 1227 y(con\014gurations)68
+b(and)34 b Fh(\003)h Fu(is)f(a)f(relation)g(on)h(\000)f(called)g(a)h
+Fs(tr)-5 b(ansition)36 b(r)-5 b(elation)p Fu(.)48 b(The)35
+b(relation)283 1348 y Fh(\003)e Fu(m)m(ust)g(satisfy)527
+1551 y Ft(8)q Fo(\015)5 b Ft(2)p Fu(T:)33 b Ft(8)q Fo(\015)947
+1515 y Fi(0)970 1551 y Ft(2)p Fu(\000:)44 b Ft(:)p Fu(\()p
+Fo(\015)5 b Fh(\003)q Fo(\015)1462 1515 y Fi(0)1485 1551
+y Fu(\))283 1754 y(An)m(y)32 b(con\014guration)e Fo(\015)36
+b Fu(in)30 b(\000)p Ft(n)p Fu(T)h(suc)m(h)h(that)f(the)g(transition)e
+Fo(\015)5 b Fh(\003)q Fo(\015)2717 1718 y Fi(0)2771 1754
+y Fu(holds)31 b(for)f(no)h Fo(\015)3362 1718 y Fi(0)3416
+1754 y Fu(is)f(called)283 1875 y Fs(stuck)p Fu(.)p eop
+%%Page: 217 227
+217 226 bop 0 1180 a Fv(App)6 b(endix)77 b(B)0 1595 y(In)-6
+b(tro)6 b(duction)78 b(to)g(Miranda)0 1844 y(Implemen)-6
+b(tations)0 2296 y Fu(In)43 b(this)e(app)s(endix)i(w)m(e)g(giv)m(e)f
+(the)h(basic)f(de\014nitions)g(needed)h(to)f(implemen)m(t)e(the)j(v)-5
+b(arious)0 2417 y(seman)m(tic)30 b(de\014nitions)g(in)g
+Fw(Miranda)p Fu(.)44 b(Essen)m(tially)-8 b(,)30 b(this)g(amoun)m(ts)h
+(to)f(an)h(implemen)m(tation)0 2537 y(of)h(the)h(material)d(of)i
+(Chapter)h(1.)0 2870 y Fj(B.1)161 b(Abstract)52 b(syn)l(tax)0
+3089 y Fu(F)-8 b(or)43 b Fw(Num)h Fu(w)m(e)h(c)m(ho)s(ose)h(the)e
+(primitiv)m(e)e(t)m(yp)s(e)k Fr(num)f Fu(of)e Fw(Miranda)p
+Fu(.)80 b(F)-8 b(or)43 b Fw(V)-9 b(ar)44 b Fu(w)m(e)i(c)m(ho)s(ose)0
+3209 y(strings)32 b(of)h(c)m(haracters)g(and)g(so)g(de\014ne)h(the)f(t)
+m(yp)s(e)g(synon)m(ym:)0 3413 y Fr(>)103 b(var)52 b(==)g([char])0
+3616 y Fu(F)-8 b(or)30 b(eac)m(h)h(of)f(the)h(syn)m(tactic)g
+(categories)f Fw(Aexp)p Fu(,)i Fw(Bexp)e Fu(and)h Fw(Stm)e
+Fu(w)m(e)j(de\014ne)g(an)e(algebraic)0 3736 y(data)47
+b(t)m(yp)s(e)h(taking)f(in)m(to)f(accoun)m(t)i(the)g(v)-5
+b(arious)46 b(p)s(ossibilities)f(men)m(tioned)i(b)m(y)h(the)g(BNF)0
+3857 y(syn)m(tax)34 b(of)e(Section)h(1.2:)0 4060 y Fr(>)103
+b(aexp)52 b(::=)g(N)g(num)g(|)f(V)h(var)g(|)f(Add)i(aexp)f(aexp)g(|)0
+4228 y(>)564 b(Mult)53 b(aexp)f(aexp)g(|)g(Sub)g(aexp)g(aexp)0
+4443 y(>)103 b(bexp)52 b(::=)g(TRUE)h(|)e(FALSE)i(|)e(Eq)h(aexp)g(aexp)
+h(|)e(Le)h(aexp)g(aexp)h(|)0 4610 y(>)564 b(Neg)52 b(bexp)h(|)e(And)h
+(bexp)h(bexp)0 4825 y(>)103 b(stm)g(::=)52 b(Ass)g(var)g(aexp)h(|)e
+(Skip)i(|)e(Comp)h(stm)g(stm)h(|)0 4993 y(>)564 b(If)52
+b(bexp)g(stm)g(stm)g(|)g(While)h(bexp)f(stm)0 5221 y
+Fw(Example)37 b(B.1)48 b Fu(The)34 b(factorial)c(statemen)m(t)j(of)f
+(Exercise)i(1.1)e(is)g(represen)m(ted)j(b)m(y)1663 5849
+y(217)p eop
+%%Page: 218 228
+218 227 bop 251 130 a Fw(218)1049 b(B)111 b(In)m(tro)s(duction)37
+b(to)g(Miranda)h(Implemen)m(tations)p 251 193 3473 4
+v 283 515 a Fr(>)103 b(factorial)54 b(=)d(Comp)i(\(Ass)f("y")g(\(N)g
+(1\)\))283 683 y(>)975 b(\(While)53 b(\(Neg)f(\(Eq)g(\(V)g("x"\))g(\(N)
+g(1\)\)\))283 851 y(>)1077 b(\(Comp)53 b(\(Ass)f("y")g(\(Mult)h(\(V)f
+("y"\))g(\(V)g("x"\)\)\))283 1018 y(>)1385 b(\(Ass)52
+b("x")g(\(Sub)h(\(V)e("x"\))i(\(N)f(1\)\)\)\)\))283 1251
+y Fu(Note)41 b(that)f(this)g(is)g(a)h(represen)m(tation)g(of)f(the)h
+Fs(abstr)-5 b(act)42 b(syntax)52 b Fu(of)40 b(the)h(statemen)m(t.)67
+b(One)283 1371 y(ma)m(y)33 b(b)s(e)g(in)m(terested)g(in)f(a)g(parser)i
+(that)e(w)m(ould)g(translate)g(the)h(more)f(readable)g(form)527
+1578 y Fr(y)52 b(:=)g(1;)f(while)i Ft(:)p Fr(\(x)f(=)g(1\))g(do)f(\(y)h
+(:=)g(y)g(*)f(x;)h(x)f(:=)h(x)g Ft(\000)f Fr(1\))283
+1785 y Fu(in)m(to)26 b(the)g(ab)s(o)m(v)m(e)h(represen)m(tation.)42
+b(Ho)m(w)m(ev)m(er,)29 b(w)m(e)e(shall)d(refrain)h(from)g(undertaking)h
+(the)g(task)283 1905 y(of)33 b(implemen)m(ting)c(a)k(parser)g(as)g(w)m
+(e)g(are)g(mainly)d(concerned)k(with)f(seman)m(tics.)439
+b Fh(2)283 2138 y Fw(Exercise)37 b(B.2)48 b Fu(Sp)s(ecify)22
+b(an)g(elemen)m(t)f(of)h Fr(stm)g Fu(that)g(represen)m(ts)i(the)e
+(statemen)m(t)g(constructed)283 2258 y(in)32 b(Exercise)i(1.2)e(for)g
+(computing)g Fs(n)40 b Fu(to)32 b(the)h(p)s(o)m(w)m(er)g(of)f
+Fs(m)7 b Fu(.)1220 b Fh(2)283 2595 y Fj(B.2)161 b(Ev)-9
+b(aluation)55 b(of)f(expressions)283 2815 y Fu(W)-8 b(e)47
+b(shall)d(\014rst)i(b)s(e)g(concerned)i(with)d(the)h(represen)m(tation)
+h(of)e(v)-5 b(alues)46 b(and)g(states.)84 b(The)283 2936
+y(natural)28 b(n)m(um)m(b)s(ers)i Fw(Z)f Fu(will)d(b)s(e)j(represen)m
+(ted)j(b)m(y)d(the)h(t)m(yp)s(e)f Fr(num)h Fu(meaning)d(that)i(the)g
+(seman)m(tic)283 3056 y(function)37 b Ft(N)51 b Fu(b)s(ecomes)37
+b(trivial.)54 b(The)38 b(truth)f(v)-5 b(alues)36 b Fw(T)h
+Fu(will)e(b)s(e)i(represen)m(ted)i(b)m(y)f(the)f(t)m(yp)s(e)283
+3176 y Fr(bool)d Fu(of)e(b)s(o)s(oleans.)43 b(So)32 b(w)m(e)i(de\014ne)
+g(the)f(t)m(yp)s(e)g(synon)m(yms:)283 3384 y Fr(>)103
+b(z)52 b(==)g(num)283 3551 y(>)103 b(t)52 b(==)g(bool)283
+3758 y Fu(The)32 b(set)f Fw(State)f Fu(is)g(de\014ned)i(as)f(the)g(set)
+g(of)f(functions)g(from)f(v)-5 b(ariables)30 b(to)g(natural)f(n)m(um)m
+(b)s(ers)283 3878 y(so)k(w)m(e)h(de\014ne:)283 4086 y
+Fr(>)103 b(state)53 b(==)f(var)g(->)g(z)283 4319 y Fw(Example)37
+b(B.3)49 b Fu(The)38 b(state)g Fr(s)p 1468 4319 31 4
+v 37 w(init)g Fu(that)f(maps)g(all)e(v)-5 b(ariables)36
+b(except)j Fr(x)f Fu(to)e Fw(0)i Fu(and)f(that)283 4439
+y(maps)c Fr(x)g Fu(to)f Fw(3)g Fu(can)h(b)s(e)g(de\014ned)h(b)m(y)283
+4647 y Fr(>)103 b(s)p 494 4647 V 37 w(init)53 b("x")f(=)f(3)283
+4814 y(>)103 b(s)p 494 4814 V 37 w(init)53 b(y)154 b(=)51
+b(0)283 5021 y Fu(Note)32 b(that)g(w)m(e)g(encapsulate)g(the)g(sp)s
+(eci\014c)h(v)-5 b(ariable)29 b(name)j Fr(x)f Fu(in)g(quotes)i(whereas)
+g Fr(y)f Fu(can)g(b)s(e)283 5141 y(an)m(y)i(v)-5 b(ariable.)2851
+b Fh(2)430 5374 y Fu(The)35 b(functions)g Ft(A)f Fu(and)g
+Ft(B)k Fu(will)32 b(b)s(e)j(called)e Fr(a)p 2119 5374
+V 37 w(val)i Fu(and)g Fr(b)p 2587 5374 V 37 w(val)g Fu(in)f(the)h
+(implemen)m(tation)283 5494 y(and)e(they)h(are)e(de\014ned)i(b)m(y)g
+(directly)e(translating)e(T)-8 b(ables)33 b(1.1)f(and)h(1.2)f(in)m(to)g
+Fw(Miranda)p Fu(:)p eop
+%%Page: 219 229
+219 228 bop 0 130 a Fw(B.2)112 b(Ev)-6 b(aluation)36
+b(of)i(expressions)1787 b(219)p 0 193 3473 4 v 0 515
+a Fr(>)103 b(a)p 211 515 31 4 v 37 w(val)52 b(::)g(aexp)g(->)g(state)h
+(->)e(z)0 683 y(>)103 b(b)p 211 683 V 37 w(val)52 b(::)g(bexp)g(->)g
+(state)h(->)e(t)0 898 y(>)103 b(a)p 211 898 V 37 w(val)52
+b(\(N)g(n\))g(s)410 b(=)52 b(n)0 1065 y(>)103 b(a)p 211
+1065 V 37 w(val)52 b(\(V)g(x\))g(s)410 b(=)52 b(s)f(x)0
+1233 y(>)103 b(a)p 211 1233 V 37 w(val)52 b(\(Add)g(a1)g(a2\))g(s)103
+b(=)52 b(\(a)p 1427 1233 V 37 w(val)g(a1)g(s\))g(+)f(\(a)p
+2181 1233 V 38 w(val)h(a2)g(s\))0 1401 y(>)103 b(a)p
+211 1401 V 37 w(val)52 b(\(Mult)h(a1)e(a2\))h(s)g(=)g(\(a)p
+1427 1401 V 37 w(val)g(a1)g(s\))g(*)f(\(a)p 2181 1401
+V 38 w(val)h(a2)g(s\))0 1568 y(>)103 b(a)p 211 1568 V
+37 w(val)52 b(\(Sub)g(a1)g(a2\))g(s)103 b(=)52 b(\(a)p
+1427 1568 V 37 w(val)g(a1)g(s\))g(-)f(\(a)p 2181 1568
+V 38 w(val)h(a2)g(s\))0 1783 y(>)103 b(b)p 211 1783 V
+37 w(val)52 b(TRUE)g(s)462 b(=)52 b(True)0 1951 y(>)103
+b(b)p 211 1951 V 37 w(val)52 b(FALSE)h(s)410 b(=)52 b(False)0
+2118 y(>)103 b(b)p 211 2118 V 37 w(val)52 b(\(Eq)g(a1)g(a2\))g(s)154
+b(=)52 b(True,)103 b(if)p 1677 2131 103 4 v 52 w(a)p
+1888 2118 31 4 v 37 w(val)52 b(a1)g(s)g(=)f(a)p 2540
+2118 V 38 w(val)h(a2)f(s)0 2286 y(>)1179 b(=)52 b(False,)h(if)p
+1692 2299 103 4 v 52 w(a)p 1903 2286 31 4 v 37 w(val)f(a1)g(s)f(~=)h(a)
+p 2606 2286 V 37 w(val)g(a2)g(s)0 2454 y(>)103 b(b)p
+211 2454 V 37 w(val)52 b(\(Le)g(a1)g(a2\))g(s)154 b(=)52
+b(True,)103 b(if)p 1677 2467 103 4 v 52 w(a)p 1888 2454
+31 4 v 37 w(val)52 b(a1)g(s)g(<=)g(a)p 2592 2454 V 37
+w(val)g(a2)g(s)0 2621 y(>)1179 b(=)52 b(False,)h(if)p
+1692 2634 103 4 v 52 w(a)p 1903 2621 31 4 v 37 w(val)f(a1)g(s)f(>)h(a)p
+2555 2621 V 37 w(val)g(a2)g(s)0 2789 y(>)103 b(b)p 211
+2789 V 37 w(val)52 b(\(Neg)g(b\))g(s)308 b(=)52 b(True,)103
+b(if)p 1677 2802 103 4 v 52 w(b)p 1888 2789 31 4 v 37
+w(val)52 b(b)g(s)g(=)f(False)0 2957 y(>)1179 b(=)52 b(False,)h(if)p
+1692 2970 103 4 v 52 w(b)p 1903 2957 31 4 v 37 w(val)f(b)f(s)h(=)f
+(True)0 3124 y(>)103 b(b)p 211 3124 V 37 w(val)52 b(\(And)g(b1)g(b2\))g
+(s)103 b(=)52 b(True,)103 b(if)p 1677 3137 103 4 v 52
+w(b)p 1888 3124 31 4 v 37 w(val)52 b(b1)g(s)g(=)f(True)i(&)0
+3292 y(>)1795 b(b)p 1903 3292 V 37 w(val)52 b(b2)g(s)f(=)h(True)0
+3459 y(>)1179 b(=)52 b(False,)h(if)p 1692 3472 103 4
+v 52 w(b)p 1903 3459 31 4 v 37 w(val)f(b1)g(s)f(=)h(False)g(\\/)0
+3627 y(>)1795 b(b)p 1903 3627 V 37 w(val)52 b(b2)g(s)f(=)h(False)0
+3831 y Fw(Exercise)36 b(B.4)49 b Fu(Construct)37 b(an)f(algebraic)f
+(data)g(t)m(yp)s(e)i(for)f(the)g(binary)g(n)m(umerals)g(consid-)0
+3952 y(ered)46 b(in)e(Section)h(1.3.)81 b(De\014ne)45
+b(a)g(function)f Fr(n)p 1796 3952 V 38 w(val)h Fu(that)g(asso)s(ciates)
+h(a)e(n)m(um)m(b)s(er)i(\(in)e(the)0 4072 y(decimal)31
+b(system\))i(to)f(eac)m(h)i(n)m(umeral.)1968 b Fh(2)0
+4276 y Fw(Exercise)36 b(B.5)49 b Fu(De\014ne)33 b(functions)0
+4461 y Fr(>)103 b(fv)p 262 4461 V 37 w(aexp)53 b(::)e(aexp)i(->)e
+([var])0 4629 y(>)103 b(fv)p 262 4629 V 37 w(bexp)53
+b(::)e(bexp)i(->)e([var])0 4814 y Fu(computing)35 b(the)i(set)g(of)f
+(free)h(v)-5 b(ariables)35 b(o)s(ccurring)h(in)g(an)g(expression.)56
+b(Ensure)38 b(that)e(eac)m(h)0 4935 y(v)-5 b(ariable)31
+b(o)s(ccurs)i(at)f(most)g(once)i(in)d(the)i(resulting)f(lists.)1270
+b Fh(2)0 5139 y Fw(Exercise)36 b(B.6)49 b Fu(De\014ne)33
+b(functions)0 5324 y Fr(>)103 b(subst)p 415 5324 V 38
+w(aexp)52 b(::)g(aexp)g(->)g(var)g(->)g(aexp)g(->)g(aexp)0
+5492 y(>)103 b(subst)p 415 5492 V 38 w(bexp)52 b(::)g(bexp)g(->)g(var)g
+(->)g(aexp)g(->)g(bexp)p eop
+%%Page: 220 230
+220 229 bop 251 130 a Fw(220)1049 b(B)111 b(In)m(tro)s(duction)37
+b(to)g(Miranda)h(Implemen)m(tations)p 251 193 3473 4
+v 283 515 a Fu(implemen)m(ting)f(the)i(substitution)g(op)s(erations,)h
+(that)f(is)g Fr(subst)p 2718 515 31 4 v 38 w(aexp)h Fs(a)46
+b(y)i(a)3242 530 y Fn(0)3321 515 y Fu(constructs)283
+636 y Fs(a)7 b Fu([)p Fs(y)i Ft(7!)q Fs(a)581 651 y Fn(0)620
+636 y Fu(])33 b(and)g Fr(subst)p 1131 636 V 38 w(bexp)g
+Fs(b)39 b(y)i(a)1629 651 y Fn(0)1702 636 y Fu(constructs)34
+b Fs(b)6 b Fu([)p Fs(y)j Ft(7!)o Fs(a)2459 651 y Fn(0)2499
+636 y Fu(].)1128 b Fh(2)p eop
+%%Page: 221 231
+221 230 bop 0 1182 a Fv(App)6 b(endix)77 b(C)0 1599 y(Op)6
+b(erational)77 b(Seman)-6 b(tics)77 b(in)0 1848 y(Miranda)0
+2303 y Fu(In)41 b(this)f(app)s(endix)g(w)m(e)i(implemen)m(t)c(the)j
+(natural)e(seman)m(tics)i(and)f(the)h(structural)f(op)s(era-)0
+2423 y(tional)23 b(seman)m(tics)j(of)f(Chapter)h(2)f(in)g
+Fw(Miranda)h Fu(and)f(sho)m(w)i(ho)m(w)f(similar)c(tec)m(hniques)27
+b(can)f(b)s(e)0 2544 y(used)h(to)f(implemen)m(t)f(an)h(in)m(terpreter)h
+(for)e(the)i(abstract)g(mac)m(hine)e(and)i(the)f(co)s(de)h(generation)0
+2664 y(of)32 b(Chapter)h(3.)146 2787 y(W)-8 b(e)30 b(shall)d(need)k
+(the)e(de\014nitions)g(from)e(App)s(endix)j(B)f(so)g(w)m(e)h(b)s(egin)f
+(b)m(y)h(including)d(these:)0 3005 y Fr(>)103 b(\045include)p
+154 3027 411 4 v 53 w("appB")0 3220 y Fu(In)46 b(Chapter)g(2)f(w)m(e)i
+(distinguish)d(b)s(et)m(w)m(een)j(t)m(w)m(o)f(kinds)g(of)f
+(con\014gurations,)k(in)m(termediate)0 3340 y(con\014gurations)44
+b(and)g(\014nal)f(con\014gurations.)77 b(This)45 b(is)e(captured)i(b)m
+(y)g(the)f(algebraic)f(data)0 3461 y(t)m(yp)s(e:)0 3677
+y Fr(>)103 b(config)53 b(::=)f(Inter)g(stm)g(state)h(|)f(Final)g(state)
+0 3892 y Fu(In)34 b(the)g(next)g(section)g(w)m(e)g(shall)e(sho)m(w)j
+(ho)m(w)f(the)g(natural)f(seman)m(tics)g(can)h(b)s(e)g(implemen)m(ted)0
+4012 y(and)f(after)f(that)g(w)m(e)i(shall)d(turn)i(to)f(the)h
+(structural)g(op)s(erational)d(seman)m(tics.)0 4358 y
+Fj(C.1)160 b(Natural)56 b(seman)l(tics)0 4582 y Fu(Corresp)s(onding)22
+b(to)g(the)h(relation)e Ft(!)h Fu(in)f(Section)i(2.1)e(w)m(e)j(shall)d
+(in)m(tro)s(duce)h(a)g(function)g Fr(ns)p 3287 4582 31
+4 v 38 w(stm)0 4702 y Fu(of)32 b(t)m(yp)s(e)0 4919 y
+Fr(>)103 b(ns)p 262 4919 V 37 w(stm)52 b(::)g(config)h(->)f(config)0
+5133 y Fu(The)45 b(argumen)m(t)f(of)g(this)g(function)g(corresp)s(onds)
+h(to)f(the)h(left-hand)e(side)h(of)g Ft(!)g Fu(whereas)0
+5254 y(the)c(result)g(pro)s(duced)g(will)e(corresp)s(ond)i(to)f(the)i
+(righ)m(t-hand)d(side)i(of)f(the)h(relation.)63 b(This)0
+5374 y(is)45 b(p)s(ossible)g(b)s(ecause)i(Theorem)f(2.9)f(sho)m(ws)j
+(that)d(the)h(relation)e(is)h(deterministic.)81 b(The)0
+5494 y(de\014nition)32 b(of)g Fr(ns)p 653 5494 V 37 w(stm)h
+Fu(follo)m(ws)f(closely)g(the)h(de\014nition)e(of)i Ft(!)f
+Fu(in)f(T)-8 b(able)33 b(2.1:)1663 5849 y(221)p eop
+%%Page: 222 232
+222 231 bop 251 130 a Fw(222)1420 b(C)112 b(Op)s(erational)37
+b(Seman)m(tics)g(in)g(Miranda)p 251 193 3473 4 v 283
+515 a Fr(>)103 b(ns)p 545 515 31 4 v 38 w(stm)52 b(\(Inter)h(\(Ass)f(x)
+f(a\))h(s\))283 683 y(>)411 b(=)51 b(Final)i(\(update)g(s)f(x)f(\(a)p
+1878 683 V 38 w(val)h(a)f(s\)\))283 851 y(>)513 b(where)p
+847 864 257 4 v 283 1018 a(>)g(update)53 b(s)f(x)f(v)h(y)f(=)h(v,)g(if)
+p 1873 1031 103 4 v 52 w(x)f(=)h(y)283 1186 y(>)1282
+b(=)52 b(s)f(y,)h(otherwise)p 1975 1199 462 4 v 283 1401
+a(>)103 b(ns)p 545 1401 31 4 v 38 w(stm)52 b(\(Inter)h(\(Skip\))f(s\))g
+(=)g(Final)g(s)283 1616 y(>)103 b(ns)p 545 1616 V 38
+w(stm)52 b(\(Inter)h(\(Comp)f(ss1)g(ss2\))h(s\))283 1783
+y(>)411 b(=)51 b(Final)i(s'')283 1951 y(>)513 b(where)p
+847 1964 257 4 v 283 2118 a(>)g(Final)53 b(s')f(=)f(ns)p
+1519 2118 31 4 v 38 w(stm)h(\(Inter)h(ss1)f(s\))283 2286
+y(>)513 b(Final)53 b(s'')f(=)g(ns)p 1571 2286 V 37 w(stm)g(\(Inter)h
+(ss2)f(s'\))283 2501 y(>)103 b(ns)p 545 2501 V 38 w(stm)52
+b(\(Inter)h(\(If)f(b)f(ss1)h(ss2\))h(s\))283 2669 y(>)411
+b(=)51 b(Final)i(s',)f(if)p 1360 2682 103 4 v 52 w(b)p
+1571 2669 31 4 v 37 w(val)g(b)g(s)283 2836 y(>)513 b(where)p
+847 2849 257 4 v 283 3004 a(>)g(Final)53 b(s')f(=)f(ns)p
+1519 3004 31 4 v 38 w(stm)h(\(Inter)h(ss1)f(s\))283 3219
+y(>)103 b(ns)p 545 3219 V 38 w(stm)52 b(\(Inter)h(\(If)f(b)f(ss1)h
+(ss2\))h(s\))283 3386 y(>)411 b(=)51 b(Final)i(s',)f(if)p
+1360 3399 103 4 v 52 w(~b)p 1622 3386 31 4 v 37 w(val)g(b)g(s)283
+3554 y(>)513 b(where)p 847 3567 257 4 v 283 3722 a(>)g(Final)53
+b(s')f(=)f(ns)p 1519 3722 31 4 v 38 w(stm)h(\(Inter)h(ss2)f(s\))283
+3936 y(>)103 b(ns)p 545 3936 V 38 w(stm)52 b(\(Inter)h(\(While)f(b)g
+(ss\))g(s\))283 4104 y(>)411 b(=)51 b(Final)i(s'',)f(if)p
+1411 4117 103 4 v 52 w(b)p 1622 4104 31 4 v 37 w(val)g(b)g(s)283
+4272 y(>)513 b(where)p 847 4285 257 4 v 283 4439 a(>)g(Final)53
+b(s')f(=)f(ns)p 1519 4439 31 4 v 38 w(stm)h(\(Inter)h(ss)e(s\))283
+4607 y(>)513 b(Final)53 b(s'')f(=)g(ns)p 1571 4607 V
+37 w(stm)g(\(Inter)h(\(While)g(b)e(ss\))h(s'\))283 4822
+y(>)103 b(ns)p 545 4822 V 38 w(stm)52 b(\(Inter)h(\(While)f(b)g(ss\))g
+(s\))283 4989 y(>)411 b(=)51 b(Final)i(s,)f(if)p 1309
+5002 103 4 v 52 w(~b)p 1571 4989 31 4 v 37 w(val)g(b)g(s)283
+5193 y Fu(Note)33 b(that)g(in)e(the)i(axiom)e(for)h(assignmen)m(t)h
+Fr(update)h Fs(s)40 b(x)45 b(v)e Fu(corresp)s(onds)34
+b(to)e Fs(s)8 b Fu([)p Fs(x)k Ft(7!)p Fs(v)f Fu(].)430
+5313 y(The)33 b(seman)m(tic)g(function)f Ft(S)1484 5328
+y Fn(ns)1588 5313 y Fu(can)h(no)m(w)g(b)s(e)g(de\014ned)h(b)m(y)p
+eop
+%%Page: 223 233
+223 232 bop 0 130 a Fw(C.2)112 b(Structural)37 b(op)s(erational)f
+(seman)m(tics)1425 b(223)p 0 193 3473 4 v 0 515 a Fr(>)52
+b(s)p 160 515 31 4 v 37 w(ns)g(ss)f(s)h(=)f(s')0 683
+y(>)667 b(where)p 718 696 257 4 v 0 851 a(>)g(Final)52
+b(s')g(=)g(ns)p 1390 851 31 4 v 37 w(stm)g(\(Inter)h(ss)f(s\))0
+1095 y Fw(Example)37 b(C.1)48 b Fu(W)-8 b(e)42 b(can)g(execute)h(the)f
+(factorial)d(statemen)m(t)j(\(see)g(Example)f(B.1\))h(from)0
+1216 y(the)36 b(state)g Fr(s)p 470 1216 V 37 w(init)h
+Fu(mapping)d Fr(x)h Fu(to)h Fw(3)f Fu(and)h(all)d(other)j(v)-5
+b(ariables)34 b(to)h Fw(0)h Fu(\(see)g(Example)f(B.3\).)0
+1336 y(The)f(\014nal)d(state)i Fr(s)p 713 1336 V 37 w(fac)h
+Fu(is)e(obtained)g(as)h(follo)m(ws:)0 1553 y Fr(>)52
+b(s)p 160 1553 V 37 w(fac)g(=)f(s)p 555 1553 V 37 w(ns)h(factorial)i(s)
+p 1310 1553 V 37 w(init)0 1768 y Fu(T)-8 b(o)33 b(get)f(the)h(\014nal)f
+(v)-5 b(alue)32 b(of)g Fr(y)h Fu(w)m(e)g(ev)-5 b(aluate)33
+b Fr(s)p 1721 1768 V 37 w(fac)52 b("y")p Fu(.)1261 b
+Fh(2)0 2013 y Fw(Exercise)36 b(C.2)49 b Fu(Extend)44
+b(the)e(de\014nition)f(of)h Fr(stm)g Fu(and)h Fr(ns)p
+2254 2013 V 37 w(stm)g Fu(to)e(include)h(the)g Fr(repeat)p
+Fu(-)0 2133 y(construct.)2976 b Fh(2)0 2378 y Fw(Exercise)36
+b(C.3)49 b Fu(De\014ne)31 b(an)f(algebraic)f(data)h(t)m(yp)s(e)h
+Fr(deriv)p 2201 2378 V 38 w(tree)g Fu(represen)m(ting)h(the)f(deriv)-5
+b(a-)0 2498 y(tion)39 b(trees)h(of)f(the)i(natural)d(seman)m(tics.)65
+b(Construct)41 b(a)e(v)-5 b(arian)m(t)39 b(of)g(the)h(function)g
+Fr(s)p 3221 2498 V 37 w(ns)g Fu(of)0 2619 y(t)m(yp)s(e)244
+2834 y Fr(s)p 301 2834 V 37 w(ns)52 b(::)g(stm)g(->)g(state)g(->)g
+(deriv)p 1721 2834 V 38 w(tree)0 3049 y Fu(that)26 b(constructs)j(the)e
+Fs(derivation)h(tr)-5 b(e)g(e)34 b Fu(for)27 b(a)f(giv)m(en)h(statemen)
+m(t)g(and)g(state)g(rather)f(than)h(just)0 3169 y(the)33
+b(\014nal)f(state.)44 b(Apply)32 b(the)h(function)f(to)h(some)f
+(example)g(statemen)m(ts.)663 b Fh(2)0 3516 y Fj(C.2)160
+b(Structural)54 b(op)t(erational)h(seman)l(tics)0 3740
+y Fu(When)25 b(sp)s(ecifying)f(the)h(structural)g(op)s(erational)d
+(seman)m(tics)i(w)m(e)i(shall)d(need)j(to)e(test)h(whether)0
+3860 y Ft(\))41 b Fu(pro)s(duces)i(an)e(in)m(termediate)g
+(con\014guration)g(or)g(a)g(\014nal)g(con\014guration.)70
+b(So)41 b(w)m(e)i(shall)0 3981 y(in)m(tro)s(duce)33 b(the)g(function)f
+Fr(is)p 1092 3981 V 37 w(Final)i Fu(de\014ned)g(b)m(y:)0
+4198 y Fr(>)103 b(is)p 262 4198 V 37 w(Final)53 b(\(Inter)g(ss)e(s\))h
+(=)g(False)0 4366 y(>)103 b(is)p 262 4366 V 37 w(Final)53
+b(\(Final)g(s\))e(=)h(True)0 4581 y Fu(Corresp)s(onding)33
+b(to)f(the)h(relation)d Ft(\))j Fu(w)m(e)g(de\014ne)h(the)f(function)f
+Fr(sos)p 2565 4581 V 38 w(stm)h Fu(of)f(t)m(yp)s(e:)0
+4798 y Fr(>)103 b(sos)p 313 4798 V 38 w(stm)52 b(::)f(config)i(->)f
+(config)0 5013 y Fu(As)26 b(in)e(the)i(previous)g(section)f(the)h
+(argumen)m(t)f(of)g(this)g(function)g(will)e(corresp)s(ond)j(to)f(the)h
+(con-)0 5133 y(\014guration)i(on)h(the)g(left-hand)f(side)h(of)f(the)i
+(relation)d Ft(\))h Fu(and)h(the)h(result)e(will)f(corresp)s(ond)j(to)0
+5254 y(the)g(righ)m(t-hand)f(side.)43 b(Again)28 b(this)i(implemen)m
+(tation)c(tec)m(hnique)31 b(is)f(only)f(p)s(ossible)g(b)s(ecause)0
+5374 y(the)38 b(seman)m(tics)g(is)g(deterministic)e(\(Exercise)j
+(2.22\).)59 b(The)39 b(de\014nition)e(of)g Fr(sos)p 2961
+5374 V 38 w(stm)i Fu(follo)m(ws)0 5494 y(T)-8 b(able)32
+b(2.2)g(closely:)p eop
+%%Page: 224 234
+224 233 bop 251 130 a Fw(224)1420 b(C)112 b(Op)s(erational)37
+b(Seman)m(tics)g(in)g(Miranda)p 251 193 3473 4 v 283
+515 a Fr(>)103 b(sos)p 596 515 31 4 v 38 w(stm)52 b(\(Inter)h(\(Ass)f
+(x)g(a\))g(s\))283 683 y(>)462 b(=)52 b(Final)g(\(update)h(s)f(x)f(\(a)
+p 1929 683 V 38 w(val)h(a)f(s\)\))283 851 y(>)565 b(where)p
+899 864 257 4 v 283 1018 a(>)g(update)53 b(s)e(x)h(v)f(y)h(=)f(v,)h(if)
+p 1924 1031 103 4 v 52 w(x)f(=)h(y)283 1186 y(>)1334
+b(=)51 b(s)h(y,)g(otherwise)p 2027 1199 462 4 v 283 1401
+a(>)103 b(sos)p 596 1401 31 4 v 38 w(stm)52 b(\(Inter)h(Skip)f(s\))g(=)
+g(Final)g(s)283 1616 y(>)103 b(sos)p 596 1616 V 38 w(stm)52
+b(\(Inter)h(\(Comp)f(ss1)h(ss2\))f(s\))283 1783 y(>)462
+b(=)52 b(Inter)g(\(Comp)h(ss1')f(ss2\))h(s',)283 1951
+y(>)821 b(if)p 1155 1964 103 4 v 52 w(~is)p 1468 1951
+31 4 v 37 w(Final\(sos)p 1964 1951 V 40 w(stm)52 b(\(Inter)h(ss1)f
+(s\)\))283 2118 y(>)565 b(where)p 899 2131 257 4 v 283
+2286 a(>)g(Inter)52 b(ss1')h(s')e(=)h(sos)p 1878 2286
+31 4 v 38 w(stm)g(\(Inter)h(ss1)f(s\))283 2501 y(>)103
+b(sos)p 596 2501 V 38 w(stm)52 b(\(Inter)h(\(Comp)f(ss1)h(ss2\))f(s\))
+283 2669 y(>)462 b(=)52 b(Inter)g(ss2)g(s',)283 2836
+y(>)821 b(if)p 1155 2849 103 4 v 52 w(is)p 1417 2836
+31 4 v 37 w(Final\(sos)p 1913 2836 V 40 w(stm)52 b(\(Inter)g(ss1)h
+(s\)\))283 3004 y(>)565 b(where)p 899 3017 257 4 v 283
+3171 a(>)g(Final)52 b(s')g(=)g(sos)p 1622 3171 31 4 v
+37 w(stm)g(\(Inter)h(ss1)f(s\))283 3386 y(>)103 b(sos)p
+596 3386 V 38 w(stm)52 b(\(Inter)h(\(If)f(b)f(ss1)i(ss2\))f(s\))283
+3554 y(>)462 b(=)52 b(Inter)g(ss1)g(s,)g(if)p 1565 3567
+103 4 v 52 w(b)p 1776 3554 31 4 v 37 w(val)g(b)g(s)283
+3769 y(>)103 b(sos)p 596 3769 V 38 w(stm)52 b(\(Inter)h(\(If)f(b)f(ss1)
+i(ss2\))f(s\))283 3936 y(>)462 b(=)52 b(Inter)g(ss2)g(s,)g(if)p
+1565 3949 103 4 v 52 w(~b)p 1827 3936 31 4 v 37 w(val)g(b)g(s)283
+4151 y(>)103 b(sos)p 596 4151 V 38 w(stm)52 b(\(Inter)h(\(While)g(b)e
+(ss\))h(s\))283 4319 y(>)462 b(=)52 b(Inter)g(\(If)g(b)g(\(Comp)g(ss)g
+(\(While)h(b)f(ss\)\))g(Skip\))h(s)283 4479 y Fu(The)48
+b(function)f Fr(sos)p 1054 4479 V 38 w(stm)g Fu(implemen)m(ts)f(one)h
+(step)h(of)f(the)g(computation.)85 b(The)48 b(function)283
+4599 y Fr(deriv)p 544 4599 V 39 w(seq)31 b Fu(de\014ned)g(b)s(elo)m(w)f
+(will)e(determine)i(the)h(complete)f(deriv)-5 b(ation)28
+b(sequence)33 b(\()p Fs(even)f(if)283 4719 y(it)k(is)e(in\014nite!)12
+b Fu(\).)283 4879 y Fr(>)103 b(deriv)p 698 4879 V 39
+w(seq)52 b(\(Inter)g(ss)g(s\))283 5047 y(>)462 b(=)52
+b(\(Inter)h(ss)e(s\))h(:)g(\(deriv)p 1980 5047 V 38 w(seq)g(\(sos)p
+2427 5047 V 38 w(stm)g(\(Inter)h(ss)f(s\)\)\))283 5214
+y(>)103 b(deriv)p 698 5214 V 39 w(seq)52 b(\(Final)g(s\))g(=)g([Final)h
+(s])283 5374 y Fu(The)37 b(seman)m(tic)e(function)g Ft(S)1347
+5389 y Fn(sos)1478 5374 y Fu(can)g(no)m(w)i(b)s(e)e(de\014ned)i(b)m(y)g
+(the)f Fw(Miranda)g Fu(function)f Fr(s)p 3544 5374 V
+37 w(sos)p Fu(:)p eop
+%%Page: 225 235
+225 234 bop 0 130 a Fw(C.3)112 b(Extensions)37 b(of)h(While)2038
+b(225)p 0 193 3473 4 v 0 515 a Fr(>)103 b(s)p 211 515
+31 4 v 37 w(sos)52 b(ss)g(s)f(=)h(s')0 683 y(>)769 b(where)p
+820 696 257 4 v 0 851 a(>)g(Final)53 b(s')f(=)f(last)i(\(deriv)p
+1953 851 31 4 v 38 w(seq)f(\(Inter)h(ss)f(s\)\))0 1091
+y Fw(Example)37 b(C.4)48 b Fu(The)30 b(deriv)-5 b(ation)27
+b(sequence)k(obtained)d(b)m(y)i(executing)f(the)g(factorial)d(state-)0
+1211 y(men)m(t)33 b(on)f(the)h(state)g Fr(s)p 846 1211
+V 37 w(init)h Fu(of)e(Example)g(B.3)g(can)h(no)m(w)h(b)s(e)e(obtained)g
+(as)h(follo)m(ws:)0 1424 y Fr(>)103 b(fac)p 313 1424
+V 38 w(seq)52 b(=)f(deriv)p 913 1424 V 38 w(seq)h(\(Inter)h(factorial)h
+(s)p 2079 1424 V 37 w(init\))0 1634 y Fu(W)-8 b(e)28
+b(ma)m(y)g(w)m(an)m(t)g(to)f(insp)s(ect)h(this)g(in)f(more)g(detail)f
+(and)h(in)g(particular)f(w)m(e)j(ma)m(y)e(b)s(e)h(in)m(terested)0
+1755 y(in)47 b(the)i(v)-5 b(alues)48 b(of)g(the)h(v)-5
+b(ariables)47 b Fr(x)h Fu(and)h Fr(y)f Fu(in)g(the)g(v)-5
+b(arious)48 b(in)m(termediate)f(states.)91 b(T)-8 b(o)0
+1875 y(facilitate)30 b(this)i(w)m(e)i(use)f(the)g(function)0
+2087 y Fr(>)103 b(show)p 364 2087 V 38 w(seq)52 b(fv)g(l)f(=)h(lay)g
+(\(map)g(show)p 1631 2087 V 38 w(config)h(l\))0 2255
+y(>)923 b(where)p 974 2268 257 4 v 0 2423 a(>)g(show)p
+1184 2423 31 4 v 38 w(config)53 b(\(Final)g(s\))f(=)0
+2590 y(>)1026 b("final)52 b(state:\\n"++lay)j(\(map)e(\(show)p
+2722 2590 V 38 w(val)f(s\))g(fv\))0 2758 y(>)923 b(show)p
+1184 2758 V 38 w(config)53 b(\(Inter)g(ss)f(s\))f(=)0
+2926 y(>)1026 b(show)p 1077 2939 206 4 v 52 w(ss++"\\n"++lay)55
+b(\(map)d(\(show)p 2568 2926 31 4 v 38 w(val)g(s\))g(fv\))0
+3093 y(>)923 b(show)p 1184 3093 V 38 w(val)52 b(s)g(x)f(=)h(")f
+(s\("++x++"\)="++shownum)57 b(\(s)52 b(x\))0 3304 y Fu(The)31
+b(function)f(call)f Fr(show)p 965 3304 V 38 w(seq)52
+b(["x","y"])i(fac)p 1874 3304 V 38 w(seq)31 b Fu(will)d(for)i(eac)m(h)i
+(con\014guration)d(in)h(the)0 3424 y(deriv)-5 b(ation)34
+b(sequence)k Fr(fac)p 1027 3424 V 38 w(seq)e Fu(list)e(the)i(statemen)m
+(t)g(part)f(and)g(the)h(v)-5 b(alues)35 b(of)g Fr(x)h
+Fu(and)g Fr(y)f Fu(in)0 3545 y(the)e(state)g(part.)146
+3667 y(The)h(\014nal)e(state)h(of)f(the)h(deriv)-5 b(ation)31
+b(sequence)k(can)e(b)s(e)g(obtained)f(from)0 3879 y Fr(>)52
+b(s)p 160 3879 V 37 w(fac')g(=)g(s)p 607 3879 V 37 w(sos)g(factorial)h
+(s)p 1412 3879 V 38 w(init)0 4090 y Fu(and)33 b(the)g(v)-5
+b(alue)32 b(obtained)g(for)g Fr(y)h Fu(is)f(obtained)g(b)m(y)h
+(executing)g Fr(s)p 2371 4090 V 38 w(fac')52 b("y")p
+Fu(.)559 b Fh(2)0 4329 y Fw(Exercise)36 b(C.5)49 b Fu(Extend)39
+b(the)e(de\014nition)f(of)g Fr(stm)i Fu(and)f Fr(sos)p
+2274 4329 V 38 w(stm)g Fu(to)g(include)f(the)h Fr(repeat)p
+Fu(-)0 4449 y(construct.)2976 b Fh(2)0 4791 y Fj(C.3)160
+b(Extensions)53 b(of)h(While)0 5013 y Fu(The)30 b(implemen)m(tation)c
+(of)j(the)g(natural)f(seman)m(tics)i(of)e Fw(While)g
+Fu(in)g(Section)h(C.1)h(will)c(no)m(w)k(b)s(e)0 5133
+y(extended)35 b(to)e(the)h(pro)s(cedure)g(language)e
+Fw(Pro)s(c)h Fu(of)g(Section)g(2.5.)45 b(Rather)33 b(than)h(presen)m
+(ting)0 5254 y(a)j(fully)e(w)m(ork)m(ed)k(out)e(implemen)m(tation)d(w)m
+(e)k(shall)e(giv)m(e)h(detailed)f(instructions)g(for)h(ho)m(w)h(to)0
+5374 y(construct)e(it.)48 b(W)-8 b(e)35 b(shall)e(pa)m(y)i(sp)s(ecial)f
+(atten)m(tion)g(to)g(the)h(seman)m(tics)g(of)f Fw(Pro)s(c)g
+Fu(with)g(static)0 5494 y(scop)s(e)f(rules)g(for)f(v)-5
+b(ariables)31 b(as)i(w)m(ell)f(as)h(pro)s(cedures.)p
+eop
+%%Page: 226 236
+226 235 bop 251 130 a Fw(226)1420 b(C)112 b(Op)s(erational)37
+b(Seman)m(tics)g(in)g(Miranda)p 251 193 3473 4 v 283
+515 a(Exercise)g(C.6)49 b Fu(The)37 b(\014rst)f(step)h(will)d(b)s(e)i
+(to)g(de\014ne)h(the)f(datat)m(yp)s(es)i(needed)f(to)f(represen)m(t)283
+636 y(the)d(syn)m(tax)i(and)d(the)h(seman)m(tics)g(of)f
+Fw(Pro)s(c)p Fu(.)429 844 y Ft(\017)48 b Fu(Extend)40
+b(the)e(algebraic)e(data)h(t)m(yp)s(e)i Fr(stm)f Fu(with)f(the)h(new)h
+(forms)e(of)g(statemen)m(ts)i(and)527 964 y(de\014ne)44
+b(algebraic)d(data)i(t)m(yp)s(es)h Fr(dec)p 1901 964
+31 4 v 38 w(V)e Fu(and)h Fr(dec)p 2385 964 V 38 w(P)g
+Fu(for)f(v)-5 b(ariable)41 b(declarations)h(and)527 1085
+y(pro)s(cedure)34 b(declarations.)429 1293 y Ft(\017)48
+b Fu(De\014ne)30 b(the)g(algebraic)d(t)m(yp)s(e)j Fr(loc)g
+Fu(to)f(b)s(e)h Fr(num)g Fu(suc)m(h)g(that)f(lo)s(cations)f(will)e(b)s
+(e)k(n)m(um)m(b)s(ers.)527 1413 y(De\014ne)j(the)g(function)742
+1621 y Fr(new)52 b(::)g(loc)g(->)g(loc)527 1829 y Fu(suc)m(h)34
+b(that)f Fr(new)g Fu(incremen)m(ts)g(its)f(argumen)m(t)g(b)m(y)i(one.)
+429 2037 y Ft(\017)48 b Fu(De\014ne)36 b(algebraic)e(t)m(yp)s(es)j
+Fr(env)p 1667 2037 V 38 w(V)e Fu(and)h Fr(env)p 2137
+2037 V 38 w(P)f Fu(corresp)s(onding)h(to)f Fw(En)m(v)3199
+2052 y Fn(V)3292 2037 y Fu(and)h Fw(En)m(v)3677 2052
+y Fn(P)3729 2037 y Fu(.)527 2158 y(De\014ne)d(the)g(function)742
+2366 y Fr(upd)p 901 2366 V 38 w(P)51 b(::)h(\(dec)p 1399
+2366 V 38 w(P,)g(env)p 1744 2366 V 37 w(V,)g(env)p 2088
+2366 V 38 w(P\))g(->)g(env)p 2587 2366 V 37 w(P)527 2574
+y Fu(corresp)s(onding)33 b(to)f(up)s(d)1438 2589 y Fn(P)1490
+2574 y Fu(.)429 2782 y Ft(\017)48 b Fu(Finally)-8 b(,)37
+b(w)m(e)j(need)f(a)f(t)m(yp)s(e)i Fr(store)f Fu(corresp)s(onding)g(to)f
+Fw(Store)p Fu(.)60 b(There)40 b(are)e(at)g(least)527
+2902 y(three)c(p)s(ossibilities:)40 b(One)33 b(p)s(ossibilit)m(y)e(is)h
+(to)g(de\014ne)742 3110 y Fr(loc')52 b(::=)g(Loc)g(loc)g
+Ft(j)f Fr(Next)742 3278 y(store)i(==)e(loc')i(->)e(z)527
+3486 y Fu(as)34 b(this)f(will)e(corresp)s(ond)j(closely)e(to)h(the)h
+(de\014nition)e(of)h Fw(Store)p Fu(.)45 b(Alternativ)m(ely)-8
+b(,)33 b(one)527 3606 y(ma)m(y)e(iden)m(tify)g(the)g(sp)s(ecial)f(tok)m
+(en)i(`next')h(with)d(lo)s(cation)f Fw(0)i Fu(and)g(then)h(simply)e
+(de\014ne)742 3814 y Fr(store)53 b(==)e(loc)h(->)g(z)527
+4022 y Fu(The)34 b(third)e(p)s(ossibilit)m(y)e(is)i(to)g(de\014ne)742
+4230 y Fr(store)53 b(==)e(\(loc)i(->)e(z,)h(loc\))527
+4439 y Fu(where)34 b(the)f(second)h(comp)s(onen)m(t)f(corresp)s(onds)h
+(to)e(the)h(v)-5 b(alue)32 b(of)g(`next'.)527 4603 y(Cho)s(ose)i(a)e
+(metho)s(d)g(that)g(seems)i(appropriate)d(to)i(y)m(ou.)1066
+b Fh(2)283 4838 y Fw(Exercise)37 b(C.7)49 b Fu(Finally)33
+b(w)m(e)j(turn)g(to)m(w)m(ards)h(the)f(transition)e(systems.)54
+b(W)-8 b(e)36 b(b)s(egin)e(b)m(y)j(im-)283 4958 y(plemen)m(ting)32
+b(the)h(transition)e(system)i(for)f(v)-5 b(ariable)31
+b(declarations:)429 5166 y Ft(\017)48 b Fu(De\014ne)34
+b(an)f(algebraic)f(data)h(t)m(yp)s(e)h Fr(config)p 2134
+5166 V 38 w(D)g Fu(for)e(the)i(con\014gurations)f(of)f(the)i(transi-)
+527 5286 y(tion)e(system)h(for)f(v)-5 b(ariable)31 b(declarations.)429
+5494 y Ft(\017)48 b Fu(Then)34 b(de\014ne)g(a)e(function)p
+eop
+%%Page: 227 237
+227 236 bop 0 130 a Fw(C.4)112 b(Pro)m(v)-6 b(ably)37
+b(correct)f(implemen)m(tation)1405 b(227)p 0 193 3473
+4 v 458 515 a Fr(ns)p 566 515 31 4 v 38 w(dec)p 757 515
+V 38 w(V)51 b(::)h(config)p 1357 515 V 38 w(D)g(->)g(config)p
+1958 515 V 38 w(D)244 717 y Fu(corresp)s(onding)32 b(to)h(the)g
+(relation)d Ft(!)1615 732 y Fn(D)1673 717 y Fu(.)0 915
+y(No)m(w)j(w)m(e)h(turn)f(to)f(the)h(transition)e(relation)f(for)i
+(statemen)m(ts:)145 1114 y Ft(\017)49 b Fu(De\014ne)33
+b(an)f(algebraic)f(data)h(t)m(yp)s(e)h Fr(config)p 1846
+1114 V 39 w(P)f Fu(corresp)s(onding)h(to)f(the)h(con\014gurations)244
+1234 y Ft(h)p Fs(S)12 b Fu(,)32 b Fs(sto)6 b Ft(i)32
+b Fu(and)h Fs(sto)39 b Fu(of)32 b(the)h(transition)e(system.)145
+1436 y Ft(\017)49 b Fu(Next)33 b(de\014ne)h(a)e(function)458
+1637 y Fr(ns)p 566 1637 V 38 w(stm)52 b(::)g(\(env)p
+1167 1637 V 38 w(V,)g(env)p 1512 1637 V 37 w(P\))g(->)g(config)p
+2163 1637 V 38 w(P)g(->)g(config)p 2764 1637 V 38 w(P)244
+1839 y Fu(corresp)s(onding)32 b(to)h(the)g(transition)e(relation)f
+Ft(!)p Fu(.)0 2037 y(Finally)g(de\014ne)k(a)e(function)244
+2236 y Fr(s)p 301 2236 V 37 w(ns)52 b(::)g(stm)g(->)g(store)g(->)g
+(store)0 2434 y Fu(that)28 b(calls)g Fr(ns)p 529 2434
+V 37 w(stm)i Fu(with)e(appropriately)g(initialized)c(en)m(vironmen)m
+(ts.)44 b(Use)29 b(the)g(function)f(on)0 2554 y(v)-5
+b(arious)35 b(example)g(statemen)m(ts)i(in)d(order)i(to)f(ensure)i
+(that)f(the)g(implemen)m(tation)c(w)m(orks)37 b(as)0
+2675 y(in)m(tended.)3006 b Fh(2)0 2896 y Fw(Exercise)36
+b(C.8)49 b Fu(Mo)s(dify)37 b(the)g(implemen)m(tation)d(ab)s(o)m(v)m(e)k
+(to)f(use)h(dynamic)f(scop)s(e)h(rules)f(for)0 3017 y(v)-5
+b(ariable)31 b(declarations)g(as)i(w)m(ell)f(as)h(pro)s(cedure)g
+(declarations.)1062 b Fh(2)146 3238 y Fu(It)33 b(is)g(more)f
+(problematic)f(to)i(extend)i(the)e(implemen)m(tation)d(to)j(handle)f
+(the)i(constructs)0 3359 y(of)e(Section)h(2.4:)0 3580
+y Fw(Exercise)j(C.9)49 b Fu(Discuss)26 b(ho)m(w)f(to)g(extend)h(the)f
+(implemen)m(tation)d(of)i(the)h(natural)f(seman)m(tics)0
+3700 y(in)32 b(Section)g(C.1)h(to)f(incorp)s(orate)g(the)h(constructs)h
+(considered)f(in)f(Section)h(2.4.)407 b Fh(2)0 3922 y
+Fw(Exercise)36 b(C.10)49 b Fu(Discuss)28 b(ho)m(w)h(to)e(extend)i(the)g
+(implemen)m(tation)24 b(of)j(the)h(structural)g(op)s(er-)0
+4042 y(ational)21 b(seman)m(tics)j(of)f(Section)g(C.2)h(to)g(incorp)s
+(orate)e(the)i(constructs)h(considered)g(in)e(Section)0
+4163 y(2.4.)3246 b Fh(2)0 4495 y Fj(C.4)160 b(Pro)l(v)-9
+b(ably)55 b(correct)d(implemen)l(tation)0 4714 y Fu(Rather)32
+b(than)g(presen)m(ting)g(a)g(fully)e(w)m(ork)m(ed)k(out)d
+Fw(Miranda)i Fu(script)e(w)m(e)i(shall)e(pro)m(vide)h(exer-)0
+4834 y(cises)h(sho)m(wing)g(ho)m(w)g(to)g(dev)m(elop)g(an)f(implemen)m
+(tation)e(corresp)s(onding)i(to)g(Chapter)i(3.)0 5055
+y Fw(Exercise)i(C.11)49 b Fu(W)-8 b(e)38 b(need)h(some)f(data)f(t)m(yp)
+s(es)j(to)d(represen)m(t)j(the)e(con\014gurations)g(of)f(the)0
+5176 y(mac)m(hine:)145 5374 y Ft(\017)49 b Fu(De\014ne)27
+b(an)g(algebraic)e(data)h(t)m(yp)s(e)h Fr(am)p 1613 5374
+V 38 w(ins)g Fu(for)f(represen)m(ting)i(instructions)e(and)h(de\014ne)
+244 5494 y(the)33 b(t)m(yp)s(e)g(synon)m(ym)p eop
+%%Page: 228 238
+228 237 bop 251 130 a Fw(228)1420 b(C)112 b(Op)s(erational)37
+b(Seman)m(tics)g(in)g(Miranda)p 251 193 3473 4 v 742
+515 a Fr(am)p 850 515 31 4 v 37 w(code)53 b(==)f([am)p
+1451 515 V 37 w(ins])527 712 y Fu(for)32 b(represen)m(ting)i(co)s(de.)
+429 909 y Ft(\017)48 b Fu(De\014ne)34 b(an)g(algebraic)d(data)i(t)m(yp)
+s(e)i Fr(stack)p 2084 909 V 38 w(values)g Fu(represen)m(ting)f(the)g
+(elemen)m(ts)g(that)527 1029 y(ma)m(y)f(b)s(e)f(on)h(the)g(ev)-5
+b(aluation)31 b(stac)m(k)j(and)e(de\014ne)i(the)f(t)m(yp)s(e)h(synon)m
+(ym)742 1226 y Fr(stack)53 b(==)e([stack)p 1515 1226
+V 39 w(values])429 1423 y Ft(\017)d Fu(De\014ne)33 b(a)g(t)m(yp)s(e)g
+Fr(storage)i Fu(represen)m(ting)e(the)g(storage.)283
+1606 y(Finally)d(de\014ne)527 1790 y Fr(am)p 635 1790
+V 38 w(config)53 b(==)e(\(am)p 1338 1790 V 38 w(code,)i(stack,)g
+(storage\))283 1974 y Fu(for)32 b(the)i(con\014gurations)e(of)g
+Fw(AM)p Fu(.)2122 b Fh(2)283 2175 y Fw(Exercise)37 b(C.12)49
+b Fu(W)-8 b(e)38 b(can)g(then)g(turn)g(to)g(the)g(seman)m(tics)g(of)g
+(the)g(mac)m(hine)f(instructions.)283 2296 y(F)-8 b(or)32
+b(this)g(w)m(e)i(pro)s(ceed)f(in)f(three)i(stages:)429
+2479 y Ft(\017)48 b Fu(First)32 b(de\014ne)i(a)e(function)g
+Fr(am)p 1618 2479 V 38 w(step)h Fu(of)f(t)m(yp)s(e)742
+2676 y Fr(am)p 850 2676 V 37 w(step)53 b(::)f(am)p 1400
+2676 V 37 w(config)h(->)f(am)p 2052 2676 V 37 w(config)527
+2873 y Fu(implemen)m(ting)30 b(T)-8 b(able)32 b(3.1.)429
+3070 y Ft(\017)48 b Fu(W)-8 b(e)32 b(shall)d(also)h(b)s(e)h(in)m
+(terested)h(in)e(the)h(computation)f(sequences)k(of)c
+Fw(AM)h Fu(so)g(de\014ne)h(a)527 3190 y(function)742
+3387 y Fr(am)p 850 3387 V 37 w(comp)p 1091 3387 V 38
+w(seq)52 b(::)g(am)p 1590 3387 V 38 w(code)g(->)g(storage)h(->)f([am)p
+2755 3387 V 37 w(config])527 3584 y Fu(that)28 b(giv)m(en)g(a)f
+(sequence)k(of)c(instructions)g(and)h(an)g(initial)c(storage)j(will)f
+(construct)i(the)527 3704 y(corresp)s(onding)33 b(computation)e
+(sequence.)429 3901 y Ft(\017)48 b Fu(Finally)26 b(de\014ne)k(a)e
+(function)g Fr(run)h Fu(corresp)s(onding)g(to)f(the)h(function)f
+Ft(M)g Fu(of)g(Chapter)h(3.)283 4084 y(This)37 b(pro)m(vides)h(us)f
+(with)f(an)h(in)m(terpreter)g(for)f Fw(AM)p Fu(.)h(What)f(happ)s(ens)i
+(if)d(w)m(e)j(en)m(ter)g(a)e(stuc)m(k)283 4205 y(con\014guration?)2793
+b Fh(2)283 4407 y Fw(Exercise)37 b(C.13)49 b Fu(Finally)-8
+b(,)30 b(w)m(e)j(implemen)m(t)e(the)i(co)s(de)g(generation)f
+(functions:)429 4590 y Ft(\017)48 b Fu(De\014ne)33 b(functions)g
+(corresp)s(onding)f(to)h Ft(C)6 b(A)p Fu(,)32 b Ft(C)6
+b(B)36 b Fu(and)d Ft(C)6 b(S)i Fu(.)429 4787 y Ft(\017)48
+b Fu(De\014ne)33 b(a)g(function)f Fr(am)p 1401 4787 V
+37 w(stm)i Fu(corresp)s(onding)e(to)g(the)h(function)f
+Ft(S)2982 4802 y Fn(am)3080 4787 y Fu(.)283 4970 y(Apply)f(the)g
+(construction)f(to)g(a)h(couple)f(of)g(examples)g(to)g(v)m(erify)h
+(that)f(ev)m(erything)i(w)m(orks)g(as)283 5091 y(exp)s(ected.)2999
+b Fh(2)283 5293 y Fw(Exercise)37 b(C.14)49 b Fu(Mo)s(dify)31
+b(the)i(implemen)m(tation)c(to)j(use)h(the)g(abstract)f(mac)m(hine)g
+Fw(AM)3606 5308 y Fn(2)3677 5293 y Fu(of)283 5413 y(Exercises)j(3.8)d
+(and)h(3.17)f(rather)g(than)h Fw(AM)p Fu(.)1684 b Fh(2)p
+eop
+%%Page: 229 239
+229 238 bop 0 1181 a Fv(App)6 b(endix)77 b(D)0 1598 y(Denotational)h
+(Seman)-6 b(tics)77 b(in)0 1847 y(Miranda)0 2301 y Fu(In)40
+b(this)e(app)s(endix)i(w)m(e)g(implemen)m(t)d(the)j(denotational)d
+(seman)m(tics)j(of)e(Chapter)i(4)f(in)g Fw(Mi-)0 2422
+y(randa)50 b Fu(and)f(sho)m(w)h(ho)m(w)f(similar)c(tec)m(hniques)51
+b(can)e(b)s(e)g(used)h(to)e(implemen)m(t)f(the)i(static)0
+2542 y(program)31 b(analysis)h(of)g(Chapter)i(5.)146
+2664 y(W)-8 b(e)30 b(shall)d(need)k(the)e(de\014nitions)g(from)e(App)s
+(endix)j(B)f(so)g(w)m(e)h(b)s(egin)f(b)m(y)h(including)d(these:)0
+2881 y Fr(>)52 b(\045include)p 103 2902 411 4 v 53 w("appB")0
+3224 y Fj(D.1)161 b(Direct)53 b(st)l(yle)g(seman)l(tics)0
+3447 y Fu(In)28 b(the)h(implemen)m(tation)c(w)m(e)k(shall)d(rely)i(on)g
+(some)g(of)f(the)i(built-in)c(functions)j(of)g Fw(Miranda)p
+Fu(.)0 3567 y(In)44 b(particular,)h Fr(id)g Fu(is)e(the)i(iden)m(tit)m
+(y)e(function)h(and)g(`.')77 b(is)44 b(function)f(comp)s(osition.)75
+b(The)0 3687 y(auxiliary)30 b(function)j Fr(cond)g Fu(is)f(de\014ned)i
+(b)m(y)0 3901 y Fr(>)52 b(cond)g(\(p,)g(g1,)g(g2\))g(s)g(=)f(g1)h(s,)g
+(if)p 1487 3914 103 4 v 52 w(p)f(s)0 4069 y(>)1026 b(=)51
+b(g2)h(s,)g(if)p 1487 4082 V 52 w(~p)f(s)0 4281 y Fu(The)33
+b(theoretical)d(foundation)h(of)g Fw(Miranda)h Fu(is)f(closely)g
+(related)h(to)f(the)h(theory)g(dev)m(elop)s(ed)0 4402
+y(in)45 b(Chapter)j(4)d(\(although)h(it)f(is)h(outside)g(the)g(scop)s
+(e)h(of)f(this)g(b)s(o)s(ok)g(to)g(go)g(further)g(in)m(to)0
+4522 y(this\).)71 b(One)42 b(of)f(the)h(consequences)k(of)41
+b(this)h(is)f(that)g(the)i(\014xed)g(p)s(oin)m(t)e(op)s(eration)f(can)i
+(b)s(e)0 4642 y(implemen)m(ted)31 b(in)h(a)g(v)m(ery)i(simple)d(w)m(a)m
+(y:)0 4856 y Fr(>)52 b(fix)g(ff)f(=)h(ff)g(\(fix)g(ff\))0
+5068 y Fu(The)34 b(function)e Ft(S)650 5083 y Fn(ds)754
+5068 y Fu(can)h(no)m(w)g(b)s(e)g(implemen)m(ted)e(b)m(y)j(the)f
+(function)0 5282 y Fr(>)52 b(s)p 160 5282 31 4 v 37 w(ds)g(::)f(stm)h
+(->)g(state)h(->)f(state)0 5494 y Fu(A)33 b(straigh)m(tforw)m(ard)f
+(rewriting)f(of)h(T)-8 b(able)32 b(4.1)h(giv)m(es:)1663
+5849 y(229)p eop
+%%Page: 230 240
+230 239 bop 251 130 a Fw(230)1363 b(D)112 b(Denotational)36
+b(Seman)m(tics)h(in)g(Miranda)p 251 193 3473 4 v 283
+515 a Fr(>)52 b(s)p 443 515 31 4 v 37 w(ds)g(\(Ass)g(x)g(a\))g(s)f(=)h
+(update)h(s)e(\(a)p 1915 515 V 38 w(val)h(a)f(s\))h(x)283
+683 y(>)1026 b(where)p 1360 696 257 4 v 283 851 a(>)g(update)53
+b(s)e(v)h(x)g(y)f(=)h(v,)f(if)p 2385 864 103 4 v 52 w(x)h(=)f(y)283
+1018 y(>)1795 b(=)52 b(s)f(y,)h(otherwise)p 2488 1031
+462 4 v 283 1233 a(>)g(s)p 443 1233 31 4 v 37 w(ds)g(Skip)g(=)g(id)283
+1448 y(>)g(s)p 443 1448 V 37 w(ds)g(\(Comp)h(ss1)f(ss2\))g(=)f(\(s)p
+1607 1448 V 38 w(ds)h(ss2\))g(.)g(\(s)p 2260 1448 V 37
+w(ds)g(ss1\))283 1663 y(>)g(s)p 443 1663 V 37 w(ds)g(\(If)g(b)g(ss1)g
+(ss2\))g(=)f(cond)i(\(b)p 1864 1663 V 37 w(val)f(b,)g(s)p
+2311 1663 V 37 w(ds)g(ss1,)g(s)p 2809 1663 V 38 w(ds)f(ss2\))283
+1878 y(>)h(s)p 443 1878 V 37 w(ds)g(\(While)h(b)e(ss\))h(=)g(fix)g(ff)
+283 2045 y(>)1077 b(where)p 1411 2058 257 4 v 283 2213
+a(>)g(ff)52 b(g)g(=)f(cond)i(\(b)p 2135 2213 31 4 v 37
+w(val)f(b,)g(g)f(.)h(s)p 2787 2213 V 37 w(ds)g(ss,)g(id\))283
+2400 y Fw(Example)37 b(D.1)49 b Fu(Returning)34 b(to)h(the)g(factorial)
+e(statemen)m(t)i(w)m(e)h(can)g(apply)e(its)h(denotation)283
+2521 y(to)e(the)g(initial)c(state)k Fr(s)p 1149 2521
+V 37 w(init)g Fu(as)g(follo)m(ws:)283 2688 y Fr(>)52
+b(s)p 443 2688 V 37 w(final)h(=)e(s)p 941 2688 V 37 w(ds)h(factorial)i
+(s)p 1696 2688 V 37 w(init)1750 b Fh(2)283 2876 y Fw(Exercise)37
+b(D.2)49 b Fu(W)-8 b(e)41 b(ma)m(y)g(b)s(e)g(in)m(terested)h(in)f(the)g
+(v)-5 b(arious)40 b(iterands)h(of)g(the)g(\014xed)i(p)s(oin)m(t.)283
+2996 y(Rewrite)24 b(the)g(seman)m(tic)f(equations)h(ab)s(o)m(v)m(e)g
+(so)g(that)f(eac)m(h)h(\014xed)h(p)s(oin)m(t)d(is)h(unfolded)h(at)f
+(most)g(n)283 3117 y(times)28 b(where)h(n)f(is)g(an)g(additional)d
+(parameter)j(to)f(the)i(functions.)42 b(Giv)m(e)28 b(examples)g(sho)m
+(wing)283 3237 y(that)j(if)f(the)i(v)-5 b(alue)30 b(of)h(n)g(is)g
+(su\016cien)m(tly)h(large)d(then)j(w)m(e)g(get)f(the)h(same)f(result)g
+(as)g(ab)s(o)m(v)m(e.)76 b Fh(2)283 3425 y Fw(Exercise)37
+b(D.3)49 b Fu(Extend)34 b(the)f(de\014nition)e(ab)s(o)m(v)m(e)j(to)e
+(handle)g(the)h Fr(repeat)p Fu(-construct.)152 b Fh(2)283
+3752 y Fj(D.2)161 b(Extensions)53 b(of)g(While)283 3971
+y Fu(It)34 b(is)e(fairly)f(straigh)m(tforw)m(ard)i(to)g(extend)h(the)g
+(implemen)m(tation)c(to)j(handle)f(the)i(pro)s(cedure)283
+4091 y(language)e(and)h(the)g(exception)g(language)e(of)h(Section)h
+(4.5.)283 4279 y Fw(Exercise)k(D.4)49 b Fu(Mo)s(dify)33
+b(the)h(ab)s(o)m(v)m(e)g(implemen)m(tation)d(to)i(use)i(en)m(vironmen)m
+(ts)f(and)g(stores)283 4399 y(and)c(extend)g(it)f(to)f(implemen)m(t)g
+(the)h(seman)m(tics)h(of)e(the)i(language)e Fw(Pro)s(c)g
+Fu(of)h(Section)g(4.5.)74 b Fh(2)283 4587 y Fw(Exercise)37
+b(D.5)49 b Fu(Mo)s(dify)27 b(the)i(ab)s(o)m(v)m(e)g(implemen)m(tation)d
+(to)i(use)h(con)m(tin)m(uations)f(and)g(extend)283 4707
+y(it)k(to)g(handle)h(the)g(language)e Fw(Exc)h Fu(of)g(Section)h(4.5.)
+1472 b Fh(2)283 5035 y Fj(D.3)161 b(Static)54 b(program)f(analysis)283
+5254 y Fu(Rather)30 b(than)g(presen)m(ting)g(a)f(fully)f(w)m(ork)m(ed)k
+(out)d Fw(Miranda)h Fu(script)g(p)s(erforming)d(the)j(dep)s(en-)283
+5374 y(dency)44 b(analysis)d(w)m(e)i(shall)d(pro)m(vide)i(a)g(rather)g
+(detailed)e(list)h(of)g(instructions)g(for)h(ho)m(w)g(to)283
+5494 y(dev)m(elop)34 b(suc)m(h)g(an)e(implemen)m(tation.)p
+eop
+%%Page: 231 241
+231 240 bop 0 130 a Fw(D.3)112 b(Static)36 b(program)i(analysis)1864
+b(231)p 0 193 3473 4 v 0 515 a(Exercise)36 b(D.6)49 b
+Fu(The)43 b(\014rst)f(step)h(will)c(b)s(e)j(to)f(implemen)m(t)f(the)i
+(complete)f(lattices)g Fw(P)g Fu(and)0 636 y Fw(PState)32
+b Fu(and)h(the)g(op)s(erations)f(on)g(them:)145 839 y
+Ft(\017)49 b Fu(De\014ne)31 b(an)f(algebraic)f(data)h(t)m(yp)s(e)i
+Fr(property)h Fu(represen)m(ting)e(the)g(set)g Fw(P)f
+Fu(of)g(prop)s(erties)244 960 y(and)j(de\014ne)g(a)g(function)f
+Fr(p)p 1236 960 31 4 v 37 w(lub)h Fu(corresp)s(onding)g(to)f
+Ft(t)2265 975 y Fn(P)2317 960 y Fu(.)145 1163 y Ft(\017)49
+b Fu(De\014ne)g(a)f(t)m(yp)s(e)h(synon)m(ym)h Fr(pstate)g
+Fu(represen)m(ting)f(the)g(prop)s(ert)m(y)g(states.)92
+b(De\014ne)244 1283 y(the)42 b(sp)s(ecial)f(prop)s(ert)m(y)i(states)f
+Fb(init)g Fu(and)g Fb(lost)p Fu(.)72 b(De\014ne)42 b(a)g(function)f
+Fr(pstate)p 3286 1283 V 39 w(lub)244 1404 y Fu(corresp)s(onding)32
+b(to)h Ft(t)1056 1419 y Fn(PS)1147 1404 y Fu(.)2224 b
+Fh(2)0 1632 y Fw(Exercise)36 b(D.7)49 b Fu(W)-8 b(e)33
+b(can)f(then)h(turn)f(to)g(the)g(seman)m(tic)g(equations)g(de\014ning)g
+(the)h(analysis:)145 1835 y Ft(\017)49 b Fu(De\014ne)33
+b(the)g(functions)458 2039 y Fr(p)p 515 2039 V 38 w(aexp)52
+b(::)g(aexp)g(->)g(pstate)h(->)f(property)244 2242 y
+Fu(corresp)s(onding)32 b(to)h Ft(P)8 b(A)32 b Fu(and)458
+2446 y Fr(p)p 515 2446 V 38 w(bexp)52 b(::)g(bexp)g(->)g(pstate)h(->)f
+(property)244 2649 y Fu(corresp)s(onding)32 b(to)h Ft(P)8
+b(B)t Fu(.)145 2852 y Ft(\017)49 b Fu(De\014ne)33 b(the)g(auxiliary)d
+(function)j Fr(cond)p 1713 2852 V 37 w(P)g Fu(corresp)s(onding)g(to)f
+(cond)2774 2867 y Fn(P)2827 2852 y Fu(.)145 3056 y Ft(\017)49
+b Fu(De\014ne)33 b(the)g(function)458 3259 y Fr(p)p 515
+3259 V 38 w(stm)52 b(::)g(stm)g(->)f(pstate)i(->)f(pstate)244
+3463 y Fu(corresp)s(onding)36 b(to)g Ft(P)8 b(S)45 b
+Fu(of)36 b(T)-8 b(able)36 b(5.2.)54 b(\(Y)-8 b(ou)37
+b(ma)m(y)f(use)h(the)g(results)g(of)f(Section)g(5.4)244
+3583 y(for)c(this.\))2782 b Fh(2)0 3811 y Fw(Exercise)36
+b(D.8)49 b Fu(Implemen)m(t)35 b(the)h(algorithm)c(of)j(Section)h(5.2)f
+(and)h(apply)f(the)h(implemen-)0 3932 y(tation)31 b(to)h(a)h(couple)f
+(of)g(examples)h(to)f(v)m(erify)h(that)f(ev)m(erything)i(w)m(orks)g(as)
+f(exp)s(ected.)198 b Fh(2)p eop
+%%Page: 232 242
+232 241 bop 251 130 a Fw(232)1363 b(D)112 b(Denotational)36
+b(Seman)m(tics)h(in)g(Miranda)p 251 193 3473 4 v eop
+%%Page: 233 243
+233 242 bop 0 1180 a Fv(Bibliograph)-6 b(y)49 1632 y
+Fu([1])49 b(S.)40 b(Abramsky)-8 b(,)42 b(C.)f(Hankin:)58
+b Fs(A)n(bstr)-5 b(act)41 b(Interpr)-5 b(etation)41 b(of)h(De)-5
+b(clar)g(ative)40 b(L)-5 b(anguages)p Fu(,)201 1752 y(Ellis)30
+b(Horw)m(o)s(o)s(d)i(\(1987\).)49 1950 y([2])49 b(A.)39
+b(V.)g(Aho,)i(J.)f(E.)f(Hop)s(croft,)i(J.)e(D.)g(Ullman:)54
+b Fs(Data)41 b(Structur)-5 b(es)42 b(and)e(A)n(lgorithms)p
+Fu(,)201 2071 y(Addison{W)-8 b(esley)33 b(\(1982\).)49
+2269 y([3])49 b(A.)39 b(V.)g(Aho,)i(R.)e(Sethi,)i(J.)f(D.)e(Ullman:)55
+b Fs(Compilers:)g(Principles,)42 b(T)-7 b(e)i(chniques)39
+b(and)201 2389 y(T)-7 b(o)i(ols)p Fu(,)31 b(Addison{W)-8
+b(esley)33 b(\(1986\).)49 2587 y([4])49 b(K.)33 b(R.)g(Apt:)45
+b Fs(T)-7 b(en)35 b(Y)-7 b(e)i(ars)35 b(of)g(Ho)-5 b(ar)g(e's)36
+b(L)-5 b(o)g(gic:)45 b(A)36 b(Survey)g(|)f(Part)h(1)p
+Fu(,)e(A)m(CM)g(T)-8 b(oplas)33 b Fw(3)201 2707 y Fu(4)f(\(1981\).)49
+2905 y([5])49 b(J.)25 b(W.)h(de)h(Bakk)m(er:)41 b Fs(Mathematic)-5
+b(al)28 b(The)-5 b(ory)28 b(of)h(Pr)-5 b(o)g(gr)g(am)28
+b(Corr)-5 b(e)g(ctness)p Fu(,)26 b(Pren)m(tice-Hall)201
+3026 y(\(1980\).)49 3224 y([6])49 b(D.)36 b(Cl)m(\023)-46
+b(emen)m(t,)38 b(J.)g(Desp)s(eyroux,)h(T.)f(Desp)s(eyroux,)i(G.)d
+(Kahn:)52 b(A)37 b(simple)f(applicativ)m(e)201 3344 y(language:)57
+b(Mini-ML,)39 b Fs(Pr)-5 b(o)g(c)g(e)g(e)g(dings)41 b(of)h(the)g(1986)f
+(A)n(CM)h(Confer)-5 b(enc)g(e)41 b(on)g(Lisp)h(and)201
+3464 y(F)-7 b(unctional)33 b(Pr)-5 b(o)g(gr)g(amming)31
+b Fu(\(1986\).)49 3662 y([7])49 b(J.)i(Desp)s(eyroux:)83
+b(Pro)s(of)51 b(of)h(translation)d(in)i(natural)g(seman)m(tics,)57
+b Fs(Pr)-5 b(o)g(c)g(e)g(e)g(dings)51 b(of)201 3783 y(Symp)-5
+b(osium)37 b(on)g(L)-5 b(o)g(gic)37 b(in)h(Computer)f(Scienc)-5
+b(e)p Fu(,)36 b(Cam)m(bridge,)g(Massac)m(h)m(usetts,)k(USA)201
+3903 y(\(1986\).)49 4101 y([8])49 b(M.)33 b(J.)g(C.)g(Gordon:)43
+b Fs(The)35 b(Denotational)f(Description)g(of)h(Pr)-5
+b(o)g(gr)g(amming)33 b(L)-5 b(anguages,)201 4221 y(A)n(n)34
+b(Intr)-5 b(o)g(duction)p Fu(,)32 b(Springer-V)-8 b(erlag)31
+b(\(1979\).)49 4419 y([9])49 b(M.)c(Hennessy:)71 b Fs(The)46
+b(Semantics)f(of)h(Pr)-5 b(o)g(gr)g(amming)45 b(L)-5
+b(anguages:)67 b(A)n(n)46 b(Elementary)201 4540 y(Intr)-5
+b(o)g(duction)34 b(using)g(Structur)-5 b(al)36 b(Op)-5
+b(er)g(ational)34 b(Semantics)p Fu(,)d(Wiley)h(\(1991\).)0
+4738 y([10])49 b(C.)g(B.)g(Jones:)77 b Fs(Softwar)-5
+b(e)50 b(Development:)73 b(A)50 b(R)n(igor)-5 b(ous)49
+b(Appr)-5 b(o)g(ach)p Fu(,)53 b(Pren)m(tice-Hall)201
+4858 y(\(1980\).)0 5056 y([11])c(J.)54 b(Lo)s(ec)m(kx,)62
+b(K.)54 b(Sieb)s(er:)88 b Fs(The)54 b(F)-7 b(oundations)54
+b(of)h(Pr)-5 b(o)g(gr)g(am)54 b(V)-7 b(eri\014c)i(ation)p
+Fu(,)59 b(Wiley{)201 5176 y(T)-8 b(eubner)34 b(Series)f(in)e(Computer)i
+(Science)g(\(1984\).)0 5374 y([12])49 b(H.)34 b(R.)h(Nielson:)47
+b(A)35 b(Hoare-lik)m(e)f(pro)s(of)f(system)j(for)e(run-time)g(analysis)
+g(of)g(programs,)201 5494 y Fs(Scienc)-5 b(e)33 b(of)i(Computer)f(Pr)-5
+b(o)g(gr)g(amming)p Fu(,)32 b(v)m(ol)g(9)g(\(1987\).)1663
+5849 y(233)p eop
+%%Page: 234 244
+234 243 bop 251 130 a Fw(234)2676 b(Bibliograph)m(y)p
+251 193 3473 4 v 283 515 a Fu([13])49 b(F.)29 b(Nielson,)g(H.)g(R.)h
+(Nielson:)40 b(Tw)m(o-lev)m(el)30 b(seman)m(tics)f(and)h(co)s(de)f
+(generation,)g Fs(The)-5 b(or)g(et-)484 636 y(ic)g(al)34
+b(Computer)h(Scienc)-5 b(e)p Fu(,)31 b(v)m(ol)h(56)h(\(1988\).)283
+839 y([14])49 b(G.)22 b(D.)f(Plotkin:)38 b Fs(A)25 b(Structur)-5
+b(al)27 b(appr)-5 b(o)g(ach)24 b(to)h(Op)-5 b(er)g(ational)25
+b(Semantics)p Fu(,)e(Lecture)g(notes,)484 960 y(D)m(AIMI)33
+b(FN-19,)f(Aarh)m(us)h(Univ)m(ersit)m(y)-8 b(,)33 b(Denmark)f(\(1981,)g
+(reprin)m(ted)h(1991\).)283 1163 y([15])49 b(G.)34 b(D.)f(Plotkin:)45
+b(An)35 b(op)s(erational)c(seman)m(tics)k(for)e(CSP)-8
+b(,)35 b(in:)46 b Fs(F)-7 b(ormal)34 b(Description)h(of)484
+1283 y(Pr)-5 b(o)g(gr)g(amming)28 b(Conc)-5 b(epts)29
+b(II)p Fu(,)d(Pro)s(ceedings)i(of)e(TC-2)h(W)-8 b(ork.)28
+b(Conf.)f(\(ed.)g(D.)g(Bj\034rner\),)484 1404 y(North{Holland)k
+(\(1982\).)283 1607 y([16])49 b(D.)32 b(A.)h(Sc)m(hmidt:)44
+b Fs(Denotational)33 b(Semantics:)44 b(a)35 b(Metho)-5
+b(dolo)g(gy)35 b(for)g(L)-5 b(anguage)34 b(Devel-)484
+1727 y(opment)p Fu(,)e(Allyn)f(&)i(Bacon,)g(Inc.)g(\(1986\).)283
+1931 y([17])49 b(J.)42 b(E.)h(Sto)m(y:)63 b Fs(Denotational)42
+b(Semantics:)62 b(The)43 b(Sc)-5 b(ott{Str)g(achey)43
+b(Appr)-5 b(o)g(ach)43 b(to)h(Pr)-5 b(o-)484 2051 y(gr)g(amming)34
+b(L)-5 b(anguage)34 b(The)-5 b(ory)p Fu(,)32 b(MIT)i(Press)g(\(1977\).)
+p eop
+%%Page: 235 245
+235 244 bop 0 974 a Fv(Index)77 b(of)h(Sym)-6 b(b)6 b(ols)0
+1446 y Fu(\()p Fw(P)p Fu(,)32 b Ft(v)251 1461 y Fn(P)304
+1446 y Fu(\),)g(136)0 1567 y(\()p Fw(PState)p Fu(,)g
+Ft(v)506 1582 y Fn(PS)598 1567 y Fu(\),)h(140)0 1687
+y(\()p Fw(PState)f Ft(!)g Fw(PState)p Fu(,)g Ft(v)p Fu(\),)i(148)0
+1807 y(\()p Fw(State)f Fo(,)-17 b Ft(!)32 b Fw(State)p
+Fu(,)h Ft(v)p Fu(\),)g(93)0 1928 y(\()p Fs(D)9 b Fu(,)33
+b Ft(v)258 1943 y Fc(D)322 1928 y Fu(\),)g(95)0 2124
+y Ft(\001)17 b(\001)g(\001)n Fu([)p Ft(\001)g(\001)g(\001)o(7\000)-17
+b(!\001)17 b(\001)g(\001)n Fu(],)33 b(51)0 2244 y Ft(\001)17
+b(\001)g(\001)n Fu([)p Ft(\001)g(\001)g(\001)o(7!\001)g(\001)g(\001)m
+Fu(],)33 b(16,)f(17,)g(177,)g(214)0 2365 y Ft(\001)17
+b(\001)g(\001)n(\021)33 b(\001)17 b(\001)g(\001)n Fu(rel)p
+342 2378 109 4 v 32 w Ft(\001)g(\001)g(\001)o Fu(,)32
+b(137,)g(138)0 2485 y Ft(\001)17 b(\001)g(\001)n(`)33
+b(\001)17 b(\001)g(\001)n(!)32 b(\001)17 b(\001)g(\001)n
+Fu(,)33 b(54,)f(58)0 2605 y Ft(\016)p Fu(,)g(214)0 2726
+y Ft(\005)p Fu(,)f(215)0 2846 y Fo(,)-17 b Ft(!)p Fu(,)33
+b(213)0 2966 y Ft(!)p Fu(,)f(213)0 3087 y Fh(\003)p Fu(,)h(64)0
+3207 y Ft(\))p Fu(,)f(32)0 3328 y Ft(!)p Fu(,)g(20)0
+3448 y Ft(!)100 3412 y Fc(t)129 3448 y Fu(,)h(202)0 3568
+y Ft(!)100 3583 y Fc(D)164 3568 y Fu(,)f(51,)g(58)0 3689
+y Ft(!)100 3704 y Fn(Aexp)264 3689 y Fu(,)h(31)0 3809
+y Ft(!)100 3824 y Fn(Bexp)262 3809 y Fu(,)f(32)0 3930
+y Ft(t)p Fu(,)h(136)0 3983 y Fg(F)69 4050 y Fu(,)g(97,)f(99,)g(136,)g
+(140,)g(148)0 4170 y Ft(?)p Fu(,)h(95)0 4291 y Ft(v)p
+Fu(,)g(95,)f(136,)g(140,)g(148)0 4411 y Ft(w)p Fu(,)h(95)0
+4531 y Ft(`)p Fu(,)f(180,)g(192,)g(203)0 4652 y Ft(j)-17
+b Fu(=,)33 b(184,)e(191,)h(203)0 4772 y Ft(:)p Fu(,)h(177)0
+4893 y Ft(_)p Fu(,)g(177)0 5013 y Ft(^)p Fu(,)g(177)0
+5133 y Ft(\))p Fu(,)f(177)0 5254 y Ft(f)g Fs(P)43 b Ft(g)33
+b Fs(S)44 b Ft(f)32 b Fs(Q)42 b Ft(g)p Fu(,)32 b(176)0
+5374 y Ft(f)g Fs(P)43 b Ft(g)33 b Fs(S)44 b Ft(f)32 b(+)h
+Fs(Q)41 b Ft(g)p Fu(,)33 b(191)0 5494 y Ft(f)f Fs(P)43
+b Ft(g)33 b Fs(S)44 b Ft(f)32 b Fs(e)40 b Ft(+)32 b Fs(Q)42
+b Ft(g)p Fu(,)33 b(202)1882 1446 y Fs(f)1932 1410 y Fn(n)1976
+1446 y Fu(,)f(104)1882 1567 y Fs(R)1957 1531 y Fi(\003)1996
+1567 y Fu(,)h(215)1882 1688 y Fs(R)1957 1652 y Fn(+)2016
+1688 y Fu(,)f(215)1882 1899 y Ft(A)o Fu(,)h(12)1882 2020
+y Ft(B)s Fu(,)g(14)1882 2141 y Ft(C)6 b(A)o Fu(,)33 b(70)1882
+2262 y Ft(C)6 b(B)s Fu(,)33 b(70)1882 2383 y Ft(C)6 b(S)i
+Fu(,)32 b(71)1882 2504 y Ft(D)1961 2467 y Fn(P)1961 2528
+y(ds)2032 2504 y Fu(,)h(121)1882 2624 y Ft(D)1961 2588
+y Fn(V)1961 2649 y(ds)2032 2624 y Fu(,)g(120)1882 2745
+y Ft(M)o Fu(,)g(68)1882 2866 y Ft(N)14 b Fu(,)33 b(9)1882
+2987 y Ft(O)s Fu(\()p Fs(g)9 b Fu(\),)32 b(214)1882 3108
+y Ft(P)8 b Fu(,)33 b(213)1882 3229 y Ft(P)8 b(A)p Fu(,)32
+b(142)1882 3349 y Ft(P)8 b(A)2039 3364 y Fc(X)2106 3349
+y Fu(,)33 b(161)1882 3470 y Ft(P)8 b(B)s Fu(,)33 b(142)1882
+3591 y Ft(P)8 b(B)2027 3606 y Fc(X)2095 3591 y Fu(,)32
+b(161)1882 3712 y Ft(P)8 b(S)g Fu(,)32 b(144)1882 3833
+y Ft(P)8 b(S)2027 3848 y Fc(X)2094 3833 y Fu(,)33 b(161)1882
+3954 y Ft(S)1949 3969 y Fn(am)2048 3954 y Fu(,)f(72)1882
+4075 y Ft(S)1949 4090 y Fn(cs)2013 4075 y Fu(,)g(130)1882
+4195 y Ft(S)1949 4159 y Fi(0)1949 4220 y Fn(cs)2013 4195
+y Fu(,)g(128)1882 4316 y Ft(S)1949 4331 y Fn(ds)2021
+4316 y Fu(,)g(85,)g(122)1882 4437 y Ft(S)1949 4401 y
+Fi(0)1949 4462 y Fn(ds)2021 4437 y Fu(,)g(119)1882 4558
+y Ft(S)1949 4573 y Fn(ns)2021 4558 y Fu(,)g(31)1882 4679
+y Ft(S)1949 4694 y Fn(sos)2044 4679 y Fu(,)h(39)1882
+4800 y Ft(T)25 b(A)p Fu(,)32 b(201)1882 4920 y Ft(T)25
+b(B)t Fu(,)32 b(201)1882 5132 y Fw(AM)p Fu(,)g(63)1882
+5253 y Fw(Aexp)p Fu(,)g(7)1882 5374 y Fw(Aexp)2139 5389
+y Fc(X)2206 5374 y Fu(,)h(161)1882 5494 y Fw(Bexp)p Fu(,)f(7)1663
+5849 y(235)p eop
+%%Page: 236 246
+236 245 bop 251 130 a Fw(236)2454 b(Index)38 b(of)g(Sym)m(b)s(ols)p
+251 193 3473 4 v 283 515 a(Bexp)535 530 y Fc(X)603 515
+y Fu(,)33 b(161)283 636 y Fw(Blo)s(c)m(k)p Fu(,)f(51)283
+756 y Fw(Co)s(de)p Fu(,)i(64)283 877 y Fw(Con)m(t)p Fu(,)f(127)283
+997 y Fw(Dec)470 1012 y Fn(P)522 997 y Fu(,)g(53,)f(117)283
+1117 y Fw(Dec)470 1132 y Fn(V)528 1117 y Fu(,)h(51,)f(117)283
+1238 y Fw(En)m(v)475 1253 y Fn(E)527 1238 y Fu(,)h(130)283
+1358 y Fw(En)m(v)475 1373 y Fn(P)527 1358 y Fu(,)g(54,)f(56,)g(58,)h
+(121)283 1478 y Fw(En)m(v)475 1493 y Fn(V)533 1478 y
+Fu(,)g(57,)f(118)283 1599 y Fw(Exc)p Fu(,)h(126)283 1719
+y Fw(Exception)p Fu(,)f(126)283 1840 y Fw(\013)p Fu(,)h(213)283
+1960 y Fw(Lo)s(c)p Fu(,)g(57,)g(118)283 2080 y Fw(N)p
+Fu(,)g(213)283 2201 y Fw(Num)p Fu(,)f(7)283 2321 y Fw(P)p
+Fu(,)h(136)283 2441 y Fw(PState)p Fu(,)g(137)283 2562
+y Fw(Pname)p Fu(,)g(53,)f(117)283 2682 y Fw(Pro)s(c)p
+Fu(,)g(52,)h(117)283 2803 y Fw(Stac)m(k)p Fu(,)g(64)283
+2923 y Fw(State)p Fu(,)g(12)283 3043 y Fw(State)538 3058
+y Fc(X)606 3043 y Fu(,)g(161)283 3164 y Fw(Stm)p Fu(,)f(7)283
+3284 y Fw(Stm)483 3299 y Fc(X)550 3284 y Fu(,)h(161)283
+3405 y Fw(Store)p Fu(,)g(57,)f(118)283 3525 y Fw(T)p
+Fu(,)h(213)283 3645 y Fw(tt)p Fu(,)f(213)283 3766 y Fw(V)-9
+b(ar)p Fu(,)33 b(7)283 3886 y Fw(While)p Fu(,)f(6)283
+4006 y Fw(Z)p Fu(,)i(213)283 4210 y Fs(a)7 b Fu(,)33
+b(7)283 4330 y Fs(b)6 b Fu(,)33 b(7)283 4451 y Fs(c)6
+b Fu(,)33 b(64,)f(127)283 4571 y Fs(D)366 4586 y Fc(P)425
+4571 y Fu(,)h(53,)f(117)283 4691 y Fs(D)366 4706 y Fc(V)427
+4691 y Fu(,)h(51,)f(117)283 4812 y Fs(e)7 b Fu(,)33 b(64,)g(126)283
+4932 y Fs(env)439 4947 y Fc(E)498 4932 y Fu(,)g(130)283
+5053 y Fs(env)439 5068 y Fc(P)497 5053 y Fu(,)g(54,)f(121)2165
+515 y Fs(env)2321 530 y Fc(V)2381 515 y Fu(,)h(57,)f(118)2165
+636 y Fs(n)7 b Fu(,)33 b(7)2165 756 y Fs(P)10 b Fu(,)33
+b(176)2165 877 y Fs(p)6 b Fu(,)33 b(53,)f(117,)g(136)2165
+997 y Fs(ps)8 b Fu(,)32 b(137)2165 1117 y Fs(S)12 b Fu(,)32
+b(7)2165 1238 y Fs(s)8 b Fu(,)33 b(12)2165 1358 y Fs(sto)6
+b Fu(,)33 b(57,)f(118)2165 1478 y Fs(Q)9 b Fu(,)33 b(176)2165
+1599 y Fs(x)12 b Fu(,)32 b(7)2165 1802 y Fb(d)p Fu(?,)h(135,)f(136)2165
+1923 y Fb(init)p Fu(,)h(141)2165 2043 y Fb(init)2345
+2058 y Fc(X)2413 2043 y Fu(,)f(163)2165 2163 y Fb(lost)p
+Fu(,)h(141)2165 2284 y Fb(ok)p Fu(,)g(135)2165 2487 y(cond,)g(87,)f
+(119)2165 2608 y(cond)2365 2623 y Fn(P)2418 2608 y Fu(,)g(145)2165
+2728 y(D)m(V,)h(51)2165 2848 y(extend)2448 2863 y Fc(X)2517
+2848 y Fu(,)f(161)2165 2969 y(FIX,)h(88,)f(97,)g(104,)g(146)2165
+3089 y(FV,)g(15,)h(16,)f(160)2165 3209 y(graph,)g(214)2165
+3330 y(I,)h(215)2165 3450 y(I)2200 3465 y Fc(p)2240 3450
+y Fu(,)f(215)2165 3571 y(I)2200 3586 y Fc(X)2268 3571
+y Fu(,)g(215)2165 3691 y(id,)g(214)2165 3811 y(lo)s(okup,)g(118)2165
+3932 y(new,)i(57,)e(118)2165 4052 y(next,)i(57,)e(118)2165
+4172 y(OK,)g(137)2165 4293 y(on-trac)m(k,)h(137)2165
+4413 y(up)s(d)2330 4428 y Fn(P)2382 4413 y Fu(,)g(54,)f(56,)g(58)2165
+4534 y(wlp,)g(186)2165 4737 y(rel)p 2165 4750 109 4 v
+-1 w(,)h(136{138)2165 4857 y(undef)p 2165 4870 236 4
+v 1 w(,)f(214)p eop
+%%Page: 237 247
+237 246 bop 0 974 a Fv(Index)0 1406 y Fr(abort)p Fu(-construct,)35
+b(44)0 1529 y(abstract)e(mac)m(hine,)f(63)0 1653 y(abstract)h(syn)m
+(tax,)h(7)0 1776 y(additiv)m(e)e(function,)g(163)0 1900
+y(admissible)f(predicate,)h(173)0 2023 y(an)m(ti-symmetric)f(relation,)
+f(95)0 2146 y(arithmetic)g(expression,)k(7)166 2270 y(analysis,)e(142)
+166 2393 y(execution)h(time,)f(201)166 2517 y(seman)m(tics,)h(12)166
+2640 y(translation,)e(70)0 2763 y Fr(assert)p Fu(-construct,)k(46)0
+2887 y(assertion,)e(175)0 3010 y(axiom,)e(20)0 3133 y(axiomatic)f
+(seman)m(tics,)j(178)0 3390 y(basis)g(elemen)m(t,)f(7)0
+3513 y Fr(begin)p Fu(-construct,)j(51,)d(117,)g(126)0
+3637 y(bisim)m(ulation)d(relation,)i(81)0 3760 y(b)s(o)s(olean)g
+(expression,)j(7)166 3884 y(analysis,)e(142)166 4007
+y(execution)h(time,)f(201)166 4130 y(seman)m(tics,)h(14)166
+4254 y(translation,)e(70)0 4510 y Fr(call)p Fu(-construct,)j(53,)f
+(117,)e(197)0 4634 y(call-b)m(y-v)-5 b(alue)30 b(parameter,)i(60,)h
+(126)0 4757 y(ccp)s(o,)g(99)0 4881 y(c)m(hain,)g(97)0
+5004 y(c)m(hain)40 b(complete)f(partially)e(ordered)k(set,)332
+5124 y(99)0 5248 y(co)s(de)33 b(generation,)f(69)0 5371
+y(complete)g(lattice,)f(99)0 5494 y(completeness,)i(183)2048
+1406 y(of)21 b(partial)e(correctness)24 b(inference)e(sys-)2214
+1526 y(tem,)32 b(187)2048 1648 y(of)i(total)g(correctness)k(inference)d
+(sys-)2214 1768 y(tem,)d(196)1882 1890 y(comp)s(osite)f(elemen)m(t,)h
+(7)1882 2011 y(comp)s(ositional)d(de\014nition,)i(11)1882
+2133 y(computation)g(sequence,)k(66)1882 2254 y(concrete)e(syn)m(tax,)i
+(7)1882 2376 y(con\014guration,)c(216)2048 2497 y(\014nal,)g(216)2048
+2619 y(stuc)m(k,)j(216)2048 2740 y(terminal,)c(216)1882
+2862 y(constan)m(t)j(propagation,)e(133)1882 2983 y(con)m(tin)m
+(uation,)g(127)1882 3105 y(con)m(tin)m(uation)g(st)m(yle)i(seman)m
+(tics,)g(127)1882 3226 y(con)m(tin)m(uous)g(function,)f(103)1882
+3348 y(correct)h(implemen)m(tation,)c(73)1882 3571 y(declared)j(v)-5
+b(ariable,)31 b(51)1882 3692 y(denotational)f(seman)m(tics,)j(85)2048
+3814 y(con)m(tin)m(uation)e(st)m(yle,)i(127)2048 3935
+y(direct)f(st)m(yle,)h(85)1882 4057 y(dep)s(endency)i(analysis,)d(134)
+1882 4178 y(deriv)-5 b(ation)30 b(sequence,)36 b(33)1882
+4300 y(deriv)-5 b(ation)30 b(tree,)k(22)1882 4421 y(detection)e(of)g
+(signs)h(analysis,)f(133)1882 4543 y(deterministic)e(seman)m(tics,)j
+(28,)f(38,)h(68)1882 4664 y(direct)f(st)m(yle)h(seman)m(tics,)g(85)1882
+4786 y(dubious,)f(135)1882 4907 y(dynamic)f(scop)s(e,)j(53)1882
+5130 y(equiv)-5 b(alence)32 b(relation,)f(141)1882 5252
+y(ev)-5 b(aluation)30 b(stac)m(k,)k(64)1882 5373 y(exception,)f(126)
+1882 5494 y(exception)g(en)m(vironmen)m(t,)g(130)1663
+5849 y(237)p eop
+%%Page: 238 248
+238 247 bop 251 130 a Fw(238)3028 b(Index)p 251 193 3473
+4 v 283 515 a Fu(expressiv)m(eness,)37 b(191)283 636
+y(extensional)c(approac)m(h,)g(177)283 837 y(\014xed)h(p)s(oin)m(t,)e
+(87)450 957 y(least,)g(97,)g(104)450 1078 y(requiremen)m(ts,)h(92,)f
+(97)283 1198 y(\014xed)i(p)s(oin)m(t)e(induction,)g(173)283
+1319 y(\014xed)i(p)s(oin)m(t)e(theory)-8 b(,)33 b(106)283
+1439 y(\015o)m(w)h(of)e(con)m(trol,)g(137)283 1559 y
+Fr(for)p Fu(-construct,)26 b(28,)d(36,)h(43,)f(72,)h(111,)f(117,)616
+1680 y(151,)31 b(182)283 1800 y(free)i(v)-5 b(ariable,)31
+b(15,)i(16,)f(160)283 1920 y(function)h(comp)s(osition,)d(214)283
+2041 y(functional)h(dep)s(endency)-8 b(,)35 b(134)283
+2242 y(graph)e(of)f(a)g(function,)g(214)283 2443 y Fr(handle)p
+Fu(-construct,)j(126)283 2645 y(iden)m(tit)m(y)e(function,)f(214)283
+2765 y(iden)m(tit)m(y)h(relation,)e(215)283 2886 y(induction,)h(10)450
+3006 y(\014xed)h(p)s(oin)m(t,)f(173)450 3126 y(on)38
+b(the)h(length)e(of)h(computation)f(se-)616 3247 y(quences,)e(67)450
+3367 y(on)21 b(the)h(length)g(of)f(deriv)-5 b(ation)20
+b(sequences,)616 3487 y(37)450 3608 y(on)42 b(the)h(shap)s(e)g(of)f
+(deriv)-5 b(ation)41 b(trees,)616 3728 y(28)450 3849
+y(on)52 b(the)g(shap)s(e)h(of)f(inference)h(trees,)616
+3969 y(183)450 4089 y(structural,)32 b(11)283 4210 y(inference)i
+(system,)f(178)450 4330 y(for)f(execution)h(time,)e(200)450
+4451 y(for)h(partial)e(correctness,)35 b(178)450 4571
+y(for)d(total)f(correctness,)j(191)283 4691 y(inference)g(tree,)f(180)
+283 4812 y(injectiv)m(e)g(function,)f(214)283 4932 y(input)h(v)-5
+b(ariable,)31 b(134)283 5052 y(instructions,)i(64)283
+5173 y(in)m(tensional)e(approac)m(h,)j(177,)e(190)283
+5293 y(in)m(v)-5 b(arian)m(t,)32 b(179,)g(192)283 5494
+y(Kripk)m(e-relation,)f(141)2165 515 y(least)h(elemen)m(t,)h(95)2165
+636 y(least)f(\014xed)i(p)s(oin)m(t,)e(97,)g(104)2165
+758 y(least)g(upp)s(er)h(b)s(ound,)g(97)2165 879 y(lo)s(cal)d(v)-5
+b(ariable,)31 b(51)2165 1000 y(lo)s(cation,)f(57,)i(118)2165
+1121 y(logical)d(v)-5 b(ariable,)31 b(176)2165 1242 y(lo)s(oping)f
+(computation)h(sequence,)36 b(66)2165 1363 y(lo)s(oping)30
+b(execution,)j(25,)g(36)2165 1579 y(monotone)f(function,)g(100)2165
+1700 y(m)m(utual)f(recursiv)m(e)j(pro)s(cedure,)g(60)2165
+1916 y(natural)d(seman)m(tics,)i(20)2165 2037 y(non-determinism,)d(46,)
+j(197)2165 2158 y(non-recursiv)m(e)h(pro)s(cedure,)f(56,)f(122,)g(197)
+2165 2279 y(n)m(um)m(b)s(er,)h(9)2165 2400 y(n)m(umeral,)f(7,)g(11)2165
+2616 y Fr(or)p Fu(-construct,)i(46,)e(197)2165 2737 y(order)h(of)f
+(magnitude,)f(214)2165 2858 y(order)d(of)g(magnitude)f(of)h(execution)h
+(time,)2497 2979 y(200)2165 3100 y(ordering,)j(93)2331
+3221 y(an)m(ti-symmetry)-8 b(,)32 b(95)2331 3342 y(on)h
+Fw(P)p Fu(,)f(136)2331 3463 y(on)h Fw(PState)p Fu(,)f(140)2331
+3584 y(on)h Fw(PState)f Ft(!)g Fw(PState)p Fu(,)g(148)2331
+3705 y(on)h Fw(State)f Fo(,)-17 b Ft(!)33 b Fw(State)p
+Fu(,)f(93)2331 3826 y(re\015exivit)m(y)-8 b(,)33 b(95,)f(141)2331
+3947 y(symmetry)-8 b(,)33 b(141)2331 4068 y(transitivit)m(y)-8
+b(,)31 b(95,)h(141)2165 4190 y(output)h(v)-5 b(ariable,)31
+b(134)2165 4405 y Fr(par)p Fu(-construct,)j(48)2165 4526
+y(parallelism,)29 b(48)2165 4648 y(parameterized)j(relation,)f(141)2165
+4769 y(partial)f(correctness,)35 b(169,)d(175)2331 4890
+y(axiomatic)e(seman)m(tics,)j(178)2331 5011 y(denotational)e(seman)m
+(tics,)i(172)2331 5132 y(natural)e(seman)m(tics,)i(169)2331
+5253 y(structural)45 b(op)s(erational)e(seman)m(tics,)2497
+5373 y(172)2165 5494 y(partial)30 b(function,)i(213)p
+eop
+%%Page: 239 249
+239 248 bop 0 130 a Fw(Index)3028 b(239)p 0 193 3473
+4 v 0 515 a Fu(partially)30 b(ordered)j(set,)h(95)0 636
+y(p)s(ostcondition,)d(176)0 756 y(precondition,)h(176)0
+877 y(predicate,)h(215)0 997 y Fr(proc)p Fu(-construct,)h(53,)f(117,)e
+(197)0 1117 y(pro)s(cedure)j(declaration,)d(53,)h(117,)g(121)0
+1238 y(pro)s(cedure)23 b(en)m(vironmen)m(t,)h(54,)g(56,)f(58,)g(121)0
+1358 y(pro)s(cedure)34 b(name,)e(53,)g(117)0 1478 y(program)f(v)-5
+b(ariable,)31 b(176)0 1599 y(prop)s(ert)m(y)-8 b(,)33
+b(135)0 1719 y(prop)s(ert)m(y)g(state,)g(137)166 1840
+y(improp)s(er,)e(138)166 1960 y(prop)s(er,)i(138)0 2080
+y Fr(protect)p Fu(-construct,)i(50)0 2201 y(pro)m(v)-5
+b(abilit)m(y)d(,)31 b(180)166 2321 y(in)21 b(execution)h(time)f
+(inference)h(system,)332 2441 y(203)166 2562 y(in)f(partial)f
+(correctness)j(inference)g(sys-)332 2682 y(tem,)32 b(180)166
+2803 y(in)i(total)f(correctness)k(inference)e(sys-)332
+2923 y(tem,)d(192)0 3043 y(pro)m(v)-5 b(ably)32 b(equiv)-5
+b(alence,)33 b(182)0 3246 y Fr(raise)p Fu(-construct,)i(126)0
+3366 y Fr(random)p Fu(-construct,)g(48)0 3486 y(recurrence)f(equation,)
+f(205,)f(207)0 3607 y(recursiv)m(e)i(pro)s(cedure,)g(54,)e(56,)g(125,)g
+(198)0 3727 y(re\015exiv)m(e)i(ordering,)e(141)0 3848
+y(re\015exiv)m(e)i(relation,)d(95)0 3968 y(re\015exiv)m(e)j(transitiv)m
+(e)e(closure,)h(215)0 4088 y(relation,)e(215)0 4209 y(relation)g(comp)s
+(osition,)f(215)0 4329 y Fr(repeat)p Fu(-construct,)43
+b(28,)e(30,)f(36,)h(39,)f(43,)332 4450 y(72,)24 b(81,)f(111,)g(112,)h
+(117,)f(129,)g(151,)332 4570 y(160,)43 b(182,)g(183,)g(186,)g(190,)h
+(194,)332 4690 y(196,)32 b(208)0 4811 y(rule,)g(20)0
+4931 y(rule)g(of)g(consequence,)k(180)0 5133 y(safet)m(y)e(of)e(static)
+g(analysis,)g(153,)g(159)0 5254 y(seman)m(tic)g(clause,)h(9)0
+5374 y(seman)m(tic)f(equation,)h(9)0 5494 y(seman)m(tic)f(equiv)-5
+b(alence,)33 b(26,)f(39,)h(112)1882 515 y(seman)m(tic)f(function,)g(9)
+1882 638 y(soundness,)i(183)2048 760 y(of)21 b(execution)h(time)f
+(inference)h(system,)2214 880 y(208)2048 1003 y(of)f(partial)e
+(correctness)24 b(inference)e(sys-)2214 1123 y(tem,)32
+b(184)2048 1245 y(of)i(total)g(correctness)k(inference)d(sys-)2214
+1366 y(tem,)d(194)1882 1488 y(state,)h(12)1882 1610 y(statemen)m(t,)g
+(7)2048 1732 y(analysis,)f(144)2048 1855 y(execution)h(time,)e(202)2048
+1977 y(seman)m(tics,)h(31,)h(39,)f(85)2048 2099 y(translation,)e(71)
+1882 2221 y(static)i(scop)s(e,)h(53,)f(117)1882 2344
+y(storage,)g(64)1882 2466 y(store,)h(57,)f(118)1882 2588
+y(strict)g(function,)g(103)1882 2710 y(strongest)h(p)s(ostcondition,)e
+(187,)h(190)1882 2833 y(structural)g(induction,)g(11)1882
+2955 y(structural)g(op)s(erational)e(seman)m(tics,)j(32)1882
+3077 y(stuc)m(k)h(con\014guration,)e(216)1882 3199 y(substitution,)g
+(16,)g(17,)g(51)1882 3322 y(symmetric)f(ordering,)h(141)1882
+3558 y(terminating)19 b(computation)h(sequence,)27 b(66)1882
+3680 y(terminating)j(execution,)j(25,)f(36)1882 3803
+y(total)f(correctness,)j(169)2048 3925 y(axiomatic)c(seman)m(tics,)j
+(191)1882 4047 y(total)e(function,)h(213)1882 4169 y(transition)e
+(relation,)h(216)1882 4292 y(transition)f(system,)k(216)1882
+4414 y(transitiv)m(e)e(ordering,)f(141)1882 4536 y(transitiv)m(e)h
+(relation,)e(95)1882 4773 y(upp)s(er)j(b)s(ound,)f(97)1882
+5009 y(v)-5 b(alidit)m(y)d(,)30 b(184)2048 5131 y(in)21
+b(execution)h(time)e(inference)j(system,)2214 5252 y(203)2048
+5374 y(in)e(partial)e(correctness)24 b(inference)e(sys-)2214
+5494 y(tem,)32 b(184)p eop
+%%Page: 240 250
+240 249 bop 251 130 a Fw(240)3028 b(Index)p 251 193 3473
+4 v 450 515 a Fu(in)33 b(total)g(correctness)k(inference)e(sys-)616
+636 y(tem,)d(191)283 756 y Fr(var)p Fu(-construct,)j(51,)d(117)283
+877 y(v)-5 b(ariable,)31 b(7)283 997 y(v)-5 b(ariable)31
+b(declaration,)g(51,)i(117,)e(120)283 1117 y(v)-5 b(ariable)31
+b(en)m(vironmen)m(t,)i(57,)f(118)283 1321 y(w)m(eak)m(est)j(lib)s(eral)
+30 b(precondition,)i(187)p eop
+%%Trailer
+end
+userdict /end-hook known{end-hook}if
+%%EOF
-- 
cgit v1.2.3